Search in sources :

Example 1 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class JPAValidationRuns method validationChecksQuery.

private JPAQuery<ValidationCheck> validationChecksQuery(long validationRunId, SearchTerm searchTerm) {
    QValidationRun latest = new QValidationRun("latest");
    JPQLQuery<Long> validationRunIds = JPAExpressions.select(latest.id.max()).where(latest.status.eq(ValidationRun.Status.SUCCEEDED).and(latest.as(QCertificateTreeValidationRun.class).trustAnchor.id.eq(validationRunId))).groupBy(JPAExpressions.type(latest), latest.as(QTrustAnchorValidationRun.class).trustAnchor, latest.as(QCertificateTreeValidationRun.class).trustAnchor).from(latest);
    return queryFactory.selectFrom(validationCheck).where(validationCheck.validationRun.id.in(validationRunIds).and(toPredicate(searchTerm)));
}
Also used : QTrustAnchorValidationRun(net.ripe.rpki.validator3.domain.querydsl.QTrustAnchorValidationRun) QCertificateTreeValidationRun(net.ripe.rpki.validator3.domain.querydsl.QCertificateTreeValidationRun) QValidationRun(net.ripe.rpki.validator3.domain.querydsl.QValidationRun)

Example 2 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class JPARpkiRepositories method register.

@Override
public RpkiRepository register(@NotNull @Valid TrustAnchor trustAnchor, @NotNull @ValidLocationURI String uri, RpkiRepository.Type type) {
    RpkiRepository result = findByURI(uri).orElseGet(() -> {
        RpkiRepository repository = new RpkiRepository(trustAnchor, uri, type);
        entityManager.persist(repository);
        if (repository.getType() == RpkiRepository.Type.RRDP) {
            quartzValidationScheduler.addRpkiRepository(repository);
        }
        return repository;
    });
    result.addTrustAnchor(trustAnchor);
    if (type == RpkiRepository.Type.RSYNC && result.getType() == RpkiRepository.Type.RSYNC_PREFETCH) {
        result.setType(RpkiRepository.Type.RSYNC);
    }
    if (result.getType() == RpkiRepository.Type.RSYNC) {
        RpkiRepository foundParent = findRsyncParentRepository(uri);
        if (foundParent != null) {
            result.setParentRepository(foundParent);
            if (foundParent.isDownloaded()) {
                result.setDownloaded(foundParent.getLastDownloadedAt());
            }
        }
    }
    return result;
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)

Example 3 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class RpkiObjectCleanupServiceTest method should_delete_objects_not_reachable_from_manifest.

@Test
public void should_delete_objects_not_reachable_from_manifest() {
    TrustAnchor trustAnchor = factory.createTrustAnchor(ta -> {
        ta.roaPrefixes(Arrays.asList(RoaPrefix.of(IpRange.parse("127.0.0.0/8"), null, Asn.parse("123"))));
    });
    // No orphans, so nothing to delete
    assertThat(subject.cleanupRpkiObjects()).isEqualTo(0);
    RpkiObject orphan = new RpkiObject("rsync://localhost/orphan.cer", new X509ResourceCertificateBuilder().withResources(IpResourceSet.parse("10.0.0.0/8")).withIssuerDN(trustAnchor.getCertificate().getSubject()).withSubjectDN(new X500Principal("CN=orphan")).withSerial(factory.nextSerial()).withPublicKey(KEY_PAIR_FACTORY.generate().getPublic()).withSigningKeyPair(KEY_PAIR_FACTORY.generate()).withValidityPeriod(new ValidityPeriod(DateTime.now(), DateTime.now().plusYears(1))).build());
    rpkiObjects.add(orphan);
    entityManager.flush();
    // Orphan is still new, so nothing to delete
    assertThat(subject.cleanupRpkiObjects()).isEqualTo(0);
    orphan.markReachable(Instant.now().minus(Duration.ofDays(10)));
    entityManager.flush();
    // Orphan is now old, so should be deleted
    assertThat(subject.cleanupRpkiObjects()).isEqualTo(1);
}
Also used : RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) X500Principal(javax.security.auth.x500.X500Principal) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) X509ResourceCertificateBuilder(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 4 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_available_but_manifest_is_invalid.

@Test
public void should_report_proper_error_when_repository_is_available_but_manifest_is_invalid() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    final ValidityPeriod mftValidityPeriod = new ValidityPeriod(Instant.now().minus(Duration.standardDays(2)), Instant.now().minus(Duration.standardDays(1)));
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        CertificateAuthority child = CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
        x.children(Collections.singletonList(child));
    }, mftValidityPeriod);
    trustAnchors.add(ta);
    entityManager.flush();
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setFailed();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_OLD_LOCAL_MANIFEST_REPOSITORY_FAILED);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 5 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_register_rsync_repositories.

@Test
public void should_register_rsync_repositories() {
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        x.notifyURI(null);
        x.repositoryURI(TA_CA_REPOSITORY_URI);
    });
    trustAnchors.add(ta);
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, TA_CA_REPOSITORY_URI);
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)36 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)23 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)23 Test (org.junit.Test)23 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)15 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)14 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Autowired (org.springframework.beans.factory.annotation.Autowired)10 List (java.util.List)9 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 URI (java.net.URI)8 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)8 EntityManager (javax.persistence.EntityManager)7 Optional (java.util.Optional)6 RpkiRepositories (net.ripe.rpki.validator3.domain.RpkiRepositories)6 TrustAnchors (net.ripe.rpki.validator3.domain.TrustAnchors)6 ValidationRuns (net.ripe.rpki.validator3.domain.ValidationRuns)6