Examples with CertificateTreeValidationRun net.ripe.rpki.validator3.domain.CertificateTreeValidationRun used on opensource projects

Search in sources :

Example 6 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_available_but_no_manifest.

@Test
public void should_report_proper_error_when_repository_is_available_but_no_manifest() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTypicalTa(childKeyPair);
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    final URI manifestUri = ta.getCertificate().getManifestUri();
    final Optional<RpkiObject> mft = rpkiObjects.all().filter(o -> o.getLocations().contains(manifestUri.toASCIIString())).findFirst();
    mft.ifPresent(m -> rpkiObjects.remove(m));
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_NO_LOCAL_MANIFEST_NO_MANIFEST_IN_REPOSITORY);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) KeyPair(java.security.KeyPair) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) URI(java.net.URI) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 7 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationService method validate.

@Transactional(Transactional.TxType.REQUIRED)
public void validate(long trustAnchorId) {
    Map<URI, RpkiRepository> registeredRepositories = new HashMap<>();
    entityManager.setFlushMode(FlushModeType.COMMIT);
    TrustAnchor trustAnchor = trustAnchors.get(trustAnchorId);
    log.info("starting tree validation for {}", trustAnchor);
    CertificateTreeValidationRun validationRun = new CertificateTreeValidationRun(trustAnchor);
    validationRuns.add(validationRun);
    String trustAnchorLocation = trustAnchor.getLocations().get(0);
    ValidationResult validationResult = ValidationResult.withLocation(trustAnchorLocation);
    try {
        X509ResourceCertificate certificate = trustAnchor.getCertificate();
        validationResult.rejectIfNull(certificate, VALIDATOR_TRUST_ANCHOR_CERTIFICATE_AVAILABLE);
        if (certificate == null) {
            return;
        }
        CertificateRepositoryObjectValidationContext context = new CertificateRepositoryObjectValidationContext(URI.create(trustAnchorLocation), certificate);
        certificate.validate(trustAnchorLocation, context, null, null, VALIDATION_OPTIONS, validationResult);
        if (validationResult.hasFailureForCurrentLocation()) {
            return;
        }
        URI locationUri = Objects.firstNonNull(certificate.getRrdpNotifyUri(), certificate.getRepositoryUri());
        validationResult.warnIfNull(locationUri, VALIDATOR_TRUST_ANCHOR_CERTIFICATE_RRDP_NOTIFY_URI_OR_REPOSITORY_URI_PRESENT);
        if (locationUri == null) {
            return;
        }
        validationRun.getValidatedObjects().addAll(validateCertificateAuthority(trustAnchor, registeredRepositories, context, validationResult));
        entityManager.setFlushMode(FlushModeType.AUTO);
        if (isValidationRunCompleted(validationResult)) {
            trustAnchor.markInitialCertificateTreeValidationRunCompleted();
            if (!settings.isInitialValidationRunCompleted() && trustAnchors.allInitialCertificateTreeValidationRunsCompleted()) {
                settings.markInitialValidationRunCompleted();
                log.info("All trust anchors have completed their initial certificate tree validation run, validator is now ready");
            }
        }
        validatedRpkiObjects.update(trustAnchor, validationRun.getValidatedObjects());
    } finally {
        validationRun.completeWith(validationResult);
        log.info("tree validation {} for {}", validationRun.getStatus(), trustAnchor);
    }
}
Also used : CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationString(net.ripe.rpki.commons.validation.ValidationString) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) URI(java.net.URI) Transactional(javax.transaction.Transactional)

Example 8 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_register_rpki_repositories.

@Test
public void should_register_rpki_repositories() {
    TrustAnchor ta = factory.createRipeNccTrustAnchor();
    trustAnchors.add(ta);
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, "https://rrdp.ripe.net/notification.xml");
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 9 with CertificateTreeValidationRun

use of net.ripe.rpki.validator3.domain.CertificateTreeValidationRun in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_minimal_trust_anchor.

@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_minimal_trust_anchor() {
    TrustAnchor ta = factory.createTrustAnchor(x -> {
    });
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getValidationChecks()).isEmpty();
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(result.getValidatedObjects()).extracting((x) -> x.getLocations().first()).containsExactlyInAnyOrder("rsync://rpki.test/test-trust-anchor.mft", "rsync://rpki.test/test-trust-anchor.crl");
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Ignore(org.junit.Ignore) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)9 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)9 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)8 Test (org.junit.Test)8 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)7 KeyPair (java.security.KeyPair)6 Pair (org.apache.commons.lang3.tuple.Pair)5 URI (java.net.URI)4 X500Principal (javax.security.auth.x500.X500Principal)4 Transactional (javax.transaction.Transactional)4 ValidityPeriod (net.ripe.rpki.commons.crypto.ValidityPeriod)4 X509RouterCertificate (net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate)4 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)4 ValidationString (net.ripe.rpki.commons.validation.ValidationString)4 TrustAnchorsFactory (net.ripe.rpki.validator3.domain.TrustAnchorsFactory)4 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)4 Ignore (org.junit.Ignore)4 Arrays (java.util.Arrays)3 Collections (java.util.Collections)3 List (java.util.List)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial