Skip to content

Commit

Permalink
keytypes/asymmetric: add tests for chained certificates
Browse files Browse the repository at this point in the history
  • Loading branch information
@mathstuf
mathstuf committed Sep 27, 2020
1 parent b9a5bfb commit 48915a4
Show file tree
Hide file tree
Showing 7 changed files with 64 additions and 1 deletion.
65 changes: 64 additions & 1 deletion src/keytypes/asymmetric.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ impl RestrictableKeyType for Asymmetric {

#[cfg(test)]
mod tests {
use crate::keytypes::{AsymmetricRestriction, User};
use crate::keytypes::{Asymmetric, AsymmetricRestriction, User};
use crate::tests::utils;
use crate::KeyRestriction;

Expand Down Expand Up @@ -179,4 +179,67 @@ mod tests {
assert_eq!(restriction.restriction(), expected.as_ref());
}
}

#[test]
fn test_restrict_keyring_chain() {
let mut keyring = utils::new_test_keyring();

// Create and populate a keyring for root certificates.
let mut root = keyring.add_keyring("root-certs").unwrap();
let root1_certificate = &include_bytes!("data/ca/ca-1.root.crt.der")[..];
let root2_certificate = &include_bytes!("data/ca/ca-2.root.crt.der")[..];
root.add_key::<Asymmetric, _, _>("root1", root1_certificate)
.unwrap();
root.add_key::<Asymmetric, _, _>("root1", root2_certificate)
.unwrap();

// Create a keyring to restrict.
let mut chain = keyring.add_keyring("chain").unwrap();
let restriction = AsymmetricRestriction::Keyring {
keyring: root,
chained: true,
};
chain
.restrict_by_type::<Asymmetric, _>(restriction)
.unwrap();

// Add certificates in order.
let intermediate_a = &include_bytes!("data/ca/ca.intermediate.crt.der")[..];
chain
.add_key::<Asymmetric, _, _>("intermediate_a", intermediate_a)
.unwrap();
let intermediate_b = &include_bytes!("data/ca/intermediate.term.crt.der")[..];
chain
.add_key::<Asymmetric, _, _>("intermediate_b", intermediate_b)
.unwrap();
let terminal = &include_bytes!("data/ca/ca-1.term.crt.der")[..];
chain
.add_key::<Asymmetric, _, _>("terminal", terminal)
.unwrap();
}

#[test]
fn test_restrict_keyring_fail() {
let mut keyring = utils::new_test_keyring();

// Create and populate a keyring for root certificates.
let root = keyring.add_keyring("root-certs").unwrap();

// Create a keyring to restrict.
let mut chain = keyring.add_keyring("chain").unwrap();
let restriction = AsymmetricRestriction::Keyring {
keyring: root,
chained: true,
};
chain
.restrict_by_type::<Asymmetric, _>(restriction)
.unwrap();

// Add certificates in order.
let terminal = &include_bytes!("data/ca/self.term.crt.der")[..];
let err = chain
.add_key::<Asymmetric, _, _>("self", terminal)
.unwrap_err();
assert_eq!(err, errno::Errno(libc::EINVAL));
}
}
Binary file added src/keytypes/data/ca/ca-1.root.crt.der
View file
Binary file not shown.
Binary file added src/keytypes/data/ca/ca-1.term.crt.der
View file
Binary file not shown.
Binary file added src/keytypes/data/ca/ca-2.root.crt.der
View file
Binary file not shown.
Binary file added src/keytypes/data/ca/ca.intermediate.crt.der
View file
Binary file not shown.
Binary file added src/keytypes/data/ca/intermediate.term.crt.der
View file
Binary file not shown.
Binary file added src/keytypes/data/ca/self.term.crt.der
View file
Binary file not shown.

0 comments on commit 48915a4

Please sign in to comment.