From 8649970c10346f12399ee6fc21bde882fd00bd38 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 11:49:49 +0700 Subject: [PATCH 1/8] fix(rust/cardano-chain-follower): linter --- .../src/metadata/cip509/mod.rs | 48 ++++++++++++------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/rust/cardano-chain-follower/src/metadata/cip509/mod.rs b/rust/cardano-chain-follower/src/metadata/cip509/mod.rs index 75bac279cb..1935083bfb 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/mod.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/mod.rs @@ -1085,13 +1085,15 @@ mod tests { let transactions = multi_era_block.txs(); // Second transaction of this test data contains the CIP509 auxiliary data - let tx = transactions[1].clone(); - let aux_data = cip_509_aux_data(&tx); + let tx = transactions + .get(1) + .expect("Failed to get transaction index"); + let aux_data = cip_509_aux_data(tx); let mut decoder = Decoder::new(aux_data.as_slice()); let cip509 = Cip509::decode(&mut decoder, &mut ()).expect("Failed to decode Cip509"); assert!(cip509 - .validate_txn_inputs_hash(&tx, &mut validation_report, &decoded_metadata) + .validate_txn_inputs_hash(tx, &mut validation_report, &decoded_metadata) .unwrap()); } @@ -1105,14 +1107,16 @@ mod tests { let transactions = multi_era_block.txs(); // Second transaction of this test data contains the CIP509 auxiliary data - let tx = transactions[1].clone(); + let tx = transactions + .get(1) + .expect("Failed to get transaction index"); - let aux_data = cip_509_aux_data(&tx); + let aux_data = cip_509_aux_data(tx); let mut decoder = Decoder::new(aux_data.as_slice()); let mut cip509 = Cip509::decode(&mut decoder, &mut ()).expect("Failed to decode Cip509"); assert!(cip509 - .validate_aux(&tx, &mut validation_report, &decoded_metadata) + .validate_aux(tx, &mut validation_report, &decoded_metadata) .unwrap()); } @@ -1126,14 +1130,16 @@ mod tests { let transactions = multi_era_block.txs(); // Second transaction of this test data contains the CIP509 auxiliary data - let tx = transactions[1].clone(); + let tx = transactions + .get(1) + .expect("Failed to get transaction index"); - let aux_data = cip_509_aux_data(&tx); + let aux_data = cip_509_aux_data(tx); let mut decoder = Decoder::new(aux_data.as_slice()); let cip509 = Cip509::decode(&mut decoder, &mut ()).expect("Failed to decode Cip509"); assert!(cip509 - .validate_stake_public_key(&tx, &mut validation_report, &decoded_metadata, 0) + .validate_stake_public_key(tx, &mut validation_report, &decoded_metadata, 0) .unwrap()); } @@ -1147,9 +1153,11 @@ mod tests { let transactions = multi_era_block.txs(); // Second transaction of this test data contains the CIP509 auxiliary data - let tx = transactions[1].clone(); + let tx = transactions + .get(1) + .expect("Failed to get transaction index"); - let aux_data = cip_509_aux_data(&tx); + let aux_data = cip_509_aux_data(tx); let mut decoder = Decoder::new(aux_data.as_slice()); let cip509 = Cip509::decode(&mut decoder, &mut ()).expect("Failed to decode Cip509"); @@ -1159,7 +1167,7 @@ mod tests { if role.role_number == 0 { assert!(cip509 .validate_payment_key( - &tx, + tx, &mut validation_report, &decoded_metadata, 0, @@ -1181,9 +1189,11 @@ mod tests { let transactions = multi_era_block.txs(); // Second transaction of this test data contains the CIP509 auxiliary data - let tx = transactions[1].clone(); + let tx = transactions + .get(1) + .expect("Failed to get transaction index"); - let aux_data = cip_509_aux_data(&tx); + let aux_data = cip_509_aux_data(tx); let mut decoder = Decoder::new(aux_data.as_slice()); let cip509 = Cip509::decode(&mut decoder, &mut ()).expect("Failed to decode Cip509"); @@ -1194,7 +1204,7 @@ mod tests { println!( "{:?}", cip509.validate_payment_key( - &tx, + tx, &mut validation_report, &decoded_metadata, 0, @@ -1216,14 +1226,16 @@ mod tests { let transactions = multi_era_block.txs(); // Fifth transaction of this test data contains the CIP509 auxiliary data - let tx = transactions[4].clone(); + let tx = transactions + .get(4) + .expect("Failed to get transaction index"); - let aux_data = cip_509_aux_data(&tx); + let aux_data = cip_509_aux_data(tx); let mut decoder = Decoder::new(aux_data.as_slice()); let cip509 = Cip509::decode(&mut decoder, &mut ()).expect("Failed to decode Cip509"); assert!(!cip509 - .validate_stake_public_key(&tx, &mut validation_report, &decoded_metadata, 0) + .validate_stake_public_key(tx, &mut validation_report, &decoded_metadata, 0) .unwrap()); } } From 941c87e3c3d6dd45daa8a774ee1de21d2b4d70c9 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 12:28:28 +0700 Subject: [PATCH 2/8] fix(rust/cardano-chain-follower): decoder helper --- .../src/metadata/cip509/decode_helper.rs | 166 ++++++++---------- .../src/metadata/cip509/mod.rs | 4 +- .../src/metadata/cip509/rbac/certs.rs | 20 ++- .../src/metadata/cip509/rbac/mod.rs | 6 +- .../src/metadata/cip509/rbac/role_data.rs | 15 +- .../src/metadata/cip509/x509_chunks.rs | 6 +- 6 files changed, 101 insertions(+), 116 deletions(-) diff --git a/rust/cardano-chain-follower/src/metadata/cip509/decode_helper.rs b/rust/cardano-chain-follower/src/metadata/cip509/decode_helper.rs index d1ec7de0ff..91697f7a53 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/decode_helper.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/decode_helper.rs @@ -2,86 +2,52 @@ use minicbor::{data::Tag, decode, Decoder}; -/// Helper function for decoding map. -pub(crate) fn decode_map_len(d: &mut Decoder, from: &str) -> Result { - d.map() - .map_err(|e| decode::Error::message(&format!("Failed to decode map in {from}: {e}")))? - .ok_or(decode::Error::message(&format!( - "Failed to decode map in {from}, unexpected indefinite length", - ))) -} - -/// Helper function for decoding u8. -pub(crate) fn decode_u8(d: &mut Decoder, from: &str) -> Result { - d.u8() - .map_err(|e| decode::Error::message(&format!("Failed to decode u8 in {from}: {e}"))) -} - -/// Helper function for decoding u16. -pub(crate) fn decode_u16(d: &mut Decoder, from: &str) -> Result { - d.u16() - .map_err(|e| decode::Error::message(&format!("Failed to decode u16 in {from}: {e}"))) -} - -/// Helper function for decoding u32. -pub(crate) fn decode_u32(d: &mut Decoder, from: &str) -> Result { - d.u32() - .map_err(|e| decode::Error::message(&format!("Failed to decode u32 in {from}: {e}"))) -} - -/// Helper function for decoding u64. -pub(crate) fn decode_u64(d: &mut Decoder, from: &str) -> Result { - d.u64() - .map_err(|e| decode::Error::message(&format!("Failed to decode u64 in {from}: {e}"))) -} - -/// Helper function for decoding i8. -pub(crate) fn decode_i8(d: &mut Decoder, from: &str) -> Result { - d.i8() - .map_err(|e| decode::Error::message(&format!("Failed to decode i8 in {from}: {e}"))) -} - -/// Helper function for decoding i16. -pub(crate) fn decode_i16(d: &mut Decoder, from: &str) -> Result { - d.i16() - .map_err(|e| decode::Error::message(&format!("Failed to decode i16 in {from}: {e}"))) -} - -/// Helper function for decoding i32. -pub(crate) fn decode_i32(d: &mut Decoder, from: &str) -> Result { - d.i32() - .map_err(|e| decode::Error::message(&format!("Failed to decode i32 in {from}: {e}"))) -} - -/// Helper function for decoding i64. -pub(crate) fn decode_i64(d: &mut Decoder, from: &str) -> Result { - d.i64() - .map_err(|e| decode::Error::message(&format!("Failed to decode i64 in {from}: {e}"))) -} - -/// Helper function for decoding string. -pub(crate) fn decode_string(d: &mut Decoder, from: &str) -> Result { - d.str() - .map(std::borrow::ToOwned::to_owned) - .map_err(|e| decode::Error::message(&format!("Failed to decode string in {from}: {e}"))) +/// Generic helper function for decoding different types. +pub(crate) fn decode_helper<'a, T, C>( + d: &mut Decoder<'a>, from: &str, context: &mut C, +) -> Result +where T: minicbor::Decode<'a, C> { + T::decode(d, context).map_err(|e| { + decode::Error::message(&format!( + "Failed to decode {:?} in {from}: {e}", + std::any::type_name::() + )) + }) } /// Helper function for decoding bytes. pub(crate) fn decode_bytes(d: &mut Decoder, from: &str) -> Result, decode::Error> { - d.bytes() - .map(<[u8]>::to_vec) - .map_err(|e| decode::Error::message(&format!("Failed to decode bytes in {from}: {e}"))) + d.bytes().map(<[u8]>::to_vec).map_err(|e| { + decode::Error::message(&format!( + "Failed to decode bytes in {from}: + {e}" + )) + }) } /// Helper function for decoding array. pub(crate) fn decode_array_len(d: &mut Decoder, from: &str) -> Result { d.array() - .map_err(|e| decode::Error::message(&format!("Failed to decode array in {from}: {e}")))? + .map_err(|e| { + decode::Error::message(&format!( + "Failed to decode array in {from}: + {e}" + )) + })? .ok_or(decode::Error::message(&format!( "Failed to decode array in {from}, unexpected indefinite length", ))) } +/// Helper function for decoding map. +pub(crate) fn decode_map_len(d: &mut Decoder, from: &str) -> Result { + d.map() + .map_err(|e| decode::Error::message(&format!("Failed to decode map in {from}: {e}")))? + .ok_or(decode::Error::message(&format!( + "Failed to decode map in {from}, unexpected indefinite length", + ))) +} + /// Helper function for decoding tag. pub(crate) fn decode_tag(d: &mut Decoder, from: &str) -> Result { d.tag() @@ -91,50 +57,63 @@ pub(crate) fn decode_tag(d: &mut Decoder, from: &str) -> Result Result, decode::Error> { match d.datatype()? { - minicbor::data::Type::Bytes => Ok(decode_bytes(d, &format!("{from} Any"))?), minicbor::data::Type::String => { - Ok(decode_string(d, &format!("{from} Any"))? - .as_bytes() - .to_vec()) - }, - minicbor::data::Type::Array => { - Ok(decode_array_len(d, &format!("{from} Any"))? - .to_be_bytes() - .to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.as_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::U8 => { - Ok(decode_u8(d, &format!("{from} Any"))?.to_be_bytes().to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::U16 => { - Ok(decode_u16(d, &format!("{from} Any"))? - .to_be_bytes() - .to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::U32 => { - Ok(decode_u32(d, &format!("{from} Any"))? - .to_be_bytes() - .to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::U64 => { - Ok(decode_u64(d, &format!("{from} Any"))? - .to_be_bytes() - .to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::I8 => { - Ok(decode_i8(d, &format!("{from} Any"))?.to_be_bytes().to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::I16 => { - Ok(decode_i16(d, &format!("{from} Any"))? - .to_be_bytes() - .to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::I32 => { - Ok(decode_i32(d, &format!("{from} Any"))? - .to_be_bytes() - .to_vec()) + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } }, minicbor::data::Type::I64 => { - Ok(decode_i64(d, &format!("{from} Any"))? + match decode_helper::(d, &format!("{from} Any"), &mut ()) { + Ok(i) => Ok(i.to_be_bytes().to_vec()), + Err(e) => Err(e), + } + }, + minicbor::data::Type::Bytes => Ok(decode_bytes(d, &format!("{from} Any"))?), + minicbor::data::Type::Array => { + Ok(decode_array_len(d, &format!("{from} Any"))? .to_be_bytes() .to_vec()) }, @@ -213,7 +192,6 @@ mod tests { let mut e = Encoder::new(&mut buf); let num: i32 = -123_456_789; e.i32(num).expect("Error encoding i32"); - let mut d = Decoder::new(&buf); let result = decode_any(&mut d, "test").expect("Error decoding i32"); assert_eq!( diff --git a/rust/cardano-chain-follower/src/metadata/cip509/mod.rs b/rust/cardano-chain-follower/src/metadata/cip509/mod.rs index 1935083bfb..08ae4ce5ea 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/mod.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/mod.rs @@ -4,7 +4,7 @@ // cspell: words pkix use c509_certificate::general_names::general_name::GeneralNameValue; -use decode_helper::{decode_bytes, decode_map_len, decode_u8}; +use decode_helper::{decode_bytes, decode_helper, decode_map_len}; use der_parser::{asn1_rs::oid, der::parse_der_sequence, Oid}; use rbac::{certs::C509Cert, role_data::RoleData}; @@ -110,7 +110,7 @@ impl Decode<'_, ()> for Cip509 { let key = d.probe().u8()?; if let Some(key) = Cip509IntIdentifier::from_repr(key) { // Consuming the int - decode_u8(d, "CIP509")?; + let _: u8 = decode_helper(d, "CIP509", ctx)?; match key { Cip509IntIdentifier::Purpose => { cip509_metadatum.purpose = decode_bytes(d, "CIP509 purpose")? diff --git a/rust/cardano-chain-follower/src/metadata/cip509/rbac/certs.rs b/rust/cardano-chain-follower/src/metadata/cip509/rbac/certs.rs index 58b77911f9..df27f4fa43 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/rbac/certs.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/rbac/certs.rs @@ -4,9 +4,7 @@ use c509_certificate::c509::C509; use minicbor::{decode, Decode, Decoder}; use x509_cert::{der::Decode as x509Decode, Certificate}; -use crate::metadata::cip509::decode_helper::{ - decode_array_len, decode_bytes, decode_u64, decode_u8, -}; +use crate::metadata::cip509::decode_helper::{decode_array_len, decode_bytes, decode_helper}; // ------------------x509------------------------ @@ -72,9 +70,11 @@ pub struct C509CertInMetadatumReference { } impl Decode<'_, ()> for C509CertInMetadatumReference { - fn decode(d: &mut Decoder, _ctx: &mut ()) -> Result { - let txn_output_field = decode_u8(d, "txn output field in C509CertInMetadatumReference")?; - let txn_output_index = decode_u64(d, "txn output index in C509CertInMetadatumReference")?; + fn decode(d: &mut Decoder, ctx: &mut ()) -> Result { + let txn_output_field: u8 = + decode_helper(d, "txn output field in C509CertInMetadatumReference", ctx)?; + let txn_output_index: u64 = + decode_helper(d, "txn output index in C509CertInMetadatumReference", ctx)?; let cert_ref = match d.datatype()? { minicbor::data::Type::Array => { let len = decode_array_len(d, "cert ref in C509CertInMetadatumReference")?; @@ -82,7 +82,13 @@ impl Decode<'_, ()> for C509CertInMetadatumReference { arr.map(Some) }, minicbor::data::Type::Null => Ok(None), - _ => Ok(Some(vec![decode_u64(d, "C509CertInMetadatumReference")?])), + _ => { + Ok(Some(vec![decode_helper( + d, + "C509CertInMetadatumReference", + ctx, + )?])) + }, }?; Ok(Self { txn_output_field, diff --git a/rust/cardano-chain-follower/src/metadata/cip509/rbac/mod.rs b/rust/cardano-chain-follower/src/metadata/cip509/rbac/mod.rs index 78b766d7f7..3dbf5da106 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/rbac/mod.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/rbac/mod.rs @@ -15,7 +15,7 @@ use role_data::RoleData; use strum::FromRepr; use super::decode_helper::{ - decode_any, decode_array_len, decode_bytes, decode_map_len, decode_u16, + decode_any, decode_array_len, decode_bytes, decode_helper, decode_map_len, }; /// Struct of Cip509 RBAC metadata. @@ -98,13 +98,13 @@ impl Cip509RbacMetadata { } impl Decode<'_, ()> for Cip509RbacMetadata { - fn decode(d: &mut Decoder, _ctx: &mut ()) -> Result { + fn decode(d: &mut Decoder, ctx: &mut ()) -> Result { let map_len = decode_map_len(d, "Cip509RbacMetadata")?; let mut x509_rbac_metadata = Cip509RbacMetadata::new(); for _ in 0..map_len { - let key = decode_u16(d, "key in Cip509RbacMetadata")?; + let key: u16 = decode_helper(d, "key in Cip509RbacMetadata", ctx)?; if let Some(key) = Cip509RbacMetadataInt::from_repr(key) { match key { Cip509RbacMetadataInt::X509Certs => { diff --git a/rust/cardano-chain-follower/src/metadata/cip509/rbac/role_data.rs b/rust/cardano-chain-follower/src/metadata/cip509/rbac/role_data.rs index 8845941723..b56f16f0f3 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/rbac/role_data.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/rbac/role_data.rs @@ -7,7 +7,7 @@ use strum::FromRepr; use super::Cip509RbacMetadataInt; use crate::metadata::cip509::decode_helper::{ - decode_any, decode_array_len, decode_bytes, decode_i16, decode_map_len, decode_u64, decode_u8, + decode_any, decode_array_len, decode_bytes, decode_helper, decode_map_len, }; /// Struct of role data. @@ -51,11 +51,11 @@ impl Decode<'_, ()> for RoleData { let map_len = decode_map_len(d, "RoleData")?; let mut role_data = RoleData::default(); for _ in 0..map_len { - let key = decode_u8(d, "key in RoleData")?; + let key: u8 = decode_helper(d, "key in RoleData", ctx)?; if let Some(key) = RoleDataInt::from_repr(key) { match key { RoleDataInt::RoleNumber => { - role_data.role_number = decode_u8(d, "RoleNumber in RoleData")?; + role_data.role_number = decode_helper(d, "RoleNumber in RoleData", ctx)?; }, RoleDataInt::RoleSigningKey => { role_data.role_signing_key = Some(KeyReference::decode(d, ctx)?); @@ -64,7 +64,8 @@ impl Decode<'_, ()> for RoleData { role_data.role_encryption_key = Some(KeyReference::decode(d, ctx)?); }, RoleDataInt::PaymentKey => { - role_data.payment_key = Some(decode_i16(d, "PaymentKey in RoleData")?); + role_data.payment_key = + Some(decode_helper(d, "PaymentKey in RoleData", ctx)?); }, } } else { @@ -129,11 +130,11 @@ enum LocalRefInt { } impl Decode<'_, ()> for KeyLocalRef { - fn decode(d: &mut Decoder, _ctx: &mut ()) -> Result { + fn decode(d: &mut Decoder, ctx: &mut ()) -> Result { decode_array_len(d, "KeyLocalRef")?; - let local_ref = LocalRefInt::from_repr(decode_u8(d, "LocalRef in KeyLocalRef")?) + let local_ref = LocalRefInt::from_repr(decode_helper(d, "LocalRef in KeyLocalRef", ctx)?) .ok_or(decode::Error::message("Invalid local reference"))?; - let key_offset = decode_u64(d, "KeyOffset in KeyLocalRef")?; + let key_offset: u64 = decode_helper(d, "KeyOffset in KeyLocalRef", ctx)?; Ok(Self { local_ref, key_offset, diff --git a/rust/cardano-chain-follower/src/metadata/cip509/x509_chunks.rs b/rust/cardano-chain-follower/src/metadata/cip509/x509_chunks.rs index c6ba7bd64d..0cb4700b7c 100644 --- a/rust/cardano-chain-follower/src/metadata/cip509/x509_chunks.rs +++ b/rust/cardano-chain-follower/src/metadata/cip509/x509_chunks.rs @@ -5,7 +5,7 @@ use std::io::Read; use minicbor::{decode, Decode, Decoder}; use strum::FromRepr; -use super::{decode_helper::decode_u8, rbac::Cip509RbacMetadata}; +use super::{decode_helper::decode_helper, rbac::Cip509RbacMetadata}; use crate::metadata::cip509::decode_helper::{decode_array_len, decode_bytes}; /// Enum of compression algorithms used to compress chunks. @@ -34,9 +34,9 @@ impl X509Chunks { } impl Decode<'_, ()> for X509Chunks { - fn decode(d: &mut Decoder, _ctx: &mut ()) -> Result { + fn decode(d: &mut Decoder, ctx: &mut ()) -> Result { // Determine the algorithm - let algo = decode_u8(d, "algorithm in X509Chunks")?; + let algo: u8 = decode_helper(d, "algorithm in X509Chunks", ctx)?; let algorithm = CompressionAlgorithm::from_repr(algo) .ok_or(decode::Error::message("Invalid chunk data type"))?; From aff1ab05cd97e0bbd6841142cccc3c188c8cb6f3 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 13:39:43 +0700 Subject: [PATCH 3/8] chore(rust/cardano-chain-follower): run no cache --- rust/Earthfile | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/Earthfile b/rust/Earthfile index 8df6d3fe22..cd5f7e2a5f 100644 --- a/rust/Earthfile +++ b/rust/Earthfile @@ -26,6 +26,7 @@ check: build: FROM +builder + RUN --no-cache DO rust-ci+EXECUTE \ --cmd="/scripts/std_build.py" \ --output="release/[^\./]+" \ From 2be3079f8e09eba9f3fa48297b892d8c32ec4432 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 14:00:33 +0700 Subject: [PATCH 4/8] chore(rust/cardano-chain-follower): run no cache --- rust/Earthfile | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/Earthfile b/rust/Earthfile index cd5f7e2a5f..b0e135d28b 100644 --- a/rust/Earthfile +++ b/rust/Earthfile @@ -10,6 +10,7 @@ sync-cfg: # builder : Set up our target toolchains, and copy our files. builder: DO rust-ci+SETUP + RUN --no-cache COPY Cargo.toml clippy.toml deny.toml rustfmt.toml . COPY --dir .cargo .config c509-certificate cardano-chain-follower \ From 8796d9fa8dc426cbf37a1c1dd754d9e8dc363685 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 14:09:57 +0700 Subject: [PATCH 5/8] test(ci): comment out test --- rust/c509-certificate/src/lib.rs | 31 +- rust/c509-certificate/src/tbs_cert.rs | 600 +++++++++++++------------- 2 files changed, 316 insertions(+), 315 deletions(-) diff --git a/rust/c509-certificate/src/lib.rs b/rust/c509-certificate/src/lib.rs index ae223655b9..979df1f396 100644 --- a/rust/c509-certificate/src/lib.rs +++ b/rust/c509-certificate/src/lib.rs @@ -111,24 +111,25 @@ pub fn verify(c509: &[u8], public_key: &PublicKey) -> anyhow::Result<()> { public_key.verify(&encoded_tbs, &issuer_sig) } -#[cfg(test)] -mod test { - use std::str::FromStr; +// #[cfg(test)] +// mod test { +// use std::str::FromStr; - use signing::tests::private_key_str; - use tbs_cert::test_tbs_cert::tbs; +// use signing::tests::private_key_str; +// use tbs_cert::test_tbs_cert::tbs; - use super::*; +// use super::*; - #[test] - fn test_generate_and_verify_signed_c509_cert() { - let tbs_cert = tbs(); +// #[test] +// fn test_generate_and_verify_signed_c509_cert() { +// let tbs_cert = tbs(); - let private_key = FromStr::from_str(&private_key_str()).expect("Cannot create private key"); +// let private_key = FromStr::from_str(&private_key_str()).expect("Cannot create +// private key"); - let signed_c509 = generate(&tbs_cert, Some(&private_key)) - .expect("Failed to generate signed C509 certificate"); +// let signed_c509 = generate(&tbs_cert, Some(&private_key)) +// .expect("Failed to generate signed C509 certificate"); - assert!(verify(&signed_c509, &private_key.public_key()).is_ok()); - } -} +// assert!(verify(&signed_c509, &private_key.public_key()).is_ok()); +// } +// } diff --git a/rust/c509-certificate/src/tbs_cert.rs b/rust/c509-certificate/src/tbs_cert.rs index c9f4b55585..30ec13862c 100644 --- a/rust/c509-certificate/src/tbs_cert.rs +++ b/rust/c509-certificate/src/tbs_cert.rs @@ -174,303 +174,303 @@ impl Decode<'_, ()> for TbsCert { // - Currently support natively signed c509 certificate, so all text strings // are UTF-8 encoded and all attributeType SHALL be non-negative // - Some Extension values are not supported yet. - -#[cfg(test)] -pub(crate) mod test_tbs_cert { - use asn1_rs::oid; - - use super::*; - use crate::{ - attributes::attribute::{Attribute, AttributeValue}, - extensions::{ - alt_name::{AlternativeName, GeneralNamesOrText}, - extension::{Extension, ExtensionValue}, - }, - general_names::{ - general_name::{GeneralName, GeneralNameTypeRegistry, GeneralNameValue}, - other_name_hw_module::OtherNameHardwareModuleName, - GeneralNames, - }, - name::{ - rdn::RelativeDistinguishedName, - test_name::{name_cn_eui_mac, name_cn_text, names}, - NameValue, - }, - }; - - // Mnemonic: match mad promote group rival case - const PUBKEY: [u8; 8] = [0x88, 0xD0, 0xB6, 0xB0, 0xB3, 0x7B, 0xAA, 0x46]; - - // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ - // A.1. Example RFC 7925 profiled X.509 Certificate - // - // - // Certificate: - // Data: - // Version: 3 (0x2) - // Serial Number: 128269 (0x1f50d) - // Signature Algorithm: ecdsa-with-SHA256 - // Issuer: CN=RFC test CA - // Validity - // Not Before: Jan 1 00:00:00 2023 GMT - // Not After : Jan 1 00:00:00 2026 GMT - // Subject: CN=01-23-45-FF-FE-67-89-AB - // Subject Public Key Info: - // Public Key Algorithm: id-ecPublicKey - // Public-Key: (256 bit) - // pub: - // 04:b1:21:6a:b9:6e:5b:3b:33:40:f5:bd:f0:2e:69: - // 3f:16:21:3a:04:52:5e:d4:44:50:b1:01:9c:2d:fd: - // 38:38:ab:ac:4e:14:d8:6c:09:83:ed:5e:9e:ef:24: - // 48:c6:86:1c:c4:06:54:71:77:e6:02:60:30:d0:51: - // f7:79:2a:c2:06 - // ASN1 OID: prime256v1 - // NIST CURVE: P-256 - // X509v3 extensions: - // X509v3 Key Usage: - // Digital Signature - // Signature Algorithm: ecdsa-with-SHA256 - // 30:46:02:21:00:d4:32:0b:1d:68:49:e3:09:21:9d:30:03:7e: - // 13:81:66:f2:50:82:47:dd:da:e7:6c:ce:ea:55:05:3c:10:8e: - // 90:02:21:00:d5:51:f6:d6:01:06:f1:ab:b4:84:cf:be:62:56: - // c1:78:e4:ac:33:14:ea:19:19:1e:8b:60:7d:a5:ae:3b:da:16 - // - // 01 - // 43 01 F5 0D - // 6B 52 46 43 20 74 65 73 74 20 43 41 - // 1A 63 B0 CD 00 - // 1A 69 55 B9 00 - // 47 01 01 23 45 67 89 AB - // 01 - // 58 21 02 B1 21 6A B9 6E 5B 3B 33 40 F5 BD F0 2E 69 3F 16 21 3A 04 52 - // 5E D4 44 50 B1 01 9C 2D FD 38 38 AB - // 01 - // 00 - // 58 40 D4 32 0B 1D 68 49 E3 09 21 9D 30 03 7E 13 81 66 F2 50 82 47 DD - // DA E7 6C CE EA 55 05 3C 10 8E 90 D5 51 F6 D6 01 06 F1 AB B4 84 CF BE - // 62 56 C1 78 E4 AC 33 14 EA 19 19 1E 8B 60 7D A5 AE 3B DA 16 - - pub(crate) fn tbs() -> TbsCert { - fn extensions() -> Extensions { - let mut exts = Extensions::new(); - exts.add_ext(Extension::new( - oid!(2.5.29 .15), - ExtensionValue::Int(1), - false, - )); - exts - } - - TbsCert::new( - 1, - UnwrappedBigUint::new(128_269), - name_cn_text().0, - Time::new(1_672_531_200), - Time::new(1_767_225_600), - name_cn_eui_mac().0, - SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), - PUBKEY.to_vec(), - extensions(), - IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), - ) - } - - #[test] - fn encode_decode_tbs_cert() { - let tbs_cert = tbs(); - - let mut buffer = Vec::new(); - let mut encoder = Encoder::new(&mut buffer); - tbs_cert - .encode(&mut encoder, &mut ()) - .expect("Failed to encode TBS Certificate"); - - // c509_certificate_type: 0x01 - // certificate_serial_number: 0x4301f50d - // issuer: 0x6b5246432074657374204341 - // validity_not_before: 0x1a63b0cd00 - // validity_not_after: 0x1a6955b900 - // subject: 0x47010123456789ab - // subject_public_key_algorithm: 0x01 - // subject_public_key: 0x4888d0b6b0b37baa46 - // extensions: 0x01 - // issuer_signature_algorithm: 0x00 - - assert_eq!( - hex::encode(buffer.clone()), - "014301f50d6b52464320746573742043411a63b0cd001a6955b90047010123456789ab014888d0b6b0b37baa460100" - ); - - let mut decoder = Decoder::new(&buffer); - let decoded_tbs = - TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); - assert_eq!(decoded_tbs, tbs_cert); - } - - // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ - // A.2. Example IEEE 802.1AR profiled X.509 Certificate - // - // Certificate: - // Data: - // Version: 3 (0x2) - // Serial Number: 9112578475118446130 (0x7e7661d7b54e4632) - // Signature Algorithm: ecdsa-with-SHA256 - // Issuer: C=US, ST=CA, O=Example Inc, OU=certification, CN=802.1AR CA - // Validity - // Not Before: Jan 31 11:29:16 2019 GMT - // Not After : Dec 31 23:59:59 9999 GMT - // Subject: C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 - // Subject Public Key Info: - // Public Key Algorithm: id-ecPublicKey - // Public-Key: (256 bit) - // pub: - // 04:c8:b4:21:f1:1c:25:e4:7e:3a:c5:71:23:bf:2d: - // 9f:dc:49:4f:02:8b:c3:51:cc:80:c0:3f:15:0b:f5: - // 0c:ff:95:8d:75:41:9d:81:a6:a2:45:df:fa:e7:90: - // be:95:cf:75:f6:02:f9:15:26:18:f8:16:a2:b2:3b: - // 56:38:e5:9f:d9 - // ASN1 OID: prime256v1 - // NIST CURVE: P-256 - // X509v3 extensions: - // X509v3 Basic Constraints: - // CA:FALSE - // X509v3 Subject Key Identifier: - // 96:60:0D:87:16:BF:7F:D0:E7:52:D0:AC:76:07:77:AD:66:5D:02:A0 - // X509v3 Authority Key Identifier: - // 68:D1:65:51:F9:51:BF:C8:2A:43:1D:0D:9F:08:BC:2D:20:5B:11:60 - // X509v3 Key Usage: critical - // Digital Signature, Key Encipherment - // X509v3 Subject Alternative Name: - // otherName: - // type-id: 1.3.6.1.5.5.7.8.4 (id-on-hardwareModuleName) - // value: - // hwType: 1.3.6.1.4.1.6175.10.1 - // hwSerialNum: 01:02:03:04 - // Signature Algorithm: ecdsa-with-SHA256 - // Signature Value: - // 30:46:02:21:00:c0:d8:19:96:d2:50:7d:69:3f:3c:48:ea:a5: - // ee:94:91:bd:a6:db:21:40:99:d9:81:17:c6:3b:36:13:74:cd: - // 86:02:21:00:a7:74:98:9f:4c:32:1a:5c:f2:5d:83:2a:4d:33: - // 6a:08:ad:67:df:20:f1:50:64:21:18:8a:0a:de:6d:34:92:36 - // - // 01 48 7E 76 61 D7 B5 4E 46 32 8A 23 62 55 53 06 62 43 41 08 6B 45 78 - // 61 6D 70 6C 65 20 49 6E 63 09 6D 63 65 72 74 69 66 69 63 61 74 69 6F - // 6E 01 6A 38 30 32 2E 31 41 52 20 43 41 1A 5C 52 DC 0C F6 8C 23 62 55 - // 53 06 62 43 41 05 62 4C 41 08 6B 65 78 61 6D 70 6C 65 20 49 6E 63 09 - // 63 49 6F 54 22 66 57 74 31 32 33 34 01 58 21 03 C8 B4 21 F1 1C 25 E4 - // 7E 3A C5 71 23 BF 2D 9F DC 49 4F 02 8B C3 51 CC 80 C0 3F 15 0B F5 0C - // FF 95 8A 04 21 01 54 96 60 0D 87 16 BF 7F D0 E7 52 D0 AC 76 07 77 AD - // 66 5D 02 A0 07 54 68 D1 65 51 F9 51 BF C8 2A 43 1D 0D 9F 08 BC 2D 20 - // 5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B0 1F 0A 01 44 01 02 03 - // 04 00 58 40 C0 D8 19 96 D2 50 7D 69 3F 3C 48 EA A5 EE 94 91 BD A6 DB - // 21 40 99 D9 81 17 C6 3B 36 13 74 CD 86 A7 74 98 9F 4C 32 1A 5C F2 5D - // 83 2A 4D 33 6A 08 AD 67 DF 20 F1 50 64 21 18 8A 0A DE 6D 34 92 36 - - #[test] - fn tbs_cert2() { - // ---------helper---------- - // C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 - fn subject() -> Name { - let mut attr1 = Attribute::new(oid!(2.5.4 .6)); - attr1.add_value(AttributeValue::Text("US".to_string())); - let mut attr2 = Attribute::new(oid!(2.5.4 .8)); - attr2.add_value(AttributeValue::Text("CA".to_string())); - let mut attr3 = Attribute::new(oid!(2.5.4 .7)); - attr3.add_value(AttributeValue::Text("LA".to_string())); - let mut attr4 = Attribute::new(oid!(2.5.4 .10)); - attr4.add_value(AttributeValue::Text("example Inc".to_string())); - let mut attr5 = Attribute::new(oid!(2.5.4 .11)); - attr5.add_value(AttributeValue::Text("IoT".to_string())); - let mut attr6 = Attribute::new(oid!(2.5.4 .5)); - attr6.add_value(AttributeValue::Text("Wt1234".to_string())); - - let mut rdn = RelativeDistinguishedName::new(); - rdn.add_attr(attr1); - rdn.add_attr(attr2); - rdn.add_attr(attr3); - rdn.add_attr(attr4); - rdn.add_attr(attr5); - rdn.add_attr(attr6); - - Name::new(NameValue::RelativeDistinguishedName(rdn)) - } - - fn extensions() -> Extensions { - let mut exts = Extensions::new(); - exts.add_ext(Extension::new( - oid!(2.5.29 .19), - ExtensionValue::Int(-2), - false, - )); - exts.add_ext(Extension::new( - oid!(2.5.29 .14), - ExtensionValue::Bytes( - [ - 0x96, 0x60, 0x0D, 0x87, 0x16, 0xBF, 0x7F, 0xD0, 0xE7, 0x52, 0xD0, 0xAC, - 0x76, 0x07, 0x77, 0xAD, 0x66, 0x5D, 0x02, 0xA0, - ] - .to_vec(), - ), - false, - )); - exts.add_ext(Extension::new( - oid!(2.5.29 .15), - ExtensionValue::Int(5), - true, - )); - let mut gns = GeneralNames::new(); - let hw = OtherNameHardwareModuleName::new(oid!(1.3.6 .1 .4 .1 .6175 .10 .1), vec![ - 0x01, 0x02, 0x03, 0x04, - ]); - gns.add_gn(GeneralName::new( - GeneralNameTypeRegistry::OtherNameHardwareModuleName, - GeneralNameValue::OtherNameHWModuleName(hw), - )); - - exts.add_ext(Extension::new( - oid!(2.5.29 .17), - ExtensionValue::AlternativeName(AlternativeName::new( - GeneralNamesOrText::GeneralNames(gns), - )), - false, - )); - - exts - } - - let tbs_cert = TbsCert::new( - 1, - UnwrappedBigUint::new(9_112_578_475_118_446_130), - names().0, - Time::new(1_548_934_156), - Time::new(253_402_300_799), - subject(), - SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), - PUBKEY.to_vec(), - extensions(), - IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), - ); - - let mut buffer = Vec::new(); - let mut encoder = Encoder::new(&mut buffer); - tbs_cert - .encode(&mut encoder, &mut ()) - .expect("Failed to encode TBS Certificate"); - // c509_certificate_type: 0x01 - // certificate_serial_number: 0x487e7661d7b54e4632 - // issuer: 0x8a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e314152204341 - // validity_not_before: 0x1a5c52dc0c - // validity_not_after: 0xf6 - // subject: 0x8c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334 - // subject_public_key_algorithm: 0x01 - // subject_public_key: 0x4888d0b6b0b37baa46 - // extensions: - // 0x840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a014401020304 - // issuer_signature_algorithm: 0x00 - assert_eq!(hex::encode(buffer.clone()), "01487e7661d7b54e46328a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e3141522043411a5c52dc0cf68c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334014888d0b6b0b37baa46840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a01440102030400"); - let mut decoder = Decoder::new(&buffer); - let decoded_tbs = - TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); - assert_eq!(decoded_tbs, tbs_cert); - } -} +// #[cfg(test)] +// pub(crate) mod test_tbs_cert { +// use asn1_rs::oid; +// +// use super::*; +// use crate::{ +// attributes::attribute::{Attribute, AttributeValue}, +// extensions::{ +// alt_name::{AlternativeName, GeneralNamesOrText}, +// extension::{Extension, ExtensionValue}, +// }, +// general_names::{ +// general_name::{GeneralName, GeneralNameTypeRegistry, GeneralNameValue}, +// other_name_hw_module::OtherNameHardwareModuleName, +// GeneralNames, +// }, +// name::{ +// rdn::RelativeDistinguishedName, +// test_name::{name_cn_eui_mac, name_cn_text, names}, +// NameValue, +// }, +// }; +// +// Mnemonic: match mad promote group rival case +// const PUBKEY: [u8; 8] = [0x88, 0xD0, 0xB6, 0xB0, 0xB3, 0x7B, 0xAA, 0x46]; +// +// Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ +// A.1. Example RFC 7925 profiled X.509 Certificate +// +// +// Certificate: +// Data: +// Version: 3 (0x2) +// Serial Number: 128269 (0x1f50d) +// Signature Algorithm: ecdsa-with-SHA256 +// Issuer: CN=RFC test CA +// Validity +// Not Before: Jan 1 00:00:00 2023 GMT +// Not After : Jan 1 00:00:00 2026 GMT +// Subject: CN=01-23-45-FF-FE-67-89-AB +// Subject Public Key Info: +// Public Key Algorithm: id-ecPublicKey +// Public-Key: (256 bit) +// pub: +// 04:b1:21:6a:b9:6e:5b:3b:33:40:f5:bd:f0:2e:69: +// 3f:16:21:3a:04:52:5e:d4:44:50:b1:01:9c:2d:fd: +// 38:38:ab:ac:4e:14:d8:6c:09:83:ed:5e:9e:ef:24: +// 48:c6:86:1c:c4:06:54:71:77:e6:02:60:30:d0:51: +// f7:79:2a:c2:06 +// ASN1 OID: prime256v1 +// NIST CURVE: P-256 +// X509v3 extensions: +// X509v3 Key Usage: +// Digital Signature +// Signature Algorithm: ecdsa-with-SHA256 +// 30:46:02:21:00:d4:32:0b:1d:68:49:e3:09:21:9d:30:03:7e: +// 13:81:66:f2:50:82:47:dd:da:e7:6c:ce:ea:55:05:3c:10:8e: +// 90:02:21:00:d5:51:f6:d6:01:06:f1:ab:b4:84:cf:be:62:56: +// c1:78:e4:ac:33:14:ea:19:19:1e:8b:60:7d:a5:ae:3b:da:16 +// +// 01 +// 43 01 F5 0D +// 6B 52 46 43 20 74 65 73 74 20 43 41 +// 1A 63 B0 CD 00 +// 1A 69 55 B9 00 +// 47 01 01 23 45 67 89 AB +// 01 +// 58 21 02 B1 21 6A B9 6E 5B 3B 33 40 F5 BD F0 2E 69 3F 16 21 3A 04 52 +// 5E D4 44 50 B1 01 9C 2D FD 38 38 AB +// 01 +// 00 +// 58 40 D4 32 0B 1D 68 49 E3 09 21 9D 30 03 7E 13 81 66 F2 50 82 47 DD +// DA E7 6C CE EA 55 05 3C 10 8E 90 D5 51 F6 D6 01 06 F1 AB B4 84 CF BE +// 62 56 C1 78 E4 AC 33 14 EA 19 19 1E 8B 60 7D A5 AE 3B DA 16 +// +// pub(crate) fn tbs() -> TbsCert { +// fn extensions() -> Extensions { +// let mut exts = Extensions::new(); +// exts.add_ext(Extension::new( +// oid!(2.5.29 .15), +// ExtensionValue::Int(1), +// false, +// )); +// exts +// } +// +// TbsCert::new( +// 1, +// UnwrappedBigUint::new(128_269), +// name_cn_text().0, +// Time::new(1_672_531_200), +// Time::new(1_767_225_600), +// name_cn_eui_mac().0, +// SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), +// PUBKEY.to_vec(), +// extensions(), +// IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), +// ) +// } +// +// #[test] +// fn encode_decode_tbs_cert() { +// let tbs_cert = tbs(); +// +// let mut buffer = Vec::new(); +// let mut encoder = Encoder::new(&mut buffer); +// tbs_cert +// .encode(&mut encoder, &mut ()) +// .expect("Failed to encode TBS Certificate"); +// +// c509_certificate_type: 0x01 +// certificate_serial_number: 0x4301f50d +// issuer: 0x6b5246432074657374204341 +// validity_not_before: 0x1a63b0cd00 +// validity_not_after: 0x1a6955b900 +// subject: 0x47010123456789ab +// subject_public_key_algorithm: 0x01 +// subject_public_key: 0x4888d0b6b0b37baa46 +// extensions: 0x01 +// issuer_signature_algorithm: 0x00 +// +// assert_eq!( +// hex::encode(buffer.clone()), +// "014301f50d6b52464320746573742043411a63b0cd001a6955b90047010123456789ab014888d0b6b0b37baa460100" +// ); +// +// let mut decoder = Decoder::new(&buffer); +// let decoded_tbs = +// TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); +// assert_eq!(decoded_tbs, tbs_cert); +// } +// +// Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ +// A.2. Example IEEE 802.1AR profiled X.509 Certificate +// +// Certificate: +// Data: +// Version: 3 (0x2) +// Serial Number: 9112578475118446130 (0x7e7661d7b54e4632) +// Signature Algorithm: ecdsa-with-SHA256 +// Issuer: C=US, ST=CA, O=Example Inc, OU=certification, CN=802.1AR CA +// Validity +// Not Before: Jan 31 11:29:16 2019 GMT +// Not After : Dec 31 23:59:59 9999 GMT +// Subject: C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 +// Subject Public Key Info: +// Public Key Algorithm: id-ecPublicKey +// Public-Key: (256 bit) +// pub: +// 04:c8:b4:21:f1:1c:25:e4:7e:3a:c5:71:23:bf:2d: +// 9f:dc:49:4f:02:8b:c3:51:cc:80:c0:3f:15:0b:f5: +// 0c:ff:95:8d:75:41:9d:81:a6:a2:45:df:fa:e7:90: +// be:95:cf:75:f6:02:f9:15:26:18:f8:16:a2:b2:3b: +// 56:38:e5:9f:d9 +// ASN1 OID: prime256v1 +// NIST CURVE: P-256 +// X509v3 extensions: +// X509v3 Basic Constraints: +// CA:FALSE +// X509v3 Subject Key Identifier: +// 96:60:0D:87:16:BF:7F:D0:E7:52:D0:AC:76:07:77:AD:66:5D:02:A0 +// X509v3 Authority Key Identifier: +// 68:D1:65:51:F9:51:BF:C8:2A:43:1D:0D:9F:08:BC:2D:20:5B:11:60 +// X509v3 Key Usage: critical +// Digital Signature, Key Encipherment +// X509v3 Subject Alternative Name: +// otherName: +// type-id: 1.3.6.1.5.5.7.8.4 (id-on-hardwareModuleName) +// value: +// hwType: 1.3.6.1.4.1.6175.10.1 +// hwSerialNum: 01:02:03:04 +// Signature Algorithm: ecdsa-with-SHA256 +// Signature Value: +// 30:46:02:21:00:c0:d8:19:96:d2:50:7d:69:3f:3c:48:ea:a5: +// ee:94:91:bd:a6:db:21:40:99:d9:81:17:c6:3b:36:13:74:cd: +// 86:02:21:00:a7:74:98:9f:4c:32:1a:5c:f2:5d:83:2a:4d:33: +// 6a:08:ad:67:df:20:f1:50:64:21:18:8a:0a:de:6d:34:92:36 +// +// 01 48 7E 76 61 D7 B5 4E 46 32 8A 23 62 55 53 06 62 43 41 08 6B 45 78 +// 61 6D 70 6C 65 20 49 6E 63 09 6D 63 65 72 74 69 66 69 63 61 74 69 6F +// 6E 01 6A 38 30 32 2E 31 41 52 20 43 41 1A 5C 52 DC 0C F6 8C 23 62 55 +// 53 06 62 43 41 05 62 4C 41 08 6B 65 78 61 6D 70 6C 65 20 49 6E 63 09 +// 63 49 6F 54 22 66 57 74 31 32 33 34 01 58 21 03 C8 B4 21 F1 1C 25 E4 +// 7E 3A C5 71 23 BF 2D 9F DC 49 4F 02 8B C3 51 CC 80 C0 3F 15 0B F5 0C +// FF 95 8A 04 21 01 54 96 60 0D 87 16 BF 7F D0 E7 52 D0 AC 76 07 77 AD +// 66 5D 02 A0 07 54 68 D1 65 51 F9 51 BF C8 2A 43 1D 0D 9F 08 BC 2D 20 +// 5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B0 1F 0A 01 44 01 02 03 +// 04 00 58 40 C0 D8 19 96 D2 50 7D 69 3F 3C 48 EA A5 EE 94 91 BD A6 DB +// 21 40 99 D9 81 17 C6 3B 36 13 74 CD 86 A7 74 98 9F 4C 32 1A 5C F2 5D +// 83 2A 4D 33 6A 08 AD 67 DF 20 F1 50 64 21 18 8A 0A DE 6D 34 92 36 +// +// #[test] +// fn tbs_cert2() { +// ---------helper---------- +// C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 +// fn subject() -> Name { +// let mut attr1 = Attribute::new(oid!(2.5.4 .6)); +// attr1.add_value(AttributeValue::Text("US".to_string())); +// let mut attr2 = Attribute::new(oid!(2.5.4 .8)); +// attr2.add_value(AttributeValue::Text("CA".to_string())); +// let mut attr3 = Attribute::new(oid!(2.5.4 .7)); +// attr3.add_value(AttributeValue::Text("LA".to_string())); +// let mut attr4 = Attribute::new(oid!(2.5.4 .10)); +// attr4.add_value(AttributeValue::Text("example Inc".to_string())); +// let mut attr5 = Attribute::new(oid!(2.5.4 .11)); +// attr5.add_value(AttributeValue::Text("IoT".to_string())); +// let mut attr6 = Attribute::new(oid!(2.5.4 .5)); +// attr6.add_value(AttributeValue::Text("Wt1234".to_string())); +// +// let mut rdn = RelativeDistinguishedName::new(); +// rdn.add_attr(attr1); +// rdn.add_attr(attr2); +// rdn.add_attr(attr3); +// rdn.add_attr(attr4); +// rdn.add_attr(attr5); +// rdn.add_attr(attr6); +// +// Name::new(NameValue::RelativeDistinguishedName(rdn)) +// } +// +// fn extensions() -> Extensions { +// let mut exts = Extensions::new(); +// exts.add_ext(Extension::new( +// oid!(2.5.29 .19), +// ExtensionValue::Int(-2), +// false, +// )); +// exts.add_ext(Extension::new( +// oid!(2.5.29 .14), +// ExtensionValue::Bytes( +// [ +// 0x96, 0x60, 0x0D, 0x87, 0x16, 0xBF, 0x7F, 0xD0, 0xE7, 0x52, 0xD0, 0xAC, +// 0x76, 0x07, 0x77, 0xAD, 0x66, 0x5D, 0x02, 0xA0, +// ] +// .to_vec(), +// ), +// false, +// )); +// exts.add_ext(Extension::new( +// oid!(2.5.29 .15), +// ExtensionValue::Int(5), +// true, +// )); +// let mut gns = GeneralNames::new(); +// let hw = OtherNameHardwareModuleName::new(oid!(1.3.6 .1 .4 .1 .6175 .10 .1), vec![ +// 0x01, 0x02, 0x03, 0x04, +// ]); +// gns.add_gn(GeneralName::new( +// GeneralNameTypeRegistry::OtherNameHardwareModuleName, +// GeneralNameValue::OtherNameHWModuleName(hw), +// )); +// +// exts.add_ext(Extension::new( +// oid!(2.5.29 .17), +// ExtensionValue::AlternativeName(AlternativeName::new( +// GeneralNamesOrText::GeneralNames(gns), +// )), +// false, +// )); +// +// exts +// } +// +// let tbs_cert = TbsCert::new( +// 1, +// UnwrappedBigUint::new(9_112_578_475_118_446_130), +// names().0, +// Time::new(1_548_934_156), +// Time::new(253_402_300_799), +// subject(), +// SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), +// PUBKEY.to_vec(), +// extensions(), +// IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), +// ); +// +// let mut buffer = Vec::new(); +// let mut encoder = Encoder::new(&mut buffer); +// tbs_cert +// .encode(&mut encoder, &mut ()) +// .expect("Failed to encode TBS Certificate"); +// c509_certificate_type: 0x01 +// certificate_serial_number: 0x487e7661d7b54e4632 +// issuer: 0x8a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e314152204341 +// validity_not_before: 0x1a5c52dc0c +// validity_not_after: 0xf6 +// subject: 0x8c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334 +// subject_public_key_algorithm: 0x01 +// subject_public_key: 0x4888d0b6b0b37baa46 +// extensions: +// 0x840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a014401020304 +// issuer_signature_algorithm: 0x00 +// assert_eq!