//! Parsing implementation for Tor authority certificates

//!

//! An "authority certificate" is a short signed document that binds a

//! directory authority's permanent "identity key" to its medium-term

//! "signing key".  Using separate keys here enables the authorities

//! to keep their identity keys securely offline, while using the

//! signing keys to sign votes and consensuses.

use crate::batching_split_before::IteratorExt as _;

use crate::encode::{

    Bug, ItemArgument, ItemEncoder, ItemObjectEncodable, NetdocEncodable, NetdocEncoder,

};

use crate::parse::keyword::Keyword;

use crate::parse::parser::{Section, SectionRules};

use crate::parse::tokenize::{ItemResult, NetDocReader};

use crate::parse2::{

    self, ArgumentError, ArgumentStream, ItemArgumentParseable, ItemObjectParseable,

    NetdocUnverified as _, sig_hashes::Sha1WholeKeywordLine,

};

use crate::types::misc::{Fingerprint, Iso8601TimeSp, RsaPublicParse1Helper, RsaSha1Signature};

use crate::util::str::Extent;

use crate::{NetdocErrorKind as EK, NormalItemArgument, Result};

use tor_basic_utils::impl_debug_hex;

use tor_checkable::{signed, timed};

use tor_error::into_internal;

use tor_llcrypto::pk::rsa;

use tor_llcrypto::{d, pk, pk::rsa::RsaIdentity};

use std::sync::LazyLock;

use std::result::Result as StdResult;

use std::{net, time, time::Duration, time::SystemTime};

use derive_deftly::Deftly;

use digest::Digest;

#[cfg(feature = "build_docs")]

mod build;

#[cfg(feature = "build_docs")]

#[allow(deprecated)]

pub use build::AuthCertBuilder;

#[cfg(feature = "incomplete")]

mod encoded;

#[cfg(feature = "incomplete")]

pub use encoded::EncodedAuthCert;

decl_keyword! {

    pub(crate) AuthCertKwd {

        "dir-key-certificate-version" => DIR_KEY_CERTIFICATE_VERSION,

        "dir-address" => DIR_ADDRESS,

        "fingerprint" => FINGERPRINT,

        "dir-identity-key" => DIR_IDENTITY_KEY,

        "dir-key-published" => DIR_KEY_PUBLISHED,

        "dir-key-expires" => DIR_KEY_EXPIRES,

        "dir-signing-key" => DIR_SIGNING_KEY,

        "dir-key-crosscert" => DIR_KEY_CROSSCERT,

        "dir-key-certification" => DIR_KEY_CERTIFICATION,

    }

}

/// Rules about entries that must appear in an AuthCert, and how they must

/// be formed.

    use AuthCertKwd::*;

    );

/// A single directory authority key certificate

///

/// This is the body, not including signatures.

///

/// <https://spec.torproject.org/dir-spec/creating-key-certificates.html>

///

/// To make a fresh `AuthCert`, use [`AuthCertConstructor`].

#[derive(Clone, Debug, Deftly)]

#[derive_deftly(Constructor)]

#[derive_deftly(NetdocParseableUnverified, NetdocEncodable)]

#[cfg_attr(test, derive(PartialEq, Eq))]

#[allow(clippy::exhaustive_structs)]

pub struct AuthCert {

    /// Intro line

    ///

    /// Currently must be version 3.

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-certificate-version>

    #[deftly(constructor(default = AuthCertVersion::V3))]

    #[deftly(netdoc(single_arg))]

    pub dir_key_certificate_version: AuthCertVersion,

    /// An IPv4 address for this authority.

    #[deftly(netdoc(single_arg))]

    pub dir_address: Option<net::SocketAddrV4>,

    /// H(KP_auth_id_rsa)

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:fingerprint>

    #[deftly(constructor)]

    #[deftly(netdoc(single_arg))]

    pub fingerprint: Fingerprint,

    /// Declared time when this certificate was published

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-published>

    #[deftly(constructor)]

    #[deftly(netdoc(single_arg))]

    pub dir_key_published: Iso8601TimeSp,

    /// Declared time when this certificate expires.

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-expires>

    #[deftly(constructor)]

    #[deftly(netdoc(single_arg))]

    pub dir_key_expires: Iso8601TimeSp,

    /// KP_auth_id_rsa

    ///

    /// The long-term RSA identity key for this authority

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-identity-key>

    #[deftly(constructor)]

    pub dir_identity_key: rsa::PublicKey,

    /// KP_auth_sign_rsa

    ///

    /// The medium-term RSA signing key for this authority

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-signing-key>

    #[deftly(constructor)]

    pub dir_signing_key: rsa::PublicKey,

    /// SHA1(DER(KP_auth_id_rsa)) signed by KP_auth_sign_rsa

    ///

    /// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-crosscert>

    #[deftly(constructor)]

    pub dir_key_crosscert: CrossCert,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

/// Represents the version of an [`AuthCert`].

