tests/readcsr.rs - platform/external/rust/crates/x509-parser - Gitiles

 use oid_registry::{OID_PKCS1_SHA256WITHRSA, OID_SIG_ECDSA_WITH_SHA256, OID_X509_COMMON_NAME};
 use x509_parser::prelude::*;

 const CSR_DATA_EMPTY_ATTRIB: &[u8] = include_bytes!("../assets/csr-empty-attributes.csr");
 const CSR_DATA: &[u8] = include_bytes!("../assets/test.csr");

 #[test]
 fn read_csr_empty_attrib() {
     let (rem, csr) =
         X509CertificationRequest::from_der(CSR_DATA_EMPTY_ATTRIB).expect("could not parse CSR");

     assert!(rem.is_empty());
     let cri = &csr.certification_request_info;
     assert_eq!(cri.version, X509Version(0));
     assert_eq!(cri.attributes().len(), 0);
     assert_eq!(csr.signature_algorithm.algorithm, OID_PKCS1_SHA256WITHRSA);
 }

 #[test]
 fn read_csr_with_san() {
     let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
     let (rem, csr) =
         X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");

     assert!(rem.is_empty());
     let cri = &csr.certification_request_info;
     assert_eq!(cri.version, X509Version(0));
     assert_eq!(cri.attributes().len(), 1);
     assert_eq!(csr.signature_algorithm.algorithm, OID_SIG_ECDSA_WITH_SHA256);

     let mut rdns = cri.subject.iter();
     let rdn = rdns.next().unwrap();
     let first = rdn.iter().next().unwrap();
     assert_eq!(first.attr_type(), &OID_X509_COMMON_NAME);
     assert_eq!(first.as_str().unwrap(), "test.rusticata.fr");

     let expected: &[u8] = &[
         4, 195, 245, 126, 177, 113, 192, 146, 215, 136, 181, 58, 82, 138, 142, 61, 253, 245, 185,
         192, 166, 216, 218, 145, 219, 42, 169, 112, 122, 58, 91, 184, 150, 37, 237, 245, 59, 54,
         44, 210, 44, 207, 218, 167, 148, 189, 210, 159, 207, 103, 233, 1, 187, 134, 137, 24, 240,
         188, 223, 135, 215, 71, 80, 64, 65,
     ];
     assert_eq!(cri.subject_pki.subject_public_key.data, expected);

     let mut extensions = csr.requested_extensions().unwrap();
     match extensions.next().unwrap() {
         ParsedExtension::SubjectAlternativeName(san) => {
             let name = san.general_names.first().unwrap();
             assert!(matches!(name, GeneralName::DNSName("test.rusticata.fr")));
         }
         _ => unreachable!(),
     }
 }

 #[cfg(feature = "verify")]
 #[test]
 fn read_csr_verify() {
     let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
     let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
     csr.verify_signature().unwrap();

     let mut der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
     assert_eq!(&der.contents[28..37], b"rusticata");
     for (i, b) in b"foobarbaz".iter().enumerate() {
         der.contents[28 + i] = *b;
     }
     assert_eq!(&der.contents[28..37], b"foobarbaz");

     let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
     csr.verify_signature().unwrap_err();
 }
	use oid_registry::{OID_PKCS1_SHA256WITHRSA, OID_SIG_ECDSA_WITH_SHA256, OID_X509_COMMON_NAME};
	use x509_parser::prelude::*;

	const CSR_DATA_EMPTY_ATTRIB: &[u8] = include_bytes!("../assets/csr-empty-attributes.csr");
	const CSR_DATA: &[u8] = include_bytes!("../assets/test.csr");

	#[test]
	fn read_csr_empty_attrib() {
	let (rem, csr) =
	X509CertificationRequest::from_der(CSR_DATA_EMPTY_ATTRIB).expect("could not parse CSR");

	assert!(rem.is_empty());
	let cri = &csr.certification_request_info;
	assert_eq!(cri.version, X509Version(0));
	assert_eq!(cri.attributes().len(), 0);
	assert_eq!(csr.signature_algorithm.algorithm, OID_PKCS1_SHA256WITHRSA);
	}

	#[test]
	fn read_csr_with_san() {
	let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
	let (rem, csr) =
	X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");

	assert!(rem.is_empty());
	let cri = &csr.certification_request_info;
	assert_eq!(cri.version, X509Version(0));
	assert_eq!(cri.attributes().len(), 1);
	assert_eq!(csr.signature_algorithm.algorithm, OID_SIG_ECDSA_WITH_SHA256);

	let mut rdns = cri.subject.iter();
	let rdn = rdns.next().unwrap();
	let first = rdn.iter().next().unwrap();
	assert_eq!(first.attr_type(), &OID_X509_COMMON_NAME);
	assert_eq!(first.as_str().unwrap(), "test.rusticata.fr");

	let expected: &[u8] = &[
	4, 195, 245, 126, 177, 113, 192, 146, 215, 136, 181, 58, 82, 138, 142, 61, 253, 245, 185,
	192, 166, 216, 218, 145, 219, 42, 169, 112, 122, 58, 91, 184, 150, 37, 237, 245, 59, 54,
	44, 210, 44, 207, 218, 167, 148, 189, 210, 159, 207, 103, 233, 1, 187, 134, 137, 24, 240,
	188, 223, 135, 215, 71, 80, 64, 65,
	];
	assert_eq!(cri.subject_pki.subject_public_key.data, expected);

	let mut extensions = csr.requested_extensions().unwrap();
	match extensions.next().unwrap() {
	ParsedExtension::SubjectAlternativeName(san) => {
	let name = san.general_names.first().unwrap();
	assert!(matches!(name, GeneralName::DNSName("test.rusticata.fr")));
	}
	_ => unreachable!(),
	}
	}

	#[cfg(feature = "verify")]
	#[test]
	fn read_csr_verify() {
	let der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
	let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
	csr.verify_signature().unwrap();

	let mut der = pem::parse_x509_pem(CSR_DATA).unwrap().1;
	assert_eq!(&der.contents[28..37], b"rusticata");
	for (i, b) in b"foobarbaz".iter().enumerate() {
	der.contents[28 + i] = *b;
	}
	assert_eq!(&der.contents[28..37], b"foobarbaz");

	let (_, csr) = X509CertificationRequest::from_der(&der.contents).expect("could not parse CSR");
	csr.verify_signature().unwrap_err();
	}