summaryrefslogtreecommitdiffstats
path: root/rust/vendor/x509-parser/tests/readcsr.rs
diff options
context:
space:
mode:
Diffstat (limited to 'rust/vendor/x509-parser/tests/readcsr.rs')
-rw-r--r--rust/vendor/x509-parser/tests/readcsr.rs125
1 files changed, 125 insertions, 0 deletions
diff --git a/rust/vendor/x509-parser/tests/readcsr.rs b/rust/vendor/x509-parser/tests/readcsr.rs
new file mode 100644
index 0000000..1124c48
--- /dev/null
+++ b/rust/vendor/x509-parser/tests/readcsr.rs
@@ -0,0 +1,125 @@
+use asn1_rs::Set;
+use oid_registry::{
+ OID_PKCS1_SHA256WITHRSA, OID_PKCS9_CHALLENGE_PASSWORD, OID_SIG_ECDSA_WITH_SHA256,
+ OID_X509_COMMON_NAME,
+};
+use x509_parser::prelude::*;
+
+const CSR_DATA_EMPTY_ATTRIB: &[u8] = include_bytes!("../assets/csr-empty-attributes.csr");
+const CSR_DATA: &[u8] = include_bytes!("../assets/test.csr");
+const CSR_CHALLENGE_PASSWORD: &[u8] = include_bytes!("../assets/csr-challenge-password.pem");
+#[test]
+fn read_csr_empty_attrib() {
+ let (rem, csr) =
+ X509CertificationRequest::from_der(CSR_DATA_EMPTY_ATTRIB).expect("could not parse CSR");
+
+ assert!(rem.is_empty());
+ let cri = &csr.certification_request_info;
+ assert_eq!(cri.version, X509Version(0));
+ assert_eq!(cri.attributes().len(), 0);
+ assert_eq!(csr.signature_algorithm.algorithm, OID_PKCS1_SHA256WITHRSA);
+}
+
+#[test]
+fn read_csr_with_san() {
+ let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
+ let (rem, csr) =
+ X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
+
+ assert!(rem.is_empty());
+ let cri = &csr.certification_request_info;
+ assert_eq!(cri.version, X509Version(0));
+ assert_eq!(cri.attributes().len(), 1);
+ assert_eq!(csr.signature_algorithm.algorithm, OID_SIG_ECDSA_WITH_SHA256);
+
+ let mut rdns = cri.subject.iter();
+ let rdn = rdns.next().unwrap();
+ let first = rdn.iter().next().unwrap();
+ assert_eq!(first.attr_type(), &OID_X509_COMMON_NAME);
+ assert_eq!(first.as_str().unwrap(), "test.rusticata.fr");
+
+ let expected: &[u8] = &[
+ 4, 195, 245, 126, 177, 113, 192, 146, 215, 136, 181, 58, 82, 138, 142, 61, 253, 245, 185,
+ 192, 166, 216, 218, 145, 219, 42, 169, 112, 122, 58, 91, 184, 150, 37, 237, 245, 59, 54,
+ 44, 210, 44, 207, 218, 167, 148, 189, 210, 159, 207, 103, 233, 1, 187, 134, 137, 24, 240,
+ 188, 223, 135, 215, 71, 80, 64, 65,
+ ];
+ assert_eq!(cri.subject_pki.subject_public_key.data, expected);
+
+ let mut extensions = csr.requested_extensions().unwrap();
+ match extensions.next().unwrap() {
+ ParsedExtension::SubjectAlternativeName(san) => {
+ let name = san.general_names.first().unwrap();
+ assert!(matches!(name, GeneralName::DNSName("test.rusticata.fr")));
+ }
+ _ => unreachable!(),
+ }
+}
+
+#[test]
+fn read_csr_with_challenge_password() {
+ let der = pem::parse_x509_pem(CSR_CHALLENGE_PASSWORD).unwrap().1;
+ let (rem, csr) = X509CertificationRequest::from_der(&der.contents)
+ .expect("Could not parse CSR with challenge password");
+
+ assert!(rem.is_empty());
+ let cri = &csr.certification_request_info;
+ assert_eq!(cri.version, X509Version(0));
+ assert_eq!(cri.attributes().len(), 2);
+
+ let challenge_password_attr = csr
+ .certification_request_info
+ .find_attribute(&OID_PKCS9_CHALLENGE_PASSWORD)
+ .expect("Challenge password not found in CSR");
+
+ // 1. Check: Parse value
+ let (rem, challenge_password_from_value) =
+ Set::from_der_and_then(challenge_password_attr.value, String::from_der)
+ .expect("Error parsing challenge password attribute");
+ assert_eq!(challenge_password_from_value, "A challenge password");
+ assert!(rem.is_empty());
+
+ // 2. Check: Get value directly from parsed attribute
+ if let ParsedCriAttribute::ChallengePassword(challenge_password_from_parsed_attribute) =
+ challenge_password_attr.parsed_attribute()
+ {
+ assert_eq!(
+ challenge_password_from_parsed_attribute.0,
+ "A challenge password"
+ );
+ } else {
+ panic!("Parsed attribute is not a challenge password");
+ }
+
+ // Make sure we can read requested extensions
+ let extensions = csr
+ .requested_extensions()
+ .expect("Didn't find requested extensions in CSR");
+ let mut found_san = false;
+ for extension in extensions {
+ if let ParsedExtension::SubjectAlternativeName(san) = extension {
+ let name = san.general_names.get(2).unwrap();
+ assert!(matches!(name, GeneralName::DNSName("localhost")));
+ found_san = true;
+ }
+ }
+ assert!(found_san);
+}
+
+#[cfg(feature = "verify")]
+#[test]
+fn read_csr_verify() {
+ let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
+ let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
+ csr.verify_signature().unwrap();
+
+ let mut der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
+ assert_eq!(&der.contents[28..37], b"rusticata");
+ for (i, b) in b"foobarbaz".iter().enumerate() {
+ der.contents[28 + i] = *b;
+ }
+ assert_eq!(&der.contents[28..37], b"foobarbaz");
+
+ let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
+ csr.verify_signature().unwrap_err();
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-13 12:36:10 +0000