Examples with TrustAnchor net.ripe.rpki.validator3.domain.TrustAnchor used on opensource projects

Search in sources :

Example 16 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method makeRpkiRepository.

private RpkiRepository makeRpkiRepository(String sessionId, String notificationUri, TrustAnchor trustAnchor) {
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    rpkiRepository.setRrdpSerial(BigInteger.valueOf(1L));
    rpkiRepository.setRrdpSessionId(sessionId);
    entityManager.persist(rpkiRepository);
    return rpkiRepository;
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository)

Example 17 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_delta_the_last_delta_serial_is_not_matching_fallback_to_snapshot.

@Test
public void should_parse_notification_use_delta_the_last_delta_serial_is_not_matching_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final String sessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(4, sessionId, crl);
    final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(emptySnapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml1 = Objects.deltaXml(2, sessionId, publishCert);
    final Objects.DeltaPublish republishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", Sha256.hash(publishCert.content), certificate);
    final byte[] deltaXml2 = Objects.deltaXml(3, sessionId, republishCert);
    final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml1), 2);
    final Objects.DeltaInfo deltaInfo2 = new Objects.DeltaInfo("https://host/path/delta2.xml", Sha256.hash(deltaXml2), 3);
    rrdpClient.add(deltaInfo1.uri, deltaXml1);
    rrdpClient.add(deltaInfo2.uri, deltaXml2);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(4, sessionId, emptySnapshot, deltaInfo1, deltaInfo2));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
    // do the first run to get the snapshot
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertEquals("The last delta serial is 3, notification file serial is 4", validationCheck.getParameters().get(0));
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    final RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 18 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationService method validate.

@Transactional(Transactional.TxType.REQUIRED)
public void validate(long trustAnchorId) {
    Map<URI, RpkiRepository> registeredRepositories = new HashMap<>();
    entityManager.setFlushMode(FlushModeType.COMMIT);
    TrustAnchor trustAnchor = trustAnchors.get(trustAnchorId);
    log.info("starting tree validation for {}", trustAnchor);
    CertificateTreeValidationRun validationRun = new CertificateTreeValidationRun(trustAnchor);
    validationRuns.add(validationRun);
    String trustAnchorLocation = trustAnchor.getLocations().get(0);
    ValidationResult validationResult = ValidationResult.withLocation(trustAnchorLocation);
    try {
        X509ResourceCertificate certificate = trustAnchor.getCertificate();
        validationResult.rejectIfNull(certificate, VALIDATOR_TRUST_ANCHOR_CERTIFICATE_AVAILABLE);
        if (certificate == null) {
            return;
        }
        CertificateRepositoryObjectValidationContext context = new CertificateRepositoryObjectValidationContext(URI.create(trustAnchorLocation), certificate);
        certificate.validate(trustAnchorLocation, context, null, null, VALIDATION_OPTIONS, validationResult);
        if (validationResult.hasFailureForCurrentLocation()) {
            return;
        }
        URI locationUri = Objects.firstNonNull(certificate.getRrdpNotifyUri(), certificate.getRepositoryUri());
        validationResult.warnIfNull(locationUri, VALIDATOR_TRUST_ANCHOR_CERTIFICATE_RRDP_NOTIFY_URI_OR_REPOSITORY_URI_PRESENT);
        if (locationUri == null) {
            return;
        }
        validationRun.getValidatedObjects().addAll(validateCertificateAuthority(trustAnchor, registeredRepositories, context, validationResult));
        entityManager.setFlushMode(FlushModeType.AUTO);
        if (isValidationRunCompleted(validationResult)) {
            trustAnchor.markInitialCertificateTreeValidationRunCompleted();
            if (!settings.isInitialValidationRunCompleted() && trustAnchors.allInitialCertificateTreeValidationRunsCompleted()) {
                settings.markInitialValidationRunCompleted();
                log.info("All trust anchors have completed their initial certificate tree validation run, validator is now ready");
            }
        }
        validatedRpkiObjects.update(trustAnchor, validationRun.getValidatedObjects());
    } finally {
        validationRun.completeWith(validationResult);
        log.info("tree validation {} for {}", validationRun.getStatus(), trustAnchor);
    }
}
Also used : CertificateRepositoryObjectValidationContext(net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidationString(net.ripe.rpki.commons.validation.ValidationString) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) URI(java.net.URI) Transactional(javax.transaction.Transactional)

Example 19 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class PreconfiguredTrustAnchors method managePreconfiguredTrustAnchors.

