File: verify.rs

package info (click to toggle)
rust-x509-parser 0.17.0-4.1
  • links: PTS, VCS
  • area: main
  • in suites: forky, trixie
  • size: 720 kB
  • sloc: python: 29; makefile: 2; sh: 1
file content (69 lines) | stat: -rw-r--r-- 2,624 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
#![cfg(feature = "verify")]

use x509_parser::parse_x509_certificate;

static CA_DER: &[u8] = include_bytes!("../assets/IGC_A.der");
static CA_LETSENCRYPT_X3: &[u8] = include_bytes!("../assets/lets-encrypt-x3-cross-signed.der");
static CERT_DER: &[u8] = include_bytes!("../assets/certificate.der");

#[test]
fn test_signature_verification() {
    // for a root CA, verify self-signature
    let (_, x509_ca) = parse_x509_certificate(CA_DER).expect("could not parse certificate");
    let res = x509_ca.verify_signature(None);
    eprintln!("Verification: {:?}", res);
    assert!(res.is_ok());

    // for a standard certificate, first load the authority, then the certificate, and verify it
    let (_, x509_ca) =
        parse_x509_certificate(CA_LETSENCRYPT_X3).expect("could not parse certificate");
    let (_, x509_cert) = parse_x509_certificate(CERT_DER).expect("could not parse certificate");
    let res = x509_cert.verify_signature(Some(&x509_ca.tbs_certificate.subject_pki));
    eprintln!("Verification: {:?}", res);
    assert!(res.is_ok());
}

static ED25519_DER: &[u8] = include_bytes!("../assets/ed25519.der");

#[test]
fn test_signature_verification_ed25519() {
    // this certificate is self-signed
    let (_, x509_ca) = parse_x509_certificate(ED25519_DER).expect("could not parse certificate");
    let res = x509_ca.verify_signature(None);
    eprintln!("Verification: {:?}", res);
    assert!(res.is_ok());
}

static RSA_PSS_SELF_SIGNED_SHA256: &[u8] =
    include_bytes!("../assets/rsa-pss/self_signed_sha256.der");
static RSA_PSS_SELF_SIGNED_SHA384: &[u8] =
    include_bytes!("../assets/rsa-pss/self_signed_sha384.der");
static RSA_PSS_SELF_SIGNED_SHA512: &[u8] =
    include_bytes!("../assets/rsa-pss/self_signed_sha512.der");

#[test]
fn test_signature_verification_rsa_pss_sha256() {
    let (_, x509) =
        parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA256).expect("could not parse certificate");
    let res = x509.verify_signature(None);
    eprintln!("Verification: {:?}", res);
    assert!(res.is_ok());
}

#[test]
fn test_signature_verification_rsa_pss_sha384() {
    let (_, x509) =
        parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA384).expect("could not parse certificate");
    let res = x509.verify_signature(None);
    eprintln!("Verification: {:?}", res);
    assert!(res.is_ok());
}

#[test]
fn test_signature_verification_rsa_pss_sha512() {
    let (_, x509) =
        parse_x509_certificate(RSA_PSS_SELF_SIGNED_SHA512).expect("could not parse certificate");
    let res = x509.verify_signature(None);
    eprintln!("Verification: {:?}", res);
    assert!(res.is_ok());
}