est-ca 0.1.0

RFC 7030 Enrollment over Secure Transport (EST) — client, server, and an internal X.509 CA in pure Rust.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

//! HTTP Basic authentication helpers for the EST server.

use base64::{engine::general_purpose::STANDARD, Engine as _};

/// Parse an HTTP `Authorization: Basic <b64>` header value into
/// `(username, password)`. Returns `None` on any malformed input so the
/// caller can map it to `401 Unauthorized`.
pub fn parse_basic(header_value: &str) -> Option<(String, String)> {
    let encoded = header_value.strip_prefix("Basic ")?;
    let decoded = STANDARD.decode(encoded.trim().as_bytes()).ok()?;
    let s = std::str::from_utf8(&decoded).ok()?;
    let (user, pass) = s.split_once(':')?;
    Some((user.to_string(), pass.to_string()))
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parses_well_formed_basic_header() {
        // echo -n 'alice:hunter2' | base64 -> YWxpY2U6aHVudGVyMg==
        let got = parse_basic("Basic YWxpY2U6aHVudGVyMg==").unwrap();
        assert_eq!(got, ("alice".to_string(), "hunter2".to_string()));
    }

    #[test]
    fn rejects_non_basic_scheme() {
        assert!(parse_basic("Bearer xxx").is_none());
    }

    #[test]
    fn rejects_missing_colon() {
        let b64 = STANDARD.encode("no_colon");
        assert!(parse_basic(&format!("Basic {}", b64)).is_none());
    }
}