Examples with RpkiObject net.ripe.rpki.validator3.domain.RpkiObject used on opensource projects

Search in sources :

Example 16 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RpkiRepositoryValidationService method validateRsyncRepositories.

@Scheduled(initialDelay = 10_000, fixedDelay = 10_000)
public void validateRsyncRepositories() {
    entityManager.setFlushMode(FlushModeType.COMMIT);
    Instant cutoffTime = Instant.now().minus(rsyncRepositoryDownloadInterval);
    log.info("updating all rsync repositories that have not been downloaded since {}", cutoffTime);
    Set<TrustAnchor> affectedTrustAnchors = new HashSet<>();
    final RsyncRepositoryValidationRun validationRun = new RsyncRepositoryValidationRun();
    validationRunRepository.add(validationRun);
    Stream<RpkiRepository> repositories = rpkiRepositories.findRsyncRepositories();
    Map<String, RpkiObject> objectsBySha256 = new HashMap<>();
    Map<URI, RpkiRepository> fetchedLocations = new HashMap<>();
    ValidationResult results = repositories.filter((repository) -> {
        boolean needsUpdate = repository.isPending() || repository.getLastDownloadedAt() == null || repository.getLastDownloadedAt().isBefore(cutoffTime);
        if (!needsUpdate) {
            fetchedLocations.put(URI.create(repository.getRsyncRepositoryUri()), repository);
        }
        return needsUpdate;
    }).map((repository) -> processRsyncRepository(affectedTrustAnchors, validationRun, fetchedLocations, objectsBySha256, repository)).collect(() -> ValidationResult.withLocation("placeholder"), ValidationResult::addAll, ValidationResult::addAll);
    validationRun.completeWith(results);
    affectedTrustAnchors.forEach(validationRunRepository::runCertificateTreeValidation);
}
Also used : RsyncRepositoryValidationRun(net.ripe.rpki.validator3.domain.RsyncRepositoryValidationRun) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject) RpkiRepositoryValidationRun(net.ripe.rpki.validator3.domain.RpkiRepositoryValidationRun) RsyncRepositoryValidationRun(net.ripe.rpki.validator3.domain.RsyncRepositoryValidationRun) Autowired(org.springframework.beans.factory.annotation.Autowired) ArrayUtils(org.apache.commons.lang3.ArrayUtils) FlushModeType(javax.persistence.FlushModeType) HashMap(java.util.HashMap) Scheduled(org.springframework.scheduling.annotation.Scheduled) CertificateRepositoryObjectFactory(net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory) ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes) Value(org.springframework.beans.factory.annotation.Value) HashSet(java.util.HashSet) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) Service(org.springframework.stereotype.Service) Locale(java.util.Locale) Duration(java.time.Duration) Map(java.util.Map) Sha256(net.ripe.rpki.validator3.util.Sha256) URI(java.net.URI) Path(java.nio.file.Path) SimpleFileVisitor(java.nio.file.SimpleFileVisitor) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Rsync(net.ripe.rpki.commons.rsync.Rsync) Transactional(javax.transaction.Transactional) Files(java.nio.file.Files) RrdpService(net.ripe.rpki.validator3.rrdp.RrdpService) Hex(net.ripe.rpki.validator3.util.Hex) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Set(java.util.Set) IOException(java.io.IOException) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) EntityManager(javax.persistence.EntityManager) BasicFileAttributes(java.nio.file.attribute.BasicFileAttributes) Instant(java.time.Instant) File(java.io.File) ValidationLocation(net.ripe.rpki.commons.validation.ValidationLocation) FileVisitResult(java.nio.file.FileVisitResult) Slf4j(lombok.extern.slf4j.Slf4j) Stream(java.util.stream.Stream) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) RsyncUtils(net.ripe.rpki.validator3.util.RsyncUtils) ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) HashMap(java.util.HashMap) Instant(java.time.Instant) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) URI(java.net.URI) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) HashSet(java.util.HashSet) Scheduled(org.springframework.scheduling.annotation.Scheduled)

Example 17 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RpkiRepositoryValidationService method processRsyncRepository.

protected ValidationResult processRsyncRepository(Set<TrustAnchor> affectedTrustAnchors, RsyncRepositoryValidationRun validationRun, Map<URI, RpkiRepository> fetchedLocations, Map<String, RpkiObject> objectsBySha256, RpkiRepository repository) {
    ValidationResult validationResult = ValidationResult.withLocation(URI.create(repository.getRsyncRepositoryUri()));
    validationRun.addRpkiRepository(repository);
    try {
        File targetDirectory = RsyncUtils.localFileFromRsyncUri(rsyncLocalStorageDirectory, URI.create(repository.getRsyncRepositoryUri()));
        RpkiRepository parentRepository = findDownloadedParentRepository(fetchedLocations, repository);
        if (parentRepository == null) {
            fetchRsyncRepository(repository, targetDirectory, validationResult);
            if (validationResult.hasFailureForCurrentLocation()) {
                return validationResult;
            }
        }
        if (repository.getType() == RpkiRepository.Type.RSYNC && (parentRepository == null || parentRepository.getType() == RpkiRepository.Type.RSYNC_PREFETCH)) {
            storeObjects(targetDirectory, validationRun, validationResult, objectsBySha256, repository);
        }
    } catch (IOException e) {
        repository.setFailed();
        validationResult.error(ErrorCodes.RSYNC_REPOSITORY_IO, e.toString(), ExceptionUtils.getStackTrace(e));
    }
    affectedTrustAnchors.addAll(repository.getTrustAnchors());
    repository.setDownloaded();
    fetchedLocations.put(URI.create(repository.getRsyncRepositoryUri()), repository);
    return validationResult;
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) IOException(java.io.IOException) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) File(java.io.File)

Example 18 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_verify_snapshot_hash.

@Test
public void should_parse_notification_verify_snapshot_hash() {
    final Objects.Publish cert = new Objects.Publish("rsync://host/path/cert.cer", Objects.aParseableCertificate());
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(cert.uri, cert.content);
    rrdpClient.add(crl.uri, crl.content);
    final int serial = 1;
    final String sessionId = UUID.randomUUID().toString();
    final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, cert, crl);
    final String snapshotUri = "https://host/path/snapshot.xml";
    final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo(snapshotUri, Hex.parse("FFFFFF"));
    rrdpClient.add(snapshot.uri, snapshotXml);
    final byte[] notificationXml = Objects.notificationXml(serial, sessionId, snapshot);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, notificationXml);
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    entityManager.persist(rpkiRepository);
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(0, objects.size());
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.ERROR, validationCheck.getStatus());
    assertEquals("Hash of the snapshot file " + snapshotUri + " is " + Hex.format(Sha256.hash(snapshotXml)) + ", but notification file says FFFFFF", validationCheck.getParameters().get(0));
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 19 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_delta_non_contiguous_delta_fallback_to_snapshot.

@Test
public void should_parse_notification_use_delta_non_contiguous_delta_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final String sessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(3, sessionId, crl);
    final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(emptySnapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml1 = Objects.deltaXml(2, sessionId, publishCert);
    final Objects.DeltaPublish republishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", Sha256.hash(publishCert.content), certificate);
    final byte[] deltaXml2 = Objects.deltaXml(4, sessionId, republishCert);
    final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml1), 2);
    final Objects.DeltaInfo deltaInfo2 = new Objects.DeltaInfo("https://host/path/delta2.xml", Sha256.hash(deltaXml2), 4);
    rrdpClient.add(deltaInfo1.uri, deltaXml1);
    rrdpClient.add(deltaInfo2.uri, deltaXml2);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(4, sessionId, emptySnapshot, deltaInfo1, deltaInfo2));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
    // do the first run to get the snapshot
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertEquals("Serials of the deltas are not contiguous: found 2 and 4 after it", validationCheck.getParameters().get(0));
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    final RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 20 with RpkiObject

use of net.ripe.rpki.validator3.domain.RpkiObject in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_and_snapshot.

@Test
public void should_parse_notification_and_snapshot() {
    final Objects.Publish cert = new Objects.Publish("rsync://host/path/cert.cer", Objects.aParseableCertificate());
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(cert.uri, cert.content);
    rrdpClient.add(crl.uri, crl.content);
    final int serial = 1;
    final String sessionId = UUID.randomUUID().toString();
    final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, cert, crl);
    final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(snapshot.uri, snapshotXml);
    final byte[] notificationXml = Objects.notificationXml(serial, sessionId, snapshot);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, notificationXml);
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    entityManager.persist(rpkiRepository);
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(2, objects.size());
    assertTrue(objects.stream().anyMatch(o -> cert.uri.equals(o.getLocations().first())));
    assertTrue(objects.stream().anyMatch(o -> crl.uri.equals(o.getLocations().first())));
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) BigInteger(java.math.BigInteger) Sha256(net.ripe.rpki.validator3.util.Sha256) SpringRunner(org.springframework.test.context.junit4.SpringRunner) Before(org.junit.Before) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) Hex(net.ripe.rpki.validator3.util.Hex) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) EntityManager(javax.persistence.EntityManager) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) List(java.util.List) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Assert.assertEquals(org.junit.Assert.assertEquals) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)20 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)17 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)16 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)14 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)14 Test (org.junit.Test)14 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)12 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 Autowired (org.springframework.beans.factory.annotation.Autowired)9 List (java.util.List)8 URI (java.net.URI)6 EntityManager (javax.persistence.EntityManager)6 KeyPair (java.security.KeyPair)5 Optional (java.util.Optional)5 X500Principal (javax.security.auth.x500.X500Principal)5 BigInteger (java.math.BigInteger)4 HashMap (java.util.HashMap)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial