diff options
| author | Rob Austein <sra@hactrn.net> | 2014-01-31 05:50:52 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-01-31 05:50:52 +0000 |
| commit | 07847e77092f375d4d4b3cfb97d038d8b47d2553 (patch) | |
| tree | 55cf2475b8c72aa2ea421bea8bea59157834cace | |
| parent | 445e3fd4c75c28c0781824be84ba3b82278da799 (diff) | |
Checkpoint. Untested implementation of left-right
<list_ee_certificate_requests/> PDU.
svn path=/branches/tk671/; revision=5657
| -rw-r--r-- | rpkid/left-right-schema.rnc | 19 | ||||
| -rw-r--r-- | rpkid/left-right-schema.rng | 53 | ||||
| -rw-r--r-- | rpkid/router-certificate-schema.rnc | 2 | ||||
| -rw-r--r-- | rpkid/router-certificate-schema.rng | 4 | ||||
| -rw-r--r-- | rpkid/rpki/irdbd.py | 27 | ||||
| -rw-r--r-- | rpkid/rpki/left_right.py | 41 | ||||
| -rw-r--r-- | rpkid/rpki/old_irdbd.py | 12 | ||||
| -rw-r--r-- | rpkid/rpki/relaxng.py | 57 |
8 files changed, 199 insertions, 16 deletions
diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc index 50b2401e..2db048cf 100644 --- a/rpkid/left-right-schema.rnc +++ b/rpkid/left-right-schema.rnc @@ -51,6 +51,7 @@ query_elt |= child_query query_elt |= repository_query query_elt |= list_roa_requests_query query_elt |= list_ghostbuster_requests_query +query_elt |= list_ee_certificate_requests_query query_elt |= list_resources_query query_elt |= list_published_objects_query query_elt |= list_received_resources_query @@ -64,6 +65,7 @@ reply_elt |= repository_reply reply_elt |= list_resources_reply reply_elt |= list_roa_requests_reply reply_elt |= list_ghostbuster_requests_reply +reply_elt |= list_ee_certificate_requests_reply reply_elt |= list_published_objects_reply reply_elt |= list_received_resources_reply reply_elt |= report_error_reply @@ -268,6 +270,23 @@ list_ghostbuster_requests_reply = element list_ghostbuster_requests { xsd:string } +# <list_ee_certificate_requests/> element + +list_ee_certificate_requests_query = element list_ee_certificate_requests { + tag, self_handle +} + +list_ee_certificate_requests_reply = element list_ee_certificate_requests { + tag, self_handle, + attribute gski { xsd:token { minLength="27" maxLength="27" } }, + attribute valid_until { xsd:dateTime { pattern=".*Z" } }, + attribute asn { asn_list }?, + attribute ipv4 { ipv4_list }?, + attribute ipv6 { ipv6_list }?, + attribute router_id { xsd:unsignedInt }?, + element pkcs10 { base64 } +} + # <list_published_objects/> element list_published_objects_query = element list_published_objects { diff --git a/rpkid/left-right-schema.rng b/rpkid/left-right-schema.rng index 32188de1..e7cf52cb 100644 --- a/rpkid/left-right-schema.rng +++ b/rpkid/left-right-schema.rng @@ -87,6 +87,9 @@ <ref name="list_ghostbuster_requests_query"/> </define> <define name="query_elt" combine="choice"> + <ref name="list_ee_certificate_requests_query"/> + </define> + <define name="query_elt" combine="choice"> <ref name="list_resources_query"/> </define> <define name="query_elt" combine="choice"> @@ -121,6 +124,9 @@ <ref name="list_ghostbuster_requests_reply"/> </define> <define name="reply_elt" combine="choice"> + <ref name="list_ee_certificate_requests_reply"/> + </define> + <define name="reply_elt" combine="choice"> <ref name="list_published_objects_reply"/> </define> <define name="reply_elt" combine="choice"> @@ -929,6 +935,53 @@ <data type="string"/> </element> </define> + <!-- <list_ee_certificate_requests/> element --> + <define name="list_ee_certificate_requests_query"> + <element name="list_ee_certificate_requests"> + <ref name="tag"/> + <ref name="self_handle"/> + </element> + </define> + <define name="list_ee_certificate_requests_reply"> + <element name="list_ee_certificate_requests"> + <ref name="tag"/> + <ref name="self_handle"/> + <attribute name="gski"> + <data type="token"> + <param name="minLength">27</param> + <param name="maxLength">27</param> + </data> + </attribute> + <attribute name="valid_until"> + <data type="dateTime"> + <param name="pattern">.*Z</param> + </data> + </attribute> + <optional> + <attribute name="asn"> + <ref name="asn_list"/> + </attribute> + </optional> + <optional> + <attribute name="ipv4"> + <ref name="ipv4_list"/> + </attribute> + </optional> + <optional> + <attribute name="ipv6"> + <ref name="ipv6_list"/> + </attribute> + </optional> + <optional> + <attribute name="router_id"> + <data type="unsignedInt"/> + </attribute> + </optional> + <element name="pkcs10"> + <ref name="base64"/> + </element> + </element> + </define> <!