commit 378cce758959046559c82da4cfd65dcfb68d9ca3
parent c90b3974c1be075026e343d3685e5123ac880b30
Author: Zack Newman <zack@philomathiclife.com>
Date: Thu, 20 Feb 2025 15:06:53 -0700
rust 2024
Diffstat:
11 files changed, 799 insertions(+), 123 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,31 +1,30 @@
[package]
authors = ["Zack Newman <zack@philomathiclife.com>"]
-categories = ["database"]
+categories = ["asynchronous", "database"]
description = "TLS support for tokio-postgres via tokio-rustls."
documentation = "https://docs.rs/postgres_rustls/latest/postgres_rustls/"
-edition = "2021"
+edition = "2024"
keywords = ["postgres", "rustls", "tls", "tokio"]
license = "MIT OR Apache-2.0"
name = "postgres_rustls"
readme = "README.md"
repository = "https://git.philomathiclife.com/repos/postgres_rustls/"
-rust-version = "1.84.0"
-version = "0.1.0"
+rust-version = "1.85.0"
+version = "0.1.1"
[package.metadata.docs.rs]
all-features = true
rustdoc-args = ["--cfg", "docsrs"]
[dependencies]
-rustls = { version = "0.23.22", default-features = false }
sha2 = { version = "0.10.8", default-features = false }
tokio = { version = "1.43.0", default-features = false }
tokio-postgres = { version = "0.7.13", default-features = false }
tokio-rustls = { version = "0.26.1", default-features = false }
[dev-dependencies]
-rustls = { version = "0.23.22", default-features = false, features = ["aws_lc_rs"] }
tokio = { version = "1.43.0", default-features = false, features = ["rt"] }
+tokio-rustls = { version = "0.26.1", default-features = false, features = ["ring"] }
### FEATURES #################################################################
diff --git a/README.md b/README.md
@@ -34,19 +34,20 @@ at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you,
as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
-Before any PR is sent, `cargo clippy` and `cargo t` should be run _for each possible combination of "features"_
-using stable Rust. One easy way to achieve this is by building `ci` and invoking it with no commands in the
-`postgres_rustls` directory or sub-directories. You can fetch `ci` via `git clone https://git.philomathiclife.com/repos/ci`,
-and it can be built with `cargo build --release`. Additionally,
-`RUSTDOCFLAGS="--cfg docsrs" cargo +nightly doc --all-features` should be run to ensure documentation can be built.
+Before any PR is sent, `cargo clippy` and `cargo t` should be run for both `--no-default-features` and
+`--all-features`. Additionally `RUSTDOCFLAGS="--cfg docsrs" cargo +nightly doc --all-features` should be run to
+ensure documentation can be built.
-Note that when running `cargo t` you will need to make sure PostgreSQL is set up properly. You will likely need
-to modify some of the test data like username to run the tests.
+Note when running `cargo t` for the `ignored` tests, you will need to make sure PostgreSQL is set up properly. You
+will need to modify some of the files in `test_data/`. See
+[`test_data/README.md`](https://git.philomathiclife.com/postgres_rustls/file/test_data/README.md) for more
+information.
### Status
-This package is actively maintained and will conform to the
-[latest version of `tokio-postgres`](https://crates.io/crates/tokio-postgres).
+This package is actively maintained and will conform to the latest versions of
+[`tokio-postgres`](https://crates.io/crates/tokio-postgres) and
+[`tokio-rustls`](https://crates.io/crates/tokio-rustls).
The crate is only tested on `x86_64-unknown-linux-gnu` and `x86_64-unknown-openbsd` targets, but it should work
on most platforms.
diff --git a/src/lib.rs b/src/lib.rs
@@ -4,7 +4,7 @@
//! [crates-io]: https://img.shields.io/badge/crates.io-fc8d62?style=for-the-badge&labelColor=555555&logo=rust
//! [docs-rs]: https://img.shields.io/badge/docs.rs-66c2a5?style=for-the-badge&labelColor=555555&logo=docs.rs
//!
-//! `postgres_rustls` is a library that adds TLS support to [`tokio_postgres`] based on [`tokio_rustls`].
+//! `postgres_rustls` is a library that adds TLS support to [`tokio_postgres`] using [`tokio_rustls`].
#![cfg_attr(docsrs, feature(doc_cfg))]
#![deny(
unknown_lints,
@@ -45,20 +45,23 @@ use core::{
pin::Pin,
task::{Context, Poll},
};
-use rustls::{
- pki_types::{InvalidDnsNameError, ServerName},
- ClientConfig,
-};
use sha2::{
- digest::{generic_array::GenericArray, Digest as _, OutputSizeUser},
Sha224, Sha256, Sha384, Sha512,
+ digest::{Digest as _, OutputSizeUser, generic_array::GenericArray},
};
use std::io::{self, IoSlice};
use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
#[cfg(feature = "runtime")]
use tokio_postgres::tls::MakeTlsConnect;
use tokio_postgres::tls::{ChannelBinding, TlsConnect as PgTlsConnect, TlsStream as PgTlsStream};
-use tokio_rustls::{self, client::TlsStream as RustlsStream, Connect};
+use tokio_rustls::{
+ self, Connect,
+ client::TlsStream as RustlsStream,
+ rustls::{
+ ClientConfig,
+ pki_types::{InvalidDnsNameError, ServerName},
+ },
+};
/// Hash for the leaf certificate provided by the PostgreSQL server.
#[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")]
enum Hash {
@@ -109,6 +112,9 @@ impl Hash {
/// * sha1WithRSAEncryption
///
/// More may be added; but for ones that require additional dependencies, they will be hidden behind a feature.
+ /// Additionally new ones must be supported by PostgreSQL, `tokio-postgres`, and `rustls`. For example,
+ /// PostgreSQL does not support Ed25519 certificates; however we add support for this since it does not require
+ /// additional dependencies.
//
// [RFC 5280 § 4.1](https://www.rfc-editor.org/rfc/rfc5280#section-4.1) describes the ASN.1 format
// of an X.509 v3 Certificate:
@@ -135,6 +141,7 @@ impl Hash {
reason = "comments justify their correctness"
)]
#[expect(clippy::too_many_lines, reason = "inflated by the const slices")]
+ #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")]
fn from_der_cert(cert: &[u8]) -> Option<Self> {
/// [RFC 8410 § 9](https://www.rfc-editor.org/rfc/rfc8410#section-9)
/// defines id-Ed25519 as 1.3.101.112. This is encoded as below per X.690 § 8.19.
@@ -426,6 +433,8 @@ impl<S: AsyncRead + AsyncWrite + Unpin> PgTlsStream for TlsStream<S> {
/// Note it is strongly recommended that TLS 1.3 be used; thus while signature algorithms that are not
/// part of TLS 1.3 are supported, you should avoid them.
/// See [RFC 9266 § 4.2](https://www.rfc-editor.org/rfc/rfc9266#section-4.2).
+ /// Additionally some of the supported signature algorithms may not be supported by PostgreSQL
+ /// (e.g., id-Ed25519).
#[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")]
#[inline]
fn channel_binding(&self) -> ChannelBinding {
@@ -448,10 +457,7 @@ impl<S: AsyncRead + AsyncWrite + Unpin> Future for TlsConnectorFuture<S> {
type Output = io::Result<TlsStream<S>>;
#[inline]
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
- match Pin::new(&mut self.0).poll(cx) {
- Poll::Ready(res) => Poll::Ready(res.map(TlsStream)),
- Poll::Pending => Poll::Pending,
- }
+ Pin::new(&mut self.0).poll(cx).map_ok(TlsStream)
}
}
/// Connects to the PostgreSQL server.
@@ -536,95 +542,670 @@ mod tests {
net::{IpAddr, Ipv6Addr},
time::Duration,
};
+ use sha2::{Digest as _, Sha224, Sha256, Sha384, Sha512};
#[cfg(feature = "runtime")]
- use rustls::{pki_types::CertificateDer, version::TLS13, ClientConfig, RootCertStore};
- #[cfg(feature = "runtime")]
- use std::io::Error;
+ use std::{fs, io::Error};
#[cfg(feature = "runtime")]
use tokio::runtime::Builder;
#[cfg(feature = "runtime")]
use tokio_postgres::{
- config::{ChannelBinding, LoadBalanceHosts, SslMode, TargetSessionAttrs},
Config,
+ config::{ChannelBinding, LoadBalanceHosts, SslMode, TargetSessionAttrs},
};
- /// [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.der).
