From d21ca90560ef590526971eb3c753eb96a34cc041 Mon Sep 17 00:00:00 2001
From: Brad Warren <bradmw@umich.edu>
Date: Wed, 16 Dec 2015 17:33:08 -0800
Subject: [PATCH] Use dump on ComparableX509

---
 acme/acme/challenges_test.py  | 3 +--
 acme/acme/jose/json_util.py   | 6 ++----
 acme/acme/jose/jws.py         | 3 +--
 acme/acme/jose/jws_test.py    | 8 ++------
 letsencrypt/cli.py            | 6 +++---
 letsencrypt/client.py         | 6 ++----
 letsencrypt/renewer.py        | 3 +--
 letsencrypt/tests/cli_test.py | 4 ++--
 8 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/acme/acme/challenges_test.py b/acme/acme/challenges_test.py
index a4e78ebe9..c01511171 100644
--- a/acme/acme/challenges_test.py
+++ b/acme/acme/challenges_test.py
@@ -420,8 +420,7 @@ class ProofOfPossessionHintsTest(unittest.TestCase):
         self.jmsg_to = {
             'jwk': jwk,
             'certFingerprints': cert_fingerprints,
-            'certs': (jose.encode_b64jose(OpenSSL.crypto.dump_certificate(
-                OpenSSL.crypto.FILETYPE_ASN1, CERT)),),
+            'certs': (jose.encode_b64jose(CERT.dump()),),
             'subjectKeyIdentifiers': subject_key_identifiers,
             'serialNumbers': serial_numbers,
             'issuers': issuers,
diff --git a/acme/acme/jose/json_util.py b/acme/acme/jose/json_util.py
index 7b95e3fce..66776172b 100644
--- a/acme/acme/jose/json_util.py
+++ b/acme/acme/jose/json_util.py
@@ -372,8 +372,7 @@ def encode_cert(cert):
     :rtype: unicode
 
     """
-    return encode_b64jose(OpenSSL.crypto.dump_certificate(
-        OpenSSL.crypto.FILETYPE_ASN1, cert))
+    return encode_b64jose(cert.dump())
 
 
 def decode_cert(b64der):
@@ -397,8 +396,7 @@ def encode_csr(csr):
     :rtype: unicode
 
     """
-    return encode_b64jose(OpenSSL.crypto.dump_certificate_request(
-        OpenSSL.crypto.FILETYPE_ASN1, csr))
+    return encode_b64jose(csr.dump())
 
 
 def decode_csr(b64der):
diff --git a/acme/acme/jose/jws.py b/acme/acme/jose/jws.py
index 1a073e17d..939932d36 100644
--- a/acme/acme/jose/jws.py
+++ b/acme/acme/jose/jws.py
@@ -123,8 +123,7 @@ class Header(json_util.JSONObjectWithFields):
 
     @x5c.encoder
     def x5c(value):  # pylint: disable=missing-docstring,no-self-argument
-        return [base64.b64encode(OpenSSL.crypto.dump_certificate(
-            OpenSSL.crypto.FILETYPE_ASN1, cert)) for cert in value]
+        return [base64.b64encode(cert.dump()) for cert in value]
 
     @x5c.decoder
     def x5c(value):  # pylint: disable=missing-docstring,no-self-argument
diff --git a/acme/acme/jose/jws_test.py b/acme/acme/jose/jws_test.py
index 69341f228..065243774 100644
--- a/acme/acme/jose/jws_test.py
+++ b/acme/acme/jose/jws_test.py
@@ -3,7 +3,6 @@ import base64
 import unittest
 
 import mock
-import OpenSSL
 
 from acme import test_util
 
@@ -68,13 +67,10 @@ class HeaderTest(unittest.TestCase):
         from acme.jose.jws import Header
         header = Header(x5c=(CERT, CERT))
         jobj = header.to_partial_json()
-        cert_b64 = base64.b64encode(OpenSSL.crypto.dump_certificate(
-            OpenSSL.crypto.FILETYPE_ASN1, CERT))
+        cert_b64 = base64.b64encode(CERT.dump())
         self.assertEqual(jobj, {'x5c': [cert_b64, cert_b64]})
         self.assertEqual(header, Header.from_json(jobj))
-        jobj['x5c'][0] = base64.b64encode(
-            b'xxx' + OpenSSL.crypto.dump_certificate(
-                OpenSSL.crypto.FILETYPE_ASN1, CERT))
+        jobj['x5c'][0] = base64.b64encode(b'xxx' + CERT.dump())
         self.assertRaises(errors.DeserializationError, Header.from_json, jobj)
 
