Search in sources :

Example 26 with RpkiRepository

use of net.ripe.rpki.validator3.domain.RpkiRepository in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_register_rpki_repositories.

@Test
public void should_register_rpki_repositories() {
    TrustAnchor ta = factory.createRipeNccTrustAnchor();
    trustAnchors.add(ta);
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, "https://rrdp.ripe.net/notification.xml");
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 27 with RpkiRepository

use of net.ripe.rpki.validator3.domain.RpkiRepository in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_minimal_trust_anchor.

@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_minimal_trust_anchor() {
    TrustAnchor ta = factory.createTrustAnchor(x -> {
    });
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getValidationChecks()).isEmpty();
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(result.getValidatedObjects()).extracting((x) -> x.getLocations().first()).containsExactlyInAnyOrder("rsync://rpki.test/test-trust-anchor.mft", "rsync://rpki.test/test-trust-anchor.crl");
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Ignore(org.junit.Ignore) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 28 with RpkiRepository

use of net.ripe.rpki.validator3.domain.RpkiRepository in project rpki-validator-3 by RIPE-NCC.

the class RrdpService method doStoreRepository.

private void doStoreRepository(RpkiRepository rpkiRepository, RpkiRepositoryValidationRun validationRun) {
    final Notification notification = rrdpClient.readStream(rpkiRepository.getRrdpNotifyUri(), rrdpParser::notification);
    log.info("The local serial is '{}' and the latest serial is {}", rpkiRepository.getRrdpSerial(), notification.serial);
    if (notification.sessionId.equals(rpkiRepository.getRrdpSessionId())) {
        if (rpkiRepository.getRrdpSerial().compareTo(notification.serial) <= 0) {
            try {
                final List<Delta> deltas = notification.deltas.parallelStream().filter(d -> d.getSerial().compareTo(rpkiRepository.getRrdpSerial()) > 0).sorted(Comparator.comparing(DeltaInfo::getSerial)).map(di -> readDelta(notification, di)).collect(Collectors.toList());
                verifyDeltaSerials(deltas, notification, rpkiRepository);
                deltas.forEach(d -> {
                    storeDelta(d, validationRun);
                    rpkiRepository.setRrdpSerial(rpkiRepository.getRrdpSerial().add(BigInteger.ONE));
                });
            } catch (RrdpException e) {
                log.info("Processing deltas failed {}, falling back to snapshot processing.", e.getMessage());
                ValidationCheck validationCheck = new ValidationCheck(validationRun, rpkiRepository.getRrdpNotifyUri(), ValidationCheck.Status.WARNING, ErrorCodes.RRDP_FETCH_DELTAS, e.getMessage());
                validationRun.addCheck(validationCheck);
                readSnapshot(rpkiRepository, validationRun, notification);
            }
        }
    } else {
        log.info("Repository has session id '{}' but the downloaded version has session id '{}', fetching the snapshot", rpkiRepository.getRrdpSessionId(), notification.sessionId);
        readSnapshot(rpkiRepository, validationRun, notification);
    }
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) Arrays(java.util.Arrays) CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject) Transactional(javax.transaction.Transactional) RpkiRepositoryValidationRun(net.ripe.rpki.validator3.domain.RpkiRepositoryValidationRun) Hex(net.ripe.rpki.validator3.util.Hex) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Autowired(org.springframework.beans.factory.annotation.Autowired) Collectors(java.util.stream.Collectors) CertificateRepositoryObjectFactory(net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory) ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) ByteArrayInputStream(java.io.ByteArrayInputStream) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) Service(org.springframework.stereotype.Service) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) BigInteger(java.math.BigInteger) Sha256(net.ripe.rpki.validator3.util.Sha256) Either(fj.data.Either) Comparator(java.util.Comparator) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck)

Aggregations

RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)26 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)20 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)17 Test (org.junit.Test)17 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)15 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)12 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)11 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)10 Transactional (javax.transaction.Transactional)9 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 URI (java.net.URI)7 List (java.util.List)7 EntityManager (javax.persistence.EntityManager)7 Autowired (org.springframework.beans.factory.annotation.Autowired)6 KeyPair (java.security.KeyPair)5 Arrays (java.util.Arrays)5 Optional (java.util.Optional)5 ErrorCodes (net.ripe.rpki.validator3.domain.ErrorCodes)5