From 50e02bc2ca2c9dc939e1f7a26b066e8e398855cb Mon Sep 17 00:00:00 2001 From: Erik Tesar Date: Tue, 2 Nov 2021 13:37:28 +0100 Subject: [PATCH 1/2] feat: add test for `Certificate::check` Note that we still need tests for our custom policy --- other/tests/missing_key/c_a_e.pgp | Bin 0 -> 558 bytes other/tests/missing_key/s_c_a.pgp | Bin 0 -> 300 bytes other/tests/missing_key/s_c_a_e_e.pgp | Bin 0 -> 1199 bytes other/tests/missing_key/s_c_a_es.pgp | Bin 0 -> 1753 bytes other/tests/missing_key/s_c_a_et_es.pgp | Bin 0 -> 2089 bytes other/tests/missing_key/s_c_e.pgp | Bin 0 -> 563 bytes other/tests/missing_key/valid.pgp | Bin 0 -> 556 bytes src/certificate/mod.rs | 37 ++++++++++++++++++++++++ 8 files changed, 37 insertions(+) create mode 100644 other/tests/missing_key/c_a_e.pgp create mode 100644 other/tests/missing_key/s_c_a.pgp create mode 100644 other/tests/missing_key/s_c_a_e_e.pgp create mode 100644 other/tests/missing_key/s_c_a_es.pgp create mode 100644 other/tests/missing_key/s_c_a_et_es.pgp create mode 100644 other/tests/missing_key/s_c_e.pgp create mode 100644 other/tests/missing_key/valid.pgp diff --git a/other/tests/missing_key/c_a_e.pgp b/other/tests/missing_key/c_a_e.pgp new file mode 100644 index 0000000000000000000000000000000000000000..306c61fdcfb9198caba9454bf32c3971464df131 GIT binary patch literal 558 zcmbQz#*)~m8zsi6&Bn;Wc*~uik&)fujP`j}=hv%he@K-sSj-u4W(lKp+xAU&H&s3B z-m?AN#moQLnVGH{B)QF&y>Isa`FY`B+eKH{cbr!2S@T?3RqglFWh*AV*l~8(BKg$q zVwTUZ&CxdO+Vp4Q3)TrwzlJq$&AVVaarOf{8(uf=uhyzYP69K}eXQHUots%)oSBy% zpPgFSF@Z%`jDx{KOp(Q@Bl%CISHj&`y{AUM!Y58uda&1*l?mizCTT@hZcYw%CN@zn zP7ZD+7BMDfMkYB%Ch-OaE=~cMVzsFZ|McX=C4Qb=6aMWf`*B03Km2iTZme7OiBtN@ zoZ!!qlAPZd{ugVl3jED`Q;y$}~T zn5Ks^vVy|N?Tbuef@b>+89}}(uCAt()bKN&w@-JyYC7w;{N;r0?#zrF?4YnZpIPTs z>6-H3e~_;_=giqFpE^C!J)LFBb7j?3)6Pos2qyi#*>(%pU;J>+wZn-ea{24St$#nx zzMB{#I7`biS$dakn9{RTe$G5E^-YemJ9BhYut)%dM*&~()H6x*AP2(~X-0-ywf&i? z{AWJS;O1Pwe4jDoOV)u)w@>jFY_pF~z3^kPEhEF0hJf8OFU(AD{1TbH>GGQgnVw}) R`OgI{UVfXfo_+3fP5^C%>$U&@ literal 0 HcmV?d00001 diff --git a/other/tests/missing_key/s_c_a.pgp b/other/tests/missing_key/s_c_a.pgp new file mode 100644 index 0000000000000000000000000000000000000000..c4f1798d33a795583a3cb34c8c4706af0d1b6198 GIT binary patch literal 300 zcmV+{0n`4Jh6G`N6DAf3D+U1s0oq3o0RaaEsPnW5iy3T|V3T8&>dA>RS41w`VpShL zS$<-E*1{;Z@Rl!O^{!_{^fNWQ31?B0Xuz**m06>2$gJCCaEa8k5N&C5b7^j8Uu$J~ zUvy=2bcm1y6BY;nI2IuUEmt+`_=KKutiCN@KS)SKCf(@a1p;A!6D9&1BLxcy2nPZN z6$%Lm3jzcd0s{d89svRufB*^!5I;yrL?+$n;dSo;0K*(p!u4F>Imb{97fNAX;jH8b yGy^`&q>+yGJMh<0mH_@CL2&gS?%#d=F%Hp}%k9TDy50LUci4ck#{(I#*F69sHhZi9 literal 0 HcmV?d00001 diff --git a/other/tests/missing_key/s_c_a_e_e.pgp b/other/tests/missing_key/s_c_a_e_e.pgp new file mode 100644 index 0000000000000000000000000000000000000000..fe8143c498688c30083c9d027cbe60ea2788d555 GIT binary patch literal 1199 zcmbQz#*)~m|3!>bn~jl$@s>M3BO|+mto@#AcXd`A`uly__Jdwsv&&c%qE&fYX0ENA zdSTLrA20v0Gc)z7*)YFYv-8CNwFjq$e)j9&G_PVkKTZ5L?;IV+6OzCFi!Wbs_w=5J z!JoEhq8Ya7>J)1Or!{seJCHe8WiFuXr z*{PMq9TQlD#W)xvVABubkvt=hTnk@GwL!kk|=u9<3ftV|#`Gf6YEa&vO9GqH(s zadL1ov4}A-Gcw6BGKn`ZaB&L26qgh+G92SMuz2ZliL^;(Vc+NF+~np=sa_P7AZ9jY z-`vMMXFWt28FpN?oKebh({Fi(@3uw%zgAdU*S>eXKk=#j&*Fa~_B5EnR{ zriU`Jf&$8JtH5%D-9noV#9b8*-z&@%9qYs|lUV1jxG}kQYG5EYGb0B(D6mYz6E-(x z)VTe3KCox%#x@a{~>YCo;_ z{{xv<{7rpg_vPf%%=Gpx+b%uYJzM!s?zi`|OWqI>3e8wYEwLIcE2ByW74m7E)2&J>kd$p6A}2_M4BI@9B6?Fd-NuF-bEqG$QgtnF5O> zF!9I&6VH}6T{UZ&%A6YaAK!mMOJvQ_=0kr$dCMRPlyYDq7PA-`KFA+iC}nrZpC_yL zOQ)P(Ei+gDb)MGhiAIbJk2RY4zR3sJ3z}Wz|82d3^K?Sz@x0^a^E&vm zEZaktbKmJ?`0wnLx^>onAFGIEwb@mUr5x(1B8`94<{X}x6j%H6pdc_CJ~LyTbiwRH f-xBF{6<7C8xO(hnl+5*>T={)$pSCVovy=@0@$>Hn literal 0 HcmV?d00001 diff --git a/other/tests/missing_key/s_c_a_es.pgp b/other/tests/missing_key/s_c_a_es.pgp new file mode 100644 index 0000000000000000000000000000000000000000..02754a3900c948e05912dace764a20a444e5e924 GIT binary patch literal 1753 zcmbu9_gB+r6o=n$NCHWeA<8)Hp=bgqB{{?@7N|4|1PK<1RG9_{AV~-!BUpx_Kns=; zMX0P0MZuO)5D|!xG%{RpiXbBhno@(-23cjKV2{7)>G1sn-g`gKeeM;d!vmA`wrHVn zNC*x+A*n%-vID>L4%+3(s43k#$c<3%YTMO0sWw1l-qdb=%_iq~1g)TyRHkuUYSY4K zm;ysjDv(lS9V)&3){p0*f#I^obE!M`ONXn;mPs{AwISx7{`F6FH^mxow7>Fj(ZoOr z2$;N7(yjfwNVOomXEwaerg2gzz`%{P&>#tsy4H^p2BnNrztz<8V$z0eO47K5>g@F_K$?2Tw z+oLMiczKRmN}JFsup$U%2x*zX8>r_Qnd9DDVn`;P?+O9H)dC7fA|;?#=c&qhglzx5O*mj5bde|R{l)6I_k%ZrTiP*pmdOnA^ zhdD-Pv*}Tx{t>izp+FU`xf(6`W1YE39rK54Db&qwU<(=zt)cJHPfkRaMMkc)H6t$U8D_M5#1 zX_ra39EmTvG17xwfk(7duFU9@tCpV-@J$m{T~!gxW9Sv30Kj!t!AAcL_P_gL!s`sA zCY2b>>^o2J^LgG|o@>Qi*CFV~cV9yIWoG%oii|%f3M&Buf~h%gpY?Gea*mEbo>kNQ z;LRsvSBr)U_Rl!ZcnlvN0t)wQ&5p$7H_3Kxi5EZr)arosXV4Vddzs;8PxxBTJbT@H zQOXOgf=1j865MY4&w8>{g8OA*FuCjENaJ#W#?I>bmNk?fffJM^dWfsy$WX*^*vKhA ztZe*-S>YjPP;$j$N&jq!#V$Ivcu*G}FFV=jui^p*HA(>{}&}vM>)-_(5@e`>ttGoNSh^Vi!&=pc);+G9-hR8Tr-6g z!P-jUx~tP-yem-=AAi73VjBK$w;PNrXgCi)@#g&5U_7oJ35rZKN!>(@$#$HyWYiYF zIx1PQs@PYyK@_`@`_sGc0boypW!)E?h3^iUcOhZqC?)-&ib1jc_wz3$yYV-;@lKnk z`9R^nvXnWzvBxXo_OFJCPN{_j7~4%`p0p=99r5ybPaW!mCP*JbpgddW;f?r87vjL4 ztyX^yLweZ@sJve))qE(6!QNH*5CqbcN8*i^TUwz`|3>=tE1f|dwT_qoju zVdAW}hj;_}?IAwz1tHchaUSdva;t$A55AZOnZ0QuKR=Z@b}nZyhXTWD^%gv{Q-V}b zYdR#>iKI-5tApa;K6}}h1kqjQ{0V|axi`9}YfkpXqdLfN#;7b3Hz(|+Q9U1>1^gW) zdKWC^KD4{+GcgqA4%h;_!6c?QU{v{H^ecPpM{kx(%3xbLUohc&XG}Xdbb7#s9IU&I zQ$A5E^i-M%T#tnnseF*<54Au+qnKXiY)3j{39O}UB=u9MfJ0dpudSw1Lr$F3=hEj7_`Kh*=ll77H$=dl!gL#zk-AbK9PGDH z06}S@L{XH@)FT3M8a2Z-ZeCr~Ph8dZv&?IKO{rwdp;$6w5h;Nn1;8(>H5s}?