Strip signed certificate

Certificate (ca.crt) has to be striped for some application parsers as they might require pure base64 representation of certificate itself, without empty characters at the beginning nor the end of file Change-Id: I5f58e19d03abdf040b9a5b5df2f4dd83b4c0e3a9 Closes-Bug: #1775342 (cherry picked from commit edee7030e4)
2018-05-25 12:29:38 +02:00 · 2018-05-25 12:29:38 +02:00 · ef5c1b8999
parent 629ee4e7a8
commit ef5c1b8999
3 changed files with 24 additions and 1 deletions
--- a/magnum/common/x509/operations.py
+++ b/magnum/common/x509/operations.py
@ -226,7 +226,7 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
    certificate = builder.sign(
        private_key=ca_key, algorithm=hashes.SHA256(),
        backend=default_backend()
-    ).public_bytes(serialization.Encoding.PEM)
+    ).public_bytes(serialization.Encoding.PEM).strip()

    return certificate

--- a/magnum/tests/unit/common/x509/test_sign.py
+++ b/magnum/tests/unit/common/x509/test_sign.py
@ -223,6 +223,22 @@ class TestX509(base.BaseTestCase):
                        skip_validation=True)
        mock_six.assert_called_once_with(csr)

+    @mock.patch('cryptography.x509.load_pem_x509_csr')
+    def test_sign_empty_chars(self, mock_load_pem):
+        ca_key = self._generate_private_key()
+        private_key = self._generate_private_key()
+        csr_obj = self._build_csr(private_key)
+        csr = csr_obj.public_bytes(serialization.Encoding.PEM)
+        csr = six.text_type(csr.decode('utf-8'))
+
+        mock_load_pem.return_value = csr_obj
+        certificate = operations.sign(csr, self.issuer_name,
+                                      ca_key, skip_validation=True)
+
+        # Certificate has to be striped for some parsers
+        self.assertEqual(certificate,
+                         certificate.strip())
+
    def test_sign_with_invalid_csr(self):
        ca_key = self._generate_private_key()
        csr = 'test'
--- a/releasenotes/notes/strip-ca-certificate-a09d0c31c45973df.yaml
+++ b/releasenotes/notes/strip-ca-certificate-a09d0c31c45973df.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Strip signed certificate. Certificate (ca.crt) has to be striped
+    for some application parsers as they might require pure base64
+    representation of the certificate itself, without empty characters
+    at the beginning nor the end of file.