diff --git a/Cargo.lock b/Cargo.lock
index c3393d5..2bd3107 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -61,6 +61,12 @@ version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
 
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
 [[package]]
 name = "block-buffer"
 version = "0.10.4"
@@ -262,6 +268,19 @@ dependencies = [
  "syn 2.0.15",
 ]
 
+[[package]]
+name = "dashmap"
+version = "5.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "907076dfda823b0b36d2a1bb5f90c96660a5bbcd7729e10727f07858f22c4edc"
+dependencies = [
+ "cfg-if",
+ "hashbrown",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
 [[package]]
 name = "der"
 version = "0.7.5"
@@ -422,6 +441,12 @@ dependencies = [
  "wasi 0.11.0+wasi-snapshot-preview1",
 ]
 
+[[package]]
+name = "hashbrown"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+
 [[package]]
 name = "hermit-abi"
 version = "0.1.19"
@@ -529,6 +554,7 @@ dependencies = [
  "rmp-serde",
  "serde",
  "serde_arrays",
+ "serial_test",
  "sha2",
  "simple_logger",
  "tcp-test",
@@ -551,6 +577,16 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "lock_api"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
+dependencies = [
+ "autocfg",
+ "scopeguard",
+]
+
 [[package]]
 name = "log"
 version = "0.4.17"
@@ -638,6 +674,29 @@ dependencies = [
  "libm",
 ]
 
+[[package]]
+name = "parking_lot"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-sys 0.45.0",
+]
+
 [[package]]
 name = "paste"
 version = "1.0.12"
@@ -747,6 +806,15 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "rmp"
 version = "0.8.11"
@@ -769,6 +837,12 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "scopeguard"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
+
 [[package]]
 name = "scratch"
 version = "1.0.5"
@@ -804,6 +878,31 @@ dependencies = [
  "syn 2.0.15",
 ]
 
+[[package]]
+name = "serial_test"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e56dd856803e253c8f298af3f4d7eb0ae5e23a737252cd90bb4f3b435033b2d"
+dependencies = [
+ "dashmap",
+ "futures",
+ "lazy_static",
+ "log",
+ "parking_lot",
+ "serial_test_derive",
+]
+
+[[package]]
+name = "serial_test_derive"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91d129178576168c589c9ec973feedf7d3126c01ac2bf08795109aa35b69fb8f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.15",
+]
+
 [[package]]
 name = "sha2"
 version = "0.10.6"
@@ -843,6 +942,12 @@ dependencies = [
  "autocfg",
 ]
 
+[[package]]
+name = "smallvec"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
+
 [[package]]
 name = "socket2"
 version = "0.4.9"
diff --git a/libepf/Cargo.toml b/libepf/Cargo.toml
index d2b49e8..90bc144 100644
--- a/libepf/Cargo.toml
+++ b/libepf/Cargo.toml
@@ -26,4 +26,5 @@ tokio = { version = "1.28", features = ["io-util", "macros", "rt-multi-thread",
 tcp-test = "0.1"
 futures = "0.3"
 simple_logger = "4.1"
-hex-literal = "0.4.1"
\ No newline at end of file
+hex-literal = "0.4.1"
+serial_test = "2.0.0"
\ No newline at end of file
diff --git a/libepf/src/ca_pool.rs b/libepf/src/ca_pool.rs
index 527abc2..e927224 100644
--- a/libepf/src/ca_pool.rs
+++ b/libepf/src/ca_pool.rs
@@ -50,6 +50,7 @@ impl Display for EpfCaPoolLoaderError {
 impl Error for EpfCaPoolLoaderError {}
 
 #[cfg(unix)]
+#[cfg(not(tarpaulin))]
 pub fn load_ca_pool() -> Result<EpfCaPool, Box<dyn Error>> {
     let mut cert_strings = vec![];
 
@@ -68,3 +69,13 @@ pub fn load_ca_pool() -> Result<EpfCaPool, Box<dyn Error>> {
 
     Ok(ca_pool)
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::ca_pool::EpfCaPoolLoaderError;
+
+    #[test]
+    pub fn ca_pool_error_display_test() {
+        println!("{}", EpfCaPoolLoaderError::CertDirDoesNotExist("".to_string()));
+    }
+}
\ No newline at end of file
diff --git a/libepf/src/error.rs b/libepf/src/error.rs
index c2f829e..9b1ba59 100644
--- a/libepf/src/error.rs
+++ b/libepf/src/error.rs
@@ -28,3 +28,19 @@ impl Display for EpfHandshakeError {
     }
 }
 impl Error for EpfHandshakeError {}
+
+#[cfg(test)]
+mod tests {
+    use crate::error::EpfHandshakeError;
+    use crate::pki::EpfPkiCertificateValidationError;
+
+    #[test]
+    pub fn error_display_test() {
+        println!("{}", EpfHandshakeError::AlreadyTunnelled);
+        println!("{}", EpfHandshakeError::UnsupportedProtocolVersion(0));
+        println!("{}", EpfHandshakeError::InvalidCertificate(EpfPkiCertificateValidationError::ValidAfterSigner));
+        println!("{}", EpfHandshakeError::UntrustedCertificate);
+        println!("{}", EpfHandshakeError::EncryptionError);
+        println!("{}", EpfHandshakeError::MissingKeyProof);
+    }
+}
\ No newline at end of file
diff --git a/libepf/src/handshake_stream.rs b/libepf/src/handshake_stream.rs
index ccb47e4..2954846 100644
--- a/libepf/src/handshake_stream.rs
+++ b/libepf/src/handshake_stream.rs
@@ -707,15 +707,16 @@ mod tests {
     use std::net::SocketAddr;
     use std::str::FromStr;
     use std::time::{SystemTime, UNIX_EPOCH};
-    
-    use tokio::io::{AsyncReadExt, AsyncWriteExt};
+    use serial_test::serial;
+
     use tokio::join;
     use tokio::net::{TcpListener, TcpSocket, TcpStream};
     use x25519_dalek::{PublicKey, StaticSecret};
 
     #[tokio::test]
+    #[serial]
     pub async fn stream_test() {
-        simple_logger::init().unwrap();
+        //simple_logger::init().unwrap();
 
         let tcp_listener = TcpListener::bind("0.0.0.0:36116").await.unwrap();
 
@@ -787,6 +788,82 @@ mod tests {
         let mut s: EpfServerUpgraded<TcpStream> =
             EpfServerUpgradable::upgrade(s, server_cert, server_private_key).await;
 
+        let server_handshake_accept_task = tokio::spawn(async move {
+            trace!("starting server handshake listener");
+            s.handshake(cert_pool_2).await.unwrap();
+            let mut upgraded = s.upgrade().await;
+            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42]);
+            upgraded.write(&[0x42, 0x42]).await.unwrap();
+        });
+
+        let client_handshake_send_task = tokio::spawn(async move {
+            trace!("starting client handshake sender");
+            c.handshake(cert_pool).await.unwrap();
+            let mut upgraded = EpfClientHandshaker::upgrade(c).await;
+            upgraded.write(&[0x42, 0x42]).await.unwrap();
+            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42]);
+        });
+
+        let (a, b) = join![server_handshake_accept_task, client_handshake_send_task];
+        a.unwrap();
+        b.unwrap();
+    }
+
+    #[tokio::test]
+    #[serial]
+    pub async fn stream_test_ephemeral() {
+        //simple_logger::init().unwrap();
+
+        let tcp_listener = TcpListener::bind("0.0.0.0:36117").await.unwrap();
+
+        let tcp_client_future = TcpSocket::new_v4()
+            .unwrap()
+            .connect(SocketAddr::from_str("127.0.0.1:36117").unwrap());
+
+        let (a, b) = join![tcp_listener.accept(), tcp_client_future];
+
+        let (s, _) = a.unwrap();
+        let c = b.unwrap();
+
+        let server_private_key = SigningKey::from([1u8; 32]);
+
+        let mut server_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Server Certificate".to_string(),
+                not_before: 0,
+                not_after: SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap()
+                    .as_secs()
+                    + 30,
+                public_key: server_private_key.verifying_key().to_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; 64],
+        };
+        server_cert.sign(&server_private_key).unwrap();
+
+        debug!(
+            "{}",
+            hex::encode(server_private_key.verifying_key().to_bytes())
+        );
+
+        let mut cert_pool = EpfCaPool::new();
+        let mut cert_pool_2 = EpfCaPool::new();
+        cert_pool.insert(&server_cert);
+
+        cert_pool_2.insert(&server_cert);
+
+        let mut c: EpfClientUpgraded<TcpStream> = EpfClientUpgradable::upgrade(
+            c,
+            ClientAuthentication::Ephemeral,
+        )
+            .await;
+        let mut s: EpfServerUpgraded<TcpStream> =
+            EpfServerUpgradable::upgrade(s, server_cert, server_private_key).await;
+
         let server_handshake_accept_task = tokio::spawn(async move {
             trace!("starting server handshake listener");
             s.handshake(cert_pool_2).await.unwrap();
diff --git a/libepf/src/pki.rs b/libepf/src/pki.rs
index 0cfd479..c9131a8 100644
--- a/libepf/src/pki.rs
+++ b/libepf/src/pki.rs
@@ -615,6 +615,74 @@ mod tests {
         ))
     }
 
+    #[test]
+    pub fn certificate_verification_fingerprint_does_not_match() {
+        let private_key = SigningKey::generate(&mut OsRng);
+        let public_key = private_key.verifying_key();
+
+        let mut fingerprint_does_not_match_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Fingerprint Non Matching".to_string(),
+                not_before: SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap()
+                    .as_secs()
+                    - 20,
+                not_after: SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap()
+                    .as_secs()
+                    + 30,
+                public_key: [0u8; 32],
+                issuer_public_key: *public_key.as_bytes(),
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+        fingerprint_does_not_match_cert.sign(&private_key).unwrap();
+
+        fingerprint_does_not_match_cert.fingerprint = "0".to_string();
+
+        let ca_pool = EpfCaPool::new();
+
+        assert!(matches!(fingerprint_does_not_match_cert.verify(&ca_pool).unwrap_err(), EpfPkiCertificateValidationError::FingerprintDoesNotMatch { .. }));
+    }
+
+    #[test]
+    pub fn certificate_verification_invalid_signature() {
+        let private_key = SigningKey::generate(&mut OsRng);
+        let public_key = private_key.verifying_key();
+
+        let mut fingerprint_does_not_match_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Fingerprint Non Matching".to_string(),
+                not_before: SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap()
+                    .as_secs()
+                    - 20,
+                not_after: SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap()
+                    .as_secs()
+                    + 30,
+                public_key: [0u8; 32],
+                issuer_public_key: *public_key.as_bytes(),
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+        fingerprint_does_not_match_cert.sign(&private_key).unwrap();
+
+        fingerprint_does_not_match_cert.signature = [0u8; 64];
+
+        let ca_pool = EpfCaPool::new();
+
+        assert!(matches!(fingerprint_does_not_match_cert.verify(&ca_pool).unwrap_err(), EpfPkiCertificateValidationError::InvalidSignature { .. }));
+    }
+
     #[test]
     pub fn certificate_verification_not_valid_yet() {
         let not_yet_valid_cert = EPFCertificate {
diff --git a/tarpaulin-report.html b/tarpaulin-report.html
index ca50d5b..f202f48 100644
--- a/tarpaulin-report.html
+++ b/tarpaulin-report.html
@@ -107,8 +107,8 @@
 <body>
     <div id="root"></div>
     <script>
-        var data = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","ca_pool.rs"],"content":"use std::collections::HashMap;\nuse crate::pki::{EPFCertificate, EpfPublicKey};\n\npub struct EpfCaPool {\n    pub ca_lookup_table: HashMap\u003cEpfPublicKey, EPFCertificate\u003e\n}\n\npub trait EpfCaPoolOps {\n    fn new() -\u003e Self;\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e;\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate);\n}\n\nimpl EpfCaPoolOps for EpfCaPool {\n    fn new() -\u003e Self {\n        Self {\n            ca_lookup_table: HashMap::new()\n        }\n    }\n\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e {\n        self.ca_lookup_table.get(public_key)\n    }\n\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate) {\n        self.ca_lookup_table.insert(cert.details.public_key, cert.clone());\n    }\n}","traces":[{"line":15,"address":[647856],"length":1,"stats":{"Line":3},"fn_name":"new"},{"line":17,"address":[647870],"length":1,"stats":{"Line":2},"fn_name":null},{"line":21,"address":[647920],"length":1,"stats":{"Line":1},"fn_name":"get_ca"},{"line":22,"address":[647934],"length":1,"stats":{"Line":1},"fn_name":null},{"line":25,"address":[647952],"length":1,"stats":{"Line":1},"fn_name":"insert"},{"line":26,"address":[647979],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":6,"coverable":6},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod pki;\npub mod util;\npub mod ca_pool;","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use std::collections::HashMap;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse std::time::{SystemTime, UNIX_EPOCH};\nuse ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\nuse sha2::{Digest, Sha256};\nuse crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\nuse crate::util::{pretty_print_date, u64_to_st};\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub const EPFPKI_SELF_SIGNED_CERTIFICATE: \u0026str = \"0000000000000000000000000000000000000000000000000000000000000000\";\n\npub type EpfPublicKey = [u8; 32];\npub type EpfPrivateKey = [u8; 64];\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub claims: HashMap\u003cString, String\u003e\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e where Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized;\n}\n\npub fn fingerprint(cert: \u0026EPFCertificateDetails) -\u003e Result\u003cString, rmp_serde::encode::Error\u003e {\n    let cert_bytes = rmp_serde::to_vec(cert)?;\n    let mut hasher = Sha256::new();\n    hasher.update(cert_bytes);\n    let hash = hasher.finalize();\n    Ok(hex::encode(hash))\n}\n\nfn load_signing_key(b: \u0026[u8; 64]) -\u003e Result\u003cSigningKey, SignatureError\u003e {\n    SigningKey::from_keypair_bytes(b)\n}\n\n#[derive(Debug)]\npub enum EpfPkiCertificateValidationError {\n    NoLongerValid { expired_at: SystemTime },\n    NotValidYet { valid_at: SystemTime },\n    InvalidCertificateData { e: rmp_serde::encode::Error },\n    FingerprintDoesNotMatch { expected: String, got: String },\n    InvalidSignature { e: SignatureError },\n    ExpiresAfterSigner,\n    ValidAfterSigner\n}\n\nimpl Display for EpfPkiCertificateValidationError {\n    #[cfg_attr(tarpaulin, ignore)]\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfPkiCertificateValidationError::NoLongerValid { expired_at } =\u003e write!(f, \"Certificate no longer valid (expired at {})\", pretty_print_date(expired_at)),\n            EpfPkiCertificateValidationError::NotValidYet { valid_at } =\u003e write!(f, \"Certificate not valid yet (valid at {})\", pretty_print_date(valid_at)),\n            EpfPkiCertificateValidationError::InvalidCertificateData { e } =\u003e write!(f, \"Unable to serialize cert data: {}\", e),\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } =\u003e write!(f, \"Fingerprint mismatch (expected {}, got {})\", expected, got),\n            EpfPkiCertificateValidationError::InvalidSignature { e } =\u003e write!(f, \"Certificate validation error: {}\", e),\n            EpfPkiCertificateValidationError::ExpiresAfterSigner =\u003e write!(f, \"Certificate expires after it's signing certificate\"),\n            EpfPkiCertificateValidationError::ValidAfterSigner =\u003e write!(f, \"Certificate is valid longer than it's signing certificate\")\n        }\n    }\n}\n\npub trait EpfPkiCertificateOps {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e;\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n}\nimpl EpfPkiCertificateOps for EPFCertificate {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e {\n        self.fingerprint = fingerprint(\u0026self.details)?;\n        Ok(())\n    }\n\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        self.recalculate_fingerprint()?;\n\n        let signing_key = load_signing_key(private_key)?;\n        self.details.issuer_public_key = *signing_key.verifying_key().as_bytes();\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)?;\n\n        let signature = signing_key.sign(\u0026cert_data_bytes).to_vec();\n\n        self.signature = signature.try_into().unwrap();\n\n        self.recalculate_fingerprint()?;\n\n        Ok(())\n    }\n\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        // Is it expired\n        if u64_to_st(self.details.not_after) \u003c time {\n            return Err(EpfPkiCertificateValidationError::NoLongerValid {expired_at: u64_to_st(self.details.not_after)})\n        }\n\n        // Is it valid yet\n        if u64_to_st(self.details.not_before) \u003e time {\n            return Err(EpfPkiCertificateValidationError::NotValidYet {valid_at: u64_to_st(self.details.not_before)})\n        }\n\n        let fingerprint_on_cert = fingerprint(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        // Does the fingerprint match\n        if fingerprint_on_cert != self.fingerprint {\n            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: self.fingerprint.clone(), got: fingerprint_on_cert})\n        }\n\n        // Does the signature match\n        let signature = Signature::from_slice(\u0026self.signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        let is_self_signed;\n\n        println!(\"{}: {:?} {:?}\", self.details.name, self.details.issuer_public_key, self.details.public_key);\n\n        let verifying_key = if self.details.issuer_public_key == self.details.public_key {\n            // self-signed certificate\n            is_self_signed = true;\n            VerifyingKey::from_bytes(\u0026self.details.public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        } else {\n            is_self_signed = false;\n            VerifyingKey::from_bytes(\u0026self.details.issuer_public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        };\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        verifying_key.verify(\u0026cert_data_bytes, \u0026signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        // Signature OK\n\n        // Is the signer trusted?\n        let ca_cert = if is_self_signed {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        } else {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.issuer_public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        };\n        // Yes.\n        // Make sure this cert wasnt valid before the CA\n        if ca_cert.details.not_after \u003c self.details.not_after {\n            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        }\n        // Make sure this cert isnt valid after the root\n        if ca_cert.details.not_before \u003e self.details.not_before {\n            return Err(EpfPkiCertificateValidationError::ValidAfterSigner)\n        }\n\n        // Cert OK\n\n        Ok(true)\n    }\n\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        self.verify_with_time(SystemTime::now(), ca_pool)\n    }\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(f, \"\\t\\tNot Before: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_before)))?;\n        writeln!(f, \"\\t\\tNot After: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_after)))?;\n        writeln!(f, \"\\t\\tPublic Key: {}\", hex::encode(self.details.public_key))?;\n        writeln!(f, \"\\t\\tIssuer Fingerprint: {}\", hex::encode(self.details.issuer_public_key))?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use std::collections::HashMap;\n    use std::time::{SystemTime, UNIX_EPOCH};\n    use ed25519_dalek::{SignatureError, SigningKey};\n    use rand::rngs::OsRng;\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiCertificateOps, EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(EPFCertificate::from_bytes(\u0026cert_bytes()).unwrap(), cert())\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(([0u8; 32]).as_bytes().unwrap(), [0u8; 32].to_vec())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(([0u8; 32]).as_pem().unwrap(), null_public_key_pem())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        assert_eq!(([0u8; 64]).as_bytes().unwrap(), [0u8; 64].to_vec())\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        assert_eq!(EpfPrivateKey::from_bytes(\u0026[0u8; 64]).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        assert_eq!(([0u8; 64]).as_pem().unwrap(), null_private_key_pem())\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_private_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    pub fn cert_fingerprinting() {\n        let mut cert = cert();\n        cert.recalculate_fingerprint().unwrap();\n        assert_eq!(cert.fingerprint, \"922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf\");\n    }\n\n    #[test]\n    pub fn cert_validation() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        println!(\"{}\", ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).is_err());\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), false);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), true);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert_eq!(not_ca_cert.verify(\u0026ca_pool).unwrap(), true);\n    }\n\n    #[test]\n    pub fn certificate_verification_expired() {\n        let expired_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Expired\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs(),\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() -20,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(expired_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NoLongerValid { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_valid_yet() {\n        let not_yet_valid_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Yet Valid\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(not_yet_valid_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NotValidYet { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_trusted() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut not_trusted_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Trusted\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        not_trusted_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert_eq!(not_trusted_cert.verify(\u0026ca_pool).unwrap(), false);\n    }\n\n    #[test]\n    pub fn cert_validation_expires_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 120,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ExpiresAfterSigner));\n    }\n\n    #[test]\n    pub fn cert_validation_valid_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 200,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 10,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ValidAfterSigner));\n    }\n\n    #[test]\n    pub fn verifying_error_display() {\n        println!(\"{}\", EpfPkiCertificateValidationError::NoLongerValid { expired_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::NotValidYet { valid_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidCertificateData { e: rmp_serde::encode::Error::UnknownLength});\n        println!(\"{}\", EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: \"\".to_string(), got: \"\".to_string() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidSignature { e: SignatureError::new() });\n        println!(\"{}\", EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        println!(\"{}\", EpfPkiCertificateValidationError::ValidAfterSigner);\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                claims: HashMap::new()\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119, 65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n}","traces":[{"line":52,"address":[653072,653727,653758],"length":1,"stats":{"Line":3},"fn_name":"fingerprint"},{"line":53,"address":[653096,653234],"length":1,"stats":{"Line":1},"fn_name":null},{"line":54,"address":[653220],"length":1,"stats":{"Line":1},"fn_name":null},{"line":55,"address":[653420],"length":1,"stats":{"Line":3},"fn_name":null},{"line":56,"address":[653477],"length":1,"stats":{"Line":1},"fn_name":null},{"line":57,"address":[653612],"length":1,"stats":{"Line":3},"fn_name":null},{"line":60,"address":[653776],"length":1,"stats":{"Line":2},"fn_name":"load_signing_key"},{"line":61,"address":[653793],"length":1,"stats":{"Line":2},"fn_name":null},{"line":77,"address":[654715,653808],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":78,"address":[653841],"length":1,"stats":{"Line":1},"fn_name":null},{"line":79,"address":[654741,653877],"length":1,"stats":{"Line":1},"fn_name":null},{"line":80,"address":[654547,653941],"length":1,"stats":{"Line":1},"fn_name":null},{"line":81,"address":[654005],"length":1,"stats":{"Line":1},"fn_name":null},{"line":82,"address":[654118],"length":1,"stats":{"Line":1},"fn_name":null},{"line":83,"address":[654299],"length":1,"stats":{"Line":1},"fn_name":null},{"line":84,"address":[654404],"length":1,"stats":{"Line":1},"fn_name":null},{"line":85,"address":[654468],"length":1,"stats":{"Line":1},"fn_name":null},{"line":97,"address":[655255,654912],"length":1,"stats":{"Line":2},"fn_name":"recalculate_fingerprint"},{"line":98,"address":[654942,655231,655302],"length":1,"stats":{"Line":2},"fn_name":null},{"line":99,"address":[655338],"length":1,"stats":{"Line":3},"fn_name":null},{"line":102,"address":[655360,656716,656686],"length":1,"stats":{"Line":1},"fn_name":"sign"},{"line":103,"address":[655515,655399],"length":1,"stats":{"Line":1},"fn_name":null},{"line":105,"address":[655726,655627,655464],"length":1,"stats":{"Line":3},"fn_name":null},{"line":106,"address":[655707,655837],"length":1,"stats":{"Line":4},"fn_name":null},{"line":108,"address":[656073,655921],"length":1,"stats":{"Line":2},"fn_name":null},{"line":110,"address":[656041,656262],"length":1,"stats":{"Line":4},"fn_name":null},{"line":112,"address":[656316],"length":1,"stats":{"Line":2},"fn_name":null},{"line":114,"address":[656548,656461],"length":1,"stats":{"Line":1},"fn_name":null},{"line":116,"address":[656517],"length":1,"stats":{"Line":1},"fn_name":null},{"line":119,"address":[656736,660012,660277],"length":1,"stats":{"Line":1},"fn_name":"verify_with_time"},{"line":121,"address":[656812],"length":1,"stats":{"Line":1},"fn_name":null},{"line":122,"address":[656946],"length":1,"stats":{"Line":1},"fn_name":null},{"line":126,"address":[656880],"length":1,"stats":{"Line":1},"fn_name":null},{"line":127,"address":[657133],"length":1,"stats":{"Line":1},"fn_name":null},{"line":130,"address":[388555,388544],"length":1,"stats":{"Line":2},"fn_name":"{closure#0}"},{"line":133,"address":[657283,657453],"length":1,"stats":{"Line":4},"fn_name":null},{"line":134,"address":[657502],"length":1,"stats":{"Line":1},"fn_name":null},{"line":138,"address":[388699,388672],"length":1,"stats":{"Line":3},"fn_name":"{closure#1}"},{"line":142,"address":[658163,657941],"length":1,"stats":{"Line":2},"fn_name":null},{"line":144,"address":[658601,658379,658912],"length":1,"stats":{"Line":3},"fn_name":null},{"line":146,"address":[658461],"length":1,"stats":{"Line":1},"fn_name":null},{"line":147,"address":[388795,388768],"length":1,"stats":{"Line":1},"fn_name":"{closure#2}"},{"line":149,"address":[658423],"length":1,"stats":{"Line":1},"fn_name":null},{"line":150,"address":[388864,388891],"length":1,"stats":{"Line":2},"fn_name":"{closure#3}"},{"line":153,"address":[388971,388960],"length":1,"stats":{"Line":2},"fn_name":"{closure#4}"},{"line":155,"address":[389088,389109],"length":1,"stats":{"Line":2},"fn_name":"{closure#5}"},{"line":160,"address":[659572,659904,660047],"length":1,"stats":{"Line":4},"fn_name":null},{"line":161,"address":[659824],"length":1,"stats":{"Line":1},"fn_name":null},{"line":162,"address":[659896],"length":1,"stats":{"Line":1},"fn_name":null},{"line":164,"address":[659914],"length":1,"stats":{"Line":1},"fn_name":null},{"line":167,"address":[659789,659973,660023],"length":1,"stats":{"Line":4},"fn_name":null},{"line":170,"address":[660057],"length":1,"stats":{"Line":1},"fn_name":null},{"line":175,"address":[659938],"length":1,"stats":{"Line":2},"fn_name":null},{"line":176,"address":[660115],"length":1,"stats":{"Line":1},"fn_name":null},{"line":179,"address":[660081],"length":1,"stats":{"Line":1},"fn_name":null},{"line":180,"address":[660196],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[660158],"length":1,"stats":{"Line":1},"fn_name":null},{"line":188,"address":[660304],"length":1,"stats":{"Line":1},"fn_name":"verify"},{"line":189,"address":[660337],"length":1,"stats":{"Line":1},"fn_name":null},{"line":195,"address":[660384,661348],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":196,"address":[660423,660630],"length":1,"stats":{"Line":1},"fn_name":null},{"line":197,"address":[660818,660524],"length":1,"stats":{"Line":2},"fn_name":null},{"line":198,"address":[660680,660944],"length":1,"stats":{"Line":1},"fn_name":null},{"line":199,"address":[660971,661294,660853],"length":1,"stats":{"Line":2},"fn_name":null},{"line":200,"address":[661673,661212,661374],"length":1,"stats":{"Line":2},"fn_name":null},{"line":201,"address":[661727,662026,661597],"length":1,"stats":{"Line":2},"fn_name":null},{"line":202,"address":[662398,661950,662080],"length":1,"stats":{"Line":2},"fn_name":null},{"line":203,"address":[662597,662292],"length":1,"stats":{"Line":2},"fn_name":null},{"line":204,"address":[662731,662460],"length":1,"stats":{"Line":2},"fn_name":null},{"line":205,"address":[662632,663043,662758],"length":1,"stats":{"Line":2},"fn_name":null},{"line":206,"address":[662970],"length":1,"stats":{"Line":2},"fn_name":null},{"line":213,"address":[663104],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":214,"address":[663121],"length":1,"stats":{"Line":1},"fn_name":null},{"line":217,"address":[663136],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":221,"address":[663184,663760,663733],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":222,"address":[663608,663671,663209],"length":1,"stats":{"Line":3},"fn_name":null},{"line":225,"address":[664441,663776],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":226,"address":[663809,664057],"length":1,"stats":{"Line":2},"fn_name":null},{"line":227,"address":[664028,664202],"length":1,"stats":{"Line":4},"fn_name":null},{"line":228,"address":[664284],"length":1,"stats":{"Line":1},"fn_name":null},{"line":230,"address":[664467,664258,664563,664380],"length":1,"stats":{"Line":3},"fn_name":null},{"line":237,"address":[664720],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":238,"address":[664739],"length":1,"stats":{"Line":1},"fn_name":null},{"line":241,"address":[664816],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":242,"address":[389152,389168],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":245,"address":[665504,664928,665477],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":246,"address":[664953,665415,665352],"length":1,"stats":{"Line":3},"fn_name":null},{"line":249,"address":[666170,665520],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":250,"address":[665553,665801],"length":1,"stats":{"Line":2},"fn_name":null},{"line":251,"address":[665772,665946],"length":1,"stats":{"Line":4},"fn_name":null},{"line":252,"address":[666028],"length":1,"stats":{"Line":1},"fn_name":null},{"line":254,"address":[666201,666002,666117,666401],"length":1,"stats":{"Line":3},"fn_name":null},{"line":261,"address":[666544],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":262,"address":[666563],"length":1,"stats":{"Line":1},"fn_name":null},{"line":265,"address":[666640],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":266,"address":[389184,389200],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":269,"address":[667328,666752,667301],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":270,"address":[667239,666777,667176],"length":1,"stats":{"Line":3},"fn_name":null},{"line":273,"address":[667994,667344],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":274,"address":[667377,667625],"length":1,"stats":{"Line":2},"fn_name":null},{"line":275,"address":[667596,667770],"length":1,"stats":{"Line":4},"fn_name":null},{"line":276,"address":[667852],"length":1,"stats":{"Line":1},"fn_name":null},{"line":278,"address":[668132,667941,668020,667826],"length":1,"stats":{"Line":3},"fn_name":null}],"covered":103,"coverable":103},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","util.rs"],"content":"use std::ops::Add;\nuse std::time::{Duration, SystemTime};\nuse chrono::{DateTime, Utc};\n\npub fn pretty_print_date(date: \u0026SystemTime) -\u003e String {\n    let datetime: DateTime\u003cUtc\u003e = (*date).into();\n    datetime.format(\"%Y-%m-%dT%H:%M:%S%.f%:z\").to_string()\n}\n\npub fn u64_to_st(unix: u64) -\u003e SystemTime {\n    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))\n}","traces":[{"line":5,"address":[368112,368267],"length":1,"stats":{"Line":2},"fn_name":"pretty_print_date"},{"line":6,"address":[368140],"length":1,"stats":{"Line":2},"fn_name":null},{"line":7,"address":[368166],"length":1,"stats":{"Line":2},"fn_name":null},{"line":10,"address":[368304],"length":1,"stats":{"Line":1},"fn_name":"u64_to_st"},{"line":11,"address":[368313],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":5,"coverable":5}]};
-        var previousData = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","ca_pool.rs"],"content":"use std::collections::HashMap;\nuse crate::pki::{EPFCertificate, EpfPublicKey};\n\npub struct EpfCaPool {\n    pub ca_lookup_table: HashMap\u003cEpfPublicKey, EPFCertificate\u003e\n}\n\npub trait EpfCaPoolOps {\n    fn new() -\u003e Self;\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e;\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate);\n}\n\nimpl EpfCaPoolOps for EpfCaPool {\n    fn new() -\u003e Self {\n        Self {\n            ca_lookup_table: HashMap::new()\n        }\n    }\n\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e {\n        self.ca_lookup_table.get(public_key)\n    }\n\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate) {\n        self.ca_lookup_table.insert(cert.details.public_key, cert.clone());\n    }\n}","traces":[{"line":15,"address":[647728],"length":1,"stats":{"Line":4},"fn_name":"new"},{"line":17,"address":[647742],"length":1,"stats":{"Line":3},"fn_name":null},{"line":21,"address":[647792],"length":1,"stats":{"Line":4},"fn_name":"get_ca"},{"line":22,"address":[647806],"length":1,"stats":{"Line":4},"fn_name":null},{"line":25,"address":[647824],"length":1,"stats":{"Line":2},"fn_name":"insert"},{"line":26,"address":[647851],"length":1,"stats":{"Line":2},"fn_name":null}],"covered":6,"coverable":6},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod pki;\npub mod util;\npub mod ca_pool;","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use std::collections::HashMap;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse std::time::{SystemTime, UNIX_EPOCH};\nuse ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\nuse sha2::{Digest, Sha256};\nuse crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\nuse crate::util::{pretty_print_date, u64_to_st};\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub const EPFPKI_SELF_SIGNED_CERTIFICATE: \u0026str = \"0000000000000000000000000000000000000000000000000000000000000000\";\n\npub type EpfPublicKey = [u8; 32];\npub type EpfPrivateKey = [u8; 64];\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub claims: HashMap\u003cString, String\u003e\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e where Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized;\n}\n\npub fn fingerprint(cert: \u0026EPFCertificateDetails) -\u003e Result\u003cString, rmp_serde::encode::Error\u003e {\n    let cert_bytes = rmp_serde::to_vec(cert)?;\n    let mut hasher = Sha256::new();\n    hasher.update(cert_bytes);\n    let hash = hasher.finalize();\n    Ok(hex::encode(hash))\n}\n\nfn load_signing_key(b: \u0026[u8; 64]) -\u003e Result\u003cSigningKey, SignatureError\u003e {\n    SigningKey::from_keypair_bytes(b)\n}\n\n#[derive(Debug)]\npub enum EpfPkiCertificateValidationError {\n    NoLongerValid { expired_at: SystemTime },\n    NotValidYet { valid_at: SystemTime },\n    InvalidCertificateData { e: rmp_serde::encode::Error },\n    FingerprintDoesNotMatch { expected: String, got: String },\n    InvalidSignature { e: SignatureError },\n    ExpiresAfterSigner,\n    ValidAfterSigner\n}\n\nimpl Display for EpfPkiCertificateValidationError {\n    #[cfg_attr(tarpaulin, ignore)]\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfPkiCertificateValidationError::NoLongerValid { expired_at } =\u003e write!(f, \"Certificate no longer valid (expired at {})\", pretty_print_date(expired_at)),\n            EpfPkiCertificateValidationError::NotValidYet { valid_at } =\u003e write!(f, \"Certificate not valid yet (valid at {})\", pretty_print_date(valid_at)),\n            EpfPkiCertificateValidationError::InvalidCertificateData { e } =\u003e write!(f, \"Unable to serialize cert data: {}\", e),\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } =\u003e write!(f, \"Fingerprint mismatch (expected {}, got {})\", expected, got),\n            EpfPkiCertificateValidationError::InvalidSignature { e } =\u003e write!(f, \"Certificate validation error: {}\", e),\n            EpfPkiCertificateValidationError::ExpiresAfterSigner =\u003e write!(f, \"Certificate expires after it's signing certificate\"),\n            EpfPkiCertificateValidationError::ValidAfterSigner =\u003e write!(f, \"Certificate is valid longer than it's signing certificate\")\n        }\n    }\n}\n\npub trait EpfPkiCertificateOps {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e;\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n}\nimpl EpfPkiCertificateOps for EPFCertificate {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e {\n        self.fingerprint = fingerprint(\u0026self.details)?;\n        Ok(())\n    }\n\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        self.recalculate_fingerprint()?;\n\n        let signing_key = load_signing_key(private_key)?;\n        self.details.issuer_public_key = *signing_key.verifying_key().as_bytes();\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)?;\n\n        let signature = signing_key.sign(\u0026cert_data_bytes).to_vec();\n\n        self.signature = signature.try_into().unwrap();\n\n        self.recalculate_fingerprint()?;\n\n        Ok(())\n    }\n\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        // Is it expired\n        if u64_to_st(self.details.not_after) \u003c time {\n            return Err(EpfPkiCertificateValidationError::NoLongerValid {expired_at: u64_to_st(self.details.not_after)})\n        }\n\n        // Is it valid yet\n        if u64_to_st(self.details.not_before) \u003e time {\n            return Err(EpfPkiCertificateValidationError::NotValidYet {valid_at: u64_to_st(self.details.not_before)})\n        }\n\n        let fingerprint_on_cert = fingerprint(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        // Does the fingerprint match\n        if fingerprint_on_cert != self.fingerprint {\n            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: self.fingerprint.clone(), got: fingerprint_on_cert})\n        }\n\n        // Does the signature match\n        let signature = Signature::from_slice(\u0026self.signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        let is_self_signed;\n\n        println!(\"{}: {:?} {:?}\", self.details.name, self.details.issuer_public_key, self.details.public_key);\n\n        let verifying_key = if self.details.issuer_public_key == self.details.public_key {\n            // self-signed certificate\n            is_self_signed = true;\n            VerifyingKey::from_bytes(\u0026self.details.public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        } else {\n            is_self_signed = false;\n            VerifyingKey::from_bytes(\u0026self.details.issuer_public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        };\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        verifying_key.verify(\u0026cert_data_bytes, \u0026signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        // Signature OK\n\n        // Is the signer trusted?\n        let ca_cert = if is_self_signed {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        } else {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.issuer_public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        };\n        // Yes.\n        // Make sure this cert wasnt valid before the CA\n        if ca_cert.details.not_after \u003c self.details.not_after {\n            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        }\n        // Make sure this cert isnt valid after the root\n        if ca_cert.details.not_before \u003e self.details.not_before {\n            return Err(EpfPkiCertificateValidationError::ValidAfterSigner)\n        }\n\n        // Cert OK\n\n        Ok(true)\n    }\n\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        self.verify_with_time(SystemTime::now(), ca_pool)\n    }\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(f, \"\\t\\tNot Before: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_before)))?;\n        writeln!(f, \"\\t\\tNot After: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_after)))?;\n        writeln!(f, \"\\t\\tPublic Key: {}\", hex::encode(self.details.public_key))?;\n        writeln!(f, \"\\t\\tIssuer Fingerprint: {}\", hex::encode(self.details.issuer_public_key))?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use std::collections::HashMap;\n    use std::time::{SystemTime, UNIX_EPOCH};\n    use ed25519_dalek::{SignatureError, SigningKey};\n    use rand::rngs::OsRng;\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiCertificateOps, EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(EPFCertificate::from_bytes(\u0026cert_bytes()).unwrap(), cert())\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(([0u8; 32]).as_bytes().unwrap(), [0u8; 32].to_vec())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(([0u8; 32]).as_pem().unwrap(), null_public_key_pem())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        assert_eq!(([0u8; 64]).as_bytes().unwrap(), [0u8; 64].to_vec())\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        assert_eq!(EpfPrivateKey::from_bytes(\u0026[0u8; 64]).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        assert_eq!(([0u8; 64]).as_pem().unwrap(), null_private_key_pem())\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_private_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    pub fn cert_fingerprinting() {\n        let mut cert = cert();\n        cert.recalculate_fingerprint().unwrap();\n        assert_eq!(cert.fingerprint, \"922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf\");\n    }\n\n    #[test]\n    pub fn cert_validation() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        println!(\"{}\", ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).is_err());\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), false);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), true);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert_eq!(not_ca_cert.verify(\u0026ca_pool).unwrap(), true);\n    }\n\n    #[test]\n    pub fn certificate_verification_expired() {\n        let expired_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Expired\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs(),\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() -20,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(expired_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NoLongerValid { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_valid_yet() {\n        let not_yet_valid_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Yet Valid\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(not_yet_valid_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NotValidYet { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_trusted() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut not_trusted_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Trusted\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        not_trusted_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert_eq!(not_trusted_cert.verify(\u0026ca_pool).unwrap(), false);\n    }\n\n    #[test]\n    pub fn cert_validation_expires_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 120,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ExpiresAfterSigner));\n    }\n\n    #[test]\n    pub fn cert_validation_valid_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 200,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 10,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ValidAfterSigner));\n    }\n\n    #[test]\n    pub fn verifying_error_display() {\n        println!(\"{}\", EpfPkiCertificateValidationError::NoLongerValid { expired_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::NotValidYet { valid_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidCertificateData { e: rmp_serde::encode::Error::UnknownLength});\n        println!(\"{}\", EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: \"\".to_string(), got: \"\".to_string() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidSignature { e: SignatureError::new() });\n        println!(\"{}\", EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        println!(\"{}\", EpfPkiCertificateValidationError::ValidAfterSigner);\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                claims: HashMap::new()\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119, 65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n}","traces":[{"line":52,"address":[653630,652944,653599],"length":1,"stats":{"Line":3},"fn_name":"fingerprint"},{"line":53,"address":[652968,653106],"length":1,"stats":{"Line":1},"fn_name":null},{"line":54,"address":[653092],"length":1,"stats":{"Line":3},"fn_name":null},{"line":55,"address":[653292],"length":1,"stats":{"Line":4},"fn_name":null},{"line":56,"address":[653349],"length":1,"stats":{"Line":1},"fn_name":null},{"line":57,"address":[653484],"length":1,"stats":{"Line":3},"fn_name":null},{"line":60,"address":[653648],"length":1,"stats":{"Line":3},"fn_name":"load_signing_key"},{"line":61,"address":[653665],"length":1,"stats":{"Line":3},"fn_name":null},{"line":77,"address":[654587,653680],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":78,"address":[653713],"length":1,"stats":{"Line":1},"fn_name":null},{"line":79,"address":[654613,653749],"length":1,"stats":{"Line":1},"fn_name":null},{"line":80,"address":[653813,654419],"length":1,"stats":{"Line":1},"fn_name":null},{"line":81,"address":[653877],"length":1,"stats":{"Line":1},"fn_name":null},{"line":82,"address":[653990],"length":1,"stats":{"Line":1},"fn_name":null},{"line":83,"address":[654171],"length":1,"stats":{"Line":1},"fn_name":null},{"line":84,"address":[654276],"length":1,"stats":{"Line":1},"fn_name":null},{"line":85,"address":[654340],"length":1,"stats":{"Line":1},"fn_name":null},{"line":97,"address":[655127,654784],"length":1,"stats":{"Line":2},"fn_name":"recalculate_fingerprint"},{"line":98,"address":[655174,655103,654814],"length":1,"stats":{"Line":2},"fn_name":null},{"line":99,"address":[655210],"length":1,"stats":{"Line":4},"fn_name":null},{"line":102,"address":[656588,655232,656558],"length":1,"stats":{"Line":1},"fn_name":"sign"},{"line":103,"address":[655387,655271],"length":1,"stats":{"Line":1},"fn_name":null},{"line":105,"address":[655598,655336,655499],"length":1,"stats":{"Line":4},"fn_name":null},{"line":106,"address":[655709,655579],"length":1,"stats":{"Line":6},"fn_name":null},{"line":108,"address":[655793,655945],"length":1,"stats":{"Line":3},"fn_name":null},{"line":110,"address":[656134,655913],"length":1,"stats":{"Line":6},"fn_name":null},{"line":112,"address":[656188],"length":1,"stats":{"Line":3},"fn_name":null},{"line":114,"address":[656333,656420],"length":1,"stats":{"Line":3},"fn_name":null},{"line":116,"address":[656389],"length":1,"stats":{"Line":3},"fn_name":null},{"line":119,"address":[656608,659884,660149],"length":1,"stats":{"Line":1},"fn_name":"verify_with_time"},{"line":121,"address":[656684],"length":1,"stats":{"Line":1},"fn_name":null},{"line":122,"address":[656818],"length":1,"stats":{"Line":1},"fn_name":null},{"line":126,"address":[656752],"length":1,"stats":{"Line":1},"fn_name":null},{"line":127,"address":[657005],"length":1,"stats":{"Line":1},"fn_name":null},{"line":130,"address":[388544,388555],"length":1,"stats":{"Line":4},"fn_name":"{closure#0}"},{"line":133,"address":[657155,657325],"length":1,"stats":{"Line":8},"fn_name":null},{"line":134,"address":[657374],"length":1,"stats":{"Line":3},"fn_name":null},{"line":138,"address":[388699,388672],"length":1,"stats":{"Line":5},"fn_name":"{closure#1}"},{"line":142,"address":[658035,657813],"length":1,"stats":{"Line":8},"fn_name":null},{"line":144,"address":[658473,658251,658784],"length":1,"stats":{"Line":8},"fn_name":null},{"line":146,"address":[658333],"length":1,"stats":{"Line":1},"fn_name":null},{"line":147,"address":[388795,388768],"length":1,"stats":{"Line":1},"fn_name":"{closure#2}"},{"line":149,"address":[658295],"length":1,"stats":{"Line":3},"fn_name":null},{"line":150,"address":[388864,388891],"length":1,"stats":{"Line":6},"fn_name":"{closure#3}"},{"line":153,"address":[388960,388971],"length":1,"stats":{"Line":5},"fn_name":"{closure#4}"},{"line":155,"address":[389109,389088],"length":1,"stats":{"Line":8},"fn_name":"{closure#5}"},{"line":160,"address":[659776,659919,659444],"length":1,"stats":{"Line":7},"fn_name":null},{"line":161,"address":[659696],"length":1,"stats":{"Line":1},"fn_name":null},{"line":162,"address":[659768],"length":1,"stats":{"Line":1},"fn_name":null},{"line":164,"address":[659786],"length":1,"stats":{"Line":1},"fn_name":null},{"line":167,"address":[659895,659845,659661],"length":1,"stats":{"Line":8},"fn_name":null},{"line":170,"address":[659929],"length":1,"stats":{"Line":1},"fn_name":null},{"line":175,"address":[659810],"length":1,"stats":{"Line":2},"fn_name":null},{"line":176,"address":[659987],"length":1,"stats":{"Line":1},"fn_name":null},{"line":179,"address":[659953],"length":1,"stats":{"Line":1},"fn_name":null},{"line":180,"address":[660068],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[660030],"length":1,"stats":{"Line":1},"fn_name":null},{"line":188,"address":[660176],"length":1,"stats":{"Line":1},"fn_name":"verify"},{"line":189,"address":[660209],"length":1,"stats":{"Line":1},"fn_name":null},{"line":195,"address":[660256,661220],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":196,"address":[660502,660295],"length":1,"stats":{"Line":1},"fn_name":null},{"line":197,"address":[660690,660396],"length":1,"stats":{"Line":1},"fn_name":null},{"line":198,"address":[660552,660816],"length":1,"stats":{"Line":1},"fn_name":null},{"line":199,"address":[660725,661166,660843],"length":1,"stats":{"Line":2},"fn_name":null},{"line":200,"address":[661545,661084,661246],"length":1,"stats":{"Line":1},"fn_name":null},{"line":201,"address":[661469,661599,661898],"length":1,"stats":{"Line":1},"fn_name":null},{"line":202,"address":[662270,661952,661822],"length":1,"stats":{"Line":1},"fn_name":null},{"line":203,"address":[662164,662469],"length":1,"stats":{"Line":1},"fn_name":null},{"line":204,"address":[662603,662332],"length":1,"stats":{"Line":1},"fn_name":null},{"line":205,"address":[662630,662915,662504],"length":1,"stats":{"Line":1},"fn_name":null},{"line":206,"address":[662842],"length":1,"stats":{"Line":1},"fn_name":null},{"line":213,"address":[662976],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":214,"address":[662993],"length":1,"stats":{"Line":1},"fn_name":null},{"line":217,"address":[663008],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":221,"address":[663632,663056,663605],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":222,"address":[663081,663480,663543],"length":1,"stats":{"Line":3},"fn_name":null},{"line":225,"address":[664313,663648],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":226,"address":[663929,663681],"length":1,"stats":{"Line":2},"fn_name":null},{"line":227,"address":[663900,664074],"length":1,"stats":{"Line":4},"fn_name":null},{"line":228,"address":[664156],"length":1,"stats":{"Line":1},"fn_name":null},{"line":230,"address":[664130,664339,664252,664435],"length":1,"stats":{"Line":3},"fn_name":null},{"line":237,"address":[664592],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":238,"address":[664611],"length":1,"stats":{"Line":1},"fn_name":null},{"line":241,"address":[664688],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":242,"address":[389168,389152],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":245,"address":[665349,665376,664800],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":246,"address":[665224,664825,665287],"length":1,"stats":{"Line":3},"fn_name":null},{"line":249,"address":[666042,665392],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":250,"address":[665425,665673],"length":1,"stats":{"Line":2},"fn_name":null},{"line":251,"address":[665644,665818],"length":1,"stats":{"Line":4},"fn_name":null},{"line":252,"address":[665900],"length":1,"stats":{"Line":1},"fn_name":null},{"line":254,"address":[666273,666073,665874,665989],"length":1,"stats":{"Line":3},"fn_name":null},{"line":261,"address":[666416],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":262,"address":[666435],"length":1,"stats":{"Line":1},"fn_name":null},{"line":265,"address":[666512],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":266,"address":[389184,389200],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":269,"address":[666624,667200,667173],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":270,"address":[667111,667048,666649],"length":1,"stats":{"Line":3},"fn_name":null},{"line":273,"address":[667866,667216],"length":1,"stats":{"Line":1},"fn_name":"from_pem"},{"line":274,"address":[667249,667497],"length":1,"stats":{"Line":1},"fn_name":null},{"line":275,"address":[667468,667642],"length":1,"stats":{"Line":2},"fn_name":null},{"line":276,"address":[667724],"length":1,"stats":{"Line":0},"fn_name":null},{"line":278,"address":[668004,667698,667892,667813],"length":1,"stats":{"Line":3},"fn_name":null}],"covered":102,"coverable":103},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","util.rs"],"content":"use std::ops::Add;\nuse std::time::{Duration, SystemTime};\nuse chrono::{DateTime, Utc};\n\npub fn pretty_print_date(date: \u0026SystemTime) -\u003e String {\n    let datetime: DateTime\u003cUtc\u003e = (*date).into();\n    datetime.format(\"%Y-%m-%dT%H:%M:%S%.f%:z\").to_string()\n}\n\npub fn u64_to_st(unix: u64) -\u003e SystemTime {\n    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))\n}","traces":[{"line":5,"address":[368267,368112],"length":1,"stats":{"Line":1},"fn_name":"pretty_print_date"},{"line":6,"address":[368140],"length":1,"stats":{"Line":1},"fn_name":null},{"line":7,"address":[368166],"length":1,"stats":{"Line":1},"fn_name":null},{"line":10,"address":[368304],"length":1,"stats":{"Line":1},"fn_name":"u64_to_st"},{"line":11,"address":[368313],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":5,"coverable":5}]};
+        var data = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","ca_pool.rs"],"content":"use crate::pki::{EPFCertificate, EpfPkiSerializable, EpfPublicKey};\nuse crate::util::verifying_key;\n\nuse std::collections::HashMap;\nuse std::error::Error;\nuse std::ffi::OsStr;\nuse std::fmt::{Display, Formatter};\nuse std::fs;\n\npub struct EpfCaPool {\n    pub ca_lookup_table: HashMap\u003cEpfPublicKey, EPFCertificate\u003e,\n}\n\npub trait EpfCaPoolOps {\n    fn new() -\u003e Self;\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e;\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate);\n}\n\nimpl EpfCaPoolOps for EpfCaPool {\n    fn new() -\u003e Self {\n        Self {\n            ca_lookup_table: HashMap::new(),\n        }\n    }\n\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e {\n        self.ca_lookup_table.get(public_key)\n    }\n\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate) {\n        self.ca_lookup_table\n            .insert(verifying_key(\u0026cert.details.public_key), cert.clone());\n    }\n}\n\n#[derive(Debug)]\npub enum EpfCaPoolLoaderError {\n    CertDirDoesNotExist(String),\n}\nimpl Display for EpfCaPoolLoaderError {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfCaPoolLoaderError::CertDirDoesNotExist(d) =\u003e {\n                write!(f, \"Certificate dir does not exist: {}\", d)\n            }\n        }\n    }\n}\nimpl Error for EpfCaPoolLoaderError {}\n\n#[cfg(unix)]\n#[cfg(not(tarpaulin))]\npub fn load_ca_pool() -\u003e Result\u003cEpfCaPool, Box\u003cdyn Error\u003e\u003e {\n    let mut cert_strings = vec![];\n\n    for entry in fs::read_dir(\"/etc/e3pf/certs\")? {\n        let entry = entry?;\n        if entry.path().extension() == Some(OsStr::new(\".pem\")) {\n            cert_strings.push(fs::read_to_string(entry.path())?);\n        }\n    }\n\n    let mut ca_pool = EpfCaPool::new();\n\n    for cert in cert_strings {\n        ca_pool.insert(\u0026EPFCertificate::from_pem(cert.as_bytes())?);\n    }\n\n    Ok(ca_pool)\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::ca_pool::EpfCaPoolLoaderError;\n\n    #[test]\n    pub fn ca_pool_error_display_test() {\n        println!(\"{}\", EpfCaPoolLoaderError::CertDirDoesNotExist(\"\".to_string()));\n    }\n}","traces":[{"line":21,"address":[1407536],"length":1,"stats":{"Line":4},"fn_name":"new"},{"line":23,"address":[1407550],"length":1,"stats":{"Line":4},"fn_name":null},{"line":27,"address":[1407600],"length":1,"stats":{"Line":1},"fn_name":"get_ca"},{"line":28,"address":[1407614],"length":1,"stats":{"Line":3},"fn_name":null},{"line":31,"address":[1407632],"length":1,"stats":{"Line":1},"fn_name":"insert"},{"line":32,"address":[1407705],"length":1,"stats":{"Line":1},"fn_name":null},{"line":33,"address":[1407731,1407665],"length":1,"stats":{"Line":4},"fn_name":null},{"line":42,"address":[1407760],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":44,"address":[1407779],"length":1,"stats":{"Line":1},"fn_name":null},{"line":45,"address":[1407784],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":10,"coverable":10},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","error.rs"],"content":"use crate::pki::EpfPkiCertificateValidationError;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\n\n#[derive(Debug)]\npub enum EpfHandshakeError {\n    AlreadyTunnelled,\n    UnsupportedProtocolVersion(usize),\n    InvalidCertificate(EpfPkiCertificateValidationError),\n    UntrustedCertificate,\n    EncryptionError,\n    MissingKeyProof,\n}\nimpl Display for EpfHandshakeError {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfHandshakeError::AlreadyTunnelled =\u003e write!(f, \"Already tunneled\"),\n            EpfHandshakeError::UnsupportedProtocolVersion(v) =\u003e {\n                write!(f, \"Unsupported protocol version {}\", v)\n            }\n            EpfHandshakeError::InvalidCertificate(e) =\u003e write!(f, \"Invalid certificate: {}\", e),\n            EpfHandshakeError::UntrustedCertificate =\u003e {\n                write!(f, \"Certificate valid but not trusted\")\n            }\n            EpfHandshakeError::EncryptionError =\u003e write!(f, \"Encryption error\"),\n            EpfHandshakeError::MissingKeyProof =\u003e write!(f, \"Missing key proof\"),\n        }\n    }\n}\nimpl Error for EpfHandshakeError {}\n\n#[cfg(test)]\nmod tests {\n    use crate::error::EpfHandshakeError;\n    use crate::pki::EpfPkiCertificateValidationError;\n\n    #[test]\n    pub fn error_display_test() {\n        println!(\"{}\", EpfHandshakeError::AlreadyTunnelled);\n        println!(\"{}\", EpfHandshakeError::UnsupportedProtocolVersion(0));\n        println!(\"{}\", EpfHandshakeError::InvalidCertificate(EpfPkiCertificateValidationError::ValidAfterSigner));\n        println!(\"{}\", EpfHandshakeError::UntrustedCertificate);\n        println!(\"{}\", EpfHandshakeError::EncryptionError);\n        println!