3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-26 04:58:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix pem normalization when file has no trailing newline (#5645)

Browse source
This commit is contained in:
Caleb Doxsey 2025-06-06 16:43:27 -06:00 committed by GitHub
parent 9631d9ff1c
commit 4988aea751
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/cryptutil/pem.go
View file

@ -14,6 +14,11 @@ import (
// If the PEM data contains multiple certificates, signing certificates
// will be moved after the things they sign.
func NormalizePEM(data []byte) []byte {
// make sure the file has a trailing newline
if len(data) > 0 && !bytes.HasSuffix(data, []byte{'\n'}) {
data = append(data, '\n')
}
type Segment struct {
ID int
Data []byte

6
pkg/cryptutil/pem_test.go
View file

@ -1,6 +1,7 @@
package cryptutil_test
import (
"bytes"
"slices"
"testing"
@ -23,6 +24,11 @@ func TestNormalizePEM(t *testing.T) {
input: slices.Concat(rootCA.PublicPEM, intermediateCA.PublicPEM, cert.PublicPEM, cert.PrivateKeyPEM),
expect: slices.Concat(cert.PublicPEM, cert.PrivateKeyPEM, intermediateCA.PublicPEM, rootCA.PublicPEM),
},
{
// make sure we handle a file without a trailing newline
input: slices.Concat(intermediateCA.PublicPEM, bytes.TrimRight(cert.PublicPEM, "\n")),
expect: slices.Concat(cert.PublicPEM, intermediateCA.PublicPEM),
},
{
input: slices.Concat(cert.PublicPEM, cert.PrivateKeyPEM, intermediateCA.PublicPEM, rootCA.PublicPEM),
expect: slices.Concat(cert.PublicPEM, cert.PrivateKeyPEM, intermediateCA.PublicPEM, rootCA.PublicPEM),