'Incorrect name chaining' error while verifying mDL

[MallikarjunH09]

I used this repo and created local server in my system. Done necessary setup and created different methods to create and use API's in postman or mobile app.

I am able to issue credentials, but while verifying the credential I am getting an error as 'Incorrect name chaining'

Here is the code

const trustedCerts = [fs.readFileSync('./certs/caCert.pem', 'utf8'),fs.readFileSync('./certs/issuerCert.pem', 'utf8')];

app.post("/verify", async (req, res) => {
    const { encodedDeviceResponseHex, encodedSessionTranscriptHex, ephemeralReaderKeyHex } = req.body;

    try {

        const encodedDeviceResponse = Buffer.from(encodedDeviceResponseHex, 'hex');
        const encodedSessionTranscript = Buffer.from(encodedSessionTranscriptHex, 'hex');
        const ephemeralReaderKey = Buffer.from(ephemeralReaderKeyHex, 'hex');

        const verifier = new Verifier(trustedCerts); 

        const mdoc = await verifier.verify(encodedDeviceResponse, {
            ephemeralReaderKey,
            encodedSessionTranscript,
        });

        res.json({ mdoc });
    } catch (error) {
        console.error("Error while verifying document:", error.message);
        res.status(500).json({ error: error.message });
    }
});

Sample values which are passing in this method

Encoded Device Response Hex: b900036776657273696f6e63312e3069646f63756d656e747381a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564b900026a6e616d65537061636573a1716f72672e69736f2e31383031332e352e3185d8185863a46864696765737449440071656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c7565633165776672616e646f6d582047871ecc93a61fa5919556d287628d15c48fcf4f0dee143d1a1b883003573197d8185868a46864696765737449440171656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565694c4f6b6573683039316672616e646f6d5820d8b3576bb0fa01a82e407749b43044d55d931928cbacf28baade02c4510d98b5d8185869a46864696765737449440271656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c75656a313939352d30312d30316672616e646f6d58205ebd9b357b7dded99ed9d5099fda8a64508178548407517abb0a64fdfeb0c3c5d8185860a46864696765737449440371656c656d656e744964656e7469666965726b6167655f6f7665725f32316c656c656d656e7456616c7565f56672616e646f6d5820eaf1dd9993ac3d9e2e56835bced1c44f44c8572fef70add19ebb7b0eead257a5d8185860a46864696765737449440471656c656d656e744964656e7469666965726b6167655f6f7665725f32396c656c656d656e7456616c7565f56672616e646f6d5820206cc69cd46f6e8d64653209e40da578617376f657cb8359d5327add63d911d76a697373756572417574688443a10126a204582b354870517a7068524e50424a66485a356e2d49482d712d4475394a4a523773377357716a397076706a47301821815902d1308202cd30820273a00302010202145142085d2be6abd4decf6861a753d4bf635f4318300a06082a8648ce3d0403023081c2310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a43616c69666f726e6961312a3028060355040a0c214d79436f6d70616e792043657274696669636174696f6e20417574686f726974793120301e060355040b0c1743657274696669636174696f6e20417574686f72697479311a301806035504030c114d79436f6d70616e7920526f6f74204341311f301d06092a864886f70d01090116106361406d79636f6d70616e792e636f6d301e170d3234313030373130303534335a170d3235313030373130303534335a3081c5310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31233021060355040a0c1a4d79436f6d70616e79204d6f62696c6520494420497373756572311d301b060355040b0c144d6f62696c65204944204465706172746d656e743120301e06035504030c174d79436f6d70616e79204d6f62696c65204973737565723123302106092a864886f70d0109011614697373756572406d79636f6d70616e792e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004f9e2f2b8d412808148dbb4ed35a9687db0095adbbb412cffc9dcfb020bfaf549b8110146be4129a572093a9d82c228bd1219b32910bad5e5b90fa3626e5d57a7a3423040301d0603551d0e0416041403c93217b2f13c854aa07f1a866cb517d2be9da1301f0603551d230418301680149159fd0583077209c91685230cf605a9a8fd097a300a06082a8648ce3d0403020348003045022100e0f2d58f81e8f3c8c183ef35fb19ea63a0fa6815af3e3b06cb6d17a3b589a6cf02200723b6ab663ed7198e4de66e1f00a6770a4fe7717558c68ddc670d22a80274d4590214d81859020fb900066776657273696f6e63312e306f646967657374416c676f726974686d675348412d3235366c76616c756544696765737473a1716f72672e69736f2e31383031332e352e31a5005820b1582971063896fffbadd1a8870bd713c2468a2c1cbb0236affa8e4ebb8f66b30258202da54d798adc73ffc7a3d4b6006367537e18f1d78aedd72e2323fd0f1885b9640458207e3e206ec74ef1bf300ae82a4f53d205d985768e4db800d6c27c1a7d12ef77f80158203b89cb485124f855578fef8f19fa8396a19043a2ea2a929b50477aec7b3d665e0358207b0b17f4463e68f77ccc4306ae7540b42769ba8ef0ffd929530a9e541671bcdf6d6465766963654b6579496e666fb90001696465766963654b6579a5010202782b4d386e722d4b65596879773038386e527958703067553551484932364e465f4338733341744836496f4a512001215820ff3d4ffa60d9af7bf8aa3543f074f0534506cf876541f1729e97fa8ce498bd03225820e00b1f2a47a29c532809a44bc49df583f1df870d61bcb500c907a782ae882a0867646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c76616c6964697479496e666fb90004667369676e6564d903ec6a323032342d31302d30386976616c696446726f6dd903ec6a323032342d31302d30386a76616c6964556e74696cd903ec6a323032352d31302d30386e6578706563746564557064617465f758402f2697be3f8eb88f93b1abfdfb506430b852787bf6dda87a16636d64acb7919bfc74153138fd9d7d9c161f84534c784a30344e1ef072b54a4488d0a68d06587a6673746174757300

