From c64226c6eb5a0f51e956f7d6f505dfd108ed8f38 Mon Sep 17 00:00:00 2001
From: 5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26
 <33426478+iadgovuser29@users.noreply.github.com>
Date: Wed, 9 Apr 2025 10:58:14 -0400
Subject: [PATCH] Take only first cert in multi part PEM (#916)

* Take only first cert in multi part PEM, minimize side effects

* Other cases

* Github Actions dropping their ubuntu 20 runner
---
 .github/workflows/dotnet_provisioner_unit_tests.yml    |  2 +-
 .../attestationca/persist/util/CredentialHelper.java   | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dotnet_provisioner_unit_tests.yml b/.github/workflows/dotnet_provisioner_unit_tests.yml
index 6fa613dc..97e2d209 100644
--- a/.github/workflows/dotnet_provisioner_unit_tests.yml
+++ b/.github/workflows/dotnet_provisioner_unit_tests.yml
@@ -13,7 +13,7 @@ jobs:
       matrix:
         include:
           - os: windows-2022
-          - os: ubuntu-20.04
+          - os: ubuntu-22.04
           # - os: windows-2019 Cannot Target windows-2019 because the .NET 6 SDK won't receive security patches for this image
     steps:
       - name: Set git to use LF
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java
index be6a08e5..5e202564 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java
@@ -58,9 +58,15 @@ public final class CredentialHelper {
     public static byte[] stripPemHeaderFooter(final String pemFile) {
         String strippedFile;
         strippedFile = pemFile.replace(CertificateVariables.PEM_HEADER, "");
-        strippedFile = strippedFile.replace(CertificateVariables.PEM_FOOTER, "");
+        int keyFooterPos = strippedFile.indexOf(CertificateVariables.PEM_FOOTER);
+        if (keyFooterPos >= 0) {
+            strippedFile = strippedFile.substring(0, keyFooterPos);
+        }
         strippedFile = strippedFile.replace(CertificateVariables.PEM_ATTRIBUTE_HEADER, "");
-        strippedFile = strippedFile.replace(CertificateVariables.PEM_ATTRIBUTE_FOOTER, "");
+        int attrFooterPos = strippedFile.indexOf(CertificateVariables.PEM_ATTRIBUTE_FOOTER);
+        if (attrFooterPos >= 0) {
+            strippedFile = strippedFile.substring(0, attrFooterPos);
+        }
         return Base64.decode(strippedFile);
     }