@PostConstruct
public void managePreconfiguredTrustAnchors() {
    new TransactionTemplate(transactionManager).execute((status) -> {
        log.info("Automatically adding preconfigured trust anchors");
        if (settings.isPreconfiguredTalsLoaded()) {
            log.info("Preconfigured trust anchors are already loaded, skipping");
            return null;
        }
        settings.markPreconfiguredTalsLoaded();
        File[] tals = preconfiguredTrustAnchorDirectory.listFiles(new PatternFilenameFilter(Pattern.compile("^.*\\.tal$")));
        if (ArrayUtils.isEmpty(tals)) {
            log.warn("No preconfigured trust anchors found at {}, skipping", preconfiguredTrustAnchorDirectory);
            return null;
        }
        for (File tal : tals) {
            TrustAnchorLocator locator = TrustAnchorLocator.fromFile(tal);
            if (trustAnchors.findBySubjectPublicKeyInfo(locator.getPublicKeyInfo()).isPresent()) {
                log.info("Preconfigured trust anchor '{}' already installed, skipping", locator.getCaName());
                continue;
            }
            TrustAnchor trustAnchor = new TrustAnchor(true);
            trustAnchor.setName(locator.getCaName());
            trustAnchor.setLocations(locator.getCertificateLocations().stream().map(URI::toASCIIString).collect(Collectors.toList()));
            trustAnchor.setSubjectPublicKeyInfo(locator.getPublicKeyInfo());
            trustAnchor.setRsyncPrefetchUri(locator.getPrefetchUris().stream().filter(uri -> "rsync".equalsIgnoreCase(uri.getScheme())).map(URI::toASCIIString).findFirst().orElse(null));
            trustAnchorService.add(trustAnchor);
        }
        return null;
    });
}
Also used : PatternFilenameFilter(com.google.common.io.PatternFilenameFilter) TransactionTemplate(org.springframework.transaction.support.TransactionTemplate) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) File(java.io.File) TrustAnchorLocator(net.ripe.rpki.validator3.util.TrustAnchorLocator) URI(java.net.URI) PostConstruct(javax.annotation.PostConstruct)

Example 20 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class ObjectController method list.

@GetMapping(path = "/validated")
public ResponseEntity<ApiResponse<ValidatedObjects>> list(Locale locale) {
    final Map<Long, TrustAnchorResource> trustAnchorsById = trustAnchors.findAll().stream().collect(Collectors.toMap(TrustAnchor::getId, ta -> TrustAnchorResource.of(ta, locale)));
    final Map<Long, Links> trustAnchorLinks = trustAnchorsById.entrySet().stream().collect(Collectors.toMap(entry -> entry.getKey(), entry -> new Links(entry.getValue().getLinks().getLink("self").withRel(TrustAnchor.TYPE))));
    final Stream<RoaPrefix> validatedPrefixes = validatedRpkiObjects.findCurrentlyValidatedRoaPrefixes(null, null, null).getObjects().filter(new IgnoreFiltersPredicate(ignoreFilters.all()).negate()).map(prefix -> {
        Links links = trustAnchorLinks.get(prefix.getTrustAnchor().getId());
        return new RoaPrefix(String.valueOf(prefix.getAsn()), prefix.getPrefix().toString(), prefix.getEffectiveLength(), links);
    });
    final Stream<RoaPrefix> assertions = roaPrefixAssertions.all().map(assertion -> new RoaPrefix(new Asn(assertion.getAsn()).toString(), IpRange.parse(assertion.getPrefix()).toString(), assertion.getMaximumLength() != null ? assertion.getMaximumLength() : IpRange.parse(assertion.getPrefix()).getPrefixLength(), null));
    final Stream<RoaPrefix> combinedPrefixes = Stream.concat(validatedPrefixes, assertions).distinct();
    final Stream<ValidatedRpkiObjects.RouterCertificate> certificates = validatedRpkiObjects.findCurrentlyValidatedRouterCertificates().getObjects();
    final Stream<RouterCertificate> filteredRouterCertificates = bgpSecFilterService.filterCertificates(certificates).map(o -> new RouterCertificate(o.getAsn(), o.getSubjectKeyIdentifier(), o.getSubjectPublicKeyInfo()));
    final Stream<RouterCertificate> bgpSecAssertions = this.bgpSecAssertions.all().map(b -> {
        final List<String> asns = Collections.singletonList(String.valueOf(b.getAsn()));
        return new RouterCertificate(asns, b.getSki(), b.getPublicKey());
    });
    final Stream<RouterCertificate> combinedAssertions = Stream.concat(filteredRouterCertificates, bgpSecAssertions).distinct();
    return ResponseEntity.ok(ApiResponse.<ValidatedObjects>builder().data(new ValidatedObjects(settings.isInitialValidationRunCompleted(), trustAnchorsById.values(), combinedPrefixes, combinedAssertions)).build());
}
Also used : Links(org.springframework.hateoas.Links) Autowired(org.springframework.beans.factory.annotation.Autowired) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) BgpSecFilterService(net.ripe.rpki.validator3.api.bgpsec.BgpSecFilterService) Value(lombok.Value) Asn(net.ripe.ipresource.Asn) TrustAnchorResource(net.ripe.rpki.validator3.api.trustanchors.TrustAnchorResource) Api(net.ripe.rpki.validator3.api.Api) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) Locale(java.util.Locale) Map(java.util.Map) RoaPrefixAssertions(net.ripe.rpki.validator3.domain.RoaPrefixAssertions) GetMapping(org.springframework.web.bind.annotation.GetMapping) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) ValidatedRpkiObjects(net.ripe.rpki.validator3.domain.ValidatedRpkiObjects) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) Collection(java.util.Collection) IgnoreFilters(net.ripe.rpki.validator3.domain.IgnoreFilters) RestController(org.springframework.web.bind.annotation.RestController) Collectors(java.util.stream.Collectors) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) Stream(java.util.stream.Stream) BgpSecAssertions(net.ripe.rpki.validator3.domain.BgpSecAssertions) IgnoreFiltersPredicate(net.ripe.rpki.validator3.domain.IgnoreFiltersPredicate) Settings(net.ripe.rpki.validator3.domain.Settings) ResponseEntity(org.springframework.http.ResponseEntity) ApiResponse(net.ripe.rpki.validator3.api.ApiResponse) Collections(java.util.Collections) ApiModelProperty(io.swagger.annotations.ApiModelProperty) IgnoreFiltersPredicate(net.ripe.rpki.validator3.domain.IgnoreFiltersPredicate) Links(org.springframework.hateoas.Links) Asn(net.ripe.ipresource.Asn) TrustAnchorResource(net.ripe.rpki.validator3.api.trustanchors.TrustAnchorResource) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Aggregations

TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)36 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)23 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)23 Test (org.junit.Test)23 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)15 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)14 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Autowired (org.springframework.beans.factory.annotation.Autowired)10 List (java.util.List)9 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 URI (java.net.URI)8 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)8 EntityManager (javax.persistence.EntityManager)7 Optional (java.util.Optional)6 RpkiRepositories (net.ripe.rpki.validator3.domain.RpkiRepositories)6 TrustAnchors (net.ripe.rpki.validator3.domain.TrustAnchors)6 ValidationRuns (net.ripe.rpki.validator3.domain.ValidationRuns)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial