krill 0.16.0

Resource Public Key Infrastructure (RPKI) daemon
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374

//! Autonomous System Provider Authorizations.
//!
//! This is still being discussed in the IETF. No RFC just yet.
//! See the drafts
//! <https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-profile/> and
//! <https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/>

use std::{error, fmt};
use std::str::FromStr;
use rpki::repository::resources::Asn;
use serde::{Deserialize, Serialize};


//------------- Type Aliases -------------------------------------------------

/// The type of a customer ASN.
//
//  *Warning:* This type is used in stored state.
pub type CustomerAsn = Asn;

/// The type of a provider ASN.
//
//  *Warning:* This type is used in stored state.
pub type ProviderAsn = Asn;


//------------ AspaDefinitionUpdates -----------------------------------------

/// Information for an ASPA definition update.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct AspaDefinitionUpdates {
    /// Definitions to add or replace.
    ///
    /// Definitions in this list will be added if their customer ASN doesn’t
    /// exist yet or will be updated if they do.
    pub add_or_replace: Vec<AspaDefinition>,

    /// Definitions to remove.
    ///
    /// Definitions with these customer ASNs will be removed.
    pub remove: Vec<CustomerAsn>,
}

impl fmt::Display for AspaDefinitionUpdates {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "Update ASPA definitions: ")?;
        if !self.add_or_replace.is_empty() {
            write!(f, " add or replace:")?;
            for definition in &self.add_or_replace {
                write!(f, " {definition}")?;
            }
        }
        if !self.remove.is_empty() {
            write!(f, " remove where customer ASN is:")?;
            for as_id in &self.remove {
                write!(f, " {as_id}")?;
            }
        }

        Ok(())
    }
}


//------------ AspaDefinitionList ----------------------------------------

/// A list of ASPA definitions.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct AspaDefinitionList(Vec<AspaDefinition>);

impl AspaDefinitionList {
    pub fn new(definitions: Vec<AspaDefinition>) -> Self {
        AspaDefinitionList(definitions)
    }

    pub fn as_slice(&self) -> &[AspaDefinition] {
        self.0.as_slice()
    }
}

impl fmt::Display for AspaDefinitionList {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        for def in self.0.iter() {
            writeln!(f, "{def}")?;
        }
        Ok(())
    }
}


//------------ AspaDefinition ------------------------------------------------

/// The definition of an ASPA record.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct AspaDefinition {
    /// The customer ASN.
    pub customer: CustomerAsn,

    /// The list of provider ASNs.
    ///
    /// This is not necessarily an acceptable list yet, i.e., it may be
    /// unordered, contain duplicates, or contain the customer ASN.
    pub providers: Vec<ProviderAsn>,
}

impl AspaDefinition {
    /// Returns true if the customer is used in the provider list.
    ///
    /// This is not allowed by spec, and these definitions should
    /// be rejected by Krill.
    pub fn customer_used_as_provider(&self) -> bool {
        self.providers.contains(&self.customer)
    }

    /// Returns true if there are duplicate provider ASNs.
    ///
    /// This is not allowed by spec and these definitions should be
    /// rejected by Krill.
    pub fn contains_duplicate_providers(&self) -> bool {
        let mut providers: Vec<Asn> = self.providers.clone();

        let len_before_duplicates = providers.len();

        providers.sort();
        providers.dedup();

        len_before_duplicates > providers.len()
    }

    /// Applies an update to the definition.
    ///
    /// The update is lenient, i.e., adding exsting ASNs and removing
    /// non-existing ASNs is fine. After the update, the provider ASNs are
    /// sorted.
    pub fn apply_update(&mut self, update: &AspaProvidersUpdate) {
        for removed in &update.removed {
            self.providers.retain(|provider| provider != removed);
        }

        for added in &update.added {
            if !self.providers.contains(added) {
                self.providers.push(*added);
            }
        }
        self.providers.sort();
    }
}

impl fmt::Display for AspaDefinition {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        // example: 65000 => 65001, 65002, 65003
        write!(f, "{} => ", self.customer)?;
        if self.providers.is_empty() {
            write!(f, "<none>")?;
        } else {
            for i in 0..self.providers.len() {
                if i > 0 {
                    write!(f, ", ")?;
                }
                write!(f, "{}", self.providers[i])?;
            }
        }
        Ok(())
    }
}

impl FromStr for AspaDefinition {
    type Err = AspaDefinitionFormatError;

