Use ComparableX509 everywhere.

letsencrypt/acme/messages.py

@@ -197,6 +197,7 @@ class AuthorizationRequest(Message):
         :type key: :class:`Crypto.PublicKey.RSA`
 
         :param str sig_nonce: Nonce used for signature. Useful for testing.
+        :kwargs: Any other arguments accepted by the class constructor.
 
         :returns: Signed "authorizationRequest" ACME message.
         :rtype: :class:`AuthorizationRequest`
@@ -251,8 +252,8 @@ class Certificate(Message):
     :ivar certificate: The certificate (:class:`M2Crypto.X509.X509`
         wrapped in :class:`letsencrypt.acme.util.ComparableX509`).
 
-    :ivar list chain: Chain of certificates (:class:`M2Crypto.X509.X509` wrapped
-        in :class:`letsencrypt.acme.util.ComparableX509` ).
+    :ivar list chain: Chain of certificates (:class:`M2Crypto.X509.X509`
+        wrapped in :class:`letsencrypt.acme.util.ComparableX509` ).
 
     """
     acme_type = "certificate"
@@ -305,6 +306,7 @@ class CertificateRequest(Message):
         :type key: :class:`Crypto.PublicKey.RSA`
 
         :param str sig_nonce: Nonce used for signature. Useful for testing.
+        :kwargs: Any other arguments accepted by the class constructor.
 
         :returns: Signed "certificateRequest" ACME message.
         :rtype: :class:`CertificateRequest`
@@ -435,6 +437,7 @@ class RevocationRequest(Message):
         :type key: :class:`Crypto.PublicKey.RSA`
 
         :param str sig_nonce: Nonce used for signature. Useful for testing.
+        :kwargs: Any other arguments accepted by the class constructor.
 
         :returns: Signed "revocationRequest" ACME message.
         :rtype: :class:`RevocationRequest`

letsencrypt/acme/messages_test.py

@@ -9,14 +9,17 @@ import mock
 from letsencrypt.acme import errors
 from letsencrypt.acme import jose
 from letsencrypt.acme import other
+from letsencrypt.acme import util
 
 
 KEY = Crypto.PublicKey.RSA.importKey(pkg_resources.resource_string(
     'letsencrypt.client.tests', 'testdata/rsa256_key.pem'))
-CERT = M2Crypto.X509.load_cert(pkg_resources.resource_filename(
-    'letsencrypt.client.tests', 'testdata/cert.pem'))
-CSR = M2Crypto.X509.load_request(pkg_resources.resource_filename(
-    'letsencrypt.client.tests', 'testdata/csr.pem'))
+CERT = util.ComparableX509(M2Crypto.X509.load_cert(
+    pkg_resources.resource_filename(
+        'letsencrypt.client.tests', 'testdata/cert.pem')))
+CSR = util.ComparableX509(M2Crypto.X509.load_request(
+    pkg_resources.resource_filename(
+        'letsencrypt.client.tests', 'testdata/csr.pem')))
 
 
 class MessageTest(unittest.TestCase):

letsencrypt/client/client.py

@@ -10,6 +10,7 @@ import M2Crypto
 import zope.component
 
 from letsencrypt.acme import messages
+from letsencrypt.acme import util as acme_util
 
 from letsencrypt.client import auth_handler
 from letsencrypt.client import client_authenticator
@@ -130,7 +131,8 @@ class Client(object):
         logging.info("Preparing and sending CSR...")
         return self.network.send_and_receive_expected(
             messages.CertificateRequest.create(
-                csr=M2Crypto.X509.load_request_der_string(csr_der),
+                csr=acme_util.ComparableX509(
+                    M2Crypto.X509.load_request_der_string(csr_der)),
                 key=Crypto.PublicKey.RSA.importKey(self.authkey.pem)),
             messages.Certificate)
 

letsencrypt/client/revoker.py

@@ -9,6 +9,7 @@ import M2Crypto
 import zope.component
 
 from letsencrypt.acme import messages
+from letsencrypt.acme import util as acme_util
 
 from letsencrypt.client import crypto_util
 from letsencrypt.client import display
@@ -38,7 +39,8 @@ class Revoker(object):
         :rtype: :class:`letsencrypt.acme.message.Revocation`
 
         """
-        certificate = M2Crypto.X509.load_cert(cert["backup_cert_file"])
+        certificate = acme_util.ComparableX509(
+            M2Crypto.X509.load_cert(cert["backup_cert_file"]))
         with open(cert["backup_key_file"], 'rU') as backup_key_file:
             key = Crypto.PublicKey.RSA.importKey(backup_key_file.read())
 
@@ -69,8 +71,8 @@ class Revoker(object):
         c_sha1_vh = {}
         for (cert, _, path) in self.installer.get_all_certs_keys():
             try:
-                c_sha1_vh[M2Crypto.X509.load_cert(
-                    cert).get_fingerprint(md='sha1')] = path
+                c_sha1_vh[acme_util.ComparableX509(M2Crypto.X509.load_cert(
+                    cert).get_fingerprint(md='sha1'))] = path
             except M2Crypto.X509.X509Error:
                 continue