diff --git a/src/ext/sgx/icelake.csr b/src/ext/sgx/icelake.csr new file mode 100644 index 00000000..e397a228 Binary files /dev/null and b/src/ext/sgx/icelake.csr differ diff --git a/src/ext/snp/milan.csr b/src/ext/snp/milan.csr new file mode 100644 index 00000000..c7e70d42 Binary files /dev/null and b/src/ext/snp/milan.csr differ diff --git a/src/main.rs b/src/main.rs index fcc62e67..6f7e72da 100644 --- a/src/main.rs +++ b/src/main.rs @@ -511,15 +511,14 @@ mod tests { use der::{AnyRef, Encode}; use x509::attr::Attribute; use x509::request::{CertReq, CertReqInfo, ExtensionReq}; - #[cfg(feature = "insecure")] use x509::PkiPath; use x509::{ext::Extension, name::RdnSequence}; - #[cfg(feature = "insecure")] use axum::response::Response; use http::header::CONTENT_TYPE; use http::Request; use hyper::Body; + #[cfg(feature = "insecure")] use rstest::rstest; use tower::ServiceExt; // for `app.oneshot()` @@ -586,7 +585,6 @@ mod tests { } } - #[cfg(feature = "insecure")] async fn attest_response(state: State, response: Response, multi: bool) { let body = hyper::body::to_bytes(response.into_body()).await.unwrap(); @@ -714,6 +712,22 @@ mod tests { assert_eq!(output.issued.len(), five_crs.len()); } + #[tokio::test] + async fn sgx_canned_csr() { + let csr = include_bytes!("ext/sgx/icelake.csr"); + + let request = Request::builder() + .method("POST") + .uri("/") + .header(CONTENT_TYPE, PKCS10) + .body(Body::from(Bytes::from(csr.as_slice()))) + .unwrap(); + + let response = app(certificates_state()).oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + attest_response(certificates_state(), response, false).await; + } + #[cfg(feature = "insecure")] #[rstest] #[case(PKCS10, false)] @@ -773,6 +787,22 @@ mod tests { } } + #[tokio::test] + async fn snp_canned_csr() { + let csr = include_bytes!("ext/snp/milan.csr"); + + let request = Request::builder() + .method("POST") + .uri("/") + .header(CONTENT_TYPE, PKCS10) + .body(Body::from(Bytes::from(csr.as_slice()))) + .unwrap(); + + let response = app(certificates_state()).oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + attest_response(certificates_state(), response, false).await; + } + #[cfg(feature = "insecure")] #[rstest] #[case(PKCS10, false)]