72 lines
2.7 KiB
Rust
72 lines
2.7 KiB
Rust
use oid_registry::{OID_PKCS1_SHA256WITHRSA, OID_SIG_ECDSA_WITH_SHA256, OID_X509_COMMON_NAME};
|
|
use x509_parser::prelude::*;
|
|
|
|
const CSR_DATA_EMPTY_ATTRIB: &[u8] = include_bytes!("../assets/csr-empty-attributes.csr");
|
|
const CSR_DATA: &[u8] = include_bytes!("../assets/test.csr");
|
|
|
|
#[test]
|
|
fn read_csr_empty_attrib() {
|
|
let (rem, csr) =
|
|
X509CertificationRequest::from_der(CSR_DATA_EMPTY_ATTRIB).expect("could not parse CSR");
|
|
|
|
assert!(rem.is_empty());
|
|
let cri = &csr.certification_request_info;
|
|
assert_eq!(cri.version, X509Version(0));
|
|
assert_eq!(cri.attributes().len(), 0);
|
|
assert_eq!(csr.signature_algorithm.algorithm, OID_PKCS1_SHA256WITHRSA);
|
|
}
|
|
|
|
#[test]
|
|
fn read_csr_with_san() {
|
|
let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
|
|
let (rem, csr) =
|
|
X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
|
|
|
|
assert!(rem.is_empty());
|
|
let cri = &csr.certification_request_info;
|
|
assert_eq!(cri.version, X509Version(0));
|
|
assert_eq!(cri.attributes().len(), 1);
|
|
assert_eq!(csr.signature_algorithm.algorithm, OID_SIG_ECDSA_WITH_SHA256);
|
|
|
|
let mut rdns = cri.subject.iter();
|
|
let rdn = rdns.next().unwrap();
|
|
let first = rdn.iter().next().unwrap();
|
|
assert_eq!(first.attr_type(), &OID_X509_COMMON_NAME);
|
|
assert_eq!(first.as_str().unwrap(), "test.rusticata.fr");
|
|
|
|
let expected: &[u8] = &[
|
|
4, 195, 245, 126, 177, 113, 192, 146, 215, 136, 181, 58, 82, 138, 142, 61, 253, 245, 185,
|
|
192, 166, 216, 218, 145, 219, 42, 169, 112, 122, 58, 91, 184, 150, 37, 237, 245, 59, 54,
|
|
44, 210, 44, 207, 218, 167, 148, 189, 210, 159, 207, 103, 233, 1, 187, 134, 137, 24, 240,
|
|
188, 223, 135, 215, 71, 80, 64, 65,
|
|
];
|
|
assert_eq!(cri.subject_pki.subject_public_key.data, expected);
|
|
|
|
let mut extensions = csr.requested_extensions().unwrap();
|
|
match extensions.next().unwrap() {
|
|
ParsedExtension::SubjectAlternativeName(san) => {
|
|
let name = san.general_names.first().unwrap();
|
|
assert!(matches!(name, GeneralName::DNSName("test.rusticata.fr")));
|
|
}
|
|
_ => unreachable!(),
|
|
}
|
|
}
|
|
|
|
#[cfg(feature = "verify")]
|
|
#[test]
|
|
fn read_csr_verify() {
|
|
let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
|
|
let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
|
|
csr.verify_signature().unwrap();
|
|
|
|
let mut der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
|
|
assert_eq!(&der.contents[28..37], b"rusticata");
|
|
for (i, b) in b"foobarbaz".iter().enumerate() {
|
|
der.contents[28 + i] = *b;
|
|
}
|
|
assert_eq!(&der.contents[28..37], b"foobarbaz");
|
|
|
|
let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
|
|
csr.verify_signature().unwrap_err();
|
|
}
|