///

/// Single argument.

///

/// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-certificate-version>

#[derive(Debug, Clone, Copy, Hash, Eq, PartialEq, strum::EnumString, strum::Display)]

#[non_exhaustive]

pub enum AuthCertVersion {

    /// The current and only version understood.

    #[strum(serialize = "3")]

    V3,

}

impl NormalItemArgument for AuthCertVersion {}

/// A pair of key identities that identifies a certificate.

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Ord, PartialOrd)]

#[allow(clippy::exhaustive_structs)]

pub struct AuthCertKeyIds {

    /// Fingerprint of identity key

    pub id_fingerprint: rsa::RsaIdentity,

    /// Fingerprint of signing key

    pub sk_fingerprint: rsa::RsaIdentity,

}

/// An authority certificate whose signature and validity time we

/// haven't checked.

pub struct UncheckedAuthCert {

    /// Where we found this AuthCert within the string containing it.

    location: Option<Extent>,

    /// The actual unchecked certificate.

    c: signed::SignatureGated<timed::TimerangeBound<AuthCert>>,

}

impl UncheckedAuthCert {

    /// If this AuthCert was originally parsed from `haystack`, return its

    /// text.

    ///

    /// TODO: This is a pretty bogus interface; there should be a

    /// better way to remember where to look for this thing if we want

    /// it without keeping the input alive forever.  We should

    /// refactor.

}

impl AuthCert {

    /// Make an [`AuthCertBuilder`] object that can be used to

    /// construct authority certificates for testing.

    #[cfg(feature = "build_docs")]

    #[deprecated = "use AuthCertConstructor instead"]

    #[allow(deprecated)]

    /// Parse an authority certificate from a string.

    ///

    /// This function verifies the certificate's signatures, but doesn't

    /// check its expiration dates.

    /// Return an iterator yielding authority certificates from a string.

        use AuthCertKwd::*;

    /*

        /// Return true if this certificate is expired at a given time, or

        /// not yet valid at that time.

        pub fn is_expired_at(&self, when: time::SystemTime) -> bool {

            when < self.published || when > self.expires

        }

    */

    /// Return the signing key certified by this certificate.

    /// Return an AuthCertKeyIds object describing the keys in this

    /// certificate.

    /// Return an RsaIdentity for this certificate's identity key.

    /// Return the time when this certificate says it was published.

    /// Return the time when this certificate says it should expire.

    /// Parse an authority certificate from a reader.

        use AuthCertKwd::*;

        // Make sure first and last element are correct types.  We can

        // safely call unwrap() on first and last, since there are required

        // tokens in the rules, so we know that at least one token will have

        // been parsed.

            // Unwrap should be safe because `.parse()` would have already

            // returned an Error

            #[allow(clippy::unwrap_used)]

        };

            // Unwrap should be safe because `.parse()` would have already

            // returned an Error

            #[allow(clippy::unwrap_used)]

        };

        {

            // Check fingerprint for consistency with key.

        }

        // check crosscert

        let dir_key_crosscert;

            // Unwrap should be safe because `.parse()` and `required()` would

            // have already returned an Error

            #[allow(clippy::unwrap_used)]

            // we are required to support both.

            // TODO: we need to accept prefixes here. COMPAT BLOCKER.

        };

        // check the signature

            // Unwrap should be safe because `.parse()` would have already

            // returned an Error

            #[allow(clippy::unwrap_used)]

            #[allow(clippy::unwrap_used)]

            // TODO: we need to accept prefixes here. COMPAT BLOCKER.

        };

            }

        };

}

/// Parsing/encoding module for `AuthCertKeyIds` as found in `directory-signature`

///

/// Use with `#[deftly(netdoc(with = ...))]` when deriving

/// `ItemValueParseable` and `ItemValueEncodable`.

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:directory-signature>

//

// Currently the only use site is `netstatus::Signature`.

// If we find this is being used in many places, and is therefore a standard thing,

// we should arrange for the derives to be able to derive from an argument collection,

// and use that.

pub(crate) mod keyids_directory_signature_args {

    use super::*;

    use std::result::Result;

    /// Parse

        Ok(AuthCertKeyIds {

        })

    /// Encode

}

/// Pseudo-Signature of the long-term identity key by the medium-term key.

///

/// This type does not implement `SignatureItemParseable` because that trait

/// is reserved for signatures on *netdocs*, such as [`AuthCertSignature`].

/// As `CrossCert` does not sign a full document, it implements only

/// `ItemValueParseable`, instead.

///

/// Verification of this signature is done in `AuthCertUnverified::verify`,

/// and during parsing by the old parser.

/// So a `CrossCert` in [`AuthCert::dir_key_crosscert`] in a bare `AuthCert` has been validated.

//

// TODO SPEC (Diziet): it is far from clear to me that this cert serves any useful purpose.

// However, we are far too busy now with rewriting the universe to consider transitioning it away.

#[derive(Debug, Clone, PartialEq, Eq, Deftly)]

#[derive_deftly(ItemValueParseable, ItemValueEncodable)]

#[deftly(netdoc(no_extra_args))]

#[non_exhaustive]

pub struct CrossCert {

    /// The bytes of the signature (base64-decoded).

    #[deftly(netdoc(object))]

    pub signature: CrossCertObject,

}

/// Wrapper around [`Vec<u8>`] implementing [`ItemObjectParseable`] properly.

///

/// Unfortunately, this wrapper is necessary, because the specification

/// demands that these certificate objects must accept two labels:

/// `SIGNATURE` and `ID SIGNATURE`.  Because the deftly template for

/// `ItemValueParseable` only allows for a single label

/// (`#[deftly(netdoc(object(label = "LABEL")))]`), we must implement this

/// trait ourselves in order to allow multiple ones.

///

/// TODO: In the future, it might be nice to let the respective fmeta

/// accept a pattern, as pattern matching would allow trivially for one

/// to infinity different combinations.

/// TODO SPEC: Alternatively we could abolish the wrong labels,

/// or we could abolish Objects completely and just have long lines.

///

/// # Specifications

///

/// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-crosscert>

#[derive(Clone, PartialEq, Eq, derive_more::Deref)]

#[non_exhaustive]

pub struct CrossCertObject(pub Vec<u8>);

impl_debug_hex! { CrossCertObject . 0 }

impl CrossCert {

    /// Make a `CrossCert`

}

/// Signatures for [`AuthCert`]

///

/// Signed by [`AuthCert::dir_identity_key`] in order to prove ownership.

/// Can be seen as the opposite of [`AuthCert::dir_key_crosscert`].

///

/// # Specifications

///

/// * <https://spec.torproject.org/dir-spec/creating-key-certificates.html#item:dir-key-certification>

/// * <https://spec.torproject.org/dir-spec/netdoc.html#signing>

#[derive(Debug, Clone, PartialEq, Eq, Deftly)]

#[derive_deftly(NetdocParseableSignatures, NetdocEncodable)]

#[deftly(netdoc(signatures(hashes_accu = Sha1WholeKeywordLine)))]

#[non_exhaustive]

pub struct AuthCertSignatures {

    /// Contains the actual signature, see [`AuthCertSignatures`].

    pub dir_key_certification: RsaSha1Signature,

}

/// RSA signature for data in [`AuthCert`]

///

/// <https://spec.torproject.org/dir-spec/netdoc.html#signing>

///

/// Compatibility type alias for [`RsaSha1Signature`].

#[deprecated = "use RsaSha1Signature"]

pub type AuthCertSignature = RsaSha1Signature;

impl ItemObjectParseable for CrossCertObject {

        }

}

impl ItemObjectEncodable for CrossCertObject {

}

impl tor_checkable::SelfSigned<timed::TimerangeBound<AuthCert>> for UncheckedAuthCert {

    type Error = signature::Error;

}

impl AuthCertUnverified {

    /// Verifies the signature of a [`AuthCert`]

    ///

    /// # Algorithm

    ///

    /// 1. Check whether this comes from a valid authority in `v3idents`.

    /// 2. Check whether the timestamps are valid (± tolerance).

    /// 3. Check whether the fingerprint and long-term identity key match.

    /// 4. Check the cross-certificate (proof-of-ownership of signing key).

    /// 5. Check the outer certificate (proof-of-ownership of identity key).

    ///

    /// TODO: Replace `pre_tolerance` and `post_tolerance` with

    /// `tor_dircommon::config::DirTolerance` which is not possible at the

    /// moment due to a circular dependency of `tor-dircommon` depending

    /// upon `tor-netdoc`.

    ///

    /// TODO: Consider whether to try to deduplicate this signature checking

    /// somehow, wrt to [`UncheckedAuthCert`].

