Examples with ValidationCheck net.ripe.rpki.validator3.domain.ValidationCheck used on opensource projects

Example 1 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class JPAValidationRuns method validationChecksQuery.

private JPAQuery<ValidationCheck> validationChecksQuery(long validationRunId, SearchTerm searchTerm) {
    QValidationRun latest = new QValidationRun("latest");
    JPQLQuery<Long> validationRunIds = JPAExpressions.select(latest.id.max()).where(latest.status.eq(ValidationRun.Status.SUCCEEDED).and(latest.as(QCertificateTreeValidationRun.class).trustAnchor.id.eq(validationRunId))).groupBy(JPAExpressions.type(latest), latest.as(QTrustAnchorValidationRun.class).trustAnchor, latest.as(QCertificateTreeValidationRun.class).trustAnchor).from(latest);
    return queryFactory.selectFrom(validationCheck).where(validationCheck.validationRun.id.in(validationRunIds).and(toPredicate(searchTerm)));
}

Example 2 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_available_but_manifest_is_invalid.

@Test
public void should_report_proper_error_when_repository_is_available_but_manifest_is_invalid() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    final ValidityPeriod mftValidityPeriod = new ValidityPeriod(Instant.now().minus(Duration.standardDays(2)), Instant.now().minus(Duration.standardDays(1)));
    TrustAnchor ta = factory.createTrustAnchor(x -> {
        CertificateAuthority child = CertificateAuthority.builder().dn("CN=child-ca").keyPair(childKeyPair).certificateLocation("rsync://rpki.test/CN=child-ca.cer").resources(IpResourceSet.parse("192.168.128.0/17")).notifyURI(TA_RRDP_NOTIFY_URI).manifestURI("rsync://rpki.test/CN=child-ca/child-ca.mft").repositoryURI("rsync://rpki.test/CN=child-ca/").crlDistributionPoint("rsync://rpki.test/CN=child-ca/child-ca.crl").build();
        x.children(Collections.singletonList(child));
    }, mftValidityPeriod);
    trustAnchors.add(ta);
    entityManager.flush();
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setFailed();
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_OLD_LOCAL_MANIFEST_REPOSITORY_FAILED);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}

Example 3 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_unavailable.

@Test
public void should_report_proper_error_when_repository_is_unavailable() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTypicalTa(childKeyPair);
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setFailed();
    entityManager.flush();
    final URI manifestUri = ta.getCertificate().getManifestUri();
    final Optional<RpkiObject> mft = rpkiObjects.all().filter(o -> o.getLocations().contains(manifestUri.toASCIIString())).findFirst();
    mft.ifPresent(m -> rpkiObjects.remove(m));
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_NO_MANIFEST_REPOSITORY_FAILED);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}

Example 4 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class CertificateTreeValidationServiceTest method should_report_proper_error_when_repository_is_available_but_no_manifest.

@Test
public void should_report_proper_error_when_repository_is_available_but_no_manifest() {
    KeyPair childKeyPair = KEY_PAIR_FACTORY.generate();
    TrustAnchor ta = factory.createTypicalTa(childKeyPair);
    trustAnchors.add(ta);
    RpkiRepository repository = rpkiRepositories.register(ta, TA_RRDP_NOTIFY_URI, RpkiRepository.Type.RRDP);
    repository.setDownloaded();
    entityManager.flush();
    final URI manifestUri = ta.getCertificate().getManifestUri();
    final Optional<RpkiObject> mft = rpkiObjects.all().filter(o -> o.getLocations().contains(manifestUri.toASCIIString())).findFirst();
    mft.ifPresent(m -> rpkiObjects.remove(m));
    entityManager.flush();
    subject.validate(ta.getId());
    entityManager.flush();
    List<CertificateTreeValidationRun> completed = validationRuns.findAll(CertificateTreeValidationRun.class);
    assertThat(completed).hasSize(1);
    final List<ValidationCheck> checks = completed.get(0).getValidationChecks();
    assertThat(checks.get(0).getKey()).isEqualTo(ValidationString.VALIDATOR_NO_LOCAL_MANIFEST_NO_MANIFEST_IN_REPOSITORY);
    assertThat(checks.get(0).getParameters()).isEqualTo(Collections.singletonList(repository.getRrdpNotifyUri()));
}

Example 5 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_decline_delta_with_different_session_id_and_fallback_to_snapshot.

@Test
public void should_parse_notification_use_decline_delta_with_different_session_id_and_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final long serial = 2;
    final String sessionId = UUID.randomUUID().toString();
    final String wrongSessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, crl);
    final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(snapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml = Objects.deltaXml(serial, wrongSessionId, publishCert);
    final Objects.DeltaInfo deltaInfo = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml), serial);
    rrdpClient.add(deltaInfo.uri, deltaXml);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(serial, sessionId, snapshot, deltaInfo));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    rpkiRepository.setRrdpSerial(BigInteger.valueOf(serial - 1));
    rpkiRepository.setRrdpSessionId(sessionId);
    entityManager.persist(rpkiRepository);
    // do the first run to get the snapshot
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertTrue(validationCheck.getParameters().get(0).contains("Session id of the delta"));
    assertTrue(validationCheck.getParameters().get(0).contains("is not the same as in the notification file: " + sessionId));
    // make sure that it will be the CRL from the snapsh
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}