1 // Copyright 2016 Joseph Birr-Pixton.
2 //
3 // Permission to use, copy, modify, and/or distribute this software for any
4 // purpose with or without fee is hereby granted, provided that the above
5 // copyright notice and this permission notice appear in all copies.
6 //
7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15 use core::convert::TryFrom;
16 extern crate webpki;
17
18 static ALL_SIGALGS: &[&webpki::SignatureAlgorithm] = &[
19 &webpki::ECDSA_P256_SHA256,
20 &webpki::ECDSA_P256_SHA384,
21 &webpki::ECDSA_P384_SHA256,
22 &webpki::ECDSA_P384_SHA384,
23 &webpki::ED25519,
24 #[cfg(feature = "alloc")]
25 &webpki::RSA_PKCS1_2048_8192_SHA256,
26 #[cfg(feature = "alloc")]
27 &webpki::RSA_PKCS1_2048_8192_SHA384,
28 #[cfg(feature = "alloc")]
29 &webpki::RSA_PKCS1_2048_8192_SHA512,
30 #[cfg(feature = "alloc")]
31 &webpki::RSA_PKCS1_3072_8192_SHA384,
32 ];
33
34 /* Checks we can verify netflix's cert chain. This is notable
35 * because they're rooted at a Verisign v1 root. */
36 #[cfg(feature = "alloc")]
37 #[test]
netflix()38 pub fn netflix() {
39 let ee: &[u8] = include_bytes!("netflix/ee.der");
40 let inter = include_bytes!("netflix/inter.der");
41 let ca = include_bytes!("netflix/ca.der");
42
43 let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()];
44 let anchors = webpki::TlsServerTrustAnchors(&anchors);
45
46 #[allow(clippy::unreadable_literal)] // TODO: Make this clear.
47 let time = webpki::Time::from_seconds_since_unix_epoch(1492441716);
48
49 let cert = webpki::EndEntityCert::try_from(ee).unwrap();
50 assert_eq!(
51 Ok(()),
52 cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[inter], time)
53 );
54 }
55
56 #[test]
ed25519()57 pub fn ed25519() {
58 let ee: &[u8] = include_bytes!("ed25519/ee.der");
59 let ca = include_bytes!("ed25519/ca.der");
60
61 let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()];
62 let anchors = webpki::TlsServerTrustAnchors(&anchors);
63
64 #[allow(clippy::unreadable_literal)] // TODO: Make this clear.
65 let time = webpki::Time::from_seconds_since_unix_epoch(1547363522);
66
67 let cert = webpki::EndEntityCert::try_from(ee).unwrap();
68 assert_eq!(
69 Ok(()),
70 cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[], time)
71 );
72 }
73
74 #[test]
read_root_with_zero_serial()75 fn read_root_with_zero_serial() {
76 let ca = include_bytes!("misc/serial_zero.der");
77 let _ =
78 webpki::TrustAnchor::try_from_cert_der(ca).expect("godaddy cert should parse as anchor");
79 }
80
81 #[test]
read_root_with_neg_serial()82 fn read_root_with_neg_serial() {
83 let ca = include_bytes!("misc/serial_neg.der");
84 let _ = webpki::TrustAnchor::try_from_cert_der(ca).expect("idcat cert should parse as anchor");
85 }
86
87 #[cfg(feature = "std")]
88 #[test]
time_constructor()89 fn time_constructor() {
90 let _ = webpki::Time::try_from(std::time::SystemTime::now()).unwrap();
91 }
92