        // (1) Check whether this comes from a valid authority in `v3idents`.

        // (2) Check whether the timestamps are valid (± tolerance).

        // (3) Check whether the fingerprint and long-term identity key match.

        // (4) Check the cross-certificate (proof-of-ownership of signing key).

        // (5) Check the outer certificate (proof-of-ownership of identity key).

    /// Verify the signatures (and check validity times)

    ///

    /// The pre and post tolerance (time check allowances) used are both zero.

    ///

    /// # Security considerations

    ///

    /// The caller must check that the KP_auth_id is correct/relevant.

}

impl AuthCert {

    /// Make the base for a new `AuthCert`

    ///

    /// This contains only the mandatory fields (the ones in `AuthCertConstructor`).

    /// This method is an alternative to providing a `AuthCertConstructor` value display,

    /// and is convenient because an authcert contains much recapitulated information.

    ///

    /// # Example

    ///

    /// ```no_run

    /// # fn main() -> Result<(), anyhow::Error> {

    /// use tor_netdoc::doc::authcert::AuthCert;

    /// let (k_auth_id_rsa, k_auth_sign_rsa, published, expires) = todo!();

    /// let authcert = AuthCert {

    ///     dir_address: Some("192.0.2.17:7000".parse()?),

    ///     ..AuthCert::new_base(&k_auth_id_rsa, &k_auth_sign_rsa, published, expires)?

    /// };

    /// # Ok(())

    /// # }

    /// ```

    /// Encode this `AuthCert` and sign it with `k_auth_id_rsa`

    ///

    /// Yields the string representation of the signed, encoded, document,

    /// as an [`EncodedAuthCert`].

    // TODO these features are quite tangled

    // `EncodedAuthCert` is only available with `parse2` and `plain-consensus`

    #[cfg(feature = "incomplete")] // Needs EncodedAuthCert

        // This rechecks the invariants which ought to be true by construction.

        // That is convenient for the code here, and the perf implications are irrelevant.

}

#[cfg(test)]

mod test {

    // @@ begin test lint list maintained by maint/add_warning @@

    #![allow(clippy::bool_assert_comparison)]

    #![allow(clippy::clone_on_copy)]

    #![allow(clippy::dbg_macro)]

    #![allow(clippy::mixed_attributes_style)]

    #![allow(clippy::print_stderr)]

    #![allow(clippy::print_stdout)]

    #![allow(clippy::single_char_pattern)]

    #![allow(clippy::unwrap_used)]

    #![allow(clippy::unchecked_time_subtraction)]

    #![allow(clippy::useless_vec)]

    #![allow(clippy::needless_pass_by_value)]

    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->

    use super::*;

    use crate::{

        Pos,

        parse2::{ErrorProblem, ParseError, ParseInput, VerifyFailed, parse_netdoc},

        types,

    };

    use humantime::parse_rfc3339;

    use std::result::Result;

    use std::{

        net::{Ipv4Addr, SocketAddrV4},

        str::FromStr,

    };

    use tor_basic_utils::test_rng;

    const TESTDATA: &str = include_str!("../../testdata/authcert1.txt");

    fn bad_data(fname: &str) -> String {

        use std::fs;

        use std::path::PathBuf;

        let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));

        path.push("testdata");

        path.push("bad-certs");

        path.push(fname);

        fs::read_to_string(path).unwrap()

    }

    #[test]

    fn parse_one() -> crate::Result<()> {

        use tor_checkable::{SelfSigned, Timebound};

        let cert = AuthCert::parse(TESTDATA)?

            .check_signature()

            .unwrap()

            .dangerously_assume_timely();

        // Taken from TESTDATA

        assert_eq!(

            cert.id_fingerprint().to_string(),

            "$ed03bb616eb2f60bec80151114bb25cef515b226"

        );

        assert_eq!(

            cert.key_ids().sk_fingerprint.to_string(),

            "$c4f720e2c59f9ddd4867fff465ca04031e35648f"

        );

        Ok(())

    }

    #[test]

    fn parse_bad() {

        fn check(fname: &str, err: &crate::Error) {

            let contents = bad_data(fname);

            let cert = AuthCert::parse(&contents);

            assert!(cert.is_err());

            assert_eq!(&cert.err().unwrap(), err);

        }

        check(

            "bad-cc-tag",

            &EK::WrongObject.at_pos(Pos::from_line(27, 12)),

        );

        check(

            "bad-fingerprint",

            &EK::BadArgument

                .at_pos(Pos::from_line(2, 1))

