trifid/trifid-pki/src/test.rs

#![allow(clippy::unwrap_used)]
#![allow(clippy::expect_used)]

use std::fs;
use crate::netmask;
use std::net::Ipv4Addr;
use std::ops::Add;
use std::time::{Duration, SystemTime, SystemTimeError, UNIX_EPOCH};
use ipnet::Ipv4Net;
use crate::cert::{deserialize_nebula_certificate, NebulaCertificate, NebulaCertificateDetails};
use std::str::FromStr;

/// This is a cert that we (e3team) actually use in production, and it's a known-good certificate.
pub const KNOWN_GOOD_CERT: &[u8; 258] = b"-----BEGIN NEBULA CERTIFICATE-----\nCkkKF2UzdGVhbSBJbnRlcm5hbCBOZXR3b3JrKJWev5wGMJWFxKsGOiCvpwoHyKY5\n8Q5+2XxDjtoCf/zlNY/EUdB8bwXQSwEo50ABEkB0Dx76lkMqc3IyH5+ml2dKjTyv\nB4Jiw6x3abf5YZcf8rDuVEgQpvFdJmo3xJyIb3C9vKZ6kXsUxjw6s1JdWgkA\n-----END NEBULA CERTIFICATE-----";

#[test]
fn certificate_serialization() {
    let before = round_systime_to_secs(SystemTime::now() - Duration::from_secs(60)).unwrap();
    let after = round_systime_to_secs(SystemTime::now() + Duration::from_secs(60)).unwrap();
    let pub_key = b"1234567890abcedfghij1234567890ab";

    let cert = NebulaCertificate {
        details: NebulaCertificateDetails {
            name: "testing".to_string(),
            ips: vec![
                netmask!("10.1.1.1", "255.255.255.0"),
                netmask!("10.1.1.2", "255.255.0.0"),
                netmask!("10.1.1.3", "255.0.0.0")
            ],
            subnets: vec![
                netmask!("9.1.1.1", "255.255.255.128"),
                netmask!("9.1.1.2", "255.255.255.0"),
                netmask!("9.1.1.3", "255.255.0.0")
            ],
            groups: vec!["test-group1".to_string(), "test-group2".to_string(), "test-group3".to_string()],
            not_before: before,
            not_after: after,
            public_key: *pub_key,
            is_ca: false,
            issuer: "1234567890abcedfabcd1234567890ab".to_string(),
        },
        signature: b"1234567890abcedfghij1234567890ab".to_vec(),
    };

    let bytes = cert.serialize().unwrap();

    fs::write("bad.hex.crt", hex::encode(bytes.clone())).unwrap();

    let deserialized = deserialize_nebula_certificate(&bytes).unwrap();
/*
assert.Equal(t, nc.Details.Name, nc2.Details.Name)
	assert.Equal(t, nc.Details.NotBefore, nc2.Details.NotBefore)
	assert.Equal(t, nc.Details.NotAfter, nc2.Details.NotAfter)
	assert.Equal(t, nc.Details.PublicKey, nc2.Details.PublicKey)
	assert.Equal(t, nc.Details.IsCA, nc2.Details.IsCA)
 */
    assert_eq!(cert.signature, deserialized.signature);
    assert_eq!(cert.details.name, deserialized.details.name);
    assert_eq!(cert.details.not_before, deserialized.details.not_before);
    assert_eq!(cert.details.not_after, deserialized.details.not_after);
    assert_eq!(cert.details.public_key, deserialized.details.public_key);
}

#[macro_export]
macro_rules! netmask {
    ($ip:expr,$mask:expr) => {
        Ipv4Net::with_netmask(Ipv4Addr::from_str($ip).unwrap(), Ipv4Addr::from_str($mask).unwrap()).unwrap()
    };
}

fn round_systime_to_secs(time: SystemTime) -> Result<SystemTime, SystemTimeError> {
    let secs = time.duration_since(UNIX_EPOCH)?.as_secs();
    Ok(SystemTime::UNIX_EPOCH.add(Duration::from_secs(secs)))
}
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`#![allow(clippy::unwrap_used)]`
			`#![allow(clippy::expect_used)]`

certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`use std::fs;`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`use crate::netmask;`
			`use std::net::Ipv4Addr;`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`use std::ops::Add;`
			`use std::time::{Duration, SystemTime, SystemTimeError, UNIX_EPOCH};`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`use ipnet::Ipv4Net;`
			`use crate::cert::{deserialize_nebula_certificate, NebulaCertificate, NebulaCertificateDetails};`
			`use std::str::FromStr;`

certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`/// This is a cert that we (e3team) actually use in production, and it's a known-good certificate.`
			`pub const KNOWN_GOOD_CERT: &[u8; 258] = b"-----BEGIN NEBULA CERTIFICATE-----\nCkkKF2UzdGVhbSBJbnRlcm5hbCBOZXR3b3JrKJWev5wGMJWFxKsGOiCvpwoHyKY5\n8Q5+2XxDjtoCf/zlNY/EUdB8bwXQSwEo50ABEkB0Dx76lkMqc3IyH5+ml2dKjTyv\nB4Jiw6x3abf5YZcf8rDuVEgQpvFdJmo3xJyIb3C9vKZ6kXsUxjw6s1JdWgkA\n-----END NEBULA CERTIFICATE-----";`

so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`#[test]`
			`fn certificate_serialization() {`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`let before = round_systime_to_secs(SystemTime::now() - Duration::from_secs(60)).unwrap();`
			`let after = round_systime_to_secs(SystemTime::now() + Duration::from_secs(60)).unwrap();`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`let pub_key = b"1234567890abcedfghij1234567890ab";`

			`let cert = NebulaCertificate {`
			`details: NebulaCertificateDetails {`
			`name: "testing".to_string(),`
			`ips: vec![`
			`netmask!("10.1.1.1", "255.255.255.0"),`
			`netmask!("10.1.1.2", "255.255.0.0"),`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`netmask!("10.1.1.3", "255.0.0.0")`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`],`
			`subnets: vec![`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`netmask!("9.1.1.1", "255.255.255.128"),`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`netmask!("9.1.1.2", "255.255.255.0"),`
			`netmask!("9.1.1.3", "255.255.0.0")`
			`],`
			`groups: vec!["test-group1".to_string(), "test-group2".to_string(), "test-group3".to_string()],`
			`not_before: before,`
			`not_after: after,`
			`public_key: *pub_key,`
			`is_ca: false,`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`issuer: "1234567890abcedfabcd1234567890ab".to_string(),`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`},`
some test updates 2023-02-27 02:59:46 +00:00			`signature: b"1234567890abcedfghij1234567890ab".to_vec(),`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`};`

			`let bytes = cert.serialize().unwrap();`

certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`fs::write("bad.hex.crt", hex::encode(bytes.clone())).unwrap();`

so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`let deserialized = deserialize_nebula_certificate(&bytes).unwrap();`
			`/*`
			`assert.Equal(t, nc.Details.Name, nc2.Details.Name)`
			`assert.Equal(t, nc.Details.NotBefore, nc2.Details.NotBefore)`
			`assert.Equal(t, nc.Details.NotAfter, nc2.Details.NotAfter)`
			`assert.Equal(t, nc.Details.PublicKey, nc2.Details.PublicKey)`
			`assert.Equal(t, nc.Details.IsCA, nc2.Details.IsCA)`
			`*/`
			`assert_eq!(cert.signature, deserialized.signature);`
			`assert_eq!(cert.details.name, deserialized.details.name);`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`assert_eq!(cert.details.not_before, deserialized.details.not_before);`
			`assert_eq!(cert.details.not_after, deserialized.details.not_after);`
			`assert_eq!(cert.details.public_key, deserialized.details.public_key);`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`}`

			`#[macro_export]`
			`macro_rules! netmask {`
			`($ip:expr,$mask:expr) => {`
			`Ipv4Net::with_netmask(Ipv4Addr::from_str($ip).unwrap(), Ipv4Addr::from_str($mask).unwrap()).unwrap()`
			`};`
certs be good now (maybe) 2023-02-27 15:04:10 +00:00			`}`

			`fn round_systime_to_secs(time: SystemTime) -> Result<SystemTime, SystemTimeError> {`
			`let secs = time.duration_since(UNIX_EPOCH)?.as_secs();`
			`Ok(SystemTime::UNIX_EPOCH.add(Duration::from_secs(secs)))`
so many lines of totally untested code 2023-02-27 02:58:45 +00:00			`}`