From 333758d91f0771b78dfc14caf26820b1cfd5f778 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Fri, 30 Apr 2021 15:25:42 +0200
Subject: [PATCH] crypto: handle encrypted private keys

closes #811

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/crypto/api.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py
index 4a004cb73..fc10aa3a2 100644
--- a/authentik/crypto/api.py
+++ b/authentik/crypto/api.py
@@ -39,7 +39,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
         """Show if this keypair has a private key configured or not"""
         return instance.key_data != "" and instance.key_data is not None
 
-    def validate_certificate_data(self, value):
+    def validate_certificate_data(self, value: str) -> str:
         """Verify that input is a valid PEM x509 Certificate"""
         try:
             load_pem_x509_certificate(value.encode("utf-8"), default_backend())
@@ -47,7 +47,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
             raise ValidationError("Unable to load certificate.")
         return value
 
-    def validate_key_data(self, value):
+    def validate_key_data(self, value: str) -> str:
         """Verify that input is a valid PEM RSA Key"""
         # Since this field is optional, data can be empty.
         if value != "":
@@ -57,8 +57,10 @@ class CertificateKeyPairSerializer(ModelSerializer):
                     password=None,
                     backend=default_backend(),
                 )
-            except ValueError:
-                raise ValidationError("Unable to load private key.")
+            except (ValueError, TypeError):
+                raise ValidationError(
+                    "Unable to load private key (possibly encrypted?)."
+                )
         return value
 
     class Meta: