Review comments

smallstep · Oct 26, 2023 · 8b54772 · 8b54772
1 parent a3c0c0b
commit 8b54772
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/pemutil/pem.go b/pemutil/pem.go
@@ -744,6 +744,9 @@ func BundleCertificate(bundlePEM []byte, certsPEM ...[]byte) ([]byte, bool, erro
 // UnbundleCertificate removes PEM-encoded certificates from a PEM-encoded
 // certificate bundle.
 func UnbundleCertificate(bundlePEM []byte, certsPEM ...[]byte) ([]byte, bool, error) {
+	if len(certsPEM) == 0 {
+		return bundlePEM, false, nil
+	}
 	drop := make(map[[sha256.Size224]byte]bool, len(certsPEM))
 	for i := range certsPEM {
 		cert, err := ParseCertificate(certsPEM[i])
@@ -766,11 +769,10 @@ func UnbundleCertificate(bundlePEM []byte, certsPEM ...[]byte) ([]byte, bool, er
 			modified = true
 			continue
 		}
-		block, err := Serialize(cert)
-		if err != nil {
-			return nil, false, err
-		}
-		keep = append(keep, pem.EncodeToMemory(block)...)
+		keep = append(keep, pem.EncodeToMemory(&pem.Block{
+			Type:  "CERTIFICATE",
+			Bytes: cert.Raw,
+		})...)
 	}
 
 	return keep, modified, nil

diff --git a/pemutil/pem_test.go b/pemutil/pem_test.go
@@ -1238,6 +1238,7 @@ func TestUnbundleCertificate(t *testing.T) {
 		{"remove one leave one", "testdata/bundle.crt", []string{"testdata/bundle-1st.crt"}, "testdata/bundle-2nd.crt", true, nil},
 		{"remove two leave none", "testdata/bundle.crt", []string{"testdata/bundle-1st.crt", "testdata/bundle-2nd.crt"}, "", true, nil},
 		{"remove none", "testdata/bundle.crt", []string{"testdata/ca.crt"}, "testdata/bundle.crt", false, nil},
+		{"none to remove", "testdata/bundle.crt", []string{}, "testdata/bundle.crt", false, nil},
 		{"bad cert", "testdata/bundle.crt", []string{"testdata/badca.crt"}, "", false, errors.New("invalid certificate 0")},
 		{"bad bundle", "testdata/badca.crt", []string{"testdata/ca.crt"}, "", false, errors.New("invalid bundle")},
 	}