Example 26 with RpkiRepository
use of net.ripe.rpki.validator3.domain.RpkiRepository in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationServiceTest method should_register_rpki_repositories.
@Test
public void should_register_rpki_repositories() {
TrustAnchor ta = factory.createRipeNccTrustAnchor();
trustAnchors.add(ta);
subject.validate(ta.getId());
entityManager.flush();
List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
assertThat(completed).hasSize(1);
CertificateTreeValidationRun result = completed.get(0);
assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, "https://rrdp.ripe.net/notification.xml");
assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used :
CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
Test(org.junit.Test)
IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)
Example 27 with RpkiRepository
use of net.ripe.rpki.validator3.domain.RpkiRepository in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationServiceTest method should_validate_minimal_trust_anchor.
@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_minimal_trust_anchor() {
TrustAnchor ta = factory.createTrustAnchor(x -> {
});
trustAnchors.add(ta);
RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
repository.setDownloaded();
entityManager.flush();
subject.validate(ta.getId());
entityManager.flush();
List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
assertThat(completed).hasSize(1);
CertificateTreeValidationRun result = completed.get(0);
assertThat(result.getValidationChecks()).isEmpty();
assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
assertThat(result.getValidatedObjects()).extracting((x) -> x.getLocations().first()).containsExactlyInAnyOrder("rsync://rpki.test/test-trust-anchor.mft", "rsync://rpki.test/test-trust-anchor.crl");
assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used :
KeyPair(java.security.KeyPair)
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns)
Arrays(java.util.Arrays)
X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate)
X500Principal(javax.security.auth.x500.X500Principal)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Duration(org.joda.time.Duration)
RunWith(org.junit.runner.RunWith)
Autowired(org.springframework.beans.factory.annotation.Autowired)
ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod)
IpAddress(net.ripe.ipresource.IpAddress)
Asn(net.ripe.ipresource.Asn)
RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories)
Pair(org.apache.commons.lang3.tuple.Pair)
RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects)
TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory)
SpringRunner(org.springframework.test.context.junit4.SpringRunner)
URI(java.net.URI)
IpResourceSet(net.ripe.ipresource.IpResourceSet)
CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
Transactional(javax.transaction.Transactional)
IpRange(net.ripe.ipresource.IpRange)
TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors)
RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject)
Test(org.junit.Test)
EntityManager(javax.persistence.EntityManager)
RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
Ignore(org.junit.Ignore)
IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)
Instant(org.joda.time.Instant)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
Optional(java.util.Optional)
Settings(net.ripe.rpki.validator3.domain.Settings)
ValidationString(net.ripe.rpki.commons.validation.ValidationString)
ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck)
Collections(java.util.Collections)
SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED)
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)
TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)
Example 28 with RpkiRepository
use of net.ripe.rpki.validator3.domain.RpkiRepository in project rpki-validator-3 by RIPE-NCC.
the class RrdpService method doStoreRepository.
private void doStoreRepository(RpkiRepository rpkiRepository, RpkiRepositoryValidationRun validationRun) {
final Notification notification = rrdpClient.readStream(rpkiRepository.getRrdpNotifyUri(), rrdpParser::notification);
log.info("The local serial is '{}' and the latest serial is {}", rpkiRepository.getRrdpSerial(), notification.serial);
if (notification.sessionId.equals(rpkiRepository.getRrdpSessionId())) {
if (rpkiRepository.getRrdpSerial().compareTo(notification.serial) <= 0) {
try {
final List<Delta> deltas = notification.deltas.parallelStream().filter(d -> d.getSerial().compareTo(rpkiRepository.getRrdpSerial()) > 0).sorted(Comparator.comparing(DeltaInfo::getSerial)).map(di -> readDelta(notification, di)).collect(Collectors.toList());
verifyDeltaSerials(deltas, notification, rpkiRepository);
deltas.forEach(d -> {
storeDelta(d, validationRun);
rpkiRepository.setRrdpSerial(rpkiRepository.getRrdpSerial().add(BigInteger.ONE));
});
} catch (RrdpException e) {
log.info("Processing deltas failed {}, falling back to snapshot processing.", e.getMessage());
ValidationCheck validationCheck = new ValidationCheck(validationRun, rpkiRepository.getRrdpNotifyUri(), ValidationCheck.Status.WARNING, ErrorCodes.RRDP_FETCH_DELTAS, e.getMessage());
validationRun.addCheck(validationCheck);
readSnapshot(rpkiRepository, validationRun, notification);
}
}
} else {
log.info("Repository has session id '{}' but the downloaded version has session id '{}', fetching the snapshot", rpkiRepository.getRrdpSessionId(), notification.sessionId);
readSnapshot(rpkiRepository, validationRun, notification);
}
}
Also used :
RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)
Arrays(java.util.Arrays)
CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject)
Transactional(javax.transaction.Transactional)
RpkiRepositoryValidationRun(net.ripe.rpki.validator3.domain.RpkiRepositoryValidationRun)
Hex(net.ripe.rpki.validator3.util.Hex)
RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Collectors(java.util.stream.Collectors)
CertificateRepositoryObjectFactory(net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory)
ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
ByteArrayInputStream(java.io.ByteArrayInputStream)
RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects)
Service(org.springframework.stereotype.Service)
ValidationResult(net.ripe.rpki.commons.validation.ValidationResult)
Optional(java.util.Optional)
BigInteger(java.math.BigInteger)
Sha256(net.ripe.rpki.validator3.util.Sha256)
Either(fj.data.Either)
Comparator(java.util.Comparator)
ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck)
ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck)
Aggregations
RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)26
TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)20
IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)17
Test (org.junit.Test)17
RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15
RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)15
ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)12
RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)11
CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)10
Transactional (javax.transaction.Transactional)9
ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)9
TestObjects (net.ripe.rpki.validator3.TestObjects)9
URI (java.net.URI)7
List (java.util.List)7
EntityManager (javax.persistence.EntityManager)7
Autowired (org.springframework.beans.factory.annotation.Autowired)6
KeyPair (java.security.KeyPair)5
Arrays (java.util.Arrays)5
Optional (java.util.Optional)5
ErrorCodes (net.ripe.rpki.validator3.domain.ErrorCodes)5