(\"{}\", EpfHandshakeError::MissingKeyProof);\n    }\n}","traces":[{"line":15,"address":[841264],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":16,"address":[841297],"length":1,"stats":{"Line":1},"fn_name":null},{"line":17,"address":[841348],"length":1,"stats":{"Line":1},"fn_name":null},{"line":18,"address":[841414],"length":1,"stats":{"Line":1},"fn_name":null},{"line":19,"address":[841423],"length":1,"stats":{"Line":1},"fn_name":null},{"line":21,"address":[841515],"length":1,"stats":{"Line":1},"fn_name":null},{"line":23,"address":[841619],"length":1,"stats":{"Line":1},"fn_name":null},{"line":25,"address":[841683],"length":1,"stats":{"Line":1},"fn_name":null},{"line":26,"address":[841747],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":9,"coverable":9},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","handshake_stream.rs"],"content":"use crate::ca_pool::{EpfCaPool};\nuse crate::danger_trace;\nuse crate::error::EpfHandshakeError;\nuse crate::pki::{\n    EPFCertificate, EpfPkiCertificateOps, EpfPrivateKey, EpfPublicKey,\n};\nuse crate::protocol::{\n    encode_packet, recv_packet, EpfApplicationData, EpfClientHello, EpfClientState, EpfFinished,\n    EpfMessage, EpfServerHello, EpfServerState, PACKET_APPLICATION_DATA, PACKET_CLIENT_HELLO,\n    PACKET_FINISHED, PACKET_SERVER_HELLO, PROTOCOL_VERSION,\n};\nuse async_trait::async_trait;\nuse chacha20poly1305::aead::{Aead, Payload};\nuse chacha20poly1305::{AeadCore, Key, KeyInit, XChaCha20Poly1305, XNonce};\nuse ed25519_dalek::{SigningKey};\nuse log::{trace};\nuse rand::rngs::OsRng;\nuse rand::Rng;\nuse std::error::Error;\nuse std::io;\nuse tokio::io::{AsyncReadExt, AsyncWriteExt};\nuse x25519_dalek::{PublicKey, StaticSecret};\n\n///// CLIENT /////\n\npub struct EpfClientUpgraded\u003cT: AsyncWriteExt + AsyncReadExt\u003e {\n    inner: T,\n    state: EpfClientState,\n    client_random: [u8; 24],\n    server_random: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    server_cert: Option\u003cEPFCertificate\u003e,\n    cipher: Option\u003cXChaCha20Poly1305\u003e,\n    private_key: EpfPrivateKey,\n    public_key: PublicKey,\n}\n\n#[derive(Debug)]\npub enum ClientAuthentication {\n    Cert(Box\u003cEPFCertificate\u003e, Box\u003cEpfPrivateKey\u003e),\n    Ephemeral,\n}\n\n#[async_trait]\npub trait EpfClientUpgradable {\n    async fn upgrade(self, auth: ClientAuthentication) -\u003e EpfClientUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send;\n}\n\n#[async_trait]\nimpl\u003cT\u003e EpfClientUpgradable for T\nwhere\n    T: AsyncWriteExt + AsyncReadExt + Send,\n{\n    async fn upgrade(self, auth: ClientAuthentication) -\u003e EpfClientUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send,\n    {\n        danger_trace!(target: \"EpfClientUpgradable\", \"upgrade(auth: {:?})\", auth);\n\n        let private_key;\n        let public_key;\n        let cert;\n\n        match auth {\n            ClientAuthentication::Cert(cert_d, key) =\u003e {\n                trace!(\"----!!!!! CERT AUTHENTICATION !!!!!----\");\n                cert = Some(cert_d);\n                private_key = key;\n                public_key = PublicKey::from(\u0026StaticSecret::from(private_key.to_bytes()));\n            }\n            ClientAuthentication::Ephemeral =\u003e {\n                cert = None;\n                let private_key_l: [u8; 32] = OsRng.gen();\n                let private_key_real = SigningKey::from(private_key_l);\n                public_key = PublicKey::from(\u0026StaticSecret::from(private_key_real.to_bytes()));\n                private_key = Box::new(private_key_real);\n            }\n        }\n\n        EpfClientUpgraded {\n            inner: self,\n            state: EpfClientState::NotStarted,\n            client_random: OsRng.gen(),\n            server_random: [0u8; 16],\n            client_cert: cert.map(|u| *u),\n            server_cert: None,\n            packet_queue: vec![],\n            cipher: None,\n            private_key: *private_key,\n            public_key,\n        }\n    }\n}\n\n#[async_trait]\npub trait EpfClientHandshaker\u003cS: AsyncWriteExt + AsyncReadExt + Unpin\u003e {\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    async fn upgrade(self) -\u003e EpfClientStream\u003cS\u003e\n    where\n        Self: Sized;\n}\n\n#[async_trait]\nimpl\u003cT: AsyncWriteExt + AsyncReadExt + Send + Unpin\u003e EpfClientHandshaker\u003cT\u003e\n    for EpfClientUpgraded\u003cT\u003e\n{\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        match self.state {\n            EpfClientState::NotStarted =\u003e (),\n            _ =\u003e return Err(EpfHandshakeError::AlreadyTunnelled.into()),\n        }\n\n        // Step 1: Send Client Hello\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_CLIENT_HELLO,\n                \u0026EpfClientHello {\n                    protocol_version: PROTOCOL_VERSION,\n                    client_random: self.client_random,\n                    client_certificate: self.client_cert.clone(),\n                    client_x25519_public_key: self.public_key.to_bytes(),\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        trace!(\"---- !!!!! SENT CLIENT HELLO\");\n\n        self.state = EpfClientState::WaitingForServerHello;\n\n        let server_x25519_key;\n\n        // Step 2: Wait for Server Hello\n        loop {\n            trace!(\"waiting for server hello\");\n\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_SERVER_HELLO {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let server_hello: EpfServerHello = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            self.server_random = server_hello.server_random;\n\n            if server_hello.protocol_version != PROTOCOL_VERSION {\n                return Err(EpfHandshakeError::UnsupportedProtocolVersion(\n                    server_hello.protocol_version as usize,\n                )\n                .into());\n            }\n\n            self.server_cert = Some(server_hello.server_certificate);\n\n            server_x25519_key = server_hello.server_x25519_public_key;\n\n            break;\n        }\n\n        // Step 3: Validate Server Certificate\n        let cert_valid = self.server_cert.as_ref().unwrap().verify(\u0026cert_pool);\n        if let Err(e) = cert_valid {\n            return Err(EpfHandshakeError::InvalidCertificate(e).into());\n        }\n        if let Ok(false) = cert_valid {\n            return Err(EpfHandshakeError::UntrustedCertificate.into());\n        }\n        // Server Cert OK\n\n        // Step 4: Build the cipher\n\n        let private_key = StaticSecret::from(self.private_key.to_bytes());\n        let their_public_key = PublicKey::from(server_x25519_key);\n\n        assert_ne!(\n            their_public_key.to_bytes(),\n            PublicKey::from(\u0026private_key).to_bytes()\n        );\n\n        danger_trace!(\n            \"pr: {}, their pub: {}, my pub: {}\",\n            hex::encode(self.private_key.to_bytes()),\n            hex::encode(self.server_cert.as_ref().unwrap().details.public_key),\n            hex::encode(self.private_key.verifying_key().to_bytes())\n        );\n\n        let shared_key = private_key.diffie_hellman(\u0026their_public_key).to_bytes();\n\n        trace!(\n            \"server public key: {:x?}\",\n            self.server_cert.as_ref().unwrap().details.public_key\n        );\n        danger_trace!(\"shared key: {}\", hex::encode(shared_key));\n\n        let cc20p1305_key = Key::from(shared_key);\n        let cc20p1305 = XChaCha20Poly1305::new(\u0026cc20p1305_key);\n        self.cipher = Some(cc20p1305);\n\n        let payload = Payload {\n            msg: \u0026[0x42],\n            aad: \u0026self.server_random,\n        };\n\n        let nonce = XNonce::from_slice(\u0026self.client_random);\n\n        trace!(\"encrypting 0x42\");\n\n        danger_trace!(\"aad: {:?} nonce: {:?}\", payload.aad, nonce);\n\n        let encrypted_0x42 = match self.cipher.as_ref().unwrap().encrypt(nonce, payload) {\n            Ok(d) =\u003e d,\n            Err(_) =\u003e return Err(EpfHandshakeError::EncryptionError.into()),\n        };\n\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_FINISHED,\n                \u0026EpfFinished {\n                    protocol_version: PROTOCOL_VERSION,\n                    encrypted_0x42,\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        self.state = EpfClientState::WaitingForFinished;\n\n        loop {\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_FINISHED {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let packet_finished: EpfFinished = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            trace!(\"trying to debug 0x42\");\n\n            let payload = Payload {\n                msg: \u0026packet_finished.encrypted_0x42,\n                aad: \u0026self.server_random,\n            };\n\n            danger_trace!(\n                \"ciphertext: {:?}, aad: {:?}, nonce: {:?}\",\n                packet_finished.encrypted_0x42,\n                payload.aad,\n                nonce\n            );\n\n            let hopefully_0x42 = match self.cipher.as_ref().unwrap().decrypt(nonce, payload) {\n                Ok(d) =\u003e d,\n                Err(_) =\u003e {\n                    return Err(EpfHandshakeError::EncryptionError.into());\n                }\n            };\n\n            if hopefully_0x42 != vec![0x42] {\n                return Err(EpfHandshakeError::MissingKeyProof.into());\n            }\n\n            break;\n        }\n\n        self.state = EpfClientState::Transport;\n\n        Ok(())\n    }\n\n    async fn upgrade(self) -\u003e EpfClientStream\u003cT\u003e\n    where\n        Self: Sized,\n    {\n        let aad = self.server_random;\n        let client_cert = self.client_cert.clone();\n        let packet_queue = self.packet_queue.clone();\n        let server_cert = self.server_cert.unwrap();\n        let cipher = self.cipher.unwrap();\n        let private_key = self.private_key.clone();\n        let public_key = self.public_key;\n        let raw_stream = self.inner;\n        EpfClientStream {\n            raw_stream,\n            aad,\n            client_cert,\n            packet_queue,\n            server_cert,\n            cipher,\n            private_key,\n            public_key,\n        }\n    }\n}\n\n#[allow(dead_code)]\npub struct EpfClientStream\u003cS: AsyncReadExt + AsyncWriteExt + Unpin\u003e {\n    raw_stream: S,\n    aad: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    server_cert: EPFCertificate,\n    cipher: XChaCha20Poly1305,\n    private_key: EpfPrivateKey,\n    public_key: PublicKey,\n}\n\n#[async_trait]\npub trait EpfStreamOps {\n    async fn write(\u0026mut self, data: \u0026[u8]) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    async fn read(\u0026mut self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n}\n\n#[async_trait]\nimpl\u003cS: AsyncReadExt + AsyncWriteExt + Unpin + Send\u003e EpfStreamOps for EpfClientStream\u003cS\u003e {\n    async fn write(\u0026mut self, data: \u0026[u8]) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        let nonce = XChaCha20Poly1305::generate_nonce(OsRng);\n\n        let payload = Payload {\n            msg: data,\n            aad: \u0026self.aad,\n        };\n\n        let ciphertext = match self.cipher.encrypt(\u0026nonce, payload) {\n            Ok(c) =\u003e c,\n            Err(_) =\u003e return Err(io::Error::new(io::ErrorKind::Other, \"Encryption error\").into()),\n        };\n        let application_data = EpfApplicationData {\n            protocol_version: PROTOCOL_VERSION,\n            encrypted_application_data: ciphertext,\n            nonce: nonce.try_into().unwrap(),\n        };\n\n        let packet = encode_packet(PACKET_APPLICATION_DATA, \u0026application_data)?;\n\n        self.raw_stream.write_all(\u0026packet).await?;\n        self.raw_stream.flush().await?;\n\n        Ok(())\n    }\n\n    async fn read(\u0026mut self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        loop {\n            let packet = recv_packet(\u0026mut self.raw_stream).await?;\n\n            if packet.packet_id != PACKET_APPLICATION_DATA {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let app_data: EpfApplicationData = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            let nonce = XNonce::from_slice(\u0026app_data.nonce);\n\n            let payload = Payload {\n                msg: \u0026app_data.encrypted_application_data,\n                aad: \u0026self.aad,\n            };\n\n            let plaintext = match self.cipher.decrypt(nonce, payload) {\n                Ok(p) =\u003e p,\n                Err(_) =\u003e {\n                    return Err(io::Error::new(io::ErrorKind::Other, \"Decryption error\").into())\n                }\n            };\n\n            return Ok(plaintext);\n        }\n    }\n}\n\n///// SERVER /////\n\npub struct EpfServerUpgraded\u003cT: AsyncWriteExt + AsyncReadExt\u003e {\n    inner: T,\n    state: EpfServerState,\n    client_random: [u8; 24],\n    server_random: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    cipher: Option\u003cXChaCha20Poly1305\u003e,\n    cert: EPFCertificate,\n    private_key: EpfPrivateKey,\n    public_key: EpfPublicKey,\n}\n\n#[async_trait]\npub trait EpfServerUpgradable {\n    async fn upgrade(\n        self,\n        cert: EPFCertificate,\n        private_key: EpfPrivateKey,\n    ) -\u003e EpfServerUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send;\n}\n\n#[async_trait]\nimpl\u003cT: ?Sized\u003e EpfServerUpgradable for T\nwhere\n    T: AsyncWriteExt + AsyncReadExt + Send,\n{\n    async fn upgrade(\n        self,\n        cert: EPFCertificate,\n        private_key: EpfPrivateKey,\n    ) -\u003e EpfServerUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send,\n    {\n        EpfServerUpgraded {\n            inner: self,\n            state: EpfServerState::WaitingForClientHello,\n            server_random: OsRng.gen(),\n            client_random: [0u8; 24],\n            cert,\n            client_cert: None,\n            packet_queue: vec![],\n            cipher: None,\n            private_key: private_key.clone(),\n            public_key: private_key.verifying_key(),\n        }\n    }\n}\n\n#[async_trait]\npub trait EpfServerHandshaker\u003cS: AsyncWriteExt + AsyncReadExt + Unpin\u003e {\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    async fn upgrade(self) -\u003e EpfServerStream\u003cS\u003e\n    where\n        Self: Sized;\n}\n\n#[async_trait]\nimpl\u003cT: AsyncWriteExt + AsyncReadExt + Send + Unpin\u003e EpfServerHandshaker\u003cT\u003e\n    for EpfServerUpgraded\u003cT\u003e\n{\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        match self.state {\n            EpfServerState::WaitingForClientHello =\u003e (),\n            _ =\u003e return Err(EpfHandshakeError::AlreadyTunnelled.into()),\n        }\n\n        let client_public_key;\n\n        // Step 1: Wait for Client Hello\n        loop {\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_CLIENT_HELLO {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            trace!(\"got client hello\");\n\n            let client_hello: EpfClientHello = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            self.client_random = client_hello.client_random;\n\n            if client_hello.protocol_version != PROTOCOL_VERSION {\n                return Err(EpfHandshakeError::UnsupportedProtocolVersion(\n                    client_hello.protocol_version as usize,\n                )\n                .into());\n            }\n\n            self.client_cert = client_hello.client_certificate;\n\n            client_public_key = client_hello.client_x25519_public_key;\n\n            trace!(\"exiting loop\");\n\n            break;\n        }\n\n        // Step 2: Validate Client Certificate (if present)\n        if let Some(client_cert) = \u0026self.client_cert {\n            let cert_valid = client_cert.verify(\u0026cert_pool);\n            if let Err(e) = cert_valid {\n                return Err(EpfHandshakeError::InvalidCertificate(e).into());\n            }\n            if let Ok(false) = cert_valid {\n                return Err(EpfHandshakeError::UntrustedCertificate.into());\n            }\n        }\n        // Client Cert OK (if present)\n\n        trace!(\"client cert okay\");\n\n        // Step 3: Send Server Hello\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_SERVER_HELLO,\n                \u0026EpfServerHello {\n                    protocol_version: PROTOCOL_VERSION,\n                    server_certificate: self.cert.clone(),\n                    server_random: self.server_random,\n                    server_x25519_public_key: PublicKey::from(\u0026StaticSecret::from(\n                        self.private_key.to_bytes(),\n                    ))\n                    .to_bytes(),\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        trace!(\"sent server hello\");\n\n        self.state = EpfServerState::WaitingForFinished;\n\n        // Step 4: Build the cipher\n        let private_key = StaticSecret::from(self.private_key.to_bytes());\n        let their_public_key = PublicKey::from(client_public_key);\n\n        assert_ne!(\n            their_public_key.to_bytes(),\n            PublicKey::from(\u0026private_key).to_bytes()\n        );\n\n        danger_trace!(\n            \"pr: {}, their pub: {}, my pub: {}\",\n            hex::encode(self.private_key.to_bytes()),\n            hex::encode(client_public_key),\n            hex::encode(self.private_key.verifying_key().to_bytes())\n        );\n\n        let shared_key = private_key.diffie_hellman(\u0026their_public_key).to_bytes();\n\n        trace!(\"client public key: {:x?}\", client_public_key);\n        danger_trace!(\"shared key: {}\", hex::encode(shared_key));\n\n        let cc20p1305_key = Key::from(shared_key);\n        let cc20p1305 = XChaCha20Poly1305::new(\u0026cc20p1305_key);\n        self.cipher = Some(cc20p1305);\n\n        let payload = Payload {\n            msg: \u0026[0x42],\n            aad: \u0026self.server_random,\n        };\n\n        let nonce = XNonce::from_slice(\u0026self.client_random);\n\n        loop {\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_FINISHED {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let packet_finished: EpfFinished = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            let payload = Payload {\n                msg: \u0026packet_finished.encrypted_0x42,\n                aad: \u0026self.server_random,\n            };\n\n            trace!(\"trying to decrypt 0x42\");\n            danger_trace!(\n                \"ciphertext: {:?}, nonce: {:?}, aad: {:?}\",\n                payload.msg,\n                nonce,\n                payload.aad\n            );\n\n            let hopefully_0x42 = match self.cipher.as_ref().unwrap().decrypt(nonce, payload) {\n                Ok(d) =\u003e d,\n                Err(_) =\u003e {\n                    return Err(EpfHandshakeError::EncryptionError.into());\n                }\n            };\n\n            if hopefully_0x42 != vec![0x42] {\n                return Err(EpfHandshakeError::MissingKeyProof.into());\n            }\n\n            break;\n        }\n\n        let encrypted_0x42 = match self.cipher.as_ref().unwrap().encrypt(nonce, payload) {\n            Ok(d) =\u003e d,\n            Err(_) =\u003e return Err(EpfHandshakeError::EncryptionError.into()),\n        };\n\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_FINISHED,\n                \u0026EpfFinished {\n                    protocol_version: PROTOCOL_VERSION,\n                    encrypted_0x42,\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        self.state = EpfServerState::WaitingForFinished;\n\n        self.state = EpfServerState::Transport;\n\n        Ok(())\n    }\n\n    async fn upgrade(self) -\u003e EpfServerStream\u003cT\u003e\n    where\n        Self: Sized,\n    {\n        EpfServerStream {\n            aad: self.server_random,\n            server_cert: self.cert,\n            packet_queue: self.packet_queue,\n            client_cert: self.client_cert,\n            cipher: self.cipher.unwrap(),\n            private_key: self.private_key,\n            public_key: self.public_key,\n            raw_stream: self.inner,\n        }\n    }\n}\n\n#[allow(dead_code)]\npub struct EpfServerStream\u003cS: AsyncReadExt + AsyncWriteExt + Unpin\u003e {\n    raw_stream: S,\n    aad: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    server_cert: EPFCertificate,\n    cipher: XChaCha20Poly1305,\n    private_key: EpfPrivateKey,\n    public_key: EpfPublicKey,\n}\n\n#[async_trait]\nimpl\u003cS: AsyncReadExt + AsyncWriteExt + Unpin + Send\u003e EpfStreamOps for EpfServerStream\u003cS\u003e {\n    async fn write(\u0026mut self, data: \u0026[u8]) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        let nonce = XChaCha20Poly1305::generate_nonce(OsRng);\n\n        let payload = Payload {\n            msg: data,\n            aad: \u0026self.aad,\n        };\n\n        let ciphertext = match self.cipher.encrypt(\u0026nonce, payload) {\n            Ok(c) =\u003e c,\n            Err(_) =\u003e return Err(io::Error::new(io::ErrorKind::Other, \"Encryption error\").into()),\n        };\n        let application_data = EpfApplicationData {\n            protocol_version: PROTOCOL_VERSION,\n            encrypted_application_data: ciphertext,\n            nonce: nonce.try_into().unwrap(),\n        };\n\n        let packet = encode_packet(PACKET_APPLICATION_DATA, \u0026application_data)?;\n\n        self.raw_stream.write_all(\u0026packet).await?;\n        self.raw_stream.flush().await?;\n\n        Ok(())\n    }\n\n    async fn read(\u0026mut self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        loop {\n            let packet = recv_packet(\u0026mut self.raw_stream).await?;\n\n            if packet.packet_id != PACKET_APPLICATION_DATA {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let app_data: EpfApplicationData = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            let nonce = XNonce::from_slice(\u0026app_data.nonce);\n\n            let payload = Payload {\n                msg: \u0026app_data.encrypted_application_data,\n                aad: \u0026self.aad,\n            };\n\n            let plaintext = match self.cipher.decrypt(nonce, payload) {\n                Ok(p) =\u003e p,\n                Err(_) =\u003e {\n                    return Err(io::Error::new(io::ErrorKind::Other, \"Decryption error\").into())\n                }\n            };\n\n            return Ok(plaintext);\n        }\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::handshake_stream::{\n        ClientAuthentication, EpfClientHandshaker, EpfClientUpgradable, EpfClientUpgraded,\n        EpfServerHandshaker, EpfServerUpgradable, EpfServerUpgraded, EpfStreamOps,\n    };\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EpfPkiCertificateOps};\n    use ed25519_dalek::{SigningKey};\n    use log::{debug, trace};\n    \n    use std::net::SocketAddr;\n    use std::str::FromStr;\n    use std::time::{SystemTime, UNIX_EPOCH};\n    use serial_test::serial;\n\n    use tokio::join;\n    use tokio::net::{TcpListener, TcpSocket, TcpStream};\n    use x25519_dalek::{PublicKey, StaticSecret};\n\n    #[tokio::test]\n    #[serial]\n    pub async fn stream_test() {\n        //simple_logger::init().unwrap();\n\n        let tcp_listener = TcpListener::bind(\"0.0.0.0:36116\").await.unwrap();\n\n        let tcp_client_future = TcpSocket::new_v4()\n            .unwrap()\n            .connect(SocketAddr::from_str(\"127.0.0.1:36116\").unwrap());\n\n        let (a, b) = join![tcp_listener.accept(), tcp_client_future];\n\n        let (s, _) = a.unwrap();\n        let c = b.unwrap();\n\n        let server_private_key = SigningKey::from([1u8; 32]);\n        let client_private_key = SigningKey::from([2u8; 32]);\n\n        let mut server_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Server Certificate\".to_string(),\n                not_before: 0,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: server_private_key.verifying_key().to_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; 64],\n        };\n        server_cert.sign(\u0026server_private_key).unwrap();\n\n        debug!(\n            \"{}\",\n            hex::encode(server_private_key.verifying_key().to_bytes())\n        );\n\n        let mut client_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Client Certificate\".to_string(),\n                not_before: 0,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: client_private_key.verifying_key().to_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; 64],\n        };\n        client_cert.sign(\u0026client_private_key).unwrap();\n\n        let mut cert_pool = EpfCaPool::new();\n        let mut cert_pool_2 = EpfCaPool::new();\n        cert_pool.insert(\u0026server_cert);\n        cert_pool.insert(\u0026client_cert);\n        cert_pool_2.insert(\u0026client_cert);\n        cert_pool_2.insert(\u0026server_cert);\n\n        let mut c: EpfClientUpgraded\u003cTcpStream\u003e = EpfClientUpgradable::upgrade(\n            c,\n            ClientAuthentication::Cert(Box::new(client_cert), Box::new(client_private_key)),\n        )\n        .await;\n        let mut s: EpfServerUpgraded\u003cTcpStream\u003e =\n            EpfServerUpgradable::upgrade(s, server_cert, server_private_key).await;\n\n        let server_handshake_accept_task = tokio::spawn(async move {\n            trace!(\"starting server handshake listener\");\n            s.handshake(cert_pool_2).await.unwrap();\n            let mut upgraded = s.upgrade().await;\n            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42]);\n            upgraded.write(\u0026[0x42, 0x42]).await.unwrap();\n        });\n\n        let client_handshake_send_task = tokio::spawn(async move {\n            trace!(\"starting client handshake sender\");\n            c.handshake(cert_pool).await.unwrap();\n            let mut upgraded = EpfClientHandshaker::upgrade(c).await;\n            upgraded.write(\u0026[0x42, 0x42]).await.unwrap();\n            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42]);\n        });\n\n        let (a, b) = join![server_handshake_accept_task, client_handshake_send_task];\n        a.unwrap();\n        b.unwrap();\n    }\n\n    #[tokio::test]\n    #[serial]\n    pub async fn stream_test_ephemeral() {\n        //simple_logger::init().unwrap();\n\n        let tcp_listener = TcpListener::bind(\"0.0.0.0:36117\").await.unwrap();\n\n        let tcp_client_future = TcpSocket::new_v4()\n            .unwrap()\n            .connect(SocketAddr::from_str(\"127.0.0.1:36117\").unwrap());\n\n        let (a, b) = join![tcp_listener.accept(), tcp_client_future];\n\n        let (s, _) = a.unwrap();\n        let c = b.unwrap();\n\n        let server_private_key = SigningKey::from([1u8; 32]);\n\n        let mut server_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Server Certificate\".to_string(),\n                not_before: 0,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: server_private_key.verifying_key().to_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; 64],\n        };\n        server_cert.sign(\u0026server_private_key).unwrap();\n\n        debug!(\n            \"{}\",\n            hex::encode(server_private_key.verifying_key().to_bytes())\n        );\n\n        let mut cert_pool = EpfCaPool::new();\n        let mut cert_pool_2 = EpfCaPool::new();\n        cert_pool.insert(\u0026server_cert);\n\n        cert_pool_2.insert(\u0026server_cert);\n\n        let mut c: EpfClientUpgraded\u003cTcpStream\u003e = EpfClientUpgradable::upgrade(\n            c,\n            ClientAuthentication::Ephemeral,\n        )\n            .await;\n        let mut s: EpfServerUpgraded\u003cTcpStream\u003e =\n            EpfServerUpgradable::upgrade(s, server_cert, server_private_key).await;\n\n        let server_handshake_accept_task = tokio::spawn(async move {\n            trace!(\"starting server handshake listener\");\n            s.handshake(cert_pool_2).await.unwrap();\n            let mut upgraded = s.upgrade().await;\n            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42])\n        });\n\n        let client_handshake_send_task = tokio::spawn(async move {\n            trace!(\"starting client handshake sender\");\n            c.handshake(cert_pool).await.unwrap();\n            let mut upgraded = EpfClientHandshaker::upgrade(c).await;\n            upgraded.write(\u0026[0x42, 0x42]).await.unwrap();\n        });\n\n        let (a, b) = join![server_handshake_accept_task, client_handshake_send_task];\n        a.unwrap();\n        b.unwrap();\n    }\n\n    #[test]\n    pub fn x25519_sanity_check() {\n        let bob_key = StaticSecret::from([1u8; 32]);\n        let bob_pub = PublicKey::from(\u0026bob_key);\n\n        let alice_key = StaticSecret::from([2u8; 32]);\n        let alice_pub = PublicKey::from(\u0026alice_key);\n\n        let ss_1 = bob_key.diffie_hellman(\u0026alice_pub);\n        let ss_2 = alice_key.diffie_hellman(\u0026bob_pub);\n\n        assert_eq!(ss_1.to_bytes(), ss_2.to_bytes());\n\n        println!(\n            \"SS: {}, B_p: {}, A_p: {}\",\n            hex::encode(ss_1.to_bytes()),\n            hex::encode(bob_pub.to_bytes()),\n            hex::encode(alice_pub.to_bytes())\n        );\n    }\n}\n","traces":[{"line":57,"address":[1312478],"length":1,"stats":{"Line":2},"fn_name":null},{"line":61,"address":[1312893,1312593,1312684,1312979,1313115],"length":1,"stats":{"Line":3},"fn_name":null},{"line":63,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":64,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":65,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":67,"address":[1312941],"length":1,"stats":{"Line":1},"fn_name":null},{"line":68,"address":[1313336],"length":1,"stats":{"Line":1},"fn_name":null},{"line":69,"address":[1314311,1314480,1313400,1314229],"length":1,"stats":{"Line":3},"fn_name":null},{"line":70,"address":[1314369],"length":1,"stats":{"Line":1},"fn_name":null},{"line":71,"address":[1314417],"length":1,"stats":{"Line":1},"fn_name":null},{"line":72,"address":[1314457,1314586],"length":1,"stats":{"Line":2},"fn_name":null},{"line":74,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":75,"address":[1313441],"length":1,"stats":{"Line":1},"fn_name":null},{"line":76,"address":[1313493],"length":1,"stats":{"Line":1},"fn_name":null},{"line":77,"address":[1313541,1313628],"length":1,"stats":{"Line":2},"fn_name":null},{"line":78,"address":[1313717,1313652],"length":1,"stats":{"Line":2},"fn_name":null},{"line":79,"address":[1313866,1314038],"length":1,"stats":{"Line":2},"fn_name":null},{"line":86,"address":[1314174],"length":1,"stats":{"Line":1},"fn_name":null},{"line":87,"address":[1314973],"length":1,"stats":{"Line":1},"fn_name":null},{"line":88,"address":[1314984,1316000,1316022],"length":1,"stats":{"Line":3},"fn_name":"{closure#0}\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":90,"address":[1315035],"length":1,"stats":{"Line":1},"fn_name":null},{"line":92,"address":[1315090],"length":1,"stats":{"Line":1},"fn_name":null},{"line":110,"address":[1317000,1316320,1316373,1316064,1332431,1332087,1317768,1316079,1317176],"length":1,"stats":{"Line":6},"fn_name":"handshake\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":111,"address":[1317261],"length":1,"stats":{"Line":1},"fn_name":null},{"line":112,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":113,"address":[1317392,1317495],"length":1,"stats":{"Line":0},"fn_name":null},{"line":117,"address":[1318428,1318258,1317289,1318517,1318596],"length":1,"stats":{"Line":4},"fn_name":null},{"line":118,"address":[1317826,1317761,1318080],"length":1,"stats":{"Line":2},"fn_name":null},{"line":119,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":120,"address":[1317610],"length":1,"stats":{"Line":1},"fn_name":null},{"line":121,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":122,"address":[1317322],"length":1,"stats":{"Line":1},"fn_name":null},{"line":123,"address":[1317352],"length":1,"stats":{"Line":1},"fn_name":null},{"line":124,"address":[1317533],"length":1,"stats":{"Line":1},"fn_name":null},{"line":127,"address":[1287039,1286916,1286225],"length":1,"stats":{"Line":3},"fn_name":null},{"line":128,"address":[1316898,1319046,1316605,1318709],"length":1,"stats":{"Line":2},"fn_name":null},{"line":130,"address":[1319136,1319233,1319335,1319005],"length":1,"stats":{"Line":3},"fn_name":null},{"line":132,"address":[1319297],"length":1,"stats":{"Line":1},"fn_name":null},{"line":134,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":137,"address":[1319333],"length":1,"stats":{"Line":1},"fn_name":null},{"line":138,"address":[1319690,1319441,1319586],"length":1,"stats":{"Line":2},"fn_name":null},{"line":140,"address":[1286255],"length":1,"stats":{"Line":4},"fn_name":null},{"line":142,"address":[1320302],"length":1,"stats":{"Line":1},"fn_name":null},{"line":143,"address":[1320463],"length":1,"stats":{"Line":0},"fn_name":null},{"line":144,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":147,"address":[1320887,1320691,1320425],"length":1,"stats":{"Line":2},"fn_name":null},{"line":149,"address":[1320791],"length":1,"stats":{"Line":1},"fn_name":null},{"line":151,"address":[1320868],"length":1,"stats":{"Line":1},"fn_name":null},{"line":152,"address":[1321290,1321182],"length":1,"stats":{"Line":0},"fn_name":null},{"line":153,"address":[1321175],"length":1,"stats":{"Line":0},"fn_name":null},{"line":155,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":158,"address":[1321047,1321324,1321391],"length":1,"stats":{"Line":2},"fn_name":null},{"line":160,"address":[1321435],"length":1,"stats":{"Line":1},"fn_name":null},{"line":162,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":166,"address":[1321653,1321566],"length":1,"stats":{"Line":2},"fn_name":null},{"line":167,"address":[1321727],"length":1,"stats":{"Line":1},"fn_name":null},{"line":168,"address":[1332283,1321847],"length":1,"stats":{"Line":0},"fn_name":null},{"line":170,"address":[1322009],"length":1,"stats":{"Line":1},"fn_name":null},{"line":171,"address":[1322089,1332246],"length":1,"stats":{"Line":0},"fn_name":null},{"line":177,"address":[1322059,1322199],"length":1,"stats":{"Line":2},"fn_name":null},{"line":178,"address":[1322226],"length":1,"stats":{"Line":1},"fn_name":null},{"line":180,"address":[1322568,1322418],"length":1,"stats":{"Line":1},"fn_name":null},{"line":181,"address":[1322333],"length":1,"stats":{"Line":1},"fn_name":null},{"line":182,"address":[1322360],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[1323054,1323408,1323599,1322521,1322909,1323175,1322620],"length":1,"stats":{"Line":2},"fn_name":null},{"line":187,"address":[1323122],"length":1,"stats":{"Line":0},"fn_name":null},{"line":188,"address":[1323286],"length":1,"stats":{"Line":0},"fn_name":null},{"line":189,"address":[1323519],"length":1,"stats":{"Line":0},"fn_name":null},{"line":192,"address":[1323951,1322872],"length":1,"stats":{"Line":2},"fn_name":null},{"line":194,"address":[1324339,1324021,1324166],"length":1,"stats":{"Line":2},"fn_name":null},{"line":196,"address":[1324264],"length":1,"stats":{"Line":0},"fn_name":null},{"line":198,"address":[1325014,1324230,1324869,1324521],"length":1,"stats":{"Line":2},"fn_name":null},{"line":200,"address":[1324773],"length":1,"stats":{"Line":1},"fn_name":null},{"line":201,"address":[1325371],"length":1,"stats":{"Line":1},"fn_name":null},{"line":202,"address":[1325398,1325566],"length":1,"stats":{"Line":2},"fn_name":null},{"line":205,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":206,"address":[1325624],"length":1,"stats":{"Line":1},"fn_name":null},{"line":209,"address":[1325677],"length":1,"stats":{"Line":1},"fn_name":null},{"line":211,"address":[1325752,1325992,1325897],"length":1,"stats":{"Line":2},"fn_name":null},{"line":213,"address":[1325961,1326390,1326098,1326535],"length":1,"stats":{"Line":2},"fn_name":null},{"line":215,"address":[1326928,1326350],"length":1,"stats":{"Line":2},"fn_name":null},{"line":216,"address":[1327053],"length":1,"stats":{"Line":1},"fn_name":null},{"line":217,"address":[1327287],"length":1,"stats":{"Line":0},"fn_name":null},{"line":220,"address":[1327878,1328219,1327132,1328137,1328048],"length":1,"stats":{"Line":4},"fn_name":null},{"line":221,"address":[1327277,1327446,1327700],"length":1,"stats":{"Line":2},"fn_name":null},{"line":222,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":223,"address":[1327201],"length":1,"stats":{"Line":1},"fn_name":null},{"line":224,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":225,"address":[1327162],"length":1,"stats":{"Line":1},"fn_name":null},{"line":228,"address":[1286276,1286413,1286526,1286547],"length":1,"stats":{"Line":4},"fn_name":null},{"line":229,"address":[1328380,1316745,1328714,1316668],"length":1,"stats":{"Line":2},"fn_name":null},{"line":231,"address":[1328676],"length":1,"stats":{"Line":1},"fn_name":null},{"line":233,"address":[1328712],"length":1,"stats":{"Line":1},"fn_name":null},{"line":234,"address":[1286303],"length":1,"stats":{"Line":3},"fn_name":null},{"line":236,"address":[1329340],"length":1,"stats":{"Line":1},"fn_name":null},{"line":237,"address":[1329501],"length":1,"stats":{"Line":0},"fn_name":null},{"line":238,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":241,"address":[1329463,1329697,1329823],"length":1,"stats":{"Line":2},"fn_name":null},{"line":243,"address":[1329779,1330022,1330218,1330119],"length":1,"stats":{"Line":3},"fn_name":null},{"line":246,"address":[1330183],"length":1,"stats":{"Line":1},"fn_name":null},{"line":247,"address":[1330340],"length":1,"stats":{"Line":1},"fn_name":null},{"line":250,"address":[1330397,1330720,1330865],"length":1,"stats":{"Line":1},"fn_name":null},{"line":252,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":253,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":254,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":257,"address":[1331259,1330680],"length":1,"stats":{"Line":2},"fn_name":null},{"line":258,"address":[1331382],"length":1,"stats":{"Line":1},"fn_name":null},{"line":259,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":260,"address":[1331466],"length":1,"stats":{"Line":0},"fn_name":null},{"line":264,"address":[1331451,1331596],"length":1,"stats":{"Line":2},"fn_name":null},{"line":265,"address":[1331735],"length":1,"stats":{"Line":0},"fn_name":null},{"line":268,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":271,"address":[1331918],"length":1,"stats":{"Line":1},"fn_name":null},{"line":273,"address":[1331954],"length":1,"stats":{"Line":1},"fn_name":null},{"line":276,"address":[1333165,1332544],"length":1,"stats":{"Line":2},"fn_name":"upgrade\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":280,"address":[1333216],"length":1,"stats":{"Line":1},"fn_name":null},{"line":281,"address":[1333232],"length":1,"stats":{"Line":1},"fn_name":null},{"line":282,"address":[1333299],"length":1,"stats":{"Line":1},"fn_name":null},{"line":283,"address":[1333359],"length":1,"stats":{"Line":1},"fn_name":null},{"line":284,"address":[1333466],"length":1,"stats":{"Line":1},"fn_name":null},{"line":285,"address":[1333606],"length":1,"stats":{"Line":1},"fn_name":null},{"line":286,"address":[1333650],"length":1,"stats":{"Line":1},"fn_name":null},{"line":287,"address":[1333682],"length":1,"stats":{"Line":1},"fn_name":null},{"line":321,"address":[1336169,1337509,1334719,1334944,1334991,1335389,1335261,1334688],"length":1,"stats":{"Line":5},"fn_name":"write\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":322,"address":[1335460],"length":1,"stats":{"Line":1},"fn_name":null},{"line":326,"address":[1335494],"length":1,"stats":{"Line":1},"fn_name":null},{"line":329,"address":[1335540,1335653],"length":1,"stats":{"Line":2},"fn_name":null},{"line":330,"address":[1335686],"length":1,"stats":{"Line":1},"fn_name":null},{"line":331,"address":[1335870],"length":1,"stats":{"Line":0},"fn_name":null},{"line":336,"address":[1335812,1336044],"length":1,"stats":{"Line":2},"fn_name":null},{"line":339,"address":[1336417,1336137,1336263],"length":1,"stats":{"Line":2},"fn_name":null},{"line":341,"address":[1336360,1335133,1336638,1336947,1335210],"length":1,"stats":{"Line":3},"fn_name":null},{"line":342,"address":[1337044,1337309,1335151,1336916],"length":1,"stats":{"Line":2},"fn_name":null},{"line":344,"address":[1337271],"length":1,"stats":{"Line":1},"fn_name":null},{"line":347,"address":[1337583,1337568,1337859,1338229,1337824,1338030,1338488],"length":1,"stats":{"Line":4},"fn_name":"read\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":348,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":349,"address":[1283074],"length":1,"stats":{"Line":4},"fn_name":null},{"line":351,"address":[1338805],"length":1,"stats":{"Line":1},"fn_name":null},{"line":352,"address":[1338915],"length":1,"stats":{"Line":0},"fn_name":null},{"line":353,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":356,"address":[1338886,1339294,1339098],"length":1,"stats":{"Line":2},"fn_name":null},{"line":358,"address":[1339453,1339279],"length":1,"stats":{"Line":2},"fn_name":null},{"line":361,"address":[1339461],"length":1,"stats":{"Line":1},"fn_name":null},{"line":362,"address":[1339505],"length":1,"stats":{"Line":1},"fn_name":null},{"line":365,"address":[1339555],"length":1,"stats":{"Line":1},"fn_name":null},{"line":366,"address":[1339651],"length":1,"stats":{"Line":1},"fn_name":null},{"line":367,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":368,"address":[1339857],"length":1,"stats":{"Line":0},"fn_name":null},{"line":372,"address":[1339747],"length":1,"stats":{"Line":1},"fn_name":null},{"line":408,"address":[1412192],"length":1,"stats":{"Line":1},"fn_name":"upgrade\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":419,"address":[1340708],"length":1,"stats":{"Line":1},"fn_name":null},{"line":420,"address":[1340759],"length":1,"stats":{"Line":1},"fn_name":null},{"line":423,"address":[1340840],"length":1,"stats":{"Line":1},"fn_name":null},{"line":425,"address":[1340911],"length":1,"stats":{"Line":1},"fn_name":null},{"line":426,"address":[1340958],"length":1,"stats":{"Line":1},"fn_name":null},{"line":443,"address":[1343420,1341840,1357357,1341855,1342769,1357579,1342149,1342945,1342096],"length":1,"stats":{"Line":6},"fn_name":"handshake\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":444,"address":[1343030],"length":1,"stats":{"Line":1},"fn_name":null},{"line":445,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":446,"address":[1343201,1343098],"length":1,"stats":{"Line":0},"fn_name":null},{"line":449,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":452,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":453,"address":[1287281],"length":1,"stats":{"Line":5},"fn_name":null},{"line":455,"address":[1343755],"length":1,"stats":{"Line":1},"fn_name":null},{"line":456,"address":[1343922],"length":1,"stats":{"Line":0},"fn_name":null},{"line":457,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":460,"address":[1344259,1344157,1344060,1343878],"length":1,"stats":{"Line":3},"fn_name":null},{"line":462,"address":[1344678,1344221,1344465],"length":1,"stats":{"Line":2},"fn_name":null},{"line":464,"address":[1344551],"length":1,"stats":{"Line":1},"fn_name":null},{"line":466,"address":[1344659],"length":1,"stats":{"Line":1},"fn_name":null},{"line":467,"address":[1344915,1345023],"length":1,"stats":{"Line":0},"fn_name":null},{"line":468,"address":[1344908],"length":1,"stats":{"Line":0},"fn_name":null},{"line":470,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":473,"address":[1345124,1345057,1344838],"length":1,"stats":{"Line":2},"fn_name":null},{"line":475,"address":[1345168],"length":1,"stats":{"Line":1},"fn_name":null},{"line":477,"address":[1345466,1345231,1345376],"length":1,"stats":{"Line":2},"fn_name":null},{"line":479,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":483,"address":[1346199,1345616],"length":1,"stats":{"Line":2},"fn_name":null},{"line":484,"address":[1345799,1345693],"length":1,"stats":{"Line":2},"fn_name":null},{"line":485,"address":[1345807],"length":1,"stats":{"Line":1},"fn_name":null},{"line":486,"address":[1345909,1357539],"length":1,"stats":{"Line":0},"fn_name":null},{"line":488,"address":[1346071],"length":1,"stats":{"Line":1},"fn_name":null},{"line":489,"address":[1357494,1346135],"length":1,"stats":{"Line":0},"fn_name":null},{"line":494,"address":[1346441,1346323,1346226,1345720],"length":1,"stats":{"Line":3},"fn_name":null},{"line":497,"address":[1347783,1347442,1347701,1347612,1346387],"length":1,"stats":{"Line":4},"fn_name":null},{"line":498,"address":[1346930,1347010,1347264],"length":1,"stats":{"Line":2},"fn_name":null},{"line":499,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":500,"address":[1346794],"length":1,"stats":{"Line":1},"fn_name":null},{"line":501,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":502,"address":[1346419],"length":1,"stats":{"Line":1},"fn_name":null},{"line":503,"address":[1346547],"length":1,"stats":{"Line":1},"fn_name":null},{"line":504,"address":[1346764,1346654],"length":1,"stats":{"Line":2},"fn_name":null},{"line":505,"address":[1346577],"length":1,"stats":{"Line":1},"fn_name":null},{"line":507,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":510,"address":[1287746,1287979,1287302],"length":1,"stats":{"Line":3},"fn_name":null},{"line":511,"address":[1347976,1348313,1342616,1342395],"length":1,"stats":{"Line":2},"fn_name":null},{"line":513,"address":[1348272,1348637,1348403,1348500],"length":1,"stats":{"Line":3},"fn_name":null},{"line":515,"address":[1348564],"length":1,"stats":{"Line":1},"fn_name":null},{"line":518,"address":[1348743,1348600],"length":1,"stats":{"Line":2},"fn_name":null},{"line":519,"address":[1348774],"length":1,"stats":{"Line":1},"fn_name":null},{"line":521,"address":[1349123,1348973],"length":1,"stats":{"Line":1},"fn_name":null},{"line":522,"address":[1348884],"length":1,"stats":{"Line":1},"fn_name":null},{"line":523,"address":[1348911],"length":1,"stats":{"Line":1},"fn_name":null},{"line":526,"address":[1349468,1349741,1349076,1349906,1349613,1350104,1349175],"length":1,"stats":{"Line":2},"fn_name":null},{"line":528,"address":[1349681],"length":1,"stats":{"Line":0},"fn_name":null},{"line":529,"address":[1349852],"length":1,"stats":{"Line":0},"fn_name":null},{"line":530,"address":[1350017],"length":1,"stats":{"Line":0},"fn_name":null},{"line":533,"address":[1349427,1350456],"length":1,"stats":{"Line":2},"fn_name":null},{"line":535,"address":[1350526,1350671,1350769],"length":1,"stats":{"Line":2},"fn_name":null},{"line":536,"address":[1351448,1350735,1350955,1351303],"length":1,"stats":{"Line":2},"fn_name":null},{"line":538,"address":[1351207],"length":1,"stats":{"Line":1},"fn_name":null},{"line":539,"address":[1351805],"length":1,"stats":{"Line":1},"fn_name":null},{"line":540,"address":[1351832,1352000],"length":1,"stats":{"Line":2},"fn_name":null},{"line":543,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":544,"address":[1352058],"length":1,"stats":{"Line":1},"fn_name":null},{"line":547,"address":[1352123],"length":1,"stats":{"Line":1},"fn_name":null},{"line":549,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":550,"address":[1287332],"length":1,"stats":{"Line":4},"fn_name":null},{"line":552,"address":[1352741],"length":1,"stats":{"Line":1},"fn_name":null},{"line":553,"address":[1352902],"length":1,"stats":{"Line":0},"fn_name":null},{"line":554,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":557,"address":[1353218,1353098,1352864],"length":1,"stats":{"Line":2},"fn_name":null},{"line":560,"address":[1353180],"length":1,"stats":{"Line":1},"fn_name":null},{"line":561,"address":[1353426],"length":1,"stats":{"Line":1},"fn_name":null},{"line":564,"address":[1353723,1353628,1353483],"length":1,"stats":{"Line":2},"fn_name":null},{"line":565,"address":[1354121,1353829,1353692,1354266],"length":1,"stats":{"Line":2},"fn_name":null},{"line":567,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":568,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":569,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":572,"address":[1354081,1354708],"length":1,"stats":{"Line":2},"fn_name":null},{"line":573,"address":[1354837],"length":1,"stats":{"Line":1},"fn_name":null},{"line":574,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":575,"address":[1354927],"length":1,"stats":{"Line":0},"fn_name":null},{"line":579,"address":[1355072,1354906],"length":1,"stats":{"Line":2},"fn_name":null},{"line":580,"address":[1355217],"length":1,"stats":{"Line":0},"fn_name":null},{"line":583,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":586,"address":[1355396,1355483],"length":1,"stats":{"Line":2},"fn_name":null},{"line":587,"address":[1355614],"length":1,"stats":{"Line":1},"fn_name":null},{"line":588,"address":[1355848],"length":1,"stats":{"Line":0},"fn_name":null},{"line":591,"address":[1356404,1356645,1356562,1355693,1356727],"length":1,"stats":{"Line":4},"fn_name":null},{"line":592,"address":[1355838,1356241,1355990],"length":1,"stats":{"Line":2},"fn_name":null},{"line":593,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":594,"address":[1355762],"length":1,"stats":{"Line":1},"fn_name":null},{"line":595,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":596,"address":[1355723],"length":1,"stats":{"Line":1},"fn_name":null},{"line":599,"address":[1287353,1287510,1287393,1287535],"length":1,"stats":{"Line":4},"fn_name":null},{"line":600,"address":[1342455,1356876,1357264],"length":1,"stats":{"Line":1},"fn_name":null},{"line":602,"address":[1357142],"length":1,"stats":{"Line":1},"fn_name":null},{"line":604,"address":[1357178],"length":1,"stats":{"Line":1},"fn_name":null},{"line":606,"address":[1357214],"length":1,"stats":{"Line":1},"fn_name":null},{"line":609,"address":[1357680,1358279],"length":1,"stats":{"Line":2},"fn_name":"upgrade\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":614,"address":[1358324],"length":1,"stats":{"Line":1},"fn_name":null},{"line":615,"address":[1358340],"length":1,"stats":{"Line":1},"fn_name":null},{"line":616,"address":[1358376],"length":1,"stats":{"Line":1},"fn_name":null},{"line":617,"address":[1358408],"length":1,"stats":{"Line":1},"fn_name":null},{"line":618,"address":[1358426],"length":1,"stats":{"Line":1},"fn_name":null},{"line":619,"address":[1358542],"length":1,"stats":{"Line":1},"fn_name":null},{"line":620,"address":[1358575],"length":1,"stats":{"Line":1},"fn_name":null},{"line":621,"address":[1358601],"length":1,"stats":{"Line":1},"fn_name":null},{"line":640,"address":[1359199,1359869,1359424,1359471,1359741,1361996,1359168,1360656],"length":1,"stats":{"Line":5},"fn_name":"write\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":641,"address":[1359940],"length":1,"stats":{"Line":1},"fn_name":null},{"line":645,"address":[1359974],"length":1,"stats":{"Line":1},"fn_name":null},{"line":648,"address":[1360020,1360140],"length":1,"stats":{"Line":2},"fn_name":null},{"line":649,"address":[1360173],"length":1,"stats":{"Line":1},"fn_name":null},{"line":650,"address":[1360357],"length":1,"stats":{"Line":0},"fn_name":null},{"line":655,"address":[1360299,1360531],"length":1,"stats":{"Line":2},"fn_name":null},{"line":658,"address":[1360624,1360750,1360904],"length":1,"stats":{"Line":2},"fn_name":null},{"line":660,"address":[1361434,1359690,1360847,1361125,1359613],"length":1,"stats":{"Line":3},"fn_name":null},{"line":661,"address":[1359631,1361796,1361403,1361531],"length":1,"stats":{"Line":2},"fn_name":null},{"line":663,"address":[1361758],"length":1,"stats":{"Line":1},"fn_name":null},{"line":666,"address":[1362064,1362320,1362079,1362526,1362984,1362725,1362355],"length":1,"stats":{"Line":4},"fn_name":"read\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":667,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":668,"address":[1283218],"length":1,"stats":{"Line":4},"fn_name":null},{"line":670,"address":[1363301],"length":1,"stats":{"Line":1},"fn_name":null},{"line":671,"address":[1363411],"length":1,"stats":{"Line":0},"fn_name":null},{"line":672,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":675,"address":[1363594,1363382,1363790],"length":1,"stats":{"Line":2},"fn_name":null},{"line":677,"address":[1363949,1363775],"length":1,"stats":{"Line":2},"fn_name":null},{"line":680,"address":[1363957],"length":1,"stats":{"Line":1},"fn_name":null},{"line":681,"address":[1364001],"length":1,"stats":{"Line":1},"fn_name":null},{"line":684,"address":[1364051],"length":1,"stats":{"Line":1},"fn_name":null},{"line":685,"address":[1364154],"length":1,"stats":{"Line":1},"fn_name":null},{"line":686,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":687,"address":[1364360],"length":1,"stats":{"Line":0},"fn_name":null},{"line":691,"address":[1364250],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":206,"coverable":284},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod ca_pool;\npub mod error;\npub mod handshake_stream;\npub mod pki;\npub mod protocol;\npub mod util;\n#[macro_use]\npub mod log;\n","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","log.rs"],"content":"#[macro_export]\nmacro_rules! danger_trace {\n    // trace!(target: \"my_target\", key1 = 42, key2 = true; \"a {} event\", \"log\")\n    // trace!(target: \"my_target\", \"a {} event\", \"log\")\n    (target: $target:expr, $($arg:tt)+) =\u003e {\n        if std::env::var(\"E3PF_SUPER_DANGEROUS_VERY_VERBOSE_DEBUGGING_LOGGING\") == Ok(\"enabled\".to_string()) \u0026\u0026 cfg!(debug_assertions) {\n            log::trace!(target: $target, $($arg)+)\n        }\n    };\n\n    // trace!(\"a {} event\", \"log\")\n    ($($arg:tt)+) =\u003e {\n        if std::env::var(\"E3PF_SUPER_DANGEROUS_VERY_VERBOSE_DEBUGGING_LOGGING\") == Ok(\"enabled\".to_string()) \u0026\u0026 cfg!(debug_assertions) {\n            log::trace!($($arg)+)\n        }\n    }\n}\n","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\nuse crate::util::{pretty_print_date, u64_to_st, verifying_key};\nuse ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\nuse sha2::{Digest, Sha256};\nuse std::collections::HashMap;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse std::time::SystemTime;\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub const EPFPKI_SELF_SIGNED_CERTIFICATE: \u0026str =\n    \"0000000000000000000000000000000000000000000000000000000000000000\";\n\npub type EpfPublicKey = VerifyingKey;\npub type EpfPrivateKey = SigningKey;\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH],\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub claims: HashMap\u003cString, String\u003e,\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e\n    where\n        Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized;\n}\n\npub fn fingerprint(cert: \u0026EPFCertificateDetails) -\u003e Result\u003cString, rmp_serde::encode::Error\u003e {\n    let cert_bytes = rmp_serde::to_vec(cert)?;\n    let mut hasher = Sha256::new();\n    hasher.update(cert_bytes);\n    let hash = hasher.finalize();\n    Ok(hex::encode(hash))\n}\n\n#[derive(Debug)]\npub enum EpfPkiCertificateValidationError {\n    NoLongerValid { expired_at: SystemTime },\n    NotValidYet { valid_at: SystemTime },\n    InvalidCertificateData { e: rmp_serde::encode::Error },\n    FingerprintDoesNotMatch { expected: String, got: String },\n    InvalidSignature { e: SignatureError },\n    ExpiresAfterSigner,\n    ValidAfterSigner,\n}\n\nimpl Display for EpfPkiCertificateValidationError {\n    #[cfg_attr(tarpaulin, ignore)]\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfPkiCertificateValidationError::NoLongerValid { expired_at } =\u003e write!(\n                f,\n                \"Certificate no longer valid (expired at {})\",\n                pretty_print_date(expired_at)\n            ),\n            EpfPkiCertificateValidationError::NotValidYet { valid_at } =\u003e write!(\n                f,\n                \"Certificate not valid yet (valid at {})\",\n                pretty_print_date(valid_at)\n            ),\n            EpfPkiCertificateValidationError::InvalidCertificateData { e } =\u003e {\n                write!(f, \"Unable to serialize cert data: {}\", e)\n            }\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } =\u003e write!(\n                f,\n                \"Fingerprint mismatch (expected {}, got {})\",\n                expected, got\n            ),\n            EpfPkiCertificateValidationError::InvalidSignature { e } =\u003e {\n                write!(f, \"Certificate validation error: {}\", e)\n            }\n            EpfPkiCertificateValidationError::ExpiresAfterSigner =\u003e {\n                write!(f, \"Certificate expires after it's signing certificate\")\n            }\n            EpfPkiCertificateValidationError::ValidAfterSigner =\u003e write!(\n                f,\n                \"Certificate is valid longer than it's signing certificate\"\n            ),\n        }\n    }\n}\n\npub trait EpfPkiCertificateOps {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e;\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    fn verify_with_time(\n        \u0026self,\n        time: SystemTime,\n        ca_pool: \u0026EpfCaPool,\n    ) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n}\nimpl EpfPkiCertificateOps for EPFCertificate {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e {\n        self.fingerprint = fingerprint(\u0026self.details)?;\n        Ok(())\n    }\n\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        self.recalculate_fingerprint()?;\n\n        self.details.issuer_public_key = *private_key.verifying_key().as_bytes();\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)?;\n\n        let signature = private_key.sign(\u0026cert_data_bytes).to_vec();\n\n        self.signature = signature.try_into().unwrap();\n\n        self.recalculate_fingerprint()?;\n\n        Ok(())\n    }\n\n    fn verify_with_time(\n        \u0026self,\n        time: SystemTime,\n        ca_pool: \u0026EpfCaPool,\n    ) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        // Is it expired\n        if u64_to_st(self.details.not_after) \u003c time {\n            return Err(EpfPkiCertificateValidationError::NoLongerValid {\n                expired_at: u64_to_st(self.details.not_after),\n            });\n        }\n\n        // Is it valid yet\n        if u64_to_st(self.details.not_before) \u003e time {\n            return Err(EpfPkiCertificateValidationError::NotValidYet {\n                valid_at: u64_to_st(self.details.not_before),\n            });\n        }\n\n        let fingerprint_on_cert = fingerprint(\u0026self.details)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidCertificateData { e })?;\n\n        // Does the fingerprint match\n        if fingerprint_on_cert != self.fingerprint {\n            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch {\n                expected: self.fingerprint.clone(),\n                got: fingerprint_on_cert,\n            });\n        }\n\n        // Does the signature match\n        let signature = Signature::from_slice(\u0026self.signature)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?;\n\n        let is_self_signed;\n\n        let public_key = if self.details.issuer_public_key == self.details.public_key {\n            // self-signed certificate\n            is_self_signed = true;\n            verifying_key(\u0026self.details.public_key)\n        } else {\n            is_self_signed = false;\n            verifying_key(\u0026self.details.issuer_public_key)\n        };\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidCertificateData { e })?;\n\n        public_key\n            .verify(\u0026cert_data_bytes, \u0026signature)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?;\n\n        // Signature OK\n\n        // Is the signer trusted?\n        let ca_cert = if is_self_signed {\n            if let Some(cert) = ca_pool.get_ca(\u0026verifying_key(\u0026self.details.public_key)) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        } else if let Some(cert) = ca_pool.get_ca(\u0026verifying_key(\u0026self.details.issuer_public_key)) {\n            cert\n        } else {\n            return Ok(false);\n        };\n        // Yes.\n        // Make sure this cert wasnt valid before the CA\n        if ca_cert.details.not_after \u003c self.details.not_after {\n            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        }\n        // Make sure this cert isnt valid after the root\n        if ca_cert.details.not_before \u003e self.details.not_before {\n            return Err(EpfPkiCertificateValidationError::ValidAfterSigner);\n        }\n\n        // Cert OK\n\n        Ok(true)\n    }\n\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        self.verify_with_time(SystemTime::now(), ca_pool)\n    }\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(\n            f,\n            \"\\t\\tNot Before: {}\",\n            pretty_print_date(\u0026u64_to_st(self.details.not_before))\n        )?;\n        writeln!(\n            f,\n            \"\\t\\tNot After: {}\",\n            pretty_print_date(\u0026u64_to_st(self.details.not_after))\n        )?;\n        writeln!(\n            f,\n            \"\\t\\tPublic Key: {}\",\n            hex::encode(self.details.public_key)\n        )?;\n        writeln!(\n            f,\n            \"\\t\\tIssuer Fingerprint: {}\",\n            hex::encode(self.details.issuer_public_key)\n        )?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(\n            pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes_pki()?))\n                .as_bytes()\n                .to_vec(),\n        )\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized,\n    {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into());\n        }\n        Ok(Self::from_bytes_pki(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.as_bytes().to_vec())\n    }\n\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes\n            .try_into()\n            .map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(\n            pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes().to_vec()))\n                .as_bytes()\n                .to_vec(),\n        )\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized,\n    {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into());\n        }\n        Ok(Self::from_bytes(\n            pem.contents()\n                .try_into()\n                .map_err(|_| -\u003e Box\u003cdyn Error\u003e { \"Wrong size\".into() })?,\n        )?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_keypair_bytes().to_vec())\n    }\n\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes\n            .try_into()\n            .map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(\n            pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes_pki()?))\n                .as_bytes()\n                .to_vec(),\n        )\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized,\n    {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into());\n        }\n        Ok(Self::from_keypair_bytes(\n            pem.contents()\n                .try_into()\n                .map_err(|_| -\u003e Box\u003cdyn Error\u003e { \"Wrong size\".into() })?,\n        )?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::pki::{\n        EPFCertificate, EPFCertificateDetails, EpfPkiCertificateOps,\n        EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey,\n        EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH,\n    };\n    use crate::util::{signing_key, verifying_key};\n    use ed25519_dalek::{SignatureError, SigningKey};\n    use hex_literal::hex;\n    use rand::rngs::OsRng;\n    use std::collections::HashMap;\n    use std::time::{SystemTime, UNIX_EPOCH};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes_pki().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(\n            EPFCertificate::from_bytes_pki(\u0026cert_bytes()).unwrap(),\n            cert()\n        )\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(\n            (verifying_key(\u0026[0u8; 32])).as_bytes_pki().unwrap(),\n            [0u8; 32].to_vec()\n        )\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(\n            EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(),\n            verifying_key(\u0026[0u8; 32])\n        )\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(\n            (verifying_key(\u0026[0u8; 32])).as_pem().unwrap(),\n            null_public_key_pem()\n        )\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(\n            EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(),\n            verifying_key(\u0026[0u8; 32])\n        )\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        let priv_key_data = hex!(\"00000000000000000000000000000000000000000000000000000000000000003B6A27BCCEB6A42D62A3A8D02A6F0D73653215771DE243A63AC048A18B59DA29\");\n        assert_eq!(\n            (signing_key(\u0026priv_key_data)).as_bytes_pki().unwrap(),\n            priv_key_data.to_vec()\n        )\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        let priv_key = EpfPrivateKey::generate(\u0026mut OsRng);\n\n        assert_eq!(\n            priv_key.to_keypair_bytes(),\n            signing_key(\u0026priv_key.to_keypair_bytes()).to_keypair_bytes()\n        )\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        let priv_key_data = hex!(\"00000000000000000000000000000000000000000000000000000000000000003B6A27BCCEB6A42D62A3A8D02A6F0D73653215771DE243A63AC048A18B59DA29\");\n\n        assert_eq!(\n            (signing_key(\u0026priv_key_data)).as_pem().unwrap(),\n            null_private_key_pem()\n        )\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        let priv_key_data = hex!(\"00000000000000000000000000000000000000000000000000000000000000003B6A27BCCEB6A42D62A3A8D02A6F0D73653215771DE243A63AC048A18B59DA29\");\n\n        assert_eq!(\n            EpfPrivateKey::from_pem(\u0026null_private_key_pem())\n                .unwrap()\n                .to_keypair_bytes(),\n            signing_key(\u0026priv_key_data).to_keypair_bytes()\n        )\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        assert_eq!(\n            EpfPrivateKey::from_pem(\u0026null_public_key_pem())\n                .unwrap()\n                .to_keypair_bytes(),\n            signing_key(\u0026[0u8; 64]).to_keypair_bytes()\n        )\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    pub fn cert_fingerprinting() {\n        let mut cert = cert();\n        cert.recalculate_fingerprint().unwrap();\n        assert_eq!(\n            cert.fingerprint,\n            \"922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf\"\n        );\n    }\n\n    #[test]\n    pub fn cert_validation() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        println!(\"{}\", ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).is_err());\n\n        ca_cert.sign(\u0026private_key).unwrap();\n\n        assert!(!ca_cert.verify(\u0026ca_pool).unwrap());\n\n        ca_pool.insert(\u0026ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).unwrap());\n\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key).unwrap();\n        assert!(not_ca_cert.verify(\u0026ca_pool).unwrap());\n    }\n\n    #[test]\n    pub fn certificate_verification_expired() {\n        let expired_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Expired\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs(),\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(\n            expired_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::NoLongerValid { .. }\n        ))\n    }\n\n    #[test]\n    pub fn certificate_verification_fingerprint_does_not_match() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut fingerprint_does_not_match_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Fingerprint Non Matching\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        fingerprint_does_not_match_cert.sign(\u0026private_key).unwrap();\n\n        fingerprint_does_not_match_cert.fingerprint = \"0\".to_string();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(fingerprint_does_not_match_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::FingerprintDoesNotMatch { .. }));\n    }\n\n    #[test]\n    pub fn certificate_verification_invalid_signature() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut fingerprint_does_not_match_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Fingerprint Non Matching\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        fingerprint_does_not_match_cert.sign(\u0026private_key).unwrap();\n\n        fingerprint_does_not_match_cert.signature = [0u8; 64];\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(fingerprint_does_not_match_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::InvalidSignature { .. }));\n    }\n\n    #[test]\n    pub fn certificate_verification_not_valid_yet() {\n        let not_yet_valid_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Yet Valid\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(\n            not_yet_valid_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::NotValidYet { .. }\n        ))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_trusted() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut not_trusted_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Trusted\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        not_trusted_cert.sign(\u0026private_key).unwrap();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(!not_trusted_cert.verify(\u0026ca_pool).unwrap());\n    }\n\n    #[test]\n    pub fn cert_validation_expires_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 120,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key).unwrap();\n        assert!(matches!(\n            not_ca_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::ExpiresAfterSigner\n        ));\n    }\n\n    #[test]\n    pub fn cert_validation_valid_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 200,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 10,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key).unwrap();\n        assert!(matches!(\n            not_ca_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::ValidAfterSigner\n        ));\n    }\n\n    #[test]\n    pub fn verifying_error_display() {\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::NoLongerValid {\n                expired_at: SystemTime::now()\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::NotValidYet {\n                valid_at: SystemTime::now()\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::InvalidCertificateData {\n                e: rmp_serde::encode::Error::UnknownLength\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch {\n                expected: \"\".to_string(),\n                got: \"\".to_string()\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::InvalidSignature {\n                e: SignatureError::new()\n            }\n        );\n        println!(\"{}\", EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        println!(\"{}\", EpfPkiCertificateValidationError::ValidAfterSigner);\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                claims: HashMap::new(),\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\"\n                .to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![\n            147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103,\n            32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,\n            48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,\n            48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,\n            48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n        ]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![\n            45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73,\n            67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87,\n            120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110,\n            82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119,\n            65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65,\n            65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77,\n            68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77,\n            68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13,\n            10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65,\n            119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13,\n            10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67,\n            65, 84, 69, 45, 45, 45, 45, 45, 13, 10,\n        ]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![\n            45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32,\n            75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69,\n            80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10,\n        ]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![\n            45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69,\n            32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 55, 97, 105, 101, 56, 122, 114, 97, 107, 76,\n            87, 75, 106, 113, 78, 65, 113, 98, 119, 49, 122, 13, 10, 90, 84, 73, 86, 100, 120, 51,\n            105, 81, 54, 89, 54, 119, 69, 105, 104, 105, 49, 110, 97, 75, 81, 61, 61, 13, 10, 45,\n            45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69,\n            89, 45, 45, 45, 45, 45, 13, 10,\n        ]\n    }\n}\n","traces":[{"line":57,"address":[596799,596144,596830],"length":1,"stats":{"Line":1},"fn_name":"fingerprint"},{"line":58,"address":[596306,596168],"length":1,"stats":{"Line":3},"fn_name":null},{"line":59,"address":[596292],"length":1,"stats":{"Line":3},"fn_name":null},{"line":60,"address":[596492],"length":1,"stats":{"Line":1},"fn_name":null},{"line":61,"address":[596549],"length":1,"stats":{"Line":3},"fn_name":null},{"line":62,"address":[596684],"length":1,"stats":{"Line":1},"fn_name":null},{"line":78,"address":[596848,597755],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":79,"address":[596881],"length":1,"stats":{"Line":1},"fn_name":null},{"line":80,"address":[597781,596952,596917],"length":1,"stats":{"Line":2},"fn_name":null},{"line":83,"address":[596942],"length":1,"stats":{"Line":1},"fn_name":null},{"line":85,"address":[596981,597016,597587],"length":1,"stats":{"Line":2},"fn_name":null},{"line":88,"address":[597006],"length":1,"stats":{"Line":1},"fn_name":null},{"line":90,"address":[597045],"length":1,"stats":{"Line":1},"fn_name":null},{"line":91,"address":[597057],"length":1,"stats":{"Line":1},"fn_name":null},{"line":93,"address":[597158],"length":1,"stats":{"Line":1},"fn_name":null},{"line":98,"address":[597339],"length":1,"stats":{"Line":1},"fn_name":null},{"line":99,"address":[597351],"length":1,"stats":{"Line":1},"fn_name":null},{"line":102,"address":[597444],"length":1,"stats":{"Line":1},"fn_name":null},{"line":104,"address":[597508],"length":1,"stats":{"Line":1},"fn_name":null},{"line":123,"address":[597952,598295],"length":1,"stats":{"Line":1},"fn_name":"recalculate_fingerprint"},{"line":124,"address":[597982,598271,598342],"length":1,"stats":{"Line":4},"fn_name":null},{"line":125,"address":[598378],"length":1,"stats":{"Line":1},"fn_name":null},{"line":128,"address":[598400,599460],"length":1,"stats":{"Line":1},"fn_name":"sign"},{"line":129,"address":[598692,598439],"length":1,"stats":{"Line":3},"fn_name":null},{"line":131,"address":[598496],"length":1,"stats":{"Line":2},"fn_name":null},{"line":133,"address":[598894,598623,598798],"length":1,"stats":{"Line":3},"fn_name":null},{"line":135,"address":[599052,598862],"length":1,"stats":{"Line":3},"fn_name":null},{"line":137,"address":[599098],"length":1,"stats":{"Line":2},"fn_name":null},{"line":139,"address":[599243,599327],"length":1,"stats":{"Line":1},"fn_name":null},{"line":141,"address":[599299],"length":1,"stats":{"Line":2},"fn_name":null},{"line":144,"address":[602109,601856,599488],"length":1,"stats":{"Line":1},"fn_name":"verify_with_time"},{"line":150,"address":[599540],"length":1,"stats":{"Line":1},"fn_name":null},{"line":151,"address":[599670],"length":1,"stats":{"Line":1},"fn_name":null},{"line":152,"address":[599653],"length":1,"stats":{"Line":1},"fn_name":null},{"line":157,"address":[599593],"length":1,"stats":{"Line":2},"fn_name":null},{"line":158,"address":[599836],"length":1,"stats":{"Line":1},"fn_name":null},{"line":159,"address":[599819],"length":1,"stats":{"Line":1},"fn_name":null},{"line":163,"address":[600049,599724,599891],"length":1,"stats":{"Line":4},"fn_name":null},{"line":164,"address":[599992],"length":1,"stats":{"Line":0},"fn_name":null},{"line":167,"address":[599963,600130],"length":1,"stats":{"Line":4},"fn_name":null},{"line":168,"address":[600260],"length":1,"stats":{"Line":2},"fn_name":null},{"line":169,"address":[600173],"length":1,"stats":{"Line":2},"fn_name":null},{"line":170,"address":[600204],"length":1,"stats":{"Line":2},"fn_name":null},{"line":175,"address":[600768,600141,600421],"length":1,"stats":{"Line":6},"fn_name":null},{"line":176,"address":[600640],"length":1,"stats":{"Line":0},"fn_name":null},{"line":180,"address":[600799,600606],"length":1,"stats":{"Line":6},"fn_name":null},{"line":182,"address":[600842],"length":1,"stats":{"Line":1},"fn_name":null},{"line":183,"address":[600850],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[600810],"length":1,"stats":{"Line":2},"fn_name":null},{"line":186,"address":[600818,600895],"length":1,"stats":{"Line":4},"fn_name":null},{"line":189,"address":[601198,600876,600913],"length":1,"stats":{"Line":4},"fn_name":null},{"line":190,"address":[601070],"length":1,"stats":{"Line":0},"fn_name":null},{"line":192,"address":[601538,601279],"length":1,"stats":{"Line":4},"fn_name":null},{"line":193,"address":[601033],"length":1,"stats":{"Line":3},"fn_name":null},{"line":194,"address":[601410],"length":1,"stats":{"Line":3},"fn_name":null},{"line":199,"address":[601386,601891,601726],"length":1,"stats":{"Line":6},"fn_name":null},{"line":200,"address":[601616],"length":1,"stats":{"Line":1},"fn_name":null},{"line":201,"address":[601718],"length":1,"stats":{"Line":1},"fn_name":null},{"line":203,"address":[601733],"length":1,"stats":{"Line":1},"fn_name":null},{"line":205,"address":[601589,601867,601800],"length":1,"stats":{"Line":6},"fn_name":null},{"line":208,"address":[601901],"length":1,"stats":{"Line":1},"fn_name":null},{"line":212,"address":[601754],"length":1,"stats":{"Line":2},"fn_name":null},{"line":213,"address":[601953],"length":1,"stats":{"Line":1},"fn_name":null},{"line":216,"address":[601922],"length":1,"stats":{"Line":2},"fn_name":null},{"line":217,"address":[602028],"length":1,"stats":{"Line":1},"fn_name":null},{"line":222,"address":[601993],"length":1,"stats":{"Line":1},"fn_name":null},{"line":225,"address":[602128],"length":1,"stats":{"Line":1},"fn_name":"verify"},{"line":226,"address":[602161],"length":1,"stats":{"Line":1},"fn_name":null},{"line":232,"address":[602208,603172],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":233,"address":[602454,602247],"length":1,"stats":{"Line":1},"fn_name":null},{"line":234,"address":[602642,602348],"length":1,"stats":{"Line":2},"fn_name":null},{"line":235,"address":[602504,602768],"length":1,"stats":{"Line":2},"fn_name":null},{"line":236,"address":[602741,602855,603118],"length":1,"stats":{"Line":3},"fn_name":null},{"line":239,"address":[602677],"length":1,"stats":{"Line":2},"fn_name":null},{"line":241,"address":[603497,603094,603252],"length":1,"stats":{"Line":4},"fn_name":null},{"line":244,"address":[603036],"length":1,"stats":{"Line":2},"fn_name":null},{"line":246,"address":[603605,603476,603850],"length":1,"stats":{"Line":4},"fn_name":null},{"line":249,"address":[603421],"length":1,"stats":{"Line":2},"fn_name":null},{"line":251,"address":[603958,604222,603829],"length":1,"stats":{"Line":4},"fn_name":null},{"line":254,"address":[603774],"length":1,"stats":{"Line":2},"fn_name":null},{"line":256,"address":[604116,604421],"length":1,"stats":{"Line":2},"fn_name":null},{"line":257,"address":[604284,604555],"length":1,"stats":{"Line":2},"fn_name":null},{"line":258,"address":[604582,604456,604867],"length":1,"stats":{"Line":2},"fn_name":null},{"line":259,"address":[604794],"length":1,"stats":{"Line":2},"fn_name":null},{"line":266,"address":[604928],"length":1,"stats":{"Line":1},"fn_name":"as_bytes_pki"},{"line":267,"address":[604945],"length":1,"stats":{"Line":1},"fn_name":null},{"line":270,"address":[604960],"length":1,"stats":{"Line":1},"fn_name":"from_bytes_pki"},{"line":274,"address":[605557,605008,605584],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":276,"address":[605495,605432,605033],"length":1,"stats":{"Line":3},"fn_name":null},{"line":282,"address":[606265,605600],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":286,"address":[605881,605633],"length":1,"stats":{"Line":2},"fn_name":null},{"line":287,"address":[605852,606026],"length":1,"stats":{"Line":4},"fn_name":null},{"line":288,"address":[606108],"length":1,"stats":{"Line":1},"fn_name":null},{"line":290,"address":[606204,606387,606291,606082],"length":1,"stats":{"Line":3},"fn_name":null},{"line":297,"address":[713856],"length":1,"stats":{"Line":1},"fn_name":"as_bytes_pki"},{"line":298,"address":[713886],"length":1,"stats":{"Line":1},"fn_name":null},{"line":301,"address":[713968],"length":1,"stats":{"Line":0},"fn_name":"from_bytes_pki"},{"line":302,"address":[714050,714010],"length":1,"stats":{"Line":0},"fn_name":null},{"line":304,"address":[714034],"length":1,"stats":{"Line":0},"fn_name":null},{"line":307,"address":[714096,714399,714434],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":309,"address":[714337,714134,714272],"length":1,"stats":{"Line":3},"fn_name":null},{"line":315,"address":[714464,715145],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":319,"address":[714497,714745],"length":1,"stats":{"Line":2},"fn_name":null},{"line":320,"address":[714716,714890],"length":1,"stats":{"Line":4},"fn_name":null},{"line":321,"address":[714972],"length":1,"stats":{"Line":1},"fn_name":null},{"line":323,"address":[715195,715307,715493],"length":1,"stats":{"Line":2},"fn_name":null},{"line":324,"address":[715171,715057,715239,714946],"length":1,"stats":{"Line":3},"fn_name":null},{"line":326,"address":[715207],"length":1,"stats":{"Line":0},"fn_name":null},{"line":334,"address":[848240],"length":1,"stats":{"Line":1},"fn_name":"as_bytes_pki"},{"line":335,"address":[848259],"length":1,"stats":{"Line":1},"fn_name":null},{"line":338,"address":[848352],"length":1,"stats":{"Line":0},"fn_name":"from_bytes_pki"},{"line":339,"address":[848394,848434],"length":1,"stats":{"Line":0},"fn_name":null},{"line":341,"address":[848418],"length":1,"stats":{"Line":0},"fn_name":null},{"line":344,"address":[848480,849056,849029],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":346,"address":[848505,848904,848967],"length":1,"stats":{"Line":3},"fn_name":null},{"line":352,"address":[849072,849749],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":356,"address":[849105,849353],"length":1,"stats":{"Line":1},"fn_name":null},{"line":357,"address":[849324,849498],"length":1,"stats":{"Line":4},"fn_name":null},{"line":358,"address":[849580],"length":1,"stats":{"Line":1},"fn_name":null},{"line":360,"address":[850097,849799,849911],"length":1,"stats":{"Line":2},"fn_name":null},{"line":361,"address":[849775,849843,849665,849554],"length":1,"stats":{"Line":3},"fn_name":null},{"line":363,"address":[849811],"length":1,"stats":{"Line":0},"fn_name":null}],"covered":111,"coverable":122},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","protocol.rs"],"content":"use crate::pki::{EPFCertificate, EPFPKI_PUBLIC_KEY_LENGTH};\n\nuse serde::{Deserialize, Serialize};\nuse std::error::Error;\nuse tokio::io::AsyncReadExt;\n\npub const PROTOCOL_VERSION: u32 = 1;\n\n#[derive(Serialize, Deserialize, Clone)]\npub struct EpfMessage {\n    pub packet_id: u32,\n    pub packet_data: Vec\u003cu8\u003e,\n}\n\npub const PACKET_CLIENT_HELLO: u32 = 1;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfClientHello {\n    pub protocol_version: u32,\n    pub client_random: [u8; 24],\n    pub client_certificate: Option\u003cEPFCertificate\u003e,\n    pub client_x25519_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n}\n\npub const PACKET_SERVER_HELLO: u32 = 2;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfServerHello {\n    pub protocol_version: u32,\n    pub server_certificate: EPFCertificate,\n    pub server_random: [u8; 16],\n    pub server_x25519_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n}\n\npub const PACKET_FINISHED: u32 = 3;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfFinished {\n    pub protocol_version: u32,\n    pub encrypted_0x42: Vec\u003cu8\u003e,\n}\n\npub const PACKET_APPLICATION_DATA: u32 = 4;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfApplicationData {\n    pub protocol_version: u32,\n    pub encrypted_application_data: Vec\u003cu8\u003e,\n    pub nonce: [u8; 24],\n}\n\n#[derive(Clone)]\npub enum EpfClientState {\n    NotStarted,\n    WaitingForServerHello,\n    WaitingForFinished,\n    Transport,\n    Closed,\n}\n\n#[derive(Clone)]\npub enum EpfServerState {\n    WaitingForClientHello,\n    WaitingForFinished,\n    Transport,\n    Closed,\n}\n\npub fn encode_packet\u003cT: Serialize\u003e(\n    id: u32,\n    packet: \u0026T,\n) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n    let message_data = rmp_serde::to_vec(packet)?;\n    let message_wrapper = EpfMessage {\n        packet_id: id,\n        packet_data: message_data,\n    };\n    let mut packet_data = rmp_serde::to_vec(\u0026message_wrapper)?;\n\n    let mut packet = (packet_data.len() as u64).to_le_bytes().to_vec();\n    // Packet: 8-byte little-endian length prefix, packet data\n    packet.append(\u0026mut packet_data);\n    Ok(packet)\n}\n\npub async fn recv_packet\u003cC: AsyncReadExt + Unpin\u003e(\n    stream: \u0026mut C,\n) -\u003e Result\u003cEpfMessage, Box\u003cdyn Error\u003e\u003e {\n    let packet_length = stream.read_u64_le().await?;\n\n    let mut packet_data_buf = vec![0u8; packet_length as usize];\n    stream.read_exact(\u0026mut packet_data_buf).await?;\n    let message: EpfMessage = rmp_serde::from_slice(\u0026packet_data_buf)?;\n    Ok(message)\n}\n","traces":[{"line":69,"address":[1482105,1482066,1480946,1481024,1479904,1478706,1478784,1477664,1479826,1480985,1478745,1479865],"length":1,"stats":{"Line":4},"fn_name":"encode_packet\u003clibepf::protocol::EpfServerHello\u003e"},{"line":73,"address":[1479060,1479952,1481072,1477712,1477940,1478832,1480180,1481300],"length":1,"stats":{"Line":4},"fn_name":null},{"line":78,"address":[1481505,1478274,1479394,1479265,1480165,1477925,1480385,1480514,1481285,1481634,1478145,1479045],"length":1,"stats":{"Line":8},"fn_name":null},{"line":80,"address":[1478242,1480482,1478481,1479362,1480721,1481841,1479601,1481602],"length":1,"stats":{"Line":8},"fn_name":null},{"line":82,"address":[1481928,1480808,1479688,1478568],"length":1,"stats":{"Line":4},"fn_name":null},{"line":83,"address":[1481984,1479744,1478624,1480864],"length":1,"stats":{"Line":4},"fn_name":null},{"line":86,"address":[1482144],"length":1,"stats":{"Line":1},"fn_name":"recv_packet\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":89,"address":[1482289,1482405,1482339,1482570,1482808],"length":1,"stats":{"Line":4},"fn_name":null},{"line":91,"address":[1482786],"length":1,"stats":{"Line":1},"fn_name":null},{"line":92,"address":[1482354,1483298,1483033,1482927],"length":1,"stats":{"Line":2},"fn_name":null},{"line":93,"address":[1483269,1483592,1483419],"length":1,"stats":{"Line":2},"fn_name":null},{"line":94,"address":[1483505],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":12,"coverable":12},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","util.rs"],"content":"use chrono::{DateTime, Utc};\nuse ed25519_dalek::{SigningKey, VerifyingKey};\nuse std::ops::Add;\nuse std::time::{Duration, SystemTime};\n\npub fn pretty_print_date(date: \u0026SystemTime) -\u003e String {\n    let datetime: DateTime\u003cUtc\u003e = (*date).into();\n    datetime.format(\"%Y-%m-%dT%H:%M:%S%.f%:z\").to_string()\n}\n\npub fn u64_to_st(unix: u64) -\u003e SystemTime {\n    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))\n}\n\npub fn verifying_key(key: \u0026[u8; 32]) -\u003e VerifyingKey {\n    VerifyingKey::from_bytes(key).unwrap()\n}\npub fn signing_key(key: \u0026[u8; 64]) -\u003e SigningKey {\n    SigningKey::from_keypair_bytes(key).unwrap()\n}\n","traces":[{"line":6,"address":[1403744,1403899],"length":1,"stats":{"Line":2},"fn_name":"pretty_print_date"},{"line":7,"address":[1403772],"length":1,"stats":{"Line":2},"fn_name":null},{"line":8,"address":[1403798],"length":1,"stats":{"Line":2},"fn_name":null},{"line":11,"address":[1403936],"length":1,"stats":{"Line":1},"fn_name":"u64_to_st"},{"line":12,"address":[1403945],"length":1,"stats":{"Line":1},"fn_name":null},{"line":15,"address":[1404000],"length":1,"stats":{"Line":1},"fn_name":"verifying_key"},{"line":16,"address":[1404025],"length":1,"stats":{"Line":2},"fn_name":null},{"line":18,"address":[1404080],"length":1,"stats":{"Line":1},"fn_name":"signing_key"},{"line":19,"address":[1404105],"length":1,"stats":{"Line":2},"fn_name":null}],"covered":9,"coverable":9}]};
+        var previousData = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","ca_pool.rs"],"content":"use crate::pki::{EPFCertificate, EpfPkiSerializable, EpfPublicKey};\nuse crate::util::verifying_key;\n\nuse std::collections::HashMap;\nuse std::error::Error;\nuse std::ffi::OsStr;\nuse std::fmt::{Display, Formatter};\nuse std::fs;\n\npub struct EpfCaPool {\n    pub ca_lookup_table: HashMap\u003cEpfPublicKey, EPFCertificate\u003e,\n}\n\npub trait EpfCaPoolOps {\n    fn new() -\u003e Self;\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e;\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate);\n}\n\nimpl EpfCaPoolOps for EpfCaPool {\n    fn new() -\u003e Self {\n        Self {\n            ca_lookup_table: HashMap::new(),\n        }\n    }\n\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e {\n        self.ca_lookup_table.get(public_key)\n    }\n\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate) {\n        self.ca_lookup_table\n            .insert(verifying_key(\u0026cert.details.public_key), cert.clone());\n    }\n}\n\n#[derive(Debug)]\npub enum EpfCaPoolLoaderError {\n    CertDirDoesNotExist(String),\n}\nimpl Display for EpfCaPoolLoaderError {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfCaPoolLoaderError::CertDirDoesNotExist(d) =\u003e {\n                write!(f, \"Certificate dir does not exist: {}\", d)\n            }\n        }\n    }\n}\nimpl Error for EpfCaPoolLoaderError {}\n\n#[cfg(unix)]\n#[cfg(not(tarpaulin))]\npub fn load_ca_pool() -\u003e Result\u003cEpfCaPool, Box\u003cdyn Error\u003e\u003e {\n    let mut cert_strings = vec![];\n\n    for entry in fs::read_dir(\"/etc/e3pf/certs\")? {\n        let entry = entry?;\n        if entry.path().extension() == Some(OsStr::new(\".pem\")) {\n            cert_strings.push(fs::read_to_string(entry.path())?);\n        }\n    }\n\n    let mut ca_pool = EpfCaPool::new();\n\n    for cert in cert_strings {\n        ca_pool.insert(\u0026EPFCertificate::from_pem(cert.as_bytes())?);\n    }\n\n    Ok(ca_pool)\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::ca_pool::EpfCaPoolLoaderError;\n\n    #[test]\n    pub fn ca_pool_error_display_test() {\n        println!(\"{}\", EpfCaPoolLoaderError::CertDirDoesNotExist(\"\".to_string()));\n    }\n}","traces":[{"line":21,"address":[1400304],"length":1,"stats":{"Line":4},"fn_name":"new"},{"line":23,"address":[1400318],"length":1,"stats":{"Line":4},"fn_name":null},{"line":27,"address":[1400368],"length":1,"stats":{"Line":1},"fn_name":"get_ca"},{"line":28,"address":[1400382],"length":1,"stats":{"Line":3},"fn_name":null},{"line":31,"address":[1400400],"length":1,"stats":{"Line":3},"fn_name":"insert"},{"line":32,"address":[1400473],"length":1,"stats":{"Line":3},"fn_name":null},{"line":33,"address":[1400433,1400499],"length":1,"stats":{"Line":6},"fn_name":null},{"line":42,"address":[1400528],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":44,"address":[1400547],"length":1,"stats":{"Line":1},"fn_name":null},{"line":45,"address":[1400552],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":10,"coverable":10},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","error.rs"],"content":"use crate::pki::EpfPkiCertificateValidationError;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\n\n#[derive(Debug)]\npub enum EpfHandshakeError {\n    AlreadyTunnelled,\n    UnsupportedProtocolVersion(usize),\n    InvalidCertificate(EpfPkiCertificateValidationError),\n    UntrustedCertificate,\n    EncryptionError,\n    MissingKeyProof,\n}\nimpl Display for EpfHandshakeError {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfHandshakeError::AlreadyTunnelled =\u003e write!(f, \"Already tunneled\"),\n            EpfHandshakeError::UnsupportedProtocolVersion(v) =\u003e {\n                write!(f, \"Unsupported protocol version {}\", v)\n            }\n            EpfHandshakeError::InvalidCertificate(e) =\u003e write!(f, \"Invalid certificate: {}\", e),\n            EpfHandshakeError::UntrustedCertificate =\u003e {\n                write!(f, \"Certificate valid but not trusted\")\n            }\n            EpfHandshakeError::EncryptionError =\u003e write!(f, \"Encryption error\"),\n            EpfHandshakeError::MissingKeyProof =\u003e write!(f, \"Missing key proof\"),\n        }\n    }\n}\nimpl Error for EpfHandshakeError {}\n\n#[cfg(test)]\nmod tests {\n    use crate::error::EpfHandshakeError;\n    use crate::pki::EpfPkiCertificateValidationError;\n\n    #[test]\n    pub fn error_display_test() {\n        println!(\"{}\", EpfHandshakeError::AlreadyTunnelled);\n        println!(\"{}\", EpfHandshakeError::UnsupportedProtocolVersion(0));\n        println!(\"{}\", EpfHandshakeError::InvalidCertificate(EpfPkiCertificateValidationError::ValidAfterSigner));\n        println!(\"{}\", EpfHandshakeError::UntrustedCertificate);\n        println!(\"{}\", EpfHandshakeError::EncryptionError);\n        println!(\"{}\", EpfHandshakeError::MissingKeyProof);\n    }\n}","traces":[{"line":15,"address":[841104],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":16,"address":[841137],"length":1,"stats":{"Line":1},"fn_name":null},{"line":17,"address":[841188],"length":1,"stats":{"Line":1},"fn_name":null},{"line":18,"address":[841254],"length":1,"stats":{"Line":1},"fn_name":null},{"line":19,"address":[841263],"length":1,"stats":{"Line":1},"fn_name":null},{"line":21,"address":[841355],"length":1,"stats":{"Line":1},"fn_name":null},{"line":23,"address":[841459],"length":1,"stats":{"Line":1},"fn_name":null},{"line":25,"address":[841523],"length":1,"stats":{"Line":1},"fn_name":null},{"line":26,"address":[841587],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":9,"coverable":9},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","handshake_stream.rs"],"content":"use crate::ca_pool::{EpfCaPool};\nuse crate::danger_trace;\nuse crate::error::EpfHandshakeError;\nuse crate::pki::{\n    EPFCertificate, EpfPkiCertificateOps, EpfPrivateKey, EpfPublicKey,\n};\nuse crate::protocol::{\n    encode_packet, recv_packet, EpfApplicationData, EpfClientHello, EpfClientState, EpfFinished,\n    EpfMessage, EpfServerHello, EpfServerState, PACKET_APPLICATION_DATA, PACKET_CLIENT_HELLO,\n    PACKET_FINISHED, PACKET_SERVER_HELLO, PROTOCOL_VERSION,\n};\nuse async_trait::async_trait;\nuse chacha20poly1305::aead::{Aead, Payload};\nuse chacha20poly1305::{AeadCore, Key, KeyInit, XChaCha20Poly1305, XNonce};\nuse ed25519_dalek::{SigningKey};\nuse log::{trace};\nuse rand::rngs::OsRng;\nuse rand::Rng;\nuse std::error::Error;\nuse std::io;\nuse tokio::io::{AsyncReadExt, AsyncWriteExt};\nuse x25519_dalek::{PublicKey, StaticSecret};\n\n///// CLIENT /////\n\npub struct EpfClientUpgraded\u003cT: AsyncWriteExt + AsyncReadExt\u003e {\n    inner: T,\n    state: EpfClientState,\n    client_random: [u8; 24],\n    server_random: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    server_cert: Option\u003cEPFCertificate\u003e,\n    cipher: Option\u003cXChaCha20Poly1305\u003e,\n    private_key: EpfPrivateKey,\n    public_key: PublicKey,\n}\n\n#[derive(Debug)]\npub enum ClientAuthentication {\n    Cert(Box\u003cEPFCertificate\u003e, Box\u003cEpfPrivateKey\u003e),\n    Ephemeral,\n}\n\n#[async_trait]\npub trait EpfClientUpgradable {\n    async fn upgrade(self, auth: ClientAuthentication) -\u003e EpfClientUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send;\n}\n\n#[async_trait]\nimpl\u003cT\u003e EpfClientUpgradable for T\nwhere\n    T: AsyncWriteExt + AsyncReadExt + Send,\n{\n    async fn upgrade(self, auth: ClientAuthentication) -\u003e EpfClientUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send,\n    {\n        danger_trace!(target: \"EpfClientUpgradable\", \"upgrade(auth: {:?})\", auth);\n\n        let private_key;\n        let public_key;\n        let cert;\n\n        match auth {\n            ClientAuthentication::Cert(cert_d, key) =\u003e {\n                trace!(\"----!!!!! CERT AUTHENTICATION !!!!!----\");\n                cert = Some(cert_d);\n                private_key = key;\n                public_key = PublicKey::from(\u0026StaticSecret::from(private_key.to_bytes()));\n            }\n            ClientAuthentication::Ephemeral =\u003e {\n                cert = None;\n                let private_key_l: [u8; 32] = OsRng.gen();\n                let private_key_real = SigningKey::from(private_key_l);\n                public_key = PublicKey::from(\u0026StaticSecret::from(private_key_real.to_bytes()));\n                private_key = Box::new(private_key_real);\n            }\n        }\n\n        EpfClientUpgraded {\n            inner: self,\n            state: EpfClientState::NotStarted,\n            client_random: OsRng.gen(),\n            server_random: [0u8; 16],\n            client_cert: cert.map(|u| *u),\n            server_cert: None,\n            packet_queue: vec![],\n            cipher: None,\n            private_key: *private_key,\n            public_key,\n        }\n    }\n}\n\n#[async_trait]\npub trait EpfClientHandshaker\u003cS: AsyncWriteExt + AsyncReadExt + Unpin\u003e {\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    async fn upgrade(self) -\u003e EpfClientStream\u003cS\u003e\n    where\n        Self: Sized;\n}\n\n#[async_trait]\nimpl\u003cT: AsyncWriteExt + AsyncReadExt + Send + Unpin\u003e EpfClientHandshaker\u003cT\u003e\n    for EpfClientUpgraded\u003cT\u003e\n{\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        match self.state {\n            EpfClientState::NotStarted =\u003e (),\n            _ =\u003e return Err(EpfHandshakeError::AlreadyTunnelled.into()),\n        }\n\n        // Step 1: Send Client Hello\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_CLIENT_HELLO,\n                \u0026EpfClientHello {\n                    protocol_version: PROTOCOL_VERSION,\n                    client_random: self.client_random,\n                    client_certificate: self.client_cert.clone(),\n                    client_x25519_public_key: self.public_key.to_bytes(),\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        trace!(\"---- !!!!! SENT CLIENT HELLO\");\n\n        self.state = EpfClientState::WaitingForServerHello;\n\n        let server_x25519_key;\n\n        // Step 2: Wait for Server Hello\n        loop {\n            trace!(\"waiting for server hello\");\n\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_SERVER_HELLO {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let server_hello: EpfServerHello = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            self.server_random = server_hello.server_random;\n\n            if server_hello.protocol_version != PROTOCOL_VERSION {\n                return Err(EpfHandshakeError::UnsupportedProtocolVersion(\n                    server_hello.protocol_version as usize,\n                )\n                .into());\n            }\n\n            self.server_cert = Some(server_hello.server_certificate);\n\n            server_x25519_key = server_hello.server_x25519_public_key;\n\n            break;\n        }\n\n        // Step 3: Validate Server Certificate\n        let cert_valid = self.server_cert.as_ref().unwrap().verify(\u0026cert_pool);\n        if let Err(e) = cert_valid {\n            return Err(EpfHandshakeError::InvalidCertificate(e).into());\n        }\n        if let Ok(false) = cert_valid {\n            return Err(EpfHandshakeError::UntrustedCertificate.into());\n        }\n        // Server Cert OK\n\n        // Step 4: Build the cipher\n\n        let private_key = StaticSecret::from(self.private_key.to_bytes());\n        let their_public_key = PublicKey::from(server_x25519_key);\n\n        assert_ne!(\n            their_public_key.to_bytes(),\n            PublicKey::from(\u0026private_key).to_bytes()\n        );\n\n        danger_trace!(\n            \"pr: {}, their pub: {}, my pub: {}\",\n            hex::encode(self.private_key.to_bytes()),\n            hex::encode(self.server_cert.as_ref().unwrap().details.public_key),\n            hex::encode(self.private_key.verifying_key().to_bytes())\n        );\n\n        let shared_key = private_key.diffie_hellman(\u0026their_public_key).to_bytes();\n\n        trace!(\n            \"server public key: {:x?}\",\n            self.server_cert.as_ref().unwrap().details.public_key\n        );\n        danger_trace!(\"shared key: {}\", hex::encode(shared_key));\n\n        let cc20p1305_key = Key::from(shared_key);\n        let cc20p1305 = XChaCha20Poly1305::new(\u0026cc20p1305_key);\n        self.cipher = Some(cc20p1305);\n\n        let payload = Payload {\n            msg: \u0026[0x42],\n            aad: \u0026self.server_random,\n        };\n\n        let nonce = XNonce::from_slice(\u0026self.client_random);\n\n        trace!(\"encrypting 0x42\");\n\n        danger_trace!(\"aad: {:?} nonce: {:?}\", payload.aad, nonce);\n\n        let encrypted_0x42 = match self.cipher.as_ref().unwrap().encrypt(nonce, payload) {\n            Ok(d) =\u003e d,\n            Err(_) =\u003e return Err(EpfHandshakeError::EncryptionError.into()),\n        };\n\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_FINISHED,\n                \u0026EpfFinished {\n                    protocol_version: PROTOCOL_VERSION,\n                    encrypted_0x42,\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        self.state = EpfClientState::WaitingForFinished;\n\n        loop {\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_FINISHED {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let packet_finished: EpfFinished = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            trace!(\"trying to debug 0x42\");\n\n            let payload = Payload {\n                msg: \u0026packet_finished.encrypted_0x42,\n                aad: \u0026self.server_random,\n            };\n\n            danger_trace!(\n                \"ciphertext: {:?}, aad: {:?}, nonce: {:?}\",\n                packet_finished.encrypted_0x42,\n                payload.aad,\n                nonce\n            );\n\n            let hopefully_0x42 = match self.cipher.as_ref().unwrap().decrypt(nonce, payload) {\n                Ok(d) =\u003e d,\n                Err(_) =\u003e {\n                    return Err(EpfHandshakeError::EncryptionError.into());\n                }\n            };\n\n            if hopefully_0x42 != vec![0x42] {\n                return Err(EpfHandshakeError::MissingKeyProof.into());\n            }\n\n            break;\n        }\n\n        self.state = EpfClientState::Transport;\n\n        Ok(())\n    }\n\n    async fn upgrade(self) -\u003e EpfClientStream\u003cT\u003e\n    where\n        Self: Sized,\n    {\n        let aad = self.server_random;\n        let client_cert = self.client_cert.clone();\n        let packet_queue = self.packet_queue.clone();\n        let server_cert = self.server_cert.unwrap();\n        let cipher = self.cipher.unwrap();\n        let private_key = self.private_key.clone();\n        let public_key = self.public_key;\n        let raw_stream = self.inner;\n        EpfClientStream {\n            raw_stream,\n            aad,\n            client_cert,\n            packet_queue,\n            server_cert,\n            cipher,\n            private_key,\n            public_key,\n        }\n    }\n}\n\n#[allow(dead_code)]\npub struct EpfClientStream\u003cS: AsyncReadExt + AsyncWriteExt + Unpin\u003e {\n    raw_stream: S,\n    aad: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    server_cert: EPFCertificate,\n    cipher: XChaCha20Poly1305,\n    private_key: EpfPrivateKey,\n    public_key: PublicKey,\n}\n\n#[async_trait]\npub trait EpfStreamOps {\n    async fn write(\u0026mut self, data: \u0026[u8]) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    async fn read(\u0026mut self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n}\n\n#[async_trait]\nimpl\u003cS: AsyncReadExt + AsyncWriteExt + Unpin + Send\u003e EpfStreamOps for EpfClientStream\u003cS\u003e {\n    async fn write(\u0026mut self, data: \u0026[u8]) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        let nonce = XChaCha20Poly1305::generate_nonce(OsRng);\n\n        let payload = Payload {\n            msg: data,\n            aad: \u0026self.aad,\n        };\n\n        let ciphertext = match self.cipher.encrypt(\u0026nonce, payload) {\n            Ok(c) =\u003e c,\n            Err(_) =\u003e return Err(io::Error::new(io::ErrorKind::Other, \"Encryption error\").into()),\n        };\n        let application_data = EpfApplicationData {\n            protocol_version: PROTOCOL_VERSION,\n            encrypted_application_data: ciphertext,\n            nonce: nonce.try_into().unwrap(),\n        };\n\n        let packet = encode_packet(PACKET_APPLICATION_DATA, \u0026application_data)?;\n\n        self.raw_stream.write_all(\u0026packet).await?;\n        self.raw_stream.flush().await?;\n\n        Ok(())\n    }\n\n    async fn read(\u0026mut self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        loop {\n            let packet = recv_packet(\u0026mut self.raw_stream).await?;\n\n            if packet.packet_id != PACKET_APPLICATION_DATA {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let app_data: EpfApplicationData = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            let nonce = XNonce::from_slice(\u0026app_data.nonce);\n\n            let payload = Payload {\n                msg: \u0026app_data.encrypted_application_data,\n                aad: \u0026self.aad,\n            };\n\n            let plaintext = match self.cipher.decrypt(nonce, payload) {\n                Ok(p) =\u003e p,\n                Err(_) =\u003e {\n                    return Err(io::Error::new(io::ErrorKind::Other, \"Decryption error\").into())\n                }\n            };\n\n            return Ok(plaintext);\n        }\n    }\n}\n\n///// SERVER /////\n\npub struct EpfServerUpgraded\u003cT: AsyncWriteExt + AsyncReadExt\u003e {\n    inner: T,\n    state: EpfServerState,\n    client_random: [u8; 24],\n    server_random: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    cipher: Option\u003cXChaCha20Poly1305\u003e,\n    cert: EPFCertificate,\n    private_key: EpfPrivateKey,\n    public_key: EpfPublicKey,\n}\n\n#[async_trait]\npub trait EpfServerUpgradable {\n    async fn upgrade(\n        self,\n        cert: EPFCertificate,\n        private_key: EpfPrivateKey,\n    ) -\u003e EpfServerUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send;\n}\n\n#[async_trait]\nimpl\u003cT: ?Sized\u003e EpfServerUpgradable for T\nwhere\n    T: AsyncWriteExt + AsyncReadExt + Send,\n{\n    async fn upgrade(\n        self,\n        cert: EPFCertificate,\n        private_key: EpfPrivateKey,\n    ) -\u003e EpfServerUpgraded\u003cSelf\u003e\n    where\n        Self: Sized + AsyncWriteExt + AsyncReadExt + Send,\n    {\n        EpfServerUpgraded {\n            inner: self,\n            state: EpfServerState::WaitingForClientHello,\n            server_random: OsRng.gen(),\n            client_random: [0u8; 24],\n            cert,\n            client_cert: None,\n            packet_queue: vec![],\n            cipher: None,\n            private_key: private_key.clone(),\n            public_key: private_key.verifying_key(),\n        }\n    }\n}\n\n#[async_trait]\npub trait EpfServerHandshaker\u003cS: AsyncWriteExt + AsyncReadExt + Unpin\u003e {\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    async fn upgrade(self) -\u003e EpfServerStream\u003cS\u003e\n    where\n        Self: Sized;\n}\n\n#[async_trait]\nimpl\u003cT: AsyncWriteExt + AsyncReadExt + Send + Unpin\u003e EpfServerHandshaker\u003cT\u003e\n    for EpfServerUpgraded\u003cT\u003e\n{\n    async fn handshake(\u0026mut self, cert_pool: EpfCaPool) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        match self.state {\n            EpfServerState::WaitingForClientHello =\u003e (),\n            _ =\u003e return Err(EpfHandshakeError::AlreadyTunnelled.into()),\n        }\n\n        let client_public_key;\n\n        // Step 1: Wait for Client Hello\n        loop {\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_CLIENT_HELLO {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            trace!(\"got client hello\");\n\n            let client_hello: EpfClientHello = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            self.client_random = client_hello.client_random;\n\n            if client_hello.protocol_version != PROTOCOL_VERSION {\n                return Err(EpfHandshakeError::UnsupportedProtocolVersion(\n                    client_hello.protocol_version as usize,\n                )\n                .into());\n            }\n\n            self.client_cert = client_hello.client_certificate;\n\n            client_public_key = client_hello.client_x25519_public_key;\n\n            trace!(\"exiting loop\");\n\n            break;\n        }\n\n        // Step 2: Validate Client Certificate (if present)\n        if let Some(client_cert) = \u0026self.client_cert {\n            let cert_valid = client_cert.verify(\u0026cert_pool);\n            if let Err(e) = cert_valid {\n                return Err(EpfHandshakeError::InvalidCertificate(e).into());\n            }\n            if let Ok(false) = cert_valid {\n                return Err(EpfHandshakeError::UntrustedCertificate.into());\n            }\n        }\n        // Client Cert OK (if present)\n\n        trace!(\"client cert okay\");\n\n        // Step 3: Send Server Hello\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_SERVER_HELLO,\n                \u0026EpfServerHello {\n                    protocol_version: PROTOCOL_VERSION,\n                    server_certificate: self.cert.clone(),\n                    server_random: self.server_random,\n                    server_x25519_public_key: PublicKey::from(\u0026StaticSecret::from(\n                        self.private_key.to_bytes(),\n                    ))\n                    .to_bytes(),\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        trace!(\"sent server hello\");\n\n        self.state = EpfServerState::WaitingForFinished;\n\n        // Step 4: Build the cipher\n        let private_key = StaticSecret::from(self.private_key.to_bytes());\n        let their_public_key = PublicKey::from(client_public_key);\n\n        assert_ne!(\n            their_public_key.to_bytes(),\n            PublicKey::from(\u0026private_key).to_bytes()\n        );\n\n        danger_trace!(\n            \"pr: {}, their pub: {}, my pub: {}\",\n            hex::encode(self.private_key.to_bytes()),\n            hex::encode(client_public_key),\n            hex::encode(self.private_key.verifying_key().to_bytes())\n        );\n\n        let shared_key = private_key.diffie_hellman(\u0026their_public_key).to_bytes();\n\n        trace!(\"client public key: {:x?}\", client_public_key);\n        danger_trace!(\"shared key: {}\", hex::encode(shared_key));\n\n        let cc20p1305_key = Key::from(shared_key);\n        let cc20p1305 = XChaCha20Poly1305::new(\u0026cc20p1305_key);\n        self.cipher = Some(cc20p1305);\n\n        let payload = Payload {\n            msg: \u0026[0x42],\n            aad: \u0026self.server_random,\n        };\n\n        let nonce = XNonce::from_slice(\u0026self.client_random);\n\n        loop {\n            let packet = recv_packet(\u0026mut self.inner).await?;\n\n            if packet.packet_id != PACKET_FINISHED {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let packet_finished: EpfFinished = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            let payload = Payload {\n                msg: \u0026packet_finished.encrypted_0x42,\n                aad: \u0026self.server_random,\n            };\n\n            trace!(\"trying to decrypt 0x42\");\n            danger_trace!(\n                \"ciphertext: {:?}, nonce: {:?}, aad: {:?}\",\n                payload.msg,\n                nonce,\n                payload.aad\n            );\n\n            let hopefully_0x42 = match self.cipher.as_ref().unwrap().decrypt(nonce, payload) {\n                Ok(d) =\u003e d,\n                Err(_) =\u003e {\n                    return Err(EpfHandshakeError::EncryptionError.into());\n                }\n            };\n\n            if hopefully_0x42 != vec![0x42] {\n                return Err(EpfHandshakeError::MissingKeyProof.into());\n            }\n\n            break;\n        }\n\n        let encrypted_0x42 = match self.cipher.as_ref().unwrap().encrypt(nonce, payload) {\n            Ok(d) =\u003e d,\n            Err(_) =\u003e return Err(EpfHandshakeError::EncryptionError.into()),\n        };\n\n        self.inner\n            .write_all(\u0026encode_packet(\n                PACKET_FINISHED,\n                \u0026EpfFinished {\n                    protocol_version: PROTOCOL_VERSION,\n                    encrypted_0x42,\n                },\n            )?)\n            .await?;\n        self.inner.flush().await?;\n\n        self.state = EpfServerState::WaitingForFinished;\n\n        self.state = EpfServerState::Transport;\n\n        Ok(())\n    }\n\n    async fn upgrade(self) -\u003e EpfServerStream\u003cT\u003e\n    where\n        Self: Sized,\n    {\n        EpfServerStream {\n            aad: self.server_random,\n            server_cert: self.cert,\n            packet_queue: self.packet_queue,\n            client_cert: self.client_cert,\n            cipher: self.cipher.unwrap(),\n            private_key: self.private_key,\n            public_key: self.public_key,\n            raw_stream: self.inner,\n        }\n    }\n}\n\n#[allow(dead_code)]\npub struct EpfServerStream\u003cS: AsyncReadExt + AsyncWriteExt + Unpin\u003e {\n    raw_stream: S,\n    aad: [u8; 16],\n    client_cert: Option\u003cEPFCertificate\u003e,\n    packet_queue: Vec\u003cEpfMessage\u003e,\n    server_cert: EPFCertificate,\n    cipher: XChaCha20Poly1305,\n    private_key: EpfPrivateKey,\n    public_key: EpfPublicKey,\n}\n\n#[async_trait]\nimpl\u003cS: AsyncReadExt + AsyncWriteExt + Unpin + Send\u003e EpfStreamOps for EpfServerStream\u003cS\u003e {\n    async fn write(\u0026mut self, data: \u0026[u8]) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        let nonce = XChaCha20Poly1305::generate_nonce(OsRng);\n\n        let payload = Payload {\n            msg: data,\n            aad: \u0026self.aad,\n        };\n\n        let ciphertext = match self.cipher.encrypt(\u0026nonce, payload) {\n            Ok(c) =\u003e c,\n            Err(_) =\u003e return Err(io::Error::new(io::ErrorKind::Other, \"Encryption error\").into()),\n        };\n        let application_data = EpfApplicationData {\n            protocol_version: PROTOCOL_VERSION,\n            encrypted_application_data: ciphertext,\n            nonce: nonce.try_into().unwrap(),\n        };\n\n        let packet = encode_packet(PACKET_APPLICATION_DATA, \u0026application_data)?;\n\n        self.raw_stream.write_all(\u0026packet).await?;\n        self.raw_stream.flush().await?;\n\n        Ok(())\n    }\n\n    async fn read(\u0026mut self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        loop {\n            let packet = recv_packet(\u0026mut self.raw_stream).await?;\n\n            if packet.packet_id != PACKET_APPLICATION_DATA {\n                self.packet_queue.push(packet);\n                continue;\n            }\n\n            let app_data: EpfApplicationData = rmp_serde::from_slice(\u0026packet.packet_data)?;\n\n            let nonce = XNonce::from_slice(\u0026app_data.nonce);\n\n            let payload = Payload {\n                msg: \u0026app_data.encrypted_application_data,\n                aad: \u0026self.aad,\n            };\n\n            let plaintext = match self.cipher.decrypt(nonce, payload) {\n                Ok(p) =\u003e p,\n                Err(_) =\u003e {\n                    return Err(io::Error::new(io::ErrorKind::Other, \"Decryption error\").into())\n                }\n            };\n\n            return Ok(plaintext);\n        }\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::handshake_stream::{\n        ClientAuthentication, EpfClientHandshaker, EpfClientUpgradable, EpfClientUpgraded,\n        EpfServerHandshaker, EpfServerUpgradable, EpfServerUpgraded, EpfStreamOps,\n    };\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EpfPkiCertificateOps};\n    use ed25519_dalek::{SigningKey};\n    use log::{debug, trace};\n    \n    use std::net::SocketAddr;\n    use std::str::FromStr;\n    use std::time::{SystemTime, UNIX_EPOCH};\n    use serial_test::serial;\n\n    use tokio::join;\n    use tokio::net::{TcpListener, TcpSocket, TcpStream};\n    use x25519_dalek::{PublicKey, StaticSecret};\n\n    #[tokio::test]\n    #[serial]\n    pub async fn stream_test() {\n        //simple_logger::init().unwrap();\n\n        let tcp_listener = TcpListener::bind(\"0.0.0.0:36116\").await.unwrap();\n\n        let tcp_client_future = TcpSocket::new_v4()\n            .unwrap()\n            .connect(SocketAddr::from_str(\"127.0.0.1:36116\").unwrap());\n\n        let (a, b) = join![tcp_listener.accept(), tcp_client_future];\n\n        let (s, _) = a.unwrap();\n        let c = b.unwrap();\n\n        let server_private_key = SigningKey::from([1u8; 32]);\n        let client_private_key = SigningKey::from([2u8; 32]);\n\n        let mut server_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Server Certificate\".to_string(),\n                not_before: 0,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: server_private_key.verifying_key().to_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; 64],\n        };\n        server_cert.sign(\u0026server_private_key).unwrap();\n\n        debug!(\n            \"{}\",\n            hex::encode(server_private_key.verifying_key().to_bytes())\n        );\n\n        let mut client_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Client Certificate\".to_string(),\n                not_before: 0,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: client_private_key.verifying_key().to_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; 64],\n        };\n        client_cert.sign(\u0026client_private_key).unwrap();\n\n        let mut cert_pool = EpfCaPool::new();\n        let mut cert_pool_2 = EpfCaPool::new();\n        cert_pool.insert(\u0026server_cert);\n        cert_pool.insert(\u0026client_cert);\n        cert_pool_2.insert(\u0026client_cert);\n        cert_pool_2.insert(\u0026server_cert);\n\n        let mut c: EpfClientUpgraded\u003cTcpStream\u003e = EpfClientUpgradable::upgrade(\n            c,\n            ClientAuthentication::Cert(Box::new(client_cert), Box::new(client_private_key)),\n        )\n        .await;\n        let mut s: EpfServerUpgraded\u003cTcpStream\u003e =\n            EpfServerUpgradable::upgrade(s, server_cert, server_private_key).await;\n\n        let server_handshake_accept_task = tokio::spawn(async move {\n            trace!(\"starting server handshake listener\");\n            s.handshake(cert_pool_2).await.unwrap();\n            let mut upgraded = s.upgrade().await;\n            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42]);\n            upgraded.write(\u0026[0x42, 0x42]).await.unwrap();\n        });\n\n        let client_handshake_send_task = tokio::spawn(async move {\n            trace!(\"starting client handshake sender\");\n            c.handshake(cert_pool).await.unwrap();\n            let mut upgraded = EpfClientHandshaker::upgrade(c).await;\n            upgraded.write(\u0026[0x42, 0x42]).await.unwrap();\n            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42]);\n        });\n\n        let (a, b) = join![server_handshake_accept_task, client_handshake_send_task];\n        a.unwrap();\n        b.unwrap();\n    }\n\n    #[tokio::test]\n    #[serial]\n    pub async fn stream_test_ephemeral() {\n        //simple_logger::init().unwrap();\n\n        let tcp_listener = TcpListener::bind(\"0.0.0.0:36117\").await.unwrap();\n\n        let tcp_client_future = TcpSocket::new_v4()\n            .unwrap()\n            .connect(SocketAddr::from_str(\"127.0.0.1:36117\").unwrap());\n\n        let (a, b) = join![tcp_listener.accept(), tcp_client_future];\n\n        let (s, _) = a.unwrap();\n        let c = b.unwrap();\n\n        let server_private_key = SigningKey::from([1u8; 32]);\n\n        let mut server_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Server Certificate\".to_string(),\n                not_before: 0,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: server_private_key.verifying_key().to_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; 64],\n        };\n        server_cert.sign(\u0026server_private_key).unwrap();\n\n        debug!(\n            \"{}\",\n            hex::encode(server_private_key.verifying_key().to_bytes())\n        );\n\n        let mut cert_pool = EpfCaPool::new();\n        let mut cert_pool_2 = EpfCaPool::new();\n        cert_pool.insert(\u0026server_cert);\n\n        cert_pool_2.insert(\u0026server_cert);\n\n        let mut c: EpfClientUpgraded\u003cTcpStream\u003e = EpfClientUpgradable::upgrade(\n            c,\n            ClientAuthentication::Ephemeral,\n        )\n            .await;\n        let mut s: EpfServerUpgraded\u003cTcpStream\u003e =\n            EpfServerUpgradable::upgrade(s, server_cert, server_private_key).await;\n\n        let server_handshake_accept_task = tokio::spawn(async move {\n            trace!(\"starting server handshake listener\");\n            s.handshake(cert_pool_2).await.unwrap();\n            let mut upgraded = s.upgrade().await;\n            assert_eq!(upgraded.read().await.unwrap(), vec![0x42, 0x42])\n        });\n\n        let client_handshake_send_task = tokio::spawn(async move {\n            trace!