From 4d5d5f7ae8164884c841969e46caed8db1ad34af Mon Sep 17 00:00:00 2001 From: ohemorange Date: Thu, 9 Oct 2025 13:43:01 -0700 Subject: [PATCH] Merge pull request #10474 from certbot/util-openssl Simplify loading code only used for PEM files --- certbot/src/certbot/tests/util.py | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/certbot/src/certbot/tests/util.py b/certbot/src/certbot/tests/util.py index ed3bbadc4..7a086f6c9 100644 --- a/certbot/src/certbot/tests/util.py +++ b/certbot/src/certbot/tests/util.py @@ -26,7 +26,6 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey import josepy as jose -from OpenSSL import crypto from certbot import configuration from certbot import util @@ -120,25 +119,12 @@ def load_jose_rsa_private_key_pem(*names: str) -> jose.ComparableRSAKey: return jose.ComparableRSAKey(load_rsa_private_key_pem(*names)) -def _guess_loader_pyopenssl(filename: str, loader_pem: int, loader_der: int) -> int: - # note: used by `load_rsa_private_key_pem` - _, ext = os.path.splitext(filename) - if ext.lower() == '.pem': - return loader_pem - elif ext.lower() == '.der': - return loader_der - raise ValueError("Loader could not be recognized based on extension") # pragma: no cover - - def load_rsa_private_key_pem(*names: str) -> RSAPrivateKey: """Load RSA private key.""" - loader = _guess_loader_pyopenssl(names[-1], crypto.FILETYPE_PEM, crypto.FILETYPE_ASN1) - loader_fn: Callable[..., Any] - if loader == crypto.FILETYPE_PEM: - loader_fn = serialization.load_pem_private_key - else: - loader_fn = serialization.load_der_private_key - key = loader_fn(load_vector(*names), password=None, backend=default_backend()) + _, ext = os.path.splitext(names[-1]) + assert ext.lower() == '.pem' + key = serialization.load_pem_private_key( + load_vector(*names), password=None, backend=default_backend()) assert isinstance(key, RSAPrivateKey) return key