&Q6&( z@)Z@4dXzk)nddt6e!OX(kxSQDVD`%_$DoP;0qi}iK&IY*;9>7S*X#nR{$+|i#NQrRJ$mNs|EV89bowQ4mYM1q* z`ubA6DGna4fqb4keC1NK&>x9bsgrl0&_h6^ql)=0pVBdX&Drn}$#t97lV&_pDRlCe zXe{s_(y4*KXH2kQXPz>;`;uHf&0K+lpWaGnb%sZz_pQ$})IZ~|3P2av6_xh5*n;&A zj5mz57L`o5PjmPe<<01vpdv|wRIuq=&JY_rJiYHD-G9$&8^A>6H)h-kfaDu<6+8F8 zQ}Cb2$z67)LAGONd_zzhWILN}%Vf~Od0MWho-zV=IJ}V^Rrx0-)L|om!7R7w6(H@m zG?c^c)@c`o$j`cyotu0}vO{jP+~;WP($f)ajWti+Gx$6JuCfG{{x{hF?n_TK6@AVT z84tjkBMnD63#M_T_bv^g7Z&jI@i~HD#4xtTcSRXf0)Yeu&+u`RieR5P;RpcP;j~9n!;W~z@Lcb{O4wlxRFUy%>&+8BS3f`dx|Oivn<&}T z%v()YtxF51Z(aHjHQKI58{(EF+A_@5gbi591?gp!IAtj{A4Y&Jw0&Ms%gH2FM+`g& z%)Z_eI~87al3ZrOXPK7UT_drkKAqRa!o^c;*X|L?LxBdIH;9tnRtx`aO0Ttqv$E-M z`Ig?+EO|bUyNnXt_J2`E?7W7#-`~t>-J4C??KN1|e-HbF7HZg@;2K?>z@}zJ3n?)*8U#mIK5q1rMLvL^!V=Sa{uM?=jwS0teZ3F^eYUpE5fP zfJI!^O83p(tRvijfZ>jPltJ+%g1psy*BF|odoKOxE~)RD@E{Nn!{bk_i`1&nHY6uM zt-+^O?zY&-sx6%wX>XoOPs%}dfk2(UbDD?v!Z7z&%|5jaFRi81KN@EIwv}>3x>#lB zrFmFW?3Y8VB=hAEryK_*moIU~ySILe))jQpLE_3z(YWkD=ZmrFYUL`eGfi(Z4|@hk zfC%KW4g)G8f-qEV6naZryE{BZZ|<{B0bWVirK!5;Q*#0-vT}Q?9VSE@`5{zb=r_^X zOiQg}iJ~BP53w*TR(r4A&S~zmLmU_Vj?=5%_l6ukd0Tzrs-?H+5$R4{25j$V zvzt)>U<^|{5H>5G4q6b)a0^jO`Mws zFb(`>%j$uahMd^M<3Y1*OBCTN&x7eT*O{#~G-%Z%C#BIRs|_o)UvE#eU#os}q?tX~ zjDfm`%hr06D2r92Nm%{{N^gD_2VEjduTv0@Sgpg<9ZPUSNra3d$9t^sxO+d$lNDur z*~djr?D*7+M*M`iU6^HKX0&5KovpQ&zR5r*3&uu#mnVN006ARU#t%C-UECG8FI2p> zCb#=c3PLqP)c){g`|cMbo|PalySdjeBY(!hB)kMT{bX*3b18~C`O&DxK+wrN&C-DV E1!?qr{r~^~ literal 0 HcmV?d00001 diff --git a/other/tests/missing_key/s_c_e.pgp b/other/tests/missing_key/s_c_e.pgp new file mode 100644 index 0000000000000000000000000000000000000000..6f4a93ca62c670ec71f35304a28f65c8c2f0880b GIT binary patch literal 563 zcmbQz#*)||mMq4p&Bn;Wc*~uik&)fO`1H&3E7ts9ohC4S=Uv~^4PGC1XFqsusr_D& zd#PTor`$hwW+tyG8v@(;HWdFid*RE!B&d1!^Zy$gx88THu~^T1(6&q^t5Ka%`MHjQ zdqJ{JiY#rsi#{!CC_KG2#wIY`mLJZJMXvl>`$lsWtM#^_C0-yZFL%B?8B|wHf=M` zyEaq4_-EUei_<@p=hPhB>-#o&*Oab_U#2ng?dYgrkpKpd0)gP+K@NsRx(xp;y!6a; z8l0yn7o9)p$KSo#SuSz4TP@F-jK%Kr1eTi51O}Aq-c3uE|MxwY^ncZgqv5N=HP>vo QwdqrByS8XZyTLpr0O2L*IRF3v literal 0 HcmV?d00001 diff --git a/other/tests/missing_key/valid.pgp b/other/tests/missing_key/valid.pgp new file mode 100644 index 0000000000000000000000000000000000000000..90f42b58d86f22950f89ec4db859f0865614f5a6 GIT binary patch literal 556 zcmbQz#*)~mCoRUQ&Bn;Wc*~uik&)dY)~`)J#Q)!x2SNX@V-=@=JdiJ@_(n-{`{e;rapZ`v)UHUvc#Osl=$q_ z%8m&v!eSf@7GjDl>J{E+y0*CKEBff1Gp#N*pY9v4!pa14Fq5=0D>o+xI}@8I7bgcd z6N?xVGb586Ba?Uo0~eux}nE0H-Wa9S!G5zfv`oFJF zc$nM7$Z%>=z!