Search in sources :

Example 1 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_available_but_manifest_is_invalid.

@Test
public void should_report_proper_error_when_repository_is_available_but_manifest_is_invalid() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    final ValidityPeriod mftValidityPeriod = new ValidityPeriod(Instant.now().minus(Duration.standardDays(2)), Instant.now().minus(Duration.standardDays(1)));
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        CertificateAuthority child = CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
        x.children(Collections.singletonList(child));
    }, mftValidityPeriod);
    trustAnchors.add(ta);
    entityManager.flush();
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setFailed();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_OLD_LOCAL_MANIFEST_REPOSITORY_FAILED);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 2 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_register_rsync_repositories.

@Test
public void should_register_rsync_repositories() {
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        x.notifyURI(null);
        x.repositoryURI(TA_CA_REPOSITORY_URI);
    });
    trustAnchors.add(ta);
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, TA_CA_REPOSITORY_URI);
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 3 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_child_ca.

@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_child_ca() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        TrustAnchorsFactory.CertificateAuthority child = TrustAnchorsFactory.CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
        x.children(Arrays.asList(child));
    });
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
    List<Pair<CertificateTreeValidationRun, RpkiObject>> validated = rpkiObjects.findCurrentlyValidated(RpkiObject.Type.CER).collect(toList());
    assertThat(validated).hasSize(1);
    assertThat(validated.get(0).getLeft()).isEqualTo(completed.get(0));
    Optional<X509RouterCertificate> cro = rpkiObjects.findCertificateRepositoryObject(validated.get(0).getRight().getId(), X509RouterCertificate.class, ValidationResult.withLocation("ignored.cer"));
    assertThat(cro).isPresent().hasValueSatisfying(x -> assertThat(x.getSubject()).isEqualTo(new X500Principal("CN=child-ca")));
}
Also used : X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) X500Principal(javax.security.auth.x500.X500Principal) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) KeyPair(java.security.KeyPair) Pair(org.apache.commons.lang3.tuple.Pair) Ignore(org.junit.Ignore) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 4 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_roa.

@Test
public void should_validate_roa() {
    TrustAnchor ta = factory.createTrustAnchor(x -> x.roaPrefixes(Collections.singletonList(RoaPrefix.of(IpRange.prefix(IpAddress.parse("192.168.0.0"), 16), 24, Asn.parse("64512")))));
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    List<Pair<CertificateTreeValidationRun, RpkiObject>> validatedRoas = rpkiObjects.findCurrentlyValidated(RpkiObject.Type.ROA).collect(toList());
    assertThat(validatedRoas).hasSize(1);
    assertThat(validatedRoas.get(0).getLeft()).isEqualTo(result);
    assertThat(validatedRoas.get(0).getRight().getRoaPrefixes()).hasSize(1);
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) KeyPair(java.security.KeyPair) Pair(org.apache.commons.lang3.tuple.Pair) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 5 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_unavailable.

@Test
public void should_report_proper_error_when_repository_is_unavailable() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTypicalTa(childKeyPair);
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setFailed();
    entityManager.flush();
    final URI manifestUri = ta.getCertificate().getManifestUri();
    final Optional<RpkiObject> mft = rpkiObjects.all().filter(o -> o.getLocations().contains(manifestUri.toASCIIString())).findFirst();
    mft.ifPresent(m -> rpkiObjects.remove(m));
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_NO_MANIFEST_REPOSITORY_FAILED);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) KeyPair(java.security.KeyPair) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) URI(java.net.URI) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)9 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)9 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)8 Test (org.junit.Test)8 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)7 KeyPair (java.security.KeyPair)6 Pair (org.apache.commons.lang3.tuple.Pair)5 URI (java.net.URI)4 X500Principal (javax.security.auth.x500.X500Principal)4 Transactional (javax.transaction.Transactional)4 ValidityPeriod (net.ripe.rpki.commons.crypto.ValidityPeriod)4 X509RouterCertificate (net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate)4 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)4 ValidationString (net.ripe.rpki.commons.validation.ValidationString)4 TrustAnchorsFactory (net.ripe.rpki.validator3.domain.TrustAnchorsFactory)4 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)4 Ignore (org.junit.Ignore)4 Arrays (java.util.Arrays)3 Collections (java.util.Collections)3 List (java.util.List)3