- const ISRG_ROOT_X1: &[u8; 1391] = &[
- 48, 130, 5, 107, 48, 130, 3, 83, 160, 3, 2, 1, 2, 2, 17, 0, 130, 16, 207, 176, 210, 64,
- 227, 89, 68, 99, 224, 187, 99, 130, 139, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1,
- 11, 5, 0, 48, 79, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 41, 48, 39, 6, 3, 85,
- 4, 10, 19, 32, 73, 110, 116, 101, 114, 110, 101, 116, 32, 83, 101, 99, 117, 114, 105, 116,
- 121, 32, 82, 101, 115, 101, 97, 114, 99, 104, 32, 71, 114, 111, 117, 112, 49, 21, 48, 19,
- 6, 3, 85, 4, 3, 19, 12, 73, 83, 82, 71, 32, 82, 111, 111, 116, 32, 88, 49, 48, 30, 23, 13,
- 49, 53, 48, 54, 48, 52, 49, 49, 48, 52, 51, 56, 90, 23, 13, 51, 53, 48, 54, 48, 52, 49, 49,
- 48, 52, 51, 56, 90, 48, 79, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 41, 48, 39,
- 6, 3, 85, 4, 10, 19, 32, 73, 110, 116, 101, 114, 110, 101, 116, 32, 83, 101, 99, 117, 114,
- 105, 116, 121, 32, 82, 101, 115, 101, 97, 114, 99, 104, 32, 71, 114, 111, 117, 112, 49, 21,
- 48, 19, 6, 3, 85, 4, 3, 19, 12, 73, 83, 82, 71, 32, 82, 111, 111, 116, 32, 88, 49, 48, 130,
- 2, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 2, 15, 0, 48, 130,
- 2, 10, 2, 130, 2, 1, 0, 173, 232, 36, 115, 244, 20, 55, 243, 155, 158, 43, 87, 40, 28, 135,
- 190, 220, 183, 223, 56, 144, 140, 110, 60, 230, 87, 160, 120, 247, 117, 194, 162, 254, 245,
- 106, 110, 246, 0, 79, 40, 219, 222, 104, 134, 108, 68, 147, 182, 177, 99, 253, 20, 18, 107,
- 191, 31, 210, 234, 49, 155, 33, 126, 209, 51, 60, 186, 72, 245, 221, 121, 223, 179, 184,
- 255, 18, 241, 33, 154, 75, 193, 138, 134, 113, 105, 74, 102, 102, 108, 143, 126, 60, 112,
- 191, 173, 41, 34, 6, 243, 228, 192, 230, 128, 174, 226, 75, 143, 183, 153, 126, 148, 3,
- 159, 211, 71, 151, 124, 153, 72, 35, 83, 232, 56, 174, 79, 10, 111, 131, 46, 209, 73, 87,
- 140, 128, 116, 182, 218, 47, 208, 56, 141, 123, 3, 112, 33, 27, 117, 242, 48, 60, 250, 143,
- 174, 221, 218, 99, 171, 235, 22, 79, 194, 142, 17, 75, 126, 207, 11, 232, 255, 181, 119,
- 46, 244, 178, 123, 74, 224, 76, 18, 37, 12, 112, 141, 3, 41, 160, 225, 83, 36, 236, 19,
- 217, 238, 25, 191, 16, 179, 74, 140, 63, 137, 163, 97, 81, 222, 172, 135, 7, 148, 244, 99,
- 113, 236, 46, 226, 111, 91, 152, 129, 225, 137, 92, 52, 121, 108, 118, 239, 59, 144, 98,
- 121, 230, 219, 164, 154, 47, 38, 197, 208, 16, 225, 14, 222, 217, 16, 142, 22, 251, 183,
- 247, 168, 247, 199, 229, 2, 7, 152, 143, 54, 8, 149, 231, 226, 55, 150, 13, 54, 117, 158,
- 251, 14, 114, 177, 29, 155, 188, 3, 249, 73, 5, 216, 129, 221, 5, 180, 42, 214, 65, 233,
- 172, 1, 118, 149, 10, 15, 216, 223, 213, 189, 18, 31, 53, 47, 40, 23, 108, 210, 152, 193,
- 168, 9, 100, 119, 110, 71, 55, 186, 206, 172, 89, 94, 104, 157, 127, 114, 214, 137, 197, 6,
- 65, 41, 62, 89, 62, 221, 38, 245, 36, 201, 17, 167, 90, 163, 76, 64, 31, 70, 161, 153, 181,
- 167, 58, 81, 110, 134, 59, 158, 125, 114, 167, 18, 5, 120, 89, 237, 62, 81, 120, 21, 11, 3,
- 143, 141, 208, 47, 5, 178, 62, 123, 74, 28, 75, 115, 5, 18, 252, 198, 234, 224, 80, 19,
- 124, 67, 147, 116, 179, 202, 116, 231, 142, 31, 1, 8, 208, 48, 212, 91, 113, 54, 180, 7,
- 186, 193, 48, 48, 92, 72, 183, 130, 59, 152, 166, 125, 96, 138, 162, 163, 41, 130, 204,
- 186, 189, 131, 4, 27, 162, 131, 3, 65, 161, 214, 5, 241, 27, 194, 182, 240, 168, 124, 134,
- 59, 70, 168, 72, 42, 136, 220, 118, 154, 118, 191, 31, 106, 165, 61, 25, 143, 235, 56, 243,
- 100, 222, 200, 43, 13, 10, 40, 255, 247, 219, 226, 21, 66, 212, 34, 208, 39, 93, 225, 121,
- 254, 24, 231, 112, 136, 173, 78, 230, 217, 139, 58, 198, 221, 39, 81, 110, 255, 188, 100,
- 245, 51, 67, 79, 2, 3, 1, 0, 1, 163, 66, 48, 64, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4,
- 3, 2, 1, 6, 48, 15, 6, 3, 85, 29, 19, 1, 1, 255, 4, 5, 48, 3, 1, 1, 255, 48, 29, 6, 3, 85,
- 29, 14, 4, 22, 4, 20, 121, 180, 89, 230, 123, 182, 229, 228, 1, 115, 128, 8, 136, 200, 26,
- 88, 246, 233, 155, 110, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, 130, 2,
- 1, 0, 85, 31, 88, 169, 188, 178, 168, 80, 208, 12, 177, 216, 26, 105, 32, 39, 41, 8, 172,
- 97, 117, 92, 138, 110, 248, 130, 229, 105, 47, 213, 246, 86, 75, 185, 184, 115, 16, 89,
- 211, 33, 151, 126, 231, 76, 113, 251, 178, 210, 96, 173, 57, 168, 11, 234, 23, 33, 86, 133,
- 241, 80, 14, 89, 235, 206, 224, 89, 233, 186, 201, 21, 239, 134, 157, 143, 132, 128, 246,
- 228, 233, 145, 144, 220, 23, 155, 98, 27, 69, 240, 102, 149, 210, 124, 111, 194, 234, 59,
- 239, 31, 207, 203, 214, 174, 39, 241, 169, 176, 200, 174, 253, 125, 126, 154, 250, 34, 4,
- 235, 255, 217, 127, 234, 145, 43, 34, 177, 23, 14, 143, 242, 138, 52, 91, 88, 216, 252, 1,
- 201, 84, 185, 184, 38, 204, 138, 136, 51, 137, 76, 45, 132, 60, 130, 223, 238, 150, 87, 5,
- 186, 44, 187, 247, 196, 183, 199, 78, 59, 130, 190, 49, 200, 34, 115, 115, 146, 209, 194,
- 128, 164, 57, 57, 16, 51, 35, 130, 76, 60, 159, 134, 178, 85, 152, 29, 190, 41, 134, 140,
- 34, 155, 158, 226, 107, 59, 87, 58, 130, 112, 77, 220, 9, 199, 137, 203, 10, 7, 77, 108,
- 232, 93, 142, 201, 239, 206, 171, 199, 187, 181, 43, 78, 69, 214, 74, 208, 38, 204, 229,
- 114, 202, 8, 106, 165, 149, 227, 21, 161, 247, 164, 237, 201, 44, 95, 165, 251, 255, 172,
- 40, 2, 46, 190, 215, 123, 187, 227, 113, 123, 144, 22, 211, 7, 94, 70, 83, 124, 55, 7, 66,
- 140, 211, 196, 150, 156, 213, 153, 181, 42, 224, 149, 26, 128, 72, 174, 76, 57, 7, 206,
- 204, 71, 164, 82, 149, 43, 186, 184, 251, 173, 210, 51, 83, 125, 229, 29, 77, 109, 213,
- 161, 177, 199, 66, 111, 230, 64, 39, 53, 92, 163, 40, 183, 7, 141, 231, 141, 51, 144, 231,
- 35, 159, 251, 80, 156, 121, 108, 70, 213, 180, 21, 179, 150, 110, 126, 155, 12, 150, 58,
- 184, 82, 45, 63, 214, 91, 225, 251, 8, 194, 132, 254, 36, 168, 163, 137, 218, 172, 106,
- 225, 24, 42, 177, 168, 67, 97, 91, 211, 31, 220, 59, 141, 118, 242, 45, 232, 141, 117, 223,
- 23, 51, 108, 61, 83, 251, 123, 203, 65, 95, 255, 220, 162, 208, 97, 56, 225, 150, 184, 172,
- 93, 139, 55, 215, 117, 213, 51, 192, 153, 17, 174, 157, 65, 193, 114, 117, 132, 190, 2, 65,
- 66, 95, 103, 36, 72, 148, 209, 155, 39, 190, 7, 63, 185, 184, 79, 129, 116, 81, 225, 122,
- 183, 237, 157, 35, 226, 190, 224, 213, 40, 4, 19, 60, 49, 3, 158, 221, 122, 108, 143, 198,
- 7, 24, 198, 127, 222, 71, 142, 63, 40, 158, 4, 6, 207, 165, 84, 52, 119, 189, 236, 137,
- 155, 233, 23, 67, 223, 91, 219, 95, 254, 142, 30, 87, 162, 205, 64, 157, 126, 98, 34, 218,
- 222, 24, 39,
- ];
+ #[cfg(feature = "runtime")]
+ use tokio_rustls::rustls::{
+ self, ClientConfig, RootCertStore,
+ pki_types::{
+ CertificateDer, PrivateKeyDer,
+ pem::{Error as PemErr, PemObject as _},
+ },
+ version::TLS13,
+ };
+ #[test]
+ fn test_parse_ed25519() {
+ /// Certificate that uses Ed25519.
+ const CERT: &[u8] = [
+ 48, 130, 1, 125, 48, 130, 1, 47, 160, 3, 2, 1, 2, 2, 1, 29, 48, 5, 6, 3, 43, 101, 112,
+ 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 6, 3, 85, 4, 10,
+ 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 82, 111,
+ 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 52, 56, 48, 53, 90, 23, 13,
+ 50, 53, 48, 51, 49, 54, 48, 48, 52, 56, 48, 53, 90, 48, 43, 49, 11, 48, 9, 6, 3, 85, 4,
+ 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 116, 49, 13,
+ 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 42, 48, 5, 6, 3, 43, 101, 112, 3,
+ 33, 0, 142, 168, 95, 146, 122, 142, 177, 52, 239, 161, 27, 41, 80, 58, 167, 248, 211,
+ 181, 154, 201, 26, 195, 207, 27, 132, 228, 110, 149, 95, 212, 44, 202, 163, 117, 48,
+ 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 238, 12, 127, 172, 94, 237, 69, 62, 240,
+ 99, 1, 2, 35, 161, 201, 129, 19, 85, 0, 227, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2,
+ 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 37, 1, 1,
+ 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48,
+ 22, 128, 20, 199, 177, 144, 22, 54, 182, 183, 202, 234, 246, 98, 108, 85, 32, 30, 132,
+ 146, 221, 218, 80, 48, 5, 6, 3, 43, 101, 112, 3, 65, 0, 133, 253, 192, 202, 50, 167,
+ 57, 5, 246, 17, 58, 232, 188, 41, 147, 232, 35, 206, 147, 181, 0, 139, 95, 3, 24, 139,
+ 17, 102, 113, 186, 146, 163, 97, 157, 255, 50, 193, 230, 159, 170, 218, 35, 56, 99, 89,
+ 251, 173, 97, 106, 15, 52, 71, 209, 69, 109, 216, 140, 235, 37, 23, 185, 173, 215, 0,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_ecdsa_sha256() {
+ /// Certificate that uses ECDSA with SHA-256.
+ const CERT: &[u8] = [
+ 48, 130, 1, 189, 48, 130, 1, 99, 160, 3, 2, 1, 2, 2, 1, 27, 48, 10, 6, 8, 42, 134, 72,
+ 206, 61, 4, 3, 2, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14,
+ 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3,
+ 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 52, 49, 51,
+ 48, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 52, 49, 51, 48, 90, 48, 43, 49, 11, 48,
+ 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115,
+ 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 89, 48, 19, 6, 7,
+ 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 195, 27,
+ 22, 133, 220, 98, 146, 255, 201, 209, 114, 117, 93, 119, 207, 46, 228, 132, 210, 187,
+ 134, 197, 201, 194, 147, 51, 111, 17, 187, 179, 129, 180, 129, 62, 164, 27, 199, 95,
+ 59, 16, 167, 134, 233, 53, 127, 194, 187, 144, 193, 106, 100, 37, 104, 219, 164, 155,
+ 58, 210, 106, 12, 192, 247, 72, 183, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4,
+ 22, 4, 20, 84, 214, 179, 28, 250, 191, 223, 88, 72, 221, 229, 63, 123, 177, 146, 167,
+ 224, 18, 24, 0, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29,
+ 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43,
+ 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 43, 80, 133,
+ 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123, 149, 250, 100, 138, 233, 225, 48, 10,
+ 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 32, 107, 43, 12, 27, 111,
+ 216, 19, 191, 199, 1, 202, 22, 147, 43, 16, 188, 36, 156, 141, 80, 115, 124, 160, 211,
+ 19, 123, 41, 216, 94, 19, 236, 0, 2, 33, 0, 164, 138, 200, 40, 159, 245, 38, 70, 207,
+ 160, 121, 19, 56, 240, 18, 222, 191, 196, 217, 129, 24, 92, 238, 43, 39, 29, 57, 85,
+ 56, 11, 178, 88,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_ecdsa_sha384() {
+ /// Certificate that uses ECDSA with SHA-384.
+ const CERT: &[u8] = [
+ 48, 130, 1, 218, 48, 130, 1, 128, 160, 3, 2, 1, 2, 2, 1, 25, 48, 10, 6, 8, 42, 134, 72,
+ 206, 61, 4, 3, 3, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14,
+ 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3,
+ 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 51, 57, 51,
+ 55, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 51, 57, 51, 55, 90, 48, 43, 49, 11, 48,
+ 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115,
+ 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 118, 48, 16, 6, 7,
+ 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 246, 106, 156, 228,
+ 83, 166, 254, 62, 196, 22, 127, 171, 204, 182, 154, 182, 253, 35, 95, 120, 253, 231,
+ 78, 20, 146, 203, 186, 201, 147, 48, 197, 96, 195, 202, 5, 235, 201, 168, 28, 117, 62,
+ 47, 121, 211, 58, 67, 32, 96, 129, 15, 215, 172, 135, 222, 180, 101, 196, 18, 41, 107,
+ 6, 161, 172, 183, 217, 106, 227, 24, 140, 13, 145, 245, 137, 185, 4, 78, 210, 56, 235,
+ 159, 203, 241, 203, 239, 39, 90, 98, 227, 215, 221, 119, 65, 47, 68, 2, 200, 163, 117,
+ 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 88, 91, 22, 70, 200, 54, 182, 100,
+ 191, 186, 73, 152, 174, 87, 56, 64, 26, 173, 27, 43, 48, 12, 6, 3, 85, 29, 19, 1, 1,
+ 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29,
+ 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35,
+ 4, 24, 48, 22, 128, 20, 43, 80, 133, 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123,
+ 149, 250, 100, 138, 233, 225, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 3, 72, 0,
+ 48, 69, 2, 33, 0, 210, 47, 45, 107, 132, 43, 161, 65, 132, 15, 148, 184, 203, 125, 234,
+ 232, 111, 216, 238, 113, 187, 201, 114, 177, 218, 234, 201, 126, 204, 118, 80, 225, 2,
+ 32, 67, 111, 72, 96, 182, 167, 191, 130, 118, 105, 253, 133, 58, 38, 65, 112, 234, 3,
+ 23, 77, 182, 0, 195, 80, 181, 65, 76, 243, 4, 145, 200, 255,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha384(ref hash) => *hash == Sha384::digest(CERT),
+ _ => false,
+ }),);
+ }
#[test]
- fn test_parse() {
- assert!(
- Hash::from_der_cert(ISRG_ROOT_X1).map_or(false, |hash| matches!(hash, Hash::Sha256(_))),
- "postgres_rustls::Hash::from_der_cert could not extract the signature algorithm from ISRG Root X1"
- );
+ fn test_parse_ecdsa_sha512() {
+ /// Certificate that uses ECDSA with SHA-512.
+ const CERT: &[u8] = [
+ 48, 130, 2, 1, 48, 130, 1, 166, 160, 3, 2, 1, 2, 2, 1, 24, 48, 10, 6, 8, 42, 134, 72,
+ 206, 61, 4, 3, 4, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14,
+ 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3,
+ 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 51, 56, 51,
+ 54, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 51, 56, 51, 54, 90, 48, 43, 49, 11, 48,
+ 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115,
+ 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 129, 155, 48, 16, 6,
+ 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 35, 3, 129, 134, 0, 4, 1, 86, 143,
+ 210, 217, 20, 143, 103, 172, 34, 97, 62, 173, 15, 43, 199, 93, 220, 81, 75, 137, 219,
+ 111, 217, 127, 6, 8, 115, 160, 121, 146, 138, 64, 110, 14, 193, 98, 164, 226, 208, 89,
+ 120, 108, 30, 107, 77, 194, 63, 41, 112, 173, 112, 44, 85, 54, 155, 168, 189, 235, 129,
+ 214, 104, 152, 198, 252, 62, 1, 87, 193, 205, 162, 152, 15, 26, 111, 231, 183, 106,
+ 145, 29, 251, 188, 148, 239, 192, 53, 186, 34, 13, 104, 231, 85, 127, 17, 67, 54, 116,
+ 232, 85, 23, 143, 68, 171, 30, 25, 155, 201, 171, 106, 89, 20, 234, 12, 192, 68, 102,
+ 166, 50, 246, 130, 117, 62, 222, 142, 98, 62, 43, 9, 109, 74, 138, 180, 163, 117, 48,
+ 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 148, 160, 104, 250, 171, 155, 48, 171, 13,
+ 164, 221, 144, 240, 194, 250, 9, 183, 72, 158, 141, 48, 12, 6, 3, 85, 29, 19, 1, 1,
+ 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29,
+ 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35,
+ 4, 24, 48, 22, 128, 20, 43, 80, 133, 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123,
+ 149, 250, 100, 138, 233, 225, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 4, 3, 73, 0,
+ 48, 70, 2, 33, 0, 179, 24, 50, 50, 127, 141, 167, 197, 29, 35, 234, 81, 215, 112, 233,
+ 218, 84, 151, 136, 117, 40, 106, 164, 156, 205, 75, 6, 133, 64, 52, 161, 116, 2, 33, 0,
+ 141, 178, 46, 201, 22, 126, 42, 84, 96, 191, 175, 219, 140, 72, 252, 6, 152, 112, 113,
+ 232, 38, 101, 11, 215, 20, 143, 22, 199, 38, 237, 179, 108,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha512(ref hash) => *hash == Sha512::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_ecdsa_sha224() {
+ /// Certificate that uses ECDSA with SHA-224.
+ const CERT: &[u8] = [
+ 48, 130, 1, 178, 48, 130, 1, 88, 160, 3, 2, 1, 2, 2, 1, 28, 48, 10, 6, 8, 42, 134, 72,
+ 206, 61, 4, 3, 1, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14,
+ 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3,
+ 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 52, 50, 49,
+ 52, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 52, 50, 49, 52, 90, 48, 43, 49, 11, 48,
+ 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115,
+ 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 78, 48, 16, 6, 7,
+ 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 33, 3, 58, 0, 4, 235, 241, 149, 78,
+ 60, 248, 123, 132, 195, 228, 188, 151, 240, 28, 76, 198, 207, 121, 165, 126, 245, 158,
+ 214, 232, 69, 198, 114, 117, 86, 137, 15, 86, 40, 171, 27, 36, 8, 43, 190, 138, 193,
+ 136, 118, 43, 29, 119, 182, 21, 14, 123, 110, 81, 81, 72, 44, 195, 163, 117, 48, 115,
+ 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 203, 141, 20, 54, 48, 176, 180, 57, 46, 1, 91,
+ 221, 116, 154, 205, 81, 187, 184, 24, 211, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2,
+ 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 37, 1, 1,
+ 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48,
+ 22, 128, 20, 43, 80, 133, 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123, 149, 250,
+ 100, 138, 233, 225, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 1, 3, 72, 0, 48, 69, 2,
+ 32, 64, 186, 179, 226, 82, 176, 87, 158, 166, 22, 31, 27, 19, 190, 112, 167, 241, 159,
+ 33, 198, 60, 70, 68, 120, 19, 63, 33, 244, 236, 240, 216, 181, 2, 33, 0, 252, 183, 115,
+ 52, 189, 151, 44, 178, 62, 209, 159, 31, 154, 152, 69, 189, 121, 148, 57, 231, 27, 22,
+ 165, 212, 65, 202, 124, 15, 53, 150, 93, 183,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha224(ref hash) => *hash == Sha224::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_rsa_sha256() {
+ /// Certificate that uses RSA with SHA-256.
+ const CERT: &[u8] = [
+ 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 31, 48, 13, 6, 9, 42, 134, 72,
+ 134, 247, 13, 1, 1, 11, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49,
+ 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6,
+ 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49,
+ 48, 51, 48, 53, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 51, 48, 53, 90, 48, 43,
+ 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4,
+ 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130,
+ 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48,
+ 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197,
+ 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214,
+ 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42,
+ 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83,
+ 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8,
+ 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227,
+ 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80,
+ 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230,
+ 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169,
+ 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159,
+ 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200,
+ 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208,
+ 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252,
+ 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0,
+ 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5,
+ 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1,
+ 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247,
+ 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1,
+ 11, 5, 0, 3, 130, 1, 1, 0, 28, 109, 109, 197, 99, 197, 36, 180, 154, 215, 173, 215, 24,
+ 94, 47, 218, 147, 163, 179, 123, 248, 3, 144, 109, 173, 207, 49, 113, 249, 188, 31,
+ 178, 16, 88, 88, 56, 11, 86, 127, 193, 23, 165, 65, 190, 84, 170, 156, 190, 52, 87,
+ 119, 213, 106, 184, 11, 204, 151, 148, 205, 100, 233, 46, 170, 45, 161, 100, 58, 46,
+ 105, 25, 150, 78, 146, 41, 100, 125, 203, 214, 238, 104, 251, 25, 183, 66, 102, 241,
+ 110, 56, 55, 205, 122, 234, 205, 90, 91, 247, 143, 129, 217, 6, 190, 120, 18, 190, 11,
+ 121, 207, 142, 170, 57, 236, 243, 113, 53, 167, 188, 26, 134, 175, 107, 195, 48, 119,
+ 78, 117, 157, 104, 247, 65, 122, 153, 234, 166, 88, 142, 228, 25, 120, 243, 51, 111, 8,
+ 43, 199, 255, 162, 186, 18, 64, 54, 96, 44, 138, 144, 237, 89, 176, 189, 245, 194, 96,
+ 232, 196, 0, 50, 51, 98, 32, 163, 177, 130, 113, 41, 116, 33, 40, 190, 111, 79, 108,
+ 107, 159, 65, 87, 222, 173, 170, 39, 29, 97, 240, 107, 130, 101, 247, 123, 85, 123,
+ 247, 221, 89, 159, 114, 157, 35, 153, 22, 127, 149, 224, 158, 236, 4, 137, 193, 135,
+ 136, 97, 222, 83, 232, 205, 148, 127, 139, 78, 220, 10, 183, 139, 205, 190, 181, 36,
+ 61, 155, 88, 163, 50, 120, 153, 41, 182, 75, 219, 95, 25, 40, 229, 106, 87, 215, 77,
+ 50, 219, 97,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_rsa_sha384() {
+ /// Certificate that uses RSA with SHA-384.
+ const CERT: &[u8] = [
+ 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 32, 48, 13, 6, 9, 42, 134, 72,
+ 134, 247, 13, 1, 1, 12, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49,
+ 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6,
+ 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49,
+ 48, 53, 52, 54, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 53, 52, 54, 90, 48, 43,
+ 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4,
+ 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130,
+ 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48,
+ 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197,
+ 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214,
+ 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42,
+ 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83,
+ 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8,
+ 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227,
+ 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80,
+ 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230,
+ 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169,
+ 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159,
+ 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200,
+ 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208,
+ 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252,
+ 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0,
+ 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5,
+ 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1,
+ 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247,
+ 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1,
+ 12, 5, 0, 3, 130, 1, 1, 0, 135, 249, 101, 184, 225, 162, 164, 193, 23, 81, 98, 221,
+ 134, 87, 34, 94, 229, 131, 221, 17, 38, 61, 156, 200, 113, 94, 244, 188, 226, 84, 74,
+ 96, 205, 237, 230, 242, 168, 238, 178, 133, 68, 188, 80, 244, 60, 42, 169, 54, 66, 79,
+ 104, 66, 251, 27, 240, 108, 16, 46, 175, 62, 240, 194, 7, 181, 238, 211, 118, 149, 150,
+ 46, 97, 39, 28, 173, 225, 49, 73, 206, 147, 101, 12, 192, 218, 119, 208, 73, 20, 208,
+ 229, 216, 133, 213, 28, 165, 70, 20, 158, 114, 223, 40, 121, 13, 236, 218, 165, 237,
+ 164, 196, 94, 80, 120, 49, 212, 241, 213, 197, 201, 104, 67, 223, 130, 148, 197, 251,
+ 199, 167, 6, 89, 146, 139, 141, 32, 78, 72, 190, 146, 94, 251, 208, 47, 118, 173, 111,
+ 92, 241, 102, 26, 233, 145, 46, 220, 230, 5, 147, 220, 92, 240, 133, 24, 192, 71, 49,
+ 252, 84, 163, 132, 34, 139, 12, 106, 4, 189, 151, 37, 34, 123, 26, 42, 84, 46, 232, 14,
+ 129, 101, 84, 26, 25, 219, 11, 115, 214, 106, 12, 75, 199, 248, 218, 239, 209, 32, 159,
+ 40, 192, 11, 2, 175, 51, 232, 20, 8, 72, 188, 184, 177, 22, 251, 238, 42, 74, 21, 25,
+ 93, 77, 184, 5, 207, 101, 98, 60, 214, 173, 169, 56, 54, 211, 167, 55, 34, 14, 184, 25,
+ 4, 170, 108, 94, 110, 27, 45, 11, 22, 61, 130, 63, 214, 168, 72,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha384(ref hash) => *hash == Sha384::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_rsa_sha512() {
+ /// Certificate that uses RSA with SHA-512.
+ const CERT: &[u8] = [
+ 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 33, 48, 13, 6, 9, 42, 134, 72,
+ 134, 247, 13, 1, 1, 13, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49,
+ 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6,
+ 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49,
+ 48, 54, 52, 53, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 54, 52, 53, 90, 48, 43,
+ 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4,
+ 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130,
+ 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48,
+ 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197,
+ 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214,
+ 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42,
+ 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83,
+ 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8,
+ 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227,
+ 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80,
+ 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230,
+ 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169,
+ 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159,
+ 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200,
+ 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208,
+ 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252,
+ 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0,
+ 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5,
+ 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1,
+ 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247,
+ 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1,
+ 13, 5, 0, 3, 130, 1, 1, 0, 106, 7, 136, 82, 232, 55, 0, 98, 9, 211, 201, 57, 239, 67,
+ 167, 139, 225, 164, 231, 255, 10, 52, 47, 234, 254, 75, 239, 241, 39, 6, 226, 209, 210,
+ 169, 200, 32, 255, 83, 159, 23, 146, 9, 109, 173, 236, 216, 253, 199, 229, 23, 227, 33,
+ 56, 98, 109, 59, 2, 167, 29, 118, 251, 82, 193, 39, 244, 191, 166, 194, 160, 105, 197,
+ 190, 213, 141, 193, 50, 45, 245, 163, 229, 116, 221, 29, 194, 91, 198, 187, 21, 224,
+ 95, 17, 203, 148, 160, 4, 15, 54, 249, 69, 12, 18, 25, 58, 190, 205, 44, 157, 184, 1,
+ 25, 64, 219, 237, 196, 33, 101, 255, 146, 232, 112, 247, 214, 174, 252, 152, 146, 142,
+ 231, 81, 35, 240, 216, 98, 136, 65, 179, 237, 207, 229, 198, 72, 175, 244, 31, 126,
+ 106, 107, 100, 200, 81, 227, 41, 61, 26, 122, 226, 121, 219, 131, 212, 206, 238, 14,
+ 210, 70, 60, 107, 115, 214, 67, 180, 133, 157, 114, 138, 63, 249, 71, 235, 41, 246, 14,
+ 14, 4, 254, 208, 215, 111, 196, 248, 117, 61, 44, 67, 185, 11, 132, 10, 188, 220, 110,
+ 78, 61, 171, 88, 172, 161, 1, 223, 52, 75, 101, 55, 249, 125, 178, 141, 127, 0, 246,
+ 176, 34, 120, 93, 214, 37, 210, 148, 217, 149, 255, 63, 32, 58, 8, 71, 179, 62, 119,
+ 14, 47, 191, 207, 137, 22, 255, 21, 71, 46, 42, 176, 31, 206, 146, 248, 105,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha512(ref hash) => *hash == Sha512::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_rsa_sha224() {
+ /// Certificate that uses RSA with SHA-224.
+ const CERT: &[u8] = [
+ 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 30, 48, 13, 6, 9, 42, 134, 72,
+ 134, 247, 13, 1, 1, 14, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49,
+ 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6,
+ 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48,
+ 53, 57, 50, 56, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 53, 57, 50, 56, 90, 48, 43,
+ 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4,
+ 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130,
+ 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48,
+ 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197,
+ 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214,
+ 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42,
+ 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83,
+ 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8,
+ 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227,
+ 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80,
+ 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230,
+ 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169,
+ 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159,
+ 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200,
+ 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208,
+ 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252,
+ 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0,
+ 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5,
+ 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1,
+ 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247,
+ 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1,
+ 14, 5, 0, 3, 130, 1, 1, 0, 122, 121, 0, 201, 250, 195, 66, 213, 60, 117, 213, 188, 93,
+ 193, 88, 130, 241, 219, 111, 238, 109, 38, 220, 131, 164, 12, 135, 169, 58, 140, 214,
+ 211, 93, 51, 204, 242, 10, 119, 123, 23, 69, 67, 135, 151, 245, 23, 144, 61, 233, 229,
+ 122, 189, 111, 89, 190, 100, 251, 86, 185, 246, 40, 121, 190, 192, 199, 119, 232, 209,
+ 202, 23, 20, 46, 48, 235, 175, 240, 225, 106, 6, 24, 239, 172, 51, 196, 63, 189, 210,
+ 167, 244, 87, 245, 193, 130, 33, 171, 165, 117, 180, 25, 250, 21, 6, 208, 124, 254, 64,
+ 180, 50, 124, 234, 179, 121, 183, 0, 71, 118, 28, 115, 86, 117, 60, 96, 164, 33, 54, 1,
+ 86, 234, 132, 146, 156, 221, 52, 28, 39, 237, 128, 75, 157, 169, 203, 26, 48, 74, 4,
+ 129, 162, 139, 235, 16, 74, 236, 151, 0, 150, 234, 246, 204, 180, 240, 31, 92, 129, 51,
+ 221, 118, 10, 192, 140, 32, 33, 21, 223, 113, 35, 86, 47, 236, 159, 252, 52, 185, 41,
+ 151, 56, 126, 251, 165, 126, 214, 27, 213, 169, 211, 174, 26, 55, 21, 11, 187, 189, 96,
+ 67, 141, 124, 178, 51, 37, 80, 17, 220, 210, 193, 243, 127, 46, 82, 75, 172, 187, 156,
+ 222, 186, 3, 13, 194, 104, 234, 131, 96, 99, 34, 1, 61, 149, 219, 33, 227, 34, 215,
+ 211, 82, 106, 57, 61, 185, 178, 1, 191, 14, 196, 52, 5, 38, 27, 232,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha224(ref hash) => *hash == Sha224::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_rsa_sha1() {
+ /// Certificate that uses RSA with SHA-1.
+ const CERT: &[u8] = [
+ 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 34, 48, 13, 6, 9, 42, 134, 72,
+ 134, 247, 13, 1, 1, 5, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49,
+ 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6,
+ 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49,
+ 48, 57, 50, 56, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 57, 50, 56, 90, 48, 43,
+ 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4,
+ 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130,
+ 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48,
+ 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197,
+ 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214,
+ 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42,
+ 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83,
+ 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8,
+ 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227,
+ 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80,
+ 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230,
+ 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169,
+ 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159,
+ 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200,
+ 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208,
+ 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252,
+ 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0,
+ 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5,
+ 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1,
+ 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247,
+ 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1,
+ 5, 5, 0, 3, 130, 1, 1, 0, 12, 93, 61, 154, 152, 205, 44, 219, 157, 214, 4, 162, 93, 85,
+ 60, 231, 231, 206, 193, 160, 133, 28, 61, 113, 102, 120, 137, 120, 175, 11, 244, 113,
+ 217, 81, 151, 123, 210, 108, 156, 145, 99, 158, 104, 10, 25, 129, 95, 128, 140, 44,
+ 153, 65, 175, 32, 37, 189, 186, 43, 101, 153, 98, 160, 95, 13, 154, 86, 221, 99, 210,
+ 157, 25, 41, 98, 79, 252, 2, 8, 221, 120, 71, 54, 221, 34, 180, 109, 181, 185, 58, 2,
+ 119, 167, 50, 172, 167, 192, 136, 24, 227, 40, 211, 18, 98, 2, 175, 174, 42, 100, 136,
+ 83, 116, 7, 50, 50, 215, 164, 90, 49, 231, 106, 240, 246, 95, 236, 60, 198, 97, 200,
+ 140, 23, 168, 183, 174, 132, 39, 251, 61, 112, 226, 66, 68, 16, 23, 213, 129, 86, 196,
+ 248, 82, 141, 82, 107, 246, 224, 37, 94, 95, 134, 139, 75, 15, 70, 54, 47, 80, 19, 143,
+ 48, 171, 113, 130, 226, 180, 39, 18, 44, 117, 113, 196, 20, 11, 82, 174, 251, 197, 216,
+ 152, 229, 188, 148, 191, 165, 149, 50, 127, 172, 111, 95, 194, 63, 238, 112, 154, 85,
+ 98, 18, 236, 13, 123, 232, 90, 47, 180, 36, 148, 77, 192, 45, 113, 150, 10, 254, 99, 0,
+ 30, 87, 80, 22, 61, 78, 66, 180, 251, 220, 8, 78, 175, 251, 27, 201, 79, 197, 45, 127,
+ 143, 163, 7, 252, 246, 45, 127, 87, 224, 125, 175, 245, 115,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_dsa_sha256() {
+ /// Certificate that uses DSA with SHA-256.
+ const CERT: &[u8] = [
+ 48, 130, 4, 162, 48, 130, 4, 79, 160, 3, 2, 1, 2, 2, 1, 37, 48, 11, 6, 9, 96, 134, 72,
+ 1, 101, 3, 4, 3, 2, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48,
+ 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4,
+ 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 50, 51,
+ 48, 51, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 50, 51, 48, 51, 90, 48, 43, 49, 11,
+ 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101,
+ 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 3, 66, 48,
+ 130, 2, 53, 6, 7, 42, 134, 72, 206, 56, 4, 1, 48, 130, 2, 40, 2, 130, 1, 1, 0, 172, 11,
+ 194, 123, 239, 38, 183, 160, 91, 74, 179, 251, 72, 80, 38, 223, 195, 46, 238, 2, 67,
+ 45, 138, 58, 62, 57, 85, 203, 148, 194, 164, 178, 195, 150, 29, 93, 245, 157, 225, 189,
+ 125, 209, 186, 83, 234, 14, 179, 116, 156, 216, 112, 205, 152, 26, 168, 175, 111, 106,
+ 249, 235, 49, 40, 246, 31, 152, 214, 59, 117, 64, 109, 28, 167, 222, 155, 132, 192,
+ 180, 240, 8, 80, 209, 209, 119, 53, 165, 51, 189, 18, 158, 176, 171, 45, 160, 54, 8,
+ 75, 146, 92, 245, 202, 188, 144, 36, 156, 127, 140, 220, 144, 56, 95, 38, 112, 44, 221,
+ 159, 9, 159, 189, 153, 150, 88, 84, 73, 138, 6, 73, 141, 17, 28, 110, 159, 141, 21,
+ 232, 13, 90, 130, 251, 177, 168, 242, 201, 222, 138, 182, 233, 142, 229, 24, 47, 186,
+ 56, 245, 177, 250, 253, 2, 11, 115, 29, 6, 156, 168, 117, 22, 15, 152, 183, 137, 25,
+ 188, 24, 22, 120, 195, 17, 97, 16, 85, 234, 95, 53, 156, 244, 146, 53, 183, 235, 71,
+ 24, 163, 139, 70, 227, 235, 154, 229, 210, 144, 81, 231, 161, 120, 117, 182, 245, 175,
+ 25, 252, 21, 153, 130, 211, 180, 209, 164, 34, 248, 167, 8, 98, 181, 69, 52, 74, 120,
+ 227, 165, 16, 172, 42, 107, 248, 42, 225, 46, 80, 11, 117, 92, 225, 27, 86, 4, 226, 29,
+ 85, 105, 208, 193, 120, 112, 39, 226, 20, 141, 2, 29, 0, 186, 229, 13, 141, 5, 89, 173,
+ 164, 148, 130, 205, 229, 23, 44, 125, 234, 49, 240, 196, 213, 6, 31, 233, 8, 99, 80,
+ 166, 239, 2, 130, 1, 0, 106, 152, 3, 177, 77, 235, 201, 25, 36, 150, 146, 246, 50, 67,
+ 97, 96, 245, 207, 14, 200, 60, 16, 229, 114, 211, 111, 193, 226, 252, 153, 176, 159,
+ 198, 41, 133, 157, 197, 38, 112, 217, 9, 205, 13, 85, 170, 94, 89, 60, 214, 117, 182,
+ 163, 81, 138, 122, 250, 48, 98, 43, 60, 186, 203, 147, 60, 74, 110, 89, 216, 73, 4,
+ 191, 1, 158, 174, 98, 201, 184, 25, 162, 239, 244, 139, 154, 173, 108, 135, 124, 166,
+ 152, 88, 237, 68, 145, 252, 33, 40, 237, 57, 53, 155, 215, 56, 12, 202, 22, 225, 7, 89,
+ 24, 245, 195, 164, 36, 172, 98, 26, 115, 10, 71, 27, 21, 255, 62, 212, 202, 71, 147,
+ 229, 6, 181, 19, 107, 136, 223, 239, 164, 243, 254, 101, 208, 122, 226, 150, 17, 251,
+ 218, 85, 169, 81, 177, 7, 190, 171, 230, 26, 149, 183, 181, 113, 140, 252, 212, 172,
+ 154, 200, 118, 69, 156, 108, 144, 11, 201, 135, 175, 19, 201, 116, 9, 80, 20, 19, 89,
+ 151, 198, 204, 253, 10, 155, 101, 159, 81, 190, 174, 58, 220, 250, 220, 212, 42, 111,
+ 33, 204, 114, 7, 30, 153, 73, 248, 209, 114, 36, 225, 6, 47, 106, 45, 226, 254, 175,
+ 201, 138, 254, 121, 184, 19, 143, 48, 67, 179, 99, 250, 189, 237, 58, 249, 194, 167,
+ 149, 162, 219, 27, 53, 67, 135, 193, 204, 253, 176, 245, 2, 211, 58, 176, 69, 14, 186,
+ 3, 130, 1, 5, 0, 2, 130, 1, 0, 97, 40, 15, 97, 210, 23, 118, 85, 75, 191, 251, 126,
+ 171, 47, 188, 57, 40, 41, 85, 48, 206, 169, 253, 233, 146, 161, 39, 232, 242, 19, 219,
+ 191, 172, 82, 78, 132, 153, 238, 120, 228, 99, 199, 197, 181, 74, 191, 123, 189, 80,
+ 203, 219, 50, 184, 193, 49, 160, 9, 41, 167, 133, 33, 151, 52, 196, 61, 29, 102, 233,
+ 163, 249, 121, 248, 55, 144, 215, 55, 89, 142, 137, 249, 67, 112, 167, 42, 255, 67, 56,
+ 179, 106, 187, 79, 87, 54, 118, 186, 154, 48, 150, 204, 222, 102, 135, 254, 202, 9,
+ 166, 229, 176, 130, 37, 174, 139, 240, 43, 134, 75, 141, 35, 163, 203, 71, 153, 217,
+ 71, 181, 79, 35, 114, 55, 124, 20, 55, 110, 112, 223, 109, 239, 183, 210, 141, 59, 88,
+ 47, 40, 167, 154, 90, 99, 250, 146, 29, 226, 10, 70, 103, 246, 209, 36, 174, 177, 164,
+ 244, 126, 153, 106, 156, 92, 143, 140, 46, 49, 184, 125, 160, 246, 145, 178, 94, 11,
+ 153, 128, 59, 210, 11, 210, 42, 3, 138, 136, 147, 115, 96, 190, 68, 128, 25, 47, 26,
+ 231, 183, 247, 89, 28, 67, 220, 235, 88, 4, 228, 140, 148, 10, 98, 104, 101, 60, 115,
+ 39, 219, 183, 111, 62, 93, 133, 141, 219, 252, 51, 66, 224, 115, 158, 85, 46, 13, 171,
+ 31, 5, 210, 83, 68, 61, 92, 87, 241, 1, 215, 144, 233, 243, 68, 238, 197, 62, 54, 68,
+ 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 153, 40, 244, 111, 22, 53,
+ 83, 33, 46, 24, 242, 81, 89, 121, 91, 97, 190, 144, 138, 150, 48, 12, 6, 3, 85, 29, 19,
+ 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 230, 93, 24, 66, 42, 224, 216, 63, 210, 30, 74, 173, 48,
+ 16, 195, 8, 166, 231, 232, 253, 48, 11, 6, 9, 96, 134, 72, 1, 101, 3, 4, 3, 2, 3, 64,
+ 0, 48, 61, 2, 28, 116, 130, 114, 201, 119, 192, 122, 114, 52, 255, 182, 233, 56, 153,
+ 169, 135, 12, 49, 236, 107, 72, 244, 178, 174, 32, 27, 13, 226, 2, 29, 0, 170, 35, 77,
+ 179, 10, 59, 85, 118, 124, 99, 48, 21, 125, 235, 57, 27, 60, 222, 102, 120, 20, 16,
+ 148, 80, 118, 28, 75, 176,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_dsa_sha224() {
+ /// Certificate that uses DSA with SHA-224.
+ const CERT: &[u8] = [
+ 48, 130, 4, 163, 48, 130, 4, 79, 160, 3, 2, 1, 2, 2, 1, 36, 48, 11, 6, 9, 96, 134, 72,
+ 1, 101, 3, 4, 3, 1, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48,
+ 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4,
+ 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 50, 50,
+ 50, 53, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 50, 50, 50, 53, 90, 48, 43, 49, 11,
+ 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101,
+ 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 3, 66, 48,
+ 130, 2, 53, 6, 7, 42, 134, 72, 206, 56, 4, 1, 48, 130, 2, 40, 2, 130, 1, 1, 0, 172, 11,
+ 194, 123, 239, 38, 183, 160, 91, 74, 179, 251, 72, 80, 38, 223, 195, 46, 238, 2, 67,
+ 45, 138, 58, 62, 57, 85, 203, 148, 194, 164, 178, 195, 150, 29, 93, 245, 157, 225, 189,
+ 125, 209, 186, 83, 234, 14, 179, 116, 156, 216, 112, 205, 152, 26, 168, 175, 111, 106,
+ 249, 235, 49, 40, 246, 31, 152, 214, 59, 117, 64, 109, 28, 167, 222, 155, 132, 192,
+ 180, 240, 8, 80, 209, 209, 119, 53, 165, 51, 189, 18, 158, 176, 171, 45, 160, 54, 8,
+ 75, 146, 92, 245, 202, 188, 144, 36, 156, 127, 140, 220, 144, 56, 95, 38, 112, 44, 221,
+ 159, 9, 159, 189, 153, 150, 88, 84, 73, 138, 6, 73, 141, 17, 28, 110, 159, 141, 21,
+ 232, 13, 90, 130, 251, 177, 168, 242, 201, 222, 138, 182, 233, 142, 229, 24, 47, 186,
+ 56, 245, 177, 250, 253, 2, 11, 115, 29, 6, 156, 168, 117, 22, 15, 152, 183, 137, 25,
+ 188, 24, 22, 120, 195, 17, 97, 16, 85, 234, 95, 53, 156, 244, 146, 53, 183, 235, 71,
+ 24, 163, 139, 70, 227, 235, 154, 229, 210, 144, 81, 231, 161, 120, 117, 182, 245, 175,
+ 25, 252, 21, 153, 130, 211, 180, 209, 164, 34, 248, 167, 8, 98, 181, 69, 52, 74, 120,
+ 227, 165, 16, 172, 42, 107, 248, 42, 225, 46, 80, 11, 117, 92, 225, 27, 86, 4, 226, 29,
+ 85, 105, 208, 193, 120, 112, 39, 226, 20, 141, 2, 29, 0, 186, 229, 13, 141, 5, 89, 173,
+ 164, 148, 130, 205, 229, 23, 44, 125, 234, 49, 240, 196, 213, 6, 31, 233, 8, 99, 80,
+ 166, 239, 2, 130, 1, 0, 106, 152, 3, 177, 77, 235, 201, 25, 36, 150, 146, 246, 50, 67,
+ 97, 96, 245, 207, 14, 200, 60, 16, 229, 114, 211, 111, 193, 226, 252, 153, 176, 159,
+ 198, 41, 133, 157, 197, 38, 112, 217, 9, 205, 13, 85, 170, 94, 89, 60, 214, 117, 182,
+ 163, 81, 138, 122, 250, 48, 98, 43, 60, 186, 203, 147, 60, 74, 110, 89, 216, 73, 4,
+ 191, 1, 158, 174, 98, 201, 184, 25, 162, 239, 244, 139, 154, 173, 108, 135, 124, 166,
+ 152, 88, 237, 68, 145, 252, 33, 40, 237, 57, 53, 155, 215, 56, 12, 202, 22, 225, 7, 89,
+ 24, 245, 195, 164, 36, 172, 98, 26, 115, 10, 71, 27, 21, 255, 62, 212, 202, 71, 147,
+ 229, 6, 181, 19, 107, 136, 223, 239, 164, 243, 254, 101, 208, 122, 226, 150, 17, 251,
+ 218, 85, 169, 81, 177, 7, 190, 171, 230, 26, 149, 183, 181, 113, 140, 252, 212, 172,
+ 154, 200, 118, 69, 156, 108, 144, 11, 201, 135, 175, 19, 201, 116, 9, 80, 20, 19, 89,