     def test_find_key(self):
diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py
index 29519d430..1a141f556 100644
--- a/letsencrypt/cli.py
+++ b/letsencrypt/cli.py
@@ -391,9 +391,9 @@ def _auth_from_domains(le_client, config, domains):
         new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
         # TODO: Check whether it worked! <- or make sure errors are thrown (jdk)
         lineage.save_successor(
-            lineage.latest_common_version(), OpenSSL.crypto.dump_certificate(
-                OpenSSL.crypto.FILETYPE_PEM, new_certr.body),
-            new_key.pem, crypto_util.dump_pyopenssl_chain(new_chain))
+            lineage.latest_common_version(),
+            new_certr.body.dump(OpenSSL.crypto.FILETYPE_PEM), new_key.pem,
+            crypto_util.dump_pyopenssl_chain(new_chain))
 
         lineage.update_all_links_to(lineage.latest_common_version())
         # TODO: Check return value of save_successor
diff --git a/letsencrypt/client.py b/letsencrypt/client.py
index 080ee7991..59ac11a72 100644
--- a/letsencrypt/client.py
+++ b/letsencrypt/client.py
@@ -299,8 +299,7 @@ class Client(object):
                 "by your operating system package manager")
 
         lineage = storage.RenewableCert.new_lineage(
-            domains[0], OpenSSL.crypto.dump_certificate(
-                OpenSSL.crypto.FILETYPE_PEM, certr.body),
+            domains[0], certr.body.dump(OpenSSL.crypto.FILETYPE_PEM),
             key.pem, crypto_util.dump_pyopenssl_chain(chain),
             params, config, cli_config)
         return lineage
@@ -329,8 +328,7 @@ class Client(object):
                 os.path.dirname(path), 0o755, os.geteuid(),
                 self.config.strict_permissions)
 
-        cert_pem = OpenSSL.crypto.dump_certificate(
-            OpenSSL.crypto.FILETYPE_PEM, certr.body)
+        cert_pem = certr.body.dump(OpenSSL.crypto.FILETYPE_PEM)
         cert_file, act_cert_path = le_util.unique_file(cert_path, 0o644)
         try:
             cert_file.write(cert_pem)
diff --git a/letsencrypt/renewer.py b/letsencrypt/renewer.py
index 3996cfe67..6e2366d82 100644
--- a/letsencrypt/renewer.py
+++ b/letsencrypt/renewer.py
@@ -102,8 +102,7 @@ def renew(cert, old_version):
         #      new_key if the old key is to be used (since save_successor
         #      already understands this distinction!)
         return cert.save_successor(
-            old_version, OpenSSL.crypto.dump_certificate(
-                OpenSSL.crypto.FILETYPE_PEM, new_certr.body),
+            old_version, new_certr.body.dump(OpenSSL.crypto.FILETYPE_PEM),
             new_key.pem, crypto_util.dump_pyopenssl_chain(new_chain))
         # TODO: Notify results
     else:
diff --git a/letsencrypt/tests/cli_test.py b/letsencrypt/tests/cli_test.py
index ccf16f5b5..39c09dede 100644
--- a/letsencrypt/tests/cli_test.py
+++ b/letsencrypt/tests/cli_test.py
@@ -417,11 +417,11 @@ class CLITest(unittest.TestCase):  # pylint: disable=too-many-public-methods
         chain_path = '/etc/letsencrypt/live/foo.bar/fullchain.pem'
 
         mock_lineage = mock.MagicMock(cert=cert_path, fullchain=chain_path)
-        mock_cert = mock.MagicMock(body='body')
+        mock_certr = mock.MagicMock()
         mock_key = mock.MagicMock(pem='pem_key')
         mock_renewal.return_value = ("renew", mock_lineage)
         mock_client = mock.MagicMock()
-        mock_client.obtain_certificate.return_value = (mock_cert, 'chain',
+        mock_client.obtain_certificate.return_value = (mock_certr, 'chain',
                                                        mock_key, 'csr')
         mock_init.return_value = mock_client
         with mock.patch('letsencrypt.cli.OpenSSL'):