lib.rs (88602B)
1 //! [![git]](https://git.philomathiclife.com/postgres_rustls/log.html) [![crates-io]](https://crates.io/crates/postgres_rustls) [![docs-rs]](crate) 2 //! 3 //! [git]: https://git.philomathiclife.com/git_badge.svg 4 //! [crates-io]: https://img.shields.io/badge/crates.io-fc8d62?style=for-the-badge&labelColor=555555&logo=rust 5 //! [docs-rs]: https://img.shields.io/badge/docs.rs-66c2a5?style=for-the-badge&labelColor=555555&logo=docs.rs 6 //! 7 //! `postgres_rustls` is a library that adds TLS support to [`tokio_postgres`] using [`tokio_rustls`]. 8 #![cfg_attr(docsrs, feature(doc_cfg))] 9 #![expect( 10 clippy::multiple_crate_versions, 11 reason = "dependencies haven't updated to newest crates" 12 )] 13 use core::{ 14 pin::Pin, 15 task::{Context, Poll}, 16 }; 17 use sha2::{ 18 Sha224, Sha256, Sha384, Sha512, 19 digest::{Digest as _, OutputSizeUser, generic_array::GenericArray}, 20 }; 21 use std::io::{self, IoSlice}; 22 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf}; 23 #[cfg(feature = "runtime")] 24 use tokio_postgres::tls::MakeTlsConnect; 25 use tokio_postgres::tls::{ChannelBinding, TlsConnect as PgTlsConnect, TlsStream as PgTlsStream}; 26 use tokio_rustls::{ 27 Connect, 28 client::TlsStream as RustlsStream, 29 rustls::{ 30 ClientConfig, 31 pki_types::{InvalidDnsNameError, ServerName}, 32 }, 33 }; 34 /// Hash for the leaf certificate provided by the PostgreSQL server. 35 #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")] 36 enum Hash { 37 /// SHA-256 hash. 38 Sha256(GenericArray<u8, <Sha256 as OutputSizeUser>::OutputSize>), 39 /// SHA-384 hash. 40 Sha384(GenericArray<u8, <Sha384 as OutputSizeUser>::OutputSize>), 41 /// SHA-512 hash. 42 Sha512(GenericArray<u8, <Sha512 as OutputSizeUser>::OutputSize>), 43 /// SHA-224 hash. 44 Sha224(GenericArray<u8, <Sha224 as OutputSizeUser>::OutputSize>), 45 } 46 impl From<Hash> for Vec<u8> { 47 #[inline] 48 fn from(value: Hash) -> Self { 49 match value { 50 Hash::Sha256(hash) => hash.to_vec(), 51 Hash::Sha384(hash) => hash.to_vec(), 52 Hash::Sha512(hash) => hash.to_vec(), 53 Hash::Sha224(hash) => hash.to_vec(), 54 } 55 } 56 } 57 impl Hash { 58 /// Parses `cert` as a DER-encoded X.509 v3 certifcate extracting the signature algorithm and using it to hash 59 /// `cert` (based on the underlying hash algorithm of the signature algorithm). 60 /// 61 /// Note this will return `Some` for certain invalid payloads; however when the payload is a valid 62 /// DER-encoded X.509 v3 certificate, then it is guaranteed to produce the correct hash. The idea is that 63 /// in the event the leaf certificate is invalid, then it will be rejected by `rustls` anyway thus what 64 /// this returns won't matter. We do this for simplicity and performance reasons since it allows us to 65 /// avoid parsing the entire certificate and instead _only_ care about the signature algorithm. 66 /// 67 /// The only signature algorithms supported are the following: 68 /// 69 /// * id-Ed25519 70 /// * ecdsa-with-SHA256 71 /// * sha256WithRSAEncryption 72 /// * ecdsa-with-SHA384 73 /// * sha384WithRSAEncryption 74 /// * ecdsa-with-SHA512 75 /// * sha512WithRSAEncryption 76 /// * ecdsa-with-SHA224 77 /// * sha224WithRSAEncryption 78 /// * dsa-with-SHA256 79 /// * dsa-with-SHA224 80 /// * dsa-with-SHA1 81 /// * sha1WithRSAEncryption 82 /// 83 /// More may be added; but for ones that require additional dependencies, they will be hidden behind a feature. 84 /// Additionally new ones must be supported by PostgreSQL, `tokio-postgres`, and `rustls`. For example, 85 /// PostgreSQL does not support Ed25519 certificates; however we add support for this since it does not require 86 /// additional dependencies. 87 // 88 // [RFC 5280 § 4.1](https://www.rfc-editor.org/rfc/rfc5280#section-4.1) describes the ASN.1 format 89 // of an X.509 v3 Certificate: 90 // 91 // ```asn 92 // Certificate ::= SEQUENCE { 93 // tbsCertificate TBSCertificate, 94 // signatureAlgorithm AlgorithmIdentifier, 95 // signatureValue BIT STRING } 96 // 97 // TBSCertificate ::= SEQUENCE { … } 98 // 99 // AlgorithmIdentifier ::= SEQUENCE { 100 // algorithm OBJECT IDENTIFIER, 101 // parameters ANY DEFINED BY algorithm OPTIONAL } 102 // ``` 103 // 104 // [ITU-T X.690](https://www.itu.int/rec/T-REC-X.690-202102-I/en) 105 // describes how DER-encoding works. 106 #[expect( 107 clippy::arithmetic_side_effects, 108 clippy::big_endian_bytes, 109 clippy::indexing_slicing, 110 reason = "comments justify their correctness" 111 )] 112 #[expect(clippy::too_many_lines, reason = "inflated by the const slices")] 113 #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")] 114 fn from_der_cert(cert: &[u8]) -> Option<Self> { 115 /// [RFC 8410 § 9](https://www.rfc-editor.org/rfc/rfc8410#section-9) 116 /// defines id-Ed25519 as 1.3.101.112. This is encoded as below per X.690 § 8.19. 117 const ED25519: &[u8] = [43, 101, 112].as_slice(); 118 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 119 /// defines ecdsa-with-SHA256 as 1.2.840.10045.4.3.2. This is encoded as 120 /// below per X.690 § 8.19. 121 const ECDSA_SHA256: &[u8] = [42, 134, 72, 206, 61, 4, 3, 2].as_slice(); 122 /// [RFC 8017 § Appendix C](https://www.rfc-editor.org/rfc/rfc8017#appendix-C) 123 /// defines sha256WithRSAEncryption as 1.2.840.113549.1.1.11. This is encoded as 124 /// below per X.690 § 8.19. 125 const RSA_SHA256: &[u8] = [42, 134, 72, 134, 247, 13, 1, 1, 11].as_slice(); 126 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 127 /// defines dsa-with-SHA256 as 2.16.840.1.101.3.4.3.2. This is encoded as 128 /// below per X.690 § 8.19. 129 const DSA_SHA256: &[u8] = [96, 134, 72, 1, 101, 3, 4, 3, 2].as_slice(); 130 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 131 /// defines dsa-with-SHA1 as 1.2.840.10040.4.3. This is encoded as 132 /// below per X.690 § 8.19. 133 const DSA_SHA1: &[u8] = [42, 134, 72, 206, 56, 4, 3].as_slice(); 134 /// [RFC 8017 § Appendix C](https://www.rfc-editor.org/rfc/rfc8017#appendix-C) 135 /// defines sha1WithRSAEncryption as 1.2.840.113549.1.1.5. This is encoded as 136 /// below per X.690 § 8.19. 137 const RSA_SHA1: &[u8] = [42, 134, 72, 134, 247, 13, 1, 1, 5].as_slice(); 138 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 139 /// defines ecdsa-with-SHA384 as 1.2.840.10045.4.3.3. This is encoded as 140 /// below per X.690 § 8.19. 141 const ECDSA_SHA384: &[u8] = [42, 134, 72, 206, 61, 4, 3, 3].as_slice(); 142 /// [RFC 8017 § Appendix C](https://www.rfc-editor.org/rfc/rfc8017#appendix-C) 143 /// defines sha384WithRSAEncryption as 1.2.840.113549.1.1.12. This is encoded as 144 /// below per X.690 § 8.19. 145 const RSA_SHA384: &[u8] = [42, 134, 72, 134, 247, 13, 1, 1, 12].as_slice(); 146 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 147 /// defines ecdsa-with-SHA512 as 1.2.840.10045.4.3.4. This is encoded as 148 /// below per X.690 § 8.19. 149 const ECDSA_SHA512: &[u8] = [42, 134, 72, 206, 61, 4, 3, 4].as_slice(); 150 /// [RFC 8017 § Appendix C](https://www.rfc-editor.org/rfc/rfc8017#appendix-C) 151 /// defines sha512WithRSAEncryption as 1.2.840.113549.1.1.13. This is encoded as 152 /// below per X.690 § 8.19. 153 const RSA_SHA512: &[u8] = [42, 134, 72, 134, 247, 13, 1, 1, 13].as_slice(); 154 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 155 /// defines ecdsa-with-SHA224 as 1.2.840.10045.4.3.1. This is encoded as 156 /// below per X.690 § 8.19. 157 const ECDSA_SHA224: &[u8] = [42, 134, 72, 206, 61, 4, 3, 1].as_slice(); 158 /// [RFC 8017 § Appendix C](https://www.rfc-editor.org/rfc/rfc8017#appendix-C) 159 /// defines sha224WithRSAEncryption as 1.2.840.113549.1.1.14. This is encoded as 160 /// below per X.690 § 8.19. 161 const RSA_SHA224: &[u8] = [42, 134, 72, 134, 247, 13, 1, 1, 14].as_slice(); 162 /// [RFC 5912 § 6](https://www.rfc-editor.org/rfc/rfc5912.html#section-6) 163 /// defines dsa-with-SHA224 as 2.16.840.1.101.3.4.3.1. This is encoded as 164 /// below per X.690 § 8.19. 165 const DSA_SHA224: &[u8] = [96, 134, 72, 1, 101, 3, 4, 3, 1].as_slice(); 166 // The first octet represents a constructed sequence (i.e., 0x30) and the second octet represents 167 // the (possibly encoded) length of the remaining payload. 168 cert.split_at_checked(2).and_then(|(cert_seq, cert_rem)| { 169 // This won't `panic` since `cert_seq.len() == 2`. 170 // This represents the (possibly encoded) length. 171 // 172 // We don't care about the actual length of the payload. We only care about the number of bytes 173 // we need to skip until the (possibly encoded) length of the constructed sequence of 174 // tbsCertificate. 175 match cert_seq[1] { 176 // The length of the payload is represented with this byte; thus we only need to skip 177 // the constructed sequence byte (i.e., 0x30) of tbsCertificate. 178 ..=127 => Some(1), 179 // The length of the payload is invalid since DER-encoded lengths must use the minimum 180 // number of bytes possible. The high bit is set iff one or more octets are needed to encode 181 // the actual length. The number of octets is represented by the remaining bits; thus this 182 // means there are 0 bytes to encode the length, but then it should have been encoded as 183 // `0` and not `128`. 184 // 185 // 255 is not allowed to be used per § 8.1.3.5. 186 128 | 255 => None, 187 // The remaining bits represent the number of bytes that it takes to encode the length; 188 // thus we subtract 128 and add 1 to account for the constructed sequence byte (i.e., 0x30) 189 // of tbsCertificate. This is the same as just subtracting 127. 190 // 191 // Underflow clearly cannot occur since `len` is at least 129. 192 len @ 129.. => Some(usize::from(len) - 127), 193 } 194 .and_then(|skip| { 195 cert_rem.get(skip..).and_then(|tbs_rem_with_len| { 196 // Remaining payload starting from the (possibly encoded) length of tbsCertificate. 197 tbs_rem_with_len 198 // Extract the (possibly encoded) length of tbsCertificate. 199 .split_first() 200 .and_then(|(tbs_enc_len, tbs_rem)| { 201 // We need to extract how many bytes make up tbsCertificate that way 202 // we can skip it and get to the (possibly encoded) length of 203 // signatureAlgorithm. 204 match *tbs_enc_len { 205 // tbsCertificate is encoded in `len` bytes. We need to skip that many 206 // bytes taking into account the constructed sequence byte (i.e., 0x30) 207 // of signatureAlgorithm. 208 // 209 // This won't overflow since `len` is at most 127; thus this maxes at 128 210 // which is <= `usize::MAX`. 211 len @ ..=127 => Some(usize::from(len) + 1), 212 // The number of bytes tbsCertificate is encoded in takes 1 byte to encode 213 // We get that one byte since that is how many bytes we need to skip taking 214 // into account the byte and the constructed sequence byte (i.e., 0x30) of 215 // signatureAlgorithm. 216 // 217 // This won't overflow since this maxes at 255 + 2 = 257 <= usize::MAX. 218 129 => tbs_rem.first().map(|len| usize::from(*len) + 2), 219 // The number of bytes tbsCertificate is encoded in takes 2 bytes to encode. 220 // We get the two bytes since that is how many bytes we need to skip. 221 130 => tbs_rem.get(..2).and_then(|enc_len| { 222 let mut big_endian_len = [0; 2]; 223 // This won't `panic` since `enc_len.len() == 2`. 224 big_endian_len.copy_from_slice(enc_len); 225 // Multi-byte lengths are encoded in big-endian. 226 u16::from_be_bytes(big_endian_len) 227 // We need to account for the two bytes and the constructed sequence byte 228 // (i.e., 0x30) of signatureAlgorithm. 229 .checked_add(3) 230 // We don't support payloads larger than 65,535 since that is more than 231 // enough for a single certificate. 232 .map(usize::from) 233 }), 234 // We arbitrarily cap the size of payloads we accept to simplify decoding. 235 // If this is more than 130, then the payload is at least 16,777,216 bytes 236 // which is obscenely large for a single certificate. 128 is invalid. 237 _ => None, 238 } 239 .and_then(|tbs_len| { 240 tbs_rem.get(tbs_len..).and_then(|alg_rem_with_len| { 241 // Remaining payload starting from the (possibly encoded) length of 242 // signatureAlgorithm. 243 alg_rem_with_len 244 // Extract the (possibly encoded) length of signatureAlgorithm. 245 .split_first() 246 .and_then(|(alg_enc_len, alg_rem)| { 247 // We need to extract how many bytes make up signatureAlgorithm that way 248 // we can skip it and get to the (possibly encoded) length of algorithm. 249 match *alg_enc_len { 250 // The length of the payload is represented with this byte; thus we 251 // only need to skip the object identifier byte (i.e., 0x06) of 252 // algorithm. 253 ..=127 => Some(1), 254 // The length of the payload is invalid. 255 128 | 255 => None, 256 // The remaining bits represents the number of bytes that it takes to 257 // encode the length; thus we subtract 128 and add 1 to account for 258 // the object identifier byte (i.e., 0x06) of algorithm. 259 // This is the same as just subtracting 127. 260 // 261 // Underflow clearly cannot occur since `len` is at least 129. 262 len @ 129.. => Some(usize::from(len) - 127), 263 } 264 .and_then( 265 |alg_skip| { 266 alg_rem.get(alg_skip..).and_then(|oid_rem| { 267 // Remaining payload starting from the (possibly encoded) 268 // length of algorithm, and we extract the 269 // (possibly encoded) length of algorithm. 270 oid_rem.split_first().and_then( 271 |(oid_enc_len, rem)| { 272 // Extract the algorithm. 273 // Recall we don't care if the certificate is 274 // invalid, and we only support algorithms of 275 // length at most 127. As a result, we treat 276 // `oid_enc_len` as is. 277 rem.get(..usize::from(*oid_enc_len)) 278 .and_then(|oid| match oid { 279 ED25519 | ECDSA_SHA256 280 | RSA_SHA256 | DSA_SHA256 281 // [RFC 5929 § 4.1](https://www.rfc-editor.org/rfc/rfc5929#section-4.1) 282 // mandates that SHA-1 based signatures 283 // use SHA-256. 284 | DSA_SHA1 | RSA_SHA1 => { 285 Some(Self::Sha256( 286 Sha256::digest( 287 cert, 288 ), 289 )) 290 } 291 ECDSA_SHA384 292 | RSA_SHA384 => { 293 Some(Self::Sha384( 294 Sha384::digest( 295 cert, 296 ), 297 )) 298 } 299 ECDSA_SHA512 300 | RSA_SHA512 => { 301 Some(Self::Sha512( 302 Sha512::digest( 303 cert, 304 ), 305 )) 306 } 307 ECDSA_SHA224 308 | RSA_SHA224 309 | DSA_SHA224 => { 310 Some(Self::Sha224( 311 Sha224::digest( 312 cert, 313 ), 314 )) 315 } 316 _ => None, 317 }) 318 }, 319 ) 320 }) 321 }, 322 ) 323 }) 324 }) 325 }) 326 }) 327 }) 328 }) 329 }) 330 } 331 } 332 /// The [`TlsConnector::Stream`] returned from [`TlsConnectorFuture::poll`]. 333 #[derive(Debug)] 334 pub struct TlsStream<S>(RustlsStream<S>); 335 impl<S: AsyncRead + AsyncWrite + Unpin> AsyncRead for TlsStream<S> { 336 #[inline] 337 fn poll_read( 338 mut self: Pin<&mut Self>, 339 cx: &mut Context<'_>, 340 buf: &mut ReadBuf<'_>, 341 ) -> Poll<io::Result<()>> { 342 Pin::new(&mut self.0).poll_read(cx, buf) 343 } 344 } 345 impl<S: AsyncRead + AsyncWrite + Unpin> AsyncWrite for TlsStream<S> { 346 #[inline] 347 fn poll_write( 348 mut self: Pin<&mut Self>, 349 cx: &mut Context<'_>, 350 buf: &[u8], 351 ) -> Poll<Result<usize, io::Error>> { 352 Pin::new(&mut self.0).poll_write(cx, buf) 353 } 354 #[inline] 355 fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Result<(), io::Error>> { 356 Pin::new(&mut self.0).poll_flush(cx) 357 } 358 #[inline] 359 fn poll_shutdown( 360 mut self: Pin<&mut Self>, 361 cx: &mut Context<'_>, 362 ) -> Poll<Result<(), io::Error>> { 363 Pin::new(&mut self.0).poll_shutdown(cx) 364 } 365 #[inline] 366 fn poll_write_vectored( 367 mut self: Pin<&mut Self>, 368 cx: &mut Context<'_>, 369 bufs: &[IoSlice<'_>], 370 ) -> Poll<Result<usize, io::Error>> { 371 Pin::new(&mut self.0).poll_write_vectored(cx, bufs) 372 } 373 #[inline] 374 fn is_write_vectored(&self) -> bool { 375 self.0.is_write_vectored() 376 } 377 } 378 impl<S: AsyncRead + AsyncWrite + Unpin> PgTlsStream for TlsStream<S> { 379 /// Returns the [`ChannelBinding`] based on the X.509 v3 certificate sent from the PostgreSQL server. 380 /// 381 /// Note when this returns [`ChannelBinding::tls_server_end_point`], it _does not_ mean the certificate 382 /// is valid. In certain circumstances, this will return that even for an invalid certificate. This should 383 /// not matter since the certificate being invalid will cause the certificate to be rejected anyway. When 384 /// the certificate is valid and uses a supported signature algorithm, then this will always return the 385 /// correct value. 386 /// 387 /// The only supported signature algorithms are the following: 388 /// 389 /// * id-Ed25519 390 /// * ecdsa-with-SHA256 391 /// * sha256WithRSAEncryption 392 /// * ecdsa-with-SHA384 393 /// * sha384WithRSAEncryption 394 /// * ecdsa-with-SHA512 395 /// * sha512WithRSAEncryption 396 /// * ecdsa-with-SHA224 397 /// * sha224WithRSAEncryption 398 /// * dsa-with-SHA256 399 /// * dsa-with-SHA224 400 /// * dsa-with-SHA1 401 /// * sha1WithRSAEncryption 402 /// 403 /// Note it is strongly recommended that TLS 1.3 be used; thus while signature algorithms that are not 404 /// part of TLS 1.3 are supported, you should avoid them. 405 /// See [RFC 9266 § 4.2](https://www.rfc-editor.org/rfc/rfc9266#section-4.2). 406 /// Additionally some of the supported signature algorithms may not be supported by PostgreSQL 407 /// (e.g., id-Ed25519). 408 #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")] 409 #[inline] 410 fn channel_binding(&self) -> ChannelBinding { 411 self.0 412 .get_ref() 413 .1 414 .peer_certificates() 415 .and_then(|certs| { 416 certs.first().and_then(|fst| { 417 Hash::from_der_cert(fst) 418 .map(|hash| ChannelBinding::tls_server_end_point(hash.into())) 419 }) 420 }) 421 .unwrap_or_else(ChannelBinding::none) 422 } 423 } 424 /// [`TlsConnector::Future`] returned from [`TlsConnector::connect`]. 425 #[expect( 426 missing_debug_implementations, 427 reason = "Connect does not implement Debug, so we don't" 428 )] 429 pub struct TlsConnectorFuture<S>(Connect<S>); 430 impl<S: AsyncRead + AsyncWrite + Unpin> Future for TlsConnectorFuture<S> { 431 type Output = io::Result<TlsStream<S>>; 432 #[inline] 433 fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> { 434 Pin::new(&mut self.0).poll(cx).map_ok(TlsStream) 435 } 436 } 437 /// Connects to the PostgreSQL server. 438 #[expect( 439 missing_debug_implementations, 440 reason = "TlsConnector does not implement Debug, so we don't" 441 )] 442 #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")] 443 pub struct TlsConnector<'domain> { 444 /// Used to connect to the PostgreSQL server. 445 #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")] 446 connector: tokio_rustls::TlsConnector, 447 /// The domain or IP of the PostgreSQL server. 448 #[expect(clippy::doc_markdown, reason = "PostgreSQL is correct")] 449 dom: ServerName<'domain>, 450 } 451 impl<'domain> TlsConnector<'domain> { 452 /// Returns `Self` based on `connector` and `domain`. 453 /// 454 /// # Errors 455 /// 456 /// Errors iff [`ServerName::try_from`] does when passed `domain`. 457 #[expect(single_use_lifetimes, reason = "false positive")] 458 #[inline] 459 pub fn new<'dom: 'domain>( 460 connector: tokio_rustls::TlsConnector, 461 domain: &'dom str, 462 ) -> Result<Self, InvalidDnsNameError> { 463 ServerName::try_from(domain).map(|dom| Self { connector, dom }) 464 } 465 } 466 impl<S: AsyncRead + AsyncWrite + Unpin> PgTlsConnect<S> for TlsConnector<'static> { 467 type Stream = TlsStream<S>; 468 type Error = io::Error; 469 type Future = TlsConnectorFuture<S>; 470 #[inline] 471 fn connect(self, stream: S) -> Self::Future { 472 TlsConnectorFuture(self.connector.connect(self.dom, stream)) 473 } 474 } 475 /// [`MakeTlsConnect`] based on [`tokio_rustls::TlsConnector`]. 476 #[expect( 477 missing_debug_implementations, 478 reason = "TlsConnector does not implement Debug, so we don't" 479 )] 480 #[cfg_attr(docsrs, doc(cfg(feature = "runtime")))] 481 #[cfg(feature = "runtime")] 482 #[derive(Clone)] 483 pub struct MakeTlsConnector(tokio_rustls::TlsConnector); 484 #[cfg(feature = "runtime")] 485 impl MakeTlsConnector { 486 /// Constructs `Self` based on `connector`. 487 #[inline] 488 #[must_use] 489 pub const fn new(connector: tokio_rustls::TlsConnector) -> Self { 490 Self(connector) 491 } 492 } 493 #[cfg(feature = "runtime")] 494 impl<S: AsyncRead + AsyncWrite + Unpin> MakeTlsConnect<S> for MakeTlsConnector { 495 type Stream = TlsStream<S>; 496 type TlsConnect = TlsConnector<'static>; 497 type Error = InvalidDnsNameError; 498 #[inline] 499 fn make_tls_connect(&mut self, domain: &str) -> Result<Self::TlsConnect, Self::Error> { 500 ServerName::try_from(domain).map(|dom| TlsConnector { 501 connector: self.0.clone(), 502 dom: dom.to_owned(), 503 }) 504 } 505 } 506 /// Removes any ALPN values and adds the `b"postgresql"` ALPN. 507 #[inline] 508 pub fn set_postgresql_alpn(config: &mut ClientConfig) { 509 config.alpn_protocols.clear(); 510 config.alpn_protocols.push(vec![ 511 b'p', b'o', b's', b't', b'g', b'r', b'e', b's', b'q', b'l', 512 ]); 513 } 514 #[cfg(test)] 515 mod tests { 516 #[cfg(feature = "runtime")] 517 extern crate alloc; 518 use super::Hash; 519 #[cfg(feature = "runtime")] 520 use super::MakeTlsConnector; 521 #[cfg(feature = "runtime")] 522 use alloc::sync::Arc; 523 #[cfg(feature = "runtime")] 524 use core::{ 525 net::{IpAddr, Ipv6Addr}, 526 time::Duration, 527 }; 528 use sha2::{Digest as _, Sha224, Sha256, Sha384, Sha512}; 529 #[cfg(feature = "runtime")] 530 use std::{fs, io::Error}; 531 #[cfg(feature = "runtime")] 532 use tokio::runtime::Builder; 533 #[cfg(feature = "runtime")] 534 use tokio_postgres::{ 535 Config, 536 config::{ChannelBinding, LoadBalanceHosts, SslMode, TargetSessionAttrs}, 537 }; 538 #[cfg(feature = "runtime")] 539 use tokio_rustls::rustls::{ 540 self, ClientConfig, RootCertStore, 541 pki_types::{ 542 CertificateDer, PrivateKeyDer, 543 pem::{Error as PemErr, PemObject as _}, 544 }, 545 version::TLS13, 546 }; 547 #[test] 548 fn test_parse_ed25519() { 549 /// Certificate that uses Ed25519. 550 const CERT: &[u8] = [ 551 48, 130, 1, 125, 48, 130, 1, 47, 160, 3, 2, 1, 2, 2, 1, 29, 48, 5, 6, 3, 43, 101, 112, 552 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 6, 3, 85, 4, 10, 553 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 82, 111, 554 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 52, 56, 48, 53, 90, 23, 13, 555 50, 53, 48, 51, 49, 54, 48, 48, 52, 56, 48, 53, 90, 48, 43, 49, 11, 48, 9, 6, 3, 85, 4, 556 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 116, 49, 13, 557 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 42, 48, 5, 6, 3, 43, 101, 112, 3, 558 33, 0, 142, 168, 95, 146, 122, 142, 177, 52, 239, 161, 27, 41, 80, 58, 167, 248, 211, 559 181, 154, 201, 26, 195, 207, 27, 132, 228, 110, 149, 95, 212, 44, 202, 163, 117, 48, 560 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 238, 12, 127, 172, 94, 237, 69, 62, 240, 561 99, 1, 2, 35, 161, 201, 129, 19, 85, 0, 227, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 562 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 37, 1, 1, 563 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 564 22, 128, 20, 199, 177, 144, 22, 54, 182, 183, 202, 234, 246, 98, 108, 85, 32, 30, 132, 565 146, 221, 218, 80, 48, 5, 6, 3, 43, 101, 112, 3, 65, 0, 133, 253, 192, 202, 50, 167, 566 57, 5, 246, 17, 58, 232, 188, 41, 147, 232, 35, 206, 147, 181, 0, 139, 95, 3, 24, 139, 567 17, 102, 113, 186, 146, 163, 97, 157, 255, 50, 193, 230, 159, 170, 218, 35, 56, 99, 89, 568 251, 173, 97, 106, 15, 52, 71, 209, 69, 109, 216, 140, 235, 37, 23, 185, 173, 215, 0, 569 ] 570 .as_slice(); 571 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 572 Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT), 573 _ => false, 574 }),); 575 } 576 #[test] 577 fn test_parse_ecdsa_sha256() { 578 /// Certificate that uses ECDSA with SHA-256. 579 const CERT: &[u8] = [ 580 48, 130, 1, 189, 48, 130, 1, 99, 160, 3, 2, 1, 2, 2, 1, 27, 48, 10, 6, 8, 42, 134, 72, 581 206, 61, 4, 3, 2, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 582 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 583 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 52, 49, 51, 584 48, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 52, 49, 51, 48, 90, 48, 43, 49, 11, 48, 585 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 586 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 89, 48, 19, 6, 7, 587 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 195, 27, 588 22, 133, 220, 98, 146, 255, 201, 209, 114, 117, 93, 119, 207, 46, 228, 132, 210, 187, 589 134, 197, 201, 194, 147, 51, 111, 17, 187, 179, 129, 180, 129, 62, 164, 27, 199, 95, 590 59, 16, 167, 134, 233, 53, 127, 194, 187, 144, 193, 106, 100, 37, 104, 219, 164, 155, 591 58, 210, 106, 12, 192, 247, 72, 183, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 592 22, 4, 20, 84, 214, 179, 28, 250, 191, 223, 88, 72, 221, 229, 63, 123, 177, 146, 167, 593 224, 18, 24, 0, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 594 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 595 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 43, 80, 133, 596 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123, 149, 250, 100, 138, 233, 225, 48, 10, 597 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 32, 107, 43, 12, 27, 111, 598 216, 19, 191, 199, 1, 202, 22, 147, 43, 16, 188, 36, 156, 141, 80, 115, 124, 160, 211, 599 19, 123, 41, 216, 94, 19, 236, 0, 2, 33, 0, 164, 138, 200, 40, 159, 245, 38, 70, 207, 600 160, 121, 19, 56, 240, 18, 222, 191, 196, 217, 129, 24, 92, 238, 43, 39, 29, 57, 85, 601 56, 11, 178, 88, 602 ] 603 .as_slice(); 604 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 605 Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT), 606 _ => false, 607 }),); 608 } 609 #[test] 610 fn test_parse_ecdsa_sha384() { 611 /// Certificate that uses ECDSA with SHA-384. 612 const CERT: &[u8] = [ 613 48, 130, 1, 218, 48, 130, 1, 128, 160, 3, 2, 1, 2, 2, 1, 25, 48, 10, 6, 8, 42, 134, 72, 614 206, 61, 4, 3, 3, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 615 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 616 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 51, 57, 51, 617 55, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 51, 57, 51, 55, 90, 48, 43, 49, 11, 48, 618 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 619 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 118, 48, 16, 6, 7, 620 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 246, 106, 156, 228, 621 83, 166, 254, 62, 196, 22, 127, 171, 204, 182, 154, 182, 253, 35, 95, 120, 253, 231, 622 78, 20, 146, 203, 186, 201, 147, 48, 197, 96, 195, 202, 5, 235, 201, 168, 28, 117, 62, 623 47, 121, 211, 58, 67, 32, 96, 129, 15, 215, 172, 135, 222, 180, 101, 196, 18, 41, 107, 624 6, 161, 172, 183, 217, 106, 227, 24, 140, 13, 145, 245, 137, 185, 4, 78, 210, 56, 235, 625 159, 203, 241, 203, 239, 39, 90, 98, 227, 215, 221, 119, 65, 47, 68, 2, 200, 163, 117, 626 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 88, 91, 22, 70, 200, 54, 182, 100, 627 191, 186, 73, 152, 174, 87, 56, 64, 26, 173, 27, 43, 48, 12, 6, 3, 85, 29, 19, 1, 1, 628 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 629 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 630 4, 24, 48, 22, 128, 20, 43, 80, 133, 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123, 631 149, 250, 100, 138, 233, 225, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 3, 72, 0, 632 48, 69, 2, 33, 0, 210, 47, 45, 107, 132, 43, 161, 65, 132, 15, 148, 184, 203, 125, 234, 633 232, 111, 216, 238, 113, 187, 201, 114, 177, 218, 234, 201, 126, 204, 118, 80, 225, 2, 634 32, 67, 111, 72, 96, 182, 167, 191, 130, 118, 105, 253, 133, 58, 38, 65, 112, 234, 3, 635 23, 77, 182, 0, 195, 80, 181, 65, 76, 243, 4, 145, 200, 255, 636 ] 637 .as_slice(); 638 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 639 Hash::Sha384(ref hash) => *hash == Sha384::digest(CERT), 640 _ => false, 641 }),); 642 } 643 #[test] 644 fn test_parse_ecdsa_sha512() { 645 /// Certificate that uses ECDSA with SHA-512. 