%wKBP~+1?##%gdUOcYEKWU#~2?MdUrw! Date: Tue, 2 Nov 2021 15:03:55 +0100 Subject: [PATCH 2/2] feat: add test for key policy note that some tests for UserID and UserAttribute removal are still missing --- other/tests/policy/expiration_date.pgp | Bin 0 -> 1394 bytes other/tests/policy/nist_p_521.pgp | Bin 0 -> 1592 bytes other/tests/policy/rsa_4096.pgp | Bin 0 -> 7901 bytes other/tests/policy/subkey_nist_p_384.pgp | Bin 0 -> 639 bytes other/tests/policy/unencrypted.pgp | Bin 0 -> 466 bytes src/certificate/mod.rs | 32 +++++++++++++++++++++++ 6 files changed, 32 insertions(+) create mode 100644 other/tests/policy/expiration_date.pgp create mode 100644 other/tests/policy/nist_p_521.pgp create mode 100644 other/tests/policy/rsa_4096.pgp create mode 100644 other/tests/policy/subkey_nist_p_384.pgp create mode 100644 other/tests/policy/unencrypted.pgp diff --git a/other/tests/policy/expiration_date.pgp b/other/tests/policy/expiration_date.pgp new file mode 100644 index 0000000000000000000000000000000000000000..fa522fa549fef04bfd160d0117f906eeba9cecad GIT binary patch literal 1394 zcmbQz#*)~m_dtwOn~jl$@s>M3BO|-R`DI^rK1ki%%*n>Q*8Pp6o8a3pmg-vqHHQ;r zZ+30G9`KKynMo@+x;1Y8MDhPj5{~($>$bey5b^6Z>r=z0pHkB2M@)LCd_g~A#>*R} z|E702p5fIyIs3h6)?tO`n{=i=dA2EYm*o2m`_emp3GGcQyp;G_V8<5z)QW=4qQsKS z{Ji*-#FEsGX)MBG91M0$(#)*foE+>-Y@%G89NbJSVoc18Omd7&;tgVoEPA(=Jf7># z9KYx775?rkj>Z=AFT7@DN^I0uVCA$(;dEf&;uL_1n>=IqXRhPCa$V(;O132;yqX=~ zoYm(A?wZMV;7`u(+LN~3+M5{uS!vy`XNz(4&^vF=yYsQC4BO{-r*{NVOrhZ{d?EJdri~)3N56!_WznU zw>HpG>0q_Mn=om~cM^d)=Z}3mKWF>L^5Zj4I(}Mb0)aBGMmk>HH}A^Bh~gYz2it;Q4rqRhuF-|6dLHUifV&%~y)6wd;x}(% zlim`3H#?2}mHoW7Z&3z&{A8Q*t}rqGa>W+vuWxQ8f`Eps&v) zt$-W?m352^s}r?9W+`v>-Ri>T{X}|Eum>-xlVj+26y zo_{f|fO+>EC#9KgMoa?rYMJG7)0t}|by^WD!iqG*g zO_Ti!`k8{O?%bbyb;p@WLXT34&hY)QO?}-JY{2k8m8+t0)s~+kT_+fYw7NNGF#TB0 zZ}_WW^E4>s`(Mw6?f*aRkvivFUz*|-sVw|h;L4Rbij9x&=j{}ze_ve3+48iJ-0BBhN_|e&op&&V^926v# z>~0&n;YFhysmRMqdM$2OK@#e3uClWA$a%XF4JX?_ZnV}WV2ynTET5wr zu{;Y^g40UsY)C+)d*V8A>&j3iHB{tH`6e6!pr*Oexl4L7TWT0VhYy;Kb0*A4#W>O& zvVVBfA74K(>^O@X;}zECLM&N$wfQcHj5jCk5_usU(OTVM@U%{S81^K(x6Z!p?e7#B z@*?+~@{noLOO@^g8A#TmYZ2!2bIW^a0V|U9Ab4)$54~jvIv4l|t>B%}8j|F9Bfd&4d-t`|f7_A>w z{KXf4M2BO8-S3v9g|izERfwn-hJY%s=d~D3Ym6K9V{wfV^WhWD24UUl3pN$!Ty^;E z8?v)3iiWtOk|4u4)ss!5nXl%i`hw(1*(b)Zd{Hb0=S;2RC)U?zN;dL=RQ7@5;1BVj zlR=WS3Kj{%P<=VC@lCxXGJ?iXq_iiEzi46rj8dVGMr>o2(HiQGGbYIh58=u*CS%S0{W!j=&V6Y6wrfoHMKIL?K#Gvd6@2-y^+7|U}UAV_> zas6~2XZ^t+?0a+t)x>2|9plOE+Lb7%)fGaQ#_1tQOtvzu_VmpTpR^OH4cVoKG~Hj; zT1H9C^FOP}H;e<0EajjHZe@fLeYeS+gH1xot1AZGXw3?