Tests for 4.2 of PKITS #76
Conversation
|
Current dependencies on/for this PR:
This comment was auto-generated by Graphite. |
❌ Unreviewed dependencies found
|
Codecov Report
@@ Coverage Diff @@
## nick/pkits-integration-folder #76 +/- ##
================================================================
Coverage ? 97.85%
================================================================
Files ? 8
Lines ? 2008
Branches ? 0
================================================================
Hits ? 1965
Misses ? 43
Partials ? 0 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
nick-mobilecoin
requested review from
a team and
awygle
and removed request for
jcape and
a team
nick-mobilecoin
force-pushed
the
nick/pkits-integration-folder
branch
from
f9f8601
to
38ec517
Compare
nick-mobilecoin
force-pushed
the
nick/pkits-4.2
branch
from
d5e2776
to
673afbd
Compare
| Err(Error::CertificateNotYetValid) | ||
| ); | ||
| } | ||
|
|
There was a problem hiding this comment.
Suggest (an issue for) a version of the 4.2.3 test that confirms some behavior on pre-Unix certs (presumably an error from the DER encoder).
There was a problem hiding this comment.
Added a test case for 4.2.3.
I don't know if I'm scarred from dependabot, but if one has a better way to handle the date verification without pulling in another crate (chrono) I'm open to suggestions there.
|
|
||
| assert_eq!( | ||
| chain.signing_key(&root, unix_time, crls.as_slice()), | ||
| Err(Error::CertificateExpired) |
There was a problem hiding this comment.
This is more of a comment on the general API design but, shouldn't there be a way to differentiate between the error codes produced by 4.2.5 and 4.2.6? The corrective actions taken for "ICA expired" and "EE expired" are different, so it seems like Error::CertificateExpired might want to include a data member.
There was a problem hiding this comment.
I'm wonder about the same thing for signature failures as well, though less likely to happen.
It does feel like it would be nice to know which certificate was the issue. Since alloc is available here we could output the subject name as a String in the expired error, same for not before, and possibly others.
Fill in the tests for section 4.2 of PKITS. The test for 4.2.3 was omitted as it uses a time of 1950 but the DER decoder only supports times back to 1970 to work with `UNIX_EPOCH`
Fix copy pasta failure in test names Co-authored-by: awygle <awygle@gmail.com>
The test case for PKITS 4.2.3 uses a `UTCTime` of "1950-01-01T00:00:00", however the DER parsing logic is limited to the UNIX_EPOCH "1970-01-01". In order to ensure the proper date handling of 1970-2000 a lower level testing approach is used.
nick-mobilecoin
force-pushed
the
nick/pkits-integration-folder
branch
from
38ec517
to
ce93532
Compare
nick-mobilecoin
force-pushed
the
nick/pkits-4.2
branch
from
30cc3af
to
9751c54
Compare
|
punting on implementing x509 chain parsing logic. |
Fill in the tests for section 4.2 of PKITS. The test for 4.2.3 was
omitted as it uses a time of 1950 but the DER decoder only supports
times back to 1970 to work with
UNIX_EPOCH