studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

chore: checkpoint before Python removal

Browse Source
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-26 22:33:59 +00:00
parent 683cec9307
commit e568ddf82a
29972 changed files with 11269302 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
vendor/x509-parser/tests/pem.rs vendored Normal file
View File

@@ -0,0 +1,49 @@
use std::io::Cursor;
use x509_parser::pem::{parse_x509_pem, Pem};
use x509_parser::{parse_x509_certificate, x509::X509Version};
static IGCA_PEM: &[u8] = include_bytes!("../assets/IGC_A.pem");
#[test]
fn test_x509_parse_pem() {
let (rem, pem) = parse_x509_pem(IGCA_PEM).expect("PEM parsing failed");
// println!("{:?}", pem);
assert!(rem.is_empty());
assert_eq!(pem.label, String::from("CERTIFICATE"));
//
// now check that the content is indeed a certificate
let (rem, crt) = parse_x509_certificate(&pem.contents).expect("X.509 parsing failed");
// println!("res: {:?}", res);
assert!(rem.is_empty());
assert_eq!(crt.tbs_certificate.version, X509Version::V3);
}
#[test]
fn test_pem_read() {
let reader = Cursor::new(IGCA_PEM);
let (pem, bytes_read) = Pem::read(reader).expect("Reading PEM failed");
// println!("{:?}", pem);
assert_eq!(bytes_read, IGCA_PEM.len());
assert_eq!(pem.label, String::from("CERTIFICATE"));
//
// now check that the content is indeed a certificate
let x509 = pem.parse_x509().expect("X.509: decoding DER failed");
assert_eq!(x509.tbs_certificate.version, X509Version::V3);
}
#[test]
fn test_pem_not_pem() {
let bytes = vec![0x1, 0x2, 0x3, 0x4, 0x5];
let reader = Cursor::new(bytes);
let res = Pem::read(reader);
assert!(res.is_err());
}
static NO_END: &[u8] = include_bytes!("../assets/no_end.pem");
#[test]
fn test_pem_no_end() {
let reader = Cursor::new(NO_END);
let res = Pem::read(reader);
assert!(res.is_err());
}

393
vendor/x509-parser/tests/readcert.rs vendored Normal file
View File

@@ -0,0 +1,393 @@
use ::time::macros::datetime;
use ::time::OffsetDateTime;
use der_parser::oid;
use nom::Parser;
use oid_registry::*;
use std::collections::HashMap;
use x509_parser::prelude::*;
static IGCA_DER: &[u8] = include_bytes!("../assets/IGC_A.der");
static NO_EXTENSIONS_DER: &[u8] = include_bytes!("../assets/no_extensions.der");
static V1: &[u8] = include_bytes!("../assets/v1.der");
static CRL_DER: &[u8] = include_bytes!("../assets/example.crl");
static EMPTY_CRL_DER: &[u8] = include_bytes!("../assets/empty.crl");
static MINIMAL_CRL_DER: &[u8] = include_bytes!("../assets/minimal.crl");
static DUPLICATE_VALUE_IN_AIA: &[u8] =
include_bytes!("../assets/duplicate_value_in_authority_info_access.der");
static UNIQUE_IDS_DER: &[u8] = include_bytes!("../assets/unique_ids.der");
#[test]
fn test_x509_parser() {
let empty = &b""[..];
//assert_eq!(x509_parser(IGCA_DER), IResult::Done(empty, (1)));
let res = parse_x509_certificate(IGCA_DER);
// println!("res: {:?}", res);
match res {
Ok((e, cert)) => {
assert_eq!(e, empty);
//
let tbs_cert = &cert.tbs_certificate;
assert_eq!(tbs_cert.version, X509Version::V3);
//
let s = tbs_cert.raw_serial_as_string();
assert_eq!(&s, "39:11:45:10:94");
//
let expected_subject = "C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, Email=igca@sgdn.pm.gouv.fr";
assert_eq!(format!("{}", tbs_cert.subject), expected_subject);
//
let cn_list: Result<Vec<_>, X509Error> = cert
.subject()
.iter_common_name()
.map(|attr| attr.as_str())
.collect();
assert_eq!(cn_list, Ok(vec!["IGC/A"]));
//
let sig = &tbs_cert.signature;
assert_eq!(sig.algorithm, oid! {1.2.840.113549.1.1.5});
//
let expected_issuer = "C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, Email=igca@sgdn.pm.gouv.fr";
assert_eq!(format!("{}", tbs_cert.issuer), expected_issuer);
let expected_issuer_der = &IGCA_DER[35..171];
assert_eq!(tbs_cert.issuer.as_raw(), expected_issuer_der);
//
let sig_alg = &cert.signature_algorithm;
assert_eq!(sig_alg.algorithm, OID_PKCS1_SHA1WITHRSA);
//
let not_before = &tbs_cert.validity.not_before;
let not_after = &tbs_cert.validity.not_after;
let nb = not_before.to_datetime();
let na = not_after.to_datetime();
assert_eq!(nb.year(), 2002);
assert_eq!(nb.month() as u8, 12);
assert_eq!(nb.day(), 13);
assert_eq!(na.year(), 2020);
assert_eq!(na.month() as u8, 10);
assert_eq!(na.day(), 17);
let policies = vec![PolicyInformation {
policy_id: oid!(1.2.250 .1 .121 .1 .1 .1),
policy_qualifiers: None,
}];
let expected_extensions = vec![
X509Extension::new(
oid!(2.5.29 .19),
true,
&[48, 3, 1, 1, 255],
ParsedExtension::BasicConstraints(BasicConstraints {
ca: true,
path_len_constraint: None,
}),
),
X509Extension::new(
oid!(2.5.29 .15),
false,
&[3, 2, 1, 70],
ParsedExtension::KeyUsage(KeyUsage { flags: 98 }),
),
X509Extension::new(
oid!(2.5.29 .32),
false,
&[48, 12, 48, 10, 6, 8, 42, 129, 122, 1, 121, 1, 1, 1],
ParsedExtension::CertificatePolicies(policies),
),
X509Extension::new(
oid!(2.5.29 .14),
false,
&[
4, 20, 163, 5, 47, 24, 96, 80, 194, 137, 10, 221, 43, 33, 79, 255, 142, 78,
168, 48, 49, 54,
],
ParsedExtension::SubjectKeyIdentifier(KeyIdentifier(&[
163, 5, 47, 24, 96, 80, 194, 137, 10, 221, 43, 33, 79, 255, 142, 78, 168,
48, 49, 54,
])),
),
X509Extension::new(
oid!(2.5.29 .35),
false,
&[
48, 22, 128, 20, 163, 5, 47, 24, 96, 80, 194, 137, 10, 221, 43, 33, 79,
255, 142, 78, 168, 48, 49, 54,
],
ParsedExtension::AuthorityKeyIdentifier(AuthorityKeyIdentifier {
key_identifier: Some(KeyIdentifier(&[
163, 5, 47, 24, 96, 80, 194, 137, 10, 221, 43, 33, 79, 255, 142, 78,
168, 48, 49, 54,
])),
authority_cert_issuer: None,
authority_cert_serial: None,
}),
),
];
assert_eq!(tbs_cert.extensions(), &expected_extensions as &[_]);
//
assert!(tbs_cert.is_ca());
//
assert_eq!(tbs_cert.as_ref(), &IGCA_DER[4..(8 + 746)]);
// check that cert.as_raw() returns the certificate bytes
assert_eq!(cert.as_raw(), IGCA_DER);
}
_ => panic!("x509 parsing failed: {:?}", res),
}
}
#[test]
fn test_x509_no_extensions() {
let empty = &b""[..];
let res = parse_x509_certificate(NO_EXTENSIONS_DER);
match res {
Ok((e, cert)) => {
assert_eq!(e, empty);
let tbs_cert = cert.tbs_certificate;
assert_eq!(tbs_cert.version, X509Version::V3);
assert_eq!(tbs_cert.extensions().len(), 0);
}
_ => panic!("x509 parsing failed: {:?}", res),
}
}
#[test]
fn test_parse_subject_public_key_info() {
let res = SubjectPublicKeyInfo::from_der(&IGCA_DER[339..])
.expect("Parse public key info")
.1;
assert_eq!(res.algorithm.algorithm, OID_PKCS1_RSAENCRYPTION);
let params = res.algorithm.parameters.expect("algorithm parameters");
assert_eq!(params.tag().0, 5);
let spk = res.subject_public_key;
println!("spk.data.len {}", spk.data.len());
assert_eq!(spk.data.len(), 270);
}
#[test]
fn test_version_v1() {
let (rem, cert) = parse_x509_certificate(V1).expect("Could not parse v1 certificate");
assert!(rem.is_empty());
assert_eq!(cert.version(), X509Version::V1);
let tbs_cert = cert.tbs_certificate;
assert_eq!(format!("{}", tbs_cert.subject), "CN=marquee");
assert_eq!(format!("{}", tbs_cert.issuer), "CN=marquee");
}
#[test]
fn test_crl_parse() {
match parse_x509_crl(CRL_DER) {
Ok((e, cert)) => {
assert!(e.is_empty());
let tbs_cert_list = cert.tbs_cert_list;
assert_eq!(tbs_cert_list.version, Some(X509Version::V2));
let sig = &tbs_cert_list.signature;
assert_eq!(sig.algorithm, OID_PKCS1_SHA1WITHRSA);
let expected_issuer =
"O=Sample Signer Organization, OU=Sample Signer Unit, CN=Sample Signer Cert";
assert_eq!(format!("{}", tbs_cert_list.issuer), expected_issuer);
let sig_alg = &cert.signature_algorithm;
assert_eq!(sig_alg.algorithm, OID_PKCS1_SHA1WITHRSA);
let this_update = tbs_cert_list.this_update;
let next_update = tbs_cert_list.next_update.unwrap();
let tu = OffsetDateTime::from_unix_timestamp(this_update.timestamp()).unwrap();
let nu = OffsetDateTime::from_unix_timestamp(next_update.timestamp()).unwrap();
assert_eq!(tu.year(), 2013);
assert_eq!(tu.month() as u8, 2);
assert_eq!(tu.day(), 18);
assert_eq!(nu.year(), 2013);
assert_eq!(nu.month() as u8, 2);
assert_eq!(nu.day(), 18);
let revocation_date = datetime! {2013-02-18 10:22:12 UTC};
let invalidity_date = datetime! {2013-02-18 10:22:00 UTC};
let revoked_certs = &tbs_cert_list.revoked_certificates;
let revoked_cert_0 = &revoked_certs[0];
assert_eq!(*revoked_cert_0.serial(), 0x147947u32.into());
assert_eq!(
revoked_cert_0.revocation_date.to_datetime(),
revocation_date
);
let expected_extensions = vec![
X509Extension::new(
oid!(2.5.29 .21),
false,
&[10, 1, 3],
ParsedExtension::ReasonCode(ReasonCode::AffiliationChanged),
),
X509Extension::new(
oid!(2.5.29 .24),
false,
&[
24, 15, 50, 48, 49, 51, 48, 50, 49, 56, 49, 48, 50, 50, 48, 48, 90,
],
ParsedExtension::InvalidityDate(invalidity_date.into()),
),
];
assert_eq!(revoked_cert_0.extensions(), &expected_extensions as &[_]);
assert_eq!(revoked_certs.len(), 5);
assert_eq!(revoked_certs[4].user_certificate, 1_341_771_u32.into());
let expected_extensions = vec![
X509Extension::new(
oid!(2.5.29 .35),
false,
&[
48, 22, 128, 20, 190, 18, 1, 204, 170, 234, 17, 128, 218, 46, 173, 178,
234, 199, 181, 251, 159, 249, 173, 52,
],
ParsedExtension::AuthorityKeyIdentifier(AuthorityKeyIdentifier {
key_identifier: Some(KeyIdentifier(&[
190, 18, 1, 204, 170, 234, 17, 128, 218, 46, 173, 178, 234, 199, 181,
251, 159, 249, 173, 52,
])),
authority_cert_issuer: None,
authority_cert_serial: None,
}),
),
X509Extension::new(
oid!(2.5.29 .20),
false,
&[2, 1, 3],
ParsedExtension::CRLNumber(3u32.into()),
),
];
assert_eq!(tbs_cert_list.extensions(), &expected_extensions as &[_]);
assert_eq!(tbs_cert_list.as_ref(), &CRL_DER[4..(4 + 4 + 508)]);
}
err => panic!("x509 parsing failed: {:?}", err),
}
}
#[test]
fn test_crl_parse_empty() {
match parse_x509_crl(EMPTY_CRL_DER) {
Ok((e, cert)) => {
assert!(e.is_empty());
assert!(cert.tbs_cert_list.revoked_certificates.is_empty());
let expected_extensions = vec![
X509Extension::new(
oid!(2.5.29 .20),
false,
&[2, 1, 2],
ParsedExtension::CRLNumber(2u32.into()),
),
X509Extension::new(
OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
false,
&[
48, 22, 128, 20, 34, 101, 12, 214, 90, 157, 52, 137, 243, 131, 180, 149,
82, 191, 80, 27, 57, 39, 6, 172,
],
ParsedExtension::AuthorityKeyIdentifier(AuthorityKeyIdentifier {
key_identifier: Some(KeyIdentifier(&[
34, 101, 12, 214, 90, 157, 52, 137, 243, 131, 180, 149, 82, 191, 80,
27, 57, 39, 6, 172,
])),
authority_cert_issuer: None,
authority_cert_serial: None,
}),
),
];
assert_eq!(cert.extensions(), &expected_extensions as &[_]);
assert_eq!(
cert.tbs_cert_list.as_ref(),
&EMPTY_CRL_DER[4..(4 + 3 + 200)]
);
}
err => panic!("x509 parsing failed: {:?}", err),
}
}
#[test]
fn test_crl_parse_minimal() {
match parse_x509_crl(MINIMAL_CRL_DER) {
Ok((e, crl)) => {
assert!(e.is_empty());
let revocation_date = datetime! {1970-01-01 00:00:00 UTC};
let revoked_certificates = &crl.tbs_cert_list.revoked_certificates;
assert_eq!(revoked_certificates.len(), 1);
let revoked_cert_0 = &revoked_certificates[0];
assert_eq!(*revoked_cert_0.serial(), 42u32.into());
assert_eq!(
revoked_cert_0.revocation_date.to_datetime(),
revocation_date
);
assert!(revoked_cert_0.extensions().is_empty());
assert!(crl.tbs_cert_list.extensions().is_empty());
assert_eq!(crl.tbs_cert_list.as_ref(), &MINIMAL_CRL_DER[4..(4 + 79)]);
}
err => panic!("x509 parsing failed: {:?}", err),
}
}
#[test]
fn test_duplicate_authority_info_access() {
match parse_x509_certificate(DUPLICATE_VALUE_IN_AIA) {
Ok((_, cert)) => {
let extension = cert
.tbs_certificate
.get_extension_unique(&OID_PKIX_AUTHORITY_INFO_ACCESS)
.expect("could not get AIA")
.expect("no AIA found");
let mut accessdescs = HashMap::new();
let ca_issuers = vec![
&GeneralName::URI("http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt"),
&GeneralName::URI("http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt"),
];
let ocsp = vec![&GeneralName::URI("http://ocsp.pca.dfn.de/OCSP-Server/OCSP")];
accessdescs.insert(OID_PKIX_ACCESS_DESCRIPTOR_CA_ISSUERS, ca_issuers);
accessdescs.insert(OID_PKIX_ACCESS_DESCRIPTOR_OCSP, ocsp);
if let ParsedExtension::AuthorityInfoAccess(aia) = extension.parsed_extension() {
let h = aia.as_hashmap();
assert_eq!(h, accessdescs);
} else {
panic!("Wrong extension type parsed");
}
}
err => panic!("x509 parsing failed: {:?}", err),
}
}
#[test]
fn test_x509_parser_no_ext() {
let mut parser = X509CertificateParser::new().with_deep_parse_extensions(false);
let (_, x509) = parser.parse(IGCA_DER).expect("parsing failed");
for ext in x509.extensions() {
assert_eq!(ext.parsed_extension(), &ParsedExtension::Unparsed);
}
}
#[test]
fn test_tbscert_unique_identifiers() {
let mut parser = X509CertificateParser::new().with_deep_parse_extensions(false);
let (_, x509) = parser.parse(UNIQUE_IDS_DER).expect("parsing failed");
assert_eq!(
&x509
.tbs_certificate
.issuer_uid
.expect("missing issuer uid")
.0
.as_ref(),
&[
0x30, 0x16, 0x80, 0x14, 0xc5, 0x78, 0x84, 0xb8, 0xc, 0x6e, 0x8c, 0x4c, 0xce, 0xb9,
0x94, 0x6f, 0x98, 0xfc, 0xf3, 0x8a, 0x54, 0xb1, 0x80, 0xe0
]
);
assert_eq!(
&x509
.tbs_certificate
.subject_uid
.expect("missing subject uid")
.0
.as_ref(),
&[
0x4, 0x14, 0xdf, 0x13, 0xac, 0x69, 0x14, 0x90, 0x62, 0xdb, 0x3d, 0xe9, 0xb4, 0x56,
0xe6, 0xa6, 0x90, 0x26, 0xbf, 0x2c, 0xef, 0x81
]
);
}

111
vendor/x509-parser/tests/readcrl.rs vendored Normal file
View File

@@ -0,0 +1,111 @@
use x509_parser::prelude::*;
#[cfg(any(feature = "verify", feature = "verify-aws"))]
#[test]
fn read_crl_verify() {
const CA_DATA: &[u8] = include_bytes!("../assets/ca_minimalcrl.der");
const CRL_DATA: &[u8] = include_bytes!("../assets/minimal.crl");
let (_, x509_ca) = X509Certificate::from_der(CA_DATA).expect("could not parse certificate");
let (_, crl) = parse_x509_crl(CRL_DATA).expect("could not parse revocation list");
let res = crl.verify_signature(&x509_ca.tbs_certificate.subject_pki);
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
// check that `.as_raw()` returns the input bytes
assert_eq!(crl.as_raw(), CRL_DATA);
}
fn crl_idp<'a>(crl: &'a CertificateRevocationList) -> &'a IssuingDistributionPoint<'a> {
let crl_idp = crl
.tbs_cert_list
.find_extension(&oid_registry::OID_X509_EXT_ISSUER_DISTRIBUTION_POINT)
.expect("missing IDP extension");
match crl_idp.parsed_extension() {
ParsedExtension::IssuingDistributionPoint(crl_idp) => crl_idp,
_ => panic!("wrong extension type"),
}
}
#[test]
fn read_minimal_crl_idp() {
const CRL_DATA: &[u8] = include_bytes!("../assets/crl-idp/minimal.der");
let (_, crl) = parse_x509_crl(CRL_DATA).expect("could not parse revocation list");
let crl_idp = crl_idp(&crl);
let dp = crl_idp
.distribution_point
.as_ref()
.expect("missing distribution point");
let full_name = match dp {
DistributionPointName::FullName(full_name) => full_name,
DistributionPointName::NameRelativeToCRLIssuer(_) => {
panic!("wrong distribution point name type")
}
};
assert_eq!(full_name.len(), 1);
let uri = match full_name.first().unwrap() {
GeneralName::URI(uri) => *uri,
_ => panic!("wrong general name type"),
};
assert_eq!(uri, "http://crl.trustcor.ca/sub/dv-ssl-rsa-s-0.crl");
assert!(!crl_idp.only_contains_user_certs);
assert!(!crl_idp.only_contains_ca_certs);
assert!(crl_idp.only_some_reasons.is_none());
assert!(!crl_idp.only_contains_attribute_certs);
}
#[test]
fn test_only_user_crl_idp() {
const CRL_DATA: &[u8] = include_bytes!("../assets/crl-idp/only_user_certs.der");
let (_, crl) = parse_x509_crl(CRL_DATA).expect("could not parse revocation list");
let crl_idp = crl_idp(&crl);
assert!(crl_idp.only_contains_user_certs);
assert!(!crl_idp.only_contains_ca_certs);
assert!(crl_idp.only_some_reasons.is_none());
assert!(!crl_idp.only_contains_attribute_certs);
}
#[test]
fn test_only_ca_crl_idp() {
const CRL_DATA: &[u8] = include_bytes!("../assets/crl-idp/only_ca_certs.der");
let (_, crl) = parse_x509_crl(CRL_DATA).expect("could not parse revocation list");
let crl_idp = crl_idp(&crl);
assert!(!crl_idp.only_contains_user_certs);
assert!(crl_idp.only_contains_ca_certs);
assert!(crl_idp.only_some_reasons.is_none());
assert!(!crl_idp.only_contains_attribute_certs);
}
#[test]
fn test_only_some_reasons_crl_idp() {
const CRL_DATA: &[u8] = include_bytes!("../assets/crl-idp/only_some_reasons.der");
let (_, crl) = parse_x509_crl(CRL_DATA).expect("could not parse revocation list");
let crl_idp = crl_idp(&crl);
assert!(!crl_idp.only_contains_user_certs);
assert!(!crl_idp.only_contains_ca_certs);
assert!(!crl_idp.only_contains_attribute_certs);
let reasons = crl_idp
.only_some_reasons
.as_ref()
.expect("missing only_some_reasons");
assert!(reasons.key_compromise());
assert!(reasons.affilation_changed());
}
#[test]
fn test_only_attribute_cers_crl_idp() {
const CRL_DATA: &[u8] = include_bytes!("../assets/crl-idp/only_attribute_certs.der");
let (_, crl) = parse_x509_crl(CRL_DATA).expect("could not parse revocation list");
let crl_idp = crl_idp(&crl);
assert!(!crl_idp.only_contains_user_certs);
assert!(!crl_idp.only_contains_ca_certs);
assert!(crl_idp.only_some_reasons.is_none());
assert!(crl_idp.only_contains_attribute_certs);
}

128
vendor/x509-parser/tests/readcsr.rs vendored Normal file
View File

@@ -0,0 +1,128 @@
use asn1_rs::Set;
use oid_registry::{
OID_PKCS1_SHA256WITHRSA, OID_PKCS9_CHALLENGE_PASSWORD, OID_SIG_ECDSA_WITH_SHA256,
OID_X509_COMMON_NAME,
};
use x509_parser::prelude::*;
const CSR_DATA_EMPTY_ATTRIB: &[u8] = include_bytes!("../assets/csr-empty-attributes.csr");
const CSR_DATA: &[u8] = include_bytes!("../assets/test.csr");
const CSR_CHALLENGE_PASSWORD: &[u8] = include_bytes!("../assets/csr-challenge-password.pem");
#[test]
fn read_csr_empty_attrib() {
let (rem, csr) =
X509CertificationRequest::from_der(CSR_DATA_EMPTY_ATTRIB).expect("could not parse CSR");
assert!(rem.is_empty());
let cri = &csr.certification_request_info;
assert_eq!(cri.version, X509Version(0));
assert_eq!(cri.attributes().len(), 0);
assert_eq!(csr.signature_algorithm.algorithm, OID_PKCS1_SHA256WITHRSA);
}
#[test]
fn read_csr_with_san() {
let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
let (rem, csr) =
X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
assert!(rem.is_empty());
let cri = &csr.certification_request_info;
assert_eq!(cri.version, X509Version(0));
assert_eq!(cri.attributes().len(), 1);
assert_eq!(csr.signature_algorithm.algorithm, OID_SIG_ECDSA_WITH_SHA256);
let mut rdns = cri.subject.iter();
let rdn = rdns.next().unwrap();
let first = rdn.iter().next().unwrap();
assert_eq!(first.attr_type(), &OID_X509_COMMON_NAME);
assert_eq!(first.as_str().unwrap(), "test.rusticata.fr");
let expected: &[u8] = &[
4, 195, 245, 126, 177, 113, 192, 146, 215, 136, 181, 58, 82, 138, 142, 61, 253, 245, 185,
192, 166, 216, 218, 145, 219, 42, 169, 112, 122, 58, 91, 184, 150, 37, 237, 245, 59, 54,
44, 210, 44, 207, 218, 167, 148, 189, 210, 159, 207, 103, 233, 1, 187, 134, 137, 24, 240,
188, 223, 135, 215, 71, 80, 64, 65,
];
assert_eq!(cri.subject_pki.subject_public_key.data, expected);
let mut extensions = csr.requested_extensions().unwrap();
match extensions.next().unwrap() {
ParsedExtension::SubjectAlternativeName(san) => {
let name = san.general_names.first().unwrap();
assert!(matches!(name, GeneralName::DNSName("test.rusticata.fr")));
}
_ => unreachable!(),
}
}
#[test]
fn read_csr_with_challenge_password() {
let der = pem::parse_x509_pem(CSR_CHALLENGE_PASSWORD).unwrap().1;
let (rem, csr) = X509CertificationRequest::from_der(&der.contents)
.expect("Could not parse CSR with challenge password");
assert!(rem.is_empty());
let cri = &csr.certification_request_info;
assert_eq!(cri.version, X509Version(0));
assert_eq!(cri.attributes().len(), 2);
let challenge_password_attr = csr
.certification_request_info
.find_attribute(&OID_PKCS9_CHALLENGE_PASSWORD)
.expect("Challenge password not found in CSR");
// 1. Check: Parse value
let (rem, challenge_password_from_value) =
Set::from_der_and_then(challenge_password_attr.value, String::from_der)
.expect("Error parsing challenge password attribute");
assert_eq!(challenge_password_from_value, "A challenge password");
assert!(rem.is_empty());
// 2. Check: Get value directly from parsed attribute
if let ParsedCriAttribute::ChallengePassword(challenge_password_from_parsed_attribute) =
challenge_password_attr.parsed_attribute()
{
assert_eq!(
challenge_password_from_parsed_attribute.0,
"A challenge password"
);
} else {
panic!("Parsed attribute is not a challenge password");
}
// Make sure we can read requested extensions
let extensions = csr
.requested_extensions()
.expect("Didn't find requested extensions in CSR");
let mut found_san = false;
for extension in extensions {
if let ParsedExtension::SubjectAlternativeName(san) = extension {
let name = san.general_names.get(2).unwrap();
assert!(matches!(name, GeneralName::DNSName("localhost")));
found_san = true;
}
}
assert!(found_san);
}
#[cfg(any(feature = "verify", feature = "verify-aws"))]
#[test]
fn read_csr_verify() {
let pem = pem::parse_x509_pem(CSR_DATA).unwrap().1;
let (_, csr) = X509CertificationRequest::from_der(&pem.contents).expect("could not parse CSR");
csr.verify_signature().unwrap();
let mut der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
assert_eq!(&der.contents[28..37], b"rusticata");
for (i, b) in b"foobarbaz".iter().enumerate() {
der.contents[28 + i] = *b;
}
assert_eq!(&der.contents[28..37], b"foobarbaz");
let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
csr.verify_signature().unwrap_err();
// check that `.as_raw()` returns the input bytes
assert_eq!(csr.as_raw(), &der.contents);
}

39
vendor/x509-parser/tests/run_all_fuzz_files.rs vendored Normal file
View File

@@ -0,0 +1,39 @@
use std::fs::{self, DirEntry};
use x509_parser::parse_x509_certificate;
const ARTIFACTS_DIR: &str = "fuzz/artifacts/fuzzer_script_1";
const CORPUS_DIR: &str = "fuzz/corpus/fuzzer_script_1";
#[test]
fn run_all_fuzz_files() {
parse_dir(ARTIFACTS_DIR);
parse_dir(CORPUS_DIR);
}
fn parse_dir(name: &str) {
match fs::read_dir(name) {
Ok(dir_entries) => {
dir_entries.for_each(|entry| {
let _ = entry.as_ref().map(parse_file);
});
}
Err(_) => eprintln!("fuzzer corpus/artifacts not found - ignoring test"),
}
}
fn parse_file(entry: &DirEntry) -> std::io::Result<()> {
let path = entry.path();
// println!("{:?}", entry.path());
let data = fs::read(path).unwrap();
let _ = parse_x509_certificate(&data);
Ok(())
}
#[test]
#[ignore = "placeholder for specific tests"]
fn run_fuzz_candidate() {
const CANDIDATE: &str = "fuzz/corpus/fuzzer_script_1/bd0096a63b9979d64763915a342a59af9dc281fb";
let data = fs::read(CANDIDATE).unwrap();
let _ = parse_x509_certificate(&data);
}

19
vendor/x509-parser/tests/test01.rs vendored Normal file
View File

@@ -0,0 +1,19 @@
use nom::bytes::complete::take;
#[test]
fn test01() {
let data = b"0\x88\xff\xff\xff\xff\xff\xff\xff\xff00\x0f\x02\x000\x00\x00\x00\x00\x00\x0000\x0f\x00\xff\x0a\xbb\xff";
let _ = x509_parser::parse_x509_certificate(data);
}
fn parser02(input: &[u8]) -> nom::IResult<&[u8], ()> {
let (_hdr, input) = take(1_usize)(input)?;
let (_data, input) = take(18_446_744_073_709_551_615_usize)(input)?;
Ok((input, ()))
}
#[test]
fn test02() {
let data = b"0\x88\xff\xff\xff\xff\xff\xff\xff\xff00\x0f\x02\x000\x00\x00\x00\x00\x00\x0000\x0f\x00\xff\x0a\xbb\xff";
let _ = parser02(data);
}

69
vendor/x509-parser/tests/verify.rs vendored Normal file
View File

@@ -0,0 +1,69 @@
#![cfg(any(feature = "verify", feature = "verify-aws"))]
use x509_parser::parse_x509_certificate;
static CA_DER: &[u8] = include_bytes!("../assets/IGC_A.der");
static CA_LETSENCRYPT_X3: &[u8] = include_bytes!("../assets/lets-encrypt-x3-cross-signed.der");
static CERT_DER: &[u8] = include_bytes!("../assets/certificate.der");
#[test]
fn test_signature_verification() {
// for a root CA, verify self-signature
let (_, x509_ca) = parse_x509_certificate(CA_DER).expect("could not parse certificate");
let res = x509_ca.verify_signature(None);
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
// for a standard certificate, first load the authority, then the certificate, and verify it
let (_, x509_ca) =
parse_x509_certificate(CA_LETSENCRYPT_X3).expect("could not parse certificate");
let (_, x509_cert) = parse_x509_certificate(CERT_DER).expect("could not parse certificate");
let res = x509_cert.verify_signature(Some(&x509_ca.tbs_certificate.subject_pki));
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
}
static ED25519_DER: &[u8] = include_bytes!("../assets/ed25519.der");
#[test]
fn test_signature_verification_ed25519() {
// this certificate is self-signed
let (_, x509_ca) = parse_x509_certificate(ED25519_DER).expect("could not parse certificate");
let res = x509_ca.verify_signature(None);
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
}
static RSA_PSS_SELF_SIGNED_SHA256: &[u8] =
include_bytes!("../assets/rsa-pss/self_signed_sha256.der");
static RSA_PSS_SELF_SIGNED_SHA384: &[u8] =
include_bytes!("../assets/rsa-pss/self_signed_sha384.der");
static RSA_PSS_SELF_SIGNED_SHA512: &[u8] =
include_bytes!("../assets/rsa-pss/self_signed_sha512.der");
#[test]
fn test_signature_verification_rsa_pss_sha256() {
let (_, x509) =
parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA256).expect("could not parse certificate");
let res = x509.verify_signature(None);
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
}
#[test]
fn test_signature_verification_rsa_pss_sha384() {
let (_, x509) =
parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA384).expect("could not parse certificate");
let res = x509.verify_signature(None);
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
}
#[test]
fn test_signature_verification_rsa_pss_sha512() {
let (_, x509) =
parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA512).expect("could not parse certificate");
let res = x509.verify_signature(None);
eprintln!("Verification: {res:?}");
assert!(res.is_ok());
}