use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.
the class RrdpServiceTest method should_parse_notification_use_delta_mismatching_delta_hash_fallback_to_snapshot.
@Test
public void should_parse_notification_use_delta_mismatching_delta_hash_fallback_to_snapshot() {
final byte[] certificate = Objects.aParseableCertificate();
final String sessionId = UUID.randomUUID().toString();
final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
rrdpClient.add(crl.uri, crl.content);
final byte[] snapshotXml = Objects.snapshotXml(3, sessionId, crl);
final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
rrdpClient.add(emptySnapshot.uri, snapshotXml);
final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
final byte[] deltaXml1 = Objects.deltaXml(3, sessionId, publishCert);
final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Hex.parse("FFFFFFFF"), 3);
rrdpClient.add(deltaInfo1.uri, deltaXml1);
final String notificationUri = "https://rrdp.ripe.net/notification.xml";
rrdpClient.add(notificationUri, Objects.notificationXml(3, sessionId, emptySnapshot, deltaInfo1));
final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
entityManager.persist(trustAnchor);
// make current serial lower to trigger delta download
final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
// do the first run to get the snapshot
RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
subject.storeRepository(rpkiRepository, validationRun);
assertEquals(1, validationRun.getValidationChecks().size());
final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
assertTrue(validationCheck.getParameters().get(0).startsWith("Hash of the delta file"));
assertTrue(validationCheck.getParameters().get(0).contains("is " + Hex.format(Sha256.hash(deltaXml1)) + ", but notification file says FFFFFFFF"));
final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
assertEquals(1, objects.size());
final RpkiObject rpkiObject = objects.get(0);
assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationServiceTest method should_register_rpki_repositories.
@Test
public void should_register_rpki_repositories() {
TrustAnchor ta = factory.createRipeNccTrustAnchor();
trustAnchors.add(ta);
subject.validate(ta.getId());
entityManager.flush();
List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
assertThat(completed).hasSize(1);
CertificateTreeValidationRun result = completed.get(0);
assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, "https://rrdp.ripe.net/notification.xml");
assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.
the class CertificateTreeValidationServiceTest method should_validate_minimal_trust_anchor.
@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_minimal_trust_anchor() {
TrustAnchor ta = factory.createTrustAnchor(x -> {
});
trustAnchors.add(ta);
RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
repository.setDownloaded();
entityManager.flush();
subject.validate(ta.getId());
entityManager.flush();
List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
assertThat(completed).hasSize(1);
CertificateTreeValidationRun result = completed.get(0);
assertThat(result.getValidationChecks()).isEmpty();
assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
assertThat(result.getValidatedObjects()).extracting((x) -> x.getLocations().first()).containsExactlyInAnyOrder("rsync://rpki.test/test-trust-anchor.mft", "rsync://rpki.test/test-trust-anchor.crl");
assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.
the class TestObjects method newTrustAnchor.
public static TrustAnchor newTrustAnchor() {
TrustAnchor trustAnchor = new TrustAnchor(false);
trustAnchor.setName("trust anchor");
trustAnchor.setLocations(Arrays.asList("rsync://rpki.test/trust-anchor.cer"));
trustAnchor.setSubjectPublicKeyInfo(RIPE_NCC_TRUST_ANCHOR_SUBJECT_PUBLIC_KEY_INFO);
return trustAnchor;
}
use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorController method add.
@PostMapping(consumes = { Api.API_MIME_TYPE, "application/json" })
public ResponseEntity<ApiResponse<TrustAnchorResource>> add(@RequestBody @Valid ApiCommand<AddTrustAnchor> command, Locale locale) {
long id = trustAnchorService.execute(command.getData());
TrustAnchor trustAnchor = trustAnchorRepository.get(id);
Link selfRel = linkTo(methodOn(TrustAnchorController.class).get(id, locale)).withSelfRel();
return ResponseEntity.created(URI.create(selfRel.getHref())).body(trustAnchorResource(trustAnchor, locale));
}
Aggregations