From 1e12aef98b86f8ff91d92aa045dde2c8aafbaf0f Mon Sep 17 00:00:00 2001
From: Filippos Sakellaropoulos <phisakel@gmail.com>
Date: Thu, 10 Oct 2024 02:12:10 +0300
Subject: [PATCH] validate reader auth using full x5c chain

---
 Sources/MdocDataTransfer18013/MdocHelpers.swift | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Sources/MdocDataTransfer18013/MdocHelpers.swift b/Sources/MdocDataTransfer18013/MdocHelpers.swift
index 4917e19..f154e32 100644
--- a/Sources/MdocDataTransfer18013/MdocHelpers.swift
+++ b/Sources/MdocDataTransfer18013/MdocHelpers.swift
@@ -110,8 +110,7 @@ public class MdocHelpers {
 			var userRequestInfo = UserRequestInfo(validItemsRequested: validRequestItems, errorItemsRequested: errorRequestItems)
 			if let docR = deviceRequest.docRequests.first {
 				let mdocAuth = MdocReaderAuthentication(transcript: sessionEncryption.transcript)
-				if let readerAuthRawCBOR = docR.readerAuthRawCBOR, let certData = docR.readerCertificate, let x509 = try? X509.Certificate(derEncoded: [UInt8](certData)), let (b,reasonFailure) = try? mdocAuth.validateReaderAuth(readerAuthCBOR: readerAuthRawCBOR, readerAuthCertificate: certData, itemsRequestRawData: docR.itemsRequestRawData!, rootCerts: iaca) {
-					//params[UserRequestKeys.reader_certificate_issuer.rawValue]
+				if let readerAuthRawCBOR = docR.readerAuthRawCBOR, case let certData = docR.readerCertificates, certData.count > 0, let x509 = try? X509.Certificate(derEncoded: [UInt8](certData.first!)), let (b,reasonFailure) = try? mdocAuth.validateReaderAuth(readerAuthCBOR: readerAuthRawCBOR, readerAuthX5c: certData, itemsRequestRawData: docR.itemsRequestRawData!, rootCerts: iaca) {
 					userRequestInfo.readerCertificateIssuer = MdocHelpers.getCN(from: x509.subject.description)
 					userRequestInfo.readerAuthValidated = b
 					if let reasonFailure {  userRequestInfo.readerCertificateValidationMessage = reasonFailure }