fix: support parsing PEM from multiple blocks (#2110)

Before this PR it was required that the first PEM block contains the
certificate.
This PR parses all PEM blocks and returns the first certificate found.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

pkg/provider/azure/keyvault/keyvault.go

@@ -309,15 +309,31 @@ func (a *Azure) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushRemote
 }
 
 func getCertificateFromValue(value []byte) (*x509.Certificate, error) {
+	// 1st: try decode pkcs12
 	_, localCert, err := pkcs12.Decode(value, "")
-	if err != nil {
-		pemBlock, _ := pem.Decode(value)
-		if pemBlock == nil {
-			return x509.ParseCertificate(value)
+	if err == nil {
+		return localCert, nil
+	}
+
+	// 2nd: try DER
+	localCert, err = x509.ParseCertificate(value)
+	if err == nil {
+		return localCert, nil
+	}
+
+	// 3nd: parse PEM blocks
+	for {
+		block, rest := pem.Decode(value)
+		value = rest
+		if block == nil {
+			break
+		}
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err == nil {
+			return cert, nil
 		}
-		return x509.ParseCertificate(pemBlock.Bytes)
 	}
-	return localCert, err
+	return nil, fmt.Errorf("could not parse certificate value as PKCS#12, DER or PEM")
 }
 
 func getKeyFromValue(value []byte) (interface{}, error) {