@U`3N7`E= z_Lk&c*?4K_hkx^C@4$bb7*}mKJXogw`h{Y5oTxaBU7#CPRJ5F>oqp#PgU^`Na)@xg z9ZM^4bU-MqMbuQnt7om`uvQJEg99qU-}I#NyYTsGHvvT18d+NC5n)orA+Y0@LC9M( zp@re40Mjsm`okvLw!aZ!!FKkK^gO`B5_^NRs+ z)98s|^N8^Q!Q5&vn~P{qp)S)2IMJ5z8zp(Vu{LyCgb%|gxd6P{vo{t#1OcsX&1iUB z?YBTaZ^Z6;im}CS-!kp(DU#mmya8UxmfU;*7rmy)@W0 literal 0 HcmV?d00001 diff --git a/other/tests/policy/rsa_4096.pgp b/other/tests/policy/rsa_4096.pgp new file mode 100644 index 0000000000000000000000000000000000000000..0022a018ddf56cc785f417c28027ef443dc1b22f GIT binary patch literal 7901 zcmajjQ*<4UmIm41H3vG{TGyssNi;MDMkuzipH(a473;9%Z~L%&$g8 zKGdjO=Q}MzA9z`gzWsWQMs%lpx333BBE7pkG>3KOs==kW!@o@_B+@2;=iZl@;kBCK zen`IRzy6TtEhaxYIT5YvHR07+TS><3bkg{)`kOy6w?#3o5X~3X47cfJ^x>7y>=#fR z^E;O=0!wGzC)vxjU8ypsMnBddDYEL+7^-d||9T&|Nueb4l_j}f*!dfrp$VWmM)Smn z2n{?~hb>~;7lxSlYzcRzIwGini1$e1*|ukfoi5RJc$!yi>v z=E|`9PS;drj-1~ECWVe1ohyimn>%m&uK2YoO_zR2PQ{?YV#r1pw?$R5ZZ5AScd7=(T1?`v zo$Rc1MSD?5t5yC%e&>mW`Ad+?zs&3>A~Pf0Gz^Mg;$Y`DmcC<0X%n}1`U_!!u)k13 za_4)wqBs^`1`~dk#89)3tNQS~p>w4=)-yEzoTec;J{M9aR$&0GE|Zk5_%&$a0#*FJ z1T(vM?}}7qL7+iGKz_hM0m9)tgz$+%EBD+S{n1dE<<-LWOP>r( zYjGaRAj0oi9NVPtI#v~k_XD&Ijc*^1DLr$4NIxvovA>h33);{qsxUl9w`v$HF6#9m z8xre?A?c@lXlFI6X(jLttJ>|GQywBJe;Za&=>mk*pnz4WIdRTXkbnYQ*)Bo#GOpLrvioSSd5o@mM5tj}mX)q*Th z{+fGhr1A+@6hOs(SNijTyZil@c2i0aPeNRx8@CAQzFHgX+M+|E;OHD|Mc&}J?4d9> z#shC(vc$LQkNa=jz`0bw%UZs+lu1&Pa&N~PovKzgo~g)IiEAWa#%=KS|n z!N77G)u$O1&7q)-_#}`AH}(e&y7NJ>nbq3{$<8|R)j*kMKW0W*$5;4=(-SJ78}>=( zCsN1ZAr-V31iRKWm?McJ)heoEP+&UOfa^dC@FH^KzmN5C-8;}346_wEFungfFttk) z@H$sB3y6(z81|W?P$OcE<)iw0rQe7C%xUPHP4GG-%TrPLVmXZLwpD%&Oj8fmq8POu zj7eZQgAwrMqK%@$T;TccFkbP349>R?R`Qq`rlY0e85s;%K?!{G!GzCf-DC8_53^*Q ztc?H4KX$WeE0P_4yNA7R1M?&z-+7x;KJK?R-tVKfM7IVX*PsOIIez&96HK@}l>AArN< zqLXHS1lkg^uwFoYPceK(0(t}*=0u^SCQ#B44PF3q3+K`Ny1$;0spSX!s zo#(fKB96xmH0)2TER}%6-=%duccK3Uw%!Yb&v`(34xl5-NLW0RDa*}gl}`;d$ROLW zcT8naoyqzj)RHt3HM8Gb{Ug^yd;w=Uff4_hy;IYJlcq@-UY9Rz(xNGwJlgkZGKW#w5|^KZ?JVSy6C~%H8K^4AGYg4e40I7?);?dGkPx<;M3uKu-=4r&>Y6wHQ-If_XAyxI|GJx%EftZv{D&0x^mi4CGOK=48Xb;8tZrtpr$-#fp$t;;JWje(F;0prv>1Jh_6kEad za4xRKhPLKj5dcMK3`j%>UTiXGui&v$R{gY92-M#Gq{-vQbMc8&7{I^&Er0+D28aL; z2Y|&wM1ThZps@i^kN{#x08StTA_D6FF53~Je1c+oiq3cQgUvET0WOOjs+;(2v@GcJ zqK`*cI(q%1bygqUmjXdJEA<`YKLym;oZlvC;w@Iz1iH3L!nt)U5F6gpNhS>6n9r8j zSnC1smU@1Mk!?9xE_tz$5vL!j5GY&d?XP~)DrgCpUK#c@v*9;8pSuv@`;g?)h1pFA zS|9D-m^YetGWvoc0CR&jrH0ZgPEc4=+A6D8Ciht1e(t;TRHS3b_6r}R%-2`2 zoB4R)T0733>wyw}wT^tSK4;g<{LIHK3f}v05Wzr`zL7cikcW5zuSq>OXPMr8HcR8k z-a(-@P}BZtDX&tk1P#20fmTfWY)XT<WgV(Va6O*Osn-IB9exm-$g8--%k6SA(K2A+)fLwTde^))zUP$(fuWz|x^7m}y z0aE;a&;rfF8xsB4p)p*2WwbI(t3AotW3xpLeMxk389p`FuLB5$1w1-<2y#=>=R}C9 z?A57882JJv|33J!44GNF1@9$VdB-&i<;a_h)jYMj2J)zZzUg12}lG;`n zCO&bCtuBZf3^5Xa{0;ARZU@ zijcvAn;hzf`f@%BN+MKIKK!<4xu+vr(1`BeJuH@!&%(WFlK1bXA(UA1Byz79p`x@= zbSJ0qoyb3E_e;yOv6P`-?T}0FqcrBW8Iq9OUUtFum72#nWJ}h@ON%Af+hE^NVR!9J z)6#W*QVoiq5E3+B;F(y#H3d-~(?m&MB_Zi~FlZ`c9Yl9WzVmxiZ;Q^Ud-6{##_n8u z1PmNLpa-)-2I}AhUGh~bC%VDe^aRlbwv?I$V>AQsP~9v>yndfMJqLc&k{aib&B-5~ zUt(>G5f~ASG48G!26;BY@JLm-^Y+~=Is`2E8}-+Rp+I*+M1f~H>cgbcu7)Gcpzoc|*l6N`aQ2XThyr?n)6xCsvI1dBPJp+F_}JPFC?w^j+= zA~&n{3i|r{wdVU;*bk0$H$vA|HcOY&7Km0i<~=`y>wKKdH%h)mnPz*E{;WkL8n9}jHx-6x-m>mC{HIX z+!T*kmz(K3Laa`%r(~gboJJ*D1mA|4p#gnTft0Nyp<_?J-q=?hSb!B_q5a3t3DPqqu!Og*a5Q!>@d z54H-|g#Aqw{7KiAfl)*IIq;e59OBc*B!DFS0_(;iAt^Z&e2VVsxlR2MCh@G)TjE5I zg8uADgJLc5H)JW#kzEdu{h=#NI<}O!Cj-R~cD@ohuQ<;BSDO%oZ+c2r?qMD)SHgk) za7-?54Uw&dkFpXY%XNiRcKxiDId1HVeb<{%n27#&Tg69ATg%U{Et?23#!C7^=4gKj z3(OKMWr(l246(IH7m#n&7(yi|T>XB+C>PiH2hLeTO&V^Tx_CnWHq*3p@{yh0obE2!qxWNu?AF8|SIidk-JI0lOiMw>P+1hF1F+59Mc_?JFidqvz z3a|v&B^^Dq?Z!~!r4M6ZmSXNXUfdFpx=$u3or z(9>0%9?!1-171-py$7(>T8?@>OR;tWMi3xOi~`mP)TwRm69@N+Fp}gFg2I71FezUw z*w00X7fcny!ZRQ7Um+%`#ivO(SiFf6uIZ4aM(AGnI`MV3Mw5SeOAI6_N$k$rV<7F9 z$*Q7Fe|AvCHM#TRG)MxwXQ~?$WLfYm4FII?Wtf~=ds@qH!##6&qpZ-A3c8EF!sf6K zaQHP$>LoZ$NTt}_as{|F;b?mDVU%xGdXk zaJIXMDN|c&Rdpa$c{zwtFA$PieO^-pK4%0B`|@0Hs;ib<_`%{XyHZMy_WX=o1O~I;Cq0pb%ax0y;uO zS{?dSEpUIY79rN;2#a9-9ksk9Ifr5V_dU$;uX4?+|F98SpeR}aTel6`LFn+D1_ST+ zn6n{mxEjHc0}e{hVSWoSLc5mMzbNfU1!~+oX@|f*pM>h6$G1#yMd)(_S$`YpFf=e<(clhE zhyZXyRf(sThNRVozPB+R5MJ7)zbj(MaZUO);Y_fc0)vOLkB7 z_MHzuSE-eto)zxM*gL~6?GT{)Al1^H6@VWapr?SULC2~XKn7ir-Jwu8MrjH~&ljF=Wp{6}FkHZHe zOkIx%oSzC@J{RWK;z!xt5dJB~c@ID(#t3MM^Z(7LPS@>A&HqZz#0rTk&)pGDC- zm0ZQqVvn41T8f7R*z{|&9NS3HPuaW$Gzy7ar{8w^Uz%U|OX$WH^i8;*Cq7~aJ(Oh# zl7F`&vikyU6VM;G)@%h)VG|Tm+<{-Ig^zn*S&-Gvs+hoFfRLdh6T?yhN(q7u`&lT+ z5-;Ijkf?*L`Ot>LqZ$j5GNytYEhI5v45q-bs3E09_0EEqaSse1D)wOr^K*=q*PBCi5B zFTlA^>l$PHC@JrM1Q!2KNw)fX_`OxE{0fa!{6*gS$6+>moiMT5re2bX6uCwTM)>@e zK#L*XHdC1qf$L@#KM|SpW)sk5jC-4~jXQU@m1NT_wTgg}1?cCp*<}ZioC~Iq@vnz8 zW+{Rhz|$;~KlPPHPTP24HztM^X%9DX?gro&cy+HK#Ha&3&8P{tYnuE*dEULHxu16H zW)VKwU!4}`)lw{snlvQvcsTHz@?Dg>=iD#SRhmG)%vC5+@?4^f~>>s6r9AU8L1|?Y;7Zo&1+|PLn&`34PunEdCHB+n4n(h133XZD2IBnw2t_6)W zIj1<%@X*ewCuKiZ@k|$sxE;*Bhe+&79nDZ9Qe zn@GvqxwZ168FY7&mgT;F#R0+JC)TttCoHg6%#&WZ3KO(aLFBnt*~!i?UK?e880^!A z#7Qj?wTS({&Hqne8TukuUi2fCpNlC6m!?C4=-ipCow|zb!Lj5yPPJgYG^Zr1aZ$|b ziiNNvhI)^Bo#5H6!FsfS@@Wud^}~I&2Fh#dGt}MTq+FXD+WhDu;f%y3l(bG)LFQ+# zp(jbztCS+Ud%)~Y?RdLC?