From 3cac5bbfee244fced85ba5c1e4999f26d6335136 Mon Sep 17 00:00:00 2001
From: Matthew Chen <matthew@signal.org>
Date: Thu, 26 Jul 2018 11:20:40 -0400
Subject: [PATCH] Respond to CR.

---
 .../src/Contacts/CDSSigningCertificate.m         | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/SignalServiceKit/src/Contacts/CDSSigningCertificate.m b/SignalServiceKit/src/Contacts/CDSSigningCertificate.m
index 7e1855fac..e0035e22c 100644
--- a/SignalServiceKit/src/Contacts/CDSSigningCertificate.m
+++ b/SignalServiceKit/src/Contacts/CDSSigningCertificate.m
@@ -260,7 +260,6 @@ NS_ASSUME_NONNULL_BEGIN
 
 + (BOOL)verifyDistinguishedNameOfCertificate:(NSData *)certificateData
 {
-    OWSAssert(certificate);
     OWSAssert(certificateData);
 
     // The Security framework doesn't offer access to certificate properties
@@ -275,11 +274,16 @@ NS_ASSUME_NONNULL_BEGIN
     // NOTE: "Intel SGX Attestation Report Signing CA" is not the same as:
     //       "Intel SGX Attestation Report Signing"
     NSDictionary<NSString *, NSString *> *expectedProperties = @{
-        @"CN" : @"Intel SGX Attestation Report Signing CA",
-        @"O" : @"Intel Corporation",
-        @"L" : @"Santa Clara",
-        @"ST" : @"CA",
-        @"C" : @"US",
+        @(SN_commonName) : // "CN"
+            @"Intel SGX Attestation Report Signing CA",
+        @(SN_organizationName) : // "O"
+            @"Intel Corporation",
+        @(SN_localityName) : // "L"
+            @"Santa Clara",
+        @(SN_stateOrProvinceName) : // "ST"
+            @"CA",
+        @(SN_countryName) : // "C"
+            @"US",
     };
     if (![properties isEqualToDictionary:expectedProperties]) {
         OWSFail(@"%@ Unexpected certificate properties. %@ != %@", self.logTag, expectedProperties, properties);