From c169ad291e8605676f3e68cf63e912838c1f650b Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 27 Aug 2020 13:29:56 -0700
Subject: [PATCH] adding the correct signing algorithm, and a missing key Type

---
 lemur/authorities/schemas.py                  |  5 ++--
 .../authorities/authority/options.tpl.html    |  4 ++--
 lemur/tests/test_authorities.py               | 23 +++++++++++++++++++
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index c78aec94..9f9d4686 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -56,11 +56,12 @@ class AuthorityInputSchema(LemurInputSchema):
     type = fields.String(validate=validate.OneOf(["root", "subca"]), missing="root")
     parent = fields.Nested(AssociatedAuthoritySchema)
     signing_algorithm = fields.String(
-        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA"]),
+        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA",
+                                 "sha256WithECDSA", "SHA384withECDSA", "SHA512withECDSA"]),
         missing="sha256WithRSA",
     )
     key_type = fields.String(
-        validate=validate.OneOf(["RSA2048", "RSA4096"]), missing="RSA2048"
+        validate=validate.OneOf(["RSA2048", "RSA4096", "EC256"]), missing="RSA2048"
     )
     key_name = fields.String()
     sensitivity = fields.String(
diff --git a/lemur/static/app/angular/authorities/authority/options.tpl.html b/lemur/static/app/angular/authorities/authority/options.tpl.html
index dbc4f40a..7ba858a7 100644
--- a/lemur/static/app/angular/authorities/authority/options.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/options.tpl.html
@@ -4,7 +4,7 @@
       Signing Algorithm
     </label>
     <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
+      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA', 'sha256WithECDSA', 'SHA384withECDSA', 'SHA512withECDSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
     </div>
   </div>
   <div class="form-group">
@@ -20,7 +20,7 @@
       Key Type
     </label>
     <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.keyType" ng-options="option for option in ['RSA2048', 'RSA4096', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1', 'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
+      <select class="form-control" ng-model="authority.keyType" ng-options="option for option in ['RSA2048', 'RSA4096', 'EC256', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1', 'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
       'ECCSECT163K1', 'ECCSECT233K1', 'ECCSECT283K1', 'ECCSECT409K1', 'ECCSECT571K1', 'ECCSECT163R2', 'ECCSECT233R1', 'ECCSECT283R1', 'ECCSECT409R1', 'ECCSECT571R2']" ng-init="authority.keyType = 'RSA2048'"></select>
     </div>
   </div>
diff --git a/lemur/tests/test_authorities.py b/lemur/tests/test_authorities.py
index 9649e949..6090d0b6 100644
--- a/lemur/tests/test_authorities.py
+++ b/lemur/tests/test_authorities.py
@@ -34,6 +34,29 @@ def test_authority_input_schema(client, role, issuer_plugin, logged_in_user):
     assert not errors
 
 
+def test_authority_input_schema_ecc(client, role, issuer_plugin, logged_in_user):
+    from lemur.authorities.schemas import AuthorityInputSchema
+
+    input_data = {
+        "name": "Example Authority",
+        "owner": "jim@example.com",
+        "description": "An example authority.",
+        "commonName": "An Example Authority",
+        "plugin": {
+            "slug": "test-issuer",
+            "plugin_options": [{"name": "test", "value": "blah"}],
+        },
+        "type": "root",
+        "signingAlgorithm": "sha256WithECDSA",
+        "keyType": "EC256",
+        "sensitivity": "medium",
+    }
+
+    data, errors = AuthorityInputSchema().load(input_data)
+
+    assert not errors
+
+
 def test_user_authority(session, client, authority, role, user, issuer_plugin):
     u = user["user"]
     u.roles.append(role)