use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationServiceTest method test_success.
@Test
public void test_success() {
TrustAnchor ta = createRipeNccTrustAnchor();
trustAnchors.add(ta);
ta.setLocations(Arrays.asList("src/test/resources/ripe-ncc-ta.cer"));
subject.validate(ta.getId());
ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
X509ResourceCertificate certificate = ta.getCertificate();
assertThat(certificate).isNotNull();
Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
assertThat(validationRun).isPresent();
assertThat(validationRun.get().getStatus()).isEqualTo(ValidationRun.Status.SUCCEEDED);
assertThat(validationRun.get().getValidationChecks()).isEmpty();
}
use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationServiceTest method test_empty_file.
@Test
public void test_empty_file() {
TrustAnchor ta = createRipeNccTrustAnchor();
trustAnchors.add(ta);
ta.setLocations(Arrays.asList("src/test/resources/empty-file.cer"));
subject.validate(ta.getId());
ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
assertThat(ta.getCertificate()).isNull();
Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
assertThat(validationRun).isPresent();
List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
assertThat(validationChecks).hasSize(1);
assertThat(validationChecks.get(0).getKey()).isEqualTo(ErrorCodes.REPOSITORY_OBJECT_MINIMUM_SIZE);
}
use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationServiceTest method test_rsync_failure.
@Test
public void test_rsync_failure() {
TrustAnchor ta = createRipeNccTrustAnchor();
ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
trustAnchors.add(ta);
subject.validate(ta.getId());
assertThat(ta.getCertificate()).isNull();
Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
assertThat(validationRun).isPresent();
List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
assertThat(validationChecks).hasSize(1);
assertThat(validationChecks.get(0).getKey()).isEqualTo(ErrorCodes.RSYNC_FETCH);
}
use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorValidationServiceTest method test_bad_subject_public_key.
@Test
public void test_bad_subject_public_key() {
TrustAnchor ta = createRipeNccTrustAnchor();
ta.setSubjectPublicKeyInfo(ta.getSubjectPublicKeyInfo().toUpperCase());
trustAnchors.add(ta);
ta.setLocations(Arrays.asList("src/test/resources/ripe-ncc-ta.cer"));
subject.validate(ta.getId());
ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
assertThat(ta.getCertificate()).isNull();
Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
assertThat(validationRun).isPresent();
List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
assertThat(validationChecks).hasSize(1);
assertThat(validationChecks.get(0).getKey()).isEqualTo("trust.anchor.subject.key.matches.locator");
}
use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.
the class RrdpServiceTest method should_parse_notification_verify_snapshot_hash.
@Test
public void should_parse_notification_verify_snapshot_hash() {
final Objects.Publish cert = new Objects.Publish("rsync://host/path/cert.cer", Objects.aParseableCertificate());
final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
rrdpClient.add(cert.uri, cert.content);
rrdpClient.add(crl.uri, crl.content);
final int serial = 1;
final String sessionId = UUID.randomUUID().toString();
final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, cert, crl);
final String snapshotUri = "https://host/path/snapshot.xml";
final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo(snapshotUri, Hex.parse("FFFFFF"));
rrdpClient.add(snapshot.uri, snapshotXml);
final byte[] notificationXml = Objects.notificationXml(serial, sessionId, snapshot);
final String notificationUri = "https://rrdp.ripe.net/notification.xml";
rrdpClient.add(notificationUri, notificationXml);
final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
entityManager.persist(trustAnchor);
final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
entityManager.persist(rpkiRepository);
final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
subject.storeRepository(rpkiRepository, validationRun);
final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
assertEquals(0, objects.size());
assertEquals(1, validationRun.getValidationChecks().size());
final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
assertEquals(ErrorCodes.RRDP_FETCH, validationCheck.getKey());
assertEquals(ValidationCheck.Status.ERROR, validationCheck.getStatus());
assertEquals("Hash of the snapshot file " + snapshotUri + " is " + Hex.format(Sha256.hash(snapshotXml)) + ", but notification file says FFFFFF", validationCheck.getParameters().get(0));
assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
}
Aggregations