use rpki::data_model::tal::{Tal, TalDecodeError, TalParseError, TalProfileError}; fn mk_tal(uris: &[&str], b64_lines: &[&str]) -> String { let mut out = String::new(); out.push_str("# comment\n"); for u in uris { out.push_str(u); out.push('\n'); } out.push('\n'); // separator for l in b64_lines { out.push_str(l); out.push('\n'); } out } #[test] fn tal_rejects_missing_separator() { let s = "# c\nhttps://example.invalid/ta.cer\nAAAA\n"; assert!(matches!( Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::Validate( TalProfileError::MissingSeparatorEmptyLine )) )); } #[test] fn tal_rejects_missing_uris() { let s = "# c\n\nAAAA\n"; assert!(matches!( Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::Validate(TalProfileError::MissingTaUris)) )); } #[test] fn tal_rejects_unsupported_scheme() { let s = mk_tal(&["ftp://example.invalid/ta.cer"], &["AAAA"]); assert!(matches!( Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::Validate( TalProfileError::UnsupportedUriScheme(_) )) )); } #[test] fn tal_rejects_directory_uri() { let s = mk_tal(&["https://example.invalid/dir/"], &["AAAA"]); assert!(matches!( Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::Validate(TalProfileError::UriIsDirectory(_))) )); } #[test] fn tal_rejects_comment_after_header() { let s = "# c\nhttps://example.invalid/ta.cer\n# late\n\nAAAA\n"; assert!(matches!( Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::Validate( TalProfileError::CommentAfterHeader )) )); } #[test] fn tal_rejects_invalid_base64() { let s = mk_tal(&["https://example.invalid/ta.cer"], &["not-base64!!!"]); assert!(matches!( Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::Validate(TalProfileError::SpkiBase64Decode)) )); } #[test] fn tal_rejects_invalid_utf8() { let bytes = [0xFFu8, 0xFEu8]; assert!(matches!( Tal::decode_bytes(&bytes), Err(TalDecodeError::Parse(TalParseError::InvalidUtf8)) )); }