(hex::encode(buffer.clone()), +// "01487e7661d7b54e46328a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e3141522043411a5c52dc0cf68c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334014888d0b6b0b37baa46840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a01440102030400" +// ); let mut decoder = Decoder::new(&buffer); +// let decoded_tbs = +// TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); +// assert_eq!(decoded_tbs, tbs_cert); +// } +// } From 4b76a287edabc3ab989044ffe0250ed7144e2118 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 14:15:16 +0700 Subject: [PATCH 6/8] test(ci): comment out test (revert) --- rust/c509-certificate/src/lib.rs | 34 +- rust/c509-certificate/src/tbs_cert.rs | 600 +++++++++++++------------- 2 files changed, 318 insertions(+), 316 deletions(-) diff --git a/rust/c509-certificate/src/lib.rs b/rust/c509-certificate/src/lib.rs index 979df1f396..434631b2c8 100644 --- a/rust/c509-certificate/src/lib.rs +++ b/rust/c509-certificate/src/lib.rs @@ -111,25 +111,27 @@ pub fn verify(c509: &[u8], public_key: &PublicKey) -> anyhow::Result<()> { public_key.verify(&encoded_tbs, &issuer_sig) } -// #[cfg(test)] -// mod test { -// use std::str::FromStr; +#[cfg(test)] +mod test { + use std::str::FromStr; -// use signing::tests::private_key_str; -// use tbs_cert::test_tbs_cert::tbs; + use signing::tests::private_key_str; + use tbs_cert::test_tbs_cert::tbs; -// use super::*; + use super::*; -// #[test] -// fn test_generate_and_verify_signed_c509_cert() { -// let tbs_cert = tbs(); + #[test] + fn test_generate_and_verify_signed_c509_cert() { + let tbs_cert = tbs(); -// let private_key = FromStr::from_str(&private_key_str()).expect("Cannot create -// private key"); + let private_key = FromStr::from_str(&private_key_str()).expect( + "Cannot create +private key", + ); -// let signed_c509 = generate(&tbs_cert, Some(&private_key)) -// .expect("Failed to generate signed C509 certificate"); + let signed_c509 = generate(&tbs_cert, Some(&private_key)) + .expect("Failed to generate signed C509 certificate"); -// assert!(verify(&signed_c509, &private_key.public_key()).is_ok()); -// } -// } + assert!(verify(&signed_c509, &private_key.public_key()).is_ok()); + } +} diff --git a/rust/c509-certificate/src/tbs_cert.rs b/rust/c509-certificate/src/tbs_cert.rs index 30ec13862c..c9f4b55585 100644 --- a/rust/c509-certificate/src/tbs_cert.rs +++ b/rust/c509-certificate/src/tbs_cert.rs @@ -174,303 +174,303 @@ impl Decode<'_, ()> for TbsCert { // - Currently support natively signed c509 certificate, so all text strings // are UTF-8 encoded and all attributeType SHALL be non-negative // - Some Extension values are not supported yet. -// #[cfg(test)] -// pub(crate) mod test_tbs_cert { -// use asn1_rs::oid; -// -// use super::*; -// use crate::{ -// attributes::attribute::{Attribute, AttributeValue}, -// extensions::{ -// alt_name::{AlternativeName, GeneralNamesOrText}, -// extension::{Extension, ExtensionValue}, -// }, -// general_names::{ -// general_name::{GeneralName, GeneralNameTypeRegistry, GeneralNameValue}, -// other_name_hw_module::OtherNameHardwareModuleName, -// GeneralNames, -// }, -// name::{ -// rdn::RelativeDistinguishedName, -// test_name::{name_cn_eui_mac, name_cn_text, names}, -// NameValue, -// }, -// }; -// -// Mnemonic: match mad promote group rival case -// const PUBKEY: [u8; 8] = [0x88, 0xD0, 0xB6, 0xB0, 0xB3, 0x7B, 0xAA, 0x46]; -// -// Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ -// A.1. Example RFC 7925 profiled X.509 Certificate -// -// -// Certificate: -// Data: -// Version: 3 (0x2) -// Serial Number: 128269 (0x1f50d) -// Signature Algorithm: ecdsa-with-SHA256 -// Issuer: CN=RFC test CA -// Validity -// Not Before: Jan 1 00:00:00 2023 GMT -// Not After : Jan 1 00:00:00 2026 GMT -// Subject: CN=01-23-45-FF-FE-67-89-AB -// Subject Public Key Info: -// Public Key Algorithm: id-ecPublicKey -// Public-Key: (256 bit) -// pub: -// 04:b1:21:6a:b9:6e:5b:3b:33:40:f5:bd:f0:2e:69: -// 3f:16:21:3a:04:52:5e:d4:44:50:b1:01:9c:2d:fd: -// 38:38:ab:ac:4e:14:d8:6c:09:83:ed:5e:9e:ef:24: -// 48:c6:86:1c:c4:06:54:71:77:e6:02:60:30:d0:51: -// f7:79:2a:c2:06 -// ASN1 OID: prime256v1 -// NIST CURVE: P-256 -// X509v3 extensions: -// X509v3 Key Usage: -// Digital Signature -// Signature Algorithm: ecdsa-with-SHA256 -// 30:46:02:21:00:d4:32:0b:1d:68:49:e3:09:21:9d:30:03:7e: -// 13:81:66:f2:50:82:47:dd:da:e7:6c:ce:ea:55:05:3c:10:8e: -// 90:02:21:00:d5:51:f6:d6:01:06:f1:ab:b4:84:cf:be:62:56: -// c1:78:e4:ac:33:14:ea:19:19:1e:8b:60:7d:a5:ae:3b:da:16 -// -// 01 -// 43 01 F5 0D -// 6B 52 46 43 20 74 65 73 74 20 43 41 -// 1A 63 B0 CD 00 -// 1A 69 55 B9 00 -// 47 01 01 23 45 67 89 AB -// 01 -// 58 21 02 B1 21 6A B9 6E 5B 3B 33 40 F5 BD F0 2E 69 3F 16 21 3A 04 52 -// 5E D4 44 50 B1 01 9C 2D FD 38 38 AB -// 01 -// 00 -// 58 40 D4 32 0B 1D 68 49 E3 09 21 9D 30 03 7E 13 81 66 F2 50 82 47 DD -// DA E7 6C CE EA 55 05 3C 10 8E 90 D5 51 F6 D6 01 06 F1 AB B4 84 CF BE -// 62 56 C1 78 E4 AC 33 14 EA 19 19 1E 8B 60 7D A5 AE 3B DA 16 -// -// pub(crate) fn tbs() -> TbsCert { -// fn extensions() -> Extensions { -// let mut exts = Extensions::new(); -// exts.add_ext(Extension::new( -// oid!(2.5.29 .15), -// ExtensionValue::Int(1), -// false, -// )); -// exts -// } -// -// TbsCert::new( -// 1, -// UnwrappedBigUint::new(128_269), -// name_cn_text().0, -// Time::new(1_672_531_200), -// Time::new(1_767_225_600), -// name_cn_eui_mac().0, -// SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), -// PUBKEY.to_vec(), -// extensions(), -// IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), -// ) -// } -// -// #[test] -// fn encode_decode_tbs_cert() { -// let tbs_cert = tbs(); -// -// let mut buffer = Vec::new(); -// let mut encoder = Encoder::new(&mut buffer); -// tbs_cert -// .encode(&mut encoder, &mut ()) -// .expect("Failed to encode TBS Certificate"); -// -// c509_certificate_type: 0x01 -// certificate_serial_number: 0x4301f50d -// issuer: 0x6b5246432074657374204341 -// validity_not_before: 0x1a63b0cd00 -// validity_not_after: 0x1a6955b900 -// subject: 0x47010123456789ab -// subject_public_key_algorithm: 0x01 -// subject_public_key: 0x4888d0b6b0b37baa46 -// extensions: 0x01 -// issuer_signature_algorithm: 0x00 -// -// assert_eq!( -// hex::encode(buffer.clone()), -// "014301f50d6b52464320746573742043411a63b0cd001a6955b90047010123456789ab014888d0b6b0b37baa460100" -// ); -// -// let mut decoder = Decoder::new(&buffer); -// let decoded_tbs = -// TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); -// assert_eq!(decoded_tbs, tbs_cert); -// } -// -// Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ -// A.2. Example IEEE 802.1AR profiled X.509 Certificate -// -// Certificate: -// Data: -// Version: 3 (0x2) -// Serial Number: 9112578475118446130 (0x7e7661d7b54e4632) -// Signature Algorithm: ecdsa-with-SHA256 -// Issuer: C=US, ST=CA, O=Example Inc, OU=certification, CN=802.1AR CA -// Validity -// Not Before: Jan 31 11:29:16 2019 GMT -// Not After : Dec 31 23:59:59 9999 GMT -// Subject: C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 -// Subject Public Key Info: -// Public Key Algorithm: id-ecPublicKey -// Public-Key: (256 bit) -// pub: -// 04:c8:b4:21:f1:1c:25:e4:7e:3a:c5:71:23:bf:2d: -// 9f:dc:49:4f:02:8b:c3:51:cc:80:c0:3f:15:0b:f5: -// 0c:ff:95:8d:75:41:9d:81:a6:a2:45:df:fa:e7:90: -// be:95:cf:75:f6:02:f9:15:26:18:f8:16:a2:b2:3b: -// 56:38:e5:9f:d9 -// ASN1 OID: prime256v1 -// NIST CURVE: P-256 -// X509v3 extensions: -// X509v3 Basic Constraints: -// CA:FALSE -// X509v3 Subject Key Identifier: -// 96:60:0D:87:16:BF:7F:D0:E7:52:D0:AC:76:07:77:AD:66:5D:02:A0 -// X509v3 Authority Key Identifier: -// 68:D1:65:51:F9:51:BF:C8:2A:43:1D:0D:9F:08:BC:2D:20:5B:11:60 -// X509v3 Key Usage: critical -// Digital Signature, Key Encipherment -// X509v3 Subject Alternative Name: -// otherName: -// type-id: 1.3.6.1.5.5.7.8.4 (id-on-hardwareModuleName) -// value: -// hwType: 1.3.6.1.4.1.6175.10.1 -// hwSerialNum: 01:02:03:04 -// Signature Algorithm: ecdsa-with-SHA256 -// Signature Value: -// 30:46:02:21:00:c0:d8:19:96:d2:50:7d:69:3f:3c:48:ea:a5: -// ee:94:91:bd:a6:db:21:40:99:d9:81:17:c6:3b:36:13:74:cd: -// 86:02:21:00:a7:74:98:9f:4c:32:1a:5c:f2:5d:83:2a:4d:33: -// 6a:08:ad:67:df:20:f1:50:64:21:18:8a:0a:de:6d:34:92:36 -// -// 01 48 7E 76 61 D7 B5 4E 46 32 8A 23 62 55 53 06 62 43 41 08 6B 45 78 -// 61 6D 70 6C 65 20 49 6E 63 09 6D 63 65 72 74 69 66 69 63 61 74 69 6F -// 6E 01 6A 38 30 32 2E 31 41 52 20 43 41 1A 5C 52 DC 0C F6 8C 23 62 55 -// 53 06 62 43 41 05 62 4C 41 08 6B 65 78 61 6D 70 6C 65 20 49 6E 63 09 -// 63 49 6F 54 22 66 57 74 31 32 33 34 01 58 21 03 C8 B4 21 F1 1C 25 E4 -// 7E 3A C5 71 23 BF 2D 9F DC 49 4F 02 8B C3 51 CC 80 C0 3F 15 0B F5 0C -// FF 95 8A 04 21 01 54 96 60 0D 87 16 BF 7F D0 E7 52 D0 AC 76 07 77 AD -// 66 5D 02 A0 07 54 68 D1 65 51 F9 51 BF C8 2A 43 1D 0D 9F 08 BC 2D 20 -// 5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B0 1F 0A 01 44 01 02 03 -// 04 00 58 40 C0 D8 19 96 D2 50 7D 69 3F 3C 48 EA A5 EE 94 91 BD A6 DB -// 21 40 99 D9 81 17 C6 3B 36 13 74 CD 86 A7 74 98 9F 4C 32 1A 5C F2 5D -// 83 2A 4D 33 6A 08 AD 67 DF 20 F1 50 64 21 18 8A 0A DE 6D 34 92 36 -// -// #[test] -// fn tbs_cert2() { -// ---------helper---------- -// C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 -// fn subject() -> Name { -// let mut attr1 = Attribute::new(oid!(2.5.4 .6)); -// attr1.add_value(AttributeValue::Text("US".to_string())); -// let mut attr2 = Attribute::new(oid!(2.5.4 .8)); -// attr2.add_value(AttributeValue::Text("CA".to_string())); -// let mut attr3 = Attribute::new(oid!(2.5.4 .7)); -// attr3.add_value(AttributeValue::Text("LA".to_string())); -// let mut attr4 = Attribute::new(oid!(2.5.4 .10)); -// attr4.add_value(AttributeValue::Text("example Inc".to_string())); -// let mut attr5 = Attribute::new(oid!(2.5.4 .11)); -// attr5.add_value(AttributeValue::Text("IoT".to_string())); -// let mut attr6 = Attribute::new(oid!(2.5.4 .5)); -// attr6.add_value(AttributeValue::Text("Wt1234".to_string())); -// -// let mut rdn = RelativeDistinguishedName::new(); -// rdn.add_attr(attr1); -// rdn.add_attr(attr2); -// rdn.add_attr(attr3); -// rdn.add_attr(attr4); -// rdn.add_attr(attr5); -// rdn.add_attr(attr6); -// -// Name::new(NameValue::RelativeDistinguishedName(rdn)) -// } -// -// fn extensions() -> Extensions { -// let mut exts = Extensions::new(); -// exts.add_ext(Extension::new( -// oid!(2.5.29 .19), -// ExtensionValue::Int(-2), -// false, -// )); -// exts.add_ext(Extension::new( -// oid!(2.5.29 .14), -// ExtensionValue::Bytes( -// [ -// 0x96, 0x60, 0x0D, 0x87, 0x16, 0xBF, 0x7F, 0xD0, 0xE7, 0x52, 0xD0, 0xAC, -// 0x76, 0x07, 0x77, 0xAD, 0x66, 0x5D, 0x02, 0xA0, -// ] -// .to_vec(), -// ), -// false, -// )); -// exts.add_ext(Extension::new( -// oid!(2.5.29 .15), -// ExtensionValue::Int(5), -// true, -// )); -// let mut gns = GeneralNames::new(); -// let hw = OtherNameHardwareModuleName::new(oid!(1.3.6 .1 .4 .1 .6175 .10 .1), vec![ -// 0x01, 0x02, 0x03, 0x04, -// ]); -// gns.add_gn(GeneralName::new( -// GeneralNameTypeRegistry::OtherNameHardwareModuleName, -// GeneralNameValue::OtherNameHWModuleName(hw), -// )); -// -// exts.add_ext(Extension::new( -// oid!(2.5.29 .17), -// ExtensionValue::AlternativeName(AlternativeName::new( -// GeneralNamesOrText::GeneralNames(gns), -// )), -// false, -// )); -// -// exts -// } -// -// let tbs_cert = TbsCert::new( -// 1, -// UnwrappedBigUint::new(9_112_578_475_118_446_130), -// names().0, -// Time::new(1_548_934_156), -// Time::new(253_402_300_799), -// subject(), -// SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), -// PUBKEY.to_vec(), -// extensions(), -// IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), -// ); -// -// let mut buffer = Vec::new(); -// let mut encoder = Encoder::new(&mut buffer); -// tbs_cert -// .encode(&mut encoder, &mut ()) -// .expect("Failed to encode TBS Certificate"); -// c509_certificate_type: 0x01 -// certificate_serial_number: 0x487e7661d7b54e4632 -// issuer: 0x8a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e314152204341 -// validity_not_before: 0x1a5c52dc0c -// validity_not_after: 0xf6 -// subject: 0x8c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334 -// subject_public_key_algorithm: 0x01 -// subject_public_key: 0x4888d0b6b0b37baa46 -// extensions: -// 0x840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a014401020304 -// issuer_signature_algorithm: 0x00 -// assert_eq!(hex::encode(buffer.clone()), -// "01487e7661d7b54e46328a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e3141522043411a5c52dc0cf68c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334014888d0b6b0b37baa46840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a01440102030400" -// ); let mut decoder = Decoder::new(&buffer); -// let decoded_tbs = -// TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); -// assert_eq!(decoded_tbs, tbs_cert); -// } -// } + +#[cfg(test)] +pub(crate) mod test_tbs_cert { + use asn1_rs::oid; + + use super::*; + use crate::{ + attributes::attribute::{Attribute, AttributeValue}, + extensions::{ + alt_name::{AlternativeName, GeneralNamesOrText}, + extension::{Extension, ExtensionValue}, + }, + general_names::{ + general_name::{GeneralName, GeneralNameTypeRegistry, GeneralNameValue}, + other_name_hw_module::OtherNameHardwareModuleName, + GeneralNames, + }, + name::{ + rdn::RelativeDistinguishedName, + test_name::{name_cn_eui_mac, name_cn_text, names}, + NameValue, + }, + }; + + // Mnemonic: match mad promote group rival case + const PUBKEY: [u8; 8] = [0x88, 0xD0, 0xB6, 0xB0, 0xB3, 0x7B, 0xAA, 0x46]; + + // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ + // A.1. Example RFC 7925 profiled X.509 Certificate + // + // + // Certificate: + // Data: + // Version: 3 (0x2) + // Serial Number: 128269 (0x1f50d) + // Signature Algorithm: ecdsa-with-SHA256 + // Issuer: CN=RFC test CA + // Validity + // Not Before: Jan 1 00:00:00 2023 GMT + // Not After : Jan 1 00:00:00 2026 GMT + // Subject: CN=01-23-45-FF-FE-67-89-AB + // Subject Public Key Info: + // Public Key Algorithm: id-ecPublicKey + // Public-Key: (256 bit) + // pub: + // 04:b1:21:6a:b9:6e:5b:3b:33:40:f5:bd:f0:2e:69: + // 3f:16:21:3a:04:52:5e:d4:44:50:b1:01:9c:2d:fd: + // 38:38:ab:ac:4e:14:d8:6c:09:83:ed:5e:9e:ef:24: + // 48:c6:86:1c:c4:06:54:71:77:e6:02:60:30:d0:51: + // f7:79:2a:c2:06 + // ASN1 OID: prime256v1 + // NIST CURVE: P-256 + // X509v3 extensions: + // X509v3 Key Usage: + // Digital Signature + // Signature Algorithm: ecdsa-with-SHA256 + // 30:46:02:21:00:d4:32:0b:1d:68:49:e3:09:21:9d:30:03:7e: + // 13:81:66:f2:50:82:47:dd:da:e7:6c:ce:ea:55:05:3c:10:8e: + // 90:02:21:00:d5:51:f6:d6:01:06:f1:ab:b4:84:cf:be:62:56: + // c1:78:e4:ac:33:14:ea:19:19:1e:8b:60:7d:a5:ae:3b:da:16 + // + // 01 + // 43 01 F5 0D + // 6B 52 46 43 20 74 65 73 74 20 43 41 + // 1A 63 B0 CD 00 + // 1A 69 55 B9 00 + // 47 01 01 23 45 67 89 AB + // 01 + // 58 21 02 B1 21 6A B9 6E 5B 3B 33 40 F5 BD F0 2E 69 3F 16 21 3A 04 52 + // 5E D4 44 50 B1 01 9C 2D FD 38 38 AB + // 01 + // 00 + // 58 40 D4 32 0B 1D 68 49 E3 09 21 9D 30 03 7E 13 81 66 F2 50 82 47 DD + // DA E7 6C CE EA 55 05 3C 10 8E 90 D5 51 F6 D6 01 06 F1 AB B4 84 CF BE + // 62 56 C1 78 E4 AC 33 14 EA 19 19 1E 8B 60 7D A5 AE 3B DA 16 + + pub(crate) fn tbs() -> TbsCert { + fn extensions() -> Extensions { + let mut exts = Extensions::new(); + exts.add_ext(Extension::new( + oid!(2.5.29 .15), + ExtensionValue::Int(1), + false, + )); + exts + } + + TbsCert::new( + 1, + UnwrappedBigUint::new(128_269), + name_cn_text().0, + Time::new(1_672_531_200), + Time::new(1_767_225_600), + name_cn_eui_mac().0, + SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), + PUBKEY.to_vec(), + extensions(), + IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), + ) + } + + #[test] + fn encode_decode_tbs_cert() { + let tbs_cert = tbs(); + + let mut buffer = Vec::new(); + let mut encoder = Encoder::new(&mut buffer); + tbs_cert + .encode(&mut encoder, &mut ()) + .expect("Failed to encode TBS Certificate"); + + // c509_certificate_type: 0x01 + // certificate_serial_number: 0x4301f50d + // issuer: 0x6b5246432074657374204341 + // validity_not_before: 0x1a63b0cd00 + // validity_not_after: 0x1a6955b900 + // subject: 0x47010123456789ab + // subject_public_key_algorithm: 0x01 + // subject_public_key: 0x4888d0b6b0b37baa46 + // extensions: 0x01 + // issuer_signature_algorithm: 0x00 + + assert_eq!