From f65fcad7270637085f0687763a20331581d91aad Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Mon, 13 Jan 2025 15:34:04 -0800
Subject: [PATCH 1/2] Convert CSR to string

---
 lemur/plugins/lemur_acme/challenge_types.py | 14 +++++++-------
 lemur/plugins/lemur_acme/plugin.py          | 13 ++++++++-----
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/lemur/plugins/lemur_acme/challenge_types.py b/lemur/plugins/lemur_acme/challenge_types.py
index 0c7e0c9c85..a71510707b 100644
--- a/lemur/plugins/lemur_acme/challenge_types.py
+++ b/lemur/plugins/lemur_acme/challenge_types.py
@@ -7,26 +7,26 @@
 
 .. moduleauthor:: Mathias Petermann <mathias.petermann@projektfokus.ch>
 """
-from datetime import datetime, timedelta
 import json
+from datetime import datetime, timedelta
 
 from acme import challenges
 from acme.errors import WildcardUnsupportedError
 from acme.messages import errors, STATUS_VALID, ERROR_CODES
 from botocore.exceptions import ClientError
 from flask import current_app
+from retrying import retry
 from sentry_sdk import capture_exception
 
 from lemur.authorizations import service as authorization_service
-from lemur.constants import ACME_ADDITIONAL_ATTEMPTS
 from lemur.common.utils import drop_last_cert_from_chain
+from lemur.constants import ACME_ADDITIONAL_ATTEMPTS
+from lemur.destinations import service as destination_service
 from lemur.exceptions import LemurException, InvalidConfiguration
 from lemur.extensions import metrics
 from lemur.plugins.base import plugins
-from lemur.destinations import service as destination_service
 from lemur.plugins.lemur_acme.acme_handlers import AcmeHandler, AcmeDnsHandler
-
-from retrying import retry
+from lemur.plugins.lemur_acme.plugin import csr_to_string
 
 
 class AcmeChallengeMissmatchError(LemurException):
@@ -86,7 +86,7 @@ def create_certificate(self, csr, issuer_options):
         authority = issuer_options.get("authority")
         acme_client, registration = self.acme.setup_acme_client(authority)
 
-        orderr = acme_client.new_order(csr)
+        orderr = acme_client.new_order(csr_to_string(csr))
 
         chall = []
         deployed_challenges = []
@@ -266,7 +266,7 @@ def create_certificate(self, csr, issuer_options):
     @retry(stop_max_attempt_number=ACME_ADDITIONAL_ATTEMPTS, wait_fixed=5000)
     def create_certificate_immediately(self, acme_client, order_info, csr):
         try:
-            order = acme_client.new_order(csr)
+            order = acme_client.new_order(csr_to_string(csr))
         except WildcardUnsupportedError:
             metrics.send("create_certificte_immediately_wildcard_unsupported", "counter", 1)
             raise Exception(
diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py
index 2b78b19b86..8f60f2a572 100644
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@@ -130,7 +130,7 @@ def get_ordered_certificate(self, pending_cert):
                 self.acme.autodetect_dns_providers(domain)
 
         try:
-            order = acme_client.new_order(pending_cert.csr)
+            order = acme_client.new_order(csr_to_string(pending_cert.csr))
         except WildcardUnsupportedError:
             metrics.send("get_ordered_certificate_wildcard_unsupported", "counter", 1)
             raise Exception(
@@ -191,10 +191,7 @@ def get_ordered_certificates(self, pending_certs):
                         self.acme.autodetect_dns_providers(domain)
 
                 try:
-                    csr = pending_cert.csr
-                    if isinstance(csr, str):
-                        csr = csr.encode("ascii")
-                    order = acme_client.new_order(csr)
+                    order = acme_client.new_order(csr_to_string(pending_cert.csr))
                 except WildcardUnsupportedError:
                     capture_exception()
                     metrics.send(
@@ -469,3 +466,9 @@ def revoke_certificate(self, certificate, reason):
             crl_reason = CRLReason[reason["crl_reason"]]
 
         return self.acme.revoke_certificate(certificate, crl_reason.value)
+
+
+def csr_to_string(csr):
+    if isinstance(csr, str):
+        return csr.encode("ascii")
+    return csr

