use of net.ripe.rpki.validator3.domain.RoaPrefix in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorsFactory method createCertificateAuthority.
public X509ResourceCertificate createCertificateAuthority(CertificateAuthority ca, CertificateAuthority issuer, ValidityPeriod mftValidityPeriod) {
ManifestCmsBuilder manifestBuilder = new ManifestCmsBuilder();
X509ResourceCertificate caCertificate = createCaCertificate(ca, ca.keyPair.getPublic(), issuer.dn, issuer.crlDistributionPoint, issuer.keyPair);
X509Crl crl = new X509CrlBuilder().withIssuerDN(caCertificate.getSubject()).withThisUpdateTime(DateTime.now()).withNextUpdateTime(DateTime.now().plusHours(8)).withAuthorityKeyIdentifier(ca.keyPair.getPublic()).withNumber(nextSerial()).build(ca.keyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.crlDistributionPoint, crl));
manifestBuilder.addFile(ca.crlDistributionPoint.substring(ca.crlDistributionPoint.lastIndexOf('/') + 1), crl.getEncoded());
if (ca.children != null) {
for (CertificateAuthority child : ca.children) {
X509ResourceCertificate childCertificate = createCertificateAuthority(child, ca);
rpkiObjects.add(new RpkiObject(ca.repositoryURI + "/" + child.dn + ".cer", childCertificate));
manifestBuilder.addFile(child.dn + ".cer", childCertificate.getEncoded());
}
}
if (ca.roaPrefixes != null) {
ca.roaPrefixes.stream().collect(groupingBy(RoaPrefix::getAsn)).forEach((asn, roaPrefix) -> {
KeyPair roaKeyPair = KEY_PAIR_FACTORY.generate();
IpResourceSet resources = new IpResourceSet();
roaPrefix.stream().forEach(p -> resources.add(IpRange.parse(p.getPrefix())));
X509ResourceCertificate roaCertificate = new X509ResourceCertificateBuilder().withResources(resources).withIssuerDN(new X500Principal(ca.dn)).withSubjectDN(new X500Principal("CN=AS" + asn + ", CN=roa, " + ca.dn)).withValidityPeriod(typicalValidityPeriod()).withPublicKey(roaKeyPair.getPublic()).withSigningKeyPair(ca.keyPair).withCa(false).withKeyUsage(KeyUsage.digitalSignature).withSerial(nextSerial()).withCrlDistributionPoints(URI.create(ca.crlDistributionPoint)).build();
RoaCms roaCms = new RoaCmsBuilder().withAsn(new Asn(asn)).withPrefixes(roaPrefix.stream().map(p -> new net.ripe.rpki.commons.crypto.cms.roa.RoaPrefix(IpRange.parse(p.getPrefix()), p.getMaximumLength())).collect(toList())).withCertificate(roaCertificate).withSignatureProvider(BouncyCastleProvider.PROVIDER_NAME).build(roaKeyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.repositoryURI + "/" + "AS" + asn + ".roa", roaCms));
manifestBuilder.addFile("AS" + asn + ".roa", roaCms.getEncoded());
});
}
KeyPair manifestKeyPair = KEY_PAIR_FACTORY.generate();
X509ResourceCertificate manifestCertificate = new X509ResourceCertificateBuilder().withInheritedResourceTypes(EnumSet.allOf(IpResourceType.class)).withIssuerDN(caCertificate.getSubject()).withSubjectDN(new X500Principal("CN=manifest, " + caCertificate.getSubject())).withValidityPeriod(mftValidityPeriod).withPublicKey(manifestKeyPair.getPublic()).withSigningKeyPair(ca.keyPair).withCa(false).withKeyUsage(KeyUsage.digitalSignature).withSerial(nextSerial()).withCrlDistributionPoints(URI.create(ca.crlDistributionPoint)).build();
manifestBuilder.withCertificate(manifestCertificate).withManifestNumber(nextSerial()).withThisUpdateTime(DateTime.now()).withNextUpdateTime(DateTime.now().plusHours(8));
ManifestCms manifest = manifestBuilder.build(manifestKeyPair.getPrivate());
rpkiObjects.add(new RpkiObject(ca.manifestURI, manifest));
return caCertificate;
}
use of net.ripe.rpki.validator3.domain.RoaPrefix in project rpki-validator-3 by RIPE-NCC.
the class ObjectController method list.
@GetMapping(path = "/validated")
public ResponseEntity<ApiResponse<ValidatedObjects>> list(Locale locale) {
final Map<Long, TrustAnchorResource> trustAnchorsById = trustAnchors.findAll().stream().collect(Collectors.toMap(TrustAnchor::getId, ta -> TrustAnchorResource.of(ta, locale)));
final Map<Long, Links> trustAnchorLinks = trustAnchorsById.entrySet().stream().collect(Collectors.toMap(entry -> entry.getKey(), entry -> new Links(entry.getValue().getLinks().getLink("self").withRel(TrustAnchor.TYPE))));
final Stream<RoaPrefix> validatedPrefixes = validatedRpkiObjects.findCurrentlyValidatedRoaPrefixes(null, null, null).getObjects().filter(new IgnoreFiltersPredicate(ignoreFilters.all()).negate()).map(prefix -> {
Links links = trustAnchorLinks.get(prefix.getTrustAnchor().getId());
return new RoaPrefix(String.valueOf(prefix.getAsn()), prefix.getPrefix().toString(), prefix.getEffectiveLength(), links);
});
final Stream<RoaPrefix> assertions = roaPrefixAssertions.all().map(assertion -> new RoaPrefix(new Asn(assertion.getAsn()).toString(), IpRange.parse(assertion.getPrefix()).toString(), assertion.getMaximumLength() != null ? assertion.getMaximumLength() : IpRange.parse(assertion.getPrefix()).getPrefixLength(), null));
final Stream<RoaPrefix> combinedPrefixes = Stream.concat(validatedPrefixes, assertions).distinct();
final Stream<ValidatedRpkiObjects.RouterCertificate> certificates = validatedRpkiObjects.findCurrentlyValidatedRouterCertificates().getObjects();
final Stream<RouterCertificate> filteredRouterCertificates = bgpSecFilterService.filterCertificates(certificates).map(o -> new RouterCertificate(o.getAsn(), o.getSubjectKeyIdentifier(), o.getSubjectPublicKeyInfo()));
final Stream<RouterCertificate> bgpSecAssertions = this.bgpSecAssertions.all().map(b -> {
final List<String> asns = Collections.singletonList(String.valueOf(b.getAsn()));
return new RouterCertificate(asns, b.getSki(), b.getPublicKey());
});
final Stream<RouterCertificate> combinedAssertions = Stream.concat(filteredRouterCertificates, bgpSecAssertions).distinct();
return ResponseEntity.ok(ApiResponse.<ValidatedObjects>builder().data(new ValidatedObjects(settings.isInitialValidationRunCompleted(), trustAnchorsById.values(), combinedPrefixes, combinedAssertions)).build());
}
use of net.ripe.rpki.validator3.domain.RoaPrefix in project rpki-validator-3 by RIPE-NCC.
the class ValidatedRoasController method list.
@GetMapping
public ResponseEntity<ApiResponse<Stream<RoaPrefix>>> list(@RequestParam(name = "startFrom", defaultValue = "0") int startFrom, @RequestParam(name = "pageSize", defaultValue = "20") int pageSize, @RequestParam(name = "search", defaultValue = "", required = false) String searchString, @RequestParam(name = "sortBy", defaultValue = "prefix") String sortBy, @RequestParam(name = "sortDirection", defaultValue = "asc") String sortDirection) {
final SearchTerm searchTerm = StringUtils.isNotBlank(searchString) ? new SearchTerm(searchString) : null;
final Sorting sorting = Sorting.parse(sortBy, sortDirection);
final Paging paging = Paging.of(startFrom, pageSize);
ValidatedRpkiObjects.ValidatedObjects<ValidatedRpkiObjects.RoaPrefix> currentlyValidatedRoaPrefixes = validatedRpkiObjects.findCurrentlyValidatedRoaPrefixes(searchTerm, sorting, paging);
final Stream<RoaPrefix> roas = currentlyValidatedRoaPrefixes.getObjects().map(prefix -> new RoaPrefix(prefix.getAsn().toString(), prefix.getPrefix().toString(), prefix.getEffectiveLength(), prefix.getTrustAnchor().getName(), prefix.getLocations().first()));
int totalSize = currentlyValidatedRoaPrefixes.getTotalCount();
final Links links = Paging.links(startFrom, pageSize, totalSize, (sf, ps) -> methodOn(ValidatedRoasController.class).list(sf, ps, searchString, sortBy, sortDirection));
return ResponseEntity.ok(ApiResponse.<Stream<RoaPrefix>>builder().links(links).metadata(Metadata.of(totalSize)).data(roas).build());
}
Aggregations