use of net.ripe.rpki.commons.rsync.Rsync in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationService method fetchTrustAnchorCertificate.
private File fetchTrustAnchorCertificate(URI trustAnchorCertificateURI, ValidationResult validationResult) throws IOException {
File targetFile = RsyncUtils.localFileFromRsyncUri(localRsyncStorageDirectory, trustAnchorCertificateURI);
if (targetFile.getParentFile().mkdirs()) {
log.info("created local rsync storage directory {} for trust anchor {}", targetFile.getParentFile(), trustAnchorCertificateURI);
}
Rsync rsync = new Rsync(trustAnchorCertificateURI.toASCIIString(), targetFile.getPath());
rsync.addOptions("--update", "--times", "--copy-links");
int exitStatus = rsync.execute();
if (exitStatus != 0) {
validationResult.error(ErrorCodes.RSYNC_FETCH, String.valueOf(exitStatus), ArrayUtils.toString(rsync.getErrorLines()));
return null;
} else {
log.info("Downloaded certificate {} to {}", trustAnchorCertificateURI, targetFile);
return targetFile;
}
}
use of net.ripe.rpki.commons.rsync.Rsync in project rpki-validator-3 by RIPE-NCC.
the class RpkiRepositoryValidationService method fetchRsyncRepository.
private void fetchRsyncRepository(RpkiRepository rpkiRepository, File targetDirectory, ValidationResult validationResult) throws IOException {
if (targetDirectory.mkdirs()) {
log.info("created local rsync storage directory {} for repository {}", targetDirectory, rpkiRepository);
}
Rsync rsync = new Rsync(rpkiRepository.getLocationUri(), targetDirectory.getPath());
rsync.addOptions("--update", "--times", "--copy-links", "--recursive", "--delete");
int exitStatus = rsync.execute();
validationResult.rejectIfTrue(exitStatus != 0, ErrorCodes.RSYNC_FETCH, String.valueOf(exitStatus), ArrayUtils.toString(rsync.getErrorLines()));
if (validationResult.hasFailureForCurrentLocation()) {
rpkiRepository.setFailed();
} else {
log.info("Downloaded repository {} to {}", rpkiRepository.getRsyncRepositoryUri(), targetDirectory);
}
}
use of net.ripe.rpki.commons.rsync.Rsync in project rpki-validator-3 by RIPE-NCC.
the class RpkiRepositoryValidationService method validateRsyncRepositories.
@Scheduled(initialDelay = 10_000, fixedDelay = 10_000)
public void validateRsyncRepositories() {
entityManager.setFlushMode(FlushModeType.COMMIT);
Instant cutoffTime = Instant.now().minus(rsyncRepositoryDownloadInterval);
log.info("updating all rsync repositories that have not been downloaded since {}", cutoffTime);
Set<TrustAnchor> affectedTrustAnchors = new HashSet<>();
final RsyncRepositoryValidationRun validationRun = new RsyncRepositoryValidationRun();
validationRunRepository.add(validationRun);
Stream<RpkiRepository> repositories = rpkiRepositories.findRsyncRepositories();
Map<String, RpkiObject> objectsBySha256 = new HashMap<>();
Map<URI, RpkiRepository> fetchedLocations = new HashMap<>();
ValidationResult results = repositories.filter((repository) -> {
boolean needsUpdate = repository.isPending() || repository.getLastDownloadedAt() == null || repository.getLastDownloadedAt().isBefore(cutoffTime);
if (!needsUpdate) {
fetchedLocations.put(URI.create(repository.getRsyncRepositoryUri()), repository);
}
return needsUpdate;
}).map((repository) -> processRsyncRepository(affectedTrustAnchors, validationRun, fetchedLocations, objectsBySha256, repository)).collect(() -> ValidationResult.withLocation("placeholder"), ValidationResult::addAll, ValidationResult::addAll);
validationRun.completeWith(results);
affectedTrustAnchors.forEach(validationRunRepository::runCertificateTreeValidation);
}
Aggregations