Skip to content

Commit 8425fa3

Browse files
cpucpu
committed
tests: generate client auth revocation tests.
Created by running: ``` cd tests ./generate.py --no-tls-server-certs --no-signatures --no-clientauth ```
1 parent 6a755ab commit 8425fa3

24 files changed

+265
-0
lines changed

tests/client_auth_revocation.rs

Lines changed: 265 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,3 +82,268 @@ fn check_cert(
8282
}
8383

8484
// DO NOT EDIT BELOW: generated by tests/generate.py
85+
86+
#[test]
87+
#[cfg(feature = "alloc")]
88+
fn no_crls_test_ee_depth() {
89+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
90+
let intermediates =
91+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
92+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
93+
let crls = &[];
94+
assert_eq!(
95+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
96+
Ok(())
97+
);
98+
}
99+
100+
#[test]
101+
#[cfg(feature = "alloc")]
102+
fn no_relevant_crl_ee_depth() {
103+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
104+
let intermediates =
105+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
106+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
107+
let crls = &[webpki::CertRevocationList::try_from(
108+
include_bytes!("client_auth_revocation/no_relevant_crl_ee_depth.crl.der").as_slice(),
109+
)
110+
.unwrap()];
111+
assert_eq!(
112+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
113+
Ok(())
114+
);
115+
}
116+
117+
#[test]
118+
#[cfg(feature = "alloc")]
119+
fn ee_not_revoked_ee_depth() {
120+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
121+
let intermediates =
122+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
123+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
124+
let crls = &[webpki::CertRevocationList::try_from(
125+
include_bytes!("client_auth_revocation/ee_not_revoked_ee_depth.crl.der").as_slice(),
126+
)
127+
.unwrap()];
128+
assert_eq!(
129+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
130+
Ok(())
131+
);
132+
}
133+
134+
#[test]
135+
#[cfg(feature = "alloc")]
136+
fn ee_revoked_badsig_ee_depth() {
137+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
138+
let intermediates =
139+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
140+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
141+
let crls = &[webpki::CertRevocationList::try_from(
142+
include_bytes!("client_auth_revocation/ee_revoked_badsig_ee_depth.crl.der").as_slice(),
143+
)
144+
.unwrap()];
145+
assert_eq!(
146+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
147+
Err(webpki::Error::UnknownIssuer)
148+
);
149+
}
150+
151+
#[test]
152+
#[cfg(feature = "alloc")]
153+
fn ee_revoked_wrong_ku_ee_depth() {
154+
let ee = include_bytes!("client_auth_revocation/no_crl_ku_chain.ee.der");
155+
let intermediates =
156+
&[include_bytes!("client_auth_revocation/no_crl_ku_chain.int.ca.der").as_slice()];
157+
let ca = include_bytes!("client_auth_revocation/no_crl_ku_chain.root.ca.der");
158+
let crls = &[webpki::CertRevocationList::try_from(
159+
include_bytes!("client_auth_revocation/ee_revoked_wrong_ku_ee_depth.crl.der").as_slice(),
160+
)
161+
.unwrap()];
162+
assert_eq!(
163+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
164+
Err(webpki::Error::UnknownIssuer)
165+
);
166+
}
167+
168+
#[test]
169+
#[cfg(feature = "alloc")]
170+
fn ee_revoked_no_ku_ee_depth() {
171+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
172+
let intermediates =
173+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
174+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
175+
let crls = &[webpki::CertRevocationList::try_from(
176+
include_bytes!("client_auth_revocation/ee_revoked_no_ku_ee_depth.crl.der").as_slice(),
177+
)
178+
.unwrap()];
179+
assert_eq!(
180+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
181+
Err(webpki::Error::UnknownIssuer)
182+
);
183+
}
184+
185+
#[test]
186+
#[cfg(feature = "alloc")]
187+
fn ee_revoked_crl_ku_ee_depth() {
188+
let ee = include_bytes!("client_auth_revocation/ku_chain.ee.der");
189+
let intermediates = &[include_bytes!("client_auth_revocation/ku_chain.int.ca.der").as_slice()];
190+
let ca = include_bytes!("client_auth_revocation/ku_chain.root.ca.der");
191+
let crls = &[webpki::CertRevocationList::try_from(
192+
include_bytes!("client_auth_revocation/ee_revoked_crl_ku_ee_depth.crl.der").as_slice(),
193+
)
194+
.unwrap()];
195+
assert_eq!(
196+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
197+
Err(webpki::Error::UnknownIssuer)
198+
);
199+
}
200+
201+
#[test]
202+
#[cfg(feature = "alloc")]
203+
fn no_crls_test_chain_depth() {
204+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
205+
let intermediates =
206+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
207+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
208+
let crls = &[];
209+
assert_eq!(
210+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
211+
Ok(())
212+
);
213+
}
214+
215+
#[test]
216+
#[cfg(feature = "alloc")]
217+
fn no_relevant_crl_chain_depth() {
218+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
219+
let intermediates =
220+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
221+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
222+
let crls = &[webpki::CertRevocationList::try_from(
223+
include_bytes!("client_auth_revocation/no_relevant_crl_chain_depth.crl.der").as_slice(),
224+
)
225+
.unwrap()];
226+
assert_eq!(
227+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
228+
Ok(())
229+
);
230+
}
231+
232+
#[test]
233+
#[cfg(feature = "alloc")]
234+
fn int_not_revoked_chain_depth() {
235+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
236+
let intermediates =
237+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
238+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
239+
let crls = &[webpki::CertRevocationList::try_from(
240+
include_bytes!("client_auth_revocation/int_not_revoked_chain_depth.crl.der").as_slice(),
241+
)
242+
.unwrap()];
243+
assert_eq!(
244+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
245+
Ok(())
246+
);
247+
}
248+
249+
#[test]
250+
#[cfg(feature = "alloc")]
251+
fn int_revoked_badsig_chain_depth() {
252+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
253+
let intermediates =
254+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
255+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
256+
let crls = &[webpki::CertRevocationList::try_from(
257+
include_bytes!("client_auth_revocation/int_revoked_badsig_chain_depth.crl.der").as_slice(),
258+
)
259+
.unwrap()];
260+
assert_eq!(
261+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
262+
Err(webpki::Error::UnknownIssuer)
263+
);
264+
}
265+
266+
#[test]
267+
#[cfg(feature = "alloc")]
268+
fn int_revoked_wrong_ku_chain_depth() {
269+
let ee = include_bytes!("client_auth_revocation/no_crl_ku_chain.ee.der");
270+
let intermediates =
271+
&[include_bytes!("client_auth_revocation/no_crl_ku_chain.int.ca.der").as_slice()];
272+
let ca = include_bytes!("client_auth_revocation/no_crl_ku_chain.root.ca.der");
273+
let crls = &[webpki::CertRevocationList::try_from(
274+
include_bytes!("client_auth_revocation/int_revoked_wrong_ku_chain_depth.crl.der")
275+
.as_slice(),
276+
)
277+
.unwrap()];
278+
assert_eq!(
279+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
280+
Err(webpki::Error::UnknownIssuer)
281+
);
282+
}
283+
284+
#[test]
285+
#[cfg(feature = "alloc")]
286+
fn ee_revoked_chain_depth() {
287+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
288+
let intermediates =
289+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
290+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
291+
let crls = &[webpki::CertRevocationList::try_from(
292+
include_bytes!("client_auth_revocation/ee_revoked_chain_depth.crl.der").as_slice(),
293+
)
294+
.unwrap()];
295+
assert_eq!(
296+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
297+
Err(webpki::Error::UnknownIssuer)
298+
);
299+
}
300+
301+
#[test]
302+
#[cfg(feature = "alloc")]
303+
fn int_revoked_ee_depth() {
304+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
305+
let intermediates =
306+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
307+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
308+
let crls = &[webpki::CertRevocationList::try_from(
309+
include_bytes!("client_auth_revocation/int_revoked_ee_depth.crl.der").as_slice(),
310+
)
311+
.unwrap()];
312+
assert_eq!(
313+
check_cert(ee, intermediates, ca, RevocationCheckDepth::EndEntity, crls),
314+
Ok(())
315+
);
316+
}
317+
318+
#[test]
319+
#[cfg(feature = "alloc")]
320+
fn int_revoked_no_ku_chain_depth() {
321+
let ee = include_bytes!("client_auth_revocation/no_ku_chain.ee.der");
322+
let intermediates =
323+
&[include_bytes!("client_auth_revocation/no_ku_chain.int.ca.der").as_slice()];
324+
let ca = include_bytes!("client_auth_revocation/no_ku_chain.root.ca.der");
325+
let crls = &[webpki::CertRevocationList::try_from(
326+
include_bytes!("client_auth_revocation/int_revoked_no_ku_chain_depth.crl.der").as_slice(),
327+
)
328+
.unwrap()];
329+
assert_eq!(
330+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
331+
Err(webpki::Error::UnknownIssuer)
332+
);
333+
}
334+
335+
#[test]
336+
#[cfg(feature = "alloc")]
337+
fn int_revoked_crl_ku_chain_depth() {
338+
let ee = include_bytes!("client_auth_revocation/ku_chain.ee.der");
339+
let intermediates = &[include_bytes!("client_auth_revocation/ku_chain.int.ca.der").as_slice()];
340+
let ca = include_bytes!("client_auth_revocation/ku_chain.root.ca.der");
341+
let crls = &[webpki::CertRevocationList::try_from(
342+
include_bytes!("client_auth_revocation/int_revoked_crl_ku_chain_depth.crl.der").as_slice(),
343+
)
344+
.unwrap()];
345+
assert_eq!(
346+
check_cert(ee, intermediates, ca, RevocationCheckDepth::Chain, crls),
347+
Err(webpki::Error::UnknownIssuer)
348+
);
349+
}

tests/client_auth_revocation/ee_not_revoked_ee_depth.crl.der

460 Bytes
Binary file not shown.

tests/client_auth_revocation/ee_revoked_badsig_ee_depth.crl.der

478 Bytes
Binary file not shown.

tests/client_auth_revocation/ee_revoked_chain_depth.crl.der

478 Bytes
Binary file not shown.

tests/client_auth_revocation/ee_revoked_crl_ku_ee_depth.crl.der

475 Bytes
Binary file not shown.

tests/client_auth_revocation/ee_revoked_no_ku_ee_depth.crl.der

478 Bytes
Binary file not shown.

tests/client_auth_revocation/ee_revoked_wrong_ku_ee_depth.crl.der

482 Bytes
Binary file not shown.

tests/client_auth_revocation/int_not_revoked_chain_depth.crl.der

459 Bytes
Binary file not shown.

tests/client_auth_revocation/int_revoked_badsig_chain_depth.crl.der

477 Bytes
Binary file not shown.

tests/client_auth_revocation/int_revoked_crl_ku_chain_depth.crl.der

474 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)