Skip to content

Commit

Permalink
Update cert pinning code with a little more debugging
Browse files Browse the repository at this point in the history
Signed-off-by: Ying Li <[email protected]>
  • Loading branch information
cyli committed Sep 12, 2016
1 parent b8fc638 commit 6976e9c
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 5 deletions.
1 change: 1 addition & 0 deletions trustpinning/certs.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,7 @@ func validRootLeafCerts(allLeafCerts map[string]*x509.Certificate, gun string, c
// Make sure the certificate is not expired if checkExpiry is true
// and warn if it hasn't expired yet but is within 6 months of expiry
if err := utils.ValidateCertificate(cert, checkExpiry); err != nil {
logrus.Debugf("%s is invalid: %s", id, err.Error())
continue
}

Expand Down
7 changes: 2 additions & 5 deletions trustpinning/certs_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -451,13 +451,10 @@ func TestValidateRootWithPinnedCA(t *testing.T) {
require.Error(t, err)

// Now construct a new root with a valid cert chain, such that signatures are correct over the 'notary-signer' GUN. Pin the root-ca and validate
leafCert, err := utils.LoadCertFromFile("../fixtures/notary-signer.crt")
certChain, err := utils.LoadCertBundleFromFile("../fixtures/notary-signer.crt")
require.NoError(t, err)

intermediateCert, err := utils.LoadCertFromFile("../fixtures/intermediate-ca.crt")
require.NoError(t, err)

pemChainBytes, err := utils.CertChainToPEM([]*x509.Certificate{leafCert, intermediateCert})
pemChainBytes, err := utils.CertChainToPEM(certChain)
require.NoError(t, err)

newRootKey := data.NewPublicKey(data.RSAx509Key, pemChainBytes)
Expand Down

0 comments on commit 6976e9c

Please sign in to comment.