From 1082bffdddfcc781602331545af855a2b2838776 Mon Sep 17 00:00:00 2001
From: Boran Car <boran.car@gmail.com>
Date: Tue, 20 Oct 2020 22:09:17 +0200
Subject: [PATCH 1/2] Add Azure PFX certificate support

Azure typically uses pfx files for service principal authentication.
These are PKCS#12 files so just try and read a cert file as such if we
can't already read it as PEM.
---
 builder/azure/common/client/tokenprovider_cert.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/builder/azure/common/client/tokenprovider_cert.go b/builder/azure/common/client/tokenprovider_cert.go
index 38947827c..4ae8032c4 100644
--- a/builder/azure/common/client/tokenprovider_cert.go
+++ b/builder/azure/common/client/tokenprovider_cert.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/hashicorp/packer/builder/azure/pkcs12"
 )
 
 func NewCertOAuthTokenProvider(env azure.Environment, clientID, clientCertPath, tenantID string) (oAuthTokenProvider, error) {
@@ -124,7 +125,17 @@ func readCert(file string) (cert *x509.Certificate, key interface{}, err error)
 	}
 
 	if key == nil {
-		return nil, nil, fmt.Errorf("Did not find private key in pem file")
+		key, cert, err = pkcs12.Decode(d, "")
+		certs = append(certs, cert)
+
+		if err != nil {
+			return nil, nil, fmt.Errorf(
+				"Did not find private key in file, tried to read as PKCS#12 and failed: %v", err)
+		}
+	}
+
+	if key == nil {
+		return nil, nil, fmt.Errorf("Did not find private key in file")
 	}
 
 	// find the certificate that belongs to the private key by comparing the public keys
@@ -148,7 +159,7 @@ func readCert(file string) (cert *x509.Certificate, key interface{}, err error)
 	}
 
 	if cert == nil {
-		return nil, nil, fmt.Errorf("Did not find certificate belonging to private key in pem file")
+		return nil, nil, fmt.Errorf("Did not find certificate belonging to private key in file")
 	}
 
 	return cert, key, nil

From 9b89439ec282d153588337571a82a36457b00c53 Mon Sep 17 00:00:00 2001
From: Boran Car <boran.car@gmail.com>
Date: Tue, 20 Oct 2020 22:20:57 +0200
Subject: [PATCH 2/2] Rearrange cert add after err check for idiomatic

---
 builder/azure/common/client/tokenprovider_cert.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/builder/azure/common/client/tokenprovider_cert.go b/builder/azure/common/client/tokenprovider_cert.go
index 4ae8032c4..b03df2059 100644
--- a/builder/azure/common/client/tokenprovider_cert.go
+++ b/builder/azure/common/client/tokenprovider_cert.go
@@ -126,12 +126,11 @@ func readCert(file string) (cert *x509.Certificate, key interface{}, err error)
 
 	if key == nil {
 		key, cert, err = pkcs12.Decode(d, "")
-		certs = append(certs, cert)
-
 		if err != nil {
 			return nil, nil, fmt.Errorf(
 				"Did not find private key in file, tried to read as PKCS#12 and failed: %v", err)
 		}
+		certs = append(certs, cert)
 	}
 
 	if key == nil {