Search in sources :

Example 11 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorController method add.

@PostMapping(path = "/upload", consumes = "multipart/form-data")
public ResponseEntity<ApiResponse<TrustAnchorResource>> add(@RequestParam("file") MultipartFile trustAnchorLocator, Locale locale) {
    try {
        TrustAnchorLocator locator = TrustAnchorLocator.fromMultipartFile(trustAnchorLocator);
        AddTrustAnchor command = AddTrustAnchor.builder().type(TrustAnchor.TYPE).name(locator.getCaName()).locations(locator.getCertificateLocations().stream().map(URI::toASCIIString).collect(Collectors.toList())).subjectPublicKeyInfo(locator.getPublicKeyInfo()).rsyncPrefetchUri(locator.getPrefetchUris().stream().filter(uri -> "rsync".equalsIgnoreCase(uri.getScheme())).map(URI::toASCIIString).findFirst().orElse(null)).build();
        long id = trustAnchorService.execute(command);
        TrustAnchor trustAnchor = trustAnchorRepository.get(id);
        Link selfRel = linkTo(methodOn(TrustAnchorController.class).get(id, locale)).withSelfRel();
        return ResponseEntity.created(URI.create(selfRel.getHref())).body(trustAnchorResource(trustAnchor, locale));
    } catch (TrustAnchorExtractorException ex) {
        return ResponseEntity.badRequest().body(ApiResponse.error(ApiError.of(HttpStatus.BAD_REQUEST, "Invalid trust anchor locator: " + ex.getMessage())));
    }
}
Also used : PathVariable(org.springframework.web.bind.annotation.PathVariable) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) StringUtils(org.apache.commons.lang.StringUtils) RequestParam(org.springframework.web.bind.annotation.RequestParam) Autowired(org.springframework.beans.factory.annotation.Autowired) Valid(javax.validation.Valid) Paging(net.ripe.rpki.validator3.api.Paging) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Api(net.ripe.rpki.validator3.api.Api) Locale(java.util.Locale) ValidationRunController(net.ripe.rpki.validator3.api.validationruns.ValidationRunController) TrustAnchorExtractorException(net.ripe.rpki.validator3.util.TrustAnchorExtractorException) URI(java.net.URI) DeleteMapping(org.springframework.web.bind.annotation.DeleteMapping) TrustAnchorLocator(net.ripe.rpki.validator3.util.TrustAnchorLocator) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) PostMapping(org.springframework.web.bind.annotation.PostMapping) RestController(org.springframework.web.bind.annotation.RestController) Collectors(java.util.stream.Collectors) Slf4j(lombok.extern.slf4j.Slf4j) ValidationRun(net.ripe.rpki.validator3.domain.ValidationRun) List(java.util.List) Stream(java.util.stream.Stream) Optional(java.util.Optional) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Links(org.springframework.hateoas.Links) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ControllerLinkBuilder.methodOn(org.springframework.hateoas.mvc.ControllerLinkBuilder.methodOn) Metadata(net.ripe.rpki.validator3.api.Metadata) ArrayList(java.util.ArrayList) Sorting(net.ripe.rpki.validator3.api.Sorting) RequestBody(org.springframework.web.bind.annotation.RequestBody) ControllerLinkBuilder.linkTo(org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo) GetMapping(org.springframework.web.bind.annotation.GetMapping) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) MessageSource(org.springframework.context.MessageSource) ValidationCheckResource(net.ripe.rpki.validator3.api.validationruns.ValidationCheckResource) Link(org.springframework.hateoas.Link) ApiError(net.ripe.rpki.validator3.api.ApiError) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) HttpStatus(org.springframework.http.HttpStatus) ApiCommand(net.ripe.rpki.validator3.api.ApiCommand) ValidationRunResource(net.ripe.rpki.validator3.api.validationruns.ValidationRunResource) SearchTerm(net.ripe.rpki.validator3.api.SearchTerm) MultipartFile(org.springframework.web.multipart.MultipartFile) ResponseEntity(org.springframework.http.ResponseEntity) ApiResponse(net.ripe.rpki.validator3.api.ApiResponse) TrustAnchorExtractorException(net.ripe.rpki.validator3.util.TrustAnchorExtractorException) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorLocator(net.ripe.rpki.validator3.util.TrustAnchorLocator) URI(java.net.URI) Link(org.springframework.hateoas.Link) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 12 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorService method execute.

public long execute(@Valid AddTrustAnchor command) {
    TrustAnchor trustAnchor = new TrustAnchor(false);
    trustAnchor.setName(command.getName());
    trustAnchor.setLocations(command.getLocations());
    trustAnchor.setSubjectPublicKeyInfo(command.getSubjectPublicKeyInfo());
    trustAnchor.setRsyncPrefetchUri(command.getRsyncPrefetchUri());
    return add(trustAnchor);
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)

Example 13 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method createRipeNccTrustAnchor.

public static TrustAnchor createRipeNccTrustAnchor() {
    TrustAnchor ta = new TrustAnchor(false);
    ta.setName("RIPE NCC");
    ta.setLocations(Arrays.asList("rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer"));
    ta.setSubjectPublicKeyInfo("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1jQ6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83HwA26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0GZ0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eMkE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2VwIDAQAB");
    return ta;
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)

Example 14 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_decline_delta_with_different_session_id_and_fallback_to_snapshot.

@Test
public void should_parse_notification_use_decline_delta_with_different_session_id_and_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final long serial = 2;
    final String sessionId = UUID.randomUUID().toString();
    final String wrongSessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, crl);
    final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(snapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml = Objects.deltaXml(serial, wrongSessionId, publishCert);
    final Objects.DeltaInfo deltaInfo = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml), serial);
    rrdpClient.add(deltaInfo.uri, deltaXml);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(serial, sessionId, snapshot, deltaInfo));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    rpkiRepository.setRrdpSerial(BigInteger.valueOf(serial - 1));
    rpkiRepository.setRrdpSessionId(sessionId);
    entityManager.persist(rpkiRepository);
    // do the first run to get the snapshot
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertTrue(validationCheck.getParameters().get(0).contains("Session id of the delta"));
    assertTrue(validationCheck.getParameters().get(0).contains("is not the same as in the notification file: " + sessionId));
    // make sure that it will be the CRL from the snapsh
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 15 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_delta_add_and_replace_an_object.

@Test
public void should_parse_notification_use_delta_add_and_replace_an_object() {
    final byte[] certificate = Objects.aParseableCertificate();
    final String sessionId = UUID.randomUUID().toString();
    final byte[] emptySnapshotXml = Objects.snapshotXml(3, sessionId);
    final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(emptySnapshotXml));
    rrdpClient.add(emptySnapshot.uri, emptySnapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml1 = Objects.deltaXml(2, sessionId, publishCert);
    final Objects.DeltaPublish republishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", Sha256.hash(publishCert.content), certificate);
    final byte[] deltaXml2 = Objects.deltaXml(3, sessionId, republishCert);
    final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml1), 2);
    final Objects.DeltaInfo deltaInfo2 = new Objects.DeltaInfo("https://host/path/delta2.xml", Sha256.hash(deltaXml2), 3);
    rrdpClient.add(deltaInfo1.uri, deltaXml1);
    rrdpClient.add(deltaInfo2.uri, deltaXml2);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(3, sessionId, emptySnapshot, deltaInfo1, deltaInfo2));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
    // do the first run to get the snapshot
    RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(0, validationRun.getValidationChecks().size());
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)36 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)23 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)23 Test (org.junit.Test)23 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)15 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)14 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Autowired (org.springframework.beans.factory.annotation.Autowired)10 List (java.util.List)9 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 URI (java.net.URI)8 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)8 EntityManager (javax.persistence.EntityManager)7 Optional (java.util.Optional)6 RpkiRepositories (net.ripe.rpki.validator3.domain.RpkiRepositories)6 TrustAnchors (net.ripe.rpki.validator3.domain.TrustAnchors)6 ValidationRuns (net.ripe.rpki.validator3.domain.ValidationRuns)6