add test for SBGP extension

thillux · thillux · commit e93ab39ae933 · 2023-10-12T15:51:57.000+02:00
Signed-off-by: Markus Theil &lt;theil.markus@gmail.com&gt;
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
@@ -1,4 +1,6 @@
 use std::cmp::Ordering;
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+use std::str::FromStr;
 
 use crate::asn1::{Asn1Object, Asn1OctetString, Asn1Time};
 use crate::bn::{BigNum, MsbOption};
@@ -11,7 +13,7 @@ use crate::ssl::SslFiletype;
 use crate::stack::Stack;
 use crate::x509::extension::{
     AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, SubjectAlternativeName,
-    SubjectKeyIdentifier,
+    SubjectKeyIdentifier, SbgpAsIdentifier, SbgpIpAddressIdentifier
 };
 #[cfg(not(boringssl))]
 use crate::x509::store::X509Lookup;
@@ -27,6 +29,7 @@ use crate::x509::{CrlReason, X509Builder};
 use crate::x509::{
     CrlStatus, X509Crl, X509Extension, X509Name, X509Req, X509StoreContext, X509VerifyResult, X509,
 };
+use crate::x509::sbgp::ExtractSBGPInfo;
 
 #[cfg(ossl110)]
 use foreign_types::ForeignType;
@@ -1177,3 +1180,46 @@ fn test_dist_point_null() {
     let cert = X509::from_pem(cert).unwrap();
     assert!(cert.crl_distribution_points().is_none());
 }
+
+#[test]
+fn test_sbgp_extensions_parsing() {
+    let cert = include_bytes!("../../test/rfc3779.pem");
+    let cert = X509::from_pem(cert).unwrap();
+
+    let asn_ranges = cert.asn().unwrap().ranges().unwrap();
+    assert_eq!(asn_ranges[0], (10,18));
+    assert_eq!(asn_ranges[1], (20,20));
+
+    let families = cert.ip_addresses().unwrap();
+    for family in families {
+        let ranges = family.range().unwrap();
+        for (ip_min, ip_max) in ranges {
+            if let (IpAddr::V6(a_v6_min), IpAddr::V6(a_v6_max)) = (ip_min, ip_max) {
+                assert_eq!(a_v6_min, Ipv6Addr::from_str("fd00::").unwrap());
+                assert_eq!(a_v6_max, Ipv6Addr::from_str("fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff").unwrap());
+            }
+            if let (IpAddr::V4(a_v4_min), IpAddr::V4(a_v4_max)) = (ip_min, ip_max) {
+                assert_eq!(a_v4_min, Ipv4Addr::from_str("10.0.0.0").unwrap());
+                assert_eq!(a_v4_max, Ipv4Addr::from_str("10.0.0.255").unwrap());
+            }
+        }
+    }
+}
+
+#[test]
+fn test_sbgp_extensions_builder() {
+    let mut builder = X509Builder::new().unwrap();
+    let asn_ext = SbgpAsIdentifier::new()
+        .critical()
+        .add_asn(32)
+        .add_asn_range(10,20)
+        .build(&builder.x509v3_context(None, None)).unwrap();
+    builder.append_extension(asn_ext).unwrap();
+
+    let mut ip_addr_ext = SbgpIpAddressIdentifier::new();
+    ip_addr_ext.critical();
+    ip_addr_ext.add_ipv6_addr_range(Ipv6Addr::from_str("fd00::").unwrap(), Ipv6Addr::from_str("fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff").unwrap());
+    ip_addr_ext.add_ipv4_addr_range(Ipv4Addr::from_str("10.0.0.0").unwrap(), Ipv4Addr::from_str("10.0.0.255").unwrap());
+    let build_ext = ip_addr_ext.build(&builder.x509v3_context(None, None)).unwrap();
+    builder.append_extension(build_ext).unwrap();
+}
diff --git a/openssl/test/rfc3779.pem b/openssl/test/rfc3779.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUdvq+8DcTNlDrHkAryL2UdkvghPcwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMUkZDMzc3OS1UZXN0MB4XDTIzMDgxMTEyMTkyN1oXDTMz
+MDgwODEyMTkyN1owFzEVMBMGA1UEAwwMUkZDMzc3OS1UZXN0MIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxkHmL2WyQn/wd0xh05YfBvZt93h9LcijUNPR
+9ALora5Z72yJcN2mf0umufJLhNi6oneJPpBx7kd07kksiqffjTu5DobnxwKt9yKh
+b3JqYFVhxkdqlTmf7G4k0aVAD2COgv9oEwTgrClU55cOLUEAZ1WZRjeeZvFYKQdP
+oT0Fp2aWH+NTqjPC/GUggnBTs+oUd5S2xyqhajSQNdF7rHspXcvW5a8e8Za8pJ51
+3wwSLGYatK8KJQrvPsW+RYxtTCKHps9TVFJxNm4IPiIdbKwvFETqmx0TDPpbE+Uj
+izBnNYGo94HVWuzHrfWyh95fXwo11YDYoQvLghXgv0xC0nWNFtnZkQunnyhhTZMk
+K+2N3NN8kMqD6B05LDeGOd5tT2t5iVot4b8Umem0G3XhqWdwKc2/uso86ld4v1wM
+Ce4VADl9dilJsmJzmoDuHxB1YH8bZk3/ugo31fRnaTlJ7OPK8+jpzHgMFEan6igh
+ZJI/FKjdzujXShdD6UsVh4UV34g0Uyv2PwCf3ProLojpaNfl+KRZ+axdwnhhdYNr
+Zh7npYZlePSzwZmwuLKBBFtSsxo6Ru9JamDmV/NnQQ2tuuv/AByzGsprlDC9NRIq
+aABHueqqMxccqpaqrmPKD4qhFZRUX4hDCWbXyqsADrKQXjont2Vta9vaVAlXa/xF
+I5AlRzUCAwEAAaOBozCBoDAdBgNVHQ4EFgQUzQnLoR8Fe8Nh7dtLa5M+IVNcnScw
+HwYDVR0jBBgwFoAUzQnLoR8Fe8Nh7dtLa5M+IVNcnScwDwYDVR0TAQH/BAUwAwEB
+/zArBggrBgEFBQcBBwEB/wQcMBowDAQCAAEwBgMEAAoAADAKBAIAAjAEAwIA/TAg
+BggrBgEFBQcBCAEB/wQRMA+gDTALMAYCAQoCARICARQwDQYJKoZIhvcNAQELBQAD
+ggIBAKz3jRS9Dq1pfW/lY2ChAG+tPaNH79f2pzsc+SieTVJ3tbCaAA///V7nzgyZ
+Yi3QjJVg8P+Ek0KnM3ScRLuiarWM/Vp9uXVdXZGMWJw+G5OJTFhDEXees6WxO/+8
+6u9OHp/nIai/w/FFjjw51mVAFcKm9W/izfDKT2HuZNQhCSDBXaVmqjfbBYHBopEn
+LUqUb6s3S0SM74NaSstff3W836n+iX3dy1SmmVnaA6tu7oIZKmwBTO6yZYc6FOX8
+BUSJzgoCWZLwTlV13G1WtpIG8ap4lEEMilSjU8LwOcfC/3GrWtXIiQp3+1iYaKmO
+zfU1axY+Vj2KerXbNOcTUQRazctKMvmd87Y2zuTnaQgwzs52257GlmVQj/K01w62
+UT4g84RZ+DvT74f534HK4Ik7lhQbgJO+HlmuED+2I/VPg0k1lpSkvY4zhne62P+l
+VAYFq7tOzZSFllZVdAi9UFZkt7s9zPkpU2ed9wNz34DExLWJFXWkgjPWZzRchlUj
+t69fpUcqe4is1wNEeOfVnKjyDfkVXBNqSvwkU/WMwazPjx+xV3qdi8rReDQmNx5L
+gbv30P1MGeCftOaab2rFvUDlcUE1iClWT8THAUj6E2kaHtP5VA2PKuJHhqsPLIG/
+a2o0h6q0lNq4WHZhNzHBa+wc0uPtNRdBgClD/fsgoRK/pAZQ
+-----END CERTIFICATE-----
