Search in sources :

Example 36 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_delta_mismatching_delta_hash_fallback_to_snapshot.

@Test
public void should_parse_notification_use_delta_mismatching_delta_hash_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final String sessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(3, sessionId, crl);
    final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(emptySnapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml1 = Objects.deltaXml(3, sessionId, publishCert);
    final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Hex.parse("FFFFFFFF"), 3);
    rrdpClient.add(deltaInfo1.uri, deltaXml1);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(3, sessionId, emptySnapshot, deltaInfo1));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
    // do the first run to get the snapshot
    RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertTrue(validationCheck.getParameters().get(0).startsWith("Hash of the delta file"));
    assertTrue(validationCheck.getParameters().get(0).contains("is " + Hex.format(Sha256.hash(deltaXml1)) + ", but notification file says FFFFFFFF"));
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    final RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 37 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_register_rpki_repositories.

@Test
public void should_register_rpki_repositories() {
    TrustAnchor ta = factory.createRipeNccTrustAnchor();
    trustAnchors.add(ta);
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(rpkiRepositories.findAll(null, null)).first().extracting(RpkiRepository::getStatus, RpkiRepository::getLocationUri).containsExactly(RpkiRepository.Status.PENDING, "https://rrdp.ripe.net/notification.xml");
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isFalse();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 38 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_validate_minimal_trust_anchor.

@Test
@Ignore("Fix it --- if fails if TrustAnchorControllerTest is not run before it")
public void should_validate_minimal_trust_anchor() {
    TrustAnchor ta = factory.createTrustAnchor(x -> {
    });
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    CertificateTreeValidationRun result = completed.get(0);
    assertThat(result.getValidationChecks()).isEmpty();
    assertThat(result.getStatus()).isEqualTo(SUCCEEDED);
    assertThat(result.getValidatedObjects()).extracting((x) -> x.getLocations().first()).containsExactlyInAnyOrder("rsync://rpki.test/test-trust-anchor.mft", "rsync://rpki.test/test-trust-anchor.crl");
    assertThat(ta.isInitialCertificateTreeValidationRunCompleted()).as("trust anchor initial validation run completed").isTrue();
    assertThat(settings.isInitialValidationRunCompleted()).as("validator initial validation run completed").isFalse();
}
Also used : KeyPair(java.security.KeyPair) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) ValidationRuns(net.ripe.rpki.validator3.domain.ValidationRuns) Arrays(java.util.Arrays) X509RouterCertificate(net.ripe.rpki.commons.crypto.x509cert.X509RouterCertificate) X500Principal(javax.security.auth.x500.X500Principal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Duration(org.joda.time.Duration) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) IpAddress(net.ripe.ipresource.IpAddress) Asn(net.ripe.ipresource.Asn) RpkiRepositories(net.ripe.rpki.validator3.domain.RpkiRepositories) Pair(org.apache.commons.lang3.tuple.Pair) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TrustAnchorsFactory(net.ripe.rpki.validator3.domain.TrustAnchorsFactory) SpringRunner(org.springframework.test.context.junit4.SpringRunner) URI(java.net.URI) IpResourceSet(net.ripe.ipresource.IpResourceSet) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Transactional(javax.transaction.Transactional) IpRange(net.ripe.ipresource.IpRange) TrustAnchors(net.ripe.rpki.validator3.domain.TrustAnchors) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Test(org.junit.Test) EntityManager(javax.persistence.EntityManager) RoaPrefix(net.ripe.rpki.validator3.domain.RoaPrefix) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Ignore(org.junit.Ignore) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest) Instant(org.joda.time.Instant) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) Settings(net.ripe.rpki.validator3.domain.Settings) ValidationString(net.ripe.rpki.commons.validation.ValidationString) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Collections(java.util.Collections) SUCCEEDED(net.ripe.rpki.validator3.domain.ValidationRun.Status.SUCCEEDED) RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) CertificateTreeValidationRun(net.ripe.rpki.validator3.domain.CertificateTreeValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Ignore(org.junit.Ignore) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 39 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class TestObjects method newTrustAnchor.

public static TrustAnchor newTrustAnchor() {
    TrustAnchor trustAnchor = new TrustAnchor(false);
    trustAnchor.setName("trust anchor");
    trustAnchor.setLocations(Arrays.asList("rsync://rpki.test/trust-anchor.cer"));
    trustAnchor.setSubjectPublicKeyInfo(RIPE_NCC_TRUST_ANCHOR_SUBJECT_PUBLIC_KEY_INFO);
    return trustAnchor;
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor)

Example 40 with TrustAnchor

use of net.ripe.rpki.validator3.domain.TrustAnchor in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorController method add.

@PostMapping(consumes = { Api.API_MIME_TYPE, "application/json" })
public ResponseEntity<ApiResponse<TrustAnchorResource>> add(@RequestBody @Valid ApiCommand<AddTrustAnchor> command, Locale locale) {
    long id = trustAnchorService.execute(command.getData());
    TrustAnchor trustAnchor = trustAnchorRepository.get(id);
    Link selfRel = linkTo(methodOn(TrustAnchorController.class).get(id, locale)).withSelfRel();
    return ResponseEntity.created(URI.create(selfRel.getHref())).body(trustAnchorResource(trustAnchor, locale));
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) Link(org.springframework.hateoas.Link) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Aggregations

TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)36 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)23 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)23 Test (org.junit.Test)23 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)15 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)14 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)10 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)10 Autowired (org.springframework.beans.factory.annotation.Autowired)10 List (java.util.List)9 Transactional (javax.transaction.Transactional)9 TestObjects (net.ripe.rpki.validator3.TestObjects)9 URI (java.net.URI)8 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)8 EntityManager (javax.persistence.EntityManager)7 Optional (java.util.Optional)6 RpkiRepositories (net.ripe.rpki.validator3.domain.RpkiRepositories)6 TrustAnchors (net.ripe.rpki.validator3.domain.TrustAnchors)6 ValidationRuns (net.ripe.rpki.validator3.domain.ValidationRuns)6