From 6fc75632c82f9d6956d826fc7afb325b86c891af Mon Sep 17 00:00:00 2001
From: AJ ONeal <aoneal@bigsquid.com>
Date: Wed, 17 Apr 2019 17:08:53 -0600
Subject: [PATCH] Warn on empty string in whitelist

---
 keyfetch/fetch.go       | 4 ++++
 keyfetch/issuer_test.go | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/keyfetch/fetch.go b/keyfetch/fetch.go
index b350e6c..598a470 100644
--- a/keyfetch/fetch.go
+++ b/keyfetch/fetch.go
@@ -409,6 +409,10 @@ func NewWhitelist(issuers []string, privateList ...[]string) (Whitelist, error)
 func newWhitelist(list []*url.URL, issuers []string, insecure bool) (Whitelist, error) {
 	for i := range issuers {
 		iss := issuers[i]
+		if "" == strings.TrimSpace(iss) {
+			fmt.Println("[Warning] You have an empty string in your keyfetch whitelist.")
+			continue
+		}
 
 		// Should have a valid http or https prefix
 		// TODO support custom prefixes (i.e. app://) ?
diff --git a/keyfetch/issuer_test.go b/keyfetch/issuer_test.go
index d201919..5baba5a 100644
--- a/keyfetch/issuer_test.go
+++ b/keyfetch/issuer_test.go
@@ -20,7 +20,9 @@ func TestInvalidIssuer(t *testing.T) {
 }
 
 func TestIssuerMatches(t *testing.T) {
+	// because [""] = strings.Split(os.Getenv("DOESNTEXIST"), ",")
 	trusted := []string{
+		"",
 		"https://example.com/",
 		"foobar.net/def/",
 		"https://*.wild.org",
@@ -41,7 +43,7 @@ func TestIssuerMatches(t *testing.T) {
 		t.Fatal(err)
 	}
 	// Combo list
-	list, err = NewWhitelist(trusted, privates)
+	list, err = NewWhitelist(trusted[1:], privates)
 	if nil != err {
 		t.Fatal(err)
 	}