Remove pem_cert_path and manage pem or der formats through cert-path parameter

oligatorr · oligatorr · commit a1bec12059ad · 2025-03-19T13:29:25.000+01:00
set utc in valid from
diff --git a/pymdoccbor/mdoc/issuer.py b/pymdoccbor/mdoc/issuer.py
@@ -74,7 +74,6 @@ def new(
         validity: dict = None,
         devicekeyinfo: Union[dict, CoseKey, str] = None,
         cert_path: str = None,
-        pem_cert_path: str = None,
         status_list: dict = {},
     ):
         """
@@ -139,7 +138,6 @@ def new(
             msoi = MsoIssuer(
                 data=data,
                 cert_path=cert_path,
-                pem_cert_path=pem_cert_path,
                 hsm=self.hsm,
                 key_label=self.key_label,
                 user_pin=self.user_pin,
@@ -157,12 +155,11 @@ def new(
                 private_key=self.private_key,
                 alg=self.alg,
                 cert_path=cert_path,
-                pem_cert_path=pem_cert_path,
                 validity=validity,
                 status_list=status_list
             )
 
-        mso = msoi.sign(doctype=doctype, device_key=devicekeyinfo,valid_from=datetime.datetime.now())
+        mso = msoi.sign(doctype=doctype, device_key=devicekeyinfo,valid_from=datetime.datetime.now(datetime. UTC))
 
         mso_cbor = mso.encode(
             tag=False,
diff --git a/pymdoccbor/mso/issuer.py b/pymdoccbor/mso/issuer.py
@@ -34,7 +34,6 @@ def __init__(
         data: dict,
         validity: dict,
         cert_path: str = None,
-        pem_cert_path: str = None,
         key_label: str = None,
         user_pin: str = None,
         lib_path: str = None,
@@ -86,7 +85,6 @@ def __init__(
         self.data: dict = data
         self.hash_map: dict = {}
         self.cert_path = cert_path
-        self.pem_cert_path = pem_cert_path
         self.disclosure_map: dict = {}
         self.digest_alg: str = digest_alg
         self.key_label = key_label
@@ -208,20 +206,19 @@ def sign(
         }
 
         if self.cert_path:
-            # Load the DER certificate file
+            # Try to load the certificate file
             with open(self.cert_path, "rb") as file:
                 certificate = file.read()
-
-            cert = x509.load_der_x509_certificate(certificate)
-
-            _cert = cert.public_bytes(getattr(serialization.Encoding, "DER"))
-        elif self.pem_cert_path:
-            # Load the PEM certificate file
-            with open(self.pem_cert_path, "rb") as file:
-                certificate = file.read()
-
-            cert = x509.load_pem_x509_certificate(certificate)
-
+            try:
+                cert = x509.load_pem_x509_certificate(certificate)
+            except Exception as e:
+                logger.error(f"Certificate at {self.cert_path} could not be loaded as PEM, trying DER")
+                try:
+                    cert = x509.load_der_x509_certificate(certificate)
+                except Exception as e:
+                    _err_msg = f"Certificate at {self.cert_path} could not be loaded as DER"
+                    logger.critical(_err_msg)
+                    raise Exception(_err_msg)
             _cert = cert.public_bytes(getattr(serialization.Encoding, "DER"))
         else:
             _cert = self.selfsigned_x509cert()
