use of net.ripe.ipresource.Asn in project rpki-validator-3 by RIPE-NCC.
the class BgpRisDownloader method parseLine.
private BgpRisEntry parseLine(final String line, final Function<Object, Object> uniq) {
final Matcher matcher = regexp.matcher(line);
if (matcher.matches()) {
final Asn asn = (Asn) uniq.apply(Asn.parse(matcher.group(1)));
IpRange parsed = IpRange.parse(matcher.group(2));
final UniqueIpResource start = (UniqueIpResource) uniq.apply(parsed.getStart());
final UniqueIpResource end = (UniqueIpResource) uniq.apply(parsed.getEnd());
final IpRange prefix = (IpRange) start.upTo(end);
final int visibility = Integer.parseInt(matcher.group(3));
return BgpRisEntry.of(asn, prefix, visibility);
}
return null;
}
use of net.ripe.ipresource.Asn in project rpki-validator-3 by RIPE-NCC.
the class BgpRisParsingTest method parse2.
@Test
public void parse2() throws UnsupportedEncodingException {
final String content = "blabla 65.88.145.0/24 344\n" + "4200003018 47.88.45.0/24 3";
List<BgpRisEntry> parsed = parse(content);
assertEquals(1, parsed.size());
assertEquals(new Asn(4200003018L), parsed.get(0).origin);
assertEquals(IpRange.parse("47.88.45.0/24"), parsed.get(0).prefix);
assertEquals(3, parsed.get(0).visibility);
}
use of net.ripe.ipresource.Asn in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorsFactory method createCertificateAuthority.
public X509ResourceCertificate createCertificateAuthority(CertificateAuthority ca, CertificateAuthority issuer, ValidityPeriod mftValidityPeriod) {
ManifestCmsBuilder manifestBuilder = new ManifestCmsBuilder();
X509ResourceCertificate caCertificate = createCaCertificate(ca, ca.keyPair.getPublic(), issuer.dn, issuer.crlDistributionPoint, issuer.keyPair);
X509Crl crl = new X509CrlBuilder().withIssuerDN(caCertificate.getSubject()).withThisUpdateTime(DateTime.now()).withNextUpdateTime(DateTime.now().plusHours(8)).withAuthorityKeyIdentifier(ca.keyPair.getPublic()).withNumber(nextSerial()).build(ca.keyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.crlDistributionPoint, crl));
manifestBuilder.addFile(ca.crlDistributionPoint.substring(ca.crlDistributionPoint.lastIndexOf('/') + 1), crl.getEncoded());
if (ca.children != null) {
for (CertificateAuthority child : ca.children) {
X509ResourceCertificate childCertificate = createCertificateAuthority(child, ca);
rpkiObjects.add(new RpkiObject(ca.repositoryURI + "/" + child.dn + ".cer", childCertificate));
manifestBuilder.addFile(child.dn + ".cer", childCertificate.getEncoded());
}
}
if (ca.roaPrefixes != null) {
ca.roaPrefixes.stream().collect(groupingBy(RoaPrefix::getAsn)).forEach((asn, roaPrefix) -> {
KeyPair roaKeyPair = KEY_PAIR_FACTORY.generate();
IpResourceSet resources = new IpResourceSet();
roaPrefix.stream().forEach(p -> resources.add(IpRange.parse(p.getPrefix())));
X509ResourceCertificate roaCertificate = new X509ResourceCertificateBuilder().withResources(resources).withIssuerDN(new X500Principal(ca.dn)).withSubjectDN(new X500Principal("CN=AS" + asn + ", CN=roa, " + ca.dn)).withValidityPeriod(typicalValidityPeriod()).withPublicKey(roaKeyPair.getPublic()).withSigningKeyPair(ca.keyPair).withCa(false).withKeyUsage(KeyUsage.digitalSignature).withSerial(nextSerial()).withCrlDistributionPoints(URI.create(ca.crlDistributionPoint)).build();
RoaCms roaCms = new RoaCmsBuilder().withAsn(new Asn(asn)).withPrefixes(roaPrefix.stream().map(p -> new net.ripe.rpki.commons.crypto.cms.roa.RoaPrefix(IpRange.parse(p.getPrefix()), p.getMaximumLength())).collect(toList())).withCertificate(roaCertificate).withSignatureProvider(BouncyCastleProvider.PROVIDER_NAME).build(roaKeyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.repositoryURI + "/" + "AS" + asn + ".roa", roaCms));
manifestBuilder.addFile("AS" + asn + ".roa", roaCms.getEncoded());
});
}
KeyPair manifestKeyPair = KEY_PAIR_FACTORY.generate();
X509ResourceCertificate manifestCertificate = new X509ResourceCertificateBuilder().withInheritedResourceTypes(EnumSet.allOf(IpResourceType.class)).withIssuerDN(caCertificate.getSubject()).withSubjectDN(new X500Principal("CN=manifest, " + caCertificate.getSubject())).withValidityPeriod(mftValidityPeriod).withPublicKey(manifestKeyPair.getPublic()).withSigningKeyPair(ca.keyPair).withCa(false).withKeyUsage(KeyUsage.digitalSignature).withSerial(nextSerial()).withCrlDistributionPoints(URI.create(ca.crlDistributionPoint)).build();
manifestBuilder.withCertificate(manifestCertificate).withManifestNumber(nextSerial()).withThisUpdateTime(DateTime.now()).withNextUpdateTime(DateTime.now().plusHours(8));
ManifestCms manifest = manifestBuilder.build(manifestKeyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.manifestURI, manifest));
return caCertificate;
}
use of net.ripe.ipresource.Asn in project rpki-validator-3 by RIPE-NCC.
the class ObjectController method list.
@GetMapping(path = "/validated")
public ResponseEntity<ApiResponse<ValidatedObjects>> list(Locale locale) {
final Map<Long, TrustAnchorResource> trustAnchorsById = trustAnchors.findAll().stream().collect(Collectors.toMap(TrustAnchor::getId, ta -> TrustAnchorResource.of(ta, locale)));
final Map<Long, Links> trustAnchorLinks = trustAnchorsById.entrySet().stream().collect(Collectors.toMap(entry -> entry.getKey(), entry -> new Links(entry.getValue().getLinks().getLink("self").withRel(TrustAnchor.TYPE))));
final Stream<RoaPrefix> validatedPrefixes = validatedRpkiObjects.findCurrentlyValidatedRoaPrefixes(null, null, null).getObjects().filter(new IgnoreFiltersPredicate(ignoreFilters.all()).negate()).map(prefix -> {
Links links = trustAnchorLinks.get(prefix.getTrustAnchor().getId());
return new RoaPrefix(String.valueOf(prefix.getAsn()), prefix.getPrefix().toString(), prefix.getEffectiveLength(), links);
});
final Stream<RoaPrefix> assertions = roaPrefixAssertions.all().map(assertion -> new RoaPrefix(new Asn(assertion.getAsn()).toString(), IpRange.parse(assertion.getPrefix()).toString(), assertion.getMaximumLength() != null ? assertion.getMaximumLength() : IpRange.parse(assertion.getPrefix()).getPrefixLength(), null));
final Stream<RoaPrefix> combinedPrefixes = Stream.concat(validatedPrefixes, assertions).distinct();
final Stream<ValidatedRpkiObjects.RouterCertificate> certificates = validatedRpkiObjects.findCurrentlyValidatedRouterCertificates().getObjects();
final Stream<RouterCertificate> filteredRouterCertificates = bgpSecFilterService.filterCertificates(certificates).map(o -> new RouterCertificate(o.getAsn(), o.getSubjectKeyIdentifier(), o.getSubjectPublicKeyInfo()));
final Stream<RouterCertificate> bgpSecAssertions = this.bgpSecAssertions.all().map(b -> {
final List<String> asns = Collections.singletonList(String.valueOf(b.getAsn()));
return new RouterCertificate(asns, b.getSki(), b.getPublicKey());
});
final Stream<RouterCertificate> combinedAssertions = Stream.concat(filteredRouterCertificates, bgpSecAssertions).distinct();
return ResponseEntity.ok(ApiResponse.<ValidatedObjects>builder().data(new ValidatedObjects(settings.isInitialValidationRunCompleted(), trustAnchorsById.values(), combinedPrefixes, combinedAssertions)).build());
}
use of net.ripe.ipresource.Asn in project rpki-validator-3 by RIPE-NCC.
the class RoaPrefixAssertionsController method toResource.
private RoaPrefixAssertionResource toResource(RoaPrefixAssertion assertion) {
Asn asn = new Asn(assertion.getAsn());
List<BgpPreviewService.BgpPreviewEntry> affected = bgpPreviewService.findAffected(asn, IpRange.parse(assertion.getPrefix()), assertion.getMaximumLength());
ImmutableList.Builder<BgpPreviewController.BgpPreview> validated = ImmutableList.builder();
ImmutableList.Builder<BgpPreviewController.BgpPreview> invalidated = ImmutableList.builder();
affected.forEach(x -> {
BgpPreviewController.BgpPreview entry = BgpPreviewController.BgpPreview.of(x.getOrigin().toString(), x.getPrefix().toString(), x.getValidity().toString());
if (x.getValidity() == BgpPreviewService.Validity.VALID && x.getOrigin().equals(asn)) {
validated.add(entry);
} else if (x.getValidity() != BgpPreviewService.Validity.VALID) {
invalidated.add(entry);
}
});
return RoaPrefixAssertionResource.of(assertion.getId(), assertion.getAsn(), assertion.getPrefix(), assertion.getMaximumLength(), assertion.getComment(), validated.build(), invalidated.build());
}
Aggregations