crypto._cert_fingerprint: pass bytes to load_pem_x509_certificate

crypto._cert_fingerprint must ensure first parameter to load_pem_x509_certificate is bytes, as there are code paths which pass this as a string, such as crypto.from_keyspec -> crypto._load_keyspec -> crypto.XMLSecCryptoFromXML.__init__ -> crypto._cert_fingerprint
IdentityPython · May 20, 2024 · eb3faf8 · eb3faf8
1 parent 739191d
commit eb3faf8
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/xmlsec/crypto.py b/src/xmlsec/crypto.py
@@ -358,6 +358,8 @@ def _get_cert_by_fp(self, fp):
 
 def _cert_fingerprint(cert_pem):
     if "-----BEGIN CERTIFICATE" in cert_pem:
+        if isinstance(cert_pem, six.text_type):
+            cert_pem = cert_pem.encode()
         cert = load_pem_x509_certificate(cert_pem, backend=default_backend())
     else:
         cert = load_der_x509_certificate(base64.standard_b64decode(cert_pem), backend=default_backend())