Examples with RpkiObject net.ripe.rpki.validator3.domain.RpkiObject used on opensource projects

Search in sources :

Example 11 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RrdpService method applyDeltaPublish.

private void applyDeltaPublish(RpkiRepositoryValidationRun validationRun, String uri, DeltaPublish deltaPublish) {
    if (deltaPublish.getHash().isPresent()) {
        final byte[] sha256 = deltaPublish.getHash().get();
        final Optional<RpkiObject> existing = rpkiObjectRepository.findBySha256(sha256);
        if (existing.isPresent()) {
            addRpkiObject(validationRun, uri, deltaPublish, sha256);
        } else {
            ValidationCheck validationCheck = new ValidationCheck(validationRun, uri, ValidationCheck.Status.ERROR, ErrorCodes.RRDP_REPLACE_NONEXISTENT_OBJECT, Hex.format(sha256));
            validationRun.addCheck(validationCheck);
        }
    } else {
        addRpkiObject(validationRun, uri, deltaPublish, null);
    }
}
Also used : RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck)

Example 12 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RrdpService method storeSnapshot.

void storeSnapshot(final Snapshot snapshot, final RpkiRepositoryValidationRun validationRun) {
    snapshot.asMap().forEach((objUri, value) -> {
        byte[] content = value.content;
        rpkiObjectRepository.findBySha256(Sha256.hash(content)).map(existing -> {
            existing.addLocation(objUri);
            return existing;
        }).orElseGet(() -> {
            final Either<ValidationResult, RpkiObject> maybeRpkiObject = createRpkiObject(objUri, content);
            if (maybeRpkiObject.isLeft()) {
                validationRun.addChecks(maybeRpkiObject.left().value());
                return null;
            } else {
                RpkiObject object = maybeRpkiObject.right().value();
                rpkiObjectRepository.add(object);
                validationRun.addRpkiObject(object);
                log.debug("added to database {}", object);
                return object;
            }
        });
    });
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) Arrays(java.util.Arrays) CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject) Transactional(javax.transaction.Transactional) RpkiRepositoryValidationRun(net.ripe.rpki.validator3.domain.RpkiRepositoryValidationRun) Hex(net.ripe.rpki.validator3.util.Hex) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Autowired(org.springframework.beans.factory.annotation.Autowired) Collectors(java.util.stream.Collectors) CertificateRepositoryObjectFactory(net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory) ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) ByteArrayInputStream(java.io.ByteArrayInputStream) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) Service(org.springframework.stereotype.Service) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) BigInteger(java.math.BigInteger) Sha256(net.ripe.rpki.validator3.util.Sha256) Either(fj.data.Either) Comparator(java.util.Comparator) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)

Example 13 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class ValidatedRpkiObjects method initialize.

@PostConstruct
private synchronized void initialize() {
    new TransactionTemplate(transactionManager).execute((status) -> {
        Map<@NotNull @Valid TrustAnchor, List<RpkiObject>> grouped = Stream.concat(rpkiObjects.findCurrentlyValidated(RpkiObject.Type.ROA), rpkiObjects.findCurrentlyValidated(RpkiObject.Type.ROUTER_CER)).collect(Collectors.groupingBy(pair -> pair.getLeft().getTrustAnchor(), Collectors.mapping(pair -> pair.getRight(), Collectors.toList())));
        grouped.forEach(this::update);
        return null;
    });
}
Also used : X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) Value(lombok.Value) ArrayList(java.util.ArrayList) Sorting(net.ripe.rpki.validator3.api.Sorting) Valid(javax.validation.Valid) Asn(net.ripe.ipresource.Asn) Paging(net.ripe.rpki.validator3.api.Paging) ImmutableList(com.google.common.collect.ImmutableList) Pair(org.apache.commons.lang3.tuple.Pair) Map(java.util.Map) Transactions(net.ripe.rpki.validator3.util.Transactions) ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet) ImmutableSet(com.google.common.collect.ImmutableSet) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) Collection(java.util.Collection) NotNull(javax.validation.constraints.NotNull) Collectors(java.util.stream.Collectors) Consumer(java.util.function.Consumer) Slf4j(lombok.extern.slf4j.Slf4j) Component(org.springframework.stereotype.Component) Base64(java.util.Base64) List(java.util.List) Stream(java.util.stream.Stream) PlatformTransactionManager(org.springframework.transaction.PlatformTransactionManager) TransactionTemplate(org.springframework.transaction.support.TransactionTemplate) PostConstruct(javax.annotation.PostConstruct) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) SearchTerm(net.ripe.rpki.validator3.api.SearchTerm) Optional(java.util.Optional) X509CertificateUtil(net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil) TransactionTemplate(org.springframework.transaction.support.TransactionTemplate) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) PostConstruct(javax.annotation.PostConstruct)

Example 14 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationService method retrieveManifestEntries.

private Map<URI, RpkiObject> retrieveManifestEntries(ManifestCms manifest, URI manifestUri, ValidationResult validationResult) {
    Map<URI, RpkiObject> result = new LinkedHashMap<>();
    for (Map.Entry<String, byte[]> entry : manifest.getFiles().entrySet()) {
        URI location = manifestUri.resolve(entry.getKey());
        validationResult.setLocation(new ValidationLocation(location));
        Optional<RpkiObject> object = rpkiObjects.findBySha256(entry.getValue());
        validationResult.rejectIfFalse(object.isPresent(), VALIDATOR_MANIFEST_ENTRY_FOUND, manifestUri.toASCIIString());
        object.ifPresent(obj -> {
            boolean hashMatches = Arrays.equals(obj.getSha256(), entry.getValue());
            validationResult.rejectIfFalse(hashMatches, VALIDATOR_MANIFEST_ENTRY_HASH_MATCHES, entry.getKey());
            if (!hashMatches) {
                return;
            }
            result.put(location, obj);
        });
    }
    return result;
}
Also used : RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationLocation(net.ripe.rpki.commons.validation.ValidationLocation) URI(java.net.URI) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap)

Example 15 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationService method validateCertificateAuthority.

private List<RpkiObject> validateCertificateAuthority(TrustAnchor trustAnchor, Map<URI, RpkiRepository> registeredRepositories, CertificateRepositoryObjectValidationContext context, ValidationResult validationResult) {
    final List<RpkiObject> validatedObjects = new ArrayList<>();
    ValidationLocation certificateLocation = validationResult.getCurrentLocation();
    ValidationResult temporary = ValidationResult.withLocation(certificateLocation);
    try {
        RpkiRepository rpkiRepository = registerRepository(trustAnchor, registeredRepositories, context);
        temporary.warnIfTrue(rpkiRepository.isPending(), VALIDATOR_RPKI_REPOSITORY_PENDING, rpkiRepository.getLocationUri());
        if (rpkiRepository.isPending()) {
            return validatedObjects;
        }
        X509ResourceCertificate certificate = context.getCertificate();
        URI manifestUri = certificate.getManifestUri();
        temporary.setLocation(new ValidationLocation(manifestUri));
        Optional<RpkiObject> manifestObject = rpkiObjects.findLatestByTypeAndAuthorityKeyIdentifier(RpkiObject.Type.MFT, context.getSubjectKeyIdentifier());
        if (!manifestObject.isPresent()) {
            if (rpkiRepository.getStatus() == RpkiRepository.Status.FAILED) {
                temporary.error(ValidationString.VALIDATOR_NO_MANIFEST_REPOSITORY_FAILED, rpkiRepository.getLocationUri());
            } else {
                temporary.error(ValidationString.VALIDATOR_NO_LOCAL_MANIFEST_NO_MANIFEST_IN_REPOSITORY, rpkiRepository.getLocationUri());
            }
        }
        Optional<ManifestCms> maybeManifest = manifestObject.flatMap(x -> rpkiObjects.findCertificateRepositoryObject(x.getId(), ManifestCms.class, temporary));
        temporary.rejectIfTrue(manifestObject.isPresent() && rpkiRepository.getStatus() == RpkiRepository.Status.FAILED && maybeManifest.isPresent() && maybeManifest.get().isPastValidityTime(), ValidationString.VALIDATOR_OLD_LOCAL_MANIFEST_REPOSITORY_FAILED, rpkiRepository.getLocationUri());
        if (temporary.hasFailureForCurrentLocation()) {
            return validatedObjects;
        }
        ManifestCms manifest = maybeManifest.get();
        List<Map.Entry<String, byte[]>> crlEntries = manifest.getFiles().entrySet().stream().filter((entry) -> RepositoryObjectType.parse(entry.getKey()) == RepositoryObjectType.Crl).collect(toList());
        temporary.rejectIfFalse(crlEntries.size() == 1, VALIDATOR_MANIFEST_CONTAINS_ONE_CRL_ENTRY, String.valueOf(crlEntries.size()));
        if (temporary.hasFailureForCurrentLocation()) {
            return validatedObjects;
        }
        Map.Entry<String, byte[]> crlEntry = crlEntries.get(0);
        URI crlUri = manifestUri.resolve(crlEntry.getKey());
        Optional<RpkiObject> crlObject = rpkiObjects.findBySha256(crlEntry.getValue());
        temporary.rejectIfFalse(crlObject.isPresent(), VALIDATOR_CRL_FOUND, crlUri.toASCIIString());
        if (temporary.hasFailureForCurrentLocation()) {
            return validatedObjects;
        }
        temporary.setLocation(new ValidationLocation(crlUri));
        Optional<X509Crl> crl = crlObject.flatMap(x -> rpkiObjects.findCertificateRepositoryObject(x.getId(), X509Crl.class, temporary));
        if (temporary.hasFailureForCurrentLocation()) {
            return validatedObjects;
        }
        crl.get().validate(crlUri.toASCIIString(), context, null, VALIDATION_OPTIONS, temporary);
        if (temporary.hasFailureForCurrentLocation()) {
            return validatedObjects;
        }
        temporary.setLocation(new ValidationLocation(manifestUri));
        manifest.validate(manifestUri.toASCIIString(), context, crl.get(), manifest.getCrlUri(), VALIDATION_OPTIONS, temporary);
        if (temporary.hasFailureForCurrentLocation()) {
            return validatedObjects;
        }
        validatedObjects.add(manifestObject.get());
        Map<URI, RpkiObject> manifestEntries = retrieveManifestEntries(manifest, manifestUri, temporary);
        manifestEntries.forEach((location, obj) -> {
            temporary.setLocation(new ValidationLocation(location));
            Optional<CertificateRepositoryObject> maybeCertificateRepositoryObject = rpkiObjects.findCertificateRepositoryObject(obj.getId(), CertificateRepositoryObject.class, temporary);
            if (temporary.hasFailureForCurrentLocation()) {
                return;
            }
            maybeCertificateRepositoryObject.ifPresent(certificateRepositoryObject -> {
                certificateRepositoryObject.validate(location.toASCIIString(), context, crl.get(), crlUri, VALIDATION_OPTIONS, temporary);
                if (!temporary.hasFailureForCurrentLocation()) {
                    validatedObjects.add(obj);
                }
                if (certificateRepositoryObject instanceof X509ResourceCertificate && ((X509ResourceCertificate) certificateRepositoryObject).isCa() && !temporary.hasFailureForCurrentLocation()) {
                    CertificateRepositoryObjectValidationContext childContext = context.createChildContext(location, (X509ResourceCertificate) certificateRepositoryObject);
                    validatedObjects.addAll(validateCertificateAuthority(trustAnchor, registeredRepositories, childContext, temporary));
                }
            });
        });
    } catch (Exception e) {
        log.debug("e", e);
        validationResult.error(ErrorCodes.UNHANDLED_EXCEPTION, e.toString(), ExceptionUtils.getStackTrace(e));
    } finally {
        validationResult.addAll(temporary);
    }
    return validatedObjects;
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject) Autowired(org.springframework.beans.factory.annotation.Autowired) FlushModeType(javax.persistence.FlushModeType) HashMap(java.util.HashMap) ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes) ArrayList(java.util.ArrayList) ValidationOptions(net.ripe.rpki.commons.validation.ValidationOptions) LinkedHashMap(java.util.LinkedHashMap) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) Service(org.springframework.stereotype.Service) Map(java.util.Map) URI(java.net.URI) Objects(com.google.common.base.Objects) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationStatus(net.ripe.rpki.commons.validation.ValidationStatus) ValidatedRpkiObjects(net.ripe.rpki.validator3.domain.ValidatedRpkiObjects) Transactional(javax.transaction.Transactional) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) EntityManager(javax.persistence.EntityManager) X509Crl(net.ripe.rpki.commons.crypto.crl.X509Crl) RepositoryObjectType(net.ripe.rpki.commons.util.RepositoryObjectType) ValidationLocation(net.ripe.rpki.commons.validation.ValidationLocation) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ManifestCms(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils) X509Crl(net.ripe.rpki.commons.crypto.crl.X509Crl) CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ArrayList(java.util.ArrayList) ValidationLocation(net.ripe.rpki.commons.validation.ValidationLocation) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) URI(java.net.URI) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) ManifestCms(net.ripe.rpki.commons.crypto.cms.manifest.ManifestCms) CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Aggregations

RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)20 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)17 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)16 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)14 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)14 Test (org.junit.Test)14 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)12 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 Autowired (org.springframework.beans.factory.annotation.Autowired)9 List (java.util.List)8 URI (java.net.URI)6 EntityManager (javax.persistence.EntityManager)6 KeyPair (java.security.KeyPair)5 Optional (java.util.Optional)5 X500Principal (javax.security.auth.x500.X500Principal)5 BigInteger (java.math.BigInteger)4 HashMap (java.util.HashMap)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial