diff --git a/src/lib.rs b/src/lib.rs index efcede1..0969494 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -257,65 +257,82 @@ pub enum KeyTransformationError { ToSEC1 { value: String }, } -// #[cfg(test)] -// mod tests { -// use std::collections::BTreeMap; +#[cfg(test)] +mod tests { + use std::collections::BTreeMap; -// use base64::prelude::*; -// use isomdl::{ -// definitions::device_request::{self, DataElements}, -// presentation::reader, -// }; -// use p256::ecdsa::signature::{SignatureEncoding, Signer}; + use base64::prelude::*; + use isomdl::{ + definitions::{ + device_request::{self, DataElements}, + x509::trust_anchor::TrustAnchorRegistry, + }, + presentation::reader, + }; + use p256::ecdsa::signature::{SignatureEncoding, Signer}; -// use super::*; + use super::*; -// #[test] -// fn end_to_end_ble_presentment() { -// let mdoc_b64 = include_str!("../tests/res/mdoc.b64"); -// let mdoc_bytes = BASE64_STANDARD.decode(mdoc_b64).unwrap(); -// let mdoc = MDoc::from_cbor(mdoc_bytes).unwrap(); -// let key: p256::ecdsa::SigningKey = -// p256::SecretKey::from_sec1_pem(include_str!("../tests/res/sec1.pem")) -// .unwrap() -// .into(); -// let session_data = initialise_session(mdoc, Uuid::new_v4()).unwrap(); -// let namespaces: device_request::Namespaces = [( -// "org.iso.18013.5.1".to_string(), -// [ -// ("given_name".to_string(), true), -// ("family_name".to_string(), false), -// ] -// .into_iter() -// .collect::>() -// .try_into() -// .unwrap(), -// )] -// .into_iter() -// .collect::>() -// .try_into() -// .unwrap(); -// let (mut reader_session_manager, request, _ble_ident) = -// reader::SessionManager::establish_session(session_data.qr_code_uri, namespaces.clone()) -// .unwrap(); -// // let request = reader_session_manager.new_request(namespaces).unwrap(); -// let request_data = handle_request(session_data.state, request).unwrap(); -// let permitted_items = [( -// "org.iso.18013.5.1.mDL".to_string(), -// [( -// "org.iso.18013.5.1".to_string(), -// vec!["given_name".to_string()], -// )] -// .into_iter() -// .collect(), -// )] -// .into_iter() -// .collect(); -// let signing_payload = -// submit_response(request_data.session_manager.clone(), permitted_items).unwrap(); -// let signature: p256::ecdsa::Signature = key.sign(&signing_payload); -// let response = -// submit_signature(request_data.session_manager, signature.to_der().to_vec()).unwrap(); -// reader_session_manager.handle_response(&response).unwrap(); -// } -// } + #[test] + fn end_to_end_ble_presentment() { + let mdoc_b64 = include_str!("../tests/res/mdoc.b64"); + let mdoc_bytes = BASE64_STANDARD.decode(mdoc_b64).unwrap(); + let mdoc = MDoc::from_cbor(mdoc_bytes).unwrap(); + let key: p256::ecdsa::SigningKey = + p256::SecretKey::from_sec1_pem(include_str!("../tests/res/sec1.pem")) + .unwrap() + .into(); + let session_data = initialise_session(mdoc, Uuid::new_v4()).unwrap(); + let namespaces: device_request::Namespaces = [( + "org.iso.18013.5.1".to_string(), + [ + ("given_name".to_string(), true), + ("family_name".to_string(), false), + ] + .into_iter() + .collect::>() + .try_into() + .unwrap(), + )] + .into_iter() + .collect::>() + .try_into() + .unwrap(); + let trust_anchor = TrustAnchorRegistry::iaca_registry_from_str(vec![include_str!( + "../tests/res/issuer-cert.pem" + ) + .to_string()]) + .unwrap(); + let (mut reader_session_manager, request, _ble_ident) = + reader::SessionManager::establish_session( + session_data.qr_code_uri, + namespaces.clone(), + Some(trust_anchor), + ) + .unwrap(); + // let request = reader_session_manager.new_request(namespaces).unwrap(); + let request_data = handle_request(session_data.state, request).unwrap(); + let permitted_items = [( + "org.iso.18013.5.1.mDL".to_string(), + [( + "org.iso.18013.5.1".to_string(), + vec!["given_name".to_string()], + )] + .into_iter() + .collect(), + )] + .into_iter() + .collect(); + let signing_payload = + submit_response(request_data.session_manager.clone(), permitted_items).unwrap(); + let signature: p256::ecdsa::Signature = key.sign(&signing_payload); + let response = + submit_signature(request_data.session_manager, signature.to_der().to_vec()).unwrap(); + // Root cert is expired + let mut errors = reader_session_manager.handle_response(&response).errors; + let (k, v) = errors.pop_first().unwrap(); + assert_eq!(k, "certificate_errors"); + assert_eq!(v.as_array().unwrap().len(), 1); + assert_eq!(errors, BTreeMap::default()); + } +} diff --git a/tests/res/issuer-cert.pem b/tests/res/issuer-cert.pem new file mode 100644 index 0000000..5e4c680 --- /dev/null +++ b/tests/res/issuer-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCArqgAwIBAgIUcNjfsRctLizp55XN8+FWBSLE0uYwCgYIKoZIzj0EAwIw +ajELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMRswGQYDVQQKDBJTcHJ1Y2VJRCBU +ZXN0IFJvb3QxMTAvBgNVBAMMKFNwcnVjZUlEIFRlc3QgQ2VydGlmaWNhdGUgUm9v +dCBQYXJpczIwMjMwHhcNMjMxMjAxMTUxMjA4WhcNMjMxMjMxMTUxMjA4WjBqMQsw +CQYDVQQGEwJVUzELMAkGA1UECAwCTlkxGzAZBgNVBAoMElNwcnVjZUlEIFRlc3Qg +Um9vdDExMC8GA1UEAwwoU3BydWNlSUQgVGVzdCBDZXJ0aWZpY2F0ZSBSb290IFBh +cmlzMjAyMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD1/+ffmDpngHzroJ1Kn +0YvEwhw9Rgv0dl4qfN2jXZjPQ1T+zRYlEacSIATQ5o+FWaHQ6Is/wRkjvZeksqb9 +YWCjggE8MIIBODAdBgNVHQ4EFgQU5xn7tyLS9unEonXA5D2Jm/9ERcAwgZEGA1Ud +IwSBiTCBhqFupGwwajELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMRswGQYDVQQK +DBJTcHJ1Y2VJRCBUZXN0IFJvb3QxMTAvBgNVBAMMKFNwcnVjZUlEIFRlc3QgQ2Vy +dGlmaWNhdGUgUm9vdCBQYXJpczIwMjOCFHDY37EXLS4s6eeVzfPhVgUixNLmMBIG +A1UdEwEB/wQIMAYBAf8CAQAwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cHM6Ly9pbnRl +cm9wZXZlbnQuc3BydWNlaWQuY29tL2ludGVyb3AuY3JsMA4GA1UdDwEB/wQEAwIB +BjAfBgNVHRIEGDAWgRRpbnRlcm9wQHNwcnVjZWlkLmNvbTAKBggqhkjOPQQDAgNH +ADBEAiBCZjl9NAeNpBQ0hL5ksB1ucQtrdUwY5DzFcqMOQ7XRYgIgZ/WmmOLwOY0f +MvZZ/8dp0GjqlOqLvSMSW4sFzH1qw1M= +-----END CERTIFICATE-----