Test with PKCS#8 keys

kazk · kazk · commit 01337348b5ed · 2021-12-10T21:51:58.000-08:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,5 +36,6 @@ openssl-src = { version = "300.0.3", optional = true }
 
 [dev-dependencies]
 pem = "1.0"
+rsa = { version = "0.5.0", features = ["alloc", "pem", "std"] }
 tempfile = "3.0"
 test-cert-gen = "0.7"
diff --git a/src/lib.rs b/src/lib.rs
@@ -123,6 +123,8 @@ mod imp;
 
 #[cfg(test)]
 mod test;
+#[cfg(test)]
+extern crate rsa;
 
 /// A typedef of the result-type returned by many methods.
 pub type Result<T> = result::Result<T, Error>;
diff --git a/src/test.rs b/src/test.rs
@@ -351,7 +351,7 @@ fn import_same_identity_multiple_times() {
     ));
 
     let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
-    let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes();
+    let key = rsa_to_pkcs8(&key_to_pem(keys.server.cert_and_key.key.get_der())).into_bytes();
     let _ = p!(Identity::from_pkcs8(&cert, &key));
     let _ = p!(Identity::from_pkcs8(&cert, &key));
 }
@@ -429,7 +429,7 @@ fn alpn_google_none() {
 fn server_pkcs8() {
     let keys = test_cert_gen::keys();
     let cert = keys.server.cert_and_key.cert.to_pem().into_bytes();
-    let key = key_to_pem(keys.server.cert_and_key.key.get_der()).into_bytes();
+    let key = rsa_to_pkcs8(&key_to_pem(keys.server.cert_and_key.key.get_der())).into_bytes();
 
     let ident = Identity::from_pkcs8(&cert, &key).unwrap();
     let ident2 = ident.clone();
@@ -476,7 +476,7 @@ fn server_pkcs8() {
 fn two_servers() {
     let keys1 = test_cert_gen::gen_keys();
     let cert = keys1.server.cert_and_key.cert.to_pem().into_bytes();
-    let key = key_to_pem(keys1.server.cert_and_key.key.get_der()).into_bytes();
+    let key = rsa_to_pkcs8(&key_to_pem(keys1.server.cert_and_key.key.get_der())).into_bytes();
     let identity = p!(Identity::from_pkcs8(&cert, &key));
     let builder = TlsAcceptor::builder(identity);
     let builder = p!(builder.build());
@@ -497,7 +497,7 @@ fn two_servers() {
 
     let keys2 = test_cert_gen::gen_keys();
     let cert = keys2.server.cert_and_key.cert.to_pem().into_bytes();
-    let key = key_to_pem(keys2.server.cert_and_key.key.get_der()).into_bytes();
+    let key = rsa_to_pkcs8(&key_to_pem(keys2.server.cert_and_key.key.get_der())).into_bytes();
     let identity = p!(Identity::from_pkcs8(&cert, &key));
     let builder = TlsAcceptor::builder(identity);
     let builder = p!(builder.build());
@@ -552,3 +552,11 @@ fn key_to_pem(der: &[u8]) -> String {
         contents: der.to_owned(),
     })
 }
+
+fn rsa_to_pkcs8(pem: &str) -> String {
+    use rsa::{pkcs1::FromRsaPrivateKey, pkcs8::ToPrivateKey, RsaPrivateKey};
+    let pkey = RsaPrivateKey::from_pkcs1_pem(pem).unwrap();
+    let pkcs8_pem = pkey.to_pkcs8_pem().unwrap();
+    let pkcs8_pem: &str = pkcs8_pem.as_ref();
+    pkcs8_pem.to_owned()
+}
