Checkpoint

svn path=/myrpki/myirbe.py; revision=2544

1 files changed, 139 insertions, 0 deletions

diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py
new file mode 100644
index 00000000..42526f58
--- /dev/null
+++ b/myrpki/myirbe.py
@@ -0,0 +1,139 @@
+"""
+IRBE-side stuff for myrpki testbed.
+
+$Id$
+
+Copyright (C) 2009  Internet Systems Consortium ("ISC")
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+"""
+
+import lxml.etree, base64, subprocess, sys, os, time, getopt, MySQLdb
+import rpki.https, rpki.config, rpki.resource_set, rpki.relaxng
+import rpki.exceptions, rpki.left_right, rpki.log, rpki.x509
+
+rng = lxml.etree.RelaxNG(lxml.etree.parse("myrpki.rng"))
+
+def tag(t):
+  return "{http://www.hactrn.net/uris/rpki/myrpki/}" + t
+
+os.environ["TZ"] = "UTC"
+time.tzset()
+
+rpki.log.init("myirbe")
+
+cfg_file = "myirbe.conf"
+
+opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"])
+for o, a in opts:
+  if o in ("-h", "--help", "-?"):
+    print __doc__
+    sys.exit(0)
+  if o in ("-c", "--config"):
+    cfg_file = a
+if argv:
+  raise RuntimeError, "Unexpected arguments %s" % argv
+
+cfg = rpki.config.parser(cfg_file, "myirbe")
+
+startup_msg = cfg.get("startup-message", "")
+if startup_msg:
+  rpki.log.info(startup_msg)
+
+tree = lxml.etree.parse("myrpki.xml").getroot()
+rng.assertValid(tree)
+
+db = MySQLdb.connect(user   = cfg.get("sql-username"),
+                     db     = cfg.get("sql-database"),
+                     passwd = cfg.get("sql-password"))
+
+cur = db.cursor()
+
+#db.autocommit(True)
+
+my_handle = tree.get("handle")
+
+cur.execute(
+  """
+  DELETE
+  FROM  roa_request_prefix
+  USING roa_request, roa_request_prefix
+  WHERE roa_request.roa_request_id = roa_request_prefix.roa_request_id AND roa_request.roa_request_handle = %s
+  """, (my_handle,))
+
+cur.execute("DELETE FROM roa_request WHERE roa_request.roa_request_handle = %s", (my_handle,))
+
+for x in tree.getiterator(tag("roa_request")):
+  cur.execute("INSERT roa_request (roa_request_handle, asn) VALUES (%s, %s)", (my_handle, x.get("asn")))
+  roa_request_id = cur.lastrowid
+  for version, prefix_set in ((4, rpki.resource_set.roa_prefix_set_ipv4(x.get("v4"))), (6, rpki.resource_set.roa_prefix_set_ipv6(x.get("v6")))):
+    if prefix_set:
+      cur.executemany("INSERT roa_request_prefix (roa_request_id, prefix, prefixlen, max_prefixlen, version) VALUES (%s, %s, %s, %s, %s)",
+                      ((roa_request_id, p.prefix, p.prefixlen, p.max_prefixlen, version) for p in prefix_set))
+
+cur.execute(
+  """
+  DELETE
+  FROM   registrant_asn
+  USING registrant, registrant_asn
+  WHERE registrant.registrant_id = registrant_asn.registrant_id AND registrant.registry_handle = %s
+  """ , (my_handle,))
+
+cur.execute(
+  """
+  DELETE FROM registrant_net USING registrant, registrant_net
+  WHERE registrant.registrant_id = registrant_net.registrant_id AND registrant.registry_handle = %s
+  """ , (my_handle,))
+
+cur.execute("DELETE FROM registrant WHERE registrant.registry_handle = %s" , (my_handle,))
+
+for x in tree.getiterator(tag("child")):
+  child_handle = x.get("handle")
+  asns = rpki.resource_set.resource_set_as(x.get("asns"))
+  ipv4 = rpki.resource_set.resource_set_ipv4(x.get("v4"))
+  ipv6 = rpki.resource_set.resource_set_ipv6(x.get("v6"))
+
+  cur.execute("INSERT registrant (registrant_handle, registry_handle, registrant_name, valid_until) VALUES (%s, %s, %s, %s)",
+              (child_handle, my_handle, child_handle, rpki.sundial.datetime.fromXMLtime(x.get("valid_until")).to_sql()))
+  child_id = cur.lastrowid
+  if asns:
+    cur.executemany("INSERT registrant_asn (start_as, end_as, registrant_id) VALUES (%s, %s, %s)",
+                    ((a.min, a.max, child_id) for a in asns))
+  if ipv4:
+    cur.executemany("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 4, %s)",
+                    ((a.min, a.max, child_id) for a in ipv4))
+  if ipv6:
+    cur.executemany("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)",
+                    ((a.min, a.max, child_id) for a in ipv6))
+
+db.commit()
+
+def showpem(label, b64, kind):
+  cmd = ("openssl", kind, "-noout", "-text", "-inform", "DER")
+  p = subprocess.Popen(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE)
+  text = p.communicate(input = base64.b64decode(b64))[0]
+  if p.returncode != 0:
+    raise subprocess.CalledProcessError(returncode = p.returncode, cmd = cmd)
+  print label, text
+
+ca = tree.findtext(tag("bpki_ca_certificate"))
+if ca:
+  showpem("CA", ca, "x509")
+
+ee = tree.findtext(tag("bpki_ee_certificate"))
+if ee:
+  showpem("EE", ee, "x509")
+
+crl = tree.findtext(tag("bpki_crl"))
+if crl:
+  showpem("CA", crl, "crl")