RRID
Testing

RRID reliability in tests

Our platform undergoes comprehensive testing: from cryptography and policies to rate limiting and token generation robustness. Below are the key scenarios we run in CI to ensure product stability.

Security

We validate cryptography, CRL handling and the protection of customer APIs.

  • Valid Ed25519 signatures pass verification; any tampering of signature or manufacturer certificate is rejected.
  • CRLs with invalid signatures are refused, and manufacturer revocation blocks the token through the chain.
  • Owner API: invalid JWT returns 401, wrong role returns 403; /crl/token without or with invalid x-client-secret yields 401.
  • /crl/download without Bearer responds 401; with a valid token returns 200 + ETag, repeat with If-None-Match gives 304.
  • RRID_TELEMETRY_IP=on: device_hash and user_id are hashed, IP is logged without leaking original values.

Policies and lifecycle

Tests prove that rules are applied consistently in every token state.

  • Geo and time lists: violations trigger geo_restricted / time_restricted.
  • Scan limits and transfer_count are tracked (scan_limit_exceeded, device_mismatch, user_required, etc.).
  • TTL + grace: after expiry without grace access is denied; within grace it is allowed. Soft revoke → suspended/resume, hard revoke → no resume.
  • Token replacement increments transfer_count and respects the limit.

Performance and rate limiting

We ensure public and internal APIs enforce the correct throttling.

  • /issue and /crl/token expose x-ratelimit-*; repeated call returns 429 with Retry-After.
  • /user/token/:hash/scans supports limit/since and purges history using RRID_RETENTION_SCANS_DAYS.
  • Rate limits for owner API user requests return 429 when exceeded.
  • /crl/download returns an ETag; another download with If-None-Match receives 304 to avoid extra traffic.

Robustness and resilience

Tests guarantee stable token issuance and processing pipelines.

  • RRID is deterministic and independent of meta order; secret value is checked for minimum length.
  • Token issuance: happy path, JSON Schema (required fields) and allowed_hours validation return 400 on errors.
  • QR payload: oversized JSON yields 500 with “QR payload too large”; notifications_uri is normalised and cleared when empty.
  • Forms handle empty numeric fields; invalid base64 in RRID_SALT_DEVICE_FINGERPRINT blocks init_state before start.
  • Issuer integration tests (33) and crypto unit tests (8) pass on every CI run.

Coverage summary

  • 33 integration tests verify RRID issuance/verification chain, CRL and customer APIs.
  • 8 cryptographic unit tests cover Ed25519 operations and resilience to malformed input.
  • All tests run on every CI pipeline and block releases on regression.