diff --git a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml
index 57047b0c01..41eb7eb97b 100644
--- a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml
+++ b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml
@@ -6,7 +6,7 @@ v1:
kentland_service_area: { $ref: 'library/resources.yaml#/kentland_service_area' }
kentland_planning_area: { $ref: 'library/resources.yaml#/kentland_planning_area' }
kentland_problematically_big_area: { $ref: 'library/resources.yaml#/kentland_problematically_big_area' }
-
+ kentland_acceptable_search_area: { $ref: 'library/resources.yaml#/kentland_acceptable_search_area' }
utm_auth: { $ref: 'library/environment.yaml#/utm_auth' }
second_utm_auth: {$ref: 'library/environment.yaml#/second_utm_auth'}
utm_client_identity: { $ref: 'library/resources.yaml#/utm_client_identity' }
@@ -35,6 +35,7 @@ v1:
service_area: kentland_service_area
planning_area: kentland_planning_area
problematically_big_area: kentland_problematically_big_area
+ acceptable_search_area: kentland_acceptable_search_area
second_utm_auth: second_utm_auth
flight_intents: che_non_conflicting_flights
test_exclusions: test_exclusions
diff --git a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml
index 5b3a48093f..fa2df41441 100644
--- a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml
+++ b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml
@@ -41,6 +41,20 @@ kentland_service_area:
time_start: '2023-01-10T00:00:01.123456+00:00'
time_end: '2023-01-10T01:00:01.123456+00:00'
+kentland_acceptable_search_area:
+ dependencies: { }
+ resource_type: resources.VerticesResource
+ specification:
+ vertices:
+ - lat: 37.1853
+ lng: -80.614
+ - lat: 37.2148
+ lng: -80.614
+ - lat: 37.2148
+ lng: -80.544
+ - lat: 37.1853
+ lng: -80.544
+
kentland_planning_area:
$content_schema: monitoring/uss_qualifier/resources/definitions/ResourceDeclaration.json
resource_type: resources.astm.f3548.v21.PlanningAreaResource
diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml
index 155e4eccea..5442d8fa90 100644
--- a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml
+++ b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml
@@ -8,6 +8,7 @@ v1:
utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'}
id_generator: {$ref: 'library/resources.yaml#/id_generator'}
kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'}
+ kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'}
au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'}
utm_auth: {$ref: 'library/environment.yaml#/utm_auth'}
@@ -34,6 +35,7 @@ v1:
id_generator: id_generator
service_area: kentland_service_area
problematically_big_area: au_problematically_big_area
+ acceptable_search_area: kentland_acceptable_search_area
test_exclusions: test_exclusions
execution:
stop_fast: true
diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml
index 6c8883c988..1056bec2dc 100644
--- a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml
+++ b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml
@@ -8,6 +8,7 @@ v1:
utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'}
id_generator: {$ref: 'library/resources.yaml#/id_generator'}
kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'}
+ kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'}
au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'}
utm_auth: {$ref: 'library/environment.yaml#/utm_auth'}
@@ -34,6 +35,7 @@ v1:
id_generator: id_generator
service_area: kentland_service_area
problematically_big_area: au_problematically_big_area
+ acceptable_search_area: kentland_acceptable_search_area
test_exclusions: test_exclusions
execution:
stop_fast: true
diff --git a/monitoring/uss_qualifier/configurations/dev/uspace.yaml b/monitoring/uss_qualifier/configurations/dev/uspace.yaml
index 0d9f03d7b9..2b8f07ac7d 100644
--- a/monitoring/uss_qualifier/configurations/dev/uspace.yaml
+++ b/monitoring/uss_qualifier/configurations/dev/uspace.yaml
@@ -14,6 +14,7 @@ v1:
utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'}
id_generator: {$ref: 'library/resources.yaml#/id_generator'}
kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'}
+ kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'}
au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'}
utm_auth: {$ref: 'library/environment.yaml#/utm_auth'}
@@ -73,7 +74,7 @@ v1:
service_area: kentland_service_area
planning_area: che_planning_area
problematically_big_area: au_problematically_big_area
-
+ acceptable_search_area: kentland_acceptable_search_area
test_exclusions: test_exclusions
specification:
mock_uss_instances_source: mock_uss_instances
@@ -106,7 +107,7 @@ v1:
service_area: service_area
planning_area: planning_area
problematically_big_area: problematically_big_area
-
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions
execution:
stop_fast: true
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py
new file mode 100644
index 0000000000..1d14b64582
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py
@@ -0,0 +1,169 @@
+import errno
+import socket
+from urllib.parse import urlparse
+
+import requests
+from future.backports.datetime import datetime
+
+from monitoring.monitorlib import infrastructure
+from monitoring.monitorlib.fetch import rid as fetch
+from monitoring.uss_qualifier.resources import VerticesResource
+from monitoring.uss_qualifier.resources.astm.f3411.dss import DSSInstanceResource
+from monitoring.uss_qualifier.scenarios.scenario import GenericTestScenario
+from monitoring.uss_qualifier.suites.suite import ExecutionContext
+
+
+class EndpointEncryption(GenericTestScenario):
+ """
+ Ensures that the endpoints of a DSS are not accessible unencrypted:
+ - HTTP access should be impossible or redirect to HTTPS
+ - HTTPS access should be possible
+
+ TODO: add a check for minimal cipher strength to a 128bit AES equivalent or more.
+ """
+
+ def __init__(
+ self,
+ dss: DSSInstanceResource,
+ test_search_area: VerticesResource,
+ ):
+ super().__init__()
+ self._dss = dss.dss_instance
+ self._search_area = [
+ v.as_s2sphere() for v in test_search_area.specification.vertices
+ ]
+
+ self._parsed_url = urlparse(self._dss.base_url)
+ self._hostname = self._parsed_url.hostname
+
+ self._http_base_url = f"http://{self._hostname}/{self._parsed_url.path}"
+
+ def run(self, context: ExecutionContext):
+ self.begin_test_scenario(context)
+
+ if self._hostname is None:
+ self.record_note(
+ "hostname",
+ "Cannot check encryption requirement when DSS hostname is unspecified",
+ )
+ self.end_test_scenario()
+ return
+
+ if not self._dss.base_url.startswith("https://"):
+ self.record_note(
+ "encrypted_endpoints",
+ "Cannot check encryption requirement when DSS endpoint is specified with an http:// base URL",
+ )
+ self.end_test_scenario()
+ return
+
+ self._case_http_unavailable_or_redirect()
+ self._case_https_works()
+
+ self.end_test_scenario()
+
+ def _case_http_unavailable_or_redirect(self):
+ self.begin_test_case("Connect to HTTP port")
+ self.begin_test_step("Attempt GET on root path via HTTP")
+
+ with self.check(
+ "Connection to HTTP port fails or redirects to HTTPS port",
+ self._dss.participant_id,
+ ) as check:
+ try:
+ response = requests.get(
+ self._http_base_url,
+ timeout=10,
+ allow_redirects=False,
+ )
+ _check_is_redirect(self._parsed_url, check, response)
+ except socket.error as e:
+ if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]:
+ check.record_failed(
+ "Connection to HTTP port failed for the unexpected reason",
+ details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.",
+ )
+
+ self.begin_test_step("Attempt GET on a known valid path via HTTP")
+
+ with self.check(
+ "Connection to HTTP port fails or redirects to HTTPS port",
+ self._dss.participant_id,
+ ) as check:
+ try:
+ response = fetch.isas(
+ area=self._search_area,
+ start_time=datetime.now(),
+ end_time=datetime.now() + datetime.timedelta(days=1),
+ rid_version=self._dss.rid_version,
+ session=infrastructure.UTMClientSession(
+ self._http_base_url, self._dss.client.auth_adapter
+ ),
+ participant_id=self._dss.participant_id,
+ )
+ _check_is_redirect(self._parsed_url, check, response)
+ except socket.error as e:
+ if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]:
+ check.record_failed(
+ "Connection to HTTP port failed for the unexpected reason",
+ details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.",
+ )
+
+ self.end_test_step()
+ self.end_test_case()
+
+ def _case_https_works(self):
+ parsed_url = urlparse(self._dss.base_url)
+ hostname = parsed_url.hostname
+
+ self.begin_test_case("Connect to HTTPS port")
+ self.begin_test_step("Attempt GET on root path via HTTP test")
+
+ if hostname is not None:
+ with self.check(
+ "Connection fails or response redirects to HTTPS endpoint",
+ self._dss.participant_id,
+ ) as check:
+ try:
+ requests.get(
+ f"https://{hostname}/{parsed_url.path}",
+ timeout=10,
+ allow_redirects=False,
+ )
+ # We don't care about the response details, just that the connection was successful
+ # (a 404 would still indicate that HTTPS is working well)
+ except requests.RequestException as e:
+ check.record_failed(
+ "Connection to HTTPS port failed",
+ details=f"Encountered exception while attempting HTTPS request: {e}",
+ )
+
+ self.end_test_step()
+ self.end_test_case()
+
+
+def _check_is_redirect(parsed_url, check, response):
+ # If we can connect, we want to check that we are being redirected:
+ # (a 4XX response is already a form of communication that we don't want in cleartext)
+ if response.status_code not in [301, 302, 307, 308]:
+ check.record_failed(
+ "Connection to HTTP port did not redirect",
+ details=f"Was expecting a 301 or 308 response, but obtained status code: {response.status_code}",
+ )
+ if "Location" not in response.headers:
+ check.record_failed(
+ "Location header missing in redirect response",
+ details="Was expecting a Location header in the response, but it was not present",
+ )
+ if response.headers.get("Location").startswith("http://"):
+ check.record_failed(
+ "Connection to HTTP port redirected to HTTP",
+ details=f"Was expecting a redirection to an https:// URL. Location header: {response.headers.get('Location')}",
+ )
+ if not response.headers.get("Location").startswith(
+ f"https://{parsed_url.hostname}/{parsed_url.path}"
+ ):
+ check.record_failed(
+ "Redirect to unexpected destination",
+ details=f"Was expecting a redirection to https://{parsed_url.hostname}/{parsed_url.path}, was {response.headers.get('Location')}",
+ )
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py
index a89cb054cb..d004702b51 100644
--- a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py
@@ -7,3 +7,4 @@
from .token_validation import TokenValidation
from .crdb_access import CRDBAccess
from .heavy_traffic_concurrent import HeavyTrafficConcurrent
+from .endpoint_encryption import EndpointEncryption
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md
new file mode 100644
index 0000000000..ada85050b7
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md
@@ -0,0 +1,51 @@
+# ASTM NetRID DSS: Endpoint encryption test scenario
+
+## Overview
+
+Ensures that a DSS only exposes its endpoints via HTTPS.
+
+## Resources
+
+### dss
+
+[`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario.
+
+### test_search_area
+
+[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query.
+
+## Connect to HTTP port test case
+
+Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection,
+or a redirection to the https port (443).
+
+Note: this test case will be skipped if the DSS instance is configured to use HTTP.
+
+### Attempt GET on root path via HTTP test step
+
+This test step attempts an HTTP GET request on the root path of the DSS instance, using plain HTTP,
+and expects either a connection refusal or a redirection to the equivalent HTTPS URL.
+
+#### 🛑 Connection fails or response redirects to HTTPS endpoint check
+
+If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port
+upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**.
+
+### Attempt GET on a known valid path via HTTP test step
+
+This test step attempts an HTTP GET request on a known valid path by searching for ISAs in the configured planning area.
+
+#### 🛑 Connection fails or response redirects to HTTPS endpoint check
+
+If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port
+upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**.
+
+## Connect to HTTPS port test case
+
+Try to connect to the DSS instance over HTTPS.
+
+### Attempt to connect to the DSS instance on the HTTPS port test step
+
+#### 🛑 A request can be sent over HTTPS check
+
+If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**.
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py
new file mode 100644
index 0000000000..0732eb04d2
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py
@@ -0,0 +1,8 @@
+from monitoring.uss_qualifier.scenarios.astm.netrid.common.dss.endpoint_encryption import (
+ EndpointEncryption as CommonEndpointEncryption,
+)
+from monitoring.uss_qualifier.scenarios.scenario import TestScenario
+
+
+class EndpointEncryption(TestScenario, CommonEndpointEncryption):
+ pass
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py
index a89cb054cb..d004702b51 100644
--- a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py
@@ -7,3 +7,4 @@
from .token_validation import TokenValidation
from .crdb_access import CRDBAccess
from .heavy_traffic_concurrent import HeavyTrafficConcurrent
+from .endpoint_encryption import EndpointEncryption
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md
new file mode 100644
index 0000000000..bdeb75d84a
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md
@@ -0,0 +1,39 @@
+# ASTM NetRID DSS: Endpoint encryption test scenario
+
+## Overview
+
+Ensures that a DSS only exposes its endpoints via HTTPS.
+
+## Resources
+
+### dss
+
+[`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario.
+
+### test_search_area
+
+[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query.
+
+## Connect to HTTP port test case
+
+Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection,
+or a redirection to the https port (443).
+
+Note: this test case will be skipped if the DSS instance is configured to use HTTP.
+
+### Attempt to connect to the DSS instance on the HTTP port test step
+
+#### 🛑 Connection to HTTP port fails or redirects to HTTPS port check
+
+If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port
+upon reception of an HTTP request, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**.
+
+## Connect to HTTPS port test case
+
+Try to connect to the DSS instance over HTTPS.
+
+### Attempt to connect to the DSS instance on the HTTPS port test step
+
+#### 🛑 A request can be sent over HTTPS check
+
+If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**.
diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py
new file mode 100644
index 0000000000..0732eb04d2
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py
@@ -0,0 +1,8 @@
+from monitoring.uss_qualifier.scenarios.astm.netrid.common.dss.endpoint_encryption import (
+ EndpointEncryption as CommonEndpointEncryption,
+)
+from monitoring.uss_qualifier.scenarios.scenario import TestScenario
+
+
+class EndpointEncryption(TestScenario, CommonEndpointEncryption):
+ pass
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md
index 23b63987b6..1433085f81 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md
@@ -21,11 +21,16 @@
| Checked in |
- astm
.f3411
.v19 |
+ astm
.f3411
.v19 |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030,a |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml
index 8bba99aed7..f921fbd90b 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml
@@ -10,6 +10,7 @@ resources:
id_generator: resources.interuss.IDGeneratorResource
service_area: resources.netrid.ServiceAreaResource
problematically_big_area: resources.VerticesResource
+ acceptable_search_area: resources.VerticesResource
test_exclusions: resources.dev.TestExclusionsResource?
actions:
- action_generator:
@@ -21,6 +22,7 @@ actions:
id_generator: id_generator
service_area: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
specification:
action_to_repeat:
@@ -34,6 +36,7 @@ actions:
id_generator: id_generator
isa: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
on_failure: Continue
dss_instances_source: dss_instances
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md
index 270339fa0c..cff1ff77fe 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md
@@ -4,16 +4,17 @@
## [Actions](../../../README.md#actions)
-1. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v19/dss/isa_simple.md) ([`scenarios.astm.netrid.v19.dss.ISASimple`](../../../../scenarios/astm/netrid/v19/dss/isa_simple.py))
-2. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v19/dss/isa_validation.md) ([`scenarios.astm.netrid.v19.dss.ISAValidation`](../../../../scenarios/astm/netrid/v19/dss/isa_validation.py))
-3. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.md) ([`scenarios.astm.netrid.v19.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.py))
-4. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v19.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.py))
-5. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.py))
-6. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.py))
-7. Scenario: [ASTM F3411-19 NetRID DSS interoperability](../../../../scenarios/astm/netrid/v19/dss_interoperability.md) ([`scenarios.astm.netrid.v19.DSSInteroperability`](../../../../scenarios/astm/netrid/v19/dss_interoperability.py))
-8. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v19/dss/token_validation.md) ([`scenarios.astm.netrid.v19.dss.TokenValidation`](../../../../scenarios/astm/netrid/v19/dss/token_validation.py))
-9. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v19/dss/crdb_access.md) ([`scenarios.astm.netrid.v19.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v19/dss/crdb_access.py))
-10. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v19.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.py))
+1. Scenario: [ASTM NetRID DSS: Endpoint encryption](../../../../scenarios/astm/netrid/v19/dss/endpoint_encryption.md) ([`scenarios.astm.netrid.v19.dss.EndpointEncryption`](../../../../scenarios/astm/netrid/v19/dss/endpoint_encryption.py))
+2. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v19/dss/isa_simple.md) ([`scenarios.astm.netrid.v19.dss.ISASimple`](../../../../scenarios/astm/netrid/v19/dss/isa_simple.py))
+3. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v19/dss/isa_validation.md) ([`scenarios.astm.netrid.v19.dss.ISAValidation`](../../../../scenarios/astm/netrid/v19/dss/isa_validation.py))
+4. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.md) ([`scenarios.astm.netrid.v19.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.py))
+5. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v19.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.py))
+6. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.py))
+7. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.py))
+8. Scenario: [ASTM F3411-19 NetRID DSS interoperability](../../../../scenarios/astm/netrid/v19/dss_interoperability.md) ([`scenarios.astm.netrid.v19.DSSInteroperability`](../../../../scenarios/astm/netrid/v19/dss_interoperability.py))
+9. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v19/dss/token_validation.md) ([`scenarios.astm.netrid.v19.dss.TokenValidation`](../../../../scenarios/astm/netrid/v19/dss/token_validation.py))
+10. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v19/dss/crdb_access.md) ([`scenarios.astm.netrid.v19.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v19/dss/crdb_access.py))
+11. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v19.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.py))
## [Checked requirements](../../../README.md#checked-requirements)
@@ -25,11 +26,16 @@
Checked in |
- astm
.f3411
.v19 |
+ astm
.f3411
.v19 |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030,a |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml
index 0d9a041f38..b9acc57f81 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml
@@ -7,8 +7,14 @@ resources:
utm_client_identity: resources.communications.ClientIdentityResource
isa: resources.netrid.ServiceAreaResource
problematically_big_area: resources.VerticesResource
+ acceptable_search_area: resources.VerticesResource
test_exclusions: resources.dev.TestExclusionsResource?
actions:
+ - test_scenario:
+ scenario_type: scenarios.astm.netrid.v19.dss.EndpointEncryption
+ resources:
+ dss: dss
+ test_search_area: acceptable_search_area
- test_scenario:
scenario_type: scenarios.astm.netrid.v19.dss.ISASimple
resources:
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md
index e803f28ab1..ebf19e1189 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md
@@ -21,11 +21,16 @@
Checked in |
- astm
.f3411
.v22a |
+ astm
.f3411
.v22a |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030 |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml
index d1644bf1e1..293d851f85 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml
@@ -10,6 +10,7 @@ resources:
id_generator: resources.interuss.IDGeneratorResource
service_area: resources.netrid.ServiceAreaResource
problematically_big_area: resources.VerticesResource
+ acceptable_search_area: resources.VerticesResource
test_exclusions: resources.dev.TestExclusionsResource?
actions:
- action_generator:
@@ -21,6 +22,8 @@ actions:
id_generator: id_generator
service_area: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
+ planning_area: problematically_big_area
test_exclusions: test_exclusions?
specification:
action_to_repeat:
@@ -35,6 +38,7 @@ actions:
isa: service_area
client_identity: utm_client_identity
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
on_failure: Continue
dss_instances_source: dss_instances
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md
index 58852e7ad9..c9dddc9eac 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md
@@ -4,16 +4,17 @@
## [Actions](../../../README.md#actions)
-1. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.md) ([`scenarios.astm.netrid.v22a.dss.ISASimple`](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.py))
-2. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.md) ([`scenarios.astm.netrid.v22a.dss.ISAValidation`](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.py))
-3. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md) ([`scenarios.astm.netrid.v22a.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.py))
-4. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v22a.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.py))
-5. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.py))
-6. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.py))
-7. Scenario: [ASTM F3411-22a NetRID DSS interoperability](../../../../scenarios/astm/netrid/v22a/dss_interoperability.md) ([`scenarios.astm.netrid.v22a.DSSInteroperability`](../../../../scenarios/astm/netrid/v22a/dss_interoperability.py))
-8. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v22a/dss/token_validation.md) ([`scenarios.astm.netrid.v22a.dss.TokenValidation`](../../../../scenarios/astm/netrid/v22a/dss/token_validation.py))
-9. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.md) ([`scenarios.astm.netrid.v22a.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.py))
-10. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v22a.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.py))
+1. Scenario: [ASTM NetRID DSS: Endpoint encryption](../../../../scenarios/astm/netrid/v22a/dss/endpoint_encryption.md) ([`scenarios.astm.netrid.v22a.dss.EndpointEncryption`](../../../../scenarios/astm/netrid/v22a/dss/endpoint_encryption.py))
+2. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.md) ([`scenarios.astm.netrid.v22a.dss.ISASimple`](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.py))
+3. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.md) ([`scenarios.astm.netrid.v22a.dss.ISAValidation`](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.py))
+4. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md) ([`scenarios.astm.netrid.v22a.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.py))
+5. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v22a.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.py))
+6. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.py))
+7. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.py))
+8. Scenario: [ASTM F3411-22a NetRID DSS interoperability](../../../../scenarios/astm/netrid/v22a/dss_interoperability.md) ([`scenarios.astm.netrid.v22a.DSSInteroperability`](../../../../scenarios/astm/netrid/v22a/dss_interoperability.py))
+9. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v22a/dss/token_validation.md) ([`scenarios.astm.netrid.v22a.dss.TokenValidation`](../../../../scenarios/astm/netrid/v22a/dss/token_validation.py))
+10. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.md) ([`scenarios.astm.netrid.v22a.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.py))
+11. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v22a.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.py))
## [Checked requirements](../../../README.md#checked-requirements)
@@ -25,11 +26,16 @@
Checked in |
- astm
.f3411
.v22a |
+ astm
.f3411
.v22a |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030 |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml
index 576c701f3f..a6dde142cf 100644
--- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml
+++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml
@@ -7,8 +7,14 @@ resources:
utm_client_identity: resources.communications.ClientIdentityResource
isa: resources.netrid.ServiceAreaResource
problematically_big_area: resources.VerticesResource
+ acceptable_search_area: resources.VerticesResource
test_exclusions: resources.dev.TestExclusionsResource?
actions:
+ - test_scenario:
+ scenario_type: scenarios.astm.netrid.v22a.dss.EndpointEncryption
+ resources:
+ dss: dss
+ test_search_area: acceptable_search_area
- test_scenario:
scenario_type: scenarios.astm.netrid.v22a.dss.ISASimple
resources:
diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md
index e7cd7252a0..63dc463cf2 100644
--- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md
+++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md
@@ -21,11 +21,16 @@
Checked in |
- astm
.f3411
.v19 |
+ astm
.f3411
.v19 |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030,a |
Implemented |
@@ -217,11 +222,16 @@
ASTM NetRID DSS: Concurrent Requests
ASTM NetRID DSS: ISA Expiry
ASTM NetRID DSS: ISA Subscription Interactions
ASTM NetRID DSS: Simple ISA
ASTM NetRID DSS: Submitted ISA Validations
ASTM NetRID DSS: Subscription Simple
ASTM NetRID DSS: Subscription Validation
ASTM NetRID DSS: Token Validation |
- astm
.f3411
.v22a |
+ astm
.f3411
.v22a |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030 |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml
index 01a5da0dfc..6a69db8b43 100644
--- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml
+++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml
@@ -11,6 +11,7 @@ resources:
service_area: resources.netrid.ServiceAreaResource?
planning_area: resources.astm.f3548.v21.PlanningAreaResource?
problematically_big_area: resources.VerticesResource?
+ acceptable_search_area: resources.VerticesResource?
second_utm_auth: resources.communications.AuthAdapterResource?
flight_intents: resources.flight_planning.FlightIntentsResource?
@@ -57,6 +58,7 @@ actions:
id_generator: id_generator
service_area: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
specification:
action_to_repeat:
@@ -70,6 +72,7 @@ actions:
id_generator: id_generator
isa: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
on_failure: Continue
dss_instances_source: dss_instances
@@ -84,6 +87,7 @@ actions:
id_generator: id_generator
service_area: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
specification:
action_to_repeat:
@@ -97,6 +101,7 @@ actions:
id_generator: id_generator
isa: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
on_failure: Continue
dss_instances_source: dss_instances
diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.md b/monitoring/uss_qualifier/suites/uspace/network_identification.md
index 84373e6627..f59661589d 100644
--- a/monitoring/uss_qualifier/suites/uspace/network_identification.md
+++ b/monitoring/uss_qualifier/suites/uspace/network_identification.md
@@ -17,11 +17,16 @@
Checked in |
- astm
.f3411
.v22a |
+ astm
.f3411
.v22a |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030 |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml
index f9dd59e48a..012bb40f36 100644
--- a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml
+++ b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml
@@ -10,6 +10,7 @@ resources:
id_generator: resources.interuss.IDGeneratorResource
service_area: resources.netrid.ServiceAreaResource
problematically_big_area: resources.VerticesResource
+ acceptable_search_area: resources.VerticesResource
test_exclusions: resources.dev.TestExclusionsResource?
actions:
- test_suite:
@@ -25,6 +26,7 @@ actions:
id_generator: id_generator
service_area: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
on_failure: Abort
- test_scenario:
diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.md b/monitoring/uss_qualifier/suites/uspace/required_services.md
index 20054687de..0ad1c7e702 100644
--- a/monitoring/uss_qualifier/suites/uspace/required_services.md
+++ b/monitoring/uss_qualifier/suites/uspace/required_services.md
@@ -18,11 +18,16 @@
Checked in |
- astm
.f3411
.v22a |
+ astm
.f3411
.v22a |
DSS0010 |
Implemented |
ASTM NetRID DSS: Token Validation |
+
+ | DSS0020 |
+ Implemented |
+ ASTM NetRID DSS: Endpoint encryption |
+
| DSS0030 |
Implemented |
diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.yaml b/monitoring/uss_qualifier/suites/uspace/required_services.yaml
index e21216bc1e..8c74f3dfdd 100644
--- a/monitoring/uss_qualifier/suites/uspace/required_services.yaml
+++ b/monitoring/uss_qualifier/suites/uspace/required_services.yaml
@@ -25,6 +25,7 @@ resources:
service_area: resources.netrid.ServiceAreaResource
planning_area: resources.astm.f3548.v21.PlanningAreaResource
problematically_big_area: resources.VerticesResource
+ acceptable_search_area: resources.VerticesResource
test_exclusions: resources.dev.TestExclusionsResource?
local_resources:
@@ -75,6 +76,7 @@ actions:
id_generator: id_generator
service_area: service_area
problematically_big_area: problematically_big_area
+ acceptable_search_area: acceptable_search_area
test_exclusions: test_exclusions?
on_failure: Continue
participant_verifiable_capabilities: