Fix the way that normalization was handling base64 encoding in a
one-step POST secret creation.
Previous to this CR, PEM payloads in a one-step POST with
payload_content_encoding="base64" were being converted to DER form,
which was inconsistent with the way content-encoding works with other
secret types.
This CR requires that PEM payloads be base64 encoded in their entirety
to be included in a one-step POST.
This also means that when a PEM payload is passed to the secret_store it
will be base64 encoded in its entirety, so secret stores that need to
use DER forms need to make the conversion internally in the plugin.
I will add the changes for the KMIP secret store in a follow-up CR.
Barbican core also expects PEM formatted payloads that have been base64
encoded back from the secret_store during a get, so those changes are
made as well.
Fixes-Bug: #1441866
Change-Id: Ifbe021729a14f18fddd05991f6f96e49fbcf5c01
Co-Authored-By: Dave McCowan <dmccowan@cisco.com>
829c7dc6e1