Example 1 with X509ResourceCertificate
use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorsFactory method createCertificateAuthority.
public X509ResourceCertificate createCertificateAuthority(CertificateAuthority ca, CertificateAuthority issuer, ValidityPeriod mftValidityPeriod) {
ManifestCmsBuilder manifestBuilder = new ManifestCmsBuilder();
X509ResourceCertificate caCertificate = createCaCertificate(ca, ca.keyPair.getPublic(), issuer.dn, issuer.crlDistributionPoint, issuer.keyPair);
X509Crl crl = new X509CrlBuilder().withIssuerDN(caCertificate.getSubject()).withThisUpdateTime(DateTime.now()).withNextUpdateTime(DateTime.now().plusHours(8)).withAuthorityKeyIdentifier(ca.keyPair.getPublic()).withNumber(nextSerial()).build(ca.keyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.crlDistributionPoint, crl));
manifestBuilder.addFile(ca.crlDistributionPoint.substring(ca.crlDistributionPoint.lastIndexOf('/') + 1), crl.getEncoded());
if (ca.children != null) {
for (CertificateAuthority child : ca.children) {
X509ResourceCertificate childCertificate = createCertificateAuthority(child, ca);
rpkiObjects.add(new RpkiObject(ca.repositoryURI + "/" + child.dn + ".cer", childCertificate));
manifestBuilder.addFile(child.dn + ".cer", childCertificate.getEncoded());
}
}
if (ca.roaPrefixes != null) {
ca.roaPrefixes.stream().collect(groupingBy(RoaPrefix::getAsn)).forEach((asn, roaPrefix) -> {
KeyPair roaKeyPair = KEY_PAIR_FACTORY.generate();
IpResourceSet resources = new IpResourceSet();
roaPrefix.stream().forEach(p -> resources.add(IpRange.parse(p.getPrefix())));
X509ResourceCertificate roaCertificate = new X509ResourceCertificateBuilder().withResources(resources).withIssuerDN(new X500Principal(ca.dn)).withSubjectDN(new X500Principal("CN=AS" + asn + ", CN=roa, " + ca.dn)).withValidityPeriod(typicalValidityPeriod()).withPublicKey(roaKeyPair.getPublic()).withSigningKeyPair(ca.keyPair).withCa(false).withKeyUsage(KeyUsage.digitalSignature).withSerial(nextSerial()).withCrlDistributionPoints(URI.create(ca.crlDistributionPoint)).build();
RoaCms roaCms = new RoaCmsBuilder().withAsn(new Asn(asn)).withPrefixes(roaPrefix.stream().map(p -> new net.ripe.rpki.commons.crypto.cms.roa.RoaPrefix(IpRange.parse(p.getPrefix()), p.getMaximumLength())).collect(toList())).withCertificate(roaCertificate).withSignatureProvider(BouncyCastleProvider.PROVIDER_NAME).build(roaKeyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.repositoryURI + "/" + "AS" + asn + ".roa", roaCms));
manifestBuilder.addFile("AS" + asn + ".roa", roaCms.getEncoded());
});
}
KeyPair manifestKeyPair = KEY_PAIR_FACTORY.generate();
X509ResourceCertificate manifestCertificate = new X509ResourceCertificateBuilder().withInheritedResourceTypes(EnumSet.allOf(IpResourceType.class)).withIssuerDN(caCertificate.getSubject()).withSubjectDN(new X500Principal("CN=manifest, " + caCertificate.getSubject())).withValidityPeriod(mftValidityPeriod).withPublicKey(manifestKeyPair.getPublic()).withSigningKeyPair(ca.keyPair).withCa(false).withKeyUsage(KeyUsage.digitalSignature).withSerial(nextSerial()).withCrlDistributionPoints(URI.create(ca.crlDistributionPoint)).build();
manifestBuilder.withCertificate(manifestCertificate).withManifestNumber(nextSerial()).withThisUpdateTime(DateTime.now()).withNextUpdateTime(DateTime.now().plusHours(8));
ManifestCms manifest = manifestBuilder.build(manifestKeyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.manifestURI, manifest));
return caCertificate;
}
Also used :
KeyPair(java.security.KeyPair)
X500Principal(javax.security.auth.x500.X500Principal)
Duration(org.joda.time.Duration)
Collectors.groupingBy(java.util.stream.Collectors.groupingBy)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Security(java.security.Security)
ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod)
Value(lombok.Value)
CertificateRepositoryObjectFactory(net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory)
ArrayList(java.util.ArrayList)
Asn(net.ripe.ipresource.Asn)
IpResourceType(net.ripe.ipresource.IpResourceType)
RoaCms(net.ripe.rpki.commons.crypto.cms.roa.RoaCms)
CertificateTreeValidationServiceTest(net.ripe.rpki.validator3.domain.validation.CertificateTreeValidationServiceTest)
X509CrlBuilder(net.ripe.rpki.commons.crypto.crl.X509CrlBuilder)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
RoaCmsBuilder(net.ripe.rpki.commons.crypto.cms.roa.RoaCmsBuilder)
X509CertificateInformationAccessDescriptor(net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor)
X509ResourceCertificateBuilder(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder)
BigInteger(java.math.BigInteger)
URI(java.net.URI)
IpResourceSet(net.ripe.ipresource.IpResourceSet)
KeyPairFactory(net.ripe.rpki.commons.crypto.util.KeyPairFactory)
EnumSet(java.util.EnumSet)
Resources(com.google.common.io.Resources)
Transactional(javax.transaction.Transactional)
IpRange(net.ripe.ipresource.IpRange)
DateTime(org.joda.time.DateTime)
TrustAnchorValidationServiceTest(net.ripe.rpki.validator3.domain.validation.TrustAnchorValidationServiceTest)
IOException(java.io.IOException)
PublicKey(java.security.PublicKey)
X509Crl(net.ripe.rpki.commons.crypto.crl.X509Crl)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Consumer(java.util.function.Consumer)
Component(org.springframework.stereotype.Component)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
Builder(lombok.Builder)
ManifestCmsBuilder(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCmsBuilder)
Instant(org.joda.time.Instant)
PostConstruct(javax.annotation.PostConstruct)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
ManifestCms(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms)
X509CertificateUtil(net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil)
Collections(java.util.Collections)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X509CrlBuilder(net.ripe.rpki.commons.crypto.crl.X509CrlBuilder)
KeyPair(java.security.KeyPair)
X509Crl(net.ripe.rpki.commons.crypto.crl.X509Crl)
ManifestCmsBuilder(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCmsBuilder)
RoaCmsBuilder(net.ripe.rpki.commons.crypto.cms.roa.RoaCmsBuilder)
RoaCms(net.ripe.rpki.commons.crypto.cms.roa.RoaCms)
IpResourceSet(net.ripe.ipresource.IpResourceSet)
X500Principal(javax.security.auth.x500.X500Principal)
ManifestCms(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
X509ResourceCertificateBuilder(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder)
IpResourceType(net.ripe.ipresource.IpResourceType)
Asn(net.ripe.ipresource.Asn)
Example 2 with X509ResourceCertificate
use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationService method validate.
@Transactional(Transactional.TxType.REQUIRED)
public void validate(long trustAnchorId) {
Map<URI, RpkiRepository> registeredRepositories = new HashMap<>();
entityManager.setFlushMode(FlushModeType.COMMIT);
TrustAnchor trustAnchor = trustAnchors.get(trustAnchorId);
log.info("starting tree validation for {}", trustAnchor);
CertificateTreeValidationRun validationRun = new CertificateTreeValidationRun(trustAnchor);
validationRuns.add(validationRun);
String trustAnchorLocation = trustAnchor.getLocations().get(0);
ValidationResult validationResult = ValidationResult.withLocation(trustAnchorLocation);
try {
X509ResourceCertificate certificate = trustAnchor.getCertificate();
validationResult.rejectIfNull(certificate, VALIDATOR_TRUST_ANCHOR_CERTIFICATE_AVAILABLE);
if (certificate == null) {
return;
}
CertificateRepositoryObjectValidationContext context = new CertificateRepositoryObjectValidationContext(URI.create(trustAnchorLocation), certificate);
certificate.validate(trustAnchorLocation, context, null, null, VALIDATION_OPTIONS, validationResult);
if (validationResult.hasFailureForCurrentLocation()) {
return;
}
URI locationUri = Objects.firstNonNull(certificate.getRrdpNotifyUri(), certificate.getRepositoryUri());
validationResult.warnIfNull(locationUri, VALIDATOR_TRUST_ANCHOR_CERTIFICATE_RRDP_NOTIFY_URI_OR_REPOSITORY_URI_PRESENT);
if (locationUri == null) {
return;
}
validationRun.getValidatedObjects().addAll(validateCertificateAuthority(trustAnchor, registeredRepositories, context, validationResult));
entityManager.setFlushMode(FlushModeType.AUTO);
if (isValidationRunCompleted(validationResult)) {
trustAnchor.markInitialCertificateTreeValidationRunCompleted();
if (!settings.isInitialValidationRunCompleted() && trustAnchors.allInitialCertificateTreeValidationRunsCompleted()) {
settings.markInitialValidationRunCompleted();
log.info("All trust anchors have completed their initial certificate tree validation run, validator is now ready");
}
}
validatedRpkiObjects.update(trustAnchor, validationRun.getValidatedObjects());
} finally {
validationRun.completeWith(validationResult);
log.info("tree validation {} for {}", validationRun.getStatus(), trustAnchor);
}
}
Also used :
CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext)
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
ValidationString(net.ripe.rpki.commons.validation.ValidationString)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
URI(java.net.URI)
Transactional(javax.transaction.Transactional)
Example 3 with X509ResourceCertificate
use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.
the class RpkiObjectCleanupService method cleanupRpkiObjects.
/**
* Marks all RPKI objects that are reachable from a trust anchor by following the entries in the manifests.
* Objects that are no longer reachable will be deleted after a configurable grace duration.
*/
@Scheduled(initialDelay = 60_000, fixedDelayString = "${rpki.validator.rpki.object.cleanup.interval.ms}")
public long cleanupRpkiObjects() {
Instant now = Instant.now();
for (TrustAnchor trustAnchor : trustAnchors.findAll()) {
transactionTemplate.execute((status) -> {
entityManager.setFlushMode(FlushModeType.COMMIT);
log.debug("tracing objects for trust anchor {}", trustAnchor);
X509ResourceCertificate resourceCertificate = trustAnchor.getCertificate();
if (resourceCertificate != null) {
traceCertificateAuthority(now, resourceCertificate);
}
return null;
});
}
return deleteUnreachableObjects(now);
}
Also used :
Instant(java.time.Instant)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
Scheduled(org.springframework.scheduling.annotation.Scheduled)
Example 4 with X509ResourceCertificate
use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationService method validateCertificateAuthority.
private List<RpkiObject> validateCertificateAuthority(TrustAnchor trustAnchor, Map<URI, RpkiRepository> registeredRepositories, CertificateRepositoryObjectValidationContext context, ValidationResult validationResult) {
final List<RpkiObject> validatedObjects = new ArrayList<>();
ValidationLocation certificateLocation = validationResult.getCurrentLocation();
ValidationResult temporary = ValidationResult.withLocation(certificateLocation);
try {
RpkiRepository rpkiRepository = registerRepository(trustAnchor, registeredRepositories, context);
temporary.warnIfTrue(rpkiRepository.isPending(), VALIDATOR_RPKI_REPOSITORY_PENDING, rpkiRepository.getLocationUri());
if (rpkiRepository.isPending()) {
return validatedObjects;
}
X509ResourceCertificate certificate = context.getCertificate();
URI manifestUri = certificate.getManifestUri();
temporary.setLocation(new ValidationLocation(manifestUri));
Optional<RpkiObject> manifestObject = rpkiObjects.findLatestByTypeAndAuthorityKeyIdentifier(RpkiObject.Type.MFT, context.getSubjectKeyIdentifier());
if (!manifestObject.isPresent()) {
if (rpkiRepository.getStatus() == RpkiRepository.Status.FAILED) {
temporary.error(ValidationString.VALIDATOR_NO_MANIFEST_REPOSITORY_FAILED, rpkiRepository.getLocationUri());
} else {
temporary.error(ValidationString.VALIDATOR_NO_LOCAL_MANIFEST_NO_MANIFEST_IN_REPOSITORY, rpkiRepository.getLocationUri());
}
}
Optional<ManifestCms> maybeManifest = manifestObject.flatMap(x -> rpkiObjects.findCertificateRepositoryObject(x.getId(), ManifestCms.class, temporary));
temporary.rejectIfTrue(manifestObject.isPresent() && rpkiRepository.getStatus() == RpkiRepository.Status.FAILED && maybeManifest.isPresent() && maybeManifest.get().isPastValidityTime(), ValidationString.VALIDATOR_OLD_LOCAL_MANIFEST_REPOSITORY_FAILED, rpkiRepository.getLocationUri());
if (temporary.hasFailureForCurrentLocation()) {
return validatedObjects;
}
ManifestCms manifest = maybeManifest.get();
List<Map.Entry<String, byte[]>> crlEntries = manifest.getFiles().entrySet().stream().filter((entry) -> RepositoryObjectType.parse(entry.getKey()) == RepositoryObjectType.Crl).collect(toList());
temporary.rejectIfFalse(crlEntries.size() == 1, VALIDATOR_MANIFEST_CONTAINS_ONE_CRL_ENTRY, String.valueOf(crlEntries.size()));
if (temporary.hasFailureForCurrentLocation()) {
return validatedObjects;
}
Map.Entry<String, byte[]> crlEntry = crlEntries.get(0);
URI crlUri = manifestUri.resolve(crlEntry.getKey());
Optional<RpkiObject> crlObject = rpkiObjects.findBySha256(crlEntry.getValue());
temporary.rejectIfFalse(crlObject.isPresent(), VALIDATOR_CRL_FOUND, crlUri.toASCIIString());
if (temporary.hasFailureForCurrentLocation()) {
return validatedObjects;
}
temporary.setLocation(new ValidationLocation(crlUri));
Optional<X509Crl> crl = crlObject.flatMap(x -> rpkiObjects.findCertificateRepositoryObject(x.getId(), X509Crl.class, temporary));
if (temporary.hasFailureForCurrentLocation()) {
return validatedObjects;
}
crl.get().validate(crlUri.toASCIIString(), context, null, VALIDATION_OPTIONS, temporary);
if (temporary.hasFailureForCurrentLocation()) {
return validatedObjects;
}
temporary.setLocation(new ValidationLocation(manifestUri));
manifest.validate(manifestUri.toASCIIString(), context, crl.get(), manifest.getCrlUri(), VALIDATION_OPTIONS, temporary);
if (temporary.hasFailureForCurrentLocation()) {
return validatedObjects;
}
validatedObjects.add(manifestObject.get());
Map<URI, RpkiObject> manifestEntries = retrieveManifestEntries(manifest, manifestUri, temporary);
manifestEntries.forEach((location, obj) -> {
temporary.setLocation(new ValidationLocation(location));
Optional<CertificateRepositoryObject> maybeCertificateRepositoryObject = rpkiObjects.findCertificateRepositoryObject(obj.getId(), CertificateRepositoryObject.class, temporary);
if (temporary.hasFailureForCurrentLocation()) {
return;
}
maybeCertificateRepositoryObject.ifPresent(certificateRepositoryObject -> {
certificateRepositoryObject.validate(location.toASCIIString(), context, crl.get(), crlUri, VALIDATION_OPTIONS, temporary);
if (!temporary.hasFailureForCurrentLocation()) {
validatedObjects.add(obj);
}
if (certificateRepositoryObject instanceof X509ResourceCertificate && ((X509ResourceCertificate) certificateRepositoryObject).isCa() && !temporary.hasFailureForCurrentLocation()) {
CertificateRepositoryObjectValidationContext childContext = context.createChildContext(location, (X509ResourceCertificate) certificateRepositoryObject);
validatedObjects.addAll(validateCertificateAuthority(trustAnchor, registeredRepositories, childContext, temporary));
}
});
});
} catch (Exception e) {
log.debug("e", e);
validationResult.error(ErrorCodes.UNHANDLED_EXCEPTION, e.toString(), ExceptionUtils.getStackTrace(e));
} finally {
validationResult.addAll(temporary);
}
return validatedObjects;
}
Also used :
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns)
Arrays(java.util.Arrays)
CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject)
Autowired(org.springframework.beans.factory.annotation.Autowired)
FlushModeType(javax.persistence.FlushModeType)
HashMap(java.util.HashMap)
ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes)
ArrayList(java.util.ArrayList)
ValidationOptions(net.ripe.rpki.commons.validation.ValidationOptions)
LinkedHashMap(java.util.LinkedHashMap)
RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories)
CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects)
Service(org.springframework.stereotype.Service)
Map(java.util.Map)
URI(java.net.URI)
Objects(com.google.common.base.Objects)
CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
ValidationStatus(net.ripe.rpki.commons.validation.ValidationStatus)
ValidatedRpkiObjects(net.ripe.rpki.validator3.domain.ValidatedRpkiObjects)
Transactional(javax.transaction.Transactional)
TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors)
RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject)
EntityManager(javax.persistence.EntityManager)
X509Crl(net.ripe.rpki.commons.crypto.crl.X509Crl)
RepositoryObjectType(net.ripe.rpki.commons.util.RepositoryObjectType)
ValidationLocation(net.ripe.rpki.commons.validation.ValidationLocation)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
Optional(java.util.Optional)
Settings(net.ripe.rpki.validator3.domain.Settings)
ManifestCms(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms)
ValidationString(net.ripe.rpki.commons.validation.ValidationString)
ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils)
X509Crl(net.ripe.rpki.commons.crypto.crl.X509Crl)
CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext)
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
ArrayList(java.util.ArrayList)
ValidationLocation(net.ripe.rpki.commons.validation.ValidationLocation)
ValidationString(net.ripe.rpki.commons.validation.ValidationString)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
URI(java.net.URI)
RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject)
ManifestCms(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms)
CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 5 with X509ResourceCertificate
use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationService method parseCertificate.
private X509ResourceCertificate parseCertificate(TrustAnchor trustAnchor, File certificateFile, ValidationResult validationResult) throws IOException {
CertificateRepositoryObject trustAnchorCertificate = CertificateRepositoryObjectFactory.createCertificateRepositoryObject(Files.toByteArray(certificateFile), validationResult);
validationResult.rejectIfFalse(trustAnchorCertificate instanceof X509ResourceCertificate, ErrorCodes.REPOSITORY_OBJECT_IS_TRUST_ANCHOR_CERTIFICATE, trustAnchor.getRsyncPrefetchUri());
if (validationResult.hasFailureForCurrentLocation()) {
return null;
}
X509ResourceCertificate certificate = (X509ResourceCertificate) trustAnchorCertificate;
String encodedSubjectPublicKeyInfo = X509CertificateUtil.getEncodedSubjectPublicKeyInfo(certificate.getCertificate());
validationResult.rejectIfFalse(encodedSubjectPublicKeyInfo.equals(trustAnchor.getSubjectPublicKeyInfo()), "trust.anchor.subject.key.matches.locator");
boolean signatureValid;
try {
certificate.getCertificate().verify(certificate.getPublicKey());
signatureValid = true;
} catch (GeneralSecurityException e) {
signatureValid = false;
}
validationResult.rejectIfFalse(signatureValid, ErrorCodes.TRUST_ANCHOR_SIGNATURE, trustAnchor.getRsyncPrefetchUri(), trustAnchor.getSubjectPublicKeyInfo());
return certificate;
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
Aggregations
X509ResourceCertificate (net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)8
URI (java.net.URI)4
Transactional (javax.transaction.Transactional)4
ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)4
TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)3
IOException (java.io.IOException)2
KeyPair (java.security.KeyPair)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
List (java.util.List)2
Collectors.toList (java.util.stream.Collectors.toList)2
CertificateRepositoryObject (net.ripe.rpki.commons.crypto.CertificateRepositoryObject)2
ManifestCms (net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms)2
X509Crl (net.ripe.rpki.commons.crypto.crl.X509Crl)2
ValidationString (net.ripe.rpki.commons.validation.ValidationString)2
Objects (com.google.common.base.Objects)1
Resources (com.google.common.io.Resources)1
File (java.io.File)1
BigInteger (java.math.BigInteger)1