646 const CERT: &[u8] = [ 647 48, 130, 2, 1, 48, 130, 1, 166, 160, 3, 2, 1, 2, 2, 1, 24, 48, 10, 6, 8, 42, 134, 72, 648 206, 61, 4, 3, 4, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 649 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 650 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 51, 56, 51, 651 54, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 51, 56, 51, 54, 90, 48, 43, 49, 11, 48, 652 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 653 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 129, 155, 48, 16, 6, 654 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 35, 3, 129, 134, 0, 4, 1, 86, 143, 655 210, 217, 20, 143, 103, 172, 34, 97, 62, 173, 15, 43, 199, 93, 220, 81, 75, 137, 219, 656 111, 217, 127, 6, 8, 115, 160, 121, 146, 138, 64, 110, 14, 193, 98, 164, 226, 208, 89, 657 120, 108, 30, 107, 77, 194, 63, 41, 112, 173, 112, 44, 85, 54, 155, 168, 189, 235, 129, 658 214, 104, 152, 198, 252, 62, 1, 87, 193, 205, 162, 152, 15, 26, 111, 231, 183, 106, 659 145, 29, 251, 188, 148, 239, 192, 53, 186, 34, 13, 104, 231, 85, 127, 17, 67, 54, 116, 660 232, 85, 23, 143, 68, 171, 30, 25, 155, 201, 171, 106, 89, 20, 234, 12, 192, 68, 102, 661 166, 50, 246, 130, 117, 62, 222, 142, 98, 62, 43, 9, 109, 74, 138, 180, 163, 117, 48, 662 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 148, 160, 104, 250, 171, 155, 48, 171, 13, 663 164, 221, 144, 240, 194, 250, 9, 183, 72, 158, 141, 48, 12, 6, 3, 85, 29, 19, 1, 1, 664 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 665 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 666 4, 24, 48, 22, 128, 20, 43, 80, 133, 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123, 667 149, 250, 100, 138, 233, 225, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 4, 3, 73, 0, 668 48, 70, 2, 33, 0, 179, 24, 50, 50, 127, 141, 167, 197, 29, 35, 234, 81, 215, 112, 233, 669 218, 84, 151, 136, 117, 40, 106, 164, 156, 205, 75, 6, 133, 64, 52, 161, 116, 2, 33, 0, 670 141, 178, 46, 201, 22, 126, 42, 84, 96, 191, 175, 219, 140, 72, 252, 6, 152, 112, 113, 671 232, 38, 101, 11, 215, 20, 143, 22, 199, 38, 237, 179, 108, 672 ] 673 .as_slice(); 674 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 675 Hash::Sha512(ref hash) => *hash == Sha512::digest(CERT), 676 _ => false, 677 }),); 678 } 679 #[test] 680 fn test_parse_ecdsa_sha224() { 681 /// Certificate that uses ECDSA with SHA-224. 682 const CERT: &[u8] = [ 683 48, 130, 1, 178, 48, 130, 1, 88, 160, 3, 2, 1, 2, 2, 1, 28, 48, 10, 6, 8, 42, 134, 72, 684 206, 61, 4, 3, 1, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 685 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 686 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 52, 50, 49, 687 52, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 52, 50, 49, 52, 90, 48, 43, 49, 11, 48, 688 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 689 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 78, 48, 16, 6, 7, 690 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 33, 3, 58, 0, 4, 235, 241, 149, 78, 691 60, 248, 123, 132, 195, 228, 188, 151, 240, 28, 76, 198, 207, 121, 165, 126, 245, 158, 692 214, 232, 69, 198, 114, 117, 86, 137, 15, 86, 40, 171, 27, 36, 8, 43, 190, 138, 193, 693 136, 118, 43, 29, 119, 182, 21, 14, 123, 110, 81, 81, 72, 44, 195, 163, 117, 48, 115, 694 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 203, 141, 20, 54, 48, 176, 180, 57, 46, 1, 91, 695 221, 116, 154, 205, 81, 187, 184, 24, 211, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 696 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 29, 37, 1, 1, 697 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 698 22, 128, 20, 43, 80, 133, 205, 3, 144, 105, 186, 141, 39, 47, 176, 39, 123, 149, 250, 699 100, 138, 233, 225, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 1, 3, 72, 0, 48, 69, 2, 700 32, 64, 186, 179, 226, 82, 176, 87, 158, 166, 22, 31, 27, 19, 190, 112, 167, 241, 159, 701 33, 198, 60, 70, 68, 120, 19, 63, 33, 244, 236, 240, 216, 181, 2, 33, 0, 252, 183, 115, 702 52, 189, 151, 44, 178, 62, 209, 159, 31, 154, 152, 69, 189, 121, 148, 57, 231, 27, 22, 703 165, 212, 65, 202, 124, 15, 53, 150, 93, 183, 704 ] 705 .as_slice(); 706 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 707 Hash::Sha224(ref hash) => *hash == Sha224::digest(CERT), 708 _ => false, 709 }),); 710 } 711 #[test] 712 fn test_parse_rsa_sha256() { 713 /// Certificate that uses RSA with SHA-256. 714 const CERT: &[u8] = [ 715 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 31, 48, 13, 6, 9, 42, 134, 72, 716 134, 247, 13, 1, 1, 11, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 717 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 718 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 719 48, 51, 48, 53, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 51, 48, 53, 90, 48, 43, 720 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 721 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 722 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 723 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197, 724 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214, 725 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42, 726 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83, 727 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8, 728 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227, 729 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80, 730 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230, 731 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169, 732 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159, 733 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200, 734 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208, 735 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252, 736 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0, 737 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5, 738 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1, 739 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 740 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 741 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247, 742 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 743 11, 5, 0, 3, 130, 1, 1, 0, 28, 109, 109, 197, 99, 197, 36, 180, 154, 215, 173, 215, 24, 744 94, 47, 218, 147, 163, 179, 123, 248, 3, 144, 109, 173, 207, 49, 113, 249, 188, 31, 745 178, 16, 88, 88, 56, 11, 86, 127, 193, 23, 165, 65, 190, 84, 170, 156, 190, 52, 87, 746 119, 213, 106, 184, 11, 204, 151, 148, 205, 100, 233, 46, 170, 45, 161, 100, 58, 46, 747 105, 25, 150, 78, 146, 41, 100, 125, 203, 214, 238, 104, 251, 25, 183, 66, 102, 241, 748 110, 56, 55, 205, 122, 234, 205, 90, 91, 247, 143, 129, 217, 6, 190, 120, 18, 190, 11, 749 121, 207, 142, 170, 57, 236, 243, 113, 53, 167, 188, 26, 134, 175, 107, 195, 48, 119, 750 78, 117, 157, 104, 247, 65, 122, 153, 234, 166, 88, 142, 228, 25, 120, 243, 51, 111, 8, 751 43, 199, 255, 162, 186, 18, 64, 54, 96, 44, 138, 144, 237, 89, 176, 189, 245, 194, 96, 752 232, 196, 0, 50, 51, 98, 32, 163, 177, 130, 113, 41, 116, 33, 40, 190, 111, 79, 108, 753 107, 159, 65, 87, 222, 173, 170, 39, 29, 97, 240, 107, 130, 101, 247, 123, 85, 123, 754 247, 221, 89, 159, 114, 157, 35, 153, 22, 127, 149, 224, 158, 236, 4, 137, 193, 135, 755 136, 97, 222, 83, 232, 205, 148, 127, 139, 78, 220, 10, 183, 139, 205, 190, 181, 36, 756 61, 155, 88, 163, 50, 120, 153, 41, 182, 75, 219, 95, 25, 40, 229, 106, 87, 215, 77, 757 50, 219, 97, 758 ] 759 .as_slice(); 760 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 761 Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT), 762 _ => false, 763 }),); 764 } 765 #[test] 766 fn test_parse_rsa_sha384() { 767 /// Certificate that uses RSA with SHA-384. 768 const CERT: &[u8] = [ 769 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 32, 48, 13, 6, 9, 42, 134, 72, 770 134, 247, 13, 1, 1, 12, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 771 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 772 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 773 48, 53, 52, 54, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 53, 52, 54, 90, 48, 43, 774 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 775 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 776 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 777 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197, 778 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214, 779 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42, 780 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83, 781 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8, 782 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227, 783 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80, 784 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230, 785 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169, 786 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159, 787 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200, 788 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208, 789 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252, 790 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0, 791 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5, 792 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1, 793 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 794 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 795 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247, 796 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 797 12, 5, 0, 3, 130, 1, 1, 0, 135, 249, 101, 184, 225, 162, 164, 193, 23, 81, 98, 221, 798 134, 87, 34, 94, 229, 131, 221, 17, 38, 61, 156, 200, 113, 94, 244, 188, 226, 84, 74, 799 96, 205, 237, 230, 242, 168, 238, 178, 133, 68, 188, 80, 244, 60, 42, 169, 54, 66, 79, 800 104, 66, 251, 27, 240, 108, 16, 46, 175, 62, 240, 194, 7, 181, 238, 211, 118, 149, 150, 801 46, 97, 39, 28, 173, 225, 49, 73, 206, 147, 101, 12, 192, 218, 119, 208, 73, 20, 208, 802 229, 216, 133, 213, 28, 165, 70, 20, 158, 114, 223, 40, 121, 13, 236, 218, 165, 237, 803 164, 196, 94, 80, 120, 49, 212, 241, 213, 197, 201, 104, 67, 223, 130, 148, 197, 251, 804 199, 167, 6, 89, 146, 139, 141, 32, 78, 72, 190, 146, 94, 251, 208, 47, 118, 173, 111, 805 92, 241, 102, 26, 233, 145, 46, 220, 230, 5, 147, 220, 92, 240, 133, 24, 192, 71, 49, 806 252, 84, 163, 132, 34, 139, 12, 106, 4, 189, 151, 37, 34, 123, 26, 42, 84, 46, 232, 14, 807 129, 101, 84, 26, 25, 219, 11, 115, 214, 106, 12, 75, 199, 248, 218, 239, 209, 32, 159, 808 40, 192, 11, 2, 175, 51, 232, 20, 8, 72, 188, 184, 177, 22, 251, 238, 42, 74, 21, 25, 809 93, 77, 184, 5, 207, 101, 98, 60, 214, 173, 169, 56, 54, 211, 167, 55, 34, 14, 184, 25, 810 4, 170, 108, 94, 110, 27, 45, 11, 22, 61, 130, 63, 214, 168, 72, 811 ] 812 .as_slice(); 813 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 814 Hash::Sha384(ref hash) => *hash == Sha384::digest(CERT), 815 _ => false, 816 }),); 817 } 818 #[test] 819 fn test_parse_rsa_sha512() { 820 /// Certificate that uses RSA with SHA-512. 821 const CERT: &[u8] = [ 822 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 33, 48, 13, 6, 9, 42, 134, 72, 823 134, 247, 13, 1, 1, 13, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 824 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 825 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 826 48, 54, 52, 53, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 54, 52, 53, 90, 48, 43, 827 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 828 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 829 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 830 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197, 831 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214, 832 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42, 833 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83, 834 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8, 835 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227, 836 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80, 837 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230, 838 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169, 839 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159, 840 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200, 841 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208, 842 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252, 843 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0, 844 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5, 845 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1, 846 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 847 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 848 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247, 849 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 850 13, 5, 0, 3, 130, 1, 1, 0, 106, 7, 136, 82, 232, 55, 0, 98, 9, 211, 201, 57, 239, 67, 851 167, 139, 225, 164, 231, 255, 10, 52, 47, 234, 254, 75, 239, 241, 39, 6, 226, 209, 210, 852 169, 200, 32, 255, 83, 159, 23, 146, 9, 109, 173, 236, 216, 253, 199, 229, 23, 227, 33, 853 56, 98, 109, 59, 2, 167, 29, 118, 251, 82, 193, 39, 244, 191, 166, 194, 160, 105, 197, 854 190, 213, 141, 193, 50, 45, 245, 163, 229, 116, 221, 29, 194, 91, 198, 187, 21, 224, 855 95, 17, 203, 148, 160, 4, 15, 54, 249, 69, 12, 18, 25, 58, 190, 205, 44, 157, 184, 1, 856 25, 64, 219, 237, 196, 33, 101, 255, 146, 232, 112, 247, 214, 174, 252, 152, 146, 142, 857 231, 81, 35, 240, 216, 98, 136, 65, 179, 237, 207, 229, 198, 72, 175, 244, 31, 126, 858 106, 107, 100, 200, 81, 227, 41, 61, 26, 122, 226, 121, 219, 131, 212, 206, 238, 14, 859 210, 70, 60, 107, 115, 214, 67, 180, 133, 157, 114, 138, 63, 249, 71, 235, 41, 246, 14, 860 14, 4, 254, 208, 215, 111, 196, 248, 117, 61, 44, 67, 185, 11, 132, 10, 188, 220, 110, 861 78, 61, 171, 88, 172, 161, 1, 223, 52, 75, 101, 55, 249, 125, 178, 141, 127, 0, 246, 862 176, 34, 120, 93, 214, 37, 210, 148, 217, 149, 255, 63, 32, 58, 8, 71, 179, 62, 119, 863 14, 47, 191, 207, 137, 22, 255, 21, 71, 46, 42, 176, 31, 206, 146, 248, 105, 864 ] 865 .as_slice(); 866 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 867 Hash::Sha512(ref hash) => *hash == Sha512::digest(CERT), 868 _ => false, 869 }),); 870 } 871 #[test] 872 fn test_parse_rsa_sha224() { 873 /// Certificate that uses RSA with SHA-224. 874 const CERT: &[u8] = [ 875 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 30, 48, 13, 6, 9, 42, 134, 72, 876 134, 247, 13, 1, 1, 14, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 877 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 878 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 48, 879 53, 57, 50, 56, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 48, 53, 57, 50, 56, 90, 48, 43, 880 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 881 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 882 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 883 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197, 884 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214, 885 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42, 886 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83, 887 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8, 888 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227, 889 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80, 890 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230, 891 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169, 892 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159, 893 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200, 894 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208, 895 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252, 896 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0, 897 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5, 898 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1, 899 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 900 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 901 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247, 902 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 903 14, 5, 0, 3, 130, 1, 1, 0, 122, 121, 0, 201, 250, 195, 66, 213, 60, 117, 213, 188, 93, 904 193, 88, 130, 241, 219, 111, 238, 109, 38, 220, 131, 164, 12, 135, 169, 58, 140, 214, 905 211, 93, 51, 204, 242, 10, 119, 123, 23, 69, 67, 135, 151, 245, 23, 144, 61, 233, 229, 906 122, 189, 111, 89, 190, 100, 251, 86, 185, 246, 40, 121, 190, 192, 199, 119, 232, 209, 907 202, 23, 20, 46, 48, 235, 175, 240, 225, 106, 6, 24, 239, 172, 51, 196, 63, 189, 210, 908 167, 244, 87, 245, 193, 130, 33, 171, 165, 117, 180, 25, 250, 21, 6, 208, 124, 254, 64, 909 180, 50, 124, 234, 179, 121, 183, 0, 71, 118, 28, 115, 86, 117, 60, 96, 164, 33, 54, 1, 910 86, 234, 132, 146, 156, 221, 52, 28, 39, 237, 128, 75, 157, 169, 203, 26, 48, 74, 4, 911 129, 162, 139, 235, 16, 74, 236, 151, 0, 150, 234, 246, 204, 180, 240, 31, 92, 129, 51, 912 221, 118, 10, 192, 140, 32, 33, 21, 223, 113, 35, 86, 47, 236, 159, 252, 52, 185, 41, 913 151, 56, 126, 251, 165, 126, 214, 27, 213, 169, 211, 174, 26, 55, 21, 11, 187, 189, 96, 914 67, 141, 124, 178, 51, 37, 80, 17, 220, 210, 193, 243, 127, 46, 82, 75, 172, 187, 156, 915 222, 186, 3, 13, 194, 104, 234, 131, 96, 99, 34, 1, 61, 149, 219, 33, 227, 34, 215, 916 211, 82, 106, 57, 61, 185, 178, 1, 191, 14, 196, 52, 5, 38, 27, 232, 917 ] 918 .as_slice(); 919 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 920 Hash::Sha224(ref hash) => *hash == Sha224::digest(CERT), 921 _ => false, 922 }),); 923 } 924 #[test] 925 fn test_parse_rsa_sha1() { 926 /// Certificate that uses RSA with SHA-1. 927 const CERT: &[u8] = [ 928 48, 130, 3, 73, 48, 130, 2, 49, 160, 3, 2, 1, 2, 2, 1, 34, 48, 13, 6, 9, 42, 134, 72, 929 134, 247, 13, 1, 1, 5, 5, 0, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 930 16, 48, 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 931 3, 85, 4, 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 932 48, 57, 50, 56, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 48, 57, 50, 56, 90, 48, 43, 933 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 934 84, 101, 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 935 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 936 130, 1, 10, 2, 130, 1, 1, 0, 157, 28, 83, 190, 61, 252, 154, 205, 112, 191, 153, 197, 937 22, 159, 92, 161, 84, 84, 181, 67, 218, 26, 189, 52, 245, 184, 150, 248, 142, 15, 214, 938 118, 205, 243, 107, 45, 103, 205, 9, 198, 129, 115, 7, 195, 115, 131, 34, 244, 217, 42, 939 234, 170, 84, 41, 128, 49, 81, 175, 208, 42, 100, 168, 44, 145, 226, 11, 98, 245, 83, 940 134, 213, 30, 76, 239, 43, 82, 222, 175, 254, 135, 124, 16, 218, 105, 159, 219, 43, 8, 941 109, 1, 228, 16, 190, 160, 28, 100, 120, 245, 100, 164, 45, 128, 181, 238, 152, 227, 942 50, 63, 162, 191, 4, 173, 210, 254, 31, 141, 66, 193, 237, 20, 92, 34, 13, 74, 135, 80, 943 201, 12, 158, 51, 54, 91, 53, 97, 115, 212, 97, 6, 160, 45, 77, 40, 165, 55, 128, 230, 944 105, 31, 76, 197, 211, 111, 197, 169, 167, 136, 2, 249, 117, 65, 127, 163, 217, 169, 945 151, 97, 209, 194, 179, 203, 81, 58, 52, 66, 11, 184, 172, 97, 70, 124, 125, 151, 159, 946 102, 224, 24, 159, 233, 169, 95, 66, 17, 180, 69, 48, 233, 5, 250, 37, 55, 35, 200, 947 212, 225, 197, 240, 19, 22, 106, 101, 171, 190, 135, 3, 75, 157, 240, 149, 107, 208, 948 94, 58, 244, 204, 105, 9, 32, 203, 162, 194, 39, 12, 97, 16, 153, 236, 60, 93, 24, 252, 949 103, 231, 164, 19, 55, 233, 181, 103, 135, 187, 40, 202, 210, 125, 88, 73, 2, 3, 1, 0, 950 1, 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 91, 156, 56, 249, 82, 5, 951 5, 2, 2, 21, 57, 237, 90, 8, 188, 55, 139, 113, 229, 132, 48, 12, 6, 3, 85, 29, 19, 1, 952 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 953 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 954 35, 4, 24, 48, 22, 128, 20, 96, 178, 34, 145, 205, 104, 56, 196, 211, 241, 34, 247, 955 125, 194, 215, 110, 191, 133, 151, 15, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 956 5, 5, 0, 3, 130, 1, 1, 0, 12, 93, 61, 154, 152, 205, 44, 219, 157, 214, 4, 162, 93, 85, 957 60, 231, 231, 206, 193, 160, 133, 28, 61, 113, 102, 120, 137, 120, 175, 11, 244, 113, 958 217, 81, 151, 123, 210, 108, 156, 145, 99, 158, 104, 10, 25, 129, 95, 128, 140, 44, 959 153, 65, 175, 32, 37, 189, 186, 43, 101, 153, 98, 160, 95, 13, 154, 86, 221, 99, 210, 960 157, 25, 41, 98, 79, 252, 2, 8, 221, 120, 71, 54, 221, 34, 180, 109, 181, 185, 58, 2, 961 119, 167, 50, 172, 167, 192, 136, 24, 227, 40, 211, 18, 98, 2, 175, 174, 42, 100, 136, 962 83, 116, 7, 50, 50, 215, 164, 90, 49, 231, 106, 240, 246, 95, 236, 60, 198, 97, 200, 963 140, 23, 168, 183, 174, 132, 39, 251, 61, 112, 226, 66, 68, 16, 23, 213, 129, 86, 196, 964 248, 82, 141, 82, 107, 246, 224, 37, 94, 95, 134, 139, 75, 15, 70, 54, 47, 80, 19, 143, 965 48, 171, 113, 130, 226, 180, 39, 18, 44, 117, 113, 196, 20, 11, 82, 174, 251, 197, 216, 966 152, 229, 188, 148, 191, 165, 149, 50, 127, 172, 111, 95, 194, 63, 238, 112, 154, 85, 967 98, 18, 236, 13, 123, 232, 90, 47, 180, 36, 148, 77, 192, 45, 113, 150, 10, 254, 99, 0, 968 30, 87, 80, 22, 61, 78, 66, 180, 251, 220, 8, 78, 175, 251, 27, 201, 79, 197, 45, 127, 969 143, 163, 7, 252, 246, 45, 127, 87, 224, 125, 175, 245, 115, 970 ] 971 .as_slice(); 972 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 973 Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT), 974 _ => false, 975 }),); 976 } 977 #[test] 978 fn test_parse_dsa_sha256() { 979 /// Certificate that uses DSA with SHA-256. 980 const CERT: &[u8] = [ 981 48, 130, 4, 162, 48, 130, 4, 79, 160, 3, 2, 1, 2, 2, 1, 37, 48, 11, 6, 9, 96, 134, 72, 982 1, 101, 3, 4, 3, 2, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 983 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 984 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 50, 51, 985 48, 51, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 50, 51, 48, 51, 90, 48, 43, 49, 11, 986 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 987 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 3, 66, 48, 988 130, 2, 53, 6, 7, 42, 134, 72, 206, 56, 4, 1, 48, 130, 2, 40, 2, 130, 1, 1, 0, 172, 11, 989 194, 123, 239, 38, 183, 160, 91, 74, 179, 251, 72, 80, 38, 223, 195, 46, 238, 2, 67, 990 45, 138, 58, 62, 57, 85, 203, 148, 194, 164, 178, 195, 150, 29, 93, 245, 157, 225, 189, 991 125, 209, 186, 83, 234, 14, 179, 116, 156, 216, 112, 205, 152, 26, 168, 175, 111, 106, 992 249, 235, 49, 40, 246, 31, 152, 214, 59, 117, 64, 109, 28, 167, 222, 155, 132, 192, 993 180, 240, 8, 80, 209, 209, 119, 53, 165, 51, 189, 18, 158, 176, 171, 45, 160, 54, 8, 994 75, 146, 92, 245, 202, 188, 144, 36, 156, 127, 140, 220, 144, 56, 95, 38, 112, 44, 221, 995 159, 9, 159, 189, 153, 150, 88, 84, 73, 138, 6, 73, 141, 17, 28, 110, 159, 141, 21, 996 232, 13, 90, 130, 251, 177, 168, 242, 201, 222, 138, 182, 233, 142, 229, 24, 47, 186, 997 56, 245, 177, 250, 253, 2, 11, 115, 29, 6, 156, 168, 117, 22, 15, 152, 183, 137, 25, 998 188, 24, 22, 120, 195, 17, 97, 16, 85, 234, 95, 53, 156, 244, 146, 53, 183, 235, 71, 999 24, 163, 139, 70, 227, 235, 154, 229, 210, 144, 81, 231, 161, 120, 117, 182, 245, 175, 1000 25, 252, 21, 153, 130, 211, 180, 209, 164, 34, 248, 167, 8, 98, 181, 69, 52, 74, 120, 1001 227, 165, 16, 172, 42, 107, 248, 42, 225, 46, 80, 11, 117, 92, 225, 27, 86, 4, 226, 29, 1002 85, 105, 208, 193, 120, 112, 39, 226, 20, 141, 2, 29, 0, 186, 229, 13, 141, 5, 89, 173, 1003 164, 148, 130, 205, 229, 23, 44, 125, 234, 49, 240, 196, 213, 6, 31, 233, 8, 99, 80, 1004 166, 239, 2, 130, 1, 0, 106, 152, 3, 177, 77, 235, 201, 25, 36, 150, 146, 246, 50, 67, 1005 97, 96, 245, 207, 14, 200, 60, 16, 229, 114, 211, 111, 193, 226, 252, 153, 176, 159, 1006 198, 41, 133, 157, 197, 38, 112, 217, 9, 205, 13, 85, 170, 94, 89, 60, 214, 117, 182, 1007 163, 81, 138, 122, 250, 48, 98, 43, 60, 186, 203, 147, 60, 74, 110, 89, 216, 73, 4, 1008 191, 1, 158, 174, 98, 201, 184, 25, 162, 239, 244, 139, 154, 173, 108, 135, 124, 166, 1009 152, 88, 237, 68, 145, 252, 33, 40, 237, 57, 53, 155, 215, 56, 12, 202, 22, 225, 7, 89, 1010 24, 245, 195, 164, 36, 172, 98, 26, 115, 10, 71, 27, 21, 255, 62, 212, 202, 71, 147, 1011 229, 6, 181, 19, 107, 136, 223, 239, 164, 243, 254, 101, 208, 122, 226, 150, 17, 251, 1012 218, 85, 169, 81, 177, 7, 190, 171, 230, 26, 149, 183, 181, 113, 140, 252, 212, 172, 1013 154, 200, 118, 69, 156, 108, 144, 11, 201, 135, 175, 19, 201, 116, 9, 80, 20, 19, 89, 1014 151, 198, 204, 253, 10, 155, 101, 159, 81, 190, 174, 58, 220, 250, 220, 212, 42, 111, 1015 33, 204, 114, 7, 30, 153, 73, 248, 209, 114, 36, 225, 6, 47, 106, 45, 226, 254, 175, 1016 201, 138, 254, 121, 184, 19, 143, 48, 67, 179, 99, 250, 189, 237, 58, 249, 194, 167, 1017 149, 162, 219, 27, 53, 67, 135, 193, 204, 253, 176, 245, 2, 211, 58, 176, 69, 14, 186, 1018 3, 130, 1, 5, 0, 2, 130, 1, 0, 97, 40, 15, 97, 210, 23, 118, 85, 75, 191, 251, 126, 1019 171, 47, 188, 57, 40, 41, 85, 48, 206, 169, 253, 233, 146, 161, 39, 232, 242, 19, 219, 1020 191, 172, 82, 78, 132, 153, 238, 120, 228, 99, 199, 197, 181, 74, 191, 123, 189, 80, 1021 203, 219, 50, 184, 193, 49, 160, 9, 41, 167, 133, 33, 151, 52, 196, 61, 29, 102, 233, 1022 163, 249, 121, 248, 55, 144, 215, 55, 89, 142, 137, 249, 67, 112, 167, 42, 255, 67, 56, 1023 179, 106, 187, 79, 87, 54, 118, 186, 154, 48, 150, 204, 222, 102, 135, 254, 202, 9, 1024 166, 229, 176, 130, 37, 174, 139, 240, 43, 134, 75, 141, 35, 163, 203, 71, 153, 217, 1025 71, 181, 79, 35, 114, 55, 124, 20, 55, 110, 112, 223, 109, 239, 183, 210, 141, 59, 88, 1026 47, 40, 167, 154, 90, 99, 250, 146, 29, 226, 10, 70, 103, 246, 209, 36, 174, 177, 164, 1027 244, 126, 153, 106, 156, 92, 143, 140, 46, 49, 184, 125, 160, 246, 145, 178, 94, 11, 1028 153, 128, 59, 210, 11, 210, 42, 3, 138, 136, 147, 115, 96, 190, 68, 128, 25, 47, 26, 1029 231, 183, 247, 89, 28, 67, 220, 235, 88, 4, 228, 140, 148, 10, 98, 104, 101, 60, 115, 1030 39, 219, 183, 111, 62, 93, 133, 141, 219, 252, 51, 66, 224, 115, 158, 85, 46, 13, 171, 1031 31, 5, 210, 83, 68, 61, 92, 87, 241, 1, 215, 144, 233, 243, 68, 238, 197, 62, 54, 68, 1032 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 153, 40, 244, 111, 22, 53, 1033 83, 33, 46, 24, 242, 81, 89, 121, 91, 97, 190, 144, 138, 150, 48, 12, 6, 3, 85, 29, 19, 1034 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 1035 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 1036 35, 4, 24, 48, 22, 128, 20, 230, 93, 24, 66, 42, 224, 216, 63, 210, 30, 74, 173, 48, 1037 16, 195, 8, 166, 231, 232, 253, 48, 11, 6, 9, 96, 134, 72, 1, 101, 3, 4, 3, 2, 3, 64, 1038 0, 48, 61, 2, 28, 116, 130, 114, 201, 119, 192, 122, 114, 52, 255, 182, 233, 56, 153, 1039 169, 135, 12, 49, 236, 107, 72, 244, 178, 174, 32, 27, 13, 226, 2, 29, 0, 170, 35, 77, 1040 179, 10, 59, 85, 118, 124, 99, 48, 21, 125, 235, 57, 27, 60, 222, 102, 120, 20, 16, 1041 148, 80, 118, 28, 75, 176, 1042 ] 1043 .as_slice(); 1044 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 1045 Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT), 1046 _ => false, 1047 }),); 1048 } 1049 #[test] 1050 fn test_parse_dsa_sha224() { 1051 /// Certificate that uses DSA with SHA-224. 1052 const CERT: &[u8] = [ 1053 48, 130, 4, 163, 48, 130, 4, 79, 160, 3, 2, 1, 2, 2, 1, 36, 48, 11, 6, 9, 96, 134, 72, 1054 1, 101, 3, 4, 3, 1, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 1055 14, 6, 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 1056 3, 12, 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 50, 50, 1057 50, 53, 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 50, 50, 50, 53, 90, 48, 43, 49, 11, 1058 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 1059 115, 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 3, 66, 48, 1060 130, 2, 53, 6, 7, 42, 134, 72, 206, 56, 4, 1, 48, 130, 2, 40, 2, 130, 1, 1, 0, 172, 11, 1061 194, 123, 239, 38, 183, 160, 91, 74, 179, 251, 72, 80, 38, 223, 195, 46, 238, 2, 67, 1062 45, 138, 58, 62, 57, 85, 203, 148, 194, 164, 178, 195, 150, 29, 93, 245, 157, 225, 189, 1063 125, 209, 186, 83, 234, 14, 179, 116, 156, 216, 112, 205, 152, 26, 168, 175, 111, 106, 1064 249, 235, 49, 40, 246, 31, 152, 214, 59, 117, 64, 109, 28, 167, 222, 155, 132, 192, 1065 180, 240, 8, 80, 209, 209, 119, 53, 165, 51, 189, 18, 158, 176, 171, 45, 160, 54, 8, 1066 75, 146, 92, 245, 202, 188, 144, 36, 156, 127, 140, 220, 144, 56, 95, 38, 112, 44, 221, 1067 159, 9, 159, 189, 153, 150, 88, 84, 73, 138, 6, 73, 141, 17, 28, 110, 159, 141, 21, 1068 232, 13, 90, 130, 251, 177, 168, 242, 201, 222, 138, 182, 233, 142, 229, 24, 47, 186, 1069 56, 245, 177, 250, 253, 2, 11, 115, 29, 6, 156, 168, 117, 22, 15, 152, 183, 137, 25, 1070 188, 24, 22, 120, 195, 17, 97, 16, 85, 234, 95, 53, 156, 244, 146, 53, 183, 235, 71, 1071 24, 163, 139, 70, 227, 235, 154, 229, 210, 144, 81, 231, 161, 120, 117, 182, 245, 175, 1072 25, 252, 21, 153, 130, 211, 180, 209, 164, 34, 248, 167, 8, 98, 181, 69, 52, 74, 120, 1073 227, 165, 16, 172, 42, 107, 248, 42, 225, 46, 80, 11, 117, 92, 225, 27, 86, 4, 226, 29, 1074 85, 105, 208, 193, 120, 112, 39, 226, 20, 141, 2, 29, 0, 186, 229, 13, 141, 5, 89, 173, 1075 164, 148, 130, 205, 229, 23, 44, 125, 234, 49, 240, 196, 213, 6, 31, 233, 8, 99, 80, 1076 166, 239, 2, 130, 1, 0, 106, 152, 3, 177, 77, 235, 201, 25, 36, 150, 146, 246, 50, 67, 1077 97, 96, 245, 207, 14, 200, 60, 16, 229, 114, 211, 111, 193, 226, 252, 153, 176, 159, 1078 198, 41, 133, 157, 197, 38, 112, 217, 9, 205, 13, 85, 170, 94, 89, 60, 214, 117, 182, 1079 163, 81, 138, 122, 250, 48, 98, 43, 60, 186, 203, 147, 60, 74, 110, 89, 216, 73, 4, 1080 191, 1, 158, 174, 98, 201, 184, 25, 162, 239, 244, 139, 154, 173, 108, 135, 124, 166, 1081 152, 88, 237, 68, 145, 252, 33, 40, 237, 57, 53, 155, 215, 56, 12, 202, 22, 225, 7, 89, 1082 24, 245, 195, 164, 36, 172, 98, 26, 115, 10, 71, 27, 21, 255, 62, 212, 202, 71, 147, 1083 229, 6, 181, 19, 107, 136, 223, 239, 164, 243, 254, 101, 208, 122, 226, 150, 17, 251, 1084 218, 85, 169, 81, 177, 7, 190, 171, 230, 26, 149, 183, 181, 113, 140, 252, 212, 172, 1085 154, 200, 118, 69, 156, 108, 144, 11, 201, 135, 175, 19, 201, 116, 9, 80, 20, 19, 89, 1086 151, 198, 204, 253, 10, 155, 101, 159, 81, 190, 174, 58, 220, 250, 220, 212, 42, 111, 1087 33, 204, 114, 7, 30, 153, 73, 248, 209, 114, 36, 225, 6, 47, 106, 45, 226, 254, 175, 1088 201, 138, 254, 121, 184, 19, 143, 48, 67, 179, 99, 250, 189, 237, 58, 249, 194, 167, 1089 149, 162, 219, 27, 53, 67, 135, 193, 204, 253, 176, 245, 2, 211, 58, 176, 69, 14, 186, 1090 3, 130, 1, 5, 0, 2, 130, 1, 0, 97, 40, 15, 97, 210, 23, 118, 85, 75, 191, 251, 126, 1091 171, 47, 188, 57, 40, 41, 85, 48, 206, 169, 253, 233, 146, 161, 39, 232, 242, 19, 219, 1092 191, 172, 82, 78, 132, 153, 238, 120, 228, 99, 199, 197, 181, 74, 191, 123, 189, 80, 1093 203, 219, 50, 184, 193, 49, 160, 9, 41, 167, 133, 33, 151, 52, 196, 61, 29, 102, 233, 1094 163, 249, 121, 248, 55, 144, 215, 55, 89, 142, 137, 249, 67, 112, 167, 42, 255, 67, 56, 1095 179, 106, 187, 79, 87, 54, 118, 186, 154, 48, 150, 204, 222, 102, 135, 254, 202, 9, 1096 166, 229, 176, 130, 37, 174, 139, 240, 43, 134, 75, 141, 35, 163, 203, 71, 153, 217, 1097 71, 181, 79, 35, 114, 55, 124, 20, 55, 110, 112, 223, 109, 239, 183, 210, 141, 59, 88, 1098 47, 40, 167, 154, 90, 99, 250, 146, 29, 226, 10, 70, 103, 246, 209, 36, 174, 177, 164, 1099 244, 126, 153, 106, 156, 92, 143, 140, 46, 49, 184, 125, 160, 246, 145, 178, 94, 11, 1100 153, 128, 59, 210, 11, 210, 42, 3, 138, 136, 147, 115, 96, 190, 68, 128, 25, 47, 26, 1101 231, 183, 247, 89, 28, 67, 220, 235, 88, 4, 228, 140, 148, 10, 98, 104, 101, 60, 115, 1102 39, 219, 183, 111, 62, 93, 133, 141, 219, 252, 51, 66, 224, 115, 158, 85, 46, 13, 171, 1103 31, 5, 210, 83, 68, 61, 92, 87, 241, 1, 215, 144, 233, 243, 68, 238, 197, 62, 54, 68, 1104 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 153, 40, 244, 111, 22, 53, 1105 83, 33, 46, 24, 242, 81, 89, 121, 91, 97, 190, 144, 138, 150, 48, 12, 6, 3, 85, 29, 19, 1106 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 1107 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 1108 35, 4, 24, 48, 22, 128, 20, 230, 93, 24, 66, 42, 224, 216, 63, 210, 30, 74, 173, 48, 1109 16, 195, 8, 166, 231, 232, 253, 48, 11, 6, 9, 96, 134, 72, 1, 101, 3, 4, 3, 1, 3, 65, 1110 0, 48, 62, 2, 29, 0, 178, 65, 35, 200, 113, 88, 88, 146, 71, 230, 14, 148, 101, 161, 1111 118, 55, 125, 175, 226, 137, 63, 147, 215, 75, 207, 115, 150, 22, 2, 29, 0, 233, 44, 1112 225, 196, 27, 225, 84, 166, 253, 231, 247, 162, 41, 134, 178, 45, 218, 17, 24, 35, 120, 1113 100, 231, 84, 218, 88, 80, 255, 1114 ] 1115 .as_slice(); 1116 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 1117 Hash::Sha224(ref hash) => *hash == Sha224::digest(CERT), 1118 _ => false, 1119 }),); 1120 } 1121 #[test] 1122 fn test_parse_dsa_sha1() { 1123 /// Certificate that uses DSA with SHA-1. 1124 const CERT: &[u8] = [ 1125 48, 130, 4, 157, 48, 130, 4, 77, 160, 3, 2, 1, 2, 2, 1, 35, 48, 9, 6, 7, 42, 134, 72, 1126 206, 56, 4, 3, 48, 46, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 16, 48, 14, 6, 1127 3, 85, 4, 10, 12, 7, 84, 101, 115, 116, 32, 67, 65, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 1128 4, 82, 111, 111, 116, 48, 30, 23, 13, 50, 53, 48, 50, 49, 52, 48, 49, 49, 57, 48, 55, 1129 90, 23, 13, 50, 53, 48, 51, 49, 54, 48, 49, 49, 57, 48, 55, 90, 48, 43, 49, 11, 48, 9, 1130 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 13, 48, 11, 6, 3, 85, 4, 10, 12, 4, 84, 101, 115, 1131 116, 49, 13, 48, 11, 6, 3, 85, 4, 3, 12, 4, 84, 101, 115, 116, 48, 130, 3, 66, 48, 130, 1132 2, 53, 6, 7, 42, 134, 72, 206, 56, 4, 1, 48, 130, 2, 40, 2, 130, 1, 1, 0, 172, 11, 194, 1133 123, 239, 38, 183, 160, 91, 74, 179, 251, 72, 80, 38, 223, 195, 46, 238, 2, 67, 45, 1134 138, 58, 62, 57, 85, 203, 148, 194, 164, 178, 195, 150, 29, 93, 245, 157, 225, 189, 1135 125, 209, 186, 83, 234, 14, 179, 116, 156, 216, 112, 205, 152, 26, 168, 175, 111, 106, 1136 249, 235, 49, 40, 246, 31, 152, 214, 59, 117, 64, 109, 28, 167, 222, 155, 132, 192, 1137 180, 240, 8, 80, 209, 209, 119, 53, 165, 51, 189, 18, 158, 176, 171, 45, 160, 54, 8, 1138 75, 146, 92, 245, 202, 188, 144, 36, 156, 127, 140, 220, 144, 56, 95, 38, 112, 44, 221, 1139 159, 9, 159, 189, 153, 150, 88, 84, 73, 138, 6, 73, 141, 17, 28, 110, 159, 141, 21, 1140 232, 13, 90, 130, 251, 177, 168, 242, 201, 222, 138, 182, 233, 142, 229, 24, 47, 186, 1141 56, 245, 177, 250, 253, 2, 11, 115, 29, 6, 156, 168, 117, 22, 15, 152, 183, 137, 25, 1142 188, 24, 22, 120, 195, 17, 97, 16, 85, 234, 95, 53, 156, 244, 146, 53, 183, 235, 71, 1143 24, 163, 139, 70, 227, 235, 154, 229, 210, 144, 81, 231, 161, 120, 117, 182, 245, 175, 1144 25, 252, 21, 153, 130, 211, 180, 209, 164, 34, 248, 167, 8, 98, 181, 69, 52, 74, 120, 1145 227, 165, 16, 172, 42, 107, 248, 42, 225, 46, 80, 11, 117, 92, 225, 27, 86, 4, 226, 29, 1146 85, 105, 208, 193, 120, 112, 39, 226, 20, 141, 2, 29, 0, 186, 229, 13, 141, 5, 89, 173, 1147 164, 148, 130, 205, 229, 23, 44, 125, 234, 49, 240, 196, 213, 6, 31, 233, 8, 99, 80, 1148 166, 239, 2, 130, 1, 0, 106, 152, 3, 177, 77, 235, 201, 25, 36, 150, 146, 246, 50, 67, 1149 97, 96, 245, 207, 14, 200, 60, 16, 229, 114, 211, 111, 193, 226, 252, 153, 176, 159, 1150 198, 41, 133, 157, 197, 38, 112, 217, 9, 205, 13, 85, 170, 94, 89, 60, 214, 117, 182, 1151 163, 81, 138, 122, 250, 48, 98, 43, 60, 186, 203, 147, 60, 74, 110, 89, 216, 73, 4, 1152 191, 1, 158, 174, 98, 201, 184, 25, 162, 239, 244, 139, 154, 173, 108, 135, 124, 166, 1153 152, 88, 237, 68, 145, 252, 33, 40, 237, 57, 53, 155, 215, 56, 12, 202, 22, 225, 7, 89, 1154 24, 245, 195, 164, 36, 172, 98, 26, 115, 10, 71, 27, 21, 255, 62, 212, 202, 71, 147, 1155 229, 6, 181, 19, 107, 136, 223, 239, 164, 243, 254, 101, 208, 122, 226, 150, 17, 251, 1156 218, 85, 169, 81, 177, 7, 190, 171, 230, 26, 149, 183, 181, 113, 140, 252, 212, 172, 1157 154, 200, 118, 69, 156, 108, 144, 11, 201, 135, 175, 19, 201, 116, 9, 80, 20, 19, 89, 1158 151, 198, 204, 253, 10, 155, 101, 159, 81, 190, 174, 58, 220, 250, 220, 212, 42, 111, 1159 33, 204, 114, 7, 30, 153, 73, 248, 209, 114, 36, 225, 6, 47, 106, 45, 226, 254, 175, 1160 201, 138, 254, 121, 184, 19, 143, 48, 67, 179, 99, 250, 189, 237, 58, 249, 194, 167, 1161 149, 162, 219, 27, 53, 67, 135, 193, 204, 253, 176, 245, 2, 211, 58, 176, 69, 14, 186, 1162 3, 130, 1, 5, 0, 2, 130, 1, 0, 97, 40, 15, 97, 210, 23, 118, 85, 75, 191, 251, 126, 1163 171, 47, 188, 57, 40, 41, 85, 48, 206, 169, 253, 233, 146, 161, 39, 232, 242, 19, 219, 1164 191, 172, 82, 78, 132, 153, 238, 120, 228, 99, 199, 197, 181, 74, 191, 123, 189, 80, 1165 203, 219, 50, 184, 193, 49, 160, 9, 41, 167, 133, 33, 151, 52, 196, 61, 29, 102, 233, 1166 163, 249, 121, 248, 55, 144, 215, 55, 89, 142, 137, 249, 67, 112, 167, 42, 255, 67, 56, 1167 179, 106, 187, 79, 87, 54, 118, 186, 154, 48, 150, 204, 222, 102, 135, 254, 202, 9, 1168 166, 229, 176, 130, 37, 174, 139, 240, 43, 134, 75, 141, 35, 163, 203, 71, 153, 217, 1169 71, 181, 79, 35, 114, 55, 124, 20, 55, 110, 112, 223, 109, 239, 183, 210, 141, 59, 88, 1170 47, 40, 167, 154, 90, 99, 250, 146, 29, 226, 10, 70, 103, 246, 209, 36, 174, 177, 164, 1171 244, 126, 153, 106, 156, 92, 143, 140, 46, 49, 184, 125, 160, 246, 145, 178, 94, 11, 1172 153, 128, 59, 210, 11, 210, 42, 3, 138, 136, 147, 115, 96, 190, 68, 128, 25, 47, 26, 1173 231, 183, 247, 89, 28, 67, 220, 235, 88, 4, 228, 140, 148, 10, 98, 104, 101, 60, 115, 1174 39, 219, 183, 111, 62, 93, 133, 141, 219, 252, 51, 66, 224, 115, 158, 85, 46, 13, 171, 1175 31, 5, 210, 83, 68, 61, 92, 87, 241, 1, 215, 144, 233, 243, 68, 238, 197, 62, 54, 68, 1176 163, 117, 48, 115, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 153, 40, 244, 111, 22, 53, 1177 83, 33, 46, 24, 242, 81, 89, 121, 91, 97, 190, 144, 138, 150, 48, 12, 6, 3, 85, 29, 19, 1178 1, 1, 255, 4, 2, 48, 0, 48, 11, 6, 3, 85, 29, 15, 4, 4, 3, 2, 7, 128, 48, 22, 6, 3, 85, 1179 29, 37, 1, 1, 255, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 31, 6, 3, 85, 29, 1180 35, 4, 24, 48, 22, 128, 20, 230, 93, 24, 66, 42, 224, 216, 63, 210, 30, 74, 173, 48, 1181 16, 195, 8, 166, 231, 232, 253, 48, 9, 6, 7, 42, 134, 72, 206, 56, 4, 3, 3, 63, 0, 48, 1182 60, 2, 28, 50, 39, 36, 45, 25, 91, 93, 174, 107, 192, 215, 113, 214, 88, 122, 108, 97, 1183 82, 121, 182, 191, 182, 66, 173, 207, 255, 17, 86, 2, 28, 28, 133, 69, 48, 198, 204, 1184 39, 177, 136, 73, 222, 95, 114, 218, 219, 54, 88, 17, 114, 204, 214, 83, 20, 137, 75, 1185 203, 163, 99, 1186 ] 1187 .as_slice(); 1188 assert!(Hash::from_der_cert(CERT).map_or(false, |hash| match hash { 1189 Hash::Sha256(ref hash) => *hash == Sha256::digest(CERT), 1190 _ => false, 1191 }),); 1192 } 1193 #[cfg(feature = "runtime")] 1194 #[derive(Debug)] 1195 enum E { 1196 #[expect(dead_code, reason = "does not matter for tests")] 1197 Io(Error), 1198 #[expect(dead_code, reason = "does not matter for tests")] 1199 Rustls(rustls::Error), 1200 #[expect(dead_code, reason = "does not matter for tests")] 1201 Postgres(tokio_postgres::Error), 1202 NoRootCert, 1203 MultipleRootCerts, 1204 NoClientKey, 1205 MultipleClientKeys, 1206 #[expect(dead_code, reason = "does not matter for tests")] 1207 RustlsPem(PemErr), 1208 } 1209 #[cfg(feature = "runtime")] 1210 impl From<Error> for E { 1211 fn from(value: Error) -> Self { 1212 Self::Io(value) 1213 } 1214 } 1215 #[cfg(feature = "runtime")] 1216 impl From<rustls::Error> for E { 1217 fn from(value: rustls::Error) -> Self { 1218 Self::Rustls(value) 1219 } 1220 } 1221 #[cfg(feature = "runtime")] 1222 impl From<tokio_postgres::Error> for E { 1223 fn from(value: tokio_postgres::Error) -> Self { 1224 Self::Postgres(value) 1225 } 1226 } 1227 #[cfg(feature = "runtime")] 1228 impl From<PemErr> for E { 1229 fn from(value: PemErr) -> Self { 1230 Self::RustlsPem(value) 1231 } 1232 } 1233 #[cfg(feature = "runtime")] 1234 #[ignore] 1235 #[test] 1236 fn test_mutual_tls() -> Result<(), E> { 1237 let root_cert_file = fs::read("test_data/ca.crt.pem")?; 1238 let mut cert_iter = CertificateDer::pem_slice_iter(root_cert_file.as_slice()); 1239 let key_file = fs::read("test_data/client.key.pem")?; 1240 let mut key_iter = PrivateKeyDer::pem_slice_iter(key_file.as_slice()); 1241 let mut conf = ClientConfig::builder_with_protocol_versions([&TLS13].as_slice()) 1242 .with_root_certificates(cert_iter.next().ok_or_else(|| E::NoRootCert).and_then( 1243 |cert_res| { 1244 cert_res.map_err(E::RustlsPem).and_then(|cert| { 1245 cert_iter.next().map_or_else( 1246 || { 1247 let mut root_store = RootCertStore::empty(); 1248 root_store.add(cert).map_err(E::Rustls).map(|()| root_store) 1249 }, 1250 |_| Err(E::MultipleRootCerts), 1251 ) 1252 }) 1253 }, 1254 )?) 1255 .with_client_auth_cert( 1256 CertificateDer::pem_slice_iter(fs::read("test_data/client.crt.pem")?.as_slice()) 1257 .try_fold(Vec::with_capacity(1), |mut certs, res| { 1258 res.map(|cert| { 1259 certs.push(cert); 1260 certs 1261 }) 1262 })?, 1263 key_iter 1264 .next() 1265 .ok_or_else(|| E::NoClientKey) 1266 .and_then(|key_res| { 1267 key_res.map_err(E::RustlsPem).and_then(|key| { 1268 key_iter 1269 .next() 1270 .map_or_else(|| Ok(key), |_| Err(E::MultipleClientKeys)) 1271 }) 1272 })?, 1273 )?; 1274 super::set_postgresql_alpn(&mut conf); 1275 let mut config = Config::new(); 1276 let connection = config 1277 .application_name("test") 1278 .channel_binding(ChannelBinding::Disable) 1279 .connect_timeout(Duration::from_secs(4)) 1280 .dbname(fs::read_to_string("test_data/dbname")?.trim_ascii_end()) 1281 .host(fs::read_to_string("test_data/host")?.trim_ascii_end()) 1282 .hostaddr(IpAddr::V6(Ipv6Addr::LOCALHOST)) 1283 .keepalives(false) 1284 .load_balance_hosts(LoadBalanceHosts::Disable) 1285 .port(5432) 1286 .ssl_mode(SslMode::Require) 1287 .target_session_attrs(TargetSessionAttrs::Any) 1288 .user(fs::read_to_string("test_data/user")?.trim_ascii_end()) 1289 .connect(MakeTlsConnector::new(Arc::new(conf).into())); 1290 Builder::new_current_thread() 1291 .enable_all() 1292 .build()? 1293 .block_on(async move { connection.await.map_err(E::Postgres).map(|_| ()) }) 1294 } 1295 #[cfg(feature = "runtime")] 1296 #[ignore] 1297 #[test] 1298 fn test_password_and_channel_binding() -> Result<(), E> { 1299 let root_cert_file = fs::read("test_data/ca.crt.pem")?; 1300 let mut cert_iter = CertificateDer::pem_slice_iter(root_cert_file.as_slice()); 1301 let mut conf = ClientConfig::builder_with_protocol_versions([&TLS13].as_slice()) 1302 .with_root_certificates(cert_iter.next().ok_or_else(|| E::NoRootCert).and_then( 1303 |cert_res| { 1304 cert_res.map_err(E::RustlsPem).and_then(|cert| { 1305 cert_iter.next().map_or_else( 1306 || { 1307 let mut root_store = RootCertStore::empty(); 1308 root_store.add(cert).map_err(E::Rustls).map(|()| root_store) 1309 }, 1310 |_| Err(E::MultipleRootCerts), 1311 ) 1312 }) 1313 }, 1314 )?) 1315 .with_no_client_auth(); 1316 super::set_postgresql_alpn(&mut conf); 1317 let mut config = Config::new(); 1318 let connection = config 1319 .application_name("test") 1320 .channel_binding(ChannelBinding::Require) 1321 .connect_timeout(Duration::from_secs(4)) 1322 .dbname(fs::read_to_string("test_data/dbname")?.trim_ascii_end()) 1323 .host(fs::read_to_string("test_data/host")?.trim_ascii_end()) 1324 .hostaddr(IpAddr::V6(Ipv6Addr::LOCALHOST)) 1325 .keepalives(false) 1326 .load_balance_hosts(LoadBalanceHosts::Disable) 1327 .password(fs::read("test_data/password")?.trim_ascii_end()) 1328 .port(5432) 1329 .ssl_mode(SslMode::Require) 1330 .target_session_attrs(TargetSessionAttrs::Any) 1331 .user(fs::read_to_string("test_data/user")?.trim_ascii_end()) 1332 .connect(MakeTlsConnector::new(Arc::new(conf).into())); 1333 Builder::new_current_thread() 1334 .enable_all() 1335 .build()? 1336 .block_on(async move { connection.await.map_err(E::Postgres).map(|_| ()) }) 1337 } 1338 }