+ 151, 198, 204, 253, 10, 155, 101, 159, 81, 190, 174, 58, 220, 250, 220, 212, 42, 111,
+ 33, 204, 114, 7, 30, 153, 73, 248, 209, 114, 36, 225, 6, 47, 106, 45, 226, 254, 175,
+ 201, 138, 254, 121, 184, 19, 143, 48, 67, 179, 99, 250, 189, 237, 58, 249, 194, 167,
+ 149, 162, 219, 27, 53, 67, 135, 193, 204, 253, 176, 245, 2, 211, 58, 176, 69, 14, 186,
+ 3, 130, 1, 5, 0, 2, 130, 1, 0, 97, 40, 15, 97, 210, 23, 118, 85, 75, 191, 251, 126,
+ 171, 47, 188, 57, 40, 41, 85, 48, 206, 169, 253, 233, 146, 161, 39, 232, 242, 19, 219,
+ 191, 172, 82, 78, 132, 153, 238, 120, 228, 99, 199, 197, 181, 74, 191, 123, 189, 80,
+ 203, 219, 50, 184, 193, 49, 160, 9, 41, 167, 133, 33, 151, 52, 196, 61, 29, 102, 233,
+ 163, 249, 121, 248, 55, 144, 215, 55, 89, 142, 137, 249, 67, 112, 167, 42, 255, 67, 56,
+ 179, 106, 187, 79, 87, 54, 118, 186, 154, 48, 150, 204, 222, 102, 135, 254, 202, 9,
+ 166, 229, 176, 130, 37, 174, 139, 240, 43, 134, 75, 141, 35, 163, 203, 71, 153, 217,
+ 71, 181, 79, 35, 114, 55, 124, 20, 55, 110, 112, 223, 109, 239, 183, 210, 141, 59, 88,
+ 47, 40, 167, 154, 90, 99, 250, 146, 29, 226, 10, 70, 103, 246, 209, 36, 174, 177, 164,
+ 244, 126, 153, 106, 156, 92, 143, 140, 46, 49, 184, 125, 160, 246, 145, 178, 94, 11,
+ 153, 128, 59, 210, 11, 210, 42, 3, 138, 136, 147, 115, 96, 190, 68, 128, 25, 47, 26,
+ 231, 183, 247, 89, 28, 67, 220, 235, 88, 4, 228, 140, 148, 10, 98, 104, 101, 60, 115,
+ 39, 219, 183, 111, 62, 93, 133, 141, 219, 252, 51, 66, 224, 115, 158, 85, 46, 13, 171,
+ 31, 5, 210, 83, 68, 61, 92, 87, 241, 1, 215, 144, 233, 243, 68, 238, 197, 62, 54, 68,
+ 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 153, 40, 244, 111, 22, 53,
+ 83, 33, 46, 24, 242, 81, 89, 121, 91, 97, 190, 144, 138, 150, 48, 12, 6, 3, 85, 29, 19,
+ 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 230, 93, 24, 66, 42, 224, 216, 63, 210, 30, 74, 173, 48,
+ 16, 195, 8, 166, 231, 232, 253, 48, 11, 6, 9, 96, 134, 72, 1, 101, 3, 4, 3, 1, 3, 65,
+ 0, 48, 62, 2, 29, 0, 178, 65, 35, 200, 113, 88, 88, 146, 71, 230, 14, 148, 101, 161,
+ 118, 55, 125, 175, 226, 137, 63, 147, 215, 75, 207, 115, 150, 22, 2, 29, 0, 233, 44,
+ 225, 196, 27, 225, 84, 166, 253, 231, 247, 162, 41, 134, 178, 45, 218, 17, 24, 35, 120,
+ 100, 231, 84, 218, 88, 80, 255,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha224(ref hash) => *hash == Sha224::digest(CERT),
+ _ => false,
+ }),);
+ }
+ #[test]
+ fn test_parse_dsa_sha1() {
+ /// Certificate that uses DSA with SHA-1.
+ const CERT: &[u8] = [
+ 48, 130, 4, 157, 48, 130, 4, 77, 160, 3, 2, 1, 2, 2, 1, 35, 48, 9, 6, 7, 42, 134, 72,
+ 206, 56, 4, 3, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 6,
+ 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12,
+ 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 49, 57, 48, 55,
+ 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 49, 57, 48, 55, 90, 48, 43, 49, 11, 48, 9,
+ 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115,
+ 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 3, 66, 48, 130,
+ 2, 53, 6, 7, 42, 134, 72, 206, 56, 4, 1, 48, 130, 2, 40, 2, 130, 1, 1, 0, 172, 11, 194,
+ 123, 239, 38, 183, 160, 91, 74, 179, 251, 72, 80, 38, 223, 195, 46, 238, 2, 67, 45,
+ 138, 58, 62, 57, 85, 203, 148, 194, 164, 178, 195, 150, 29, 93, 245, 157, 225, 189,
+ 125, 209, 186, 83, 234, 14, 179, 116, 156, 216, 112, 205, 152, 26, 168, 175, 111, 106,
+ 249, 235, 49, 40, 246, 31, 152, 214, 59, 117, 64, 109, 28, 167, 222, 155, 132, 192,
+ 180, 240, 8, 80, 209, 209, 119, 53, 165, 51, 189, 18, 158, 176, 171, 45, 160, 54, 8,
+ 75, 146, 92, 245, 202, 188, 144, 36, 156, 127, 140, 220, 144, 56, 95, 38, 112, 44, 221,
+ 159, 9, 159, 189, 153, 150, 88, 84, 73, 138, 6, 73, 141, 17, 28, 110, 159, 141, 21,
+ 232, 13, 90, 130, 251, 177, 168, 242, 201, 222, 138, 182, 233, 142, 229, 24, 47, 186,
+ 56, 245, 177, 250, 253, 2, 11, 115, 29, 6, 156, 168, 117, 22, 15, 152, 183, 137, 25,
+ 188, 24, 22, 120, 195, 17, 97, 16, 85, 234, 95, 53, 156, 244, 146, 53, 183, 235, 71,
+ 24, 163, 139, 70, 227, 235, 154, 229, 210, 144, 81, 231, 161, 120, 117, 182, 245, 175,
+ 25, 252, 21, 153, 130, 211, 180, 209, 164, 34, 248, 167, 8, 98, 181, 69, 52, 74, 120,
+ 227, 165, 16, 172, 42, 107, 248, 42, 225, 46, 80, 11, 117, 92, 225, 27, 86, 4, 226, 29,
+ 85, 105, 208, 193, 120, 112, 39, 226, 20, 141, 2, 29, 0, 186, 229, 13, 141, 5, 89, 173,
+ 164, 148, 130, 205, 229, 23, 44, 125, 234, 49, 240, 196, 213, 6, 31, 233, 8, 99, 80,
+ 166, 239, 2, 130, 1, 0, 106, 152, 3, 177, 77, 235, 201, 25, 36, 150, 146, 246, 50, 67,
+ 97, 96, 245, 207, 14, 200, 60, 16, 229, 114, 211, 111, 193, 226, 252, 153, 176, 159,
+ 198, 41, 133, 157, 197, 38, 112, 217, 9, 205, 13, 85, 170, 94, 89, 60, 214, 117, 182,
+ 163, 81, 138, 122, 250, 48, 98, 43, 60, 186, 203, 147, 60, 74, 110, 89, 216, 73, 4,
+ 191, 1, 158, 174, 98, 201, 184, 25, 162, 239, 244, 139, 154, 173, 108, 135, 124, 166,
+ 152, 88, 237, 68, 145, 252, 33, 40, 237, 57, 53, 155, 215, 56, 12, 202, 22, 225, 7, 89,
+ 24, 245, 195, 164, 36, 172, 98, 26, 115, 10, 71, 27, 21, 255, 62, 212, 202, 71, 147,
+ 229, 6, 181, 19, 107, 136, 223, 239, 164, 243, 254, 101, 208, 122, 226, 150, 17, 251,
+ 218, 85, 169, 81, 177, 7, 190, 171, 230, 26, 149, 183, 181, 113, 140, 252, 212, 172,
+ 154, 200, 118, 69, 156, 108, 144, 11, 201, 135, 175, 19, 201, 116, 9, 80, 20, 19, 89,
+ 151, 198, 204, 253, 10, 155, 101, 159, 81, 190, 174, 58, 220, 250, 220, 212, 42, 111,
+ 33, 204, 114, 7, 30, 153, 73, 248, 209, 114, 36, 225, 6, 47, 106, 45, 226, 254, 175,
+ 201, 138, 254, 121, 184, 19, 143, 48, 67, 179, 99, 250, 189, 237, 58, 249, 194, 167,
+ 149, 162, 219, 27, 53, 67, 135, 193, 204, 253, 176, 245, 2, 211, 58, 176, 69, 14, 186,
+ 3, 130, 1, 5, 0, 2, 130, 1, 0, 97, 40, 15, 97, 210, 23, 118, 85, 75, 191, 251, 126,
+ 171, 47, 188, 57, 40, 41, 85, 48, 206, 169, 253, 233, 146, 161, 39, 232, 242, 19, 219,
+ 191, 172, 82, 78, 132, 153, 238, 120, 228, 99, 199, 197, 181, 74, 191, 123, 189, 80,
+ 203, 219, 50, 184, 193, 49, 160, 9, 41, 167, 133, 33, 151, 52, 196, 61, 29, 102, 233,
+ 163, 249, 121, 248, 55, 144, 215, 55, 89, 142, 137, 249, 67, 112, 167, 42, 255, 67, 56,
+ 179, 106, 187, 79, 87, 54, 118, 186, 154, 48, 150, 204, 222, 102, 135, 254, 202, 9,
+ 166, 229, 176, 130, 37, 174, 139, 240, 43, 134, 75, 141, 35, 163, 203, 71, 153, 217,
+ 71, 181, 79, 35, 114, 55, 124, 20, 55, 110, 112, 223, 109, 239, 183, 210, 141, 59, 88,
+ 47, 40, 167, 154, 90, 99, 250, 146, 29, 226, 10, 70, 103, 246, 209, 36, 174, 177, 164,
+ 244, 126, 153, 106, 156, 92, 143, 140, 46, 49, 184, 125, 160, 246, 145, 178, 94, 11,
+ 153, 128, 59, 210, 11, 210, 42, 3, 138, 136, 147, 115, 96, 190, 68, 128, 25, 47, 26,
+ 231, 183, 247, 89, 28, 67, 220, 235, 88, 4, 228, 140, 148, 10, 98, 104, 101, 60, 115,
+ 39, 219, 183, 111, 62, 93, 133, 141, 219, 252, 51, 66, 224, 115, 158, 85, 46, 13, 171,
+ 31, 5, 210, 83, 68, 61, 92, 87, 241, 1, 215, 144, 233, 243, 68, 238, 197, 62, 54, 68,
+ 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 153, 40, 244, 111, 22, 53,
+ 83, 33, 46, 24, 242, 81, 89, 121, 91, 97, 190, 144, 138, 150, 48, 12, 6, 3, 85, 29, 19,
