Skip to content

Loader

provide.foundation.crypto.certificates.loader

TODO: Add module docstring.

Classes

Functions

load_certificate_from_pem 

load_certificate_from_pem(
    cert_pem_or_uri: str, key_pem_or_uri: str | None = None
) -> tuple[
    CertificateBase,
    x509.Certificate,
    rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None,
    str,
    str | None,
]

Load a certificate and optionally its private key from PEM data or file URIs.

Returns:

Type Description
tuple[CertificateBase, Certificate, RSAPrivateKey | EllipticCurvePrivateKey | None, str, str | None]

Tuple of (CertificateBase, X509Certificate, private_key, cert_pem, key_pem)
Source code in provide/foundation/crypto/certificates/loader.py 
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
def load_certificate_from_pem(
    cert_pem_or_uri: str,
    key_pem_or_uri: str | None = None,
) -> tuple[
    CertificateBase,
    x509.Certificate,
    rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None,
    str,
    str | None,
]:
    """Load a certificate and optionally its private key from PEM data or file URIs.

    Returns:
        Tuple of (CertificateBase, X509Certificate, private_key, cert_pem, key_pem)

    """
    try:
        logger.debug("πŸ“œπŸ”‘πŸš€ Loading certificate from provided data")
        cert_data = load_from_uri_or_pem(cert_pem_or_uri)

        logger.debug("πŸ“œπŸ”‘πŸ” Loading X.509 certificate from PEM data")
        x509_cert = x509.load_pem_x509_certificate(cert_data.encode("utf-8"))

        private_key = None
        key_data = None

        if key_pem_or_uri:
            logger.debug("πŸ“œπŸ”‘πŸš€ Loading private key")
            key_data = load_from_uri_or_pem(key_pem_or_uri)

            loaded_priv_key = load_pem_private_key(key_data.encode("utf-8"), password=None)
            if not isinstance(
                loaded_priv_key,
                rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey,
            ):
                raise CertificateError(
                    f"Loaded private key is of unsupported type: {type(loaded_priv_key)}. "
                    "Expected RSA or ECDSA private key.",
                )
            private_key = loaded_priv_key

        # Extract certificate details for CertificateBase
        loaded_not_valid_before = x509_cert.not_valid_before_utc  # type: ignore[attr-defined]
        loaded_not_valid_after = x509_cert.not_valid_after_utc  # type: ignore[attr-defined]
        if loaded_not_valid_before.tzinfo is None:
            loaded_not_valid_before = loaded_not_valid_before.replace(tzinfo=UTC)
        if loaded_not_valid_after.tzinfo is None:
            loaded_not_valid_after = loaded_not_valid_after.replace(tzinfo=UTC)

        cert_public_key = x509_cert.public_key()
        if not isinstance(cert_public_key, rsa.RSAPublicKey | ec.EllipticCurvePublicKey):
            raise CertificateError(
                f"Certificate's public key is of unsupported type: {type(cert_public_key)}. "
                "Expected RSA or ECDSA public key.",
            )

        base = CertificateBase(
            subject=x509_cert.subject,
            issuer=x509_cert.issuer,
            public_key=cert_public_key,
            not_valid_before=loaded_not_valid_before,
            not_valid_after=loaded_not_valid_after,
            serial_number=x509_cert.serial_number,
        )

        return base, x509_cert, private_key, cert_data, key_data

    except Exception as e:
        logger.error(
            f"πŸ“œβŒ Failed to load certificate. Error: {type(e).__name__}: {e}",
            extra={"error": str(e), "trace": traceback.format_exc()},
        )
        raise CertificateError(f"Failed to initialize certificate. Original error: {type(e).__name__}") from e

load_from_uri_or_pem 

load_from_uri_or_pem(data: str) -> str

Load PEM data either directly from a string or from a file URI.

Source code in provide/foundation/crypto/certificates/loader.py 
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
def load_from_uri_or_pem(data: str) -> str:
    """Load PEM data either directly from a string or from a file URI."""
    try:
        if data.startswith("file://"):
            path_str = data.removeprefix("file://")
            if os.name == "nt" and path_str.startswith("//"):
                path = Path(path_str)
            else:
                path_str = path_str.lstrip("/")
                if os.name != "nt" and data.startswith("file:///"):
                    path_str = "/" + path_str
                path = Path(path_str)

            logger.debug(f"πŸ“œπŸ“‚πŸš€ Loading data from file: {path}")
            with path.open("r", encoding="utf-8") as f:
                loaded_data = f.read().strip()
            return loaded_data

        loaded_data = data.strip()
        if not loaded_data.startswith("-----BEGIN"):
            logger.warning("πŸ“œπŸ“‚βš οΈ Data doesn't look like PEM format")
        return loaded_data
    except Exception as e:
        logger.error(f"πŸ“œπŸ“‚βŒ Failed to load data: {e}", extra={"error": str(e)})
        raise CertificateError(f"Failed to load data: {e}") from e