Merge pull request #3416 from charhate/membership
ECCPRIME256V1 as default for cert create API
This commit is contained in:
commit
7582eaeaf3
|
@ -89,7 +89,7 @@ class CertificateInputSchema(CertificateCreationSchema):
|
||||||
csr = fields.String(allow_none=True, validate=validators.csr)
|
csr = fields.String(allow_none=True, validate=validators.csr)
|
||||||
|
|
||||||
key_type = fields.String(
|
key_type = fields.String(
|
||||||
validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="RSA2048"
|
validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="ECCPRIME256V1"
|
||||||
)
|
)
|
||||||
|
|
||||||
notify = fields.Boolean(default=True)
|
notify = fields.Boolean(default=True)
|
||||||
|
@ -160,7 +160,7 @@ class CertificateInputSchema(CertificateCreationSchema):
|
||||||
if data.get("body"):
|
if data.get("body"):
|
||||||
data["key_type"] = utils.get_key_type_from_certificate(data["body"])
|
data["key_type"] = utils.get_key_type_from_certificate(data["body"])
|
||||||
else:
|
else:
|
||||||
data["key_type"] = "RSA2048" # default value
|
data["key_type"] = "ECCPRIME256V1" # default value
|
||||||
|
|
||||||
return missing.convert_validity_years(data)
|
return missing.convert_validity_years(data)
|
||||||
|
|
||||||
|
|
|
@ -325,6 +325,7 @@ def test_certificate_input_schema(client, authority):
|
||||||
# make sure the defaults got set
|
# make sure the defaults got set
|
||||||
assert data["common_name"] == "test.example.com"
|
assert data["common_name"] == "test.example.com"
|
||||||
assert data["country"] == "US"
|
assert data["country"] == "US"
|
||||||
|
assert data["key_type"] == "ECCPRIME256V1"
|
||||||
|
|
||||||
assert len(data.keys()) == 19
|
assert len(data.keys()) == 19
|
||||||
|
|
||||||
|
@ -349,10 +350,12 @@ def test_certificate_input_with_extensions(client, authority):
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"dnsProvider": None,
|
"dnsProvider": None,
|
||||||
|
"keyType": "RSA2048"
|
||||||
}
|
}
|
||||||
|
|
||||||
data, errors = CertificateInputSchema().load(input_data)
|
data, errors = CertificateInputSchema().load(input_data)
|
||||||
assert not errors
|
assert not errors
|
||||||
|
assert data["key_type"] == "RSA2048"
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_input_schema_parse_csr(authority):
|
def test_certificate_input_schema_parse_csr(authority):
|
||||||
|
@ -387,9 +390,11 @@ def test_certificate_input_schema_parse_csr(authority):
|
||||||
|
|
||||||
data, errors = CertificateInputSchema().load(input_data)
|
data, errors = CertificateInputSchema().load(input_data)
|
||||||
|
|
||||||
|
assert not errors
|
||||||
for san in data["extensions"]["sub_alt_names"]["names"]:
|
for san in data["extensions"]["sub_alt_names"]["names"]:
|
||||||
assert san.value == test_san_dns
|
assert san.value == test_san_dns
|
||||||
assert not errors
|
|
||||||
|
assert data["key_type"] == "RSA2048"
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_out_of_range_date(client, authority):
|
def test_certificate_out_of_range_date(client, authority):
|
||||||
|
|
Loading…
Reference in New Issue