From 1b78f79283e633abc5dd901ca4db99cea36aca1a Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Aug 30 2017 10:44:46 +0000
Subject: cert: fix wrong assumption of cert-show result type


cert-show returns a base64 encoded certificate yet the assumption
here was for a PEM bytes instance.

https://pagure.io/freeipa/issue/4985

Reviewed-By: Felipe Volpone <fbarreto@redhat.com>

---

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 41cb675..202d92d 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1270,8 +1270,8 @@ class cert_revoke(PKQuery, CertMethod, VirtualCommand):
             logger.debug("Not granted by ACI to revoke certificate, "
                          "looking at principal")
             try:
-                cert = x509.load_pem_x509_certificate(
-                    resp['result']['certificate'])
+                cert = x509.load_der_x509_certificate(
+                    base64.b64decode(resp['result']['certificate']))
                 if not bind_principal_can_manage_cert(cert):
                     raise acierr
             except errors.NotImplementedError: