249 lines
7.2 KiB
Rust
249 lines
7.2 KiB
Rust
use serde::Serialize;
|
|
use sha2::Digest;
|
|
|
|
use crate::policy::Policy;
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
#[serde(rename_all = "snake_case")]
|
|
pub enum AuditObjectKind {
|
|
Manifest,
|
|
Crl,
|
|
Certificate,
|
|
RouterCertificate,
|
|
Roa,
|
|
Aspa,
|
|
Other,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
#[serde(rename_all = "snake_case")]
|
|
pub enum AuditObjectResult {
|
|
Ok,
|
|
Skipped,
|
|
Error,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct ObjectAuditEntry {
|
|
pub rsync_uri: String,
|
|
pub sha256_hex: String,
|
|
pub kind: AuditObjectKind,
|
|
pub result: AuditObjectResult,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub detail: Option<String>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct AuditWarning {
|
|
pub message: String,
|
|
pub rfc_refs: Vec<String>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub context: Option<String>,
|
|
}
|
|
|
|
impl From<&crate::report::Warning> for AuditWarning {
|
|
fn from(w: &crate::report::Warning) -> Self {
|
|
Self {
|
|
message: w.message.clone(),
|
|
rfc_refs: w.rfc_refs.iter().map(|r| r.0.to_string()).collect(),
|
|
context: w.context.clone(),
|
|
}
|
|
}
|
|
}
|
|
|
|
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize)]
|
|
pub struct PublicationPointAudit {
|
|
/// Monotonic node ID assigned by the traversal engine.
|
|
///
|
|
/// Present when running via the Stage2 tree engine; may be absent in ad-hoc runs.
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub node_id: Option<u64>,
|
|
/// Parent node ID in the traversal tree.
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub parent_node_id: Option<u64>,
|
|
/// Provenance metadata for non-root nodes (how this CA instance was discovered).
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub discovered_from: Option<DiscoveredFrom>,
|
|
|
|
pub rsync_base_uri: String,
|
|
pub manifest_rsync_uri: String,
|
|
pub publication_point_rsync_uri: String,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub rrdp_notification_uri: Option<String>,
|
|
|
|
pub source: String,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub repo_sync_source: Option<String>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub repo_sync_phase: Option<String>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub repo_sync_duration_ms: Option<u64>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub repo_sync_error: Option<String>,
|
|
pub repo_terminal_state: String,
|
|
pub this_update_rfc3339_utc: String,
|
|
pub next_update_rfc3339_utc: String,
|
|
pub verified_at_rfc3339_utc: String,
|
|
|
|
pub warnings: Vec<AuditWarning>,
|
|
pub objects: Vec<ObjectAuditEntry>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct DiscoveredFrom {
|
|
pub parent_manifest_rsync_uri: String,
|
|
pub child_ca_certificate_rsync_uri: String,
|
|
pub child_ca_certificate_sha256_hex: String,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct TreeSummary {
|
|
pub instances_processed: usize,
|
|
pub instances_failed: usize,
|
|
pub warnings: Vec<AuditWarning>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct AuditRunMeta {
|
|
pub validation_time_rfc3339_utc: String,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
#[serde(rename_all = "snake_case")]
|
|
pub enum AuditDownloadKind {
|
|
RrdpNotification,
|
|
RrdpSnapshot,
|
|
RrdpDelta,
|
|
Rsync,
|
|
}
|
|
|
|
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize)]
|
|
pub struct AuditDownloadObjectsStat {
|
|
pub objects_count: u64,
|
|
pub objects_bytes_total: u64,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct AuditDownloadEvent {
|
|
pub kind: AuditDownloadKind,
|
|
pub uri: String,
|
|
pub started_at_rfc3339_utc: String,
|
|
pub finished_at_rfc3339_utc: String,
|
|
pub duration_ms: u64,
|
|
pub success: bool,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub error: Option<String>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub bytes: Option<u64>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub objects: Option<AuditDownloadObjectsStat>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize)]
|
|
pub struct AuditDownloadKindStats {
|
|
pub ok_total: u64,
|
|
pub fail_total: u64,
|
|
pub duration_ms_total: u64,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub bytes_total: Option<u64>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub objects_count_total: Option<u64>,
|
|
#[serde(skip_serializing_if = "Option::is_none")]
|
|
pub objects_bytes_total: Option<u64>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize)]
|
|
pub struct AuditDownloadStats {
|
|
pub events_total: u64,
|
|
/// Statistics keyed by serialized `AuditDownloadKind` string (e.g. "rrdp_snapshot").
|
|
pub by_kind: std::collections::BTreeMap<String, AuditDownloadKindStats>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize)]
|
|
pub struct AuditRepoSyncStateStat {
|
|
pub count: u64,
|
|
pub duration_ms_total: u64,
|
|
}
|
|
|
|
#[derive(Clone, Debug, Default, PartialEq, Eq, Serialize)]
|
|
pub struct AuditRepoSyncStats {
|
|
pub publication_points_total: u64,
|
|
pub by_phase: std::collections::BTreeMap<String, AuditRepoSyncStateStat>,
|
|
pub by_terminal_state: std::collections::BTreeMap<String, AuditRepoSyncStateStat>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct AuditReportV1 {
|
|
pub format_version: u32,
|
|
pub meta: AuditRunMeta,
|
|
pub policy: Policy,
|
|
pub tree: TreeSummary,
|
|
pub publication_points: Vec<PublicationPointAudit>,
|
|
|
|
pub vrps: Vec<VrpOutput>,
|
|
pub aspas: Vec<AspaOutput>,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct AuditReportV2 {
|
|
pub format_version: u32,
|
|
pub meta: AuditRunMeta,
|
|
pub policy: Policy,
|
|
pub tree: TreeSummary,
|
|
pub publication_points: Vec<PublicationPointAudit>,
|
|
|
|
pub vrps: Vec<VrpOutput>,
|
|
pub aspas: Vec<AspaOutput>,
|
|
|
|
pub downloads: Vec<AuditDownloadEvent>,
|
|
pub download_stats: AuditDownloadStats,
|
|
pub repo_sync_stats: AuditRepoSyncStats,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct VrpOutput {
|
|
pub asn: u32,
|
|
pub prefix: String,
|
|
pub max_length: u16,
|
|
}
|
|
|
|
#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
|
|
pub struct AspaOutput {
|
|
pub customer_as_id: u32,
|
|
pub provider_as_ids: Vec<u32>,
|
|
}
|
|
|
|
pub fn sha256_hex_from_32(bytes: &[u8; 32]) -> String {
|
|
hex::encode(bytes)
|
|
}
|
|
|
|
pub fn sha256_hex(bytes: &[u8]) -> String {
|
|
let digest = sha2::Sha256::digest(bytes);
|
|
hex::encode(digest)
|
|
}
|
|
|
|
pub fn format_roa_ip_prefix(p: &crate::data_model::roa::IpPrefix) -> String {
|
|
let addr = p.addr_bytes();
|
|
match p.afi {
|
|
crate::data_model::roa::RoaAfi::Ipv4 => {
|
|
format!(
|
|
"{}.{}.{}.{}{}",
|
|
addr[0],
|
|
addr[1],
|
|
addr[2],
|
|
addr[3],
|
|
format!("/{}", p.prefix_len)
|
|
)
|
|
}
|
|
crate::data_model::roa::RoaAfi::Ipv6 => {
|
|
let mut parts = Vec::with_capacity(8);
|
|
for i in 0..8 {
|
|
let hi = addr[i * 2] as u16;
|
|
let lo = addr[i * 2 + 1] as u16;
|
|
parts.push(format!("{:x}", (hi << 8) | lo));
|
|
}
|
|
format!("{}{}", parts.join(":"), format!("/{}", p.prefix_len))
|
|
}
|
|
}
|
|
}
|