From e5dcf0a507e0388c6468998d0dc9af86a48df79f Mon Sep 17 00:00:00 2001
From: asraa <asraa@google.com>
Date: Wed, 23 Jun 2021 21:55:31 -0400
Subject: [PATCH] base64 encode timestamping cert chain (#340)

Signed-off-by: Asra Ali <asraa@google.com>
---
 pkg/api/api.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/api/api.go b/pkg/api/api.go
index 4537b7750..f58223c34 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"crypto/sha256"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/hex"
 	"encoding/pem"
 	"fmt"
@@ -114,9 +115,12 @@ func NewAPI() (*API, error) {
 	}
 
 	var certChain []*x509.Certificate
-	certChainStr := viper.GetString("rekor_server.timestamp_chain")
-	if certChainStr != "" {
-		var err error
+	b64CertChainStr := viper.GetString("rekor_server.timestamp_chain")
+	if b64CertChainStr != "" {
+		certChainStr, err := base64.StdEncoding.DecodeString(b64CertChainStr)
+		if err != nil {
+			return nil, errors.Wrap(err, "decoding timestamping cert")
+		}
 		if certChain, err = pki.ParseTimestampCertChain([]byte(certChainStr)); err != nil {
 			return nil, errors.Wrap(err, "parsing timestamp cert chain")
 		}