From 1ff3e716a45b7a958250700e345e50535657f3b8 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Mon, 13 Jan 2025 16:08:25 -0800
Subject: [PATCH 2/2] Fix build error

---
 lemur/common/utils.py                       | 12 +++++++++---
 lemur/plugins/lemur_acme/challenge_types.py |  3 +--
 lemur/plugins/lemur_acme/plugin.py          |  8 +-------
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/lemur/common/utils.py b/lemur/common/utils.py
index 5be7ccea18..b75dc817d4 100644
--- a/lemur/common/utils.py
+++ b/lemur/common/utils.py
@@ -15,8 +15,10 @@
 import string
 
 import OpenSSL
+import josepy as jose
 import pem
 import sqlalchemy
+from certbot.crypto_util import CERT_PEM_REGEX
 from cryptography import x509
 from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm
 from cryptography.hazmat.backends import default_backend
@@ -25,13 +27,11 @@
 from cryptography.hazmat.primitives.serialization import load_pem_private_key, Encoding, pkcs7
 from flask_restful.reqparse import RequestParser
 from sqlalchemy import and_, func
-import josepy as jose
+from sqlalchemy.dialects.postgresql import TEXT
 
-from certbot.crypto_util import CERT_PEM_REGEX
 from lemur.constants import CERTIFICATE_KEY_TYPES
 from lemur.exceptions import InvalidConfiguration
 from lemur.utils import Vault
-from sqlalchemy.dialects.postgresql import TEXT
 
 paginated_parser = RequestParser()
 
@@ -525,3 +525,9 @@ def drop_last_cert_from_chain(full_chain: str) -> str:
         ),
     ).decode()
     return pem_certificate
+
+
+def csr_to_string(csr):
+    if isinstance(csr, str):
+        return csr.encode("ascii")
+    return csr
diff --git a/lemur/plugins/lemur_acme/challenge_types.py b/lemur/plugins/lemur_acme/challenge_types.py
index a71510707b..ee34f7522c 100644
--- a/lemur/plugins/lemur_acme/challenge_types.py
+++ b/lemur/plugins/lemur_acme/challenge_types.py
@@ -19,14 +19,13 @@
 from sentry_sdk import capture_exception
 
 from lemur.authorizations import service as authorization_service
-from lemur.common.utils import drop_last_cert_from_chain
+from lemur.common.utils import drop_last_cert_from_chain, csr_to_string
 from lemur.constants import ACME_ADDITIONAL_ATTEMPTS
 from lemur.destinations import service as destination_service
 from lemur.exceptions import LemurException, InvalidConfiguration
 from lemur.extensions import metrics
 from lemur.plugins.base import plugins
 from lemur.plugins.lemur_acme.acme_handlers import AcmeHandler, AcmeDnsHandler
-from lemur.plugins.lemur_acme.plugin import csr_to_string
 
 
 class AcmeChallengeMissmatchError(LemurException):
diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py
index 8f60f2a572..c6d16c86a8 100644
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@@ -19,7 +19,7 @@
 from sentry_sdk import capture_exception
 
 from lemur.authorizations import service as authorization_service
-from lemur.common.utils import check_validation, drop_last_cert_from_chain
+from lemur.common.utils import check_validation, drop_last_cert_from_chain, csr_to_string
 from lemur.constants import CRLReason, EMAIL_RE
 from lemur.dns_providers import service as dns_provider_service
 from lemur.exceptions import InvalidConfiguration
@@ -466,9 +466,3 @@ def revoke_certificate(self, certificate, reason):
             crl_reason = CRLReason[reason["crl_reason"]]
 
         return self.acme.revoke_certificate(certificate, crl_reason.value)
-
-
-def csr_to_string(csr):
-    if isinstance(csr, str):
-        return csr.encode("ascii")
-    return csr