ECCPRIME256V1 as default for cert create API

This commit is contained in:
sayali 2021-02-10 20:05:08 -08:00
parent b3f6df6709
commit 51e90f6fb2
2 changed files with 8 additions and 3 deletions

View File

@ -89,7 +89,7 @@ class CertificateInputSchema(CertificateCreationSchema):
csr = fields.String(allow_none=True, validate=validators.csr) csr = fields.String(allow_none=True, validate=validators.csr)
key_type = fields.String( key_type = fields.String(
validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="RSA2048" validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="ECCPRIME256V1"
) )
notify = fields.Boolean(default=True) notify = fields.Boolean(default=True)
@ -160,7 +160,7 @@ class CertificateInputSchema(CertificateCreationSchema):
if data.get("body"): if data.get("body"):
data["key_type"] = utils.get_key_type_from_certificate(data["body"]) data["key_type"] = utils.get_key_type_from_certificate(data["body"])
else: else:
data["key_type"] = "RSA2048" # default value data["key_type"] = "ECCPRIME256V1" # default value
return missing.convert_validity_years(data) return missing.convert_validity_years(data)

View File

@ -325,6 +325,7 @@ def test_certificate_input_schema(client, authority):
# make sure the defaults got set # make sure the defaults got set
assert data["common_name"] == "test.example.com" assert data["common_name"] == "test.example.com"
assert data["country"] == "US" assert data["country"] == "US"
assert data["key_type"] == "ECCPRIME256V1"
assert len(data.keys()) == 19 assert len(data.keys()) == 19
@ -349,10 +350,12 @@ def test_certificate_input_with_extensions(client, authority):
}, },
}, },
"dnsProvider": None, "dnsProvider": None,
"keyType": "RSA2048"
} }
data, errors = CertificateInputSchema().load(input_data) data, errors = CertificateInputSchema().load(input_data)
assert not errors assert not errors
assert data["key_type"] == "RSA2048"
def test_certificate_input_schema_parse_csr(authority): def test_certificate_input_schema_parse_csr(authority):
@ -387,9 +390,11 @@ def test_certificate_input_schema_parse_csr(authority):
data, errors = CertificateInputSchema().load(input_data) data, errors = CertificateInputSchema().load(input_data)
assert not errors
for san in data["extensions"]["sub_alt_names"]["names"]: for san in data["extensions"]["sub_alt_names"]["names"]:
assert san.value == test_san_dns assert san.value == test_san_dns
assert not errors
assert data["key_type"] == "RSA2048"
def test_certificate_out_of_range_date(client, authority): def test_certificate_out_of_range_date(client, authority):