azure-identity | CertificateCredential fails to parse PEM certificate (Error "Failed to deserialize certificate in PEM or PKCS12 format")

[anishnair-kpmg]

• Package Name: azure-identity
• Package Version: 1.10.0
• Operating System: Windows 10
• Python Version: 3.10.4

Describe the bug
Getting 'Failed to deserialize certificate in PEM or PKCS12 format' error while using 'CertificateCredential' python module in 'azure.identity' python package. More details error logs below:

Traceback (most recent call last):
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\certificate.py", line 90, in load_pkcs12_certificate
private_key, cert, additional_certs = pkcs12.load_key_and_certificates(
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\cryptography\hazmat\primitives\serialization\pkcs12.py", line 147, in load_key_and_certificates
return ossl.load_key_and_certificates_from_pkcs12(data, password)
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py", line 2134, in load_key_and_certificates_from_pkcs12
pkcs12 = self.load_pkcs12(data, password)
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py", line 2151, in load_pkcs12
raise ValueError("Could not deserialize PKCS12 data")
ValueError: Could not deserialize PKCS12 data

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "C:\Users\userfolder\Downloads\AzureCertificateBasedFileDownload.py", line 51, in
credentials = CertificateCredential(AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_CERTIFICATE_PATH)
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\certificate.py", line 54, in init
client_credential = get_client_credential(certificate_path, **kwargs)
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\certificate.py", line 133, in get_client_credential
cert = load_pkcs12_certificate(certificate_data, password)
File "C:\Users\userfolder\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\certificate.py", line 95, in load_pkcs12_certificate
six.raise_from(ValueError("Failed to deserialize certificate in PEM or PKCS12 format"), ex)
File "", line 3, in raise_from
ValueError: Failed to deserialize certificate in PEM or PKCS12 format

To Reproduce
Steps to reproduce the behavior:
Failure Scenario:
Install ‘azure-identity’ by running pip install azure-identity
Run python script that has "credentials = CertificateCredential(AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_CERTIFICATE_PATH)"

Expected Failure Message: “ValueError: Failed to deserialize certificate in PEM or PKCS12 format”

Expected behavior
To successfully read certificate

Additional context
If I uninstall latest version 'azure-identity' and specifically install azure-identity ==1.4.0 then I'm able to parse the certificate without any issues.
Additionally, I could see that issue was raised before "#21798". However, I could see this particular issue as closed. But I'm facing the same error.

[catalinaperalta]

Thanks for reaching out @anishnair-kpmg! We'll investigate asap.

[xiangyan99]

@anishnair-kpmg Thanks for reporting the issue. Could you help to check the version of cryptography library?