    // example: 65000 => 65001, 65002(v4), 65003(v6)
    // example: 65000 => <none>
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        let mut parts = s.split("=>");

        let customer = {
            let customer_str = parts
                .next()
                .ok_or(AspaDefinitionFormatError::CustomerAsMissing)?;
            CustomerAsn::from_str(customer_str.trim()).map_err(|_| {
                AspaDefinitionFormatError::CustomerAsInvalid(
                    customer_str.trim().to_string(),
                )
            })?
        };

        let mut providers = {
            let mut providers = vec![];
            let providers_str = parts.next().unwrap_or("<none>");

            if providers_str.trim() != "<none>" {
                let provider_parts = providers_str.split(',');
                for provider_part in provider_parts {
                    let provider = ProviderAsn::from_str(
                        provider_part.trim(),
                    )
                    .map_err(|_| {
                        AspaDefinitionFormatError::ProviderAsInvalid(
                            provider_part.trim().to_string(),
                        )
                    })?;
                    providers.push(provider);
                }
            }

            providers
        };

        // unexpected extra bits are not acceptable
        if parts.next().is_some() {
            Err(AspaDefinitionFormatError::ExtraParts)
        } else {
            // Ensure that the providers are sorted,  and there are no
            // duplicates
            providers.sort();

            match providers.windows(2).find(|pair| pair[0] == pair[1]) {
                Some(dup) => {
                    Err(AspaDefinitionFormatError::ProviderAsDuplicate(
                        dup[0], dup[1],
                    ))
                }
                None => Ok(AspaDefinition { customer, providers }),
            }
        }
    }
}


//------------ AspaProvidersUpdate -------------------------------------------

/// An update to the provider ASN list of an ASPA definition.
//
//  *Warning:* This type is used in stored state.
#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
pub struct AspaProvidersUpdate {
    /// A list of ASNs to be added to the provider ASNs.
    pub added: Vec<ProviderAsn>,

    /// A list of ASNs to be removed from the provider ASNs.
    pub removed: Vec<ProviderAsn>,
}

impl AspaProvidersUpdate {
    /// Returns whether the update is empty.
    pub fn is_empty(&self) -> bool {
        self.added.is_empty() && self.removed.is_empty()
    }
}

impl fmt::Display for AspaProvidersUpdate {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        if !self.added.is_empty() {
            write!(f, "adding providers:")?;
            for added in &self.added {
                write!(f, " {added}")?;
            }
            write!(f, " ")?;
        }
        if !self.removed.is_empty() {
            write!(f, "removing providers:")?;
            for removed in &self.removed {
                write!(f, " {removed}")?;
            }
        }
        Ok(())
    }
}


//============ Error Types ===================================================

//------------ AspaDefinitionFormatError -------------------------------------

/// An error happened while parsing an ASPA definition.
#[derive(Clone, Debug)]
pub enum AspaDefinitionFormatError {
    /// The customer ASN was missing.
    CustomerAsMissing,

    /// The customer ASN was invalid.
    CustomerAsInvalid(String),

    /// The given provider ASN definition was invalid.
    ProviderAsInvalid(String),

    /// The given two provider ASNs are duplicates.
    ProviderAsDuplicate(ProviderAsn, ProviderAsn),

    /// There was trailing text in the definition.
    ExtraParts,
}

impl fmt::Display for AspaDefinitionFormatError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "ASPA configuration format invalid: ")?;
        match self {
            AspaDefinitionFormatError::CustomerAsMissing => {
                write!(f, "customer AS missing")
            }
            AspaDefinitionFormatError::CustomerAsInvalid(s) => {
                write!(f, "cannot parse customer AS: {s}")
            }
            AspaDefinitionFormatError::ProviderAsInvalid(s) => {
                write!(f, "cannot parse provider AS: {s}")
            }
            AspaDefinitionFormatError::ProviderAsDuplicate(l, r) => {
                write!(
                    f,
                    "duplicate AS in provider list. Found {l} and {r}"
                )
            }
            AspaDefinitionFormatError::ExtraParts => {
                write!(f, "found more than one '=>'")
            }
        }
    }
}

impl error::Error for AspaDefinitionFormatError {}


//============ Tests =========================================================

#[cfg(test)]
mod tests {
    use super::*;

    fn customer(s: &str) -> Asn {
        Asn::from_str(s).unwrap()
    }

    fn provider(s: &str) -> ProviderAsn {
        ProviderAsn::from_str(s).unwrap()
    }

    #[test]
    fn aspa_configuration_to_from_str() {
        let config = AspaDefinition {
            customer: customer("AS65000"),
            providers: vec![
                provider("AS65001"),
                provider("AS65002"),
                provider("AS65003"),
            ],
        };
        let config_str = "AS65000 => AS65001, AS65002, AS65003";

        let to_str = config.to_string();
        assert_eq!(config_str, to_str.as_str());

        let from_str = AspaDefinition::from_str(config_str).unwrap();
        assert_eq!(config, from_str);
    }

    #[test]
    fn aspa_configuration_empty_providers_from_str() {
        let config = AspaDefinition {
            customer: customer("AS65000"),
            providers: vec![]
        };
        let config_str = "AS65000 => <none>";

        let to_str = config.to_string();
        assert_eq!(config_str, to_str.as_str());

        let from_str = AspaDefinition::from_str(config_str).unwrap();
        assert_eq!(config, from_str);
    }
}