1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
use cmpv2::body::PkiBody;
use cmpv2::message::PkiMessage;
use der::{Decode, Encode};
use hex_literal::hex;
use x509_cert::ext::pkix::name::GeneralName;
use x509_cert::Certificate;
#[test]
fn p10cr_req_message_test() {
// read request object created and captured via:
// server:
// - openssl ecparam -genkey -name secp384r1 -noout -out ec384-server-key.pem
// - openssl req -new -key ec384-server-key.pem -out ec384-server-key.csr
// - openssl req -text -in ec384-server-key.csr -noout
// - openssl x509 -req -days 365 -in ec384-server-key.csr -signkey ec384-server-key.pem -out ec384-server-key.crt
// - openssl cmp -port 8888 -srv_ref ABCD --srv_key ec384-server-key.pem -srv_cert ec384-server-key.crt
// client:
// - openssl ecparam -genkey -name secp384r1 -noout -out ec384-key-pair.pem
// - openssl cmp -cmd p10cr -server 127.0.0.1:8080 -path pkix/ -ref 1234 -secret pass:1234-5678-1234-5678 -recipient "/CN=CMPserver" -csr ec384-ee-key.csr -cacertsout capubs.pem -certout cl_cert.pem -srv_cert ec384-server-key.crt -reqout p10cr_req_01.bin -rspout p10cr_rsp_01.bin
let req_01 = include_bytes!("examples/p10cr_req_01.bin");
let result = PkiMessage::from_der(req_01);
println!("{:?}", result);
assert!(result.is_ok());
let message = result.unwrap();
let header = &message.header;
match &header.sender {
GeneralName::DirectoryName(name) => assert_eq!("", name.to_string()),
_ => panic!(),
}
match &header.recipient {
GeneralName::DirectoryName(name) => assert_eq!("CN=CMPserver", name.to_string()),
_ => panic!(),
}
let m = header.message_time.unwrap();
assert_eq!(1674074939000, m.to_unix_duration().as_millis());
assert_eq!(
const_oid::db::rfc5912::ID_PASSWORD_BASED_MAC,
header.protection_alg.as_ref().unwrap().oid
);
//inspect params
assert_eq!(
"1234".as_bytes(),
header.sender_kid.as_ref().unwrap().as_bytes()
);
assert_eq!(
hex!("F1 E8 88 1F D7 99 C2 7C 61 73 AE 31 71 FC D6 92"),
header.trans_id.as_ref().unwrap().as_bytes()
);
assert_eq!(
hex!("08 89 1F F4 4A DA D6 33 BB 4A 06 CA 55 54 50 24"),
header.sender_nonce.as_ref().unwrap().as_bytes()
);
let enc_ee_cert = include_bytes!("examples/ec384-ee-key.der");
let ee_cert = Certificate::from_der(enc_ee_cert).unwrap();
match &message.body {
PkiBody::P10cr(p10crs) => {
assert_eq!(
ee_cert.tbs_certificate.subject.to_string(),
p10crs.info.subject.to_string()
);
}
_ => panic!(),
};
let protection = message.protection.as_ref().unwrap();
assert_eq!(
hex!("CD 40 DF 57 71 9F 9F 0C 13 DE 41 46 17 7B E0 20 D3 2A 6D 9C"),
protection.as_bytes().unwrap()
);
let reencoded_req_01 = message.to_der().unwrap();
println!("Original : {:02X?}", req_01);
println!("Reencoded: {:02X?}", reencoded_req_01);
assert_eq!(req_01, reencoded_req_01.as_slice());
}
#[test]
fn p10cr_rsp_message_test() {
// read request object created and captured via:
// server:
// - openssl ecparam -genkey -name secp384r1 -noout -out ec384-server-key.pem
// - openssl req -new -key ec384-server-key.pem -out ec384-server-key.csr
// - openssl req -text -in ec384-server-key.csr -noout
// - openssl x509 -req -days 365 -in ec384-server-key.csr -signkey ec384-server-key.pem -out ec384-server-key.crt
// - openssl cmp -port 8888 -srv_ref ABCD --srv_key ec384-server-key.pem -srv_cert ec384-server-key.crt
// client:
// - openssl ecparam -genkey -name secp384r1 -noout -out ec384-key-pair.pem
// - openssl cmp -cmd p10cr -server 127.0.0.1:8080 -path pkix/ -ref 1234 -secret pass:1234-5678-1234-5678 -recipient "/CN=CMPserver" -csr ec384-ee-key.csr -cacertsout capubs.pem -certout cl_cert.pem -srv_cert ec384-server-key.crt -reqout p10cr_req_01.bin -rspout p10cr_rsp_01.bin
let req_01 = include_bytes!("examples/p10cr_rsp_01.bin");
let result = PkiMessage::from_der(req_01);
println!("{:?}", result);
assert!(result.is_ok());
let message = result.unwrap();
let reencoded_req_01 = message.to_der().unwrap();
println!("Original : {:02X?}", req_01);
println!("Reencoded: {:02X?}", reencoded_req_01);
assert_eq!(req_01, reencoded_req_01.as_slice());
}