• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 use oid_registry::{OID_PKCS1_SHA256WITHRSA, OID_SIG_ECDSA_WITH_SHA256, OID_X509_COMMON_NAME};
2 use x509_parser::prelude::*;
3 
4 const CSR_DATA_EMPTY_ATTRIB: &[u8] = include_bytes!("../assets/csr-empty-attributes.csr");
5 const CSR_DATA: &[u8] = include_bytes!("../assets/test.csr");
6 
7 #[test]
read_csr_empty_attrib()8 fn read_csr_empty_attrib() {
9     let (rem, csr) =
10         X509CertificationRequest::from_der(CSR_DATA_EMPTY_ATTRIB).expect("could not parse CSR");
11 
12     assert!(rem.is_empty());
13     let cri = &csr.certification_request_info;
14     assert_eq!(cri.version, X509Version(0));
15     assert_eq!(cri.attributes().len(), 0);
16     assert_eq!(csr.signature_algorithm.algorithm, OID_PKCS1_SHA256WITHRSA);
17 }
18 
19 #[test]
read_csr_with_san()20 fn read_csr_with_san() {
21     let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
22     let (rem, csr) =
23         X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
24 
25     assert!(rem.is_empty());
26     let cri = &csr.certification_request_info;
27     assert_eq!(cri.version, X509Version(0));
28     assert_eq!(cri.attributes().len(), 1);
29     assert_eq!(csr.signature_algorithm.algorithm, OID_SIG_ECDSA_WITH_SHA256);
30 
31     let mut rdns = cri.subject.iter();
32     let rdn = rdns.next().unwrap();
33     let first = rdn.iter().next().unwrap();
34     assert_eq!(first.attr_type(), &OID_X509_COMMON_NAME);
35     assert_eq!(first.as_str().unwrap(), "test.rusticata.fr");
36 
37     let expected: &[u8] = &[
38         4, 195, 245, 126, 177, 113, 192, 146, 215, 136, 181, 58, 82, 138, 142, 61, 253, 245, 185,
39         192, 166, 216, 218, 145, 219, 42, 169, 112, 122, 58, 91, 184, 150, 37, 237, 245, 59, 54,
40         44, 210, 44, 207, 218, 167, 148, 189, 210, 159, 207, 103, 233, 1, 187, 134, 137, 24, 240,
41         188, 223, 135, 215, 71, 80, 64, 65,
42     ];
43     assert_eq!(cri.subject_pki.subject_public_key.data, expected);
44 
45     let mut extensions = csr.requested_extensions().unwrap();
46     match extensions.next().unwrap() {
47         ParsedExtension::SubjectAlternativeName(san) => {
48             let name = san.general_names.first().unwrap();
49             assert!(matches!(name, GeneralName::DNSName("test.rusticata.fr")));
50         }
51         _ => unreachable!(),
52     }
53 }
54 
55 #[cfg(feature = "verify")]
56 #[test]
read_csr_verify()57 fn read_csr_verify() {
58     let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
59     let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
60     csr.verify_signature().unwrap();
61 
62     let mut der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
63     assert_eq!(&der.contents[28..37], b"rusticata");
64     for (i, b) in b"foobarbaz".iter().enumerate() {
65         der.contents[28 + i] = *b;
66     }
67     assert_eq!(&der.contents[28..37], b"foobarbaz");
68 
69     let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
70     csr.verify_signature().unwrap_err();
71 }
72