(\"starting client handshake sender\");\n            c.handshake(cert_pool).await.unwrap();\n            let mut upgraded = EpfClientHandshaker::upgrade(c).await;\n            upgraded.write(\u0026[0x42, 0x42]).await.unwrap();\n        });\n\n        let (a, b) = join![server_handshake_accept_task, client_handshake_send_task];\n        a.unwrap();\n        b.unwrap();\n    }\n\n    #[test]\n    pub fn x25519_sanity_check() {\n        let bob_key = StaticSecret::from([1u8; 32]);\n        let bob_pub = PublicKey::from(\u0026bob_key);\n\n        let alice_key = StaticSecret::from([2u8; 32]);\n        let alice_pub = PublicKey::from(\u0026alice_key);\n\n        let ss_1 = bob_key.diffie_hellman(\u0026alice_pub);\n        let ss_2 = alice_key.diffie_hellman(\u0026bob_pub);\n\n        assert_eq!(ss_1.to_bytes(), ss_2.to_bytes());\n\n        println!(\n            \"SS: {}, B_p: {}, A_p: {}\",\n            hex::encode(ss_1.to_bytes()),\n            hex::encode(bob_pub.to_bytes()),\n            hex::encode(alice_pub.to_bytes())\n        );\n    }\n}\n","traces":[{"line":57,"address":[1310686],"length":1,"stats":{"Line":2},"fn_name":null},{"line":61,"address":[1310892,1311101,1311187,1311323,1310801],"length":1,"stats":{"Line":3},"fn_name":null},{"line":63,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":64,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":65,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":67,"address":[1311149],"length":1,"stats":{"Line":1},"fn_name":null},{"line":68,"address":[1311544],"length":1,"stats":{"Line":1},"fn_name":null},{"line":69,"address":[1312437,1312519,1311608,1312688],"length":1,"stats":{"Line":3},"fn_name":null},{"line":70,"address":[1312577],"length":1,"stats":{"Line":1},"fn_name":null},{"line":71,"address":[1312625],"length":1,"stats":{"Line":1},"fn_name":null},{"line":72,"address":[1312665,1312794],"length":1,"stats":{"Line":2},"fn_name":null},{"line":74,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":75,"address":[1311649],"length":1,"stats":{"Line":1},"fn_name":null},{"line":76,"address":[1311701],"length":1,"stats":{"Line":1},"fn_name":null},{"line":77,"address":[1311836,1311749],"length":1,"stats":{"Line":2},"fn_name":null},{"line":78,"address":[1311925,1311860],"length":1,"stats":{"Line":2},"fn_name":null},{"line":79,"address":[1312074,1312246],"length":1,"stats":{"Line":2},"fn_name":null},{"line":86,"address":[1312382],"length":1,"stats":{"Line":1},"fn_name":null},{"line":87,"address":[1313181],"length":1,"stats":{"Line":1},"fn_name":null},{"line":88,"address":[1313192,1314208,1314230],"length":1,"stats":{"Line":3},"fn_name":"{closure#0}\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":90,"address":[1313243],"length":1,"stats":{"Line":1},"fn_name":null},{"line":92,"address":[1313298],"length":1,"stats":{"Line":1},"fn_name":null},{"line":110,"address":[1315976,1314581,1314528,1315208,1330295,1315384,1314287,1330639,1314272],"length":1,"stats":{"Line":6},"fn_name":"handshake\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":111,"address":[1315469],"length":1,"stats":{"Line":1},"fn_name":null},{"line":112,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":113,"address":[1315600,1315703],"length":1,"stats":{"Line":0},"fn_name":null},{"line":117,"address":[1315497,1316804,1316636,1316466,1316725],"length":1,"stats":{"Line":4},"fn_name":null},{"line":118,"address":[1315969,1316034,1316288],"length":1,"stats":{"Line":2},"fn_name":null},{"line":119,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":120,"address":[1315818],"length":1,"stats":{"Line":1},"fn_name":null},{"line":121,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":122,"address":[1315530],"length":1,"stats":{"Line":1},"fn_name":null},{"line":123,"address":[1315560],"length":1,"stats":{"Line":1},"fn_name":null},{"line":124,"address":[1315741],"length":1,"stats":{"Line":1},"fn_name":null},{"line":127,"address":[1285247,1284433,1285124],"length":1,"stats":{"Line":3},"fn_name":null},{"line":128,"address":[1314813,1317254,1316917,1315106],"length":1,"stats":{"Line":2},"fn_name":null},{"line":130,"address":[1317213,1317441,1317344,1317543],"length":1,"stats":{"Line":3},"fn_name":null},{"line":132,"address":[1317505],"length":1,"stats":{"Line":1},"fn_name":null},{"line":134,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":137,"address":[1317541],"length":1,"stats":{"Line":1},"fn_name":null},{"line":138,"address":[1317898,1317649,1317794],"length":1,"stats":{"Line":2},"fn_name":null},{"line":140,"address":[1284463],"length":1,"stats":{"Line":4},"fn_name":null},{"line":142,"address":[1318510],"length":1,"stats":{"Line":1},"fn_name":null},{"line":143,"address":[1318671],"length":1,"stats":{"Line":0},"fn_name":null},{"line":144,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":147,"address":[1318899,1319095,1318633],"length":1,"stats":{"Line":2},"fn_name":null},{"line":149,"address":[1318999],"length":1,"stats":{"Line":1},"fn_name":null},{"line":151,"address":[1319076],"length":1,"stats":{"Line":1},"fn_name":null},{"line":152,"address":[1319498,1319390],"length":1,"stats":{"Line":0},"fn_name":null},{"line":153,"address":[1319383],"length":1,"stats":{"Line":0},"fn_name":null},{"line":155,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":158,"address":[1319599,1319255,1319532],"length":1,"stats":{"Line":2},"fn_name":null},{"line":160,"address":[1319643],"length":1,"stats":{"Line":1},"fn_name":null},{"line":162,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":166,"address":[1319774,1319861],"length":1,"stats":{"Line":2},"fn_name":null},{"line":167,"address":[1319935],"length":1,"stats":{"Line":1},"fn_name":null},{"line":168,"address":[1330491,1320055],"length":1,"stats":{"Line":0},"fn_name":null},{"line":170,"address":[1320217],"length":1,"stats":{"Line":1},"fn_name":null},{"line":171,"address":[1330454,1320297],"length":1,"stats":{"Line":0},"fn_name":null},{"line":177,"address":[1320407,1320267],"length":1,"stats":{"Line":2},"fn_name":null},{"line":178,"address":[1320434],"length":1,"stats":{"Line":1},"fn_name":null},{"line":180,"address":[1320776,1320626],"length":1,"stats":{"Line":1},"fn_name":null},{"line":181,"address":[1320541],"length":1,"stats":{"Line":1},"fn_name":null},{"line":182,"address":[1320568],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[1320828,1321117,1321616,1320729,1321383,1321262,1321807],"length":1,"stats":{"Line":2},"fn_name":null},{"line":187,"address":[1321330],"length":1,"stats":{"Line":0},"fn_name":null},{"line":188,"address":[1321494],"length":1,"stats":{"Line":0},"fn_name":null},{"line":189,"address":[1321727],"length":1,"stats":{"Line":0},"fn_name":null},{"line":192,"address":[1321080,1322159],"length":1,"stats":{"Line":2},"fn_name":null},{"line":194,"address":[1322374,1322547,1322229],"length":1,"stats":{"Line":2},"fn_name":null},{"line":196,"address":[1322472],"length":1,"stats":{"Line":0},"fn_name":null},{"line":198,"address":[1323077,1322729,1322438,1323222],"length":1,"stats":{"Line":2},"fn_name":null},{"line":200,"address":[1322981],"length":1,"stats":{"Line":1},"fn_name":null},{"line":201,"address":[1323579],"length":1,"stats":{"Line":1},"fn_name":null},{"line":202,"address":[1323774,1323606],"length":1,"stats":{"Line":2},"fn_name":null},{"line":205,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":206,"address":[1323832],"length":1,"stats":{"Line":1},"fn_name":null},{"line":209,"address":[1323885],"length":1,"stats":{"Line":1},"fn_name":null},{"line":211,"address":[1324200,1324105,1323960],"length":1,"stats":{"Line":2},"fn_name":null},{"line":213,"address":[1324169,1324598,1324743,1324306],"length":1,"stats":{"Line":2},"fn_name":null},{"line":215,"address":[1324558,1325136],"length":1,"stats":{"Line":2},"fn_name":null},{"line":216,"address":[1325261],"length":1,"stats":{"Line":1},"fn_name":null},{"line":217,"address":[1325495],"length":1,"stats":{"Line":0},"fn_name":null},{"line":220,"address":[1326256,1326345,1325340,1326427,1326086],"length":1,"stats":{"Line":4},"fn_name":null},{"line":221,"address":[1325908,1325485,1325654],"length":1,"stats":{"Line":2},"fn_name":null},{"line":222,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":223,"address":[1325409],"length":1,"stats":{"Line":1},"fn_name":null},{"line":224,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":225,"address":[1325370],"length":1,"stats":{"Line":1},"fn_name":null},{"line":228,"address":[1284621,1284755,1284484,1284734],"length":1,"stats":{"Line":4},"fn_name":null},{"line":229,"address":[1314876,1314953,1326588,1326922],"length":1,"stats":{"Line":2},"fn_name":null},{"line":231,"address":[1326884],"length":1,"stats":{"Line":1},"fn_name":null},{"line":233,"address":[1326920],"length":1,"stats":{"Line":1},"fn_name":null},{"line":234,"address":[1284511],"length":1,"stats":{"Line":3},"fn_name":null},{"line":236,"address":[1327548],"length":1,"stats":{"Line":1},"fn_name":null},{"line":237,"address":[1327709],"length":1,"stats":{"Line":0},"fn_name":null},{"line":238,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":241,"address":[1328031,1327671,1327905],"length":1,"stats":{"Line":2},"fn_name":null},{"line":243,"address":[1327987,1328230,1328327,1328426],"length":1,"stats":{"Line":3},"fn_name":null},{"line":246,"address":[1328391],"length":1,"stats":{"Line":1},"fn_name":null},{"line":247,"address":[1328548],"length":1,"stats":{"Line":1},"fn_name":null},{"line":250,"address":[1328605,1328928,1329073],"length":1,"stats":{"Line":1},"fn_name":null},{"line":252,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":253,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":254,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":257,"address":[1328888,1329467],"length":1,"stats":{"Line":2},"fn_name":null},{"line":258,"address":[1329590],"length":1,"stats":{"Line":1},"fn_name":null},{"line":259,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":260,"address":[1329674],"length":1,"stats":{"Line":0},"fn_name":null},{"line":264,"address":[1329659,1329804],"length":1,"stats":{"Line":2},"fn_name":null},{"line":265,"address":[1329943],"length":1,"stats":{"Line":0},"fn_name":null},{"line":268,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":271,"address":[1330126],"length":1,"stats":{"Line":1},"fn_name":null},{"line":273,"address":[1330162],"length":1,"stats":{"Line":1},"fn_name":null},{"line":276,"address":[1331373,1330752],"length":1,"stats":{"Line":2},"fn_name":"upgrade\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":280,"address":[1331424],"length":1,"stats":{"Line":1},"fn_name":null},{"line":281,"address":[1331440],"length":1,"stats":{"Line":1},"fn_name":null},{"line":282,"address":[1331507],"length":1,"stats":{"Line":1},"fn_name":null},{"line":283,"address":[1331567],"length":1,"stats":{"Line":1},"fn_name":null},{"line":284,"address":[1331674],"length":1,"stats":{"Line":1},"fn_name":null},{"line":285,"address":[1331814],"length":1,"stats":{"Line":1},"fn_name":null},{"line":286,"address":[1331858],"length":1,"stats":{"Line":1},"fn_name":null},{"line":287,"address":[1331890],"length":1,"stats":{"Line":1},"fn_name":null},{"line":321,"address":[1335717,1332927,1334377,1333597,1332896,1333152,1333199,1333469],"length":1,"stats":{"Line":5},"fn_name":"write\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":322,"address":[1333668],"length":1,"stats":{"Line":1},"fn_name":null},{"line":326,"address":[1333702],"length":1,"stats":{"Line":1},"fn_name":null},{"line":329,"address":[1333748,1333861],"length":1,"stats":{"Line":2},"fn_name":null},{"line":330,"address":[1333894],"length":1,"stats":{"Line":1},"fn_name":null},{"line":331,"address":[1334078],"length":1,"stats":{"Line":0},"fn_name":null},{"line":336,"address":[1334252,1334020],"length":1,"stats":{"Line":2},"fn_name":null},{"line":339,"address":[1334625,1334471,1334345],"length":1,"stats":{"Line":2},"fn_name":null},{"line":341,"address":[1334846,1334568,1333418,1335155,1333341],"length":1,"stats":{"Line":3},"fn_name":null},{"line":342,"address":[1335252,1333359,1335124,1335517],"length":1,"stats":{"Line":2},"fn_name":null},{"line":344,"address":[1335479],"length":1,"stats":{"Line":1},"fn_name":null},{"line":347,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":348,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":349,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":351,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":352,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":353,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":356,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":358,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":361,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":362,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":365,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":366,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":367,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":368,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":372,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":408,"address":[1404960],"length":1,"stats":{"Line":1},"fn_name":"upgrade\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":419,"address":[1336404],"length":1,"stats":{"Line":1},"fn_name":null},{"line":420,"address":[1336455],"length":1,"stats":{"Line":1},"fn_name":null},{"line":423,"address":[1336536],"length":1,"stats":{"Line":1},"fn_name":null},{"line":425,"address":[1336607],"length":1,"stats":{"Line":1},"fn_name":null},{"line":426,"address":[1336654],"length":1,"stats":{"Line":1},"fn_name":null},{"line":443,"address":[1339116,1337536,1337551,1338641,1353053,1337845,1338465,1337792,1353275],"length":1,"stats":{"Line":6},"fn_name":"handshake\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":444,"address":[1338726],"length":1,"stats":{"Line":1},"fn_name":null},{"line":445,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":446,"address":[1338897,1338794],"length":1,"stats":{"Line":0},"fn_name":null},{"line":449,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":452,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":453,"address":[1285489],"length":1,"stats":{"Line":5},"fn_name":null},{"line":455,"address":[1339451],"length":1,"stats":{"Line":1},"fn_name":null},{"line":456,"address":[1339618],"length":1,"stats":{"Line":0},"fn_name":null},{"line":457,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":460,"address":[1339955,1339853,1339756,1339574],"length":1,"stats":{"Line":3},"fn_name":null},{"line":462,"address":[1339917,1340161,1340374],"length":1,"stats":{"Line":2},"fn_name":null},{"line":464,"address":[1340247],"length":1,"stats":{"Line":1},"fn_name":null},{"line":466,"address":[1340355],"length":1,"stats":{"Line":1},"fn_name":null},{"line":467,"address":[1340611,1340719],"length":1,"stats":{"Line":0},"fn_name":null},{"line":468,"address":[1340604],"length":1,"stats":{"Line":0},"fn_name":null},{"line":470,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":473,"address":[1340820,1340753,1340534],"length":1,"stats":{"Line":2},"fn_name":null},{"line":475,"address":[1340864],"length":1,"stats":{"Line":1},"fn_name":null},{"line":477,"address":[1341162,1341072,1340927],"length":1,"stats":{"Line":2},"fn_name":null},{"line":479,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":483,"address":[1341895,1341312],"length":1,"stats":{"Line":2},"fn_name":null},{"line":484,"address":[1341389,1341495],"length":1,"stats":{"Line":2},"fn_name":null},{"line":485,"address":[1341503],"length":1,"stats":{"Line":1},"fn_name":null},{"line":486,"address":[1341605,1353235],"length":1,"stats":{"Line":0},"fn_name":null},{"line":488,"address":[1341767],"length":1,"stats":{"Line":1},"fn_name":null},{"line":489,"address":[1353190,1341831],"length":1,"stats":{"Line":0},"fn_name":null},{"line":494,"address":[1341922,1341416,1342137,1342019],"length":1,"stats":{"Line":3},"fn_name":null},{"line":497,"address":[1343308,1343397,1343138,1342083,1343479],"length":1,"stats":{"Line":4},"fn_name":null},{"line":498,"address":[1342960,1342706,1342626],"length":1,"stats":{"Line":2},"fn_name":null},{"line":499,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":500,"address":[1342490],"length":1,"stats":{"Line":1},"fn_name":null},{"line":501,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":502,"address":[1342115],"length":1,"stats":{"Line":1},"fn_name":null},{"line":503,"address":[1342243],"length":1,"stats":{"Line":1},"fn_name":null},{"line":504,"address":[1342350,1342460],"length":1,"stats":{"Line":2},"fn_name":null},{"line":505,"address":[1342273],"length":1,"stats":{"Line":1},"fn_name":null},{"line":507,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":510,"address":[1286187,1285510,1285954],"length":1,"stats":{"Line":3},"fn_name":null},{"line":511,"address":[1338091,1338312,1343672,1344009],"length":1,"stats":{"Line":2},"fn_name":null},{"line":513,"address":[1343968,1344099,1344196,1344333],"length":1,"stats":{"Line":3},"fn_name":null},{"line":515,"address":[1344260],"length":1,"stats":{"Line":1},"fn_name":null},{"line":518,"address":[1344439,1344296],"length":1,"stats":{"Line":2},"fn_name":null},{"line":519,"address":[1344470],"length":1,"stats":{"Line":1},"fn_name":null},{"line":521,"address":[1344819,1344669],"length":1,"stats":{"Line":1},"fn_name":null},{"line":522,"address":[1344580],"length":1,"stats":{"Line":1},"fn_name":null},{"line":523,"address":[1344607],"length":1,"stats":{"Line":1},"fn_name":null},{"line":526,"address":[1345164,1345309,1345800,1345437,1345602,1344871,1344772],"length":1,"stats":{"Line":2},"fn_name":null},{"line":528,"address":[1345377],"length":1,"stats":{"Line":0},"fn_name":null},{"line":529,"address":[1345548],"length":1,"stats":{"Line":0},"fn_name":null},{"line":530,"address":[1345713],"length":1,"stats":{"Line":0},"fn_name":null},{"line":533,"address":[1345123,1346152],"length":1,"stats":{"Line":2},"fn_name":null},{"line":535,"address":[1346222,1346465,1346367],"length":1,"stats":{"Line":2},"fn_name":null},{"line":536,"address":[1346999,1347144,1346651,1346431],"length":1,"stats":{"Line":2},"fn_name":null},{"line":538,"address":[1346903],"length":1,"stats":{"Line":1},"fn_name":null},{"line":539,"address":[1347501],"length":1,"stats":{"Line":1},"fn_name":null},{"line":540,"address":[1347528,1347696],"length":1,"stats":{"Line":2},"fn_name":null},{"line":543,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":544,"address":[1347754],"length":1,"stats":{"Line":1},"fn_name":null},{"line":547,"address":[1347819],"length":1,"stats":{"Line":1},"fn_name":null},{"line":549,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":550,"address":[1285540],"length":1,"stats":{"Line":4},"fn_name":null},{"line":552,"address":[1348437],"length":1,"stats":{"Line":1},"fn_name":null},{"line":553,"address":[1348598],"length":1,"stats":{"Line":0},"fn_name":null},{"line":554,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":557,"address":[1348914,1348560,1348794],"length":1,"stats":{"Line":2},"fn_name":null},{"line":560,"address":[1348876],"length":1,"stats":{"Line":1},"fn_name":null},{"line":561,"address":[1349122],"length":1,"stats":{"Line":1},"fn_name":null},{"line":564,"address":[1349419,1349324,1349179],"length":1,"stats":{"Line":2},"fn_name":null},{"line":565,"address":[1349525,1349388,1349962,1349817],"length":1,"stats":{"Line":2},"fn_name":null},{"line":567,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":568,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":569,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":572,"address":[1349777,1350404],"length":1,"stats":{"Line":2},"fn_name":null},{"line":573,"address":[1350533],"length":1,"stats":{"Line":1},"fn_name":null},{"line":574,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":575,"address":[1350623],"length":1,"stats":{"Line":0},"fn_name":null},{"line":579,"address":[1350602,1350768],"length":1,"stats":{"Line":2},"fn_name":null},{"line":580,"address":[1350913],"length":1,"stats":{"Line":0},"fn_name":null},{"line":583,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":586,"address":[1351179,1351092],"length":1,"stats":{"Line":2},"fn_name":null},{"line":587,"address":[1351310],"length":1,"stats":{"Line":1},"fn_name":null},{"line":588,"address":[1351544],"length":1,"stats":{"Line":0},"fn_name":null},{"line":591,"address":[1352100,1352258,1352341,1352423,1351389],"length":1,"stats":{"Line":4},"fn_name":null},{"line":592,"address":[1351686,1351534,1351937],"length":1,"stats":{"Line":2},"fn_name":null},{"line":593,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":594,"address":[1351458],"length":1,"stats":{"Line":1},"fn_name":null},{"line":595,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":596,"address":[1351419],"length":1,"stats":{"Line":1},"fn_name":null},{"line":599,"address":[1285561,1285718,1285601,1285743],"length":1,"stats":{"Line":4},"fn_name":null},{"line":600,"address":[1352960,1352572,1338151],"length":1,"stats":{"Line":1},"fn_name":null},{"line":602,"address":[1352838],"length":1,"stats":{"Line":1},"fn_name":null},{"line":604,"address":[1352874],"length":1,"stats":{"Line":1},"fn_name":null},{"line":606,"address":[1352910],"length":1,"stats":{"Line":1},"fn_name":null},{"line":609,"address":[1353376,1353975],"length":1,"stats":{"Line":2},"fn_name":"upgrade\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":614,"address":[1354020],"length":1,"stats":{"Line":1},"fn_name":null},{"line":615,"address":[1354036],"length":1,"stats":{"Line":1},"fn_name":null},{"line":616,"address":[1354072],"length":1,"stats":{"Line":1},"fn_name":null},{"line":617,"address":[1354104],"length":1,"stats":{"Line":1},"fn_name":null},{"line":618,"address":[1354122],"length":1,"stats":{"Line":1},"fn_name":null},{"line":619,"address":[1354238],"length":1,"stats":{"Line":1},"fn_name":null},{"line":620,"address":[1354271],"length":1,"stats":{"Line":1},"fn_name":null},{"line":621,"address":[1354297],"length":1,"stats":{"Line":1},"fn_name":null},{"line":640,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":641,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":645,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":648,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":649,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":650,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":655,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":658,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":660,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":661,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":663,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":666,"address":[1354879,1355784,1355155,1355525,1355326,1354864,1355120],"length":1,"stats":{"Line":4},"fn_name":"read\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":667,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":668,"address":[1281666],"length":1,"stats":{"Line":4},"fn_name":null},{"line":670,"address":[1356101],"length":1,"stats":{"Line":1},"fn_name":null},{"line":671,"address":[1356211],"length":1,"stats":{"Line":0},"fn_name":null},{"line":672,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":675,"address":[1356182,1356394,1356590],"length":1,"stats":{"Line":2},"fn_name":null},{"line":677,"address":[1356749,1356575],"length":1,"stats":{"Line":2},"fn_name":null},{"line":680,"address":[1356757],"length":1,"stats":{"Line":1},"fn_name":null},{"line":681,"address":[1356801],"length":1,"stats":{"Line":1},"fn_name":null},{"line":684,"address":[1356851],"length":1,"stats":{"Line":1},"fn_name":null},{"line":685,"address":[1356954],"length":1,"stats":{"Line":1},"fn_name":null},{"line":686,"address":[],"length":0,"stats":{"Line":0},"fn_name":null},{"line":687,"address":[1357160],"length":1,"stats":{"Line":0},"fn_name":null},{"line":691,"address":[1357050],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":186,"coverable":284},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod ca_pool;\npub mod error;\npub mod handshake_stream;\npub mod pki;\npub mod protocol;\npub mod util;\n#[macro_use]\npub mod log;\n","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","log.rs"],"content":"#[macro_export]\nmacro_rules! danger_trace {\n    // trace!(target: \"my_target\", key1 = 42, key2 = true; \"a {} event\", \"log\")\n    // trace!(target: \"my_target\", \"a {} event\", \"log\")\n    (target: $target:expr, $($arg:tt)+) =\u003e {\n        if std::env::var(\"E3PF_SUPER_DANGEROUS_VERY_VERBOSE_DEBUGGING_LOGGING\") == Ok(\"enabled\".to_string()) \u0026\u0026 cfg!(debug_assertions) {\n            log::trace!(target: $target, $($arg)+)\n        }\n    };\n\n    // trace!(\"a {} event\", \"log\")\n    ($($arg:tt)+) =\u003e {\n        if std::env::var(\"E3PF_SUPER_DANGEROUS_VERY_VERBOSE_DEBUGGING_LOGGING\") == Ok(\"enabled\".to_string()) \u0026\u0026 cfg!(debug_assertions) {\n            log::trace!($($arg)+)\n        }\n    }\n}\n","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\nuse crate::util::{pretty_print_date, u64_to_st, verifying_key};\nuse ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\nuse sha2::{Digest, Sha256};\nuse std::collections::HashMap;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse std::time::SystemTime;\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub const EPFPKI_SELF_SIGNED_CERTIFICATE: \u0026str =\n    \"0000000000000000000000000000000000000000000000000000000000000000\";\n\npub type EpfPublicKey = VerifyingKey;\npub type EpfPrivateKey = SigningKey;\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH],\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub claims: HashMap\u003cString, String\u003e,\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e\n    where\n        Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized;\n}\n\npub fn fingerprint(cert: \u0026EPFCertificateDetails) -\u003e Result\u003cString, rmp_serde::encode::Error\u003e {\n    let cert_bytes = rmp_serde::to_vec(cert)?;\n    let mut hasher = Sha256::new();\n    hasher.update(cert_bytes);\n    let hash = hasher.finalize();\n    Ok(hex::encode(hash))\n}\n\n#[derive(Debug)]\npub enum EpfPkiCertificateValidationError {\n    NoLongerValid { expired_at: SystemTime },\n    NotValidYet { valid_at: SystemTime },\n    InvalidCertificateData { e: rmp_serde::encode::Error },\n    FingerprintDoesNotMatch { expected: String, got: String },\n    InvalidSignature { e: SignatureError },\n    ExpiresAfterSigner,\n    ValidAfterSigner,\n}\n\nimpl Display for EpfPkiCertificateValidationError {\n    #[cfg_attr(tarpaulin, ignore)]\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfPkiCertificateValidationError::NoLongerValid { expired_at } =\u003e write!(\n                f,\n                \"Certificate no longer valid (expired at {})\",\n                pretty_print_date(expired_at)\n            ),\n            EpfPkiCertificateValidationError::NotValidYet { valid_at } =\u003e write!(\n                f,\n                \"Certificate not valid yet (valid at {})\",\n                pretty_print_date(valid_at)\n            ),\n            EpfPkiCertificateValidationError::InvalidCertificateData { e } =\u003e {\n                write!(f, \"Unable to serialize cert data: {}\", e)\n            }\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } =\u003e write!(\n                f,\n                \"Fingerprint mismatch (expected {}, got {})\",\n                expected, got\n            ),\n            EpfPkiCertificateValidationError::InvalidSignature { e } =\u003e {\n                write!(f, \"Certificate validation error: {}\", e)\n            }\n            EpfPkiCertificateValidationError::ExpiresAfterSigner =\u003e {\n                write!(f, \"Certificate expires after it's signing certificate\")\n            }\n            EpfPkiCertificateValidationError::ValidAfterSigner =\u003e write!(\n                f,\n                \"Certificate is valid longer than it's signing certificate\"\n            ),\n        }\n    }\n}\n\npub trait EpfPkiCertificateOps {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e;\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    fn verify_with_time(\n        \u0026self,\n        time: SystemTime,\n        ca_pool: \u0026EpfCaPool,\n    ) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n}\nimpl EpfPkiCertificateOps for EPFCertificate {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e {\n        self.fingerprint = fingerprint(\u0026self.details)?;\n        Ok(())\n    }\n\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        self.recalculate_fingerprint()?;\n\n        self.details.issuer_public_key = *private_key.verifying_key().as_bytes();\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)?;\n\n        let signature = private_key.sign(\u0026cert_data_bytes).to_vec();\n\n        self.signature = signature.try_into().unwrap();\n\n        self.recalculate_fingerprint()?;\n\n        Ok(())\n    }\n\n    fn verify_with_time(\n        \u0026self,\n        time: SystemTime,\n        ca_pool: \u0026EpfCaPool,\n    ) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        // Is it expired\n        if u64_to_st(self.details.not_after) \u003c time {\n            return Err(EpfPkiCertificateValidationError::NoLongerValid {\n                expired_at: u64_to_st(self.details.not_after),\n            });\n        }\n\n        // Is it valid yet\n        if u64_to_st(self.details.not_before) \u003e time {\n            return Err(EpfPkiCertificateValidationError::NotValidYet {\n                valid_at: u64_to_st(self.details.not_before),\n            });\n        }\n\n        let fingerprint_on_cert = fingerprint(\u0026self.details)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidCertificateData { e })?;\n\n        // Does the fingerprint match\n        if fingerprint_on_cert != self.fingerprint {\n            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch {\n                expected: self.fingerprint.clone(),\n                got: fingerprint_on_cert,\n            });\n        }\n\n        // Does the signature match\n        let signature = Signature::from_slice(\u0026self.signature)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?;\n\n        let is_self_signed;\n\n        let public_key = if self.details.issuer_public_key == self.details.public_key {\n            // self-signed certificate\n            is_self_signed = true;\n            verifying_key(\u0026self.details.public_key)\n        } else {\n            is_self_signed = false;\n            verifying_key(\u0026self.details.issuer_public_key)\n        };\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidCertificateData { e })?;\n\n        public_key\n            .verify(\u0026cert_data_bytes, \u0026signature)\n            .map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?;\n\n        // Signature OK\n\n        // Is the signer trusted?\n        let ca_cert = if is_self_signed {\n            if let Some(cert) = ca_pool.get_ca(\u0026verifying_key(\u0026self.details.public_key)) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        } else if let Some(cert) = ca_pool.get_ca(\u0026verifying_key(\u0026self.details.issuer_public_key)) {\n            cert\n        } else {\n            return Ok(false);\n        };\n        // Yes.\n        // Make sure this cert wasnt valid before the CA\n        if ca_cert.details.not_after \u003c self.details.not_after {\n            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        }\n        // Make sure this cert isnt valid after the root\n        if ca_cert.details.not_before \u003e self.details.not_before {\n            return Err(EpfPkiCertificateValidationError::ValidAfterSigner);\n        }\n\n        // Cert OK\n\n        Ok(true)\n    }\n\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        self.verify_with_time(SystemTime::now(), ca_pool)\n    }\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(\n            f,\n            \"\\t\\tNot Before: {}\",\n            pretty_print_date(\u0026u64_to_st(self.details.not_before))\n        )?;\n        writeln!(\n            f,\n            \"\\t\\tNot After: {}\",\n            pretty_print_date(\u0026u64_to_st(self.details.not_after))\n        )?;\n        writeln!(\n            f,\n            \"\\t\\tPublic Key: {}\",\n            hex::encode(self.details.public_key)\n        )?;\n        writeln!(\n            f,\n            \"\\t\\tIssuer Fingerprint: {}\",\n            hex::encode(self.details.issuer_public_key)\n        )?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(\n            pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes_pki()?))\n                .as_bytes()\n                .to_vec(),\n        )\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized,\n    {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into());\n        }\n        Ok(Self::from_bytes_pki(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.as_bytes().to_vec())\n    }\n\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes\n            .try_into()\n            .map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(\n            pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes().to_vec()))\n                .as_bytes()\n                .to_vec(),\n        )\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized,\n    {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into());\n        }\n        Ok(Self::from_bytes(\n            pem.contents()\n                .try_into()\n                .map_err(|_| -\u003e Box\u003cdyn Error\u003e { \"Wrong size\".into() })?,\n        )?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes_pki(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_keypair_bytes().to_vec())\n    }\n\n    fn from_bytes_pki(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes\n            .try_into()\n            .map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(\n            pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes_pki()?))\n                .as_bytes()\n                .to_vec(),\n        )\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e\n    where\n        Self: Sized,\n    {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into());\n        }\n        Ok(Self::from_keypair_bytes(\n            pem.contents()\n                .try_into()\n                .map_err(|_| -\u003e Box\u003cdyn Error\u003e { \"Wrong size\".into() })?,\n        )?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::pki::{\n        EPFCertificate, EPFCertificateDetails, EpfPkiCertificateOps,\n        EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey,\n        EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH,\n    };\n    use crate::util::{signing_key, verifying_key};\n    use ed25519_dalek::{SignatureError, SigningKey};\n    use hex_literal::hex;\n    use rand::rngs::OsRng;\n    use std::collections::HashMap;\n    use std::time::{SystemTime, UNIX_EPOCH};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes_pki().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(\n            EPFCertificate::from_bytes_pki(\u0026cert_bytes()).unwrap(),\n            cert()\n        )\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(\n            (verifying_key(\u0026[0u8; 32])).as_bytes_pki().unwrap(),\n            [0u8; 32].to_vec()\n        )\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(\n            EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(),\n            verifying_key(\u0026[0u8; 32])\n        )\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(\n            (verifying_key(\u0026[0u8; 32])).as_pem().unwrap(),\n            null_public_key_pem()\n        )\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(\n            EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(),\n            verifying_key(\u0026[0u8; 32])\n        )\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        let priv_key_data = hex!(\"00000000000000000000000000000000000000000000000000000000000000003B6A27BCCEB6A42D62A3A8D02A6F0D73653215771DE243A63AC048A18B59DA29\");\n        assert_eq!(\n            (signing_key(\u0026priv_key_data)).as_bytes_pki().unwrap(),\n            priv_key_data.to_vec()\n        )\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        let priv_key = EpfPrivateKey::generate(\u0026mut OsRng);\n\n        assert_eq!(\n            priv_key.to_keypair_bytes(),\n            signing_key(\u0026priv_key.to_keypair_bytes()).to_keypair_bytes()\n        )\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        let priv_key_data = hex!(\"00000000000000000000000000000000000000000000000000000000000000003B6A27BCCEB6A42D62A3A8D02A6F0D73653215771DE243A63AC048A18B59DA29\");\n\n        assert_eq!(\n            (signing_key(\u0026priv_key_data)).as_pem().unwrap(),\n            null_private_key_pem()\n        )\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        let priv_key_data = hex!(\"00000000000000000000000000000000000000000000000000000000000000003B6A27BCCEB6A42D62A3A8D02A6F0D73653215771DE243A63AC048A18B59DA29\");\n\n        assert_eq!(\n            EpfPrivateKey::from_pem(\u0026null_private_key_pem())\n                .unwrap()\n                .to_keypair_bytes(),\n            signing_key(\u0026priv_key_data).to_keypair_bytes()\n        )\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        assert_eq!(\n            EpfPrivateKey::from_pem(\u0026null_public_key_pem())\n                .unwrap()\n                .to_keypair_bytes(),\n            signing_key(\u0026[0u8; 64]).to_keypair_bytes()\n        )\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    pub fn cert_fingerprinting() {\n        let mut cert = cert();\n        cert.recalculate_fingerprint().unwrap();\n        assert_eq!(\n            cert.fingerprint,\n            \"922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf\"\n        );\n    }\n\n    #[test]\n    pub fn cert_validation() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        println!(\"{}\", ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).is_err());\n\n        ca_cert.sign(\u0026private_key).unwrap();\n\n        assert!(!ca_cert.verify(\u0026ca_pool).unwrap());\n\n        ca_pool.insert(\u0026ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).unwrap());\n\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key).unwrap();\n        assert!(not_ca_cert.verify(\u0026ca_pool).unwrap());\n    }\n\n    #[test]\n    pub fn certificate_verification_expired() {\n        let expired_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Expired\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs(),\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(\n            expired_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::NoLongerValid { .. }\n        ))\n    }\n\n    #[test]\n    pub fn certificate_verification_fingerprint_does_not_match() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut fingerprint_does_not_match_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Fingerprint Non Matching\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        fingerprint_does_not_match_cert.sign(\u0026private_key).unwrap();\n\n        fingerprint_does_not_match_cert.fingerprint = \"0\".to_string();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(fingerprint_does_not_match_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::FingerprintDoesNotMatch { .. }));\n    }\n\n    #[test]\n    pub fn certificate_verification_invalid_signature() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut fingerprint_does_not_match_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Fingerprint Non Matching\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        fingerprint_does_not_match_cert.sign(\u0026private_key).unwrap();\n\n        fingerprint_does_not_match_cert.signature = [0u8; 64];\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(fingerprint_does_not_match_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::InvalidSignature { .. }));\n    }\n\n    #[test]\n    pub fn certificate_verification_not_valid_yet() {\n        let not_yet_valid_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Yet Valid\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(\n            not_yet_valid_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::NotValidYet { .. }\n        ))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_trusted() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut not_trusted_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Trusted\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 20,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        not_trusted_cert.sign(\u0026private_key).unwrap();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(!not_trusted_cert.verify(\u0026ca_pool).unwrap());\n    }\n\n    #[test]\n    pub fn cert_validation_expires_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 120,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key).unwrap();\n        assert!(matches!(\n            not_ca_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::ExpiresAfterSigner\n        ));\n    }\n\n    #[test]\n    pub fn cert_validation_valid_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 10,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    - 200,\n                not_after: SystemTime::now()\n                    .duration_since(UNIX_EPOCH)\n                    .unwrap()\n                    .as_secs()\n                    + 10,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key).unwrap();\n        assert!(matches!(\n            not_ca_cert.verify(\u0026ca_pool).unwrap_err(),\n            EpfPkiCertificateValidationError::ValidAfterSigner\n        ));\n    }\n\n    #[test]\n    pub fn verifying_error_display() {\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::NoLongerValid {\n                expired_at: SystemTime::now()\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::NotValidYet {\n                valid_at: SystemTime::now()\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::InvalidCertificateData {\n                e: rmp_serde::encode::Error::UnknownLength\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch {\n                expected: \"\".to_string(),\n                got: \"\".to_string()\n            }\n        );\n        println!(\n            \"{}\",\n            EpfPkiCertificateValidationError::InvalidSignature {\n                e: SignatureError::new()\n            }\n        );\n        println!(\"{}\", EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        println!(\"{}\", EpfPkiCertificateValidationError::ValidAfterSigner);\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                claims: HashMap::new(),\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\"\n                .to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![\n            147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103,\n            32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,\n            48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,\n            48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,\n            48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n        ]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![\n            45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73,\n            67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87,\n            120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110,\n            82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119,\n            65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65,\n            65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77,\n            68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77,\n            68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13,\n            10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65,\n            119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13,\n            10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67,\n            65, 84, 69, 45, 45, 45, 45, 45, 13, 10,\n        ]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![\n            45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32,\n            75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69,\n            80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10,\n        ]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![\n            45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69,\n            32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,\n            65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 55, 97, 105, 101, 56, 122, 114, 97, 107, 76,\n            87, 75, 106, 113, 78, 65, 113, 98, 119, 49, 122, 13, 10, 90, 84, 73, 86, 100, 120, 51,\n            105, 81, 54, 89, 54, 119, 69, 105, 104, 105, 49, 110, 97, 75, 81, 61, 61, 13, 10, 45,\n            45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69,\n            89, 45, 45, 45, 45, 45, 13, 10,\n        ]\n    }\n}\n","traces":[{"line":57,"address":[596703,596734,596048],"length":1,"stats":{"Line":1},"fn_name":"fingerprint"},{"line":58,"address":[596210,596072],"length":1,"stats":{"Line":4},"fn_name":null},{"line":59,"address":[596196],"length":1,"stats":{"Line":4},"fn_name":null},{"line":60,"address":[596396],"length":1,"stats":{"Line":4},"fn_name":null},{"line":61,"address":[596453],"length":1,"stats":{"Line":4},"fn_name":null},{"line":62,"address":[596588],"length":1,"stats":{"Line":4},"fn_name":null},{"line":78,"address":[597659,596752],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":79,"address":[596785],"length":1,"stats":{"Line":1},"fn_name":null},{"line":80,"address":[597685,596821,596856],"length":1,"stats":{"Line":2},"fn_name":null},{"line":83,"address":[596846],"length":1,"stats":{"Line":1},"fn_name":null},{"line":85,"address":[596885,596920,597491],"length":1,"stats":{"Line":2},"fn_name":null},{"line":88,"address":[596910],"length":1,"stats":{"Line":1},"fn_name":null},{"line":90,"address":[596949],"length":1,"stats":{"Line":1},"fn_name":null},{"line":91,"address":[596961],"length":1,"stats":{"Line":1},"fn_name":null},{"line":93,"address":[597062],"length":1,"stats":{"Line":1},"fn_name":null},{"line":98,"address":[597243],"length":1,"stats":{"Line":1},"fn_name":null},{"line":99,"address":[597255],"length":1,"stats":{"Line":1},"fn_name":null},{"line":102,"address":[597348],"length":1,"stats":{"Line":1},"fn_name":null},{"line":104,"address":[597412],"length":1,"stats":{"Line":1},"fn_name":null},{"line":123,"address":[598199,597856],"length":1,"stats":{"Line":1},"fn_name":"recalculate_fingerprint"},{"line":124,"address":[598175,598246,597886],"length":1,"stats":{"Line":5},"fn_name":null},{"line":125,"address":[598282],"length":1,"stats":{"Line":4},"fn_name":null},{"line":128,"address":[599364,598304],"length":1,"stats":{"Line":1},"fn_name":"sign"},{"line":129,"address":[598343,598596],"length":1,"stats":{"Line":3},"fn_name":null},{"line":131,"address":[598400],"length":1,"stats":{"Line":3},"fn_name":null},{"line":133,"address":[598527,598798,598702],"length":1,"stats":{"Line":5},"fn_name":null},{"line":135,"address":[598956,598766],"length":1,"stats":{"Line":6},"fn_name":null},{"line":137,"address":[599002],"length":1,"stats":{"Line":3},"fn_name":null},{"line":139,"address":[599147,599231],"length":1,"stats":{"Line":3},"fn_name":null},{"line":141,"address":[599203],"length":1,"stats":{"Line":3},"fn_name":null},{"line":144,"address":[599392,602013,601760],"length":1,"stats":{"Line":1},"fn_name":"verify_with_time"},{"line":150,"address":[599444],"length":1,"stats":{"Line":1},"fn_name":null},{"line":151,"address":[599574],"length":1,"stats":{"Line":1},"fn_name":null},{"line":152,"address":[599557],"length":1,"stats":{"Line":1},"fn_name":null},{"line":157,"address":[599497],"length":1,"stats":{"Line":1},"fn_name":null},{"line":158,"address":[599740],"length":1,"stats":{"Line":1},"fn_name":null},{"line":159,"address":[599723],"length":1,"stats":{"Line":1},"fn_name":null},{"line":163,"address":[599953,599628,599795],"length":1,"stats":{"Line":6},"fn_name":null},{"line":164,"address":[599896],"length":1,"stats":{"Line":0},"fn_name":null},{"line":167,"address":[600034,599867],"length":1,"stats":{"Line":6},"fn_name":null},{"line":168,"address":[600164],"length":1,"stats":{"Line":3},"fn_name":null},{"line":169,"address":[600077],"length":1,"stats":{"Line":3},"fn_name":null},{"line":170,"address":[600108],"length":1,"stats":{"Line":3},"fn_name":null},{"line":175,"address":[600672,600045,600325],"length":1,"stats":{"Line":6},"fn_name":null},{"line":176,"address":[600544],"length":1,"stats":{"Line":0},"fn_name":null},{"line":180,"address":[600510,600703],"length":1,"stats":{"Line":6},"fn_name":null},{"line":182,"address":[600746],"length":1,"stats":{"Line":1},"fn_name":null},{"line":183,"address":[600754],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[600714],"length":1,"stats":{"Line":2},"fn_name":null},{"line":186,"address":[600722,600799],"length":1,"stats":{"Line":4},"fn_name":null},{"line":189,"address":[600780,601102,600817],"length":1,"stats":{"Line":4},"fn_name":null},{"line":190,"address":[600974],"length":1,"stats":{"Line":0},"fn_name":null},{"line":192,"address":[601183,601442],"length":1,"stats":{"Line":4},"fn_name":null},{"line":193,"address":[600937],"length":1,"stats":{"Line":3},"fn_name":null},{"line":194,"address":[601314],"length":1,"stats":{"Line":3},"fn_name":null},{"line":199,"address":[601630,601290,601795],"length":1,"stats":{"Line":6},"fn_name":null},{"line":200,"address":[601520],"length":1,"stats":{"Line":1},"fn_name":null},{"line":201,"address":[601622],"length":1,"stats":{"Line":1},"fn_name":null},{"line":203,"address":[601637],"length":1,"stats":{"Line":1},"fn_name":null},{"line":205,"address":[601493,601704,601771],"length":1,"stats":{"Line":6},"fn_name":null},{"line":208,"address":[601805],"length":1,"stats":{"Line":1},"fn_name":null},{"line":212,"address":[601658],"length":1,"stats":{"Line":2},"fn_name":null},{"line":213,"address":[601857],"length":1,"stats":{"Line":1},"fn_name":null},{"line":216,"address":[601826],"length":1,"stats":{"Line":2},"fn_name":null},{"line":217,"address":[601932],"length":1,"stats":{"Line":1},"fn_name":null},{"line":222,"address":[601897],"length":1,"stats":{"Line":1},"fn_name":null},{"line":225,"address":[602032],"length":1,"stats":{"Line":1},"fn_name":"verify"},{"line":226,"address":[602065],"length":1,"stats":{"Line":1},"fn_name":null},{"line":232,"address":[603076,602112],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":233,"address":[602358,602151],"length":1,"stats":{"Line":1},"fn_name":null},{"line":234,"address":[602252,602546],"length":1,"stats":{"Line":2},"fn_name":null},{"line":235,"address":[602408,602672],"length":1,"stats":{"Line":2},"fn_name":null},{"line":236,"address":[602759,602645,603022],"length":1,"stats":{"Line":4},"fn_name":null},{"line":239,"address":[602581],"length":1,"stats":{"Line":2},"fn_name":null},{"line":241,"address":[603401,602998,603156],"length":1,"stats":{"Line":3},"fn_name":null},{"line":244,"address":[602940],"length":1,"stats":{"Line":2},"fn_name":null},{"line":246,"address":[603509,603380,603754],"length":1,"stats":{"Line":4},"fn_name":null},{"line":249,"address":[603325],"length":1,"stats":{"Line":2},"fn_name":null},{"line":251,"address":[604126,603733,603862],"length":1,"stats":{"Line":4},"fn_name":null},{"line":254,"address":[603678],"length":1,"stats":{"Line":2},"fn_name":null},{"line":256,"address":[604020,604325],"length":1,"stats":{"Line":2},"fn_name":null},{"line":257,"address":[604459,604188],"length":1,"stats":{"Line":2},"fn_name":null},{"line":258,"address":[604771,604486,604360],"length":1,"stats":{"Line":2},"fn_name":null},{"line":259,"address":[604698],"length":1,"stats":{"Line":2},"fn_name":null},{"line":266,"address":[604832],"length":1,"stats":{"Line":1},"fn_name":"as_bytes_pki"},{"line":267,"address":[604849],"length":1,"stats":{"Line":1},"fn_name":null},{"line":270,"address":[604864],"length":1,"stats":{"Line":1},"fn_name":"from_bytes_pki"},{"line":274,"address":[605488,605461,604912],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":276,"address":[605399,605336,604937],"length":1,"stats":{"Line":3},"fn_name":null},{"line":282,"address":[605504,606169],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":286,"address":[605537,605785],"length":1,"stats":{"Line":2},"fn_name":null},{"line":287,"address":[605930,605756],"length":1,"stats":{"Line":4},"fn_name":null},{"line":288,"address":[606012],"length":1,"stats":{"Line":1},"fn_name":null},{"line":290,"address":[606108,606291,606195,605986],"length":1,"stats":{"Line":3},"fn_name":null},{"line":297,"address":[713760],"length":1,"stats":{"Line":1},"fn_name":"as_bytes_pki"},{"line":298,"address":[713790],"length":1,"stats":{"Line":1},"fn_name":null},{"line":301,"address":[713872],"length":1,"stats":{"Line":0},"fn_name":"from_bytes_pki"},{"line":302,"address":[713954,713914],"length":1,"stats":{"Line":0},"fn_name":null},{"line":304,"address":[713938],"length":1,"stats":{"Line":0},"fn_name":null},{"line":307,"address":[714303,714000,714338],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":309,"address":[714176,714241,714038],"length":1,"stats":{"Line":3},"fn_name":null},{"line":315,"address":[715049,714368],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":319,"address":[714649,714401],"length":1,"stats":{"Line":1},"fn_name":null},{"line":320,"address":[714794,714620],"length":1,"stats":{"Line":2},"fn_name":null},{"line":321,"address":[714876],"length":1,"stats":{"Line":1},"fn_name":null},{"line":323,"address":[715397,715211,715099],"length":1,"stats":{"Line":2},"fn_name":null},{"line":324,"address":[715143,714850,715075,714961],"length":1,"stats":{"Line":3},"fn_name":null},{"line":326,"address":[715111],"length":1,"stats":{"Line":0},"fn_name":null},{"line":334,"address":[848080],"length":1,"stats":{"Line":1},"fn_name":"as_bytes_pki"},{"line":335,"address":[848099],"length":1,"stats":{"Line":1},"fn_name":null},{"line":338,"address":[848192],"length":1,"stats":{"Line":0},"fn_name":"from_bytes_pki"},{"line":339,"address":[848234,848274],"length":1,"stats":{"Line":0},"fn_name":null},{"line":341,"address":[848258],"length":1,"stats":{"Line":0},"fn_name":null},{"line":344,"address":[848869,848896,848320],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":346,"address":[848807,848345,848744],"length":1,"stats":{"Line":3},"fn_name":null},{"line":352,"address":[848912,849589],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":356,"address":[848945,849193],"length":1,"stats":{"Line":1},"fn_name":null},{"line":357,"address":[849164,849338],"length":1,"stats":{"Line":2},"fn_name":null},{"line":358,"address":[849420],"length":1,"stats":{"Line":1},"fn_name":null},{"line":360,"address":[849937,849751,849639],"length":1,"stats":{"Line":2},"fn_name":null},{"line":361,"address":[849615,849683,849394,849505],"length":1,"stats":{"Line":3},"fn_name":null},{"line":363,"address":[849651],"length":1,"stats":{"Line":0},"fn_name":null}],"covered":111,"coverable":122},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","protocol.rs"],"content":"use crate::pki::{EPFCertificate, EPFPKI_PUBLIC_KEY_LENGTH};\n\nuse serde::{Deserialize, Serialize};\nuse std::error::Error;\nuse tokio::io::AsyncReadExt;\n\npub const PROTOCOL_VERSION: u32 = 1;\n\n#[derive(Serialize, Deserialize, Clone)]\npub struct EpfMessage {\n    pub packet_id: u32,\n    pub packet_data: Vec\u003cu8\u003e,\n}\n\npub const PACKET_CLIENT_HELLO: u32 = 1;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfClientHello {\n    pub protocol_version: u32,\n    pub client_random: [u8; 24],\n    pub client_certificate: Option\u003cEPFCertificate\u003e,\n    pub client_x25519_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n}\n\npub const PACKET_SERVER_HELLO: u32 = 2;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfServerHello {\n    pub protocol_version: u32,\n    pub server_certificate: EPFCertificate,\n    pub server_random: [u8; 16],\n    pub server_x25519_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n}\n\npub const PACKET_FINISHED: u32 = 3;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfFinished {\n    pub protocol_version: u32,\n    pub encrypted_0x42: Vec\u003cu8\u003e,\n}\n\npub const PACKET_APPLICATION_DATA: u32 = 4;\n\n#[derive(Serialize, Deserialize)]\npub struct EpfApplicationData {\n    pub protocol_version: u32,\n    pub encrypted_application_data: Vec\u003cu8\u003e,\n    pub nonce: [u8; 24],\n}\n\n#[derive(Clone)]\npub enum EpfClientState {\n    NotStarted,\n    WaitingForServerHello,\n    WaitingForFinished,\n    Transport,\n    Closed,\n}\n\n#[derive(Clone)]\npub enum EpfServerState {\n    WaitingForClientHello,\n    WaitingForFinished,\n    Transport,\n    Closed,\n}\n\npub fn encode_packet\u003cT: Serialize\u003e(\n    id: u32,\n    packet: \u0026T,\n) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n    let message_data = rmp_serde::to_vec(packet)?;\n    let message_wrapper = EpfMessage {\n        packet_id: id,\n        packet_data: message_data,\n    };\n    let mut packet_data = rmp_serde::to_vec(\u0026message_wrapper)?;\n\n    let mut packet = (packet_data.len() as u64).to_le_bytes().to_vec();\n    // Packet: 8-byte little-endian length prefix, packet data\n    packet.append(\u0026mut packet_data);\n    Ok(packet)\n}\n\npub async fn recv_packet\u003cC: AsyncReadExt + Unpin\u003e(\n    stream: \u0026mut C,\n) -\u003e Result\u003cEpfMessage, Box\u003cdyn Error\u003e\u003e {\n    let packet_length = stream.read_u64_le().await?;\n\n    let mut packet_data_buf = vec![0u8; packet_length as usize];\n    stream.read_exact(\u0026mut packet_data_buf).await?;\n    let message: EpfMessage = rmp_serde::from_slice(\u0026packet_data_buf)?;\n    Ok(message)\n}\n","traces":[{"line":69,"address":[1471552,1471474,1470432,1474873,1474834,1472594,1473792,1473753,1472672,1473714,1472633,1471513],"length":1,"stats":{"Line":4},"fn_name":"encode_packet\u003clibepf::protocol::EpfServerHello\u003e"},{"line":73,"address":[1470708,1472948,1470480,1473840,1471600,1471828,1474068,1472720],"length":1,"stats":{"Line":4},"fn_name":null},{"line":78,"address":[1472162,1471042,1472033,1470913,1473282,1474053,1470693,1474402,1474273,1472933,1473153,1471813],"length":1,"stats":{"Line":8},"fn_name":null},{"line":80,"address":[1471010,1473489,1472130,1471249,1474370,1473250,1472369,1474609],"length":1,"stats":{"Line":8},"fn_name":null},{"line":82,"address":[1473576,1471336,1474696,1472456],"length":1,"stats":{"Line":4},"fn_name":null},{"line":83,"address":[1473632,1474752,1471392,1472512],"length":1,"stats":{"Line":4},"fn_name":null},{"line":86,"address":[1474912],"length":1,"stats":{"Line":1},"fn_name":"recv_packet\u003ctokio::net::tcp::stream::TcpStream\u003e"},{"line":89,"address":[1475173,1475576,1475338,1475107,1475057],"length":1,"stats":{"Line":4},"fn_name":null},{"line":91,"address":[1475554],"length":1,"stats":{"Line":1},"fn_name":null},{"line":92,"address":[1475801,1476066,1475695,1475122],"length":1,"stats":{"Line":2},"fn_name":null},{"line":93,"address":[1476187,1476360,1476037],"length":1,"stats":{"Line":2},"fn_name":null},{"line":94,"address":[1476273],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":12,"coverable":12},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","util.rs"],"content":"use chrono::{DateTime, Utc};\nuse ed25519_dalek::{SigningKey, VerifyingKey};\nuse std::ops::Add;\nuse std::time::{Duration, SystemTime};\n\npub fn pretty_print_date(date: \u0026SystemTime) -\u003e String {\n    let datetime: DateTime\u003cUtc\u003e = (*date).into();\n    datetime.format(\"%Y-%m-%dT%H:%M:%S%.f%:z\").to_string()\n}\n\npub fn u64_to_st(unix: u64) -\u003e SystemTime {\n    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))\n}\n\npub fn verifying_key(key: \u0026[u8; 32]) -\u003e VerifyingKey {\n    VerifyingKey::from_bytes(key).unwrap()\n}\npub fn signing_key(key: \u0026[u8; 64]) -\u003e SigningKey {\n    SigningKey::from_keypair_bytes(key).unwrap()\n}\n","traces":[{"line":6,"address":[1396667,1396512],"length":1,"stats":{"Line":2},"fn_name":"pretty_print_date"},{"line":7,"address":[1396540],"length":1,"stats":{"Line":2},"fn_name":null},{"line":8,"address":[1396566],"length":1,"stats":{"Line":2},"fn_name":null},{"line":11,"address":[1396704],"length":1,"stats":{"Line":1},"fn_name":"u64_to_st"},{"line":12,"address":[1396713],"length":1,"stats":{"Line":1},"fn_name":null},{"line":15,"address":[1396768],"length":1,"stats":{"Line":3},"fn_name":"verifying_key"},{"line":16,"address":[1396793],"length":1,"stats":{"Line":3},"fn_name":null},{"line":18,"address":[1396848],"length":1,"stats":{"Line":1},"fn_name":"signing_key"},{"line":19,"address":[1396873],"length":1,"stats":{"Line":2},"fn_name":null}],"covered":9,"coverable":9}]};
     </script>
     <script crossorigin>/** @license React v16.13.1
  * react.production.min.js