Session Transcript Hex: 7b226465766963654e6f6e6365223a223137383730353765363561383761373431326231653339333331353536313038222c2276657269666965724e6f6e6365223a223035306131616265633564343161663536386461353436343161323438306565222c2273657373696f6e4944223a22736f6d652d756e697175652d73657373696f6e2d6964227d

Generated Ephemeral Reader Key (Hex):

2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d494942496a414e42676b71686b6947397730424151454641414f43415138414d49494243674b43415145416e4c4b79722f6348664a554834436752397a2f70666b444a51664276397845796f3055544c364f506a556b2f4573623961547265677274302b3032714564434f34654134496b6f726239315a6d4b706c39576a56613053414e546554586f4e6266373136693043724c354167572f58504b645444434e574a53383565564645315139654b6c753835764c6b6943363741504965326738336b6f616571655a6c4275574977424f6f6e712b6b596e6659414652745075564a2f47316d652b2b46306376454d736243304f794f316c576a42554b4f384b67726376626f336658642b2f546a4e77715a465557774a474b2b394a656a745875667251653665757861557a376b50653636772b75666d58386134317a304f6537474f6c783175547532654c354235526e51567a444d76547341486a42635a5863577a586c61306341324c32316772553635457a674e46464a537677482f364f514944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d

Another one observation, if I update below line

const trustedCerts = [fs.readFileSync('./certs/caCert.pem', 'utf8'),fs.readFileSync('./certs/issuerCert.pem', 'utf8')];

with below one then

const trustedCerts = [fs.readFileSync('./certs/caCert.pem', 'utf8'))];

I will get another as,

Error while verifying document: The MSO signed date (Mon, 07 Oct 2024 00:00:00 GMT) must be within the validity period of the certificate (Mon, 07 Oct 2024 10:05:43 GMT to Tue, 07 Oct 2025 10:05:43 GMT)

Even if all certificates are valid and MSO signed date was also between validity period.

Can someone help me what is the mistake I am done? or any solution to fix this issue? If required I will share entire source code for reference.

[siacomuzzi]

const trustedCerts = [fs.readFileSync('./certs/caCert.pem', 'utf8'))];

This should be fine, there is no need to specify the issuer signing certificate, just the rest of the chain.

Error while verifying document: The MSO signed date (Mon, 07 Oct 2024 00:00:00 GMT) must be within the validity period of the certificate (Mon, 07 Oct 2024 10:05:43 GMT to Tue, 07 Oct 2025 10:05:43 GMT)

Please note that the validity period of the certificate starts at 10:05:43 GMT and the MSO was signed before that (00:00:00 GMT)

[MallikarjunH09]

Thanks for the reply.