From a3eedc294d85fd08617ca1b56256513543986b2f Mon Sep 17 00:00:00 2001
From: Jakub Warmuz <jakub@warmuz.org>
Date: Thu, 12 Feb 2015 15:44:05 +0000
Subject: [PATCH] RevocationRequest.certificate auto decode/encode.

---
 letsencrypt/acme/messages.py  | 17 +++++++++++++----
 letsencrypt/client/revoker.py |  6 +++---
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/letsencrypt/acme/messages.py b/letsencrypt/acme/messages.py
index 812373ef9..30baa803b 100644
--- a/letsencrypt/acme/messages.py
+++ b/letsencrypt/acme/messages.py
@@ -435,7 +435,7 @@ class RevocationRequest(Message):
 
         """
         return cls(signature=other.Signature.from_msg(
-            kwargs["certificate"], key, sig_nonce), **kwargs)
+            kwargs["certificate"].as_der(), key, sig_nonce), **kwargs)
 
     def verify(self):
         """Verify signature.
@@ -446,17 +446,26 @@ class RevocationRequest(Message):
         """
         # TODO: must also check that the public key encoded in the JWK object
         # is the correct key for a given context.
-        return self.signature.verify(self.certificate)
+        return self.signature.verify(self.certificate.as_der())
+
+    @classmethod
+    def _decode_cert(cls, b64der):
+        return util.ComparableX509(M2Crypto.X509.load_cert_der_string(
+            jose.b64decode(b64der)))
+
+    @classmethod
+    def _encode_cert(cls, cert):
+        return jose.b64encode(cert.as_der())
 
     def _fields_to_json(self):
         return {
-            "certificate": jose.b64encode(self.certificate),
+            "certificate": self._encode_cert(self.certificate),
             "signature": self.signature,
         }
 
     @classmethod
     def _from_valid_json(cls, jobj):
-        return cls(certificate=jose.b64decode(jobj["certificate"]),
+        return cls(certificate=cls._decode_cert(jobj["certificate"]),
                    signature=other.Signature.from_json(
                        jobj["signature"], validate=False))
 
diff --git a/letsencrypt/client/revoker.py b/letsencrypt/client/revoker.py
index 5f60ef8af..732a6c596 100644
--- a/letsencrypt/client/revoker.py
+++ b/letsencrypt/client/revoker.py
@@ -38,13 +38,13 @@ class Revoker(object):
         :rtype: :class:`letsencrypt.acme.message.Revocation`
 
         """
-        cert_der = M2Crypto.X509.load_cert(cert["backup_cert_file"]).as_der()
+        certificate = M2Crypto.X509.load_cert(cert["backup_cert_file"])
         with open(cert["backup_key_file"], 'rU') as backup_key_file:
-            key = backup_key_file.read()
+            key = Crypto.PublicKey.RSA.importKey(backup_key_file.read())
 
         revocation = self.network.send_and_receive_expected(
             acme.messages.RevocationRequest.create(
-                certificate=cert_der, key=Crypto.PublicKey.RSA.importKey(key)),
+                certificate=certificate, key=key),
             acme.messages.Revocation)
 
         zope.component.getUtility(interfaces.IDisplay).generic_notification(