func TestInvalidChain(t *testing.T) {
	caKey, err := GenerateECP256PrivateKey()
	if err != nil {
		t.Fatalf("Error generating key: %s", err)
	}
	ca, err := testutil.GenerateTrustCA(caKey.CryptoPublicKey(), caKey.CryptoPrivateKey())
	if err != nil {
		t.Fatalf("Error generating ca: %s", err)
	}
	trustKey, chain := generateTrustChain(t, caKey, ca)

	testMap, _ := createTestJSON("verifySignatures", "   ")
	js, err := NewJSONSignatureFromMap(testMap)
	if err != nil {
		t.Fatalf("Error creating JSONSignature from map: %s", err)
	}

	err = js.SignWithChain(trustKey, chain[:5])
	if err != nil {
		t.Fatalf("Error signing with chain: %s", err)
	}

	pool := x509.NewCertPool()
	pool.AddCert(ca)
	chains, err := js.VerifyChains(pool)
	if err == nil {
		t.Fatalf("Expected error verifying with bad chain")
	}
	if len(chains) != 0 {
		t.Fatalf("Unexpected chains returned from invalid verify")
	}
}
func TestChainVerify(t *testing.T) {
	caKey, err := GenerateECP256PrivateKey()
	if err != nil {
		t.Fatalf("Error generating key: %s", err)
	}
	ca, err := testutil.GenerateTrustCA(caKey.CryptoPublicKey(), caKey.CryptoPrivateKey())
	if err != nil {
		t.Fatalf("Error generating ca: %s", err)
	}
	trustKey, chain := generateTrustChain(t, caKey, ca)

	testMap, _ := createTestJSON("verifySignatures", "   ")
	js, err := NewJSONSignatureFromMap(testMap)
	if err != nil {
		t.Fatalf("Error creating JSONSignature from map: %s", err)
	}

	err = js.SignWithChain(trustKey, chain)
	if err != nil {
		t.Fatalf("Error signing with chain: %s", err)
	}

	pool := x509.NewCertPool()
	pool.AddCert(ca)
	chains, err := js.VerifyChains(pool)
	if err != nil {
		t.Fatalf("Error verifying content: %s", err)
	}
	if len(chains) != 1 {
		t.Fatalf("Unexpected chains length: %d", len(chains))
	}
	if len(chains[0]) != 7 {
		t.Fatalf("Unexpected chain length: %d", len(chains[0]))
	}
}
func generateTrustChain(t *testing.T, chainLen int) (libtrust.PrivateKey, *x509.CertPool, []*x509.Certificate) {
	caKey, err := libtrust.GenerateECP256PrivateKey()
	if err != nil {
		t.Fatalf("Error generating key: %s", err)
	}
	ca, err := testutil.GenerateTrustCA(caKey.CryptoPublicKey(), caKey.CryptoPrivateKey())
	if err != nil {
		t.Fatalf("Error generating ca: %s", err)
	}

	parent := ca
	parentKey := caKey
	chain := make([]*x509.Certificate, chainLen)
	for i := chainLen - 1; i > 0; i-- {
		intermediatekey, err := libtrust.GenerateECP256PrivateKey()
		if err != nil {
			t.Fatalf("Error generate key: %s", err)
		}
		chain[i], err = testutil.GenerateIntermediate(intermediatekey.CryptoPublicKey(), parentKey.CryptoPrivateKey(), parent)
		if err != nil {
			t.Fatalf("Error generating intermdiate certificate: %s", err)
		}
		parent = chain[i]
		parentKey = intermediatekey
	}
	trustKey, err := libtrust.GenerateECP256PrivateKey()
	if err != nil {
		t.Fatalf("Error generate key: %s", err)
	}
	chain[0], err = testutil.GenerateTrustCert(trustKey.CryptoPublicKey(), parentKey.CryptoPrivateKey(), parent)
	if err != nil {
		t.Fatalf("Error generate trust cert: %s", err)
	}

	caPool := x509.NewCertPool()
	caPool.AddCert(ca)

	return trustKey, caPool, chain
}