fix: update x.509 x5c order

Sphereon-Opensource · Nov 28, 2024 · 3dbfe73 · 3dbfe73
1 parent 175cd80
commit 3dbfe73
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/packages/x509-utils/src/x509/x509-validator.ts b/packages/x509-utils/src/x509/x509-validator.ts
@@ -134,7 +134,8 @@ export const validateX509CertificateChain = async ({
     }
   }
 
-  const certs = pemOrDerChain.map(pemOrDerToX509Certificate)
+  // x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
+  const certs = pemOrDerChain.map(pemOrDerToX509Certificate).reverse()
   const trustedCerts = trustedPEMs ? trustedPEMs.map(pemOrDerToX509Certificate) : undefined
   defaultCryptoEngine()