From ccd93d8027d6e66f5752682d2b92aa0d7ab34f2d Mon Sep 17 00:00:00 2001
From: Ruben van Staveren <rvstaveren@proserve.nl>
Date: Tue, 20 Aug 2019 12:09:45 +0200
Subject: [PATCH] Handle case in when both an intermediate and a root cert with
 the same name is present in our input

---
 sort_certificate.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/sort_certificate.py b/sort_certificate.py
index c6bf633..f0ba4fb 100755
--- a/sort_certificate.py
+++ b/sort_certificate.py
@@ -130,6 +130,18 @@ def order_x509(x509_objects, root_issuers):
     root_crt = [x for x in x509_objects if x.get_subject() == x.get_issuer()]
     if root_crt:
         root_crt = x509_objects.pop(x509_objects.index(root_crt[0]))
+        logging.warning('Found root certificate %s in input',
+                        str(root_crt.get_subject()))
+        # Double check if our self signed root certificate is not also present
+        # as an intermediate:
+        # - It is probably invalid input, and doesn't make sense
+        # - It confuses the ordering process
+        if next((x for x in x509_objects
+                 if x.get_subject() != x.get_issuer()
+                 and x.get_subject() == root_crt.get_subject()), None):
+            raise Exception('Both present as intermediate '
+                            'and root certificate: %s' %
+                            str(root_crt.get_subject()))
     else:
         # Get intermediate cert signed by any root from bundle as anchor, and
         # make that our root