Merge pull request #3107 from hosseinsh/ecc-support-for-authority-minting

adding the correct signing algorithm, and a missing key Type
2020-09-02 10:11:20 -07:00 · 2020-09-02 10:11:20 -07:00 · 7cad569114
parent 9ded7b8571 6fd27c3372
commit 7cad569114
3 changed files with 28 additions and 3 deletions
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@ -23,6 +23,7 @@ from lemur.common.schema import LemurInputSchema, LemurOutputSchema
 from lemur.common import validators, missing

 from lemur.common.fields import ArrowDateTime
+from lemur.constants import CERTIFICATE_KEY_TYPES


 class AuthorityInputSchema(LemurInputSchema):
@ -56,11 +57,12 @@ class AuthorityInputSchema(LemurInputSchema):
    type = fields.String(validate=validate.OneOf(["root", "subca"]), missing="root")
    parent = fields.Nested(AssociatedAuthoritySchema)
    signing_algorithm = fields.String(
-        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA"]),
+        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA",
+                                 "sha256WithECDSA", "SHA384withECDSA", "SHA512withECDSA"]),
        missing="sha256WithRSA",
    )
    key_type = fields.String(
-        validate=validate.OneOf(["RSA2048", "RSA4096"]), missing="RSA2048"
+        validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="RSA2048"
    )
    key_name = fields.String()
    sensitivity = fields.String(
--- a/lemur/static/app/angular/authorities/authority/options.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/options.tpl.html
@ -4,7 +4,7 @@
      Signing Algorithm
    </label>
    <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
+      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA', 'sha256WithECDSA', 'SHA384withECDSA', 'SHA512withECDSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
    </div>
  </div>
  <div class="form-group">
--- a/lemur/tests/test_authorities.py
+++ b/lemur/tests/test_authorities.py
@ -34,6 +34,29 @@ def test_authority_input_schema(client, role, issuer_plugin, logged_in_user):
    assert not errors


+def test_authority_input_schema_ecc(client, role, issuer_plugin, logged_in_user):
+    from lemur.authorities.schemas import AuthorityInputSchema
+
+    input_data = {
+        "name": "Example Authority",
+        "owner": "jim@example.com",
+        "description": "An example authority.",
+        "commonName": "An Example Authority",
+        "plugin": {
+            "slug": "test-issuer",
+            "plugin_options": [{"name": "test", "value": "blah"}],
+        },
+        "type": "root",
+        "signingAlgorithm": "sha256WithECDSA",
+        "keyType": "ECCPRIME256V1",
+        "sensitivity": "medium",
+    }
+
+    data, errors = AuthorityInputSchema().load(input_data)
+
+    assert not errors
+
+
 def test_user_authority(session, client, authority, role, user, issuer_plugin):
    u = user["user"]
    u.roles.append(role)