x5chain is as per RFC9360 supposed to contain ordered array of X.509 certificates starting with end-entity certificate followed by the cerificate that signed it and so on. When validating cert parh all the cert chain provided in x5chain shall be used to construct cert. path from end entity up to trusted certificate. Current implementation is taking one by one certificates from x5chain and trying to build path to trust anchor only using this particular certificate. As a consequence it correctly validates certificate path only in case there are no intermediate CA certificates.
eu.europa.ec.eudi.iso18013.transfer.internal.readetauth.ReaderTrustStoreImpl
fun validateCertificationTrustPath
x5chain is as per RFC9360 supposed to contain ordered array of X.509 certificates starting with end-entity certificate followed by the cerificate that signed it and so on. When validating cert parh all the cert chain provided in x5chain shall be used to construct cert. path from end entity up to trusted certificate. Current implementation is taking one by one certificates from x5chain and trying to build path to trust anchor only using this particular certificate. As a consequence it correctly validates certificate path only in case there are no intermediate CA certificates.