return 0
	}
	// Check that certChainBytes can be parsed successfully
	_, err = util.ParsePemEncodedCertificate(certChainBytes)
	if err != nil {
		return 0
	}
	rootCertBytes, err := f.GetBytes()
	if err != nil {
		return 0
	}
	// Check that rootCertBytes can be parsed successfully
	_, err = util.ParsePemEncodedCertificate(rootCertBytes)
	if err != nil {
		return 0
	}
	signedCert, err := f.GetBytes()

	blockTypeRSAPrivateKey   = "RSA PRIVATE KEY" // PKCS#1 private key
	blockTypePKCS8PrivateKey = "PRIVATE KEY"     // PKCS#8 plain private key
)

// ParsePemEncodedCertificate constructs a `x509.Certificate` object using the
// given a PEM-encoded certificate.
func ParsePemEncodedCertificate(certBytes []byte) (*x509.Certificate, error) {
	cb, _ := pem.Decode(certBytes)
	if cb == nil {
		return nil, fmt.Errorf("invalid PEM encoded certificate")
	}

		}
	}

	intermediates := x509.NewCertPool()
	if ok := intermediates.AppendCertsFromPEM(certChainPem); !ok {
		return fmt.Errorf("failed to parse certificate chain")
	}

	cert, err := ParsePemEncodedCertificate(certChainPem)
	if err != nil {
		return err
	}

	opts := x509.VerifyOptions{
		Intermediates: intermediates,
		Roots:         roots,
	}
	host := ""
	if expectedFields != nil {

// grace period.
func (cu CertUtilImpl) GetWaitTime(certBytes []byte, now time.Time) (time.Duration, error) {
	cert, certErr := util.ParsePemEncodedCertificate(certBytes)
	if certErr != nil {
		return time.Duration(0), certErr
	}
	timeToExpire := cert.NotAfter.Sub(now)
	if timeToExpire < 0 {

	if err != nil {
		serverCaLog.Errorf("failed to extract root cert expiry timestamp (error %v)", err)
	}
	rootCertExpiryTimestamp.Record(rootCertExpiry)

	rootCertPem, err := util.ParsePemEncodedCertificate(keyCertBundle.GetRootCertPem())
	if err != nil {
		serverCaLog.Errorf("failed to parse the root cert: %v", err)
	}

	}
	key, err := util.ParsePemEncodedKey(secret.Data[ca.CAPrivateKeyFile])
	if err != nil {
		log.Fatalf("Unrecognized key format from citadel %v", err)
	}
	cert, err := util.ParsePemEncodedCertificate(secret.Data[ca.CACertFile])
	if err != nil {
		log.Fatalf("Unrecognized cert format from citadel %v", err)
	}
	return cert, key
}

func main() {
	checkCmdLine()

		t.Errorf("failed to read %s file: %v", caCertFile, err)
	}
	return parseCert(t, certBytes)
}

func parseCert(t framework.TestContext, certBytes []byte) *x509.Certificate {
	parsedCert, err := util.ParsePemEncodedCertificate(certBytes)
	if err != nil {
		t.Errorf("failed to parse certificate pem file: %v", err)
	}
	return parsedCert