Updated test structure

Author: kimbeelen

openleadr/messaging.py

@@ -80,17 +80,19 @@ def load_private_key(key_data, passphrase=None):
 
 def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_algorithm="rsa-sha256"):
     """
-    Derive a signature algorithm based on the private key type. Accepted key types are EC, DSA and RSA keys.
-    Returns a string that can be used to lookup a signature algorithm by fragment. 
-    By default the lookup will return rsa-sha256, which is the default signature algorithm for XMLSigner objects.
+    Derive a signature algorithm based on the private key type. Returns a string that can be used to lookup 
+    a signature algorithm by fragment. Algorithms are chosen based on NIST recommendations. 
+
+    SignXML supports only RSA-, DSA- and EC-based signature methods. As XMLSigner uses RSA_SHA256 as default
+    signature algorithm, a fragment that results in this algorithm is returned for unsupported keys.   
     """
     key = load_private_key(key_data, passphrase)
     if isinstance(key, rsa.RSAPrivateKey):
         return "rsa-sha256"
     elif isinstance(key, dsa.DSAPrivateKey):
         return "dsa-sha256"
     elif isinstance(key, ec.EllipticCurvePrivateKey):
-        return "ecdsa-sha3-256"
+        return "ecdsa-sha-256"
     elif isinstance(key, ed25519.Ed25519PrivateKey):
         logger.warning("ED25519 keys are not supported")
     elif isinstance(key, ed448.Ed448PrivateKey):

test/test_signature_algorithms.py

@@ -1,21 +1,40 @@
 import pytest
+import warnings
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec, ed25519, ed448
 from openleadr.messaging import get_signature_algorithm_from_private_key
 
 
-@pytest.mark.parametrize("key, expected_alg", [
-    (rsa.generate_private_key(public_exponent=65537, key_size=2048), "rsa-sha256"),
-    (dsa.generate_private_key(key_size=2048), "dsa-sha256"),
-    (ec.generate_private_key(ec.SECP256R1()), "ecdsa-sha3-256"),
-    (ed25519.Ed25519PrivateKey.generate(), "rsa-sha256"),
-    (ed448.Ed448PrivateKey.generate(), "rsa-sha256"),
+def fxn():
+    warnings.warn("deprecated", DeprecationWarning)
+
+with warnings.catch_warnings(action="ignore"):
+    fxn()
+
+
+test_keys = {
+    "rsa": rsa.generate_private_key(public_exponent=65537, key_size=2048),
+    "dsa": dsa.generate_private_key(key_size=2048),
+    "ec": ec.generate_private_key(ec.SECP256R1()),
+    "ed25519": ed25519.Ed25519PrivateKey.generate(),
+    "ed448": ed448.Ed448PrivateKey.generate()
+}
+
+
+@pytest.mark.parametrize("key_type, expected_alg", [
+    ("rsa", "rsa-sha256"),
+    ("dsa", "dsa-sha256"),
+    ("ec", "ecdsa-sha-256"),
+    ("ed25519", "rsa-sha256"),
+    ("ed448", "rsa-sha256"),
 ])
-def test_key_type_sign_alg_match(key, expected_alg):
+def test_key_type_sign_alg_match(key_type, expected_alg):
+    test_key = test_keys[key_type]
     key_encoding = serialization.Encoding.PEM
     key_format = serialization.PrivateFormat.PKCS8
     key_encryption_alg = serialization.NoEncryption()
-    key_bytes = key.private_bytes(key_encoding, key_format, key_encryption_alg)
+    key_bytes = test_key.private_bytes(key_encoding, key_format, key_encryption_alg)
+
     detected_alg = get_signature_algorithm_from_private_key(key_bytes)
 
-    assert detected_alg == expected_alg, f"Expected {expected_alg} but got {detected_alg}"
+    assert detected_alg == expected_alg