[feature] Updated code to handle ECDSA signature algorithm openwisp#118

Fixes openwisp#118

django_x509/base/models.py

@@ -32,6 +32,7 @@
     ('sha256', 'SHA256'),
     ('sha384', 'SHA384'),
     ('sha512', 'SHA512'),
+    ('ecdsa-with-sha384', 'ECDSA with SHA384'),
 )
 
 SIGNATURE_MAPPING = {
@@ -40,6 +41,7 @@
     'sha256WithRSAEncryption': 'sha256',
     'sha384WithRSAEncryption': 'sha384',
     'sha512WithRSAEncryption': 'sha512',
+    'ecdsa-with-SHA384': 'sha384',
 }
 
 
@@ -121,7 +123,7 @@ class BaseX509(models.Model):
         help_text=_('bits'),
         choices=DIGEST_CHOICES,
         default=default_digest_algorithm,
-        max_length=8,
+        max_length=20,
     )
     validity_start = models.DateTimeField(
         blank=True, null=True, default=default_validity_start

django_x509/migrations/0010_alter_ca_digest_alter_cert_digest.py

@@ -0,0 +1,50 @@
+# Generated by Django 4.2.13 on 2024-05-16 15:22
+
+from django.db import migrations, models
+import django_x509.base.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("django_x509", "0009_alter_ca_digest_alter_ca_key_length_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="ca",
+            name="digest",
+            field=models.CharField(
+                choices=[
+                    ("sha1", "SHA1"),
+                    ("sha224", "SHA224"),
+                    ("sha256", "SHA256"),
+                    ("sha384", "SHA384"),
+                    ("sha512", "SHA512"),
+                    ("ecdsa-with-sha384", "ECDSA with SHA384"),
+                ],
+                default=django_x509.base.models.default_digest_algorithm,
+                help_text="bits",
+                max_length=20,
+                verbose_name="digest algorithm",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="cert",
+            name="digest",
+            field=models.CharField(
+                choices=[
+                    ("sha1", "SHA1"),
+                    ("sha224", "SHA224"),
+                    ("sha256", "SHA256"),
+                    ("sha384", "SHA384"),
+                    ("sha512", "SHA512"),
+                    ("ecdsa-with-sha384", "ECDSA with SHA384"),
+                ],
+                default=django_x509.base.models.default_digest_algorithm,
+                help_text="bits",
+                max_length=20,
+                verbose_name="digest algorithm",
+            ),
+        ),
+    ]

django_x509/tests/test_ca.py

@@ -1,4 +1,5 @@
 from datetime import datetime, timedelta
+from unittest.mock import MagicMock, patch
 
 from django.core.exceptions import ValidationError
 from django.test import TestCase
@@ -680,3 +681,19 @@ def test_ca_without_key_length_and_digest_algo(self):
             self.fail(f'Got exception: {e}')
         else:
             self.fail('ValidationError not raised as expected')
+
+    def test_import_with_ecdsa_signature_algorithm(self):
+        cert_mock = MagicMock()
+        cert_mock.get_signature_algorithm.return_value = b'ecdsa-with-SHA384'
+        cert_mock.get_pubkey.return_value.bits.return_value = '384'
+        cert_mock.get_notBefore.return_value.decode.return_value = '20240101000000Z'
+
+        with patch(
+            'django_x509.base.models.crypto.load_certificate', return_value=cert_mock
+        ):
+            ca = TestCa()._create_ca()
+
+            try:
+                ca.full_clean()
+            except ValueError as ve:
+                self.fail(f"Unexpected ValueError: {ve}")

tests/openwisp2/sample_x509/migrations/0003_alter_ca_digest_alter_cert_digest_and_more.py

@@ -0,0 +1,68 @@
+# Generated by Django 4.2.13 on 2024-05-16 15:32
+
+from django.db import migrations, models
+import django_x509.base.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("sample_x509", "0002_common_name_max_length"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="ca",
+            name="digest",
+            field=models.CharField(
+                choices=[
+                    ("sha1", "SHA1"),
+                    ("sha224", "SHA224"),
+                    ("sha256", "SHA256"),
+                    ("sha384", "SHA384"),
+                    ("sha512", "SHA512"),
+                    ("ecdsa-with-sha384", "ECDSA with SHA384"),
+                ],
+                default=django_x509.base.models.default_digest_algorithm,
+                help_text="bits",
+                max_length=20,
+                verbose_name="digest algorithm",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="cert",
+            name="digest",
+            field=models.CharField(
+                choices=[
+                    ("sha1", "SHA1"),
+                    ("sha224", "SHA224"),
+                    ("sha256", "SHA256"),
+                    ("sha384", "SHA384"),
+                    ("sha512", "SHA512"),
+                    ("ecdsa-with-sha384", "ECDSA with SHA384"),
+                ],
+                default=django_x509.base.models.default_digest_algorithm,
+                help_text="bits",
+                max_length=20,
+                verbose_name="digest algorithm",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="customcert",
+            name="digest",
+            field=models.CharField(
+                choices=[
+                    ("sha1", "SHA1"),
+                    ("sha224", "SHA224"),
+                    ("sha256", "SHA256"),
+                    ("sha384", "SHA384"),
+                    ("sha512", "SHA512"),
+                    ("ecdsa-with-sha384", "ECDSA with SHA384"),
+                ],
+                default=django_x509.base.models.default_digest_algorithm,
+                help_text="bits",
+                max_length=20,
+                verbose_name="digest algorithm",
+            ),
+        ),
+    ]