diff options
| author | Rob Austein <sra@hactrn.net> | 2008-05-10 02:59:29 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-05-10 02:59:29 +0000 |
| commit | 086ac530c93804c087f23e588df37326278f251e (patch) | |
| tree | fbebb0ae6bbee5fab1617c6103475a60c8e4e924 | |
| parent | e5495c4125f70c02dd88fa5d33ea431038350a28 (diff) | |
Checkpoint of debugging code while chasing interop issues
svn path=/rpkid/rpki/gctx.py; revision=1762
| -rw-r--r-- | rpkid/rpki/gctx.py | 2 | ||||
| -rw-r--r-- | rpkid/rpki/https.py | 4 | ||||
| -rw-r--r-- | rpkid/rpki/left_right.py | 1 | ||||
| -rw-r--r-- | rpkid/rpki/sql.py | 1 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 24 |
5 files changed, 25 insertions, 7 deletions
diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py index ad5c7c86..6466ed87 100644 --- a/rpkid/rpki/gctx.py +++ b/rpkid/rpki/gctx.py @@ -183,7 +183,7 @@ class global_context(object): [self.irbe_cert, self.irdb_cert, self.bpki_ta] for x in certs: if rpki.https.debug_tls_certs: - rpki.log.debug("HTTPS dynamic trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) + rpki.log.debug("HTTPS dynamic trusted cert issuer %s [%s] subject %s [%s]" % (x.getIssuer(), x.hAKI(), x.getSubject(), x.hSKI())) store.addTrust(x.get_POW()) self.https_ta_cache = store diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index 17a8cc5d..40894f74 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -60,7 +60,7 @@ class Checker(tlslite.api.Checker): for x in trust_anchor: if debug_tls_certs: - rpki.log.debug("HTTPS trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) + rpki.log.debug("HTTPS trusted cert issuer %s [%s] subject %s [%s]" % (x.getIssuer(), x.hAKI(), x.getSubject(), x.hSKI())) self.x509store.addTrust(x.get_POW()) def x509store_thunk(self): @@ -83,7 +83,7 @@ class Checker(tlslite.api.Checker): if debug_tls_certs: for i in range(len(chain)): - rpki.log.debug("Received %s TLS cert[%d] issuer %s subject %s" % (peer, i, chain[i].getIssuer(), chain[i].getSubject())) + rpki.log.debug("Received %s TLS cert[%d] issuer %s [%s] subject %s [%s]" % (peer, i, chain[i].getIssuer(), chain[i].hAKI(), chain[i].getSubject(), chain[i].hSKI())) if not self.x509store_thunk().verifyChain(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]): if disable_tls_certificate_validation_exceptions: diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 1289e16a..70ad66f2 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -84,6 +84,7 @@ class data_elt(base_elt, rpki.sql.sql_persistant): def bsc(self): """Return BSC object to which this object links.""" + assert isinstance(self.bsc_id, (int, long)) return bsc_elt.sql_fetch(self.gctx, self.bsc_id) @classmethod diff --git a/rpkid/rpki/sql.py b/rpkid/rpki/sql.py index 85c85a6a..6cab30d9 100644 --- a/rpkid/rpki/sql.py +++ b/rpkid/rpki/sql.py @@ -67,6 +67,7 @@ class sql_persistant(object): key, we check for a cache hit directly in the hope of bypassing the SQL lookup entirely. """ + assert isinstance(id, (int, long)) key = (cls, id) if key in gctx.sql_cache: return gctx.sql_cache[key] diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 0b6ab30b..76661981 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -165,7 +165,8 @@ class DER_object(object): """Return hexadecimal string representation of SKI for this object. Only work for subclasses that implement get_SKI(). """ - return ":".join(("%02X" % ord(i) for i in self.get_SKI())) + ski = self.get_SKI() + return ":".join(("%02X" % ord(i) for i in ski)) if ski else "" def gSKI(self): """Calculate g(SKI) for this object. Only work for subclasses @@ -173,9 +174,23 @@ class DER_object(object): """ return base64.urlsafe_b64encode(self.get_SKI()).rstrip("=") + def hAKI(self): + """Return hexadecimal string representation of AKI for this + object. Only work for subclasses that implement get_AKI(). + """ + aki = self.get_AKI() + return ":".join(("%02X" % ord(i) for i in aki)) if aki else "" + + def gAKI(self): + """Calculate g(AKI) for this object. Only work for subclasses + that implement get_AKI(). + """ + return base64.urlsafe_b64encode(self.get_AKI()).rstrip("=") + def get_AKI(self): """Get the AKI extension from this object. Only works for subclasses that support getExtension().""" - return (self.get_POWpkix().getExtension(rpki.oids.name2oid["authorityKeyIdentifier"]) or ((), 0, None))[2] + aki = (self.get_POWpkix().getExtension(rpki.oids.name2oid["authorityKeyIdentifier"]) or ((), 0, None))[2] + return aki[0] if isinstance(aki, tuple) else aki def get_SKI(self): """Get the SKI extension from this object. Only works for subclasses that support getExtension().""" @@ -191,11 +206,12 @@ class DER_object(object): def get_basicConstraints(self): """Get the basicConstraints extension from this object. Only works for subclasses that support getExtension().""" - return (self.get_POWpkix().getExtension(rpki.oids.name2oid["basicConstraints"]) or ((), 0, (0, None)))[2] + return (self.get_POWpkix().getExtension(rpki.oids.name2oid["basicConstraints"]) or ((), 0, None))[2] def is_CA(self): """Return True if and only if object has the basicConstraints extension and its cA value is true.""" - return self.get_basicConstraints()[0] != 0 + basicConstraints = self.get_basicConstraints() + return basicConstraints and basicConstraints[0] != 0 def get_3779resources(self): """Get RFC 3779 resources as rpki.resource_set objects. |