+ 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85,
+ 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29,
+ 35, 4, 24, 48, 22, 128, 20, 230, 93, 24, 66, 42, 224, 216, 63, 210, 30, 74, 173, 48,
+ 16, 195, 8, 166, 231, 232, 253, 48, 9, 6, 7, 42, 134, 72, 206, 56, 4, 3, 3, 63, 0, 48,
+ 60, 2, 28, 50, 39, 36, 45, 25, 91, 93, 174, 107, 192, 215, 113, 214, 88, 122, 108, 97,
+ 82, 121, 182, 191, 182, 66, 173, 207, 255, 17, 86, 2, 28, 28, 133, 69, 48, 198, 204,
+ 39, 177, 136, 73, 222, 95, 114, 218, 219, 54, 88, 17, 114, 204, 214, 83, 20, 137, 75,
+ 203, 163, 99,
+ ]
+ .as_slice();
+ assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash {
+ Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT),
+ _ => false,
+ }),);
}
#[cfg(feature = "runtime")]
#[derive(Debug)]
@@ -635,6 +1216,12 @@ mod tests {
Rustls(rustls::Error),
#[expect(dead_code, reason = "does not matter for tests")]
Postgres(tokio_postgres::Error),
+ NoRootCert,
+ MultipleRootCerts,
+ NoClientKey,
+ MultipleClientKeys,
+ #[expect(dead_code, reason = "does not matter for tests")]
+ RustlsPem(PemErr),
}
#[cfg(feature = "runtime")]
impl From<Error> for E {
@@ -655,20 +1242,93 @@ mod tests {
}
}
#[cfg(feature = "runtime")]
+ impl From<PemErr> for E {
+ fn from(value: PemErr) -> Self {
+ Self::RustlsPem(value)
+ }
+ }
+ #[cfg(feature = "runtime")]
+ #[ignore]
+ #[test]
+ fn test_mutual_tls() -> Result<(), E> {
+ let root_cert_file = fs::read("test_data/ca.crt.pem")?;
+ let mut cert_iter = CertificateDer::pem_slice_iter(root_cert_file.as_slice());
+ let key_file = fs::read("test_data/client.key.pem")?;
+ let mut key_iter = PrivateKeyDer::pem_slice_iter(key_file.as_slice());
+ let mut conf = ClientConfig::builder_with_protocol_versions([&TLS13].as_slice())
+ .with_root_certificates(cert_iter.next().ok_or_else(|| E::NoRootCert).and_then(
+ |cert_res| {
+ cert_res.map_err(E::RustlsPem).and_then(|cert| {
+ cert_iter.next().map_or_else(
+ || {
+ let mut root_store = RootCertStore::empty();
+ root_store.add(cert).map_err(E::Rustls).map(|()| root_store)
+ },
+ |_| Err(E::MultipleRootCerts),
+ )
+ })
+ },
+ )?)
+ .with_client_auth_cert(
+ CertificateDer::pem_slice_iter(fs::read("test_data/client.crt.pem")?.as_slice())
+ .try_fold(Vec::with_capacity(1), |mut certs, res| {
+ res.map(|cert| {
+ certs.push(cert);
+ certs
+ })
+ })?,
+ key_iter
+ .next()
+ .ok_or_else(|| E::NoClientKey)
+ .and_then(|key_res| {
+ key_res.map_err(E::RustlsPem).and_then(|key| {
+ key_iter
+ .next()
+ .map_or_else(|| Ok(key), |_| Err(E::MultipleClientKeys))
+ })
+ })?,
+ )?;
+ super::set_postgresql_alpn(&mut conf);
+ let mut config = Config::new();
+ let connection = config
+ .application_name("test")
+ .channel_binding(ChannelBinding::Disable)
+ .connect_timeout(Duration::from_secs(4))
+ .dbname(fs::read_to_string("test_data/dbname")?.trim_ascii_end())
+ .host(fs::read_to_string("test_data/host")?.trim_ascii_end())
+ .hostaddr(IpAddr::V6(Ipv6Addr::LOCALHOST))
+ .keepalives(false)
+ .load_balance_hosts(LoadBalanceHosts::Disable)
+ .port(5432)
+ .ssl_mode(SslMode::Require)
+ .target_session_attrs(TargetSessionAttrs::Any)
+ .user(fs::read_to_string("test_data/user")?.trim_ascii_end())
+ .connect(MakeTlsConnector::new(Arc::new(conf).into()));
+ Builder::new_current_thread()
+ .enable_all()
+ .build()?
+ .block_on(async move { connection.await.map_err(E::Postgres).map(|_| ()) })
+ }
+ #[cfg(feature = "runtime")]
+ #[ignore]
#[test]
- fn test_local_tls_connection() -> Result<(), E> {
- /// Name of the database in PostgreSQL that we connect to.
- const DBNAME: &str = "dbname";
- /// Name of the domain the certificate is issued to that PostgreSQL uses.
- const HOST: &str = "host";
- /// The password needed to connect to [`DBNAME`].
- const PASSWORD: &[u8] = b"password".as_slice();
- /// Name of the user that will be used to connect to [`DBNAME`].
- const USER: &str = "user";
- let mut root_store = RootCertStore::empty();
- root_store.add(CertificateDer::from_slice(ISRG_ROOT_X1))?;
+ fn test_password_and_channel_binding() -> Result<(), E> {
+ let root_cert_file = fs::read("test_data/ca.crt.pem")?;
+ let mut cert_iter = CertificateDer::pem_slice_iter(root_cert_file.as_slice());
let mut conf = ClientConfig::builder_with_protocol_versions([&TLS13].as_slice())
- .with_root_certificates(root_store)
+ .with_root_certificates(cert_iter.next().ok_or_else(|| E::NoRootCert).and_then(
+ |cert_res| {
+ cert_res.map_err(E::RustlsPem).and_then(|cert| {
+ cert_iter.next().map_or_else(
+ || {
+ let mut root_store = RootCertStore::empty();
+ root_store.add(cert).map_err(E::Rustls).map(|()| root_store)
+ },
+ |_| Err(E::MultipleRootCerts),
+ )
+ })
+ },
+ )?)
.with_no_client_auth();
super::set_postgresql_alpn(&mut conf);
let mut config = Config::new();
@@ -676,16 +1336,16 @@ mod tests {
.application_name("test")
.channel_binding(ChannelBinding::Require)
.connect_timeout(Duration::from_secs(4))
- .dbname(DBNAME)
- .host(HOST)
+ .dbname(fs::read_to_string("test_data/dbname")?.trim_ascii_end())
+ .host(fs::read_to_string("test_data/host")?.trim_ascii_end())
.hostaddr(IpAddr::V6(Ipv6Addr::LOCALHOST))
.keepalives(false)
.load_balance_hosts(LoadBalanceHosts::Disable)
- .password(PASSWORD)
+ .password(fs::read("test_data/password")?.trim_ascii_end())
.port(5432)
.ssl_mode(SslMode::Require)
.target_session_attrs(TargetSessionAttrs::Any)
- .user(USER)
+ .user(fs::read_to_string("test_data/user")?.trim_ascii_end())
.connect(MakeTlsConnector::new(Arc::new(conf).into()));
Builder::new_current_thread()
.enable_all()
diff --git a/test_data/README.md b/test_data/README.md
@@ -0,0 +1,16 @@
+When `runtime` is enabled and the `ignored` tests are run,
+there must be a PostgreSQL server running on `[::1]:5432` that is configured
+with TLS 1.3 support with a valid X.509 v3 certificate issued to the value in
+`host`. The root certificate must be what is in `ca.crt.pem` and must be a valid
+PEM-encoded X.509 v3 certificate. The user that connects to the server
+must be the value in `user` and the database that is connected to must be the
+value in `dbname`.
+
+When connecting via password (e.g., `tests::test_password_and_channel_binding` is run),
+the password must be the value in `password`; furthermore `scram-sha-256` must be the
+configured method of authentication. When connecting via client TLS
+(e.g., `tests::test_mutual_tls` is run), the client certificate chain must be what is in
+`client.crt.pem` and must be valid PEM-encoded X.509 v3 certificate chain with root certificate
+recognized by PostgreSQL. The client private key must be what is in `client.key.pem` and
+must be a valid PEM-encoded private key associated with the client certificate in
+`client.crt.pem`.
diff --git a/test_data/ca.crt.pem b/test_data/ca.crt.pem
diff --git a/test_data/client.crt.pem b/test_data/client.crt.pem
diff --git a/test_data/client.key.pem b/test_data/client.key.pem
diff --git a/test_data/dbname b/test_data/dbname
diff --git a/test_data/host b/test_data/host
diff --git a/test_data/password b/test_data/password
diff --git a/test_data/user b/test_data/user
