From c03fff08e9bab6121ed73dca73a98d10d2f9b7f4 Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Mon, 8 Jul 2024 11:11:49 -0400
Subject: [PATCH 1/6] Add ability to identify ed25519 complete chains.

---
 plugins/modules/certificate_complete_chain.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
index 357d2f668..fef24e841 100644
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -150,6 +150,7 @@
     import cryptography.hazmat.primitives.serialization
     import cryptography.hazmat.primitives.asymmetric.rsa
     import cryptography.hazmat.primitives.asymmetric.ec
+    import cryptography.hazmat.primitives.asymmetric.ed25519
     import cryptography.hazmat.primitives.asymmetric.padding
     import cryptography.hazmat.primitives.hashes
     import cryptography.hazmat.primitives.asymmetric.utils
@@ -196,6 +197,11 @@ def is_parent(module, cert, potential_parent):
                 cert.cert.tbs_certificate_bytes,
                 cryptography.hazmat.primitives.asymmetric.ec.ECDSA(cert.cert.signature_hash_algorithm),
             )
+        elif isinstance(public_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey):
+            public_key.verify(
+                cert.cert.signature,
+                cert.cert.tbs_certificate_bytes
+            )
         else:
             # Unknown public key type
             module.warn('Unknown public key type "{0}"'.format(public_key))

From 1aa150c3475d8839a064418b7af6debb9db3ce2c Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Wed, 10 Jul 2024 14:46:55 -0400
Subject: [PATCH 2/6] Add ability to identify ed448 complete chains.

---
 ...bility_to_identify_ed25519_complete_chains.yml |  2 ++
 plugins/modules/certificate_complete_chain.py     | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)
 create mode 100644 changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml

diff --git a/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
new file mode 100644
index 000000000..99b3e537c
--- /dev/null
+++ b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - complete_chain - add ability to identify ed25519 and ed448 complete chains.
diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
index fef24e841..2a09daaf4 100644
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -141,6 +141,9 @@
 from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
     split_pem_list,
 )
+from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
+    CRYPTOGRAPHY_HAS_ED448_SIGN, CRYPTOGRAPHY_HAS_ED25519_SIGN)
+
 
 CRYPTOGRAPHY_IMP_ERR = None
 try:
@@ -150,6 +153,7 @@
     import cryptography.hazmat.primitives.serialization
     import cryptography.hazmat.primitives.asymmetric.rsa
     import cryptography.hazmat.primitives.asymmetric.ec
+    import cryptography.hazmat.primitives.asymmetric.ed448
     import cryptography.hazmat.primitives.asymmetric.ed25519
     import cryptography.hazmat.primitives.asymmetric.padding
     import cryptography.hazmat.primitives.hashes
@@ -197,11 +201,12 @@ def is_parent(module, cert, potential_parent):
                 cert.cert.tbs_certificate_bytes,
                 cryptography.hazmat.primitives.asymmetric.ec.ECDSA(cert.cert.signature_hash_algorithm),
             )
-        elif isinstance(public_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey):
-            public_key.verify(
-                cert.cert.signature,
-                cert.cert.tbs_certificate_bytes
-            )
+        elif CRYPTOGRAPHY_HAS_ED25519_SIGN and isinstance(
+                public_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey):
+            public_key.verify(cert.cert.signature, cert.cert.tbs_certificate_bytes)
+        elif CRYPTOGRAPHY_HAS_ED448_SIGN and isinstance(
+                public_key, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey):
+            public_key.verify(cert.cert.signature, cert.cert.tbs_certificate_bytes)
         else:
             # Unknown public key type
             module.warn('Unknown public key type "{0}"'.format(public_key))

From 6ac8181a5c9289ca0d8db5618c07c230b28e8702 Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Wed, 10 Jul 2024 15:24:26 -0400
Subject: [PATCH 3/6] Formatting updates

---
 .../777-add_ability_to_identify_ed25519_complete_chains.yml  | 2 +-
 plugins/modules/certificate_complete_chain.py                | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
index 99b3e537c..87c6ff306 100644
--- a/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
+++ b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
@@ -1,2 +1,2 @@
 minor_changes:
-  - complete_chain - add ability to identify ed25519 and ed448 complete chains.
+  - certificate_complete_chain - add ability to identify ed25519 and ed448 complete chains (https://github.com/ansible-collections/community.crypto/pull/777).
diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
index 2a09daaf4..265edf3f2 100644
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -141,8 +141,11 @@
 from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
     split_pem_list,
 )
+
 from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
-    CRYPTOGRAPHY_HAS_ED448_SIGN, CRYPTOGRAPHY_HAS_ED25519_SIGN)
+    CRYPTOGRAPHY_HAS_ED448_SIGN,
+    CRYPTOGRAPHY_HAS_ED25519_SIGN,
+)
 
 
 CRYPTOGRAPHY_IMP_ERR = None

From 001061c2dbc263e8e826faea3f6afa779f24f51e Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Thu, 11 Jul 2024 15:55:55 -0400
Subject: [PATCH 4/6] Remove unnecessary imports.

---
 plugins/modules/certificate_complete_chain.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
index 265edf3f2..d0a194bd8 100644
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -156,8 +156,6 @@
     import cryptography.hazmat.primitives.serialization
     import cryptography.hazmat.primitives.asymmetric.rsa
     import cryptography.hazmat.primitives.asymmetric.ec
-    import cryptography.hazmat.primitives.asymmetric.ed448
-    import cryptography.hazmat.primitives.asymmetric.ed25519
     import cryptography.hazmat.primitives.asymmetric.padding
     import cryptography.hazmat.primitives.hashes
     import cryptography.hazmat.primitives.asymmetric.utils

From 1b1729c567001d3d32cda031e76f6ca7a8f90602 Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Thu, 11 Jul 2024 16:14:20 -0400
Subject: [PATCH 5/6] Cleanup whitespace

---
 plugins/modules/certificate_complete_chain.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
index d0a194bd8..021b5866d 100644
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -147,7 +147,6 @@
     CRYPTOGRAPHY_HAS_ED25519_SIGN,
 )
 
-
 CRYPTOGRAPHY_IMP_ERR = None
 try:
     import cryptography

From eb2e4ff19d7d3ff59129b7a33fec60a0ec7a3662 Mon Sep 17 00:00:00 2001
From: G Derber <gd.github@bloodymage.org>
Date: Thu, 11 Jul 2024 16:16:22 -0400
Subject: [PATCH 6/6] Fix algorithm names capitalization.

---
 .../777-add_ability_to_identify_ed25519_complete_chains.yml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
index 87c6ff306..09884ff0e 100644
--- a/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
+++ b/changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
@@ -1,2 +1,2 @@
 minor_changes:
-  - certificate_complete_chain - add ability to identify ed25519 and ed448 complete chains (https://github.com/ansible-collections/community.crypto/pull/777).
+  - certificate_complete_chain - add ability to identify Ed25519 and Ed448 complete chains (https://github.com/ansible-collections/community.crypto/pull/777).