44 lines
1.8 KiB
Rust
44 lines
1.8 KiB
Rust
use rpki::data_model::oid::OID_CP_IPADDR_ASNUMBER;
|
|
use rpki::data_model::rc::{ResourceCertKind, ResourceCertificate, SubjectInfoAccess};
|
|
|
|
#[test]
|
|
fn resource_certificate_from_der_parses_ca_fixtures() {
|
|
let fixtures = [
|
|
"tests/fixtures/repository/rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer",
|
|
"tests/fixtures/repository/ca.rg.net/rpki/RGnet-OU/R-lVU1XGsAeqzV1Fv0HjOD6ZFkE.cer",
|
|
"tests/fixtures/repository/ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer",
|
|
];
|
|
|
|
for path in fixtures {
|
|
let der = std::fs::read(path).expect("read CA cert fixture");
|
|
let rc = ResourceCertificate::from_der(&der).expect("parse CA cert fixture");
|
|
|
|
assert_eq!(rc.kind, ResourceCertKind::Ca, "fixture should be CA: {path}");
|
|
assert_eq!(rc.tbs.version, 2, "X.509 v3 encoded as 2: {path}");
|
|
|
|
assert_eq!(
|
|
rc.tbs.extensions.certificate_policies_oid.as_deref(),
|
|
Some(OID_CP_IPADDR_ASNUMBER),
|
|
"CA certificatePolicies OID: {path}"
|
|
);
|
|
|
|
assert!(
|
|
matches!(rc.tbs.extensions.subject_info_access, Some(SubjectInfoAccess::Ca(_))),
|
|
"CA SIA should not contain signedObject accessMethod: {path}"
|
|
);
|
|
|
|
assert!(rc.tbs.extensions.ip_resources.is_some(), "CA should have IP resources: {path}");
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
fn resource_certificate_from_der_parses_as_resources_in_apnic_fixture() {
|
|
let path =
|
|
"tests/fixtures/repository/rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer";
|
|
let der = std::fs::read(path).expect("read APNIC CA cert fixture");
|
|
let rc = ResourceCertificate::from_der(&der).expect("parse APNIC CA cert fixture");
|
|
|
|
assert!(rc.tbs.extensions.as_resources.is_some(), "fixture should carry AS resources");
|
|
}
|
|
|