@Nonnull private static IkePhase1Key toIkePhase1PreSharedKey( IpsecTunnel ipsecTunnel, Ip remoteIdentity, String localInterface) { IkePhase1Key ikePhase1Key = new IkePhase1Key(); ikePhase1Key.setKeyType(IkeKeyType.PRE_SHARED_KEY); ikePhase1Key.setKeyHash(ipsecTunnel.getIkePreSharedKeyHash()); ikePhase1Key.setRemoteIdentity(remoteIdentity.toIpSpace()); ikePhase1Key.setLocalInterface(localInterface); return ikePhase1Key; }
@Override protected String featureValueOf(IkePhase1Key actual) { return actual.getKeyHash(); } }
/** * Converts {@link IkePolicy} to {@link IkePhase1Policy} and puts the used pre-shared key as a * {@link IkePhase1Key} in the passed-in {@code ikePhase1Keys} */ private static IkePhase1Policy toIkePhase1Policy( IkePolicy ikePolicy, ImmutableSortedMap.Builder<String, IkePhase1Key> ikePhase1Keys) { String name = ikePolicy.getName(); IkePhase1Policy ikePhase1Policy = new IkePhase1Policy(name); // pre-shared-key IkePhase1Key ikePhase1Key = new IkePhase1Key(); ikePhase1Key.setKeyType(IkeKeyType.PRE_SHARED_KEY); ikePhase1Key.setKeyHash(ikePolicy.getPreSharedKeyHash()); ikePhase1Keys.put(String.format("~IKE_PHASE1_KEY_%s~", ikePolicy.getName()), ikePhase1Key); ikePhase1Policy.setIkePhase1Key(ikePhase1Key); ImmutableList.Builder<String> ikePhase1ProposalBuilder = ImmutableList.builder(); // ike proposals ikePolicy.getProposals().forEach(ikePhase1ProposalBuilder::add); ikePhase1Policy.setIkePhase1Proposals(ikePhase1ProposalBuilder.build()); return ikePhase1Policy; }
@Test public void testGenerateRowsIpsec2Fail() { // IPSecSession does not have IPSec phase 2 proposal set _ipsecSessionBuilder.setNegotiatedIkeP1Proposal(new IkePhase1Proposal("test_ike_proposal")); _ipsecSessionBuilder.setNegotiatedIkeP1Key(new IkePhase1Key()); _graph.putEdgeValue( new IpsecPeerConfigId(INITIATOR_IPSEC_PEER_CONFIG, INITIATOR_HOST_NAME), new IpsecPeerConfigId(RESPONDER_IPSEC_PEER_CONFIG, RESPONDER_HOST_NAME), _ipsecSessionBuilder.build()); Multiset<IpsecSessionInfo> ipsecSessionInfos = rawAnswer( _networkConfigurations, _graph, ImmutableSet.of(INITIATOR_HOST_NAME), ImmutableSet.of(RESPONDER_HOST_NAME)); // answer should have exactly one row assertThat(ipsecSessionInfos, hasSize(1)); assertThat( ipsecSessionInfos.iterator().next(), hasIpsecSessionStatus(equalTo(IPSEC_PHASE2_FAILED))); }
return; if (initiatorPhase1Key.getKeyType().equals(responderPhase1Key.getKeyType()) && initiatorPhase1Key.getKeyHash().equals(responderPhase1Key.getKeyHash())) { ipsecSessionBuilder.setNegotiatedIkeP1Key(initiatorIkePhase1Policy.getIkePhase1Key());
} else { IkePhase1Key tempIkePhase1Key = ikePhase1Keys.get(isakmpProfile.getKeyring()); if (tempIkePhase1Key.getLocalInterface().equals(INVALID_LOCAL_INTERFACE)) { w.redFlag( String.format( "Invalid local address interface configured for keyring %s", isakmpProfile.getKeyring())); } else if (tempIkePhase1Key.match( isakmpProfile.getLocalInterfaceName(), isakmpProfile.getMatchIdentity())) {
IkePhase1Key ikePhase1Key = new IkePhase1Key(); ikePhase1Key.setKeyType(IkeKeyType.PRE_SHARED_KEY); ikePhase1Key.setKeyHash(ipsecPeer.getAuthenticationPreSharedSecretHash());
@Test public void testGenerateRowsIpsecEstablished() { // IPSecSession has all phases negotiated and IKE phase 1 key consistent _ipsecSessionBuilder.setNegotiatedIkeP1Proposal(new IkePhase1Proposal("test_ike_proposal")); _ipsecSessionBuilder.setNegotiatedIkeP1Key(new IkePhase1Key()); _ipsecSessionBuilder.setNegotiatedIpsecP2Proposal(new IpsecPhase2Proposal()); _graph.putEdgeValue( new IpsecPeerConfigId(INITIATOR_IPSEC_PEER_CONFIG, INITIATOR_HOST_NAME), new IpsecPeerConfigId(RESPONDER_IPSEC_PEER_CONFIG, RESPONDER_HOST_NAME), _ipsecSessionBuilder.build()); Multiset<IpsecSessionInfo> ipsecSessionInfos = rawAnswer( _networkConfigurations, _graph, ImmutableSet.of(INITIATOR_HOST_NAME), ImmutableSet.of(RESPONDER_HOST_NAME)); // answer should have exactly one row assertThat(ipsecSessionInfos, hasSize(1)); assertThat( ipsecSessionInfos.iterator().next(), hasIpsecSessionStatus(equalTo(IPSEC_SESSION_ESTABLISHED))); }
static IkePhase1Key toIkePhase1Key(Keyring keyring) { IkePhase1Key ikePhase1Key = new IkePhase1Key(); ikePhase1Key.setKeyHash(keyring.getKey()); ikePhase1Key.setKeyType(IkeKeyType.PRE_SHARED_KEY); ikePhase1Key.setLocalInterface(keyring.getLocalInterfaceName()); if (keyring.getRemoteIdentity() != null) { ikePhase1Key.setRemoteIdentity(keyring.getRemoteIdentity().toIpSpace()); } return ikePhase1Key; }
ImmutableSortedMap.of( communityListName, new CommunityList(communityListName, ImmutableList.of(), true))); config.setIkePhase1Keys(ImmutableSortedMap.of(ikePhase1KeyName, new IkePhase1Key())); config.setIkePhase1Policies( ImmutableSortedMap.of(ikePhase1PolicyName, new IkePhase1Policy(ikePhase1PolicyName)));