Error during x509 certificate validation

[jer0622]

Hello, first of all thank you for your work.

As part of the Gaia-X project, we are trying to integrate the Eudi wallet with our verifier (https://icp-portal.aster-x.demo23.gxfs.fr/verifier).

During a new presentation, the Eudi wallet blocks on the verification of the x509 certificate contained in the 'x5c' field of the authorisation object. We get the error 'CERTIFICATE_PATH_ERROR':

java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:153) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301) at eu.europa.ec.eudi.iso18013.transfer.internal.readerauth.ReaderTrustStoreImpl.validateCertificationTrustPath(ReaderTrustStoreImpl.kt:83) at eu.europa.ec.eudi.wallet.internal.Openid4VpX509CertificateTrust.isTrusted(Openid4VpX509CertificateTrust.kt:36) at eu.europa.ec.eudi.openid4vp.internal.request.ClientAuthenticator.x5c(RequestAuthenticator.kt:146) at eu.europa.ec.eudi.openid4vp.internal.request.ClientAuthenticator.authenticateClient(RequestAuthenticator.kt:104) at eu.europa.ec.eudi.openid4vp.internal.request.RequestAuthenticator$authenticate$2.invokeSuspend(RequestAuthenticator.kt:62) at eu.europa.ec.eudi.openid4vp.internal.request.RequestAuthenticator$authenticate$2.invoke(Unknown Source:8) at eu.europa.ec.eudi.openid4vp.internal.request.RequestAuthenticator$authenticate$2.invoke(Unknown Source:4) at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:61) at kotlinx.coroutines.CoroutineScopeKt.coroutineScope(CoroutineScope.kt:261) at eu.europa.ec.eudi.openid4vp.internal.request.RequestAuthenticator.authenticate(RequestAuthenticator.kt:61) at eu.europa.ec.eudi.openid4vp.internal.request.DefaultAuthorizationRequestResolver.resolveRequestUri(DefaultAuthorizationRequestResolver.kt:161) at eu.europa.ec.eudi.openid4vp.internal.request.DefaultAuthorizationRequestResolver.access$resolveRequestUri(DefaultAuthorizationRequestResolver.kt:143) at eu.europa.ec.eudi.openid4vp.internal.request.DefaultAuthorizationRequestResolver$resolveRequestUri$3.invokeSuspend(Unknown Source:15) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)

This error only occurs on the android version and not on ios. We've done several tests, in particular including several certificates traced back to a parent certificate generated by Let's Encrypt, but we still get the same error.

Can you tell me what criteria the certificate must meet to pass validation?

Thanks

[jer0622]

I finally found the problem, we need to include the certificate in the whitelist when we build the wallet: https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/blob/main/wiki/configuration.md