Examples with RpkiObject net.ripe.rpki.validator3.domain.RpkiObject used on opensource projects

Search in sources :

Example 1 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RpkiObjectCleanupServiceTest method should_delete_objects_not_reachable_from_manifest.

@Test
public void should_delete_objects_not_reachable_from_manifest() {
    TrustAnchor trustAnchor = factory.createTrustAnchor(ta -> {
        ta.roaPrefixes(Arrays.asList(RoaPrefix.of(IpRange.parse("127.0.0.0/8"), null, Asn.parse("123"))));
    });
    // No orphans, so nothing to delete
    assertThat(subject.cleanupRpkiObjects()).isEqualTo(0);
    RpkiObject orphan = new RpkiObject("rsync://localhost/orphan.cer", new X509ResourceCertificateBuilder().withResources(IpResourceSet.parse("10.0.0.0/8")).withIssuerDN(trustAnchor.getCertificate().getSubject()).withSubjectDN(new X500Principal("CN=orphan")).withSerial(factory.nextSerial()).withPublicKey(KEY_PAIR_FACTORY.generate().getPublic()).withSigningKeyPair(KEY_PAIR_FACTORY.generate()).withValidityPeriod(new ValidityPeriod(DateTime.now(), DateTime.now().plusYears(1))).build());
    rpkiObjects.add(orphan);
    entityManager.flush();
    // Orphan is still new, so nothing to delete
    assertThat(subject.cleanupRpkiObjects()).isEqualTo(0);
    orphan.markReachable(Instant.now().minus(Duration.ofDays(10)));
    entityManager.flush();
    // Orphan is now old, so should be deleted
    assertThat(subject.cleanupRpkiObjects()).isEqualTo(1);
}
Also used : RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) X500Principal(javax.security.auth.x500.X500Principal) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) X509ResourceCertificateBuilder(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 2 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_child_ca.

@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_child_ca() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        TrustAnchorsFactory.CertificateAuthority child = TrustAnchorsFactory.CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
        x.children(Arrays.asList(child));
    });
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
    List<Pair<CertificateTreeValidationRun, RpkiObject>> validated = rpkiObjects.findCurrentlyValidated(RpkiObject.Type.CER).collect(toList());
    assertThat(validated).hasSize(1);
    assertThat(validated.get(0).getLeft()).isEqualTo(completed.get(0));
    Optional<X509RouterCertificate> cro = rpkiObjects.findCertificateRepositoryObject(validated.get(0).getRight().getId(), X509RouterCertificate.class, ValidationResult.withLocation("ignored.cer"));
    assertThat(cro).isPresent().hasValueSatisfying(x -> assertThat(x.getSubject()).isEqualTo(new X500Principal("CN=child-ca")));
}
Also used : X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) X500Principal(javax.security.auth.x500.X500Principal) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) KeyPair(java.security.KeyPair) Pair(org.apache.commons.lang3.tuple.Pair) Ignore(org.junit.Ignore) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 3 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_roa.

@Test
public void should_validate_roa() {
    TrustAnchor ta = factory.createTrustAnchor(x -> x.roaPrefixes(Collections.singletonList(RoaPrefix.of(IpRange.prefix(IpAddress.parse("192.168.0.0"), 16), 24, Asn.parse("64512")))));
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    List<Pair<CertificateTreeValidationRun, RpkiObject>> validatedRoas = rpkiObjects.findCurrentlyValidated(RpkiObject.Type.ROA).collect(toList());
    assertThat(validatedRoas).hasSize(1);
    assertThat(validatedRoas.get(0).getLeft()).isEqualTo(result);
    assertThat(validatedRoas.get(0).getRight().getRoaPrefixes()).hasSize(1);
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) KeyPair(java.security.KeyPair) Pair(org.apache.commons.lang3.tuple.Pair) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 4 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_unavailable.

@Test
public void should_report_proper_error_when_repository_is_unavailable() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTypicalTa(childKeyPair);
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setFailed();
    entityManager.flush();
    final URI manifestUri = ta.getCertificate().getManifestUri();
    final Optional<RpkiObject> mft = rpkiObjects.all().filter(o -> o.getLocations().contains(manifestUri.toASCIIString())).findFirst();
    mft.ifPresent(m -> rpkiObjects.remove(m));
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_NO_MANIFEST_REPOSITORY_FAILED);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) KeyPair(java.security.KeyPair) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) URI(java.net.URI) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 5 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_available_but_no_manifest.

@Test
public void should_report_proper_error_when_repository_is_available_but_no_manifest() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTypicalTa(childKeyPair);
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    final URI manifestUri = ta.getCertificate().getManifestUri();
    final Optional<RpkiObject> mft = rpkiObjects.all().filter(o -> o.getLocations().contains(manifestUri.toASCIIString())).findFirst();
    mft.ifPresent(m -> rpkiObjects.remove(m));
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_NO_LOCAL_MANIFEST_NO_MANIFEST_IN_REPOSITORY);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) KeyPair(java.security.KeyPair) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) URI(java.net.URI) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)20 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)17 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)16 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)14 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)14 Test (org.junit.Test)14 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)12 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 Autowired (org.springframework.beans.factory.annotation.Autowired)9 List (java.util.List)8 URI (java.net.URI)6 EntityManager (javax.persistence.EntityManager)6 KeyPair (java.security.KeyPair)5 Optional (java.util.Optional)5 X500Principal (javax.security.auth.x500.X500Principal)5 BigInteger (java.math.BigInteger)4 HashMap (java.util.HashMap)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial