simplify cert loading with new cryptography APIs (#6550)

/cc @driuba - does that look good? --------- Co-authored-by: Andrius Andrikonis <andrius.andrikonis@toughlex.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
mitmproxy · Dec 13, 2023 · 0b5e310 · 0b5e310
1 parent b84a821
commit 0b5e310
Showing 1 changed file with 4 additions and 12 deletions.
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py
@@ -2,7 +2,6 @@
 import datetime
 import ipaddress
 import os
-import re
 import sys
 from dataclasses import dataclass
 from pathlib import Path
@@ -328,14 +327,7 @@ def __init__(
         self.default_ca = default_ca
         self.default_chain_file = default_chain_file
         self.default_chain_certs = (
-            [
-                Cert.from_pem(chunk)
-                for chunk in re.split(
-                    rb"(?=-----BEGIN( [A-Z]+)+-----)",
-                    self.default_chain_file.read_bytes(),
-                )
-                if chunk.startswith(b"-----BEGIN CERTIFICATE-----")
-            ]
+            x509.load_pem_x509_certificates(self.default_chain_file.read_bytes())
             if self.default_chain_file
             else [default_ca]
         )
@@ -395,9 +387,9 @@ def from_files(
         raw = ca_file.read_bytes()
         key = load_pem_private_key(raw, passphrase)
         dh = cls.load_dhparam(dhparam_file)
-        certs = re.split(rb"(?=-----BEGIN CERTIFICATE-----)", raw)
-        ca = Cert.from_pem(certs[1])
-        if len(certs) > 2:
+        certs = x509.load_pem_x509_certificates(raw)
+        ca = Cert(certs[-1])
+        if len(certs) > 1:
             chain_file: Path | None = ca_file
         else:
             chain_file = None