From 980c8a5f9e4ccbcd3c11def9cab33d0e61e945ae Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Jan 31 2017 17:33:27 +0000
Subject: py3: normalize_certificate: support both bytes and unicode


https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>

---

diff --git a/ipalib/x509.py b/ipalib/x509.py
index d883ac4..87d46ae 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -251,13 +251,22 @@ def normalize_certificate(rawcert):
 
     rawcert = strip_header(rawcert)
 
-    if util.isvalid_base64(rawcert):
-        try:
-            dercert = base64.b64decode(rawcert)
-        except Exception as e:
-            raise errors.Base64DecodeError(reason=str(e))
-    else:
+    try:
+        if isinstance(rawcert, bytes):
+            # base64 must work with utf-8, otherwise it is raw bin certificate
+            decoded_cert = rawcert.decode('utf-8')
+        else:
+            decoded_cert = rawcert
+    except UnicodeDecodeError:
         dercert = rawcert
+    else:
+        if util.isvalid_base64(decoded_cert):
+            try:
+                dercert = base64.b64decode(decoded_cert)
+            except Exception as e:
+                raise errors.Base64DecodeError(reason=str(e))
+        else:
+            dercert = rawcert
 
     # At this point we should have a DER certificate.
     # Attempt to decode it.