From f1e85bfea3583ce2e8c74663fb4b572767ea6a49 Mon Sep 17 00:00:00 2001
From: Slavek Kabrda <bkabrda@redhat.com>
Date: Wed, 28 Aug 2024 13:26:55 +0200
Subject: [PATCH] Address review

Signed-off-by: Slavek Kabrda <bkabrda@redhat.com>
---
 pkg/repo/repo.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/repo/repo.go b/pkg/repo/repo.go
index 6b08ad214..4117a4338 100644
--- a/pkg/repo/repo.go
+++ b/pkg/repo/repo.go
@@ -16,6 +16,7 @@ package repo
 
 import (
 	"archive/tar"
+	"bytes"
 	"compress/gzip"
 	"context"
 	"crypto"
@@ -347,13 +348,14 @@ func getKeyWithDetails(key []byte) (crypto.PublicKey, crypto.Hash, error) {
 func certChainToCertificateAuthority(certChainPem []byte) (*root.CertificateAuthority, error) {
 	var cert *x509.Certificate
 	var err error
-	rest := certChainPem
+	rest := bytes.TrimSpace(certChainPem)
 	certChain := []*x509.Certificate{}
 
 	// skip potential whitespace at end of file (8 is kinda random, but seems to work fine)
-	for len(rest) > 8 {
+	for len(rest) > 0 {
 		var derCert *pem.Block
 		derCert, rest = pem.Decode(rest)
+		rest = bytes.TrimSpace(rest)
 		if derCert == nil {
 			return nil, fmt.Errorf("input is left, but it is not a certificate: %+v", rest)
 		}