Examples with X509ResourceCertificate net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate used on opensource projects

Search in sources :

Example 6 with X509ResourceCertificate

use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationService method validate.

@Transactional(Transactional.TxType.REQUIRED)
public void validate(long trustAnchorId) {
    TrustAnchor trustAnchor = trustAnchorRepository.get(trustAnchorId);
    log.debug("trust anchor {} located at {} with subject public key info {}", trustAnchor.getName(), trustAnchor.getLocations(), trustAnchor.getSubjectPublicKeyInfo());
    TrustAnchorValidationRun validationRun = new TrustAnchorValidationRun(trustAnchor);
    validationRunRepository.add(validationRun);
    try {
        boolean updated = false;
        URI trustAnchorCertificateURI = URI.create(validationRun.getTrustAnchorCertificateURI()).normalize();
        ValidationResult validationResult = ValidationResult.withLocation(trustAnchorCertificateURI);
        File targetFile = fetchTrustAnchorCertificate(trustAnchorCertificateURI, validationResult);
        if (!validationResult.hasFailureForCurrentLocation()) {
            long trustAnchorCertificateSize = targetFile.length();
            if (trustAnchorCertificateSize < RpkiObject.MIN_SIZE) {
                validationResult.error(ErrorCodes.REPOSITORY_OBJECT_MINIMUM_SIZE, trustAnchorCertificateURI.toASCIIString(), String.valueOf(trustAnchorCertificateSize), String.valueOf(RpkiObject.MIN_SIZE));
            } else if (trustAnchorCertificateSize > RpkiObject.MAX_SIZE) {
                validationResult.error(ErrorCodes.REPOSITORY_OBJECT_MAXIMUM_SIZE, trustAnchorCertificateURI.toASCIIString(), String.valueOf(trustAnchorCertificateSize), String.valueOf(RpkiObject.MAX_SIZE));
            } else {
                X509ResourceCertificate certificate = parseCertificate(trustAnchor, targetFile, validationResult);
                if (!validationResult.hasFailureForCurrentLocation()) {
                    // validity time?
                    int comparedSerial = trustAnchor.getCertificate() == null ? 1 : trustAnchor.getCertificate().getSerialNumber().compareTo(certificate.getSerialNumber());
                    validationResult.warnIfTrue(comparedSerial < 0, "repository.object.is.older.than.previous.object", trustAnchorCertificateURI.toASCIIString());
                    if (comparedSerial > 0) {
                        trustAnchor.setCertificate(certificate);
                        updated = true;
                    }
                }
            }
        }
        validationRun.completeWith(validationResult);
        if (updated) {
            validationRunRepository.runCertificateTreeValidation(trustAnchor);
        }
    } catch (CommandExecutionException | IOException e) {
        log.error("validation run for trust anchor {} failed", trustAnchor, e);
        validationRun.addCheck(new ValidationCheck(validationRun, validationRun.getTrustAnchorCertificateURI(), ValidationCheck.Status.ERROR, ErrorCodes.UNHANDLED_EXCEPTION, e.toString()));
        validationRun.setFailed();
    }
}
Also used : CommandExecutionException(net.ripe.rpki.commons.rsync.CommandExecutionException) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) IOException(java.io.IOException) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) URI(java.net.URI) File(java.io.File) Transactional(javax.transaction.Transactional)

Example 7 with X509ResourceCertificate

use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method test_success.

@Test
public void test_success() {
    TrustAnchor ta = createRipeNccTrustAnchor();
    trustAnchors.add(ta);
    ta.setLocations(Arrays.asList("src/test/resources/ripe-ncc-ta.cer"));
    subject.validate(ta.getId());
    ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
    X509ResourceCertificate certificate = ta.getCertificate();
    assertThat(certificate).isNotNull();
    Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
    assertThat(validationRun).isPresent();
    assertThat(validationRun.get().getStatus()).isEqualTo(ValidationRun.Status.SUCCEEDED);
    assertThat(validationRun.get().getValidationChecks()).isEmpty();
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 8 with X509ResourceCertificate

use of net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorsFactory method createTrustAnchor.

public TrustAnchor createTrustAnchor(Consumer<CertificateAuthority.CertificateAuthorityBuilder> configure, ValidityPeriod mftValidityPeriod) {
    KeyPair rootKeyPair = KEY_PAIR_FACTORY.generate();
    CertificateAuthority.CertificateAuthorityBuilder builder = CertificateAuthority.builder().dn("CN=test-trust-anchor").keyPair(rootKeyPair).certificateLocation("rsync://rpki.test/test-trust-anchor.cer").resources(IpResourceSet.parse("0.0.0.0/0")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI(TA_MANIFEST_URI).repositoryURI(TA_CA_REPOSITORY_URI).crlDistributionPoint(TA_CRL_URI);
    configure.accept(builder);
    CertificateAuthority root = builder.build();
    X509ResourceCertificate certificate = createCertificateAuthority(root, root, mftValidityPeriod);
    TrustAnchor ta = new TrustAnchor();
    ta.setName(root.dn);
    ta.getLocations().add(root.certificateLocation);
    ta.setCertificate(certificate);
    ta.setSubjectPublicKeyInfo(X509CertificateUtil.getEncodedSubjectPublicKeyInfo(certificate.getCertificate()));
    return ta;
}
Also used : KeyPair(java.security.KeyPair) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)

Aggregations

X509ResourceCertificate (net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)8 URI (java.net.URI)4 Transactional (javax.transaction.Transactional)4 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)4 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)3 IOException (java.io.IOException)2 KeyPair (java.security.KeyPair)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 List (java.util.List)2 Collectors.toList (java.util.stream.Collectors.toList)2 CertificateRepositoryObject (net.ripe.rpki.commons.crypto.CertificateRepositoryObject)2 ManifestCms (net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms)2 X509Crl (net.ripe.rpki.commons.crypto.crl.X509Crl)2 ValidationString (net.ripe.rpki.commons.validation.ValidationString)2 Objects (com.google.common.base.Objects)1 Resources (com.google.common.io.Resources)1 File (java.io.File)1 BigInteger (java.math.BigInteger)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial