38 lines
1.7 KiB
Rust
38 lines
1.7 KiB
Rust
use rpki::data_model::ta::TrustAnchor;
|
|
use rpki::data_model::tal::Tal;
|
|
use rpki::fetch::http::{BlockingHttpFetcher, HttpFetcherConfig};
|
|
use rpki::validation::ca_instance::ca_instance_uris_from_ca_certificate;
|
|
use rpki::validation::from_tal::discover_root_ca_instance_from_tal_url;
|
|
|
|
const APNIC_TAL_URL: &str = "https://tal.apnic.net/tal-archive/apnic-rfc7730-https.tal";
|
|
|
|
#[test]
|
|
#[ignore = "live network smoke test (APNIC TAL)"]
|
|
fn apnic_tal_downloads_and_binds_to_ta_certificate() {
|
|
let fetcher = BlockingHttpFetcher::new(HttpFetcherConfig::default()).expect("build fetcher");
|
|
|
|
let tal_bytes = fetcher.fetch_bytes(APNIC_TAL_URL).expect("download TAL");
|
|
let tal = Tal::decode_bytes(&tal_bytes).expect("decode TAL");
|
|
|
|
let ta_uri = tal.ta_uris.first().expect("TAL has TA URIs").clone();
|
|
let ta_bytes = fetcher
|
|
.fetch_bytes(ta_uri.as_str())
|
|
.expect("download TA cert");
|
|
|
|
let trust_anchor = TrustAnchor::bind_der(tal, &ta_bytes, Some(&ta_uri)).expect("bind");
|
|
|
|
let ca_uris = ca_instance_uris_from_ca_certificate(&trust_anchor.ta_certificate.rc_ca)
|
|
.expect("extract CA instance URIs");
|
|
assert!(ca_uris.rsync_base_uri.starts_with("rsync://"));
|
|
assert!(ca_uris.manifest_rsync_uri.starts_with("rsync://"));
|
|
}
|
|
|
|
#[test]
|
|
#[ignore = "live network smoke test (APNIC TAL)"]
|
|
fn apnic_tal_discovery_api_smoke() {
|
|
let fetcher = BlockingHttpFetcher::new(HttpFetcherConfig::default()).expect("build fetcher");
|
|
let d = discover_root_ca_instance_from_tal_url(&fetcher, APNIC_TAL_URL).expect("discover");
|
|
assert!(d.ca_instance.rsync_base_uri.starts_with("rsync://"));
|
|
assert!(d.ca_instance.manifest_rsync_uri.starts_with("rsync://"));
|
|
}
|