-- <list_published_objects/> element --> <define name="list_published_objects_query"> <element name="list_published_objects"> diff --git a/rpkid/router-certificate-schema.rnc b/rpkid/router-certificate-schema.rnc index a98143e1..eade85f0 100644 --- a/rpkid/router-certificate-schema.rnc +++ b/rpkid/router-certificate-schema.rnc @@ -31,7 +31,7 @@ default namespace = "http://www.hactrn.net/uris/rpki/router-certificate/" version = "1" base64 = xsd:base64Binary { maxLength="512000" } -router_id = xsd:unsignedInt { minExclusive="0" } +router_id = xsd:unsignedInt asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]*" } timestamp = xsd:dateTime { pattern=".*Z" } diff --git a/rpkid/router-certificate-schema.rng b/rpkid/router-certificate-schema.rng index 9f342698..912d68d5 100644 --- a/rpkid/router-certificate-schema.rng +++ b/rpkid/router-certificate-schema.rng @@ -38,9 +38,7 @@ </data> </define> <define name="router_id"> - <data type="unsignedInt"> - <param name="minExclusive">0</param> - </data> + <data type="unsignedInt"/> </define> <define name="asn_list"> <data type="string"> diff --git a/rpkid/rpki/irdbd.py b/rpkid/rpki/irdbd.py index c27995e7..c67111ce 100644 --- a/rpkid/rpki/irdbd.py +++ b/rpkid/rpki/irdbd.py @@ -39,8 +39,9 @@ import rpki.daemonize class main(object): def handle_list_resources(self, q_pdu, r_msg): - child = rpki.irdb.Child.objects.get(issuer__handle__exact = q_pdu.self_handle, - handle = q_pdu.child_handle) + child = rpki.irdb.Child.objects.get( + issuer__handle__exact = q_pdu.self_handle, + handle = q_pdu.child_handle) resources = child.resource_bag r_pdu = rpki.left_right.list_resources_elt() r_pdu.tag = q_pdu.tag @@ -84,6 +85,21 @@ class main(object): r_pdu.vcard = ghostbuster.vcard r_msg.append(r_pdu) + def handle_list_ee_certificate_requests(self, q_pdu, r_msg): + for ee_req in rpki.irdb.EECertificateRequest.objects.filter(issuer__handle__exact = q_pdu.self_handle): + resource = ee_req.resource_bag + r_pdu = rpki.left_right.list_ee_certificate_requests_elt() + r_pdu.tag = q_pdu.tag + r_pdu.self_handle = q_pdu.self_handle + r_pdu.gski = ee_req.gski + r_pdu.valid_until = ee_req.valid_until.strftime("%Y-%m-%dT%H:%M:%SZ") + r_pdu.asn = resources.asn + r_pdu.ipv4 = resources.v4 + r_pdu.ipv6 = resources.v6 + r_pdu.router_id = ee_req.router_id + r_pdu.pkcs10 = ee_req.pkcs10 + r_msg.append(r_pdu) + def handler(self, query, path, cb): try: q_pdu = None @@ -219,9 +235,10 @@ class main(object): self.start_new_transaction = django.db.transaction.commit_manually(django.db.transaction.commit) self.dispatch_vector = { - rpki.left_right.list_resources_elt : self.handle_list_resources, - rpki.left_right.list_roa_requests_elt : self.handle_list_roa_requests, - rpki.left_right.list_ghostbuster_requests_elt : self.handle_list_ghostbuster_requests } + rpki.left_right.list_resources_elt : self.handle_list_resources, + rpki.left_right.list_roa_requests_elt : self.handle_list_roa_requests, + rpki.left_right.list_ghostbuster_requests_elt : self.handle_list_ghostbuster_requests, + rpki.left_right.list_ee_certificate_requests_elt : self.handle_list_ee_certificate_requests} try: self.http_server_host = self.cfg.get("server-host", "") diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 9be927f3..6f83fca2 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -1036,6 +1036,46 @@ class list_ghostbuster_requests_elt(rpki.xml_utils.text_elt, left_right_namespac def __repr__(self): return rpki.log.log_repr(self, self.self_handle, self.parent_handle) +class list_ee_certificate_requests_elt(rpki.xml_utils.base_elt, left_right_namespace): + """ + <list_resources/> element. + """ + + element_name = "list_ee_certificate_requests" + attributes = ("self_handle", "tag", "gski", "valid_until", "asn", "ipv4", "ipv6", "router_id") + elements = ("pkcs10",) + + pkcs10 = None + + def __repr__(self): + return rpki.log.log_repr(self, self.self_handle, self.gski, self.router_id, self.asn, self.ipv4, self.ipv6) + + def startElement(self, stack, name, attrs): + """ + Handle <list_ee_certificate_requests/> element. This requires special + handling due to the data types of some of the attributes. + """ + assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) + self.read_attrs(attrs) + if isinstance(self.valid_until, str): + self.valid_until = rpki.sundial.datetime.fromXMLtime(self.valid_until) + if self.asn is not None: + self.asn = rpki.resource_set.resource_set_as(self.asn) + if self.ipv4 is not None: + self.ipv4 = rpki.resource_set.resource_set_ipv4(self.ipv4) + if self.ipv6 is not None: + self.ipv6 = rpki.resource_set.resource_set_ipv6(self.ipv6) + + def toXML(self): + """ + Generate <list_ee_certificate_requests/> element. This requires special + handling due to the data types of some of the attributes. + """ + elt = self.make_elt() + if isinstance(self.valid_until, int): + elt.set("valid_until", self.valid_until.toXMLtime()) + return elt + class list_published_objects_elt(rpki.xml_utils.text_elt, left_right_namespace): """ <list_published_objects/> element. @@ -1165,6 +1205,7 @@ class msg(rpki.xml_utils.msg, left_right_namespace): for x in (self_elt, child_elt, parent_elt, bsc_elt, repository_elt, list_resources_elt, list_roa_requests_elt, list_ghostbuster_requests_elt, + list_ee_certificate_requests_elt, list_published_objects_elt, list_received_resources_elt, report_error_elt)) diff --git a/rpkid/rpki/old_irdbd.py b/rpkid/rpki/old_irdbd.py index 10796711..3396e783 100644 --- a/rpkid/rpki/old_irdbd.py +++ b/rpkid/rpki/old_irdbd.py @@ -133,11 +133,15 @@ class main(object): r_msg.append(r_pdu) - handle_dispatch = { - rpki.left_right.list_resources_elt : handle_list_resources, - rpki.left_right.list_roa_requests_elt : handle_list_roa_requests, - rpki.left_right.list_ghostbuster_requests_elt : handle_list_ghostbuster_requests} + def handle_list_ee_certificate_requests(self, q_pdu, r_msg): + rpki.log.note("old_irdbd doesn't currently implement <list_ee_certificate_requests/>, ignoring") + + handle_dispatch = { + rpki.left_right.list_resources_elt : handle_list_resources, + rpki.left_right.list_roa_requests_elt : handle_list_roa_requests, + rpki.left_right.list_ghostbuster_requests_elt : handle_list_ghostbuster_requests, + rpki.left_right.list_ee_certificate_requests_elt : handle_list_ee_certificate_requests } def handler(self, query, path, cb): try: diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index b39ade22..aecc8648 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -93,6 +93,9 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <ref name="list_ghostbuster_requests_query"/> </define> <define name="query_elt" combine="choice"> + <ref name="list_ee_certificate_requests_query"/> + </define> + <define name="query_elt" combine="choice"> <ref name="list_resources_query"/> </define> <define name="query_elt" combine="choice"> @@ -127,6 +130,9 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <ref name="list_ghostbuster_requests_reply"/> </define> <define name="reply_elt" combine="choice"> + <ref name="list_ee_certificate_requests_reply"/> + </define> + <define name="reply_elt" combine="choice"> <ref name="list_published_objects_reply"/> </define> <define name="reply_elt" combine="choice"> @@ -935,6 +941,53 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <data type="string"/> </element> </define> + <!-- <list_ee_certificate_requests/> element --> + <define name="list_ee_certificate_requests_query"> + <element name="list_ee_certificate_requests"> + <ref name="tag"/> + <ref name="self_handle"/> + </element> + </define> + <define name="list_ee_certificate_requests_reply"> + <element name="list_ee_certificate_requests"> + <ref name="tag"/> + <ref name="self_handle"/> + <attribute name="gski"> + <data type="token"> + <param name="minLength">27</param> + <param name="maxLength">27</param> + </data> + </attribute> + <attribute name="valid_until"> + <data type="dateTime"> + <param name="pattern">.*Z</param> + </data> + </attribute> + <optional> + <attribute name="asn"> + <ref name="asn_list"/> + </attribute> + </optional> + <optional> + <attribute name="ipv4"> + <ref name="ipv4_list"/> + </attribute> + </optional> + <optional> + <attribute name="ipv6"> + <ref name="ipv6_list"/> + </attribute> + </optional> + <optional> + <attribute name="router_id"> + <data type="unsignedInt"/> + </attribute> + </optional> + <element name="pkcs10"> + <ref name="base64"/> + </element> + </element> + </define> <!-- <list_published_objects/> element --> <define name="list_published_objects_query"> <element name="list_published_objects"> @@ -2300,9 +2353,7 @@ router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version= </data> </define> <define name="router_id"> - <data type="unsignedInt"> - <param name="minExclusive">0</param> - </data> + <data type="unsignedInt"/> </define> <define name="asn_list"> <data type="string"> |