if (initiatorProposal.isCompatibleWith(responderProposal)) { IkePhase1Proposal negotiatedProposal = new IkePhase1Proposal("~NEGOTIATED_IKE_P1_PROPOSAL~"); negotiatedProposal.setHashingAlgorithm(initiatorProposal.getHashingAlgorithm()); negotiatedProposal.setEncryptionAlgorithm(initiatorProposal.getEncryptionAlgorithm());
static IkePhase1Proposal toIkePhase1Proposal(IsakmpPolicy isakmpPolicy) { IkePhase1Proposal ikePhase1Proposal = new IkePhase1Proposal(isakmpPolicy.getName().toString()); ikePhase1Proposal.setDiffieHellmanGroup(isakmpPolicy.getDiffieHellmanGroup()); ikePhase1Proposal.setAuthenticationMethod(isakmpPolicy.getAuthenticationMethod()); ikePhase1Proposal.setEncryptionAlgorithm(isakmpPolicy.getEncryptionAlgorithm()); ikePhase1Proposal.setLifetimeSeconds(isakmpPolicy.getLifetimeSeconds()); ikePhase1Proposal.setHashingAlgorithm(isakmpPolicy.getHashAlgorithm()); return ikePhase1Proposal; }
@Nonnull private static IkePhase1Proposal toIkePhase1Proposal( String proposalName, IpsecTunnel ipsecTunnel) { IkePhase1Proposal ikePhase1Proposal = new IkePhase1Proposal(proposalName); if (ipsecTunnel.getIkePreSharedKeyHash() != null) { ikePhase1Proposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS); } ikePhase1Proposal.setHashingAlgorithm( toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol())); ikePhase1Proposal.setDiffieHellmanGroup( toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy())); ikePhase1Proposal.setEncryptionAlgorithm( toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol())); return ikePhase1Proposal; }
@Test public void testGenerateRowsIke1KeyFail() { // IPSecSession does not have IKE phase 1 key set _ipsecSessionBuilder.setNegotiatedIkeP1Proposal(new IkePhase1Proposal("test_ike_proposal")); _graph.putEdgeValue( new IpsecPeerConfigId(INITIATOR_IPSEC_PEER_CONFIG, INITIATOR_HOST_NAME), new IpsecPeerConfigId(RESPONDER_IPSEC_PEER_CONFIG, RESPONDER_HOST_NAME), _ipsecSessionBuilder.build()); Multiset<IpsecSessionInfo> ipsecSessionInfos = rawAnswer( _networkConfigurations, _graph, ImmutableSet.of(INITIATOR_HOST_NAME), ImmutableSet.of(RESPONDER_HOST_NAME)); // answer should have exactly one row assertThat(ipsecSessionInfos, hasSize(1)); assertThat( ipsecSessionInfos.iterator().next(), hasIpsecSessionStatus(equalTo(IKE_PHASE1_KEY_MISMATCH))); }
@Test public void testGenerateRowsIpsec2Fail() { // IPSecSession does not have IPSec phase 2 proposal set _ipsecSessionBuilder.setNegotiatedIkeP1Proposal(new IkePhase1Proposal("test_ike_proposal")); _ipsecSessionBuilder.setNegotiatedIkeP1Key(new IkePhase1Key()); _graph.putEdgeValue( new IpsecPeerConfigId(INITIATOR_IPSEC_PEER_CONFIG, INITIATOR_HOST_NAME), new IpsecPeerConfigId(RESPONDER_IPSEC_PEER_CONFIG, RESPONDER_HOST_NAME), _ipsecSessionBuilder.build()); Multiset<IpsecSessionInfo> ipsecSessionInfos = rawAnswer( _networkConfigurations, _graph, ImmutableSet.of(INITIATOR_HOST_NAME), ImmutableSet.of(RESPONDER_HOST_NAME)); // answer should have exactly one row assertThat(ipsecSessionInfos, hasSize(1)); assertThat( ipsecSessionInfos.iterator().next(), hasIpsecSessionStatus(equalTo(IPSEC_PHASE2_FAILED))); }
@Test public void testGenerateRowsIpsecEstablished() { // IPSecSession has all phases negotiated and IKE phase 1 key consistent _ipsecSessionBuilder.setNegotiatedIkeP1Proposal(new IkePhase1Proposal("test_ike_proposal")); _ipsecSessionBuilder.setNegotiatedIkeP1Key(new IkePhase1Key()); _ipsecSessionBuilder.setNegotiatedIpsecP2Proposal(new IpsecPhase2Proposal()); _graph.putEdgeValue( new IpsecPeerConfigId(INITIATOR_IPSEC_PEER_CONFIG, INITIATOR_HOST_NAME), new IpsecPeerConfigId(RESPONDER_IPSEC_PEER_CONFIG, RESPONDER_HOST_NAME), _ipsecSessionBuilder.build()); Multiset<IpsecSessionInfo> ipsecSessionInfos = rawAnswer( _networkConfigurations, _graph, ImmutableSet.of(INITIATOR_HOST_NAME), ImmutableSet.of(RESPONDER_HOST_NAME)); // answer should have exactly one row assertThat(ipsecSessionInfos, hasSize(1)); assertThat( ipsecSessionInfos.iterator().next(), hasIpsecSessionStatus(equalTo(IPSEC_SESSION_ESTABLISHED))); }
private IkePhase1Proposal toIkePhase1Proposal(IkeProposal ikeProposal) { IkePhase1Proposal ikePhase1Proposal = new IkePhase1Proposal(ikeProposal.getName()); ikePhase1Proposal.setDiffieHellmanGroup(ikeProposal.getDiffieHellmanGroup()); ikePhase1Proposal.setAuthenticationMethod(ikeProposal.getAuthenticationMethod()); ikePhase1Proposal.setEncryptionAlgorithm(ikeProposal.getEncryptionAlgorithm()); ikePhase1Proposal.setLifetimeSeconds(ikeProposal.getLifetimeSeconds()); ikePhase1Proposal.setHashingAlgorithm(ikeProposal.getAuthenticationAlgorithm()); return ikePhase1Proposal; }
String newIkeProposalName = ikeGroupName + ":" + ikeProposalEntry.getKey(); IkeProposal ikeProposal = ikeProposalEntry.getValue(); IkePhase1Proposal ikePhase1Proposal = new IkePhase1Proposal(newIkeProposalName); ikePhase1Proposal.setDiffieHellmanGroup(ikeProposal.getDhGroup()); ikePhase1Proposal.setEncryptionAlgorithm(ikeProposal.getEncryptionAlgorithm());
ImmutableSortedMap.of(ikePhase1PolicyName, new IkePhase1Policy(ikePhase1PolicyName))); config.setIkePhase1Proposals( ImmutableSortedMap.of(ikePhase1ProposalName, new IkePhase1Proposal(ikePhase1ProposalName))); config.setIpAccessLists( ImmutableSortedMap.of(ipAccessListName, new IpAccessList(ipAccessListName)));