Search in sources :

Example 1 with X509RouterCertificate

use of net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_child_ca.

@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_child_ca() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        TrustAnchorsFactory.CertificateAuthority child = TrustAnchorsFactory.CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
        x.children(Arrays.asList(child));
    });
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
    List<Pair<CertificateTreeValidationRun, RpkiObject>> validated = rpkiObjects.findCurrentlyValidated(RpkiObject.Type.CER).collect(toList());
    assertThat(validated).hasSize(1);
    assertThat(validated.get(0).getLeft()).isEqualTo(completed.get(0));
    Optional<X509RouterCertificate> cro = rpkiObjects.findCertificateRepositoryObject(validated.get(0).getRight().getId(), X509RouterCertificate.class, ValidationResult.withLocation("ignored.cer"));
    assertThat(cro).isPresent().hasValueSatisfying(x -> assertThat(x.getSubject()).isEqualTo(new X500Principal("CN=child-ca")));
}
Also used : X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) X500Principal(javax.security.auth.x500.X500Principal) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) KeyPair(java.security.KeyPair) Pair(org.apache.commons.lang3.tuple.Pair) Ignore(org.junit.Ignore) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

KeyPair (java.security.KeyPair)1 X500Principal (javax.security.auth.x500.X500Principal)1 X509RouterCertificate (net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate)1 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)1 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)1 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)1 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)1 TrustAnchorsFactory (net.ripe.rpki.validator3.domain.TrustAnchorsFactory)1 Pair (org.apache.commons.lang3.tuple.Pair)1 Ignore (org.junit.Ignore)1 Test (org.junit.Test)1