| 615 | (path / f"{basename}-dhparam.pem").write_bytes(DEFAULT_DHPARAM) |
| 616 | |
| 617 | def add_cert_file( |
| 618 | self, spec: str, path: Path, passphrase: bytes | None = None |
| 619 | ) -> None: |
| 620 | raw = path.read_bytes() |
| 621 | cert = Cert.from_pem(raw) |
| 622 | try: |
| 623 | private_key = load_pem_private_key(raw, password=passphrase) |
| 624 | except ValueError as e: |
| 625 | private_key = self.default_privatekey |
| 626 | if cert.public_key() != private_key.public_key(): |
| 627 | raise ValueError( |
| 628 | f'Unable to find private key in "{path.absolute()}": {e}' |
| 629 | ) from e |
| 630 | else: |
| 631 | if cert.public_key() != private_key.public_key(): |
| 632 | raise ValueError( |
| 633 | f'Private and public keys in "{path.absolute()}" do not match:\n' |
| 634 | f"{cert.public_key()=}\n" |
| 635 | f"{private_key.public_key()=}" |
| 636 | ) |
| 637 | |
| 638 | try: |
| 639 | chain = [Cert(x) for x in x509.load_pem_x509_certificates(raw)] |
| 640 | except ValueError as e: |
| 641 | logger.warning(f"Failed to read certificate chain: {e}") |
| 642 | chain = [cert] |
| 643 | |
| 644 | if cert.is_ca: |
| 645 | logger.warning( |
| 646 | f'"{path.absolute()}" is a certificate authority and not a leaf certificate. ' |
| 647 | f"This indicates a misconfiguration, see https://docs.mitmproxy.org/stable/concepts-certificates/." |
| 648 | ) |
| 649 | |
| 650 | self.add_cert(CertStoreEntry(cert, private_key, path, chain), spec) |
| 651 | |
| 652 | def add_cert(self, entry: CertStoreEntry, *names: str) -> None: |
| 653 | """ |