Search in sources :

Example 11 with ValidationRun

use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method test_success.

@Test
public void test_success() {
    TrustAnchor ta = createRipeNccTrustAnchor();
    trustAnchors.add(ta);
    ta.setLocations(Arrays.asList("src/test/resources/ripe-ncc-ta.cer"));
    subject.validate(ta.getId());
    ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
    X509ResourceCertificate certificate = ta.getCertificate();
    assertThat(certificate).isNotNull();
    Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
    assertThat(validationRun).isPresent();
    assertThat(validationRun.get().getStatus()).isEqualTo(ValidationRun.Status.SUCCEEDED);
    assertThat(validationRun.get().getValidationChecks()).isEmpty();
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) X509ResourceCertificate(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 12 with ValidationRun

use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method test_empty_file.

@Test
public void test_empty_file() {
    TrustAnchor ta = createRipeNccTrustAnchor();
    trustAnchors.add(ta);
    ta.setLocations(Arrays.asList("src/test/resources/empty-file.cer"));
    subject.validate(ta.getId());
    ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
    assertThat(ta.getCertificate()).isNull();
    Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
    assertThat(validationRun).isPresent();
    List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
    assertThat(validationChecks).hasSize(1);
    assertThat(validationChecks.get(0).getKey()).isEqualTo(ErrorCodes.REPOSITORY_OBJECT_MINIMUM_SIZE);
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 13 with ValidationRun

use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method test_rsync_failure.

@Test
public void test_rsync_failure() {
    TrustAnchor ta = createRipeNccTrustAnchor();
    ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
    trustAnchors.add(ta);
    subject.validate(ta.getId());
    assertThat(ta.getCertificate()).isNull();
    Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
    assertThat(validationRun).isPresent();
    List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
    assertThat(validationChecks).hasSize(1);
    assertThat(validationChecks.get(0).getKey()).isEqualTo(ErrorCodes.RSYNC_FETCH);
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 14 with ValidationRun

use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorValidationServiceTest method test_bad_subject_public_key.

@Test
public void test_bad_subject_public_key() {
    TrustAnchor ta = createRipeNccTrustAnchor();
    ta.setSubjectPublicKeyInfo(ta.getSubjectPublicKeyInfo().toUpperCase());
    trustAnchors.add(ta);
    ta.setLocations(Arrays.asList("src/test/resources/ripe-ncc-ta.cer"));
    subject.validate(ta.getId());
    ta.setLocations(Arrays.asList(DUMMY_RSYNC_URI));
    assertThat(ta.getCertificate()).isNull();
    Optional<TrustAnchorValidationRun> validationRun = validationRuns.findLatestCompletedForTrustAnchor(ta);
    assertThat(validationRun).isPresent();
    List<ValidationCheck> validationChecks = validationRun.get().getValidationChecks();
    assertThat(validationChecks).hasSize(1);
    assertThat(validationChecks.get(0).getKey()).isEqualTo("trust.anchor.subject.key.matches.locator");
}
Also used : TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) TrustAnchorValidationRun(net.ripe.rpki.validator3.domain.TrustAnchorValidationRun) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Example 15 with ValidationRun

use of net.ripe.rpki.validator3.domain.ValidationRun in project rpki-validator-3 by RIPE-NCC.

the class RrdpServiceTest method should_parse_notification_verify_snapshot_hash.

@Test
public void should_parse_notification_verify_snapshot_hash() {
    final Objects.Publish cert = new Objects.Publish("rsync://host/path/cert.cer", Objects.aParseableCertificate());
    final Objects.Publish crl = new Objects.Publish("rsync://host/path/crl1.crl", Objects.aParseableCrl());
    rrdpClient.add(cert.uri, cert.content);
    rrdpClient.add(crl.uri, crl.content);
    final int serial = 1;
    final String sessionId = UUID.randomUUID().toString();
    final byte[] snapshotXml = Objects.snapshotXml(serial, sessionId, cert, crl);
    final String snapshotUri = "https://host/path/snapshot.xml";
    final Objects.SnapshotInfo snapshot = new Objects.SnapshotInfo(snapshotUri, Hex.parse("FFFFFF"));
    rrdpClient.add(snapshot.uri, snapshotXml);
    final byte[] notificationXml = Objects.notificationXml(serial, sessionId, snapshot);
    final String notificationUri = "https://rrdp.ripe.net/notification.xml";
    rrdpClient.add(notificationUri, notificationXml);
    final TrustAnchor trustAnchor = TestObjects.newTrustAnchor();
    entityManager.persist(trustAnchor);
    final RpkiRepository rpkiRepository = new RpkiRepository(trustAnchor, notificationUri, RpkiRepository.Type.RRDP);
    entityManager.persist(rpkiRepository);
    final RrdpRepositoryValidationRun validationRun = new RrdpRepositoryValidationRun(rpkiRepository);
    subject.storeRepository(rpkiRepository, validationRun);
    final List<RpkiObject> objects = rpkiObjects.all().collect(Collectors.toList());
    assertEquals(0, objects.size());
    assertEquals(1, validationRun.getValidationChecks().size());
    final ValidationCheck validationCheck = validationRun.getValidationChecks().get(0);
    assertEquals(ErrorCodes.RRDP_FETCH, validationCheck.getKey());
    assertEquals(ValidationCheck.Status.ERROR, validationCheck.getStatus());
    assertEquals("Hash of the snapshot file " + snapshotUri + " is " + Hex.format(Sha256.hash(snapshotXml)) + ", but notification file says FFFFFF", validationCheck.getParameters().get(0));
    assertEquals(rpkiRepository.getRrdpNotifyUri(), validationCheck.getLocation());
}
Also used : RpkiRepository(net.ripe.rpki.validator3.domain.RpkiRepository) RrdpRepositoryValidationRun(net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun) TrustAnchor(net.ripe.rpki.validator3.domain.TrustAnchor) RpkiObject(net.ripe.rpki.validator3.domain.RpkiObject) RpkiObjects(net.ripe.rpki.validator3.domain.RpkiObjects) TestObjects(net.ripe.rpki.validator3.TestObjects) ValidationCheck(net.ripe.rpki.validator3.domain.ValidationCheck) Test(org.junit.Test) IntegrationTest(net.ripe.rpki.validator3.IntegrationTest)

Aggregations

TrustAnchor (net.ripe.rpki.validator3.domain.TrustAnchor)16 RpkiObject (net.ripe.rpki.validator3.domain.RpkiObject)15 RpkiRepository (net.ripe.rpki.validator3.domain.RpkiRepository)15 ValidationCheck (net.ripe.rpki.validator3.domain.ValidationCheck)14 IntegrationTest (net.ripe.rpki.validator3.IntegrationTest)13 Test (org.junit.Test)13 RpkiObjects (net.ripe.rpki.validator3.domain.RpkiObjects)12 RrdpRepositoryValidationRun (net.ripe.rpki.validator3.domain.RrdpRepositoryValidationRun)11 TestObjects (net.ripe.rpki.validator3.TestObjects)9 ValidationResult (net.ripe.rpki.commons.validation.ValidationResult)7 Transactional (javax.transaction.Transactional)6 ErrorCodes (net.ripe.rpki.validator3.domain.ErrorCodes)5 TrustAnchorValidationRun (net.ripe.rpki.validator3.domain.TrustAnchorValidationRun)5 Hex (net.ripe.rpki.validator3.util.Hex)5 Sha256 (net.ripe.rpki.validator3.util.Sha256)5 Autowired (org.springframework.beans.factory.annotation.Autowired)5 BigInteger (java.math.BigInteger)4 List (java.util.List)4 Collectors (java.util.stream.Collectors)4 RpkiRepositoryValidationRun (net.ripe.rpki.validator3.domain.RpkiRepositoryValidationRun)4