( + hex::encode(buffer.clone()), + "014301f50d6b52464320746573742043411a63b0cd001a6955b90047010123456789ab014888d0b6b0b37baa460100" + ); + + let mut decoder = Decoder::new(&buffer); + let decoded_tbs = + TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); + assert_eq!(decoded_tbs, tbs_cert); + } + + // Test reference https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/ + // A.2. Example IEEE 802.1AR profiled X.509 Certificate + // + // Certificate: + // Data: + // Version: 3 (0x2) + // Serial Number: 9112578475118446130 (0x7e7661d7b54e4632) + // Signature Algorithm: ecdsa-with-SHA256 + // Issuer: C=US, ST=CA, O=Example Inc, OU=certification, CN=802.1AR CA + // Validity + // Not Before: Jan 31 11:29:16 2019 GMT + // Not After : Dec 31 23:59:59 9999 GMT + // Subject: C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 + // Subject Public Key Info: + // Public Key Algorithm: id-ecPublicKey + // Public-Key: (256 bit) + // pub: + // 04:c8:b4:21:f1:1c:25:e4:7e:3a:c5:71:23:bf:2d: + // 9f:dc:49:4f:02:8b:c3:51:cc:80:c0:3f:15:0b:f5: + // 0c:ff:95:8d:75:41:9d:81:a6:a2:45:df:fa:e7:90: + // be:95:cf:75:f6:02:f9:15:26:18:f8:16:a2:b2:3b: + // 56:38:e5:9f:d9 + // ASN1 OID: prime256v1 + // NIST CURVE: P-256 + // X509v3 extensions: + // X509v3 Basic Constraints: + // CA:FALSE + // X509v3 Subject Key Identifier: + // 96:60:0D:87:16:BF:7F:D0:E7:52:D0:AC:76:07:77:AD:66:5D:02:A0 + // X509v3 Authority Key Identifier: + // 68:D1:65:51:F9:51:BF:C8:2A:43:1D:0D:9F:08:BC:2D:20:5B:11:60 + // X509v3 Key Usage: critical + // Digital Signature, Key Encipherment + // X509v3 Subject Alternative Name: + // otherName: + // type-id: 1.3.6.1.5.5.7.8.4 (id-on-hardwareModuleName) + // value: + // hwType: 1.3.6.1.4.1.6175.10.1 + // hwSerialNum: 01:02:03:04 + // Signature Algorithm: ecdsa-with-SHA256 + // Signature Value: + // 30:46:02:21:00:c0:d8:19:96:d2:50:7d:69:3f:3c:48:ea:a5: + // ee:94:91:bd:a6:db:21:40:99:d9:81:17:c6:3b:36:13:74:cd: + // 86:02:21:00:a7:74:98:9f:4c:32:1a:5c:f2:5d:83:2a:4d:33: + // 6a:08:ad:67:df:20:f1:50:64:21:18:8a:0a:de:6d:34:92:36 + // + // 01 48 7E 76 61 D7 B5 4E 46 32 8A 23 62 55 53 06 62 43 41 08 6B 45 78 + // 61 6D 70 6C 65 20 49 6E 63 09 6D 63 65 72 74 69 66 69 63 61 74 69 6F + // 6E 01 6A 38 30 32 2E 31 41 52 20 43 41 1A 5C 52 DC 0C F6 8C 23 62 55 + // 53 06 62 43 41 05 62 4C 41 08 6B 65 78 61 6D 70 6C 65 20 49 6E 63 09 + // 63 49 6F 54 22 66 57 74 31 32 33 34 01 58 21 03 C8 B4 21 F1 1C 25 E4 + // 7E 3A C5 71 23 BF 2D 9F DC 49 4F 02 8B C3 51 CC 80 C0 3F 15 0B F5 0C + // FF 95 8A 04 21 01 54 96 60 0D 87 16 BF 7F D0 E7 52 D0 AC 76 07 77 AD + // 66 5D 02 A0 07 54 68 D1 65 51 F9 51 BF C8 2A 43 1D 0D 9F 08 BC 2D 20 + // 5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B0 1F 0A 01 44 01 02 03 + // 04 00 58 40 C0 D8 19 96 D2 50 7D 69 3F 3C 48 EA A5 EE 94 91 BD A6 DB + // 21 40 99 D9 81 17 C6 3B 36 13 74 CD 86 A7 74 98 9F 4C 32 1A 5C F2 5D + // 83 2A 4D 33 6A 08 AD 67 DF 20 F1 50 64 21 18 8A 0A DE 6D 34 92 36 + + #[test] + fn tbs_cert2() { + // ---------helper---------- + // C=US, ST=CA, L=LA, O=example Inc, OU=IoT/serialNumber=Wt1234 + fn subject() -> Name { + let mut attr1 = Attribute::new(oid!(2.5.4 .6)); + attr1.add_value(AttributeValue::Text("US".to_string())); + let mut attr2 = Attribute::new(oid!(2.5.4 .8)); + attr2.add_value(AttributeValue::Text("CA".to_string())); + let mut attr3 = Attribute::new(oid!(2.5.4 .7)); + attr3.add_value(AttributeValue::Text("LA".to_string())); + let mut attr4 = Attribute::new(oid!(2.5.4 .10)); + attr4.add_value(AttributeValue::Text("example Inc".to_string())); + let mut attr5 = Attribute::new(oid!(2.5.4 .11)); + attr5.add_value(AttributeValue::Text("IoT".to_string())); + let mut attr6 = Attribute::new(oid!(2.5.4 .5)); + attr6.add_value(AttributeValue::Text("Wt1234".to_string())); + + let mut rdn = RelativeDistinguishedName::new(); + rdn.add_attr(attr1); + rdn.add_attr(attr2); + rdn.add_attr(attr3); + rdn.add_attr(attr4); + rdn.add_attr(attr5); + rdn.add_attr(attr6); + + Name::new(NameValue::RelativeDistinguishedName(rdn)) + } + + fn extensions() -> Extensions { + let mut exts = Extensions::new(); + exts.add_ext(Extension::new( + oid!(2.5.29 .19), + ExtensionValue::Int(-2), + false, + )); + exts.add_ext(Extension::new( + oid!(2.5.29 .14), + ExtensionValue::Bytes( + [ + 0x96, 0x60, 0x0D, 0x87, 0x16, 0xBF, 0x7F, 0xD0, 0xE7, 0x52, 0xD0, 0xAC, + 0x76, 0x07, 0x77, 0xAD, 0x66, 0x5D, 0x02, 0xA0, + ] + .to_vec(), + ), + false, + )); + exts.add_ext(Extension::new( + oid!(2.5.29 .15), + ExtensionValue::Int(5), + true, + )); + let mut gns = GeneralNames::new(); + let hw = OtherNameHardwareModuleName::new(oid!(1.3.6 .1 .4 .1 .6175 .10 .1), vec![ + 0x01, 0x02, 0x03, 0x04, + ]); + gns.add_gn(GeneralName::new( + GeneralNameTypeRegistry::OtherNameHardwareModuleName, + GeneralNameValue::OtherNameHWModuleName(hw), + )); + + exts.add_ext(Extension::new( + oid!(2.5.29 .17), + ExtensionValue::AlternativeName(AlternativeName::new( + GeneralNamesOrText::GeneralNames(gns), + )), + false, + )); + + exts + } + + let tbs_cert = TbsCert::new( + 1, + UnwrappedBigUint::new(9_112_578_475_118_446_130), + names().0, + Time::new(1_548_934_156), + Time::new(253_402_300_799), + subject(), + SubjectPubKeyAlgorithm::new(oid!(1.2.840 .10045 .2 .1), None), + PUBKEY.to_vec(), + extensions(), + IssuerSignatureAlgorithm::new(oid!(1.2.840 .10045 .4 .3 .2), None), + ); + + let mut buffer = Vec::new(); + let mut encoder = Encoder::new(&mut buffer); + tbs_cert + .encode(&mut encoder, &mut ()) + .expect("Failed to encode TBS Certificate"); + // c509_certificate_type: 0x01 + // certificate_serial_number: 0x487e7661d7b54e4632 + // issuer: 0x8a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e314152204341 + // validity_not_before: 0x1a5c52dc0c + // validity_not_after: 0xf6 + // subject: 0x8c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334 + // subject_public_key_algorithm: 0x01 + // subject_public_key: 0x4888d0b6b0b37baa46 + // extensions: + // 0x840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a014401020304 + // issuer_signature_algorithm: 0x00 + assert_eq!(hex::encode(buffer.clone()), "01487e7661d7b54e46328a0462555306624341086b4578616d706c6520496e63096d63657274696669636174696f6e016a3830322e3141522043411a5c52dc0cf68c046255530662434105624c41086b6578616d706c6520496e630963496f540366577431323334014888d0b6b0b37baa46840421015496600d8716bf7fd0e752d0ac760777ad665d02a0210503822082492b06010401b01f0a01440102030400"); + let mut decoder = Decoder::new(&buffer); + let decoded_tbs = + TbsCert::decode(&mut decoder, &mut ()).expect("Failed to decode TBS Certificate"); + assert_eq!(decoded_tbs, tbs_cert); + } +} From 010bd8878e64bce788e8a947e3f621763ab97bd6 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 14:22:51 +0700 Subject: [PATCH 7/8] chore(rust/cardano-chain-follower): run no cache --- rust/Earthfile | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/Earthfile b/rust/Earthfile index b0e135d28b..5129004872 100644 --- a/rust/Earthfile +++ b/rust/Earthfile @@ -20,6 +20,7 @@ builder: # check : Run basic check. check: FROM +builder + RUN --no-cache DO rust-ci+EXECUTE --cmd="/scripts/std_checks.py" From d598e15b7abceea52681a998d90045957ecea6a6 Mon Sep 17 00:00:00 2001 From: bkioshn Date: Fri, 20 Sep 2024 16:13:18 +0700 Subject: [PATCH 8/8] chore(rust/cardano-chain-follower): remove run no cache --- rust/Earthfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/rust/Earthfile b/rust/Earthfile index 5129004872..8df6d3fe22 100644 --- a/rust/Earthfile +++ b/rust/Earthfile @@ -10,7 +10,6 @@ sync-cfg: # builder : Set up our target toolchains, and copy our files. builder: DO rust-ci+SETUP - RUN --no-cache COPY Cargo.toml clippy.toml deny.toml rustfmt.toml . COPY --dir .cargo .config c509-certificate cardano-chain-follower \ @@ -20,7 +19,6 @@ builder: # check : Run basic check. check: FROM +builder - RUN --no-cache DO rust-ci+EXECUTE --cmd="/scripts/std_checks.py" @@ -28,7 +26,6 @@ check: build: FROM +builder - RUN --no-cache DO rust-ci+EXECUTE \ --cmd="/scripts/std_build.py" \ --output="release/[^\./]+" \