From 51e90f6fb240d0f279da1f726aa96c0c0ccb02a0 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Wed, 10 Feb 2021 20:05:08 -0800
Subject: [PATCH] ECCPRIME256V1 as default for cert create API

---
 lemur/certificates/schemas.py    | 4 ++--
 lemur/tests/test_certificates.py | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index 691e554d..1f99139a 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -89,7 +89,7 @@ class CertificateInputSchema(CertificateCreationSchema):
     csr = fields.String(allow_none=True, validate=validators.csr)
 
     key_type = fields.String(
-        validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="RSA2048"
+        validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="ECCPRIME256V1"
     )
 
     notify = fields.Boolean(default=True)
@@ -160,7 +160,7 @@ class CertificateInputSchema(CertificateCreationSchema):
             if data.get("body"):
                 data["key_type"] = utils.get_key_type_from_certificate(data["body"])
             else:
-                data["key_type"] = "RSA2048"  # default value
+                data["key_type"] = "ECCPRIME256V1"  # default value
 
         return missing.convert_validity_years(data)
 
diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index c33743d0..962c40b4 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -325,6 +325,7 @@ def test_certificate_input_schema(client, authority):
     # make sure the defaults got set
     assert data["common_name"] == "test.example.com"
     assert data["country"] == "US"
+    assert data["key_type"] == "ECCPRIME256V1"
 
     assert len(data.keys()) == 19
 
@@ -349,10 +350,12 @@ def test_certificate_input_with_extensions(client, authority):
             },
         },
         "dnsProvider": None,
+        "keyType": "RSA2048"
     }
 
     data, errors = CertificateInputSchema().load(input_data)
     assert not errors
+    assert data["key_type"] == "RSA2048"
 
 
 def test_certificate_input_schema_parse_csr(authority):
@@ -387,9 +390,11 @@ def test_certificate_input_schema_parse_csr(authority):
 
     data, errors = CertificateInputSchema().load(input_data)
 
+    assert not errors
     for san in data["extensions"]["sub_alt_names"]["names"]:
         assert san.value == test_san_dns
-    assert not errors
+
+    assert data["key_type"] == "RSA2048"
 
 
 def test_certificate_out_of_range_date(client, authority):