rpki/tests/test_tal_decode_errors.rs

use rpki::data_model::tal::{Tal, TalDecodeError, TalParseError, TalProfileError};

fn mk_tal(uris: &[&str], b64_lines: &[&str]) -> String {
    let mut out = String::new();
    out.push_str("# comment\n");
    for u in uris {
        out.push_str(u);
        out.push('\n');
    }
    out.push('\n'); // separator
    for l in b64_lines {
        out.push_str(l);
        out.push('\n');
    }
    out
}

#[test]
fn tal_rejects_missing_separator() {
    let s = "# c\nhttps://example.invalid/ta.cer\nAAAA\n";
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::Validate(
            TalProfileError::MissingSeparatorEmptyLine
        ))
    ));
}

#[test]
fn tal_rejects_missing_uris() {
    let s = "# c\n\nAAAA\n";
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::Validate(TalProfileError::MissingTaUris))
    ));
}

#[test]
fn tal_rejects_unsupported_scheme() {
    let s = mk_tal(&["ftp://example.invalid/ta.cer"], &["AAAA"]);
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::Validate(
            TalProfileError::UnsupportedUriScheme(_)
        ))
    ));
}

#[test]
fn tal_rejects_directory_uri() {
    let s = mk_tal(&["https://example.invalid/dir/"], &["AAAA"]);
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::Validate(TalProfileError::UriIsDirectory(_)))
    ));
}

#[test]
fn tal_rejects_comment_after_header() {
    let s = "# c\nhttps://example.invalid/ta.cer\n# late\n\nAAAA\n";
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::Validate(
            TalProfileError::CommentAfterHeader
        ))
    ));
}

#[test]
fn tal_rejects_invalid_base64() {
    let s = mk_tal(&["https://example.invalid/ta.cer"], &["not-base64!!!"]);
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::Validate(TalProfileError::SpkiBase64Decode))
    ));
}

#[test]
fn tal_rejects_invalid_utf8() {
    let bytes = [0xFFu8, 0xFEu8];
    assert!(matches!(
        Tal::decode_bytes(&bytes),
        Err(TalDecodeError::Parse(TalParseError::InvalidUtf8))
    ));
}