Hi, I think there is a vulnerability here.

Correct me if I'm wrong.

The certificate chain is not validated and the public key used to validate the message comes from the leaf certificate which is not validated at all. It looks like I could forge a fake message by putting a certificate chain in the x5c as such:

My own issued certificate

Apple's intermediate certificate

Apple's root certificate Since this code is only validating the authenticity of the last 2 and not checking if the first one is issued by the second one, I can put whatever I want there.

that's why we must verify the public certificate through the intermediate one.