Update cert pinning code with a little more debugging

Signed-off-by: Ying Li <ying.li@docker.com>
notaryproject · Sep 12, 2016 · 6976e9c · 6976e9c
1 parent b8fc638
commit 6976e9c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/trustpinning/certs.go b/trustpinning/certs.go
@@ -186,6 +186,7 @@ func validRootLeafCerts(allLeafCerts map[string]*x509.Certificate, gun string, c
 		// Make sure the certificate is not expired if checkExpiry is true
 		// and warn if it hasn't expired yet but is within 6 months of expiry
 		if err := utils.ValidateCertificate(cert, checkExpiry); err != nil {
+			logrus.Debugf("%s is invalid: %s", id, err.Error())
 			continue
 		}
 

diff --git a/trustpinning/certs_test.go b/trustpinning/certs_test.go
@@ -451,13 +451,10 @@ func TestValidateRootWithPinnedCA(t *testing.T) {
 	require.Error(t, err)
 
 	// Now construct a new root with a valid cert chain, such that signatures are correct over the 'notary-signer' GUN.  Pin the root-ca and validate
-	leafCert, err := utils.LoadCertFromFile("../fixtures/notary-signer.crt")
+	certChain, err := utils.LoadCertBundleFromFile("../fixtures/notary-signer.crt")
 	require.NoError(t, err)
 
-	intermediateCert, err := utils.LoadCertFromFile("../fixtures/intermediate-ca.crt")
-	require.NoError(t, err)
-
-	pemChainBytes, err := utils.CertChainToPEM([]*x509.Certificate{leafCert, intermediateCert})
+	pemChainBytes, err := utils.CertChainToPEM(certChain)
 	require.NoError(t, err)
 
 	newRootKey := data.NewPublicKey(data.RSAx509Key, pemChainBytes)