use of net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun in project rpki-validator-3 by RIPE-NCC.
the class RrdpServiceTest method should_parse_notification_use_decline_delta_with_different_session_id_and_fallback_to_snapshot.
@Test
public void should_parse_notification_use_decline_delta_with_different_session_id_and_fallback_to_snapshot() {
final byte[] certificate = Objects.aParseableCertificate();
final long serial = 2;
final String sessionId = UUID.randomUUID().toString();
final String wrongSessionId = UUID.randomUUID().toString();
final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
rrdpClient.add(crl.uri, crl.content);
final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, crl);
final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
rrdpClient.add(snapshot.uri, snapshotXml);
final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
final byte[] deltaXml = Objects.deltaXml(serial, wrongSessionId, publishCert);
final Objects.DeltaInfo deltaInfo = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml), serial);
rrdpClient.add(deltaInfo.uri, deltaXml);
final String notificationUri = "https://rrdp.ripe.net/notification.xml";
rrdpClient.add(notificationUri, Objects.notificationXml(serial, sessionId, snapshot, deltaInfo));
final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
entityManager.persist(trustAnchor);
// make current serial lower to trigger delta download
final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
rpkiRepository.setRrdpSerial(BigInteger.valueOf(serial - 1));
rpkiRepository.setRrdpSessionId(sessionId);
entityManager.persist(rpkiRepository);
// do the first run to get the snapshot
final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
subject.storeRepository(rpkiRepository, validationRun);
assertEquals(1, validationRun.getValidationChecks().size());
final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
assertTrue(validationCheck.getParameters().get(0).contains("Session id of the delta"));
assertTrue(validationCheck.getParameters().get(0).contains("is not the same as in the notification file: " + sessionId));
// make sure that it will be the CRL from the snapsh
final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
assertEquals(1, objects.size());
RpkiObject rpkiObject = objects.get(0);
assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
use of net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun in project rpki-validator-3 by RIPE-NCC.
the class RrdpServiceTest method should_parse_notification_use_delta_add_and_replace_an_object.
@Test
public void should_parse_notification_use_delta_add_and_replace_an_object() {
final byte[] certificate = Objects.aParseableCertificate();
final String sessionId = UUID.randomUUID().toString();
final byte[] emptySnapshotXml = Objects.snapshotXml(3, sessionId);
final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(emptySnapshotXml));
rrdpClient.add(emptySnapshot.uri, emptySnapshotXml);
final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
final byte[] deltaXml1 = Objects.deltaXml(2, sessionId, publishCert);
final Objects.DeltaPublish republishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", Sha256.hash(publishCert.content), certificate);
final byte[] deltaXml2 = Objects.deltaXml(3, sessionId, republishCert);
final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml1), 2);
final Objects.DeltaInfo deltaInfo2 = new Objects.DeltaInfo("https://host/path/delta2.xml", Sha256.hash(deltaXml2), 3);
rrdpClient.add(deltaInfo1.uri, deltaXml1);
rrdpClient.add(deltaInfo2.uri, deltaXml2);
final String notificationUri = "https://rrdp.ripe.net/notification.xml";
rrdpClient.add(notificationUri, Objects.notificationXml(3, sessionId, emptySnapshot, deltaInfo1, deltaInfo2));
final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
entityManager.persist(trustAnchor);
// make current serial lower to trigger delta download
final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
// do the first run to get the snapshot
RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
subject.storeRepository(rpkiRepository, validationRun);
assertEquals(0, validationRun.getValidationChecks().size());
final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
assertEquals(1, objects.size());
}
use of net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun in project rpki-validator-3 by RIPE-NCC.
the class RrdpServiceTest method should_parse_notification_use_delta_the_last_delta_serial_is_not_matching_fallback_to_snapshot.
@Test
public void should_parse_notification_use_delta_the_last_delta_serial_is_not_matching_fallback_to_snapshot() {
final byte[] certificate = Objects.aParseableCertificate();
final String sessionId = UUID.randomUUID().toString();
final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
rrdpClient.add(crl.uri, crl.content);
final byte[] snapshotXml = Objects.snapshotXml(4, sessionId, crl);
final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
rrdpClient.add(emptySnapshot.uri, snapshotXml);
final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
final byte[] deltaXml1 = Objects.deltaXml(2, sessionId, publishCert);
final Objects.DeltaPublish republishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", Sha256.hash(publishCert.content), certificate);
final byte[] deltaXml2 = Objects.deltaXml(3, sessionId, republishCert);
final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml1), 2);
final Objects.DeltaInfo deltaInfo2 = new Objects.DeltaInfo("https://host/path/delta2.xml", Sha256.hash(deltaXml2), 3);
rrdpClient.add(deltaInfo1.uri, deltaXml1);
rrdpClient.add(deltaInfo2.uri, deltaXml2);
final String notificationUri = "https://rrdp.ripe.net/notification.xml";
rrdpClient.add(notificationUri, Objects.notificationXml(4, sessionId, emptySnapshot, deltaInfo1, deltaInfo2));
final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
entityManager.persist(trustAnchor);
// make current serial lower to trigger delta download
final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
// do the first run to get the snapshot
final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
subject.storeRepository(rpkiRepository, validationRun);
assertEquals(1, validationRun.getValidationChecks().size());
final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
assertEquals("The last delta serial is 3, notification file serial is 4", validationCheck.getParameters().get(0));
final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
assertEquals(1, objects.size());
final RpkiObject rpkiObject = objects.get(0);
assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
use of net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun in project rpki-validator-3 by RIPE-NCC.
the class RpkiRepositoryValidationService method validateRpkiRepository.
public void validateRpkiRepository(long rpkiRepositoryId) {
entityManager.setFlushMode(FlushModeType.COMMIT);
final RpkiRepository rpkiRepository = rpkiRepositories.get(rpkiRepositoryId);
log.info("Starting RPKI repository validation for " + rpkiRepository);
ValidationResult validationResult = ValidationResult.withLocation(rpkiRepository.getRrdpNotifyUri());
final RpkiRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
validationRunRepository.add(validationRun);
final String uri = rpkiRepository.getRrdpNotifyUri();
if (isRrdpUri(uri)) {
rrdpService.storeRepository(rpkiRepository, validationRun);
if (validationRun.isFailed()) {
rpkiRepository.setFailed();
} else {
rpkiRepository.setDownloaded();
}
} else if (isRsyncUri(uri)) {
validationResult.error("rsync.repository.not.supported");
} else {
log.error("Unsupported type of the URI " + uri);
}
if (validationResult.hasFailures()) {
validationRun.setFailed();
} else {
validationRun.setSucceeded();
}
if (validationRun.isSucceeded() && validationRun.getAddedObjectCount() > 0) {
rpkiRepository.getTrustAnchors().forEach(validationRunRepository::runCertificateTreeValidation);
}
}
use of net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun in project rpki-validator-3 by RIPE-NCC.
the class RrdpServiceTest method should_parse_notification_verify_snapshot_hash.
@Test
public void should_parse_notification_verify_snapshot_hash() {
final Objects.Publish cert = new Objects.Publish("rsync://host/path/cert.cer", Objects.aParseableCertificate());
final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
rrdpClient.add(cert.uri, cert.content);
rrdpClient.add(crl.uri, crl.content);
final int serial = 1;
final String sessionId = UUID.randomUUID().toString();
final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, cert, crl);
final String snapshotUri = "https://host/path/snapshot.xml";
final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo(snapshotUri, Hex.parse("FFFFFF"));
rrdpClient.add(snapshot.uri, snapshotXml);
final byte[] notificationXml = Objects.notificationXml(serial, sessionId, snapshot);
final String notificationUri = "https://rrdp.ripe.net/notification.xml";
rrdpClient.add(notificationUri, notificationXml);
final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
entityManager.persist(trustAnchor);
final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
entityManager.persist(rpkiRepository);
final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
subject.storeRepository(rpkiRepository, validationRun);
final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
assertEquals(0, objects.size());
assertEquals(1, validationRun.getValidationChecks().size());
final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
assertEquals(ErrorCodes.RRDP_FETCH, validationCheck.getKey());
assertEquals(ValidationCheck.Status.ERROR, validationCheck.getStatus());
assertEquals("Hash of the snapshot file " + snapshotUri + " is " + Hex.format(Sha256.hash(snapshotXml)) + ", but notification file says FFFFFF", validationCheck.getParameters().get(0));
assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
}
Aggregations