From 5ed77df197afc33c04569edcd3db5993a695fbae Mon Sep 17 00:00:00 2001 From: Onur Aslan Date: Fri, 29 Jul 2016 12:11:53 +0300 Subject: Implement save_der for X509 and X509Req --- openssl/src/x509/tests.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index f547a982..5d9b30ab 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -92,6 +92,19 @@ fn test_cert_loading() { assert_eq!(fingerprint, hash_vec); } +#[test] +fn test_save_der() { + let cert_path = Path::new("test/cert.pem"); + let mut file = File::open(&cert_path) + .ok() + .expect("Failed to open `test/cert.pem`"); + + let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + + let der = cert.save_der().unwrap(); + assert!(!der.is_empty()); +} + #[test] fn test_subject_read_cn() { let cert_path = Path::new("test/cert.pem"); -- cgit v1.2.3 From 08e27f31ed851873f7684ac806b837e8cff4a28f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 2 Aug 2016 20:48:42 -0700 Subject: Restructure PEM input/output methods Dealing with byte buffers directly avoids error handling weirdness and we were loading it all into memory before anyway. --- openssl/src/x509/tests.rs | 57 ++++++++++++++--------------------------------- 1 file changed, 17 insertions(+), 40 deletions(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 5d9b30ab..167ca8cf 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -1,7 +1,4 @@ use serialize::hex::FromHex; -use std::io; -use std::path::Path; -use std::fs::File; use crypto::hash::Type::SHA1; use crypto::pkey::PKey; @@ -30,8 +27,8 @@ fn get_generator() -> X509Generator { #[test] fn test_cert_gen() { let (cert, pkey) = get_generator().generate().unwrap(); - cert.write_pem(&mut io::sink()).unwrap(); - pkey.write_pem(&mut io::sink()).unwrap(); + cert.write_pem().unwrap(); + pkey.write_pem().unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509 getters @@ -70,7 +67,7 @@ fn test_req_gen() { pkey.gen(512); let req = get_generator().request(&pkey).unwrap(); - req.write_pem(&mut io::sink()).unwrap(); + req.write_pem().unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509_REQ getters @@ -78,12 +75,8 @@ fn test_req_gen() { #[test] fn test_cert_loading() { - let cert_path = Path::new("test/cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let fingerprint = cert.fingerprint(SHA1).unwrap(); let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; @@ -94,12 +87,8 @@ fn test_cert_loading() { #[test] fn test_save_der() { - let cert_path = Path::new("test/cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let der = cert.save_der().unwrap(); assert!(!der.is_empty()); @@ -107,12 +96,8 @@ fn test_save_der() { #[test] fn test_subject_read_cn() { - let cert_path = Path::new("test/cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::CN) { Some(x) => x, @@ -124,12 +109,8 @@ fn test_subject_read_cn() { #[test] fn test_nid_values() { - let cert_path = Path::new("test/nid_test_cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/nid_test_cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/nid_test_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::CN) { @@ -153,12 +134,8 @@ fn test_nid_values() { #[test] fn test_nid_uid_value() { - let cert_path = Path::new("test/nid_uid_test_cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/nid_uid_test_cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/nid_uid_test_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::UserId) { @@ -170,8 +147,8 @@ fn test_nid_uid_value() { #[test] fn test_subject_alt_name() { - let mut file = File::open("test/alt_name_cert.pem").unwrap(); - let cert = X509::from_pem(&mut file).unwrap(); + let cert = include_bytes!("../../test/alt_name_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject_alt_names = cert.subject_alt_names().unwrap(); assert_eq!(3, subject_alt_names.len()); @@ -184,8 +161,8 @@ fn test_subject_alt_name() { #[test] fn test_subject_alt_name_iter() { - let mut file = File::open("test/alt_name_cert.pem").unwrap(); - let cert = X509::from_pem(&mut file).unwrap(); + let cert = include_bytes!("../../test/alt_name_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject_alt_names = cert.subject_alt_names().unwrap(); let mut subject_alt_names_iter = subject_alt_names.iter(); -- cgit v1.2.3 From 7855f428aa48fcb6f4e8ad4c452783df88d20935 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 7 Aug 2016 20:38:46 -0700 Subject: PKey reform This deletes the vast majority of PKey's API, since it was weirdly tied to RSA and super broken. --- openssl/src/x509/tests.rs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 167ca8cf..141e1fdb 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -24,6 +24,7 @@ fn get_generator() -> X509Generator { .add_extension(OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned())) } +/* #[test] fn test_cert_gen() { let (cert, pkey) = get_generator().generate().unwrap(); @@ -72,6 +73,7 @@ fn test_req_gen() { // FIXME: check data in result to be correct, needs implementation // of X509_REQ getters } +*/ #[test] fn test_cert_loading() { -- cgit v1.2.3 From 77ba043acf0cc6a536042814d92a2df9a6bf2784 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 7 Aug 2016 21:53:05 -0700 Subject: x509 cleanup --- openssl/src/x509/tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 141e1fdb..86b5f92b 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -92,7 +92,7 @@ fn test_save_der() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); - let der = cert.save_der().unwrap(); + let der = cert.to_der().unwrap(); assert!(!der.is_empty()); } -- cgit v1.2.3 From 2a3e9a28564626bea0bf729a0ecee43553697654 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 7 Aug 2016 22:35:37 -0700 Subject: Add RSA::generate --- openssl/src/x509/tests.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 86b5f92b..aedcaf55 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -2,6 +2,7 @@ use serialize::hex::FromHex; use crypto::hash::Type::SHA1; use crypto::pkey::PKey; +use crypto::rsa::RSA; use x509::{X509, X509Generator}; use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr}; use x509::extension::AltNameOption as SAN; @@ -61,19 +62,20 @@ fn test_cert_gen_extension_bad_ordering() { assert!(result.is_err()); } +*/ #[test] fn test_req_gen() { - let mut pkey = PKey::new(); - pkey.gen(512); + let rsa = RSA::generate(512).unwrap(); + let mut pkey = PKey::new().unwrap(); + pkey.set_rsa(&rsa).unwrap(); let req = get_generator().request(&pkey).unwrap(); - req.write_pem().unwrap(); + req.to_pem().unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509_REQ getters } -*/ #[test] fn test_cert_loading() { -- cgit v1.2.3 From 19689565360cc4bf54a1a083321d46871be0b1f5 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 7 Aug 2016 22:40:51 -0700 Subject: Restore disabled tests --- openssl/src/x509/tests.rs | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index aedcaf55..ba747c83 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -25,17 +25,23 @@ fn get_generator() -> X509Generator { .add_extension(OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned())) } -/* +fn pkey() -> PKey { + let rsa = RSA::generate(512).unwrap(); + let mut pkey = PKey::new().unwrap(); + pkey.set_rsa(&rsa).unwrap(); + pkey +} + #[test] fn test_cert_gen() { - let (cert, pkey) = get_generator().generate().unwrap(); - cert.write_pem().unwrap(); - pkey.write_pem().unwrap(); + let pkey = pkey(); + let cert = get_generator().sign(&pkey).unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509 getters - assert_eq!(pkey.save_pub(), cert.public_key().save_pub()); + assert_eq!(pkey.public_key_to_pem().unwrap(), + cert.public_key().unwrap().public_key_to_pem().unwrap()); } /// SubjectKeyIdentifier must be added before AuthorityKeyIdentifier or OpenSSL @@ -43,10 +49,11 @@ fn test_cert_gen() { /// for extensions is preserved when the cert is signed. #[test] fn test_cert_gen_extension_ordering() { + let pkey = pkey(); get_generator() .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned())) .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned())) - .generate() + .sign(&pkey) .expect("Failed to generate cert with order-dependent extensions"); } @@ -54,21 +61,19 @@ fn test_cert_gen_extension_ordering() { /// deterministic by reversing the order of extensions and asserting failure. #[test] fn test_cert_gen_extension_bad_ordering() { + let pkey = pkey(); let result = get_generator() .add_extension(OtherNid(Nid::AuthorityKeyIdentifier, "keyid:always".to_owned())) .add_extension(OtherNid(Nid::SubjectKeyIdentifier, "hash".to_owned())) - .generate(); + .sign(&pkey); assert!(result.is_err()); } -*/ #[test] fn test_req_gen() { - let rsa = RSA::generate(512).unwrap(); - let mut pkey = PKey::new().unwrap(); - pkey.set_rsa(&rsa).unwrap(); + let pkey = pkey(); let req = get_generator().request(&pkey).unwrap(); req.to_pem().unwrap(); -- cgit v1.2.3 From 6e5cd7ef47c2d328f419b14cbef4f41337a7321a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 7 Aug 2016 22:46:14 -0700 Subject: Remove X509Generator::bitlenth --- openssl/src/x509/tests.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index ba747c83..f701736a 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -12,7 +12,6 @@ use nid::Nid; fn get_generator() -> X509Generator { X509Generator::new() - .set_bitlength(2048) .set_valid_period(365 * 2) .add_name("CN".to_string(), "test_me".to_string()) .set_sign_hash(SHA1) @@ -26,7 +25,7 @@ fn get_generator() -> X509Generator { } fn pkey() -> PKey { - let rsa = RSA::generate(512).unwrap(); + let rsa = RSA::generate(2048).unwrap(); let mut pkey = PKey::new().unwrap(); pkey.set_rsa(&rsa).unwrap(); pkey -- cgit v1.2.3 From 6b1016c86e72d26d15584789456bd317bee92bca Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 7 Aug 2016 22:56:44 -0700 Subject: Add PKey::from_rsa --- openssl/src/x509/tests.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index f701736a..da1523af 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -26,8 +26,7 @@ fn get_generator() -> X509Generator { fn pkey() -> PKey { let rsa = RSA::generate(2048).unwrap(); - let mut pkey = PKey::new().unwrap(); - pkey.set_rsa(&rsa).unwrap(); + let mut pkey = PKey::from_rsa(rsa).unwrap(); pkey } -- cgit v1.2.3 From 0854632ff5c5c340e3300951dd06a767a16b11db Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 9 Aug 2016 21:58:48 -0700 Subject: Make c_helpers optional --- openssl/src/x509/tests.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index da1523af..ab480836 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -26,8 +26,7 @@ fn get_generator() -> X509Generator { fn pkey() -> PKey { let rsa = RSA::generate(2048).unwrap(); - let mut pkey = PKey::from_rsa(rsa).unwrap(); - pkey + PKey::from_rsa(rsa).unwrap() } #[test] -- cgit v1.2.3 From 1ac54b06e9c68ecc79e4bb0c4f65296c669a6cc8 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 9 Aug 2016 22:15:16 -0700 Subject: Move X509_get_extensions to openssl helpers --- openssl/src/x509/tests.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl/src/x509/tests.rs') diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index ab480836..c09b31cd 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -69,6 +69,7 @@ fn test_cert_gen_extension_bad_ordering() { } #[test] +#[cfg(feature = "x509_generator_request")] fn test_req_gen() { let pkey = pkey(); -- cgit v1.2.3