1 // Copyright 2016 Joseph Birr-Pixton.
2 //
3 // Permission to use, copy, modify, and/or distribute this software for any
4 // purpose with or without fee is hereby granted, provided that the above
5 // copyright notice and this permission notice appear in all copies.
6 //
7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 
15 use core::convert::TryFrom;
16 extern crate webpki;
17 
18 static ALL_SIGALGS: &[&webpki::SignatureAlgorithm] = &[
19     &webpki::ECDSA_P256_SHA256,
20     &webpki::ECDSA_P256_SHA384,
21     &webpki::ECDSA_P384_SHA256,
22     &webpki::ECDSA_P384_SHA384,
23     &webpki::ED25519,
24     #[cfg(feature = "alloc")]
25     &webpki::RSA_PKCS1_2048_8192_SHA256,
26     #[cfg(feature = "alloc")]
27     &webpki::RSA_PKCS1_2048_8192_SHA384,
28     #[cfg(feature = "alloc")]
29     &webpki::RSA_PKCS1_2048_8192_SHA512,
30     #[cfg(feature = "alloc")]
31     &webpki::RSA_PKCS1_3072_8192_SHA384,
32 ];
33 
34 /* Checks we can verify netflix's cert chain.  This is notable
35  * because they're rooted at a Verisign v1 root. */
36 #[cfg(feature = "alloc")]
37 #[test]
netflix()38 pub fn netflix() {
39     let ee: &[u8] = include_bytes!("netflix/ee.der");
40     let inter = include_bytes!("netflix/inter.der");
41     let ca = include_bytes!("netflix/ca.der");
42 
43     let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()];
44     let anchors = webpki::TlsServerTrustAnchors(&anchors);
45 
46     #[allow(clippy::unreadable_literal)] // TODO: Make this clear.
47     let time = webpki::Time::from_seconds_since_unix_epoch(1492441716);
48 
49     let cert = webpki::EndEntityCert::try_from(ee).unwrap();
50     assert_eq!(
51         Ok(()),
52         cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[inter], time)
53     );
54 }
55 
56 #[test]
ed25519()57 pub fn ed25519() {
58     let ee: &[u8] = include_bytes!("ed25519/ee.der");
59     let ca = include_bytes!("ed25519/ca.der");
60 
61     let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()];
62     let anchors = webpki::TlsServerTrustAnchors(&anchors);
63 
64     #[allow(clippy::unreadable_literal)] // TODO: Make this clear.
65     let time = webpki::Time::from_seconds_since_unix_epoch(1547363522);
66 
67     let cert = webpki::EndEntityCert::try_from(ee).unwrap();
68     assert_eq!(
69         Ok(()),
70         cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[], time)
71     );
72 }
73 
74 #[test]
read_root_with_zero_serial()75 fn read_root_with_zero_serial() {
76     let ca = include_bytes!("misc/serial_zero.der");
77     let _ =
78         webpki::TrustAnchor::try_from_cert_der(ca).expect("godaddy cert should parse as anchor");
79 }
80 
81 #[test]
read_root_with_neg_serial()82 fn read_root_with_neg_serial() {
83     let ca = include_bytes!("misc/serial_neg.der");
84     let _ = webpki::TrustAnchor::try_from_cert_der(ca).expect("idcat cert should parse as anchor");
85 }
86 
87 #[cfg(feature = "std")]
88 #[test]
time_constructor()89 fn time_constructor() {
90     let _ = webpki::Time::try_from(std::time::SystemTime::now()).unwrap();
91 }
92