From bc7e07583f1264e5fdb94ab133603e5fc0b21f31 Mon Sep 17 00:00:00 2001
From: chubtub <43381989+chubtub@users.noreply.github.com>
Date: Wed, 27 Oct 2021 13:41:55 -0400
Subject: [PATCH] Match only the actual extension bytes of the SKID

---
 .../src/main/java/hirs/utils/ReferenceManifestValidator.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/HIRS_Utils/src/main/java/hirs/utils/ReferenceManifestValidator.java b/HIRS_Utils/src/main/java/hirs/utils/ReferenceManifestValidator.java
index daf0096a..213b3326 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/ReferenceManifestValidator.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/ReferenceManifestValidator.java
@@ -182,7 +182,7 @@ public class ReferenceManifestValidator {
                 }
             } else {
                 subjectKeyIdentifier = getKeyName(rim);
-                if (subjectKeyIdentifier.equals(cert.getSubjectKeyIdString())) {
+                if (subjectKeyIdentifier.equals(cert.getSubjectKeyIdString().substring(8))) {
                     context = new DOMValidateContext(cert.getX509Certificate().getPublicKey(),
                             nodes.item(0));
                 }
@@ -354,6 +354,7 @@ public class ReferenceManifestValidator {
 
     /**
      * This method returns the subjectKeyIdentifier from a given X509Certificate.
+     *
      * @param certificate the cert to pull the subjectKeyIdentifier from
      * @return the String representation of the subjectKeyIdentifier
      * @throws IOException