From 121c6b974243b8e0dcfd61749bff0c7ed636142c Mon Sep 17 00:00:00 2001
From: Ties de Kock <ties@tiesdekock.nl>
Date: Tue, 5 Mar 2024 10:02:51 +0100
Subject: [PATCH] Test that requests from a different environment are rejected

---
 .gitlab-ci.yml                                |  1 -
 .../legacy/SignedObjectTracker.java           |  2 +
 .../legacy/SignedResourceCertificate.java     |  2 +
 .../ta/integration/MainIntegrationTest.java   | 48 +++++++++++++++++++
 4 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3540054..1223ea0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -111,6 +111,5 @@ localcert:
 prepdev:
   <<: *deploy
   variables:
-    # Use spaces to separate hosts
     NODES: "core-5.rpki.prepdev.ripe.net"
     name: prepdev
diff --git a/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedObjectTracker.java b/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedObjectTracker.java
index 1902123..443300b 100644
--- a/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedObjectTracker.java
+++ b/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedObjectTracker.java
@@ -1,5 +1,6 @@
 package net.ripe.rpki.ta.serializers.legacy;
 
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.ToString;
 import net.ripe.rpki.commons.crypto.CertificateRepositoryObject;
@@ -12,6 +13,7 @@
 
 @ToString
 @Getter
+@EqualsAndHashCode
 public abstract class SignedObjectTracker implements Serializable {
 
     private static final long serialVersionUID = 1L;
diff --git a/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedResourceCertificate.java b/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedResourceCertificate.java
index 01ffe0e..c3685fa 100644
--- a/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedResourceCertificate.java
+++ b/src/main/java/net/ripe/rpki/ta/serializers/legacy/SignedResourceCertificate.java
@@ -1,11 +1,13 @@
 package net.ripe.rpki.ta.serializers.legacy;
 
 
+import lombok.EqualsAndHashCode;
 import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate;
 
 import java.math.BigInteger;
 
 // Do not move from `legacy` folder because qualified name is used in the XML files.
+@EqualsAndHashCode(callSuper = true)
 public class SignedResourceCertificate extends SignedObjectTracker {
     private static final long serialVersionUID = 1L;
 
diff --git a/src/test/java/net/ripe/rpki/ta/integration/MainIntegrationTest.java b/src/test/java/net/ripe/rpki/ta/integration/MainIntegrationTest.java
index 3a39bf6..d5f6da2 100644
--- a/src/test/java/net/ripe/rpki/ta/integration/MainIntegrationTest.java
+++ b/src/test/java/net/ripe/rpki/ta/integration/MainIntegrationTest.java
@@ -14,6 +14,7 @@
 import net.ripe.rpki.ta.config.Env;
 import net.ripe.rpki.ta.config.EnvStub;
 import net.ripe.rpki.ta.domain.TAState;
+import net.ripe.rpki.ta.exception.OperationAbortedException;
 import net.ripe.rpki.ta.serializers.legacy.SignedManifest;
 import net.ripe.rpki.ta.serializers.legacy.SignedObjectTracker;
 import net.ripe.rpki.ta.serializers.legacy.SignedResourceCertificate;
@@ -36,6 +37,7 @@
 import static net.ripe.rpki.ta.Main.EXIT_ERROR_2;
 import static net.ripe.rpki.ta.Main.EXIT_OK;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 @Slf4j
@@ -220,6 +222,52 @@ public void test_process_request_reissue_revokes_old_cert() throws Exception {
                 .allMatch(secondCrl::isRevoked);
     }
 
+    /**
+     * Initialise this with one environment, try signing a request from a different environment.
+     *
+     * TA0 must reject this.
+     * <emph>Note that if we force the re-issuance of a certificate, this will be overridden.</emph>
+     */
+    @Test
+    public void test_process_rejects_request_from_other_environment(@TempDir File dir) throws Exception {
+        assertThat(run("--initialise --env=test").exitCode).isZero();
+        assertThat(run("--generate-ta-certificate --env=test").exitCode).isZero();
+
+        final File response = new File(dir.getAbsolutePath(), "response-initial.xml");
+
+        final TAState taState0 = reloadTaState();
+        final X509ResourceCertificate taCertBefore = getTaCertificate(taState0);
+
+        assertThat(
+                run("--request=./src/test/resources/ta-request.xml" +
+                        " --force-new-ta-certificate" +
+                        " --response=" + response.getAbsolutePath() +
+                        " --env=test").exitCode).isZero();
+
+        final TAState taStateAfterFirstSigning = reloadTaState();
+
+        assertThat(taStateAfterFirstSigning).isNotNull();
+
+        // There is a single non-revoked manifest with one certificate on it.
+        assertThat(taStateAfterFirstSigning.getSignedManifests())
+                .filteredOn(Predicates.not(SignedObjectTracker::isRevoked))
+                .map(SignedManifest::getManifest)
+                .allMatch(manifest -> manifest.getFiles().keySet().stream().filter(s -> s.endsWith(".cer")).count() == 1)
+                .hasSize(1);
+
+        // Now sign a request from a different environment.
+        // This MUST be rejected.
+
+        assertThat(run("--request=./src/test/resources/ta-request-prepdev-env.xml" +
+                        " --response=" + response.getAbsolutePath() +
+                        " --env=test").exitCode
+                ).isEqualTo(EXIT_ERROR_2);
+
+        final TAState taStateAfterRejectedSigning = reloadTaState();
+        // And TA state was not  modified by rejection
+        assertThat(taStateAfterFirstSigning).isEqualTo(taStateAfterRejectedSigning);
+    }
+
 
     @Test
     public void test_process_request_from_other_environment(@TempDir File dir) throws Exception {