diff options
| author | Rob Austein <sra@hactrn.net> | 2015-10-08 22:24:15 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2015-10-08 22:24:15 +0000 |
| commit | 421546d23d86434190caa9bb301e5cb7e96d4889 (patch) | |
| tree | 64a15a98b7bd6bf914ea3110f579b6be4982f59a | |
| parent | 9e481a0a276c170a9f7d8bbeab323da2975ccb7e (diff) | |
Add an initial set of rpkidb models and confirm that Django is willing
to parse them and generate migrations for them. Not actually using
them for anything yet, but code still runs with this present so
haven't broken anything yet....
svn path=/branches/tk705/; revision=6103
| -rw-r--r-- | rpki/fields.py | 4 | ||||
| -rw-r--r-- | rpki/rpkid.py | 12 | ||||
| -rw-r--r-- | rpki/rpkidb/migrations/0001_initial.py | 233 | ||||
| -rw-r--r-- | rpki/rpkidb/migrations/__init__.py | 0 | ||||
| -rw-r--r-- | rpki/rpkidb/models.py | 147 |
5 files changed, 391 insertions, 5 deletions
diff --git a/rpki/fields.py b/rpki/fields.py index dab6ce14..d1025c35 100644 --- a/rpki/fields.py +++ b/rpki/fields.py @@ -99,6 +99,10 @@ class BlobField(models.Field): guidelines than actual rules. But "BLOB" works. For anything else, we just use "BLOB" and hope for the best. + + NB: This field type predates Django 1.6's BinaryField. Probably + this should be retired in favor of BinaryField, but I'd have to + figure out what that does to field types that derive from this one. """ __metaclass__ = models.SubfieldBase diff --git a/rpki/rpkid.py b/rpki/rpkid.py index 478c46bd..4e376a68 100644 --- a/rpki/rpkid.py +++ b/rpki/rpkid.py @@ -284,12 +284,14 @@ class main(object): if match is None: raise rpki.exceptions.BadContactURL("Bad URL path received in up_down_handler(): %s" % path) self_handle, child_handle = match.groups() - child = rpki.left_right.child_elt.sql_fetch_where1(self, - "self.self_handle = %s AND child.child_handle = %s AND child.self_id = self.self_id", - (self_handle, child_handle), - "self") + child = rpki.left_right.child_elt.sql_fetch_where1( + gctx = self, + where = "self.self_handle = %s AND child.child_handle = %s AND child.self_id = self.self_id", + args = (self_handle, child_handle), + also_from = "self") if child is None: - raise rpki.exceptions.ChildNotFound("Could not find child %s of self %s in up_down_handler()" % (child_handle, self_handle)) + raise rpki.exceptions.ChildNotFound("Could not find child %s of self %s in up_down_handler()" % ( + child_handle, self_handle)) child.serve_up_down(q_der, done) except (rpki.async.ExitNow, SystemExit): raise diff --git a/rpki/rpkidb/migrations/0001_initial.py b/rpki/rpkidb/migrations/0001_initial.py new file mode 100644 index 00000000..77c9012f --- /dev/null +++ b/rpki/rpkidb/migrations/0001_initial.py @@ -0,0 +1,233 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models +import rpki.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ] + + operations = [ + migrations.CreateModel( + name='BSC', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('bsc_handle', models.SlugField(max_length=255)), + ('private_key_id', rpki.fields.KeyField(default=None, serialize=False, blank=True)), + ('pkcs10_request', rpki.fields.PKCS10Field(default=None, serialize=False, blank=True)), + ('hash_alg', rpki.fields.EnumField(choices=[(1, 'sha256')])), + ('signing_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('signing_cert_crl', rpki.fields.CRLField(default=None, serialize=False, null=True, blank=True)), + ], + ), + migrations.CreateModel( + name='CA', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('last_crl_sn', models.BigIntegerField()), + ('last_manifest_sn', models.BigIntegerField()), + ('next_manifest_update', rpki.fields.SundialField(null=True)), + ('next_crl_update', rpki.fields.SundialField(null=True)), + ('last_issued_sn', models.BigIntegerField()), + ('sia_uri', models.TextField(null=True)), + ('parent_resource_class', models.TextField(null=True)), + ], + ), + migrations.CreateModel( + name='CADetail', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('public_key', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('private_key_id', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('latest_crl', rpki.fields.CRLField(default=None, serialize=False, null=True, blank=True)), + ('crl_published', rpki.fields.SundialField(null=True)), + ('latest_ca_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('manifest_private_key_id', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('manifest_public_key', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('latest_manifest_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('latest_manifest', rpki.fields.ManifestField(default=None, serialize=False, null=True, blank=True)), + ('manifest_published', rpki.fields.SundialField(null=True)), + ('state', rpki.fields.EnumField(choices=[(1, 'pending'), (2, 'active'), (3, 'deprecated'), (4, 'revoked')])), + ('ca_cert_uri', models.TextField(null=True)), + ('ca', models.ForeignKey(to='rpkidb.CA')), + ], + ), + migrations.CreateModel( + name='Child', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('child_handle', models.SlugField(max_length=255)), + ('bpki_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('last_cms_timestamp', rpki.fields.SundialField(null=True)), + ('bsc', models.ForeignKey(to='rpkidb.BSC')), + ], + ), + migrations.CreateModel( + name='ChildCert', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ski', rpki.fields.BlobField(default=None, serialize=False, blank=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ('child', models.ForeignKey(to='rpkidb.Child')), + ], + ), + migrations.CreateModel( + name='EECert', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('ski', rpki.fields.BlobField(default=None, serialize=False, blank=True)), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='Ghostbuster', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('vcard', models.TextField()), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('ghostbuster', rpki.fields.GhostbusterField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='Parent', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('parent_handle', models.SlugField(max_length=255)), + ('bpki_cms_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_cms_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('peer_contact_uri', models.TextField(null=True)), + ('sia_base', models.TextField(null=True)), + ('sender_name', models.TextField(null=True)), + ('recipient_name', models.TextField(null=True)), + ('last_cms_timestamp', rpki.fields.SundialField(null=True)), + ('bsc', models.ForeignKey(to='rpkidb.BSC')), + ], + ), + migrations.CreateModel( + name='Repository', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('repository_handle', models.SlugField(max_length=255)), + ('peer_contact_uri', models.TextField(null=True)), + ('bpki_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('last_cms_timestamp', rpki.fields.SundialField(null=True)), + ('bsc', models.ForeignKey(to='rpkidb.BSC')), + ], + ), + migrations.CreateModel( + name='RevokedCert', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('serial', models.BigIntegerField()), + ('revoked', rpki.fields.SundialField()), + ('expires', rpki.fields.SundialField()), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='ROA', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('asn', models.BigIntegerField()), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('roa', rpki.fields.ROAField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='ROAPrefix', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('prefix', models.CharField(max_length=40)), + ('prefixlen', models.SmallIntegerField()), + ('max_prefixlen', models.SmallIntegerField()), + ('version', models.SmallIntegerField()), + ('roa', models.ForeignKey(to='rpkidb.ROA')), + ], + ), + migrations.CreateModel( + name='Self', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('self_handle', models.SlugField(max_length=255)), + ('use_hsm', models.BooleanField(default=False)), + ('crl_interval', models.BigIntegerField(null=True)), + ('regen_margin', models.BigIntegerField(null=True)), + ('bpki_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ], + ), + migrations.AddField( + model_name='roa', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='repository', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='parent', + name='repository', + field=models.ForeignKey(to='rpkidb.Repository'), + ), + migrations.AddField( + model_name='parent', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='ghostbuster', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='eecert', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='child', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='ca', + name='parent', + field=models.ForeignKey(to='rpkidb.Parent'), + ), + migrations.AddField( + model_name='bsc', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AlterUniqueTogether( + name='repository', + unique_together=set([('self', 'repository_handle')]), + ), + migrations.AlterUniqueTogether( + name='parent', + unique_together=set([('self', 'parent_handle')]), + ), + migrations.AlterUniqueTogether( + name='child', + unique_together=set([('self', 'child_handle')]), + ), + migrations.AlterUniqueTogether( + name='bsc', + unique_together=set([('self', 'bsc_handle')]), + ), + ] diff --git a/rpki/rpkidb/migrations/__init__.py b/rpki/rpkidb/migrations/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/rpki/rpkidb/migrations/__init__.py diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py new file mode 100644 index 00000000..a289b7ee --- /dev/null +++ b/rpki/rpkidb/models.py @@ -0,0 +1,147 @@ +""" +Django ORM models for rpkid. +""" + +from __future__ import unicode_literals +from django.db import models + +from rpki.fields import (EnumField, SundialField, BlobField, + CertificateField, KeyField, CRLField, PKCS10Field, + ManifestField, ROAField, GhostbusterField) + + +# The objects available via the left-right protocol allow NULL values +# in places we wouldn't otherwise (eg, bpki_cert fields), to support +# existing protocol which allows back-end to build up objects +# gradually. We may want to rethink this eventually, but that yak can +# wait for its shave, particularly since disallowing null should be a +# very simple change given migrations. + + +# "self" was a really bad name for this, but we weren't using Python +# when we named it. Perhaps "Tenant" would be a better name? Even +# means sort of the right thing, well, in French anyway. +# Eventually rename in left-right too, I guess. + +class Self(models.Model): + self_handle = models.SlugField(max_length = 255) + use_hsm = models.BooleanField(default = False) + crl_interval = models.BigIntegerField(null = True) + regen_margin = models.BigIntegerField(null = True) + bpki_cert = CertificateField(null = True) + bpki_glue = CertificateField(null = True) + +class BSC(models.Model): + bsc_handle = models.SlugField(max_length = 255) + private_key_id = KeyField() + pkcs10_request = PKCS10Field() + hash_alg = EnumField(choices = ("sha256",)) + signing_cert = CertificateField(null = True) + signing_cert_crl = CRLField(null = True) + self = models.ForeignKey(Self) + class Meta: + unique_together = ("self", "bsc_handle") + +class Repository(models.Model): + repository_handle = models.SlugField(max_length = 255) + peer_contact_uri = models.TextField(null = True) + bpki_cert = CertificateField(null = True) + bpki_glue = CertificateField(null = True) + last_cms_timestamp = SundialField(null = True) + bsc = models.ForeignKey(BSC) + self = models.ForeignKey(Self) + class Meta: + unique_together = ("self", "repository_handle") + +class Parent(models.Model): + parent_handle = models.SlugField(max_length = 255) + bpki_cms_cert = CertificateField(null = True) + bpki_cms_glue = CertificateField(null = True) + peer_contact_uri = models.TextField(null = True) + sia_base = models.TextField(null = True) + sender_name = models.TextField(null = True) + recipient_name = models.TextField(null = True) + last_cms_timestamp = SundialField(null = True) + self = models.ForeignKey(Self) + bsc = models.ForeignKey(BSC) + repository = models.ForeignKey(Repository) + class Meta: + unique_together = ("self", "parent_handle") + +class CA(models.Model): + last_crl_sn = models.BigIntegerField() + last_manifest_sn = models.BigIntegerField() + next_manifest_update = SundialField(null = True) + next_crl_update = SundialField(null = True) + last_issued_sn = models.BigIntegerField() + sia_uri = models.TextField(null = True) + parent_resource_class = models.TextField(null = True) + parent = models.ForeignKey(Parent) + +class CADetail(models.Model): + public_key = KeyField(null = True) + private_key_id = KeyField(null = True) + latest_crl = CRLField(null = True) + crl_published = SundialField(null = True) + latest_ca_cert = CertificateField(null = True) + manifest_private_key_id = KeyField(null = True) + manifest_public_key = KeyField(null = True) + latest_manifest_cert = CertificateField(null = True) + latest_manifest = ManifestField(null = True) + manifest_published = SundialField(null = True) + state = EnumField(choices = ("pending", "active", "deprecated", "revoked")) + ca_cert_uri = models.TextField(null = True) + ca = models.ForeignKey(CA) + +class Child(models.Model): + child_handle = models.SlugField(max_length = 255) + bpki_cert = CertificateField(null = True) + bpki_glue = CertificateField(null = True) + last_cms_timestamp = SundialField(null = True) + self = models.ForeignKey(Self) + bsc = models.ForeignKey(BSC) + class Meta: + unique_together = ("self", "child_handle") + +class ChildCert(models.Model): + cert = CertificateField() + published = SundialField(null = True) + ski = BlobField() + child = models.ForeignKey(Child) + ca_detail = models.ForeignKey(CADetail) + +class EECert(models.Model): + ski = BlobField() + cert = CertificateField() + published = SundialField(null = True) + self = models.ForeignKey(Self) + ca_detail = models.ForeignKey(CADetail) + +class Ghostbuster(models.Model): + vcard = models.TextField() + cert = CertificateField() + ghostbuster = GhostbusterField() + published = SundialField(null = True) + self = models.ForeignKey(Self) + ca_detail = models.ForeignKey(CADetail) + +class RevokedCert(models.Model): + serial = models.BigIntegerField() + revoked = SundialField() + expires = SundialField() + ca_detail = models.ForeignKey(CADetail) + +class ROA(models.Model): + asn = models.BigIntegerField() + cert = CertificateField() + roa = ROAField() + published = SundialField(null = True) + self = models.ForeignKey(Self) + ca_detail = models.ForeignKey(CADetail) + +class ROAPrefix(models.Model): + prefix = models.CharField(max_length = 40) + prefixlen = models.SmallIntegerField() + max_prefixlen = models.SmallIntegerField() + version = models.SmallIntegerField() + roa = models.ForeignKey(ROA) |