@Override protected IkePhase1Policy featureValueOf(Configuration actual) { return actual.getIkePhase1Policies().get(_name); } }
/** * Searches and returns the {@link IkePhase1Policy} which can be used for peering with the * initiator on the responder. Returns null if no such {@link IkePhase1Policy} could be found. */ @Nullable private static IkePhase1Policy getMatchingDynamicIkeP1Policy( IpsecStaticPeerConfig initiator, IpsecPeerConfig responder, Configuration responderOwner) { List<IkePhase1Policy> dynamicIkePhase1Policies = ((IpsecDynamicPeerConfig) responder) .getIkePhase1Poliies().stream() .map(ikePhase1Policy -> responderOwner.getIkePhase1Policies().get(ikePhase1Policy)) .filter(Objects::nonNull) .collect(Collectors.toList()); return dynamicIkePhase1Policies.stream() .filter( dynamicIkeP1Policy -> dynamicIkeP1Policy .getRemoteIdentity() .containsIp(initiator.getLocalAddress(), ImmutableMap.of())) .findFirst() .orElse(null); } }
_ikePhase1Keys = node.getIkePhase1Keys().navigableKeySet(); if (!node.getIkePhase1Policies().isEmpty()) { _ikePhase1Policies = node.getIkePhase1Policies().navigableKeySet();
initiator.getIkePhase1Policy() == null ? null : initiatorOwner.getIkePhase1Policies().get(initiator.getIkePhase1Policy()); ? null : responderOwner .getIkePhase1Policies() .get(ipsecStaticPeerConfig.getIkePhase1Policy()); } else {
IkePolicy oldIkePolicy = e.getValue(); _c.getIkePhase1Policies().put(name, toIkePhase1Policy(oldIkePolicy, ikePhase1KeysBuilder));
abstractConf.setDefaultCrossZoneAction(conf.getDefaultCrossZoneAction()); abstractConf.setIkePhase1Keys(conf.getIkePhase1Keys()); abstractConf.setIkePhase1Policies(conf.getIkePhase1Policies()); abstractConf.setIkePhase1Proposals(conf.getIkePhase1Proposals()); abstractConf.setDefaultInboundAction(conf.getDefaultInboundAction());
.forEach( isakmpProfile -> c.getIkePhase1Policies() .put(isakmpProfile.getName(), toIkePhase1Policy(isakmpProfile, this, c, _w)));
/** Converts a {@link Tunnel} to an {@link IpsecPeerConfig} */ static IpsecPeerConfig toIpsecPeerConfig( Tunnel tunnel, String tunnelIfaceName, CiscoConfiguration oldConfig, Configuration newConfig) { IpsecStaticPeerConfig.Builder ipsecStaticPeerConfigBuilder = IpsecStaticPeerConfig.builder() .setTunnelInterface(tunnelIfaceName) .setDestinationAddress(tunnel.getDestination()) .setLocalAddress(tunnel.getSourceAddress()) .setSourceInterface(tunnel.getSourceInterfaceName()) .setIpsecPolicy(tunnel.getIpsecProfileName()); IpsecProfile ipsecProfile = null; if (tunnel.getIpsecProfileName() != null) { ipsecProfile = oldConfig.getIpsecProfiles().get(tunnel.getIpsecProfileName()); } if (ipsecProfile != null && ipsecProfile.getIsakmpProfile() != null) { ipsecStaticPeerConfigBuilder.setIkePhase1Policy(ipsecProfile.getIsakmpProfile()); } else { ipsecStaticPeerConfigBuilder.setIkePhase1Policy( getIkePhase1Policy( newConfig.getIkePhase1Policies(), tunnel.getDestination(), tunnel.getSourceInterfaceName())); } return ipsecStaticPeerConfigBuilder.build(); }
if (ikePhase1Policy == null) { ikePhase1Policy = getIkePhase1Policy(c.getIkePhase1Policies(), cryptoMapEntry.getPeer(), iface.getName()); ikePhase1Policies = ImmutableList.of(ikePhase1Policy); } else { ikePhase1Policies = getMatchingIKePhase1Policies(c.getIkePhase1Policies(), iface.getName());