fix: update KMS repo

Manuthor · Manuthor · commit df9b845a9208 · 2025-12-15T12:14:24.000+01:00
diff --git a/crate/cli/src/tests/kms/attributes/get.rs b/crate/cli/src/tests/kms/attributes/get.rs
@@ -1,6 +1,7 @@
 use std::{collections::HashMap, process::Command};
 
 use assert_cmd::cargo::CommandCargoExt;
+use clap::ValueEnum;
 use cosmian_kms_cli::reexport::cosmian_kms_client::{
     kmip_2_1::kmip_types::Tag, reexport::cosmian_kms_client_utils::attributes_utils::CLinkType,
 };
@@ -46,7 +47,12 @@ pub(crate) fn get_attributes(
 
     for link_type in attribute_link_types {
         args.push("--link-type".to_owned());
-        args.push(link_type.to_string());
+        let name = link_type
+            .to_possible_value()
+            .expect("valid CLinkType")
+            .get_name()
+            .to_string();
+        args.push(name);
     }
 
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
diff --git a/crate/cli/src/tests/kms/certificates/certify.rs b/crate/cli/src/tests/kms/certificates/certify.rs
@@ -1,6 +1,7 @@
 use std::{path::PathBuf, process::Command};
 
 use assert_cmd::cargo::CommandCargoExt;
+use clap::ValueEnum;
 use cosmian_kms_cli::reexport::cosmian_kms_client::{
     cosmian_kmip::{
         kmip_2_1::{kmip_objects::Object, kmip_types::LinkType},
@@ -91,7 +92,12 @@ pub(crate) fn certify(cli_conf_path: &str, certify_op: CertifyOp) -> CosmianResu
     }
     if let Some(algorithm) = certify_op.algorithm {
         args.push("--algorithm".to_owned());
-        args.push(algorithm.to_string());
+        let name = algorithm
+            .to_possible_value()
+            .expect("valid Algorithm")
+            .get_name()
+            .to_string();
+        args.push(name);
     }
     if let Some(certificate_id) = certify_op.certificate_id {
         args.push("--certificate-id".to_owned());
diff --git a/crate/cli/src/tests/kms/derive_key/derive_key_tests.rs b/crate/cli/src/tests/kms/derive_key/derive_key_tests.rs
@@ -1,6 +1,7 @@
 use std::process::Command;
 
 use assert_cmd::prelude::*;
+use clap::ValueEnum;
 use cosmian_kms_cli::{
     actions::kms::{
         derive_key::DeriveKeyAction, mac::CHashingAlgorithm,
@@ -43,7 +44,12 @@ pub(crate) fn derive_key(cli_conf_path: &str, action: DeriveKeyAction) -> Cosmia
     let mut args: Vec<String> = vec![
         // Algorithm and length are explicit to avoid relying on defaults
         "--algorithm".to_owned(),
-        action.algorithm.to_string(),
+        action
+            .algorithm
+            .to_possible_value()
+            .expect("possible value")
+            .get_name()
+            .to_string(),
         "--length".to_owned(),
         action.cryptographic_length.to_string(),
         "--derivation-method".to_owned(),
diff --git a/crate/cli/src/tests/kms/elliptic_curve/sign_verify.rs b/crate/cli/src/tests/kms/elliptic_curve/sign_verify.rs
@@ -29,14 +29,7 @@ fn ec_sign(
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path);
 
-    let mut args = vec![
-        "sign",
-        input_file,
-        "--key-id",
-        key_id,
-        "-s",
-        "ecdsa-with-sha256",
-    ];
+    let mut args = vec!["sign", input_file, "--key-id", key_id];
     if digested {
         args.push("--digested");
     }
@@ -69,15 +62,7 @@ fn ec_sign_verify(
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path);
 
-    let mut args = vec![
-        "sign-verify",
-        data_file,
-        signature_file,
-        "--key-id",
-        key_id,
-        "-s",
-        "ecdsa-with-sha256",
-    ];
+    let mut args = vec!["sign-verify", data_file, signature_file, "--key-id", key_id];
     if digested {
         args.push("--digested");
     }
diff --git a/crate/cli/src/tests/kms/rsa/encrypt_decrypt.rs b/crate/cli/src/tests/kms/rsa/encrypt_decrypt.rs
@@ -1,6 +1,7 @@
 use std::{collections::HashSet, fs, path::PathBuf, process::Command};
 
 use assert_cmd::prelude::*;
+use clap::ValueEnum;
 use cosmian_kms_cli::reexport::cosmian_kms_client::{
     read_bytes_from_file,
     reexport::cosmian_kms_client_utils::rsa_utils::{HashFn, RsaEncryptionAlgorithm},
@@ -43,9 +44,20 @@ pub(crate) fn encrypt(
     args.push("--key-id");
     args.push(public_key_id);
     args.push("--encryption-algorithm");
-    let encryption_algorithm = encryption_algorithm.to_string();
+    let encryption_algorithm = encryption_algorithm
+        .to_possible_value()
+        .expect("valid RSA algorithm")
+        .get_name()
+        .to_string();
     args.push(&encryption_algorithm);
-    let hash_fn_s = hash_fn.map(|h| h.to_string()).unwrap_or_default();
+    let hash_fn_s = hash_fn
+        .map(|h| {
+            h.to_possible_value()
+                .expect("valid hash")
+                .get_name()
+                .to_string()
+        })
+        .unwrap_or_default();
     if hash_fn.is_some() {
         args.push("--hashing-algorithm");
         args.push(&hash_fn_s);
@@ -81,9 +93,20 @@ pub(crate) fn decrypt(
 
     let mut args = vec!["decrypt", input_file, "--key-id", private_key_id];
     args.push("--encryption-algorithm");
-    let encryption_algorithm = encryption_algorithm.to_string();
+    let encryption_algorithm = encryption_algorithm
+        .to_possible_value()
+        .expect("valid RSA algorithm")
+        .get_name()
+        .to_string();
     args.push(&encryption_algorithm);
-    let hash_fn_str = hash_fn.map(|h| h.to_string()).unwrap_or_default();
+    let hash_fn_str = hash_fn
+        .map(|h| {
+            h.to_possible_value()
+                .expect("valid hash")
+                .get_name()
+                .to_string()
+        })
+        .unwrap_or_default();
     if hash_fn.is_some() {
         args.push("--hashing-algorithm");
         args.push(&hash_fn_str);
diff --git a/crate/cli/src/tests/kms/rsa/sign_verify.rs b/crate/cli/src/tests/kms/rsa/sign_verify.rs
@@ -30,7 +30,7 @@ fn rsa_sign(
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path);
 
-    let mut args = vec!["sign", input_file, "--key-id", key_id, "-s", "rsassapss"];
+    let mut args = vec!["sign", input_file, "--key-id", key_id];
     if digested {
         args.push("--digested");
     }
@@ -63,15 +63,7 @@ fn rsa_sign_verify(
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path);
 
-    let mut args = vec![
-        "sign-verify",
-        data_file,
-        signature_file,
-        "--key-id",
-        key_id,
-        "-s",
-        "rsassapss",
-    ];
+    let mut args = vec!["sign-verify", data_file, signature_file, "--key-id", key_id];
     if digested {
         args.push("--digested");
     }
diff --git a/crate/cli/src/tests/kms/shared/export.rs b/crate/cli/src/tests/kms/shared/export.rs
@@ -3,6 +3,7 @@ use std::path::Path;
 use std::process::Command;
 
 use assert_cmd::prelude::*;
+use clap::ValueEnum;
 #[cfg(feature = "non-fips")]
 use cosmian_kms_cli::reexport::cosmian_kms_client::{
     kmip_0::kmip_types::BlockCipherMode,
@@ -102,7 +103,12 @@ pub(crate) fn export_key(params: ExportKeyParams) -> CosmianResult<()> {
     }
     if let Some(wrapping_algorithm) = &params.wrapping_algorithm {
         args.push("--wrapping-algorithm".to_owned());
-        args.push(wrapping_algorithm.to_string());
+        let name = wrapping_algorithm
+            .to_possible_value()
+            .expect("valid wrapping algorithm")
+            .get_name()
+            .to_string();
+        args.push(name);
     }
 
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
diff --git a/crate/cli/src/tests/kms/shared/export_import.rs b/crate/cli/src/tests/kms/shared/export_import.rs
@@ -39,7 +39,7 @@ pub(crate) async fn test_wrap_on_export_unwrap_on_import() -> CosmianResult<()>
 
     // Export and import the key with different block cipher modes
     for wrapping_algorithm in [WrappingAlgorithm::AesGCM, WrappingAlgorithm::NistKeyWrap] {
-        debug!("wrapping algorithm: {wrapping_algorithm}",);
+        debug!("wrapping algorithm: {:?}", wrapping_algorithm);
         export_key(ExportKeyParams {
             cli_conf_path: user_client_conf_path.clone(),
             sub_command: "sym".to_owned(),
diff --git a/crate/cli/src/tests/kms/shared/locate.rs b/crate/cli/src/tests/kms/shared/locate.rs
@@ -103,8 +103,7 @@ pub(crate) async fn test_locate_cover_crypt() -> CosmianResult<()> {
     assert!(ids.contains(&master_private_key_id));
     assert!(ids.contains(&master_public_key_id));
 
-    // Locate with cryptographic algorithm
-    // this should be case insensitive
+    // Locate with cryptographic algorithm (CLI expects lowercase names)
     let ids = locate(
         &owner_client_conf_path,
         Some(&["test_cc"]),
@@ -345,7 +344,7 @@ pub(crate) async fn test_locate_symmetric_key() -> CosmianResult<()> {
     let ids = locate(
         &owner_client_conf_path,
         Some(&["test_sym"]),
-        Some("Aes"),
+        Some("aes"),
         None,
         None,
     )?;
@@ -363,11 +362,11 @@ pub(crate) async fn test_locate_symmetric_key() -> CosmianResult<()> {
     assert_eq!(ids.len(), 1);
     assert!(ids.contains(&key_id));
 
-    //locate using tags and cryptographic algorithm and key format type
+    // locate using tags and cryptographic algorithm and key format type
     let ids = locate(
         &owner_client_conf_path,
         Some(&["test_sym"]),
-        Some("AES"),
+        Some("aes"),
         None,
         Some("TransparentSymmetricKey"),
     )?;
diff --git a/crate/cli/src/tests/kms/symmetric/create_key.rs b/crate/cli/src/tests/kms/symmetric/create_key.rs
@@ -2,6 +2,7 @@ use std::process::Command;
 
 use assert_cmd::prelude::*;
 use base64::{Engine as _, engine::general_purpose};
+use clap::ValueEnum;
 use cosmian_kms_cli::{
     actions::kms::symmetric::keys::create_key::CreateKeyAction,
     reexport::{
@@ -45,7 +46,15 @@ pub(crate) fn create_symmetric_key(
     if let Some(wrap_key_b64) = action.wrap_key_b64.clone() {
         args.extend(vec!["--bytes-b64".to_owned(), wrap_key_b64]);
     }
-    args.extend(vec!["--algorithm".to_owned(), action.algorithm.to_string()]);
+    args.extend(vec![
+        "--algorithm".to_owned(),
+        action
+            .algorithm
+            .to_possible_value()
+            .expect("possible value")
+            .get_name()
+            .to_string(),
+    ]);
 
     // add tags
     for tag in action.tags {
diff --git a/kms b/kms
@@ -1 +1 @@
-Subproject commit 39e94cb32def798f350c5cdcf84abde7118273b3
+Subproject commit b5d546d2dfddb20251a1b9233d1f16791ea896b9
