From 3fd0e7a3261ece6466eb8e2b2e3d496e7f97d523 Mon Sep 17 00:00:00 2001
From: Frode Nordahl <frode.nordahl@canonical.com>
Date: Tue, 27 Nov 2018 07:59:54 +0100
Subject: [PATCH] cert: Fix encoding of password

---
 unit_tests/utilities/test_zaza_utilities_cert.py | 5 +++--
 zaza/utilities/cert.py                           | 5 ++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/unit_tests/utilities/test_zaza_utilities_cert.py b/unit_tests/utilities/test_zaza_utilities_cert.py
index 9043bc7..d9e8566 100644
--- a/unit_tests/utilities/test_zaza_utilities_cert.py
+++ b/unit_tests/utilities/test_zaza_utilities_cert.py
@@ -100,7 +100,8 @@ class TestUtilitiesCert(ut_utils.BaseTestCase):
         self.patch_object(cert, 'rsa')
         self.patch_object(cert, 'cryptography')
         cert.generate_cert('unit_test.ci.local', password='secret')
-        self.serialization.BestAvailableEncryption.assert_called_with('secret')
+        self.serialization.BestAvailableEncryption.assert_called_with(
+            b'secret')
         self.cryptography.x509.NameAttribute.assert_called_with(
             self.cryptography.x509.oid.NameOID.COMMON_NAME,
             'unit_test.ci.local',
@@ -163,7 +164,7 @@ class TestUtilitiesCert(ut_utils.BaseTestCase):
         self.assertTrue(self.serialization.NoEncryption.called)
         self.serialization.load_pem_private_key.assert_called_with(
             'signing_key',
-            password='signing_key_password',
+            password=b'signing_key_password',
             backend=self.cryptography.hazmat.backends.default_backend(),
         )
         self.cryptography.x509.NameAttribute.assert_called_with(
diff --git a/zaza/utilities/cert.py b/zaza/utilities/cert.py
index 3edf689..abccbaa 100644
--- a/zaza/utilities/cert.py
+++ b/zaza/utilities/cert.py
@@ -58,11 +58,14 @@ def generate_cert(common_name,
     :rtype: cryptography.x509.Certificate
     """
     if password is not None:
-        encryption_algorithm = serialization.BestAvailableEncryption(password)
+        encryption_algorithm = serialization.BestAvailableEncryption(
+            password.encode('utf-8'))
     else:
         encryption_algorithm = serialization.NoEncryption()
 
     if signing_key:
+        if signing_key_password:
+            signing_key_password = signing_key_password.encode('utf-8')
         _signing_key = serialization.load_pem_private_key(
             signing_key,
             password=signing_key_password,