Example 1 with CommandExecutionException
use of net.ripe.rpki.commons.rsync.CommandExecutionException in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationService method validate.
@Transactional(Transactional.TxType.REQUIRED)
public void validate(long trustAnchorId) {
TrustAnchor trustAnchor = trustAnchorRepository.get(trustAnchorId);
log.debug("trust anchor {} located at {} with subject public key info {}", trustAnchor.getName(), trustAnchor.getLocations(), trustAnchor.getSubjectPublicKeyInfo());
TrustAnchorValidationRun validationRun = new TrustAnchorValidationRun(trustAnchor);
validationRunRepository.add(validationRun);
try {
boolean updated = false;
URI trustAnchorCertificateURI = URI.create(validationRun.getTrustAnchorCertificateURI()).normalize();
ValidationResult validationResult = ValidationResult.withLocation(trustAnchorCertificateURI);
File targetFile = fetchTrustAnchorCertificate(trustAnchorCertificateURI, validationResult);
if (!validationResult.hasFailureForCurrentLocation()) {
long trustAnchorCertificateSize = targetFile.length();
if (trustAnchorCertificateSize < RpkiObject.MIN_SIZE) {
validationResult.error(ErrorCodes.REPOSITORY_OBJECT_MINIMUM_SIZE, trustAnchorCertificateURI.toASCIIString(), String.valueOf(trustAnchorCertificateSize), String.valueOf(RpkiObject.MIN_SIZE));
} else if (trustAnchorCertificateSize > RpkiObject.MAX_SIZE) {
validationResult.error(ErrorCodes.REPOSITORY_OBJECT_MAXIMUM_SIZE, trustAnchorCertificateURI.toASCIIString(), String.valueOf(trustAnchorCertificateSize), String.valueOf(RpkiObject.MAX_SIZE));
} else {
X509ResourceCertificate certificate = parseCertificate(trustAnchor, targetFile, validationResult);
if (!validationResult.hasFailureForCurrentLocation()) {
// validity time?
int comparedSerial = trustAnchor.getCertificate() == null ? 1 : trustAnchor.getCertificate().getSerialNumber().compareTo(certificate.getSerialNumber());
validationResult.warnIfTrue(comparedSerial < 0, "repository.object.is.older.than.previous.object", trustAnchorCertificateURI.toASCIIString());
if (comparedSerial > 0) {
trustAnchor.setCertificate(certificate);
updated = true;
}
}
}
}
validationRun.completeWith(validationResult);
if (updated) {
validationRunRepository.runCertificateTreeValidation(trustAnchor);
}
} catch (CommandExecutionException | IOException e) {
log.error("validation run for trust anchor {} failed", trustAnchor, e);
validationRun.addCheck(new ValidationCheck(validationRun, validationRun.getTrustAnchorCertificateURI(), ValidationCheck.Status.ERROR, ErrorCodes.UNHANDLED_EXCEPTION, e.toString()));
validationRun.setFailed();
}
}
Also used :
CommandExecutionException(net.ripe.rpki.commons.rsync.CommandExecutionException)
X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)
IOException(java.io.IOException)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
URI(java.net.URI)
File(java.io.File)
Transactional(javax.transaction.Transactional)
Aggregations
File (java.io.File)1
IOException (java.io.IOException)1
URI (java.net.URI)1
Transactional (javax.transaction.Transactional)1
X509ResourceCertificate (net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate)1
CommandExecutionException (net.ripe.rpki.commons.rsync.CommandExecutionException)1
ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)1
