Skip to content

Commit 6d97efa

Browse files
dishmakerdishmaker
committed
split x509-cert tests into functions
1 parent 3188c8b commit 6d97efa

File tree

2 files changed

+40
-21
lines changed

2 files changed

+40
-21
lines changed

der/src/asn1/any_custom_class.rs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -147,6 +147,9 @@ where
147147
fn decode<R: Reader<'a>>(reader: &mut R) -> Result<Self, Self::Error> {
148148
let header = Header::decode(reader)?;
149149

150+
// TODO(dishmaker): x509-cert tests fail due to read_nested:
151+
// let value = T::decode_value(reader, header)?;
152+
150153
let value = reader.read_nested(header.length, |reader| T::decode_value(reader, header))?;
151154

152155
if header.tag.is_constructed() != value.tag().is_constructed() {

x509-cert/tests/pkix_extensions.rs

Lines changed: 37 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
11
//! Certificate tests
22
#![allow(clippy::bool_assert_comparison)]
3+
use const_oid::db::rfc5280::*;
4+
use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES;
35
use const_oid::AssociatedOid;
46
use der::asn1::{Ia5StringRef, OctetString, PrintableStringRef, Utf8StringRef};
7+
use der::TagNumber;
58
use der::{Decode, Encode, ErrorKind, Length, Tag, Tagged};
69
use hex_literal::hex;
710
use x509_cert::ext::pkix::crl::dp::{DistributionPoint, ReasonFlags, Reasons};
@@ -11,9 +14,6 @@ use x509_cert::ext::Extensions;
1114
use x509_cert::name::Name;
1215
use x509_cert::{serial_number::SerialNumber, Certificate, Version};
1316

14-
use const_oid::db::rfc5280::*;
15-
use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES;
16-
1717
fn spin_over_exts(exts: &Extensions) {
1818
for ext in exts {
1919
match ext.extn_id {
@@ -840,8 +840,6 @@ fn decode_cert() {
840840

841841
#[test]
842842
fn decode_idp() {
843-
use der::TagNumber;
844-
845843
// IDP from 04A8739769B3C090A11DCDFABA3CF33F4BEF21F3.crl in PKITS 2048 in ficam-scvp-testing repo
846844
let idp = IssuingDistributionPoint::from_der(&hex!("30038201FF")).unwrap();
847845
assert_eq!(idp.only_contains_ca_certs, true);
@@ -1109,10 +1107,13 @@ fn decode_idp() {
11091107
panic!("Expected FullName")
11101108
}
11111109
}
1110+
}
11121111

1113-
//---------------------------------
1114-
// Negative tests
1115-
//---------------------------------
1112+
//---------------------------------
1113+
// Negative tests
1114+
//---------------------------------
1115+
#[test]
1116+
fn decode_idp_negative_reasonflags() {
11161117
// Value contains more than length value indicates
11171118
let reason_flags = ReasonFlags::from_der(&hex!("0302079F80"));
11181119
let err = reason_flags.err().unwrap();
@@ -1135,19 +1136,6 @@ fn decode_idp() {
11351136
err.kind()
11361137
);
11371138

1138-
// Value incomplete relative to length value
1139-
let idp =
1140-
IssuingDistributionPoint::from_der(&hex!("3067A060A05EA45C305A310B3009060355040613025553311F301D060355040A131654657374204365727469666963617465732032303137311C301A060355040B13136F6E6C79536F6D65526561736F6E7320434133310C300A0603550403130343524C8304079F80"));
1141-
let err = idp.err().unwrap();
1142-
assert_eq!(err.position().unwrap(), 103u8.into());
1143-
assert_eq!(
1144-
ErrorKind::Incomplete {
1145-
expected_len: 106u8.into(),
1146-
actual_len: 105u8.into()
1147-
},
1148-
err.kind()
1149-
);
1150-
11511139
// Truncated
11521140
let reason_flags = ReasonFlags::from_der(&hex!("0303079F"));
11531141
let err = reason_flags.err().unwrap();
@@ -1174,7 +1162,26 @@ fn decode_idp() {
11741162
},
11751163
err.kind()
11761164
);
1165+
}
1166+
1167+
#[test]
1168+
fn decode_idp_negative_incomplete() {
1169+
// Value incomplete relative to length value
1170+
let idp =
1171+
IssuingDistributionPoint::from_der(&hex!("3067A060A05EA45C305A310B3009060355040613025553311F301D060355040A131654657374204365727469666963617465732032303137311C301A060355040B13136F6E6C79536F6D65526561736F6E7320434133310C300A0603550403130343524C8304079F80"));
1172+
let err = idp.err().unwrap();
1173+
assert_eq!(err.position().unwrap(), 103u8.into());
1174+
assert_eq!(
1175+
ErrorKind::Incomplete {
1176+
expected_len: 106u8.into(),
1177+
actual_len: 105u8.into()
1178+
},
1179+
err.kind()
1180+
);
1181+
}
11771182

1183+
#[test]
1184+
fn decode_idp_negative_constructed() {
11781185
// Context specific tag that should be primitive is constructed
11791186
let idp = IssuingDistributionPoint::from_der(&hex!("3003A201FF"));
11801187
let err = idp.err().unwrap();
@@ -1187,19 +1194,28 @@ fn decode_idp() {
11871194
},
11881195
err.kind()
11891196
);
1197+
}
11901198

1199+
#[test]
1200+
fn decode_idp_negative_bool_long() {
11911201
// Boolean value is two bytes long
11921202
let idp =
11931203
IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358402FFFF"));
11941204
let err = idp.err().unwrap();
11951205
assert_eq!(ErrorKind::Length { tag: Tag::Boolean }, err.kind());
1206+
}
11961207

1208+
#[test]
1209+
fn decode_idp_negative_bool_invalid() {
11971210
// Boolean value is neither 0x00 nor 0xFF
11981211
let idp =
11991212
IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C20434135840175"));
12001213
let err = idp.err().unwrap();
12011214
assert_eq!(ErrorKind::Noncanonical { tag: Tag::Boolean }, err.kind());
1215+
}
12021216

1217+
#[test]
1218+
fn decode_idp_negative_length_rdn() {
12031219
// Length on second RDN in first name indicates more bytes than are present
12041220
let idp =
12051221
IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A13995465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF"));

0 commit comments

Comments
 (0)