mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-24 20:18:13 +02:00
cryptutil: fix normalize pem with certificate cycles (#5646)
## Summary If a certificate was its own authority it would result in `NormalizePEM` going into an infinite loop. This PR updates the code to avoid cycles using a set. ## Related issues - [ENG-2423](https://linear.app/pomerium/issue/ENG-2423/enterprise-console-updatekeypair-check-is-too-restrictive) ## Checklist - [x] reference any related issues - [x] updated unit tests - [ ] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review
This commit is contained in:
parent
4988aea751
commit
5a8597b57b
2 changed files with 82 additions and 35 deletions
|
@ -14,6 +14,17 @@ import (
|
|||
func TestNormalizePEM(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cycleCert := []byte(`-----BEGIN CERTIFICATE-----
|
||||
MIIBqTCCAU6gAwIBAgIUX5ybxP/LMyet/jBir4cx1ZkhGV0wCgYIKoZIzj0EAwIw
|
||||
GTEXMBUGA1UEAwwOZXhhbXBsZS1jZXJ0LTIwHhcNMjQwNTE2MjEzMjI5WhcNMjUw
|
||||
NTE2MjEzMjI5WjAZMRcwFQYDVQQDDA5leGFtcGxlLWNlcnQtMjBZMBMGByqGSM49
|
||||
AgEGCCqGSM49AwEHA0IABLSs3wwhUyip81aiP6aEW0JY44tZqYDqYpJxxIPjC0ce
|
||||
2QOYaXEMw6YlgJR3jt/oP+bFP9cCGojcD+p0hJW2DzOjdDByMB0GA1UdDgQWBBRE
|
||||
31UkR4OdgMmxoj1V1D5+MjbeRTAfBgNVHSMEGDAWgBRE31UkR4OdgMmxoj1V1D5+
|
||||
MjbeRTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQYMBaCDmxvY2FsaG9zdDo1NDMy
|
||||
hwR/AAABMAoGCCqGSM49BAMCA0kAMEYCIQDHwY1oj3TBZdDtTk+E7RqczOkv3SoO
|
||||
XKxuqSKG0OIoNAIhANRdc+x57QSUmul0S+MxNh6g17qw1ncfnp/62pA4nRWC
|
||||
-----END CERTIFICATE-----`)
|
||||
rootCA, intermediateCA, cert := testutil.GenerateCertificateChain(t)
|
||||
|
||||
for _, tc := range []struct {
|
||||
|
@ -54,6 +65,10 @@ func TestNormalizePEM(t *testing.T) {
|
|||
input: slices.Concat([]byte("BEFORE\n"), intermediateCA.PublicPEM, []byte("BETWEEN\n"), cert.PublicPEM, []byte("AFTER\n")),
|
||||
expect: slices.Concat([]byte("BETWEEN\n"), cert.PublicPEM, []byte("AFTER\n"), []byte("BEFORE\n"), intermediateCA.PublicPEM),
|
||||
},
|
||||
{
|
||||
input: cycleCert,
|
||||
expect: append(cycleCert, '\n'),
|
||||
},
|
||||
} {
|
||||
actual := cryptutil.NormalizePEM(tc.input)
|
||||
assert.Equal(t, string(tc.expect), string(actual))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue