• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //! Certification request (`CertReq`) tests
2 
3 use der::asn1::{PrintableStringRef, Utf8StringRef};
4 use der::{Decode, Encode, Tag, Tagged};
5 use hex_literal::hex;
6 use x509_cert::request::{CertReq, Version};
7 
8 const RSA_KEY: &[u8] = &hex!("3082010A0282010100BF59F7FE716DDE47C73579CA846EFA8D30AB3612E0D6A524204A72CA8E50C9F459513DF0D73331BED3D7A2DA7A362719E471EE6A9D87827D1024ED44605AB9B48F3B808C5E173B9F3EC4003D57F1718489F5C7A0421C46FBD527A40AB4BA6B9DB16A545D1ECF6E2A5633BD80594EBA4AFEE71F63E1D357C64E9A3FF6B83746A885C373F3527987E4C2B4AF7FE4D4EA16405E5E15285DD938823AA18E2634BAFE847A761CAFABB0401D3FA03A07A9D097CBB0C77156CCFE36131DADF1C109C2823972F0AF21A35F358E788304C0C78B951739D91FABFFD07AA8CD4F69746B3D0EB4587469F9D39F4FBDC761200DFB27DAF69562311D8B191B7EEFAAE2F8D6F8EB0203010001");
9 const RSA_SIG: &[u8] = &hex!("2B053CFE81C6542176BD70B373A5FC8DC1F1806A5AB10D25E36690EED1DF57AD5F18EC0CCF165F000245B14157141224B431EC6715EFE937F66B892D11EDF8858EDF67ACCAE9701A2244BECA80705D7CC292BAD9B02001E4572EE492B08473D5AF59CC83DDA1DE5C2BF470FD784495070A9C5AF8EA9A4060C1DBC5C4690CC8DF6D528C55D82EC9C0DF3046BBCAE7542025D7EE170788C9C234132703290A31AC2700E55339590226D5E582EC61869862769FD85B45F287FFDD6DB530995D31F94D7D2C26EF3F48A182C3026CC698F382A72F1A11E3C689953055DAC0DFEBE9CDB163CA3AF33FFC4DA0F6B84B9D7CDD4321CCECD4BAC528DEFF9715FFD9D4731E");
10 
11 /// RSA-2048 `CertReq` encoded as ASN.1 DER
12 const RSA_2048_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-csr.der");
13 
14 const NAMES: &[(&str, &str)] = &[
15     ("2.5.4.3", "example.com"),
16     ("2.5.4.7", "Los Angeles"),
17     ("2.5.4.8", "California"),
18     ("2.5.4.10", "Example Inc"),
19     ("2.5.4.6", "US"),
20 ];
21 
22 #[rustfmt::skip]
23 const EXTENSIONS: &[(&str, &[u8])] = &[
24     ("2.5.29.19", &hex!("3000")),     // basicConstraints
25     ("2.5.29.15", &hex!("030205A0")), // keyUsage
26     ("2.5.29.37", &hex!("301406082B0601050507030106082B06010505070302")), // extKeyUsage
27     ("2.5.29.17", &hex!("300D820B6578616D706C652E636F6D")), // subjectAltNamec
28 ];
29 
30 #[test]
decode_rsa_2048_der()31 fn decode_rsa_2048_der() {
32     let cr = CertReq::from_der(RSA_2048_DER_EXAMPLE).unwrap();
33 
34     // Check the version.
35     assert_eq!(cr.info.version, Version::V1);
36 
37     // Check all the RDNs.
38     assert_eq!(cr.info.subject.0.len(), NAMES.len());
39     for (name, (oid, val)) in cr.info.subject.0.iter().zip(NAMES) {
40         let kind = name.0.get(0).unwrap();
41         let value = match kind.value.tag() {
42             Tag::Utf8String => Utf8StringRef::try_from(&kind.value).unwrap().as_str(),
43             Tag::PrintableString => PrintableStringRef::try_from(&kind.value).unwrap().as_str(),
44             _ => panic!("unexpected tag"),
45         };
46 
47         assert_eq!(kind.oid, oid.parse().unwrap());
48         assert_eq!(name.0.len(), 1);
49         assert_eq!(value, *val);
50     }
51 
52     // Check the public key.
53     let alg = cr.info.public_key.algorithm;
54     assert_eq!(alg.oid, "1.2.840.113549.1.1.1".parse().unwrap());
55     assert!(alg.parameters.unwrap().is_null());
56     assert_eq!(cr.info.public_key.subject_public_key.raw_bytes(), RSA_KEY);
57 
58     // Check the attributes (just one; contains extensions).
59     assert_eq!(cr.info.attributes.len(), 1);
60     let attribute = cr.info.attributes.get(0).unwrap();
61     assert_eq!(attribute.oid, "1.2.840.113549.1.9.14".parse().unwrap()); // extensionRequest
62     assert_eq!(attribute.values.len(), 1);
63 
64     // Check the extensions.
65     let extensions: x509_cert::ext::Extensions =
66         attribute.values.get(0).unwrap().decode_as().unwrap();
67     for (ext, (oid, val)) in extensions.iter().zip(EXTENSIONS) {
68         assert_eq!(ext.extn_id, oid.parse().unwrap());
69         assert_eq!(ext.extn_value.as_bytes(), *val);
70         assert!(!ext.critical);
71     }
72 
73     // Check the signature value.
74     assert_eq!(cr.algorithm.oid, "1.2.840.113549.1.1.11".parse().unwrap());
75     assert!(cr.algorithm.parameters.unwrap().is_null());
76     assert_eq!(cr.signature.as_bytes().unwrap(), RSA_SIG);
77 }
78 
79 // The following tests currently fail because of a bug in the `der` crate;
80 // specifically, the `IMPLICIT` tagging on `CertReqInfo::attributes`.
81 
82 #[test]
encode_rsa_2048_der()83 fn encode_rsa_2048_der() {
84     let cr = CertReq::from_der(RSA_2048_DER_EXAMPLE).unwrap();
85     let cr_encoded = cr.to_der().unwrap();
86     assert_eq!(RSA_2048_DER_EXAMPLE, cr_encoded.as_slice());
87 }
88