Examples with ValidationCheck net.ripe.rpki.validator3.domain.ValidationCheck used on opensource projects

Search in sources :

Example 11 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method test_bad_subject_public_key.

@Test
public void test_bad_subject_public_key() {
    TrustAnchor ta = createRipeNccTrustAnchor();
    ta.setSubjectPublicKeyInfo(ta.getSubjectPublicKeyInfo().toUpperCase());
    trustAnchors.add(ta);
    ta.setLocations(Arrays.asList("src/test/resources/ripe-ncc-ta.cer"));
    subject.validate(ta.getId());
    ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
    assertThat(ta.getCertificate()).isNull();
    Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
    assertThat(validationRun).isPresent();
    List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
    assertThat(validationChecks).hasSize(1);
    assertThat(validationChecks.get(0).getKey()).isEqualTo("trust.anchor.subject.key.matches.locator");
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 12 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_verify_snapshot_hash.

@Test
public void should_parse_notification_verify_snapshot_hash() {
    final Objects.Publish cert = new Objects.Publish("rsync://host/path/cert.cer", Objects.aParseableCertificate());
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(cert.uri, cert.content);
    rrdpClient.add(crl.uri, crl.content);
    final int serial = 1;
    final String sessionId = UUID.randomUUID().toString();
    final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, cert, crl);
    final String snapshotUri = "https://host/path/snapshot.xml";
    final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo(snapshotUri, Hex.parse("FFFFFF"));
    rrdpClient.add(snapshot.uri, snapshotXml);
    final byte[] notificationXml = Objects.notificationXml(serial, sessionId, snapshot);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, notificationXml);
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    entityManager.persist(rpkiRepository);
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(0, objects.size());
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.ERROR, validationCheck.getStatus());
    assertEquals("Hash of the snapshot file " + snapshotUri + " is " + Hex.format(Sha256.hash(snapshotXml)) + ", but notification file says FFFFFF", validationCheck.getParameters().get(0));
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 13 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_delta_non_contiguous_delta_fallback_to_snapshot.

@Test
public void should_parse_notification_use_delta_non_contiguous_delta_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final String sessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(3, sessionId, crl);
    final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(emptySnapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml1 = Objects.deltaXml(2, sessionId, publishCert);
    final Objects.DeltaPublish republishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", Sha256.hash(publishCert.content), certificate);
    final byte[] deltaXml2 = Objects.deltaXml(4, sessionId, republishCert);
    final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Sha256.hash(deltaXml1), 2);
    final Objects.DeltaInfo deltaInfo2 = new Objects.DeltaInfo("https://host/path/delta2.xml", Sha256.hash(deltaXml2), 4);
    rrdpClient.add(deltaInfo1.uri, deltaXml1);
    rrdpClient.add(deltaInfo2.uri, deltaXml2);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(4, sessionId, emptySnapshot, deltaInfo1, deltaInfo2));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
    // do the first run to get the snapshot
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertEquals("Serials of the deltas are not contiguous: found 2 and 4 after it", validationCheck.getParameters().get(0));
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    final RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 14 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_use_delta_mismatching_delta_hash_fallback_to_snapshot.

@Test
public void should_parse_notification_use_delta_mismatching_delta_hash_fallback_to_snapshot() {
    final byte[] certificate = Objects.aParseableCertificate();
    final String sessionId = UUID.randomUUID().toString();
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(crl.uri, crl.content);
    final byte[] snapshotXml = Objects.snapshotXml(3, sessionId, crl);
    final Objects.SnapshotInfo emptySnapshot = new Objects.SnapshotInfo("https://host/path/snapshot.xml", Sha256.hash(snapshotXml));
    rrdpClient.add(emptySnapshot.uri, snapshotXml);
    final Objects.DeltaPublish publishCert = new Objects.DeltaPublish("rsync://host/path/cert.cer", certificate);
    final byte[] deltaXml1 = Objects.deltaXml(3, sessionId, publishCert);
    final Objects.DeltaInfo deltaInfo1 = new Objects.DeltaInfo("https://host/path/delta1.xml", Hex.parse("FFFFFFFF"), 3);
    rrdpClient.add(deltaInfo1.uri, deltaXml1);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, Objects.notificationXml(3, sessionId, emptySnapshot, deltaInfo1));
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    // make current serial lower to trigger delta download
    final RpkiRepository rpkiRepository = makeRpkiRepository(sessionId, notificationUri, trustAnchor);
    // do the first run to get the snapshot
    RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH_DELTAS, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.WARNING, validationCheck.getStatus());
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
    assertTrue(validationCheck.getParameters().get(0).startsWith("Hash of the delta file"));
    assertTrue(validationCheck.getParameters().get(0).contains("is " + Hex.format(Sha256.hash(deltaXml1)) + ", but notification file says FFFFFFFF"));
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(1, objects.size());
    final RpkiObject rpkiObject = objects.get(0);
    assertEquals(RpkiObject.Type.CRL, rpkiObject.getType());
    assertEquals(Sets.newHashSet("rsync://host/path/crl1.crl"), rpkiObject.getLocations());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 15 with ValidationCheck

use of net.ripe.rpki.validator3.domain.ValidationCheck in project rpki-validator-3 by RIPE-NCC.

the class RrdpService method doStoreRepository.

private void doStoreRepository(RpkiRepository rpkiRepository, RpkiRepositoryValidationRun validationRun) {
    final Notification notification = rrdpClient.readStream(rpkiRepository.getRrdpNotifyUri(), rrdpParser::notification);
    log.info("The local serial is '{}' and the latest serial is {}", rpkiRepository.getRrdpSerial(), notification.serial);
    if (notification.sessionId.equals(rpkiRepository.getRrdpSessionId())) {
        if (rpkiRepository.getRrdpSerial().compareTo(notification.serial) <= 0) {
            try {
                final List<Delta> deltas = notification.deltas.parallelStream().filter(d -> d.getSerial().compareTo(rpkiRepository.getRrdpSerial()) > 0).sorted(Comparator.comparing(DeltaInfo::getSerial)).map(di -> readDelta(notification, di)).collect(Collectors.toList());
                verifyDeltaSerials(deltas, notification, rpkiRepository);
                deltas.forEach(d -> {
                    storeDelta(d, validationRun);
                    rpkiRepository.setRrdpSerial(rpkiRepository.getRrdpSerial().add(BigInteger.ONE));
                });
            } catch (RrdpException e) {
                log.info("Processing deltas failed {}, falling back to snapshot processing.", e.getMessage());
                ValidationCheck validationCheck = new ValidationCheck(validationRun, rpkiRepository.getRrdpNotifyUri(), ValidationCheck.Status.WARNING, ErrorCodes.RRDP_FETCH_DELTAS, e.getMessage());
                validationRun.addCheck(validationCheck);
                readSnapshot(rpkiRepository, validationRun, notification);
            }
        }
    } else {
        log.info("Repository has session id '{}' but the downloaded version has session id '{}', fetching the snapshot", rpkiRepository.getRrdpSessionId(), notification.sessionId);
        readSnapshot(rpkiRepository, validationRun, notification);
    }
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) Arrays(java.util.Arrays) CertificateRepositoryObject(net.ripe.rpki.commons.crypto.CertificateRepositoryObject) Transactional(javax.transaction.Transactional) RpkiRepositoryValidationRun(net.ripe.rpki.validator3.domain.RpkiRepositoryValidationRun) Hex(net.ripe.rpki.validator3.util.Hex) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) Autowired(org.springframework.beans.factory.annotation.Autowired) Collectors(java.util.stream.Collectors) CertificateRepositoryObjectFactory(net.ripe.rpki.commons.crypto.util.CertificateRepositoryObjectFactory) ErrorCodes(net.ripe.rpki.validator3.domain.ErrorCodes) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) ByteArrayInputStream(java.io.ByteArrayInputStream) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) Service(org.springframework.stereotype.Service) ValidationResult(net.ripe.rpki.commons.validation.ValidationResult) Optional(java.util.Optional) BigInteger(java.math.BigInteger) Sha256(net.ripe.rpki.validator3.util.Sha256) Either(fj.data.Either) Comparator(java.util.Comparator) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck)

Aggregations

ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)14 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)11 TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)11 Test (org.junit.Test)11 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)10 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)9 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)8 TestObjects (net.ripe.rpki.validator3.TestObjects)5 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)5 KeyPair (java.security.KeyPair)3 Arrays (java.util.Arrays)3 List (java.util.List)3 Optional (java.util.Optional)3 Transactional (javax.transaction.Transactional)3 ValidityPeriod (net.ripe.rpki.commons.crypto.ValidityPeriod)3 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)3 CertificateTreeValidationRun (net.ripe.rpki.validator3.domain.CertificateTreeValidationRun)3 TrustAnchorValidationRun (net.ripe.rpki.validator3.domain.TrustAnchorValidationRun)3 URI (java.net.URI)2 Collections (java.util.Collections)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial