72 lines
2.1 KiB
Rust
72 lines
2.1 KiB
Rust
use serialize::hex::FromHex;
|
|
use std::io;
|
|
use std::path::Path;
|
|
use std::fs::File;
|
|
|
|
use crypto::hash::Type::{SHA256};
|
|
use x509::{X509, X509Generator};
|
|
use x509::KeyUsage::{DigitalSignature, KeyEncipherment};
|
|
use x509::ExtKeyUsage::{ClientAuth, ServerAuth};
|
|
use nid::Nid;
|
|
|
|
#[test]
|
|
fn test_cert_gen() {
|
|
let gen = X509Generator::new()
|
|
.set_bitlength(2048)
|
|
.set_valid_period(365*2)
|
|
.set_CN("test_me")
|
|
.set_sign_hash(SHA256)
|
|
.set_usage(&[DigitalSignature, KeyEncipherment])
|
|
.set_ext_usage(&[ClientAuth, ServerAuth]);
|
|
|
|
let res = gen.generate();
|
|
assert!(res.is_ok());
|
|
|
|
let (cert, pkey) = res.unwrap();
|
|
|
|
assert!(cert.write_pem(&mut io::sink()).is_ok());
|
|
assert!(pkey.write_pem(&mut io::sink()).is_ok());
|
|
|
|
// FIXME: check data in result to be correct, needs implementation
|
|
// of X509 getters
|
|
|
|
assert_eq!(pkey.save_pub(), cert.public_key().save_pub());
|
|
}
|
|
|
|
#[test]
|
|
fn test_cert_loading() {
|
|
let cert_path = Path::new("test/cert.pem");
|
|
let mut file = File::open(&cert_path)
|
|
.ok()
|
|
.expect("Failed to open `test/cert.pem`");
|
|
|
|
let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM");
|
|
let fingerprint = cert.fingerprint(SHA256).unwrap();
|
|
|
|
// Hash was generated as SHA256 hash of certificate "test/cert.pem"
|
|
// in DER format.
|
|
// Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256
|
|
// Please update if "test/cert.pem" will ever change
|
|
let hash_str = "db400bb62f1b1f29c3b8f323b8f7d9dea724fdcd67104ef549c772ae3749655b";
|
|
let hash_vec = hash_str.from_hex().unwrap();
|
|
|
|
assert_eq!(fingerprint, hash_vec);
|
|
}
|
|
|
|
#[test]
|
|
fn test_subject_read_cn() {
|
|
let cert_path = Path::new("test/cert.pem");
|
|
let mut file = File::open(&cert_path)
|
|
.ok()
|
|
.expect("Failed to open `test/cert.pem`");
|
|
|
|
let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM");
|
|
let subject = cert.subject_name();
|
|
let cn = match subject.text_by_nid(Nid::CN) {
|
|
Some(x) => x,
|
|
None => panic!("Failed to read CN from cert")
|
|
};
|
|
|
|
assert_eq!(&cn as &str, "test_cert")
|
|
}
|