arduino
diff --git a/‎certificates/certutils.go
Copy file name to clipboardExpand all lines: certificates/certutils.go
+43Lines changed: 43 additions & 0 deletions b/‎certificates/certutils.go
Copy file name to clipboardExpand all lines: certificates/certutils.go
+43Lines changed: 43 additions & 0 deletions
diff --git a/‎flasher/nina.go
Copy file name to clipboardExpand all lines: flasher/nina.go
+5-26Lines changed: 5 additions & 26 deletions b/‎flasher/nina.go
Copy file name to clipboardExpand all lines: flasher/nina.go
+5-26Lines changed: 5 additions & 26 deletions
diff --git a/‎flasher/winc.go
Copy file name to clipboardExpand all lines: flasher/winc.go
+8-24Lines changed: 8 additions & 24 deletions b/‎flasher/winc.go
Copy file name to clipboardExpand all lines: flasher/winc.go
+8-24Lines changed: 8 additions & 24 deletions
@@ -21,8 +21,10 @@ package certificates
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 
+	"github.com/arduino/go-paths-helper"
 	"github.com/sirupsen/logrus"
 )
 
@@ -53,3 +55,44 @@ func ScrapeRootCertificatesFromURL(URL string) (*x509.Certificate, error) {
 	rootCertificate := peerCertificates[len(peerCertificates)-1]
 	return rootCertificate, nil
 }
+
+// LoadCertificatesFromFile read certificates from the given file. PEM and CER formats
+// are supported.
+func LoadCertificatesFromFile(certificateFile *paths.Path) ([]*x509.Certificate, error) {
+	data, err := certificateFile.ReadFile()
+	if err != nil {
+		logrus.Error(err)
+		return nil, err
+	}
+	var res []*x509.Certificate
+	switch certificateFile.Ext() {
+	case ".cer":
+		cert, err := x509.ParseCertificate(data)
+		if err != nil {
+			logrus.Error(err)
+		}
+		res = append(res, cert)
+		return res, err
+
+	case ".pem":
+		for {
+			block, rest := pem.Decode(data)
+			if block == nil && len(rest) > 0 {
+				return nil, fmt.Errorf("invalid .pem data")
+			}
+			if block == nil {
+				return res, nil
+			}
+			cert, err := x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse certificate: %w", err)
+			}
+			res = append(res, cert)
+			if len(rest) == 0 {
+				return res, nil
+			}
+		}
+	default:
+		return nil, fmt.Errorf("cert format %s not supported, please use .pem or .cer", certificateFile.Ext())
+	}
+}
@@ -21,7 +21,6 @@ package flasher
 import (
 	"bytes"
 	"crypto/md5"
-	"crypto/x509"
 	"encoding/binary"
 	"encoding/pem"
 	"fmt"
@@ -102,11 +101,14 @@ func (f *NinaFlasher) FlashCertificates(certificatePaths *paths.PathList, URLs [
 		logrus.Infof("Converting and flashing certificate %s", certPath)
 		flasherOut.Write([]byte(fmt.Sprintf("Converting and flashing certificate %s\n", certPath)))
 
-		data, err := f.certificateFromFile(certPath)
+		certs, err := certificates.LoadCertificatesFromFile(certPath)
 		if err != nil {
 			return err
 		}
-		certificatesData = append(certificatesData, data...)
+		for _, cert := range certs {
+			data := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
+			certificatesData = append(certificatesData, data...)
+		}
 	}
 
 	for _, URL := range URLs {
@@ -141,29 +143,6 @@ func (f *NinaFlasher) FlashCertificates(certificatePaths *paths.PathList, URLs [
 	return nil
 }
 
-func (f *NinaFlasher) certificateFromFile(certificateFile *paths.Path) ([]byte, error) {
-	data, err := certificateFile.ReadFile()
-	if err != nil {
-		logrus.Error(err)
-		return nil, err
-	}
-	switch certificateFile.Ext() {
-	case ".cer":
-		// the data needs to be formatted in PEM format
-		cert, err := x509.ParseCertificate(data)
-		if err != nil {
-			logrus.Error(err)
-			return nil, err
-		}
-		return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}), nil
-	case ".pem":
-		// the data is already encoded in pem format and we do not need to parse it.
-		return data, nil
-	default:
-		return nil, fmt.Errorf("cert format %s not supported, please use .pem or .cer", certificateFile.Ext())
-	}
-}
-
 func (f *NinaFlasher) certificateFromURL(URL string) ([]byte, error) {
 	rootCertificate, err := certificates.ScrapeRootCertificatesFromURL(URL)
 	if err != nil {
 
@@ -83,11 +83,17 @@ func (f *WincFlasher) FlashCertificates(certificatePaths *paths.PathList, URLs [
 		logrus.Infof("Converting and flashing certificate %s", certPath)
 		flasherOut.Write([]byte(fmt.Sprintf("Converting and flashing certificate %s\n", certPath)))
 
-		data, err := f.certificateFromFile(certPath)
+		certs, err := certificates.LoadCertificatesFromFile(certPath)
 		if err != nil {
 			return err
 		}
-		certificatesData = append(certificatesData, data...)
+		for _, cert := range certs {
+			data, err := f.getCertificateData(cert)
+			if err != nil {
+				return err
+			}
+			certificatesData = append(certificatesData, data...)
+		}
 	}
 
 	for _, URL := range URLs {
@@ -110,28 +116,6 @@ func (f *WincFlasher) FlashCertificates(certificatePaths *paths.PathList, URLs [
 	return nil
 }
 
-func (f *WincFlasher) certificateFromFile(certificateFile *paths.Path) ([]byte, error) {
-	data, err := certificateFile.ReadFile()
-	if err != nil {
-		logrus.Error(err)
-		return nil, err
-	}
-	switch certificateFile.Ext() {
-	case ".cer":
-		cert, err := x509.ParseCertificate(data)
-		if err != nil {
-			logrus.Error(err)
-			return nil, err
-		}
-		return f.getCertificateData(cert)
-	case ".pem":
-		// the data is already encoded in pem format and we do not need to parse it.
-		return data, nil
-	default:
-		return nil, fmt.Errorf("cert format %s not supported, please use .pem or .cer", certificateFile.Ext())
-	}
-}
-
 func (f *WincFlasher) certificateFromURL(URL string) ([]byte, error) {
 	rootCertificate, err := certificates.ScrapeRootCertificatesFromURL(URL)
 	if err != nil {