Test Verifier Simplifications

Deviations from the production EUDI specification

Authologic verifier was configured to for testing purposes and the following simplifications were applied compared to a production-grade EUDI verifier compliant with the ARF 1.4 specification.

Issuer Trust & Certificates

Issuer certificate validation relaxed
When SD-JWT-VC signature verification fails due to an untrusted issuer certificate, the credential is still accepted after re-validation without signature checking. This allows testing with wallets that use self-signed or non-production certificates.
Security Validation
Trust sources are not validated
The issuer certificate is not validated against the keystores, which means that all X.509 certificate chains are accepted regardless of the issuing CA.
Security Validation
Certificate revocation checking disabled
PKIX certificate path validation runs with revocation checking disabled CRL and OCSP checks are skipped for both mso_mdoc and SD-JWT-VC certificate chains.
Validation

Credential Validation

Type metadata policy set to not-used
SD-JWT-VC type metadata resolution and validation policy is not used. The verifier does not fetch or validate the credential type metadata document from the issuer.
Validation
Digital Credentials API validation incomplete
The DC API response decoding and validation paths are not fully enabled.
Validation
Verifier X.509 Certificate (PEM)

The X.509 certificate used by this verifier for OpenID4VP requests (x509_san_dns client ID method). 

-----BEGIN CERTIFICATE-----
MIIClzCCAj6gAwIBAgIUN8ilrsD3z/GdAtRss8ZauIptoSUwCgYIKoZIzj0EAwIw
gYQxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tpZTEPMA0GA1UEBwwG
V2Fyc2F3MRMwEQYDVQQKDApBdXRob2xvZ2ljMREwDwYDVQQLDAhWZXJpZmllcjEm
MCQGA1UEAwwddmVyaWZpZXIuZGV2ZWwuYXV0aG9sb2dpYy5jb20wHhcNMjYwMjIz
MTIyODE4WhcNMjcwMjIzMTIyODE4WjCBhDELMAkGA1UEBhMCUEwxFDASBgNVBAgM
C01hem93aWVja2llMQ8wDQYDVQQHDAZXYXJzYXcxEzARBgNVBAoMCkF1dGhvbG9n
aWMxETAPBgNVBAsMCFZlcmlmaWVyMSYwJAYDVQQDDB12ZXJpZmllci5kZXZlbC5h
dXRob2xvZ2ljLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDndzENVECsj
NOcY7xZjLVw9q9WgNzOv0B7Ba9hxcin+FEa9FNCuIVOMWtYZhdeh/NVn9s9mbjbx
/Ak4XZfuO82jgYswgYgwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFB7KBw+B5xgRhuUUK7ktHEkGc7lJMB8GA1UdIwQYMBaAFB7KBw+B5xgR
huUUK7ktHEkGc7lJMCgGA1UdEQQhMB+CHXZlcmlmaWVyLmRldmVsLmF1dGhvbG9n
aWMuY29tMAoGCCqGSM49BAMCA0cAMEQCIEx7YjQP1QKik0bG90iLuP3+VG+/44EY
H3jrNwtSsd52AiAORJyqaFYvO5L8Wg01DFXYICumvhMZmrluzuOggqQVXg==
-----END CERTIFICATE-----
Reader Certificate (PEM)

The reader certificate used by this verifier for Digital Credentials API (DC API) requests. 

-----BEGIN CERTIFICATE-----
MIIB3DCCAYOgAwIBAgIUcMNDYnHDDVHpOP3Hr7ICtlcYLuwwCgYIKoZIzj0EAwIw
RDEgMB4GA1UEAwwXQXV0aG9sb2dpYyBWZXJpZmllciBEZXYxEzARBgNVBAoMCkF1
dGhvbG9naWMxCzAJBgNVBAYTAlBMMB4XDTI1MTAyODA4MDUxMVoXDTI2MTAyODA4
MDUxMVowRDEgMB4GA1UEAwwXQXV0aG9sb2dpYyBWZXJpZmllciBEZXYxEzARBgNV
BAoMCkF1dGhvbG9naWMxCzAJBgNVBAYTAlBMMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAEkbbJTcjOozGhwx/6GtH1hh5BWbRd/CZL95Cy0LUj9gQmHEA9DzBzqhmz
UzD9DCVjTeaJ7smnyMIEkotFQSANb6NTMFEwHQYDVR0OBBYEFAtXR3HJegYDnF7e
dbc3tiwfzytmMB8GA1UdIwQYMBaAFAtXR3HJegYDnF7edbc3tiwfzytmMA8GA1Ud
EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIhAJ0ak5Vluoj6irVz5CjuAcUe
ivkGqOZBNz0HMNc86pgvAh9VgANGh61oaZL5S9FfCr6PtcBABmmIo3ejZwDdLCms
-----END CERTIFICATE-----
← Back to Verifier