From 1aa150c3475d8839a064418b7af6debb9db3ce2c Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Wed, 10 Jul 2024 14:46:55 -0400
Subject: [PATCH] Add ability to identify ed448 complete chains.

---
 ...bility_to_identify_ed25519_complete_chains.yml |  2 ++
 plugins/modules/certificate_complete_chain.py     | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)
 create mode 100644 changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml

diff --git a/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
new file mode 100644
index 000000000..99b3e537c
--- /dev/null
+++ b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - complete_chain - add ability to identify ed25519 and ed448 complete chains.
diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
index fef24e841..2a09daaf4 100644
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -141,6 +141,9 @@
 from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
     split_pem_list,
 )
+from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
+    CRYPTOGRAPHY_HAS_ED448_SIGN, CRYPTOGRAPHY_HAS_ED25519_SIGN)
+
 
 CRYPTOGRAPHY_IMP_ERR = None
 try:
@@ -150,6 +153,7 @@
     import cryptography.hazmat.primitives.serialization
     import cryptography.hazmat.primitives.asymmetric.rsa
     import cryptography.hazmat.primitives.asymmetric.ec
+    import cryptography.hazmat.primitives.asymmetric.ed448
     import cryptography.hazmat.primitives.asymmetric.ed25519
     import cryptography.hazmat.primitives.asymmetric.padding
     import cryptography.hazmat.primitives.hashes
@@ -197,11 +201,12 @@ def is_parent(module, cert, potential_parent):
                 cert.cert.tbs_certificate_bytes,
                 cryptography.hazmat.primitives.asymmetric.ec.ECDSA(cert.cert.signature_hash_algorithm),
             )
-        elif isinstance(public_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey):
-            public_key.verify(
-                cert.cert.signature,
-                cert.cert.tbs_certificate_bytes
-            )
+        elif CRYPTOGRAPHY_HAS_ED25519_SIGN and isinstance(
+                public_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey):
+            public_key.verify(cert.cert.signature, cert.cert.tbs_certificate_bytes)
+        elif CRYPTOGRAPHY_HAS_ED448_SIGN and isinstance(
+                public_key, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey):
+            public_key.verify(cert.cert.signature, cert.cert.tbs_certificate_bytes)
         else:
             # Unknown public key type
             module.warn('Unknown public key type "{0}"'.format(public_key))