Example 1 with X509RouterCertificate
use of net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationServiceTest method should_validate_child_ca.
@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_child_ca() {
KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
TrustAnchor ta = factory.createTrustAnchor(x -> {
TrustAnchorsFactory.CertificateAuthority child = TrustAnchorsFactory.CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
x.children(Arrays.asList(child));
});
trustAnchors.add(ta);
RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
repository.setDownloaded();
entityManager.flush();
subject.validate(ta.getId());
entityManager.flush();
List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
assertThat(completed).hasSize(1);
assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
List<Pair<CertificateTreeValidationRun, RpkiObject>> validated = rpkiObjects.findCurrentlyValidated(RpkiObject.Type.CER).collect(toList());
assertThat(validated).hasSize(1);
assertThat(validated.get(0).getLeft()).isEqualTo(completed.get(0));
Optional<X509RouterCertificate> cro = rpkiObjects.findCertificateRepositoryObject(validated.get(0).getRight().getId(), X509RouterCertificate.class, ValidationResult.withLocation("ignored.cer"));
assertThat(cro).isPresent().hasValueSatisfying(x -> assertThat(x.getSubject()).isEqualTo(new X500Principal("CN=child-ca")));
}
Also used :
X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate)
KeyPair(java.security.KeyPair)
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)
X500Principal(javax.security.auth.x500.X500Principal)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory)
KeyPair(java.security.KeyPair)
Pair(org.apache.commons.lang3.tuple.Pair)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)
Aggregations
KeyPair (java.security.KeyPair)1
X500Principal (javax.security.auth.x500.X500Principal)1
X509RouterCertificate (net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate)1
IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)1
CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)1
RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)1
TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)1
TrustAnchorsFactory (net.ripe.rpki.validator3.domain.TrustAnchorsFactory)1
Pair (org.apache.commons.lang3.tuple.Pair)1
Ignore (org.junit.Ignore)1
Test (org.junit.Test)1