                .with_msg("fingerprint does not match RSA identity"),

        );

        check(

            "bad-version",

            &EK::BadDocumentVersion.with_msg("unexpected version 4"),

        );

        check(

            "wrong-end",

            &EK::WrongEndingToken

                .with_msg("dir-key-crosscert")

                .at_pos(Pos::from_line(37, 1)),

        );

        check(

            "wrong-start",

            &EK::WrongStartingToken

                .with_msg("fingerprint")

                .at_pos(Pos::from_line(1, 1)),

        );

    }

    #[test]

    fn test_recovery_1() {

        let mut data = "<><><<><>\nfingerprint ABC\n".to_string();

        data += TESTDATA;

        let res: Vec<crate::Result<_>> = AuthCert::parse_multiple(&data).unwrap().collect();

        // We should recover from the failed case and read the next data fine.

        assert!(res[0].is_err());

        assert!(res[1].is_ok());

        assert_eq!(res.len(), 2);

    }

    #[test]

    fn test_recovery_2() {

        let mut data = bad_data("bad-version");

        data += TESTDATA;

        let res: Vec<crate::Result<_>> = AuthCert::parse_multiple(&data).unwrap().collect();

        // We should recover from the failed case and read the next data fine.

        assert!(res[0].is_err());

        assert!(res[1].is_ok());

        assert_eq!(res.len(), 2);

    }

    // === AUTHCERT D190BF3B00E311A9AEB6D62B51980E9B2109BAD1 ===

    // These values come from testdata2/keys/authority_certificate.

    const DIR_KEY_PUBLISHED: &str = "2000-01-01 00:00:05";

    const DIR_KEY_EXPIRES: &str = "2001-01-01 00:00:05";

    const FINGERPRINT: &str = "D190BF3B00E311A9AEB6D62B51980E9B2109BAD1";

    const DIR_ADDRESS: SocketAddrV4 = SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 7100);

    const DIR_IDENTITY_KEY: &str = "

-----BEGIN RSA PUBLIC KEY-----

MIIBigKCAYEAt0rXD+1gYwKFAxrO4uNHQ9dQVUOGx5FxkioYNSct5Z3JU00dTKNJ

jt4OGkFYwixWwk6KLDOiB+I/q9YIdA1NlQ5R3Hz8jjvFPVl0JQQm2LYzdSzv7/CZ

U1qq5rYeeoYKx8qMQg4q3WgR251GEnOG+rVqzFSs0oyC+SDfYn9iMt00/pmN3HXf

wmasY6BescVrYoDbnpkwKATizd4lzx5K8V8aXUXtd8qnYzSyHLlhiO1eufVX07YC

+AVHV7W7qCTY/4I5Sm0dQ9jF/r04JBHnpH+aae48JOjWDCZj9AINi3rCKS8XClGb

BB/LJidoQAZraQEEtu3Ql1mjdLreeyWfXpfZFvwKuYn44FtQsOT2TVAVNqNF8N4v

yfwfiPN6FQWlPyMCEB81HerCn03Zi5WgQLGo7PAeO4LFrLrU16DUC5/oJENeHs0T

27FZQyrlf0rAxiHh7TJKcjLmzeyxCQVQlr2AXXs28gKHV0AQnEcdrVOpTrquSCQQ

hWBehR+ct4OJAgMBAAE=

-----END RSA PUBLIC KEY-----

    ";

    const DIR_SIGNING_KEY: &str = "

-----BEGIN RSA PUBLIC KEY-----

MIIBCgKCAQEAtPF94+bThLI28kn6e+MmUECMMJ5UBlnQ+Mvwn8Zd85awPQTDz5Wu

13sZDN3nWnhgSuP5q/WDYc5GPPtQdSWBiG1nJA2XLgEHTHf29iGZ+jAoGfIMJvBV

1xN8baTnsha5LGx5BQ4UqzlUmoaPzwbjehnPd00FgVkpcCvKZu1HU7fGMVwn4MMh

zuxJTqTgfcuFWTEu0H0ukOFX+51ih6WO3GWYqRiqgU0Q5/Ets8ccCTq7ND9d2u1P

d7kQzUHbVP0KmYGK4qYntGDfP4g9SmpBoUUHyP3j9en9S6PMYv8m1YFO7M7JKu6Q

dQZfGTxj9C/0b/jRklgn5JlKAl9eJQvCdwIDAQAB

-----END RSA PUBLIC KEY-----

";

    const DIR_CROSS_CERT_OBJECT: &str = "

-----BEGIN ID SIGNATURE-----

NBaPdBNCNMah6cklrALzj0RdHymF/jPGOv9NmeqaXc0uTN06S/BlVM/xTjilu+dj

sjPuT0BQL4/ZWyZR+R+gJJojKYILSId4IQ1elzRSxpFN+u2u/ZEmS6SR2SwpA05A

btOYBKAmYkY6rLsTCbXGx3lAH2kAXfcrltCNKZXV6gqW7X379fiOnSId1OWhKPe1

/1p3pQGZxgb8FOT1kpHxOMRBClF9Ulm3d9fQZr80Wn73gZ2Bp1RXn9c7c/71HD1c

mzMT023bleZ574az+117yNAr6XbIgqQfzbySzVLPXM8ZN9BrGR40KDZ2638ZJjRu

8HK5TzuknWlkRv3hCyRX+g==

-----END ID SIGNATURE-----

";

    const AUTHCERT_RAW: &str = include_str!("../../testdata2/keys/authority_certificate");

    /// A system time in the range of [`DIR_KEY_PUBLISHED`] and [`DIR_KEY_EXPIRES`].

    ///

    /// Constructed by ourselves to have a time point we can use for testing

    /// timestamp verification.

    const VALID_SYSTEM_TIME: &str = "2000-06-01 00:00:00";

    // === AUTHCERT 0B8997614EC647C1C6B6A044E2B5408F0B823FB0 ===

    // This values come from ../../testdata2/cached-certs--1

    // A different authority certificate different from the one above.

    const ALTERNATIVE_AUTHCERT_RAW: &str = include_str!("../../testdata2/cached-certs--1");

    /// Converts a string in the [`Iso8601TimeSp`] format to [`SystemTime`].

    ///

    /// This functions panics in the case the input is malformatted.

    fn to_system_time(s: &str) -> SystemTime {

        Iso8601TimeSp::from_str(s).unwrap().0

    }

    /// Converts a PEM encoded RSA Public key to an [`rsa::PublicKey`].

    ///

    /// This function panics in the case the input is malformatted.

    fn pem_to_rsa_pk(s: &str) -> rsa::PublicKey {

        rsa::PublicKey::from_der(pem::parse(s).unwrap().contents()).unwrap()

    }

    /// Converts a hex-encoded RSA identity to an [`RsaIdentity`].

    ///

    /// This function panics in the case the input is malformatted.

    fn to_rsa_id(s: &str) -> RsaIdentity {

        RsaIdentity::from_hex(s).unwrap()

    }

    /// Tests whether a [`DirKeyCrossCert`] can be parsed properly.

    #[test]

    fn dir_auth_cross_cert() {

        #[derive(Debug, Clone, PartialEq, Eq, Deftly)]

        #[derive_deftly(NetdocParseable)]

        struct Dummy {

            dir_key_crosscert: CrossCert,

        }

        // "Encodes" a DIR_CROSS_CERT_OBJECT by simply removing the lines

        // indicating the BEGIN and END, as the purpose is to test multiple

        // labels.

        let encoded = DIR_CROSS_CERT_OBJECT

            .lines()

            .filter(|line| !line.starts_with("-----"))

            .collect::<Vec<_>>()

            .join("\n");

        let decoded = pem::parse(DIR_CROSS_CERT_OBJECT)

            .unwrap()

            .contents()

            .to_vec();

        // Try with `SIGNATURE`.

        let cert = format!(

            "dir-key-crosscert\n-----BEGIN SIGNATURE-----\n{encoded}\n-----END SIGNATURE-----"

        );

        let res = parse2::parse_netdoc::<Dummy>(&ParseInput::new(&cert, "")).unwrap();

        assert_eq!(

            res,

            Dummy {

                dir_key_crosscert: CrossCert {

                    signature: CrossCertObject(decoded.clone())

                }

            }

        );

        // Try with `ID SIGNATURE`.

        let cert = format!(

            "dir-key-crosscert\n-----BEGIN ID SIGNATURE-----\n{encoded}\n-----END ID SIGNATURE-----"

        );

        let res = parse2::parse_netdoc::<Dummy>(&ParseInput::new(&cert, "")).unwrap();

        assert_eq!(

            res,

            Dummy {

                dir_key_crosscert: CrossCert {

                    signature: CrossCertObject(decoded.clone())

                }

            }

        );

        // Try with different label and fail.

        let cert =

            format!("dir-key-crosscert\n-----BEGIN WHAT-----\n{encoded}\n-----END WHAT-----");

        let res = parse2::parse_netdoc::<Dummy>(&ParseInput::new(&cert, ""));

        match res {

            Err(ParseError {

                problem: ErrorProblem::ObjectIncorrectLabel,

                doctype: "dir-key-crosscert",

                file: _,

                lno: 1,

                column: None,

            }) => {}

            other => panic!("not expected error {other:#?}"),

        }

        // Try with extra args.

        let cert = format!(

            "dir-key-crosscert arg1\n-----BEGIN ID SIGNATURE-----\n{encoded}\n-----END ID SIGNATURE-----"

        );

        let res = parse2::parse_netdoc::<Dummy>(&ParseInput::new(&cert, ""));

        match res {

            Err(ParseError {

                problem: ErrorProblem::UnexpectedArgument { column: 19 },

                doctype: "dir-key-crosscert",

                file: _,

                lno: 1,

                column: Some(19),

            }) => {}

            other => panic!("not expected error {other:#?}"),

        }

    }

    #[test]

    fn dir_auth_cert() {

        let res =

            parse2::parse_netdoc::<AuthCertUnverified>(&ParseInput::new(AUTHCERT_RAW, "")).unwrap();

        assert_eq!(

            *res.inspect_unverified().0,

            AuthCert {

                dir_key_certificate_version: AuthCertVersion::V3,

                dir_address: Some(DIR_ADDRESS),

                fingerprint: types::Fingerprint(to_rsa_id(FINGERPRINT)),

                dir_key_published: Iso8601TimeSp(to_system_time(DIR_KEY_PUBLISHED)),

                dir_key_expires: Iso8601TimeSp(to_system_time(DIR_KEY_EXPIRES)),

                dir_identity_key: pem_to_rsa_pk(DIR_IDENTITY_KEY),

                dir_signing_key: pem_to_rsa_pk(DIR_SIGNING_KEY),

                dir_key_crosscert: CrossCert {

                    signature: CrossCertObject(

                        pem::parse(DIR_CROSS_CERT_OBJECT)

                            .unwrap()

                            .contents()

                            .to_vec()

                    )

                },

                __non_exhaustive: (),

            }

        );

    }

    #[test]

    fn dir_auth_signature() {

        let res =

            parse2::parse_netdoc::<AuthCertUnverified>(&ParseInput::new(AUTHCERT_RAW, "")).unwrap();

        // Test a valid signature.

        res.clone()

            .verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::ZERO,

                to_system_time(VALID_SYSTEM_TIME),

            )

            .unwrap();

        // Test with an invalid authority.

        assert_eq!(

            res.clone()

                .verify(

                    &[],

                    Duration::ZERO,

                    Duration::ZERO,

                    to_system_time(VALID_SYSTEM_TIME),

                )

                .unwrap_err(),

            VerifyFailed::InsufficientTrustedSigners

        );

        // Test a key too far in the future.

        assert_eq!(

            res.clone()

                .verify(

                    &[to_rsa_id(FINGERPRINT)],

                    Duration::ZERO,

                    Duration::ZERO,

                    SystemTime::UNIX_EPOCH,

                )

                .unwrap_err(),

            VerifyFailed::TooNew

        );

        // Test an almost too new.

        res.clone()

            .verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::ZERO,

                to_system_time(DIR_KEY_PUBLISHED),

            )

            .unwrap();

        // Now fail when we are 1s below ...

        assert_eq!(

            res.clone()

                .verify(

                    &[to_rsa_id(FINGERPRINT)],

                    Duration::ZERO,

                    Duration::ZERO,

                    to_system_time(DIR_KEY_PUBLISHED) - Duration::from_secs(1),

                )

                .unwrap_err(),

            VerifyFailed::TooNew

        );

        // ... but succeed again with a clock skew tolerance.

        res.clone()

            .verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::from_secs(1),

                Duration::ZERO,

                to_system_time(DIR_KEY_PUBLISHED) - Duration::from_secs(1),

            )

            .unwrap();

        // Test a key too old.

        assert_eq!(

            res.clone()

                .verify(

                    &[to_rsa_id(FINGERPRINT)],

                    Duration::ZERO,

                    Duration::ZERO,

                    SystemTime::UNIX_EPOCH

                        .checked_add(Duration::from_secs(2000000000))

                        .unwrap(),

                )

                .unwrap_err(),

            VerifyFailed::TooOld

        );

        // Test an almost too old.

        res.clone()

            .verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::ZERO,

                to_system_time(DIR_KEY_EXPIRES),

            )

            .unwrap();

        // Now fail when we are 1s above ...

        assert_eq!(

            res.clone()

                .verify(

                    &[to_rsa_id(FINGERPRINT)],

                    Duration::ZERO,

                    Duration::ZERO,

                    to_system_time(DIR_KEY_EXPIRES) + Duration::from_secs(1),

                )

                .unwrap_err(),

            VerifyFailed::TooOld

        );

        // ... but succeed again with a clock skew tolerance.

        res.clone()

            .verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::from_secs(1),

                to_system_time(DIR_KEY_EXPIRES) + Duration::from_secs(1),

            )

            .unwrap();

        // Check with non-matching fingerprint and long-term identity key.

        let mut cert =

            parse2::parse_netdoc::<AuthCertUnverified>(&ParseInput::new(AUTHCERT_RAW, "")).unwrap();

        let alternative_cert = parse2::parse_netdoc::<AuthCertUnverified>(&ParseInput::new(

            ALTERNATIVE_AUTHCERT_RAW,

            "",

        ))

        .unwrap();

        cert.body.dir_identity_key = alternative_cert.body.dir_identity_key.clone();

        assert_eq!(

            cert.verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::ZERO,

                to_system_time(VALID_SYSTEM_TIME),

            )

            .unwrap_err(),

            VerifyFailed::Inconsistent

        );

        // Check invalid cross-cert.

        let mut cert =

            parse2::parse_netdoc::<AuthCertUnverified>(&ParseInput::new(AUTHCERT_RAW, "")).unwrap();

        cert.body.dir_key_crosscert = alternative_cert.body.dir_key_crosscert.clone();

        assert_eq!(

            cert.verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::ZERO,

                to_system_time(VALID_SYSTEM_TIME),

            )

            .unwrap_err(),

            VerifyFailed::VerifyFailed

        );

        // Check outer signature.

        let mut cert =

            parse2::parse_netdoc::<AuthCertUnverified>(&ParseInput::new(AUTHCERT_RAW, "")).unwrap();

        cert.sigs = alternative_cert.sigs.clone();

        assert_eq!(

            cert.verify(

                &[to_rsa_id(FINGERPRINT)],

                Duration::ZERO,

                Duration::ZERO,

                to_system_time(VALID_SYSTEM_TIME),

            )

            .unwrap_err(),

            VerifyFailed::VerifyFailed

        );

    }

    #[test]

    fn keyids_for_directory_signature() -> anyhow::Result<()> {

        #[derive(Deftly)]

        #[derive_deftly(NetdocEncodable, NetdocParseable)]

        struct Doc {

            intro: (),

            ids: Item,

        }

        #[derive(Deftly)]

        #[derive_deftly(ItemValueEncodable, ItemValueParseable)]

        struct Item {

            #[deftly(netdoc(with = keyids_directory_signature_args))]

            ids: AuthCertKeyIds,

        }

        let text = r#"intro

ids 1234567812345678123456781234567812345678 ABCDABCDABCDABCDABCDABCDABCDABCDABCDABCD

"#;

        let doc = parse2::parse_netdoc::<Doc>(&ParseInput::new(text, "<text>"))?;

        let mut re_encode = NetdocEncoder::new();

        doc.encode_unsigned(&mut re_encode)?;

        let re_encode = re_encode.finish()?;

        assert_eq!(text, re_encode);

        Ok(())

    }

    #[test]

    #[cfg(feature = "incomplete")]

    fn roundtrip() -> Result<(), anyhow::Error> {

        let mut rng = test_rng::testing_rng();

        let k_auth_id_rsa = rsa::KeyPair::generate(&mut rng)?;

        let k_auth_sign_rsa = rsa::KeyPair::generate(&mut rng)?;

        let secs = |s| Duration::from_secs(s);

        let now = parse_rfc3339("1993-01-01T00:00:00Z")?;

        let published = now - secs(1000);

        let expires = published + secs(86400);

        let tolerance = secs(10);

        let input_value = AuthCert {

            dir_address: Some("192.0.2.17:7000".parse()?),

            ..AuthCert::new_base(&k_auth_id_rsa, &k_auth_sign_rsa, published, expires)?

        };

        dbg!(&input_value);

        let encoded = input_value.encode_sign(&k_auth_id_rsa)?;

        let reparsed_uv: AuthCertUnverified =

            parse_netdoc(&ParseInput::new(encoded.as_ref(), "<encoded>"))?;

        let reparsed_value = reparsed_uv.verify(

            &[k_auth_id_rsa.to_public_key().to_rsa_identity()],

            tolerance,

            tolerance,

            now,

        )?;

        dbg!(&reparsed_value);

        assert_eq!(input_value, reparsed_value);

        Ok(())

    }

}