`Y-ZWwx$`h(%gFac~tN@GCGlIx{ISk|SwSpWKC5=Py29 zm&WY2BDhdgXueF)PNK4UJWlWI5jPF3Mu6=KnbkP6FoxUC>S>j}Qoa`^)bNS5xPhR6 z-=z_xVHkU+fJyh2Sdo@hPN`5gZoR}?nhKc-BGjtq(bXJz{xD_a#`@1}f1)eE0fxyj z0m;u9^(Zh<&N96{cVDMSvOh$g!SA}~hYxR8>0*f*v(ev8xxox~?$IMzg+-joWmP{! z#;K8>;`-G*sY|dA2M4#o^(=4ikkLp+TwCE3)(*nxcpTRCOlvzSK%? zHY)X$;D8aYJInky549nDDQ0_!_zC)u;)h&~ zD%=oNF#WhDM$Y58;c5awqFUh2pYZKtaLej$BKOYlpD~)&2PM`^a-Yq^b*yt7AK#p} zQkz%4Q>)D#&ss-5c+?E$x-Uz8#gPjs-z8L_&Q6ZGHsh%B4x-CFFr=J`?*@{7pN6Kt zqWN#lN^$&tqt%XPD`f+T_U4M)>;!x&N3m}71&o1WOYP33v#j=Ay8WCf)JO2((kF0m zZ#TzbpT3gNtVx6hl{@>?g1AN5Y3FxN>Rh_HtdxAVJEjFMDGrTHa?*z6hV$E#Cg^ z>_7cN$NVooMzH_3z7stO49TspBT`J|=Yry{DH4#YjNOCs)>iAAtB=2QL(f;l`i|z% znEC_f=?RK&%d=9TLtX<7fdr>(A(IpcysiwzP7{dfR{uoEJ|a`g7fElf$?VbQ2Zl(h ziIU=PZ9}v5cPWG!6!@lNT=AMlD}lm){?;bbZnMYCyuND0+O^q0k1E(E6_a-#*bzUv zGeZR?O2+UpyTxNRow2kVl1l}kV$UX8w6kO0)$tz5$rTz(9Ax96rJh&GfA=nnTtf~& zDAzBSUy@Yq@(3{%5AD*xFVbzZW&tQ-_Q|1!ZgW-tO|OL)2MpmWO-itQ<$JI*6XC2@ zQwB{%8mq%+V)?*AVEOFOynHoPxfO@a4}ZIvy3(Io>T4BU6J{muVCkFEXWlf96~8g+ zMHzQ5wKJ<-FLPnfG*QDz-*O(DE_Fe{VnyGu8EME@s2N$e3aX?`p*U__D(H-~$rzKy zBOuiFi_d;_cOCFVFcq`KRV4U`?nC2|Jc>ktFLahXA`cM(h#J1<1~6|GT}VdosSzP~ zp3qDQ{~cl)gAWs9dCqt^1?HJ*dUC{vRusJ@LhB$QRo@2Oo5}XqkZfjq>huJUt@XP} zRX-#u7l+prd``O&BzduTa5+K+ELBQmQ8L;V7I%Hso`$=S5m(^YhlG+?o)CRh&{>~P zB_mc-7tZ_sB!|_y;~S2#{C?*Z1DP5Cq~@@(*+fpSCSJ1_B!O_vT!KiK=8Ax}`_BT4 z2M_=NpnrE@J#M7Xc>l1C=pVNIBDhW(X3Kcm_!`mIO?@4SYsdQczYDeaf0^xnCtQiB z5NYI>Zu-$hUmi%Njjm`Cn}6U0a9pn6rt69&E1N6dzGLXCr#o;mYR$Y@XkQDM$LJ+I zX>D(m3|n!c>x5eU`r);0q`P-5-xtj^S#zLLNq2M{t;xKm{E3wuT6MyM&ovv!#RlyCUrT2a4#>x; zadH8xECmB#KyLW9lEQos z-t|`H=-NgtMYdj1X6tO8FqlmtI|8-!7R}bq4gLv@@5^2~Lu8v*ws&x_695BTf_gvkG*?xIpPar#Uj(!r} zbGQKbQ>rCT!*WOeD0F`fe=4O9x0BU->PXk_z|9-pB_co$be+6|o-etQ*ttX2MFfm` zjZf>gN)&DSj=VV>@YD*0`5IzEQXxB;gVa)Y!C8%IsE#FFd@YQaTtqf?tJa;4wz8{7 z)e*L&P*7_zTrgH?=MWW|XxrR)9}ZKrtJ88|jmtRkH!ANfNa!E$?tAm0ZUau8iM8I3 z4S4qpKHIll>HR6`z((o(p4oFpwICtK3EJT?zJnAmyZR@(wBQ#g#&Wvr6;74OL_87XCN%Kojj@$u%t00}QjU>t7)=$~6|;=VsbOIqf(OovZwvx%smp zBRt9RP+gVl=8CE^gf?P$aLsSY-w#dHWwtMp4zw8&W;kK|sx+F_YdKHNUC6JYvQ!|D zjh=(h)X<>>=K{V{RIhNFmKSxWGjGEZLF$-eQOsGg#>-Us^sle&F*`W2WBTOS%{W8m tlITt@Ar!hC!yA&zMwpkb!5do1_rbP@Qq!(kXr9f_E2H)N7Oe~j`7a!ED^&mh literal 0 HcmV?d00001 diff --git a/other/tests/policy/subkey_nist_p_384.pgp b/other/tests/policy/subkey_nist_p_384.pgp new file mode 100644 index 0000000000000000000000000000000000000000..8a715e0527982378b089184a6572af3c06b30a1c GIT binary patch literal 639 zcmbQz#*)}*E+@vR&Bn;Wc*~uik&)ej^^ZaG|F^F$PjF20+I2MM*5iuzOv>LjxhMAh za?P3Y*X>s28qEbmJ@vZEWXivtcmj9U&-?j)AmnLPWR>tRL z7MH{q#2Z_fbWC6o7UN*B5L0CF`+a7cW5~t(&OffKYAT!%mOb5NJ}VQ@;ayD9%Bl4IO3chG8&fJ(En~_KlznF1e=zhRvt!EznFiI%Z42V;Kbf1UPjh@;s_^LE zHG!T3f`S5%ifxVGJq~2c;=58ab&r!5h2l^kM~b(y!rD@a&?)<{4d_(o6@YF z)}DE@e&>^I;mnMj9H78f>V7#V#O96f|5@|*yI<8LT5g0{gZv z?MGcY0|mv`fBDR?RqD0-E}L8I=Wj>Kc(U?teP~xHcBVMgRr8+n*4cH*1zrzNh#lD= zDJ8RL9)Hbg{Qx7w^kqi%GZ$Q_eSLra=kr`)wfY+A z@-<7P)c0GebBp-wxW~xQ_tN(FeP&lXwaR5rP84TPp3UR>`H3{k1%M3BO|+m_vuG36=Dv)xOYkU!0(+5J}=L_U)pzJ&hDAM zYi;kEE#Az)@X!A15xd!?36|_~Gq33d?hv}P@!zA#R~cGn9_p2v``S%W;MW%J(!A8X ziY%KMp7Sx(u9f6I(>UYAE}I4R&u2ViWdb>ZNm`keo0Ef` ziA|J?lY^UyMU07=kx7n`NxXr9i&Frm_+~sKLzn6M13QkeH~-o{t7HjtXx(By5!pM+ zOU?ev%u)REs+^PIugsQXoGyXpIoBQbE!KAr32k7k$?3-q`P zgAfvrWm?p%Phahh_Q#T4iG=J^1vhWdA}rab`vib_Rz3 z0Y}#rc^}nW#v&;%_jyv&Di7UhYF9m`%qci>#{Ubey9B>;M+J)n(8CINJnX{2B+Y~D zu|3R;3}^YL803DMX;O8q+WqVIbPMZMOW&un3KaiZy4dpEts{yIf5pUlfB&97|5@6@ b$^Q&BOKW?on$7NC__ybchIL8wMHfy0V-~$# literal 0 HcmV?d00001 diff --git a/src/certificate/mod.rs b/src/certificate/mod.rs index 375504c..678b231 100644 --- a/src/certificate/mod.rs +++ b/src/certificate/mod.rs @@ -148,6 +148,7 @@ impl Certificate { #[cfg(test)] mod tests { use crate::certificate::Certificate; + #[test] fn missing_key_check() { // is missing an encryption key @@ -180,4 +181,35 @@ mod tests { let valid = include_bytes!("../../other/tests/missing_key/valid.pgp")[..].into(); Certificate::check(&valid).expect("cert is valid"); } + + #[test] + fn invalid_ciphersuite() { + // cert uses keys with nist p-521 + let nist_p_521 = include_bytes!("../../other/tests/policy/nist_p_521.pgp")[..].into(); + Certificate::check(&nist_p_521).expect_err("cert uses nist p-521"); + + // cert has a subkey with nist p-384 + let subkey_nist_p_384 = + include_bytes!("../../other/tests/policy/subkey_nist_p_384.pgp")[..].into(); + Certificate::check(&subkey_nist_p_384).expect_err("subkey uses nist p-521"); + + // cert uses rsa + let rsa_key = include_bytes!("../../other/tests/policy/rsa_4096.pgp")[..].into(); + Certificate::check(&rsa_key).expect_err("cert uses rsa with 4096 key size"); + } + + #[test] + fn unencrypted_secret() { + // the whole certificate is unencrypted + let unencrypted = include_bytes!("../../other/tests/policy/unencrypted.pgp")[..].into(); + Certificate::check(&unencrypted).expect_err("cert has unencrypted secrets"); + } + + #[test] + fn expiration_date() { + // cert has an expiration date + let expiration_date = + include_bytes!("../../other/tests/policy/expiration_date.pgp")[..].into(); + Certificate::check(&expiration_date).expect_err("cert has an expiration date"); + } }