diff options
| author | Rob Austein <sra@hactrn.net> | 2008-04-20 04:39:21 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-04-20 04:39:21 +0000 |
| commit | 68cebf413041bc1920a47c13f5146489d84b1c7d (patch) | |
| tree | d29c5a2663cc50e3d7b66030038f8e6d47f54759 | |
| parent | 8d32ffd7493119464acca0d7858bc64f0474c157 (diff) | |
Refactor redundantly redundant XML and CMS handling code.
svn path=/rpkid/irbe-cli.py; revision=1681
| -rwxr-xr-x | rpkid/irbe-cli.py | 20 | ||||
| -rw-r--r-- | rpkid/irbe-setup.py | 9 | ||||
| -rwxr-xr-x | rpkid/irdbd.py | 10 | ||||
| -rwxr-xr-x | rpkid/rootd.py | 22 | ||||
| -rw-r--r-- | rpkid/rpki/gctx.py | 21 | ||||
| -rw-r--r-- | rpkid/rpki/left_right.py | 34 | ||||
| -rw-r--r-- | rpkid/rpki/sax_utils.py | 5 | ||||
| -rw-r--r-- | rpkid/rpki/up_down.py | 16 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 46 | ||||
| -rw-r--r-- | rpkid/testbed.py | 15 | ||||
| -rw-r--r-- | rpkid/testpoke.py | 10 | ||||
| -rwxr-xr-x | rpkid/xml-parse-test.py | 27 |
12 files changed, 111 insertions, 124 deletions
diff --git a/rpkid/irbe-cli.py b/rpkid/irbe-cli.py index 77c8f870..1e1642e9 100755 --- a/rpkid/irbe-cli.py +++ b/rpkid/irbe-cli.py @@ -118,6 +118,9 @@ class msg(rpki.left_right.msg): class sax_handler(rpki.left_right.sax_handler): pdu = msg +class cms_msg(rpki.left_right.cms_msg): + saxify = sax_handler.saxify + top_opts = ["config=", "help", "pem_out="] def usage(code=1): @@ -171,24 +174,19 @@ while argv: argv = q_pdu.client_getopt(argv[1:]) q_msg.append(q_pdu) -q_elt = q_msg.toXML() -q_cms = rpki.x509.left_right_pdu.build(q_elt, cms_key, cms_certs) +q_cms = rpki.left_right.cms_msg.wrap(q_msg, cms_key, cms_certs) der = rpki.https.client(client_key = https_key, client_certs = https_certs, server_ta = https_ta, url = https_url, - msg = q_cms.get_DER()) - -r_cms = rpki.x509.left_right(DER = der) -r_elt = r_cms.verify(r_cms, cms_ta) + msg = q_cms) -print r_cms.prettyprint_content() +r_msg, r_xml = cms_msg.unwrap(der, r_cms, cms_ta, pretty_print = True) -handler = sax_handler() -lxml.sax.saxify(r_elt, handler) -r_msg = handler.result +print r_xml for r_pdu in r_msg: r_pdu.client_reply_decode() - #r_pdu.client_reply_show() + if False: + r_pdu.client_reply_show() diff --git a/rpkid/irbe-setup.py b/rpkid/irbe-setup.py index 452aae76..bbfb8460 100644 --- a/rpkid/irbe-setup.py +++ b/rpkid/irbe-setup.py @@ -19,7 +19,7 @@ IRDB. Our main task here is to create child objects in the RPKI engine for every registrant object in the IRDB. """ -import os, MySQLdb, getopt, sys, lxml.etree, lxml.sax +import os, MySQLdb, getopt, sys, lxml.etree import rpki.left_right, rpki.relaxng, rpki.https import rpki.x509, rpki.config, rpki.log @@ -47,16 +47,13 @@ def call_rpkid(pdu): pdu.type = "query" msg = rpki.left_right.msg((pdu,)) - elt = msg.toXML() - cms = rpki.x509.let_right_pdu.build(elt, cms_key, cms_certs) + cms = rpki.x509.left_right_pdu.wrap(msg, cms_key, cms_certs) der = rpki.https.client(client_key = https_key, client_certs = https_certs, server_ta = https_ta, url = https_url, msg = cms) - cms = rpki.x509.left_right_pdu(DER = der) - elt = cms.verify(cms_ta) - msg = rpki.left_right.sax_handler.saxify(elt) + msg = rpki.left_right.cms_msg.unwrap(der, cms_ta) pdu = msg[0] assert len(msg) == 1 and pdu.type == "reply" and not isinstance(pdu, rpki.left_right.report_error_elt) return pdu diff --git a/rpkid/irdbd.py b/rpkid/irdbd.py index 6570eeb3..49f6079b 100755 --- a/rpkid/irdbd.py +++ b/rpkid/irdbd.py @@ -29,9 +29,9 @@ import rpki.exceptions, rpki.left_right, rpki.log, rpki.x509 def handler(query, path): try: - q_cms = rpki.x509.left_right_pdu(DER = query) - q_elt = q_cms.verify(cms_ta) - q_msg = rpki.left_right.sax_handler.saxify(q_elt) + + q_msg = rpki.left_right.cms_msg.unwrap(query, cms_ta) + if not isinstance(q_msg, rpki.left_right.msg): raise rpki.exceptions.BadQuery, "Unexpected %s PDU" % repr(q_msg) @@ -70,9 +70,7 @@ def handler(query, path): r_msg.append(r_pdu) - r_elt = r_msg.toXML() - r_cms = rpki.x509.left_right_pdu.build(r_elt, cms_key, cms_certs) - return 200, r_cms.get_DER() + return 200, rpki.left_right.cms_msg.wrap(r_msg, cms_key, cms_certs) except Exception, data: rpki.log.error(traceback.format_exc()) diff --git a/rpkid/rootd.py b/rpkid/rootd.py index 21b1b371..6bae0b7d 100755 --- a/rpkid/rootd.py +++ b/rpkid/rootd.py @@ -124,30 +124,28 @@ class message_pdu(rpki.up_down.message_pdu): "error_response" : rpki.up_down.error_response_pdu } type2name = dict((v,k) for k,v in name2type.items()) -class sax_handler(rpki.sax_utils.handler): - def create_top_level(self, name, attrs): - return message_pdu() +class sax_handler(rpki.up_down.sax_handler): + pdu = message_pdu + +class cms_msg(rpki.up_down.cms_msg): + saxify = sax_handler.saxify def up_down_handler(query, path): try: - q_cms = rpki.x509.up_down_pdu(DER = query) - q_elt = q_cms.verify(cms_ta) - q_msg = sax_handler.saxify(q_elt) + q_msg = cms_msg.unwrap(query, cms_ta) except Exception, data: rpki.log.error(traceback.format_exc()) return 400, "Could not process PDU: %s" % data try: r_msg = q_msg.serve_top_level(None) - r_elt = r_msg.toXML() - r_cms = rpki.x509.up_down_pdu.build(r_elt, cms_key, cms_certs) - return 200, r_cms.get_DER() + r_cms = cms_msg.wrap(r_msg, cms_key, cms_certs) + return 200, r_cms except Exception, data: rpki.log.error(traceback.format_exc()) try: r_msg = q_msg.serve_error(data) - r_elt = r_msg.toXML() - r_cms = rpki.x509.up_down_pdu.build(r_elt, cms_key, cms_certs) - return 200, r_cms.get_DER() + r_cms = cms_msg.wrap(r_msg, cms_key, cms_certs) + return 200, r_cms except Exception, data: rpki.log.error(traceback.format_exc()) return 500, "Could not process PDU: %s" % data diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py index d6a572a4..aad7643a 100644 --- a/rpkid/rpki/gctx.py +++ b/rpkid/rpki/gctx.py @@ -74,17 +74,14 @@ class global_context(object): q_msg[0].type = "query" q_msg[0].self_id = self_id q_msg[0].child_id = child_id - q_elt = q_msg.toXML() - q_cms = rpki.x509.left_right_pdu.build(q_elt, self.cms_key, self.cms_certs) + q_cms = rpki.left_right.cms_msg.wrap(q_msg, self.cms_key, self.cms_certs) der = rpki.https.client( client_key = self.https_key, client_certs = self.https_certs, server_ta = self.https_ta_irdb, url = self.irdb_url, - msg = q_cms.get_DER()) - r_cms = rpki.x509.left_right_pdu(DER = der) - r_elt = r_cms.verify(self.cms_ta_irdb) - r_msg = rpki.left_right.sax_handler.saxify(r_elt) + msg = q_cms) + r_msg = rpki.left_right.cms_msg.unwrap(der, self.cms_ta_irdb) if len(r_msg) == 0 or not isinstance(r_msg[0], rpki.left_right.list_resources_elt) or r_msg[0].type != "reply": raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii") return rpki.resource_set.resource_bag( @@ -115,19 +112,11 @@ class global_context(object): """Process one left-right PDU.""" rpki.log.trace() try: - q_cms = rpki.x509.left_right_pdu(DER = query) - q_elt = q_cms.verify(self.cms_ta_irbe) - q_msg = rpki.left_right.sax_handler.saxify(q_elt) + q_msg = rpki.left_right.cms_msg.unwrap(query, self.cms_ta_irbe) r_msg = q_msg.serve_top_level(self) - r_elt = r_msg.toXML() - r_cms = rpki.x509.left_right_pdu.build(r_elt, self.cms_key, self.cms_certs) - reply = r_cms.get_DER() + reply = rpki.left_right.cms_msg.wrap(r_msg, self.cms_key, self.cms_certs) self.sql_sweep() return 200, reply - except lxml.etree.DocumentInvalid: - rpki.log.warn("Received reply document does not pass schema check: " + lxml.etree.tostring(r_elt, pretty_print = True)) - rpki.log.warn(traceback.format_exc()) - return 500, "Schema violation" except Exception, data: rpki.log.error(traceback.format_exc()) return 500, "Unhandled exception %s" % data diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index e14ed7cb..3361ac5e 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -17,7 +17,7 @@ """RPKI "left-right" protocol.""" import base64, lxml.etree, time, traceback, os -import rpki.sax_utils, rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions +import rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions, rpki.sax_utils import rpki.https, rpki.up_down, rpki.relaxng, rpki.sundial, rpki.log, rpki.roa xmlns = "http://www.hactrn.net/uris/rpki/left-right-spec/" @@ -609,18 +609,15 @@ class parent_elt(data_elt): payload = q_pdu, sender = self.sender_name, recipient = self.recipient_name) - q_elt = q_msg.toXML() - q_cms = rpki.x509.up_down_pdu.build(q_elt, bsc.private_key_id, bsc.signing_cert) + q_cms = rpki.up_down.cms_msg.wrap(q_msg, bsc.private_key_id, bsc.signing_cert) der = rpki.https.client(server_ta = self.peer_biz_cert, client_key = bsc.private_key_id, client_certs = bsc.signing_cert, - msg = q_cms.get_DER(), + msg = q_cms, url = self.peer_contact_uri) - r_cms = rpki.x509.up_down_pdu(DER = der) - r_elt = r_cms.verify(self.peer_biz_cert) - r_msg = rpki.up_down.sax_handler.saxify(r_elt) + r_msg = rpki.up_down.cms_msg.unwrap(der, self.peer_biz_cert) r_msg.payload.check_response() return r_msg @@ -699,9 +696,7 @@ class child_elt(data_elt): bsc = self.bsc() if bsc is None: raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id - q_cms = rpki.x509.up_down_pdu(DER = query) - q_elt = q_cms.verify(self.peer_biz_cert) - q_msg = rpki.up_down.sax_handler.saxify(q_elt) + q_msg = rpki.up_down.cms_msg.unwrap(query, self.peer_biz_cert) q_msg.payload.gctx = self.gctx if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id): raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender @@ -715,9 +710,8 @@ class child_elt(data_elt): # sane way of reporting errors in the error reporting mechanism. # May require refactoring, ignore the issue for now. # - r_elt = r_msg.toXML() - r_cms = rpki.x509.up_down_pdu.build(r_elt, bsc.private_key_id, bsc.signing_cert) - return r_cms.get_DER() + r_cms = rpki.up_down.cms_msg.wrap(r_msg, bsc.private_key_id, bsc.signing_cert) + return r_cms class repository_elt(data_elt): """<repository/> element.""" @@ -1114,11 +1108,13 @@ class msg(list): class sax_handler(rpki.sax_utils.handler): """SAX handler for Left-Right protocol.""" - ## @var pdu - # Top-level PDU class pdu = msg + name = "msg" + version = "1" - def create_top_level(self, name, attrs): - """Top-level PDU for this protocol is <msg/>.""" - assert name == "msg" and attrs["version"] == "1" - return self.pdu() +class cms_msg(rpki.x509.XML_CMS_object): + """Class to hold a CMS-signed left-right PDU.""" + + encoding = "us-ascii" + schema = rpki.relaxng.left_right + saxify = sax_handler.saxify diff --git a/rpkid/rpki/sax_utils.py b/rpkid/rpki/sax_utils.py index a472bee9..75443251 100644 --- a/rpkid/rpki/sax_utils.py +++ b/rpkid/rpki/sax_utils.py @@ -91,3 +91,8 @@ class handler(xml.sax.handler.ContentHandler): self = cls() lxml.sax.saxify(elt, self) return self.result + + def create_top_level(self, name, attrs): + """Handle top-level PDU for this protocol.""" + assert name == self.name and attrs["version"] == self.version + return self.pdu() diff --git a/rpkid/rpki/up_down.py b/rpkid/rpki/up_down.py index d69dfd9e..5dbc1e7c 100644 --- a/rpkid/rpki/up_down.py +++ b/rpkid/rpki/up_down.py @@ -17,7 +17,8 @@ """RPKI "up-down" protocol.""" import base64, lxml.etree, time -import rpki.sax_utils, rpki.resource_set, rpki.x509, rpki.exceptions +import rpki.resource_set, rpki.x509, rpki.exceptions +import rpki.sax_utils, rpki.relaxng xmlns="http://www.apnic.net/specs/rescerts/up-down/" @@ -511,6 +512,13 @@ class message_pdu(base_elt): class sax_handler(rpki.sax_utils.handler): """SAX handler for Up-Down protocol.""" - def create_top_level(self, name, attrs): - """Top-level PDU for this protocol is <message/>.""" - return message_pdu() + pdu = message_pdu + name = "message" + version = "1" + +class cms_msg(rpki.x509.XML_CMS_object): + """Class to hold a CMS-signed up-down PDU.""" + + encoding = "UTF-8" + schema = rpki.relaxng.up_down + saxify = sax_handler.saxify diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index fa46fb74..d220f39d 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -28,7 +28,7 @@ some of the nasty details. This involves a lot of format conversion. import POW, tlslite.api, POW.pkix, base64, lxml.etree, os import rpki.exceptions, rpki.resource_set, rpki.oids, rpki.sundial -import rpki.manifest, rpki.roa, rpki.relaxng +import rpki.manifest, rpki.roa def calculate_SKI(public_key_der): """Calculate the SKI value given the DER representation of a public @@ -209,7 +209,7 @@ class DER_object(object): return self.get_DER() def dumpasn1(self): - """Prettyprint an ASN.1 DER object using cryptlib dumpasn1 tool. + """Pretty print an ASN.1 DER object using cryptlib dumpasn1 tool. Use a temporary file rather than popen4() because dumpasn1 uses seek() when decoding ASN.1 content nested in OCTET STRING values. """ @@ -754,8 +754,8 @@ class XML_CMS_object(CMS_object): """Decode XML and set inner content.""" self.content = lxml.etree.fromstring(xml) - def prettyprint_content(self): - """Prettyprint XML content of this message.""" + def pretty_print_content(self): + """Pretty print XML content of this message.""" return lxml.etree.tostring(self.get_content(), pretty_print = True, encoding = self.encoding, xml_declaration = True) def schema_check(self): @@ -763,35 +763,35 @@ class XML_CMS_object(CMS_object): try: self.schema.assertValid(self.get_content()) except lxml.etree.DocumentInvalid: - rpki.log.error("PDU failed schema check: " + self.prettyprint_content()) + rpki.log.error("PDU failed schema check: " + self.pretty_print_content()) raise @classmethod - def build(cls, elt, keypair, certs): - """Build a CMS-wrapped XML PDU.""" + def wrap(cls, msg, keypair, certs, pretty_print = False): + """Build a CMS-wrapped XML PDU and return its DER encoding.""" self = cls() - self.set_content(elt) + self.set_content(msg.toXML()) self.schema_check() self.sign(keypair, certs) - return self + if pretty_print: + return self.get_DER(), self.pretty_print_content() + else: + return self.get_DER() - def verify(self, ta): - """Wrapper around CMS_object.verify(), adds RelaxNG schema check.""" + @classmethod + def unwrap(cls, der, ta, pretty_print = False): + """Unwrap a CMS-wrapped XML PDU and return Python objects.""" + self = cls(DER = der) CMS_object.verify(self, ta) self.schema_check() - return self.get_content() - -class left_right_pdu(XML_CMS_object): - """Class to hold a CMS-signed left-right PDU.""" - - encoding = "us-ascii" - schema = rpki.relaxng.left_right - -class up_down_pdu(XML_CMS_object): - """Class to hold a CMS-signed up-down PDU.""" + msg = self.saxify(self.get_content()) + if pretty_print: + return msg, self.pretty_print_content() + else: + return msg - encoding = "UTF-8" - schema = rpki.relaxng.up_down + def verify(self, ta): + raise NotImplementedError, "Should not be calling this, it's obsolete" class CRL(DER_object): """Class to hold a Certificate Revocation List.""" diff --git a/rpkid/testbed.py b/rpkid/testbed.py index 8c689f04..75abcc69 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -566,9 +566,9 @@ class allocation(object): """ rpki.log.info("Calling rpkid for %s" % self.name) pdu.type = "query" - elt = rpki.left_right.msg((pdu,)).toXML() - rpki.log.debug(lxml.etree.tostring(elt, pretty_print = True, encoding = "us-ascii")) - cms = rpki.x509.left_right_pdu.build(elt, testbed_key, testbed_certs) + msg = rpki.left_right.msg((pdu,)) + cms, xml = rpki.left_right.cms_msg.wrap(msg, testbed_key, testbed_certs, pretty_print = True) + rpki.log.debug(xml) url = "https://localhost:%d/left-right" % self.rpki_port rpki.log.debug("Attempting to connect to %s" % url) der = rpki.https.client( @@ -576,11 +576,10 @@ class allocation(object): client_certs = testbed_certs, server_ta = self.rpkid_ta, url = url, - msg = cms.get_DER()) - cms = rpki.x509.left_right_pdu(DER = der) - elt = cms.verify(ta = self.rpkid_ta) - rpki.log.debug(lxml.etree.tostring(elt, pretty_print = True, encoding = "us-ascii")) - pdu = rpki.left_right.sax_handler.saxify(elt)[0] + msg = cms) + msg, xml = rpki.left_right.cms_msg.unwrap(der, self.rpkid_ta, pretty_print = True) + rpki.log.debug(xml) + pdu = msg[0] assert pdu.type == "reply" and not isinstance(pdu, rpki.left_right.report_error_elt) return pdu diff --git a/rpkid/testpoke.py b/rpkid/testpoke.py index 99ee53c0..8da1daac 100644 --- a/rpkid/testpoke.py +++ b/rpkid/testpoke.py @@ -89,17 +89,15 @@ def query_up_down(q_pdu): payload = q_pdu, sender = yaml_data["sender-id"], recipient = yaml_data["recipient-id"]) - q_elt = q_msg.toXML() - q_cms = rpki.x509.up_down_pdu.build(q_elt, cms_key, cms_certs) + q_cms = rpki.up_down.cms_msg.wrap(q_msg, cms_key, cms_certs) der = rpki.https.client( server_ta = https_ta, client_key = https_key, client_certs = https_certs, - msg = q_cms.get_DER(), + msg = q_cms, url = yaml_data["posturl"]) - r_cms = rpki.x509.up_down_pdu(DER = der) - r_elt = r_cms.verify(cms_ta) - return r_cms.prettyprint_content() + r_msg, r_xml = rpki.up_down.cms_msg.unwrap(der, cms_ta, pretty_print = True) + return r_xml def do_list(): print query_up_down(rpki.up_down.list_pdu()) diff --git a/rpkid/xml-parse-test.py b/rpkid/xml-parse-test.py index bde7d167..bf49ad28 100755 --- a/rpkid/xml-parse-test.py +++ b/rpkid/xml-parse-test.py @@ -14,11 +14,12 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -import glob, rpki.up_down, rpki.left_right, rpki.relaxng, xml.sax, lxml.etree, lxml.sax, POW, POW.pkix +import glob, xml.sax, lxml.etree, lxml.sax, POW, POW.pkix +import rpki.up_down, rpki.left_right, rpki.relaxng verbose = True -def test(fileglob, rng, sax_handler, encoding, tester=None): +def test(fileglob, rng, sax_handler, encoding, tester = None): files = glob.glob(fileglob) files.sort() for f in files: @@ -31,7 +32,7 @@ def test(fileglob, rng, sax_handler, encoding, tester=None): rng.assertValid(elt_out) if (tester): tester(elt_in, elt_out, handler.result) - print lxml.etree.tostring(elt_out, pretty_print=True, encoding=encoding, xml_declaration=True) + print lxml.etree.tostring(elt_out, pretty_print = True, encoding = encoding, xml_declaration = True) def pprint_cert(cert): print cert.get_POW().pprint() @@ -54,14 +55,14 @@ def lr_tester(elt_in, elt_out, msg): for cert in bsc.signing_cert: pprint_cert(cert) -test(fileglob="up-down-protocol-samples/*.xml", - rng=rpki.relaxng.up_down, - sax_handler=rpki.up_down.sax_handler, - encoding="utf-8", - tester=ud_tester) +test(fileglob = "up-down-protocol-samples/*.xml", + rng = rpki.relaxng.up_down, + sax_handler = rpki.up_down.sax_handler, + encoding = "utf-8", + tester = ud_tester) -test(fileglob="left-right-protocol-samples/*.xml", - rng=rpki.relaxng.left_right, - sax_handler=rpki.left_right.sax_handler, - encoding="us-ascii", - tester=lr_tester) +test(fileglob = "left-right-protocol-samples/*.xml", + rng = rpki.relaxng.left_right, + sax_handler = rpki.left_right.sax_handler, + encoding = "us-ascii", + tester = lr_tester) |