diff --git a/magnum/common/x509/operations.py b/magnum/common/x509/operations.py index 191906338e..d8a0eb26ec 100644 --- a/magnum/common/x509/operations.py +++ b/magnum/common/x509/operations.py @@ -13,6 +13,7 @@ # under the License. import datetime +import six import uuid from cryptography.hazmat.backends import default_backend @@ -153,10 +154,13 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None, :param skip_validation: skip csr validation if true :returns: generated certificate """ + if not isinstance(ca_key, rsa.RSAPrivateKey): ca_key = serialization.load_pem_private_key(ca_key, password=ca_key_password, backend=default_backend()) + if isinstance(csr, six.text_type): + csr = six.b(str(csr)) if not isinstance(csr, x509.CertificateSigningRequest): csr = x509.load_pem_x509_csr(csr, backend=default_backend()) diff --git a/magnum/tests/unit/common/x509/test_sign.py b/magnum/tests/unit/common/x509/test_sign.py index 0f85b6aa65..1ea81c7cd6 100644 --- a/magnum/tests/unit/common/x509/test_sign.py +++ b/magnum/tests/unit/common/x509/test_sign.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +import mock import six from cryptography.hazmat.backends import default_backend @@ -173,3 +174,17 @@ class TestX509(base.BaseTestCase): self.issuer_name, self.subject_name) self.assertInClientExtensions(cert) + + @mock.patch('cryptography.x509.load_pem_x509_csr') + @mock.patch('six.b') + def test_sign_with_unicode_csr(self, mock_six, mock_load_pem): + ca_key = self._generate_private_key() + private_key = self._generate_private_key() + csr_obj = self._build_csr(private_key) + csr = csr_obj.public_bytes(serialization.Encoding.PEM) + csr = six.u(csr) + + mock_load_pem.return_value = csr_obj + operations.sign(csr, self.issuer_name, ca_key, + skip_validation=True) + mock_six.assert_called_once_with(csr)