diff options
| author | Rob Austein <sra@hactrn.net> | 2007-10-04 04:07:37 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-10-04 04:07:37 +0000 |
| commit | 5dd67f0e3c36d440c985879530c41e054e7d14ed (patch) | |
| tree | c2cc9e61930223787cfe4cbc23dd05b97bbd98b5 | |
| parent | 2ae55cb29667344e43ef58737680421d06d90e65 (diff) | |
URL handling
svn path=/scripts/http-client.py; revision=1089
| -rw-r--r-- | scripts/http-client.py | 14 | ||||
| -rwxr-xr-x | scripts/irbe-cli.py | 4 | ||||
| -rw-r--r-- | scripts/rpki/https.py | 26 | ||||
| -rw-r--r-- | scripts/rpki/left_right.py | 42 | ||||
| -rw-r--r-- | scripts/rpki/relaxng.py | 2 |
5 files changed, 42 insertions, 46 deletions
diff --git a/scripts/http-client.py b/scripts/http-client.py index 18fcbf9c..1df47dad 100644 --- a/scripts/http-client.py +++ b/scripts/http-client.py @@ -7,12 +7,8 @@ msg = "This is a test. This is only a test. Had this been real you would now b cfg = rpki.config.parser("http-demo.conf") section = "client" -privateKey = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key")) - -certChain = rpki.x509.X509_chain() -certChain.load_from_PEM(cfg.multiget(section, "https-cert")) - -x509TrustList = rpki.x509.X509_chain() -x509TrustList.load_from_PEM(cfg.multiget(section, "https-ta")) - -print rpki.https.client(privateKey=privateKey, certChain=certChain, x509TrustList=x509TrustList, msg=msg) +print rpki.https.client(privateKey = rpki.x509.RSA_Keypair(Auto_file = cfg.get( section, "https-key")), + certChain = rpki.x509.X509_chain(Auto_files = cfg.multiget(section, "https-cert")), + x509TrustList = rpki.x509.X509_chain(Auto_files = cfg.multiget(section, "https-ta")), + url = cfg.get(section, "https-url"), + msg = msg) diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py index 7e91375e..eb0ca2aa 100755 --- a/scripts/irbe-cli.py +++ b/scripts/irbe-cli.py @@ -167,8 +167,8 @@ q_cms = rpki.cms.encode(q_xml, r_cms = rpki.https.client(privateKey = rpki.x509.RSA_Keypair(Auto_file = cfg.get(cfg_section, "https-key")), certChain = rpki.x509.X509_chain(Auto_files = cfg.multiget(cfg_section, "https-cert")), x509TrustList = rpki.x509.X509_chain(Auto_files = cfg.multiget(cfg_section, "https-ta")), - msg = q_cms, - url = "/left-right") + url = cfg.get(cfg_section, "https-url"), + msg = q_cms) r_xml = rpki.cms.decode(r_cms, rpki.x509.X509(Auto_file = cfg.get(cfg_section, "cms-ta"))) diff --git a/scripts/rpki/https.py b/scripts/rpki/https.py index 18a3c738..aa91d26a 100644 --- a/scripts/rpki/https.py +++ b/scripts/rpki/https.py @@ -7,11 +7,12 @@ subversion repository; generalizing it would not be hard, but the more general version should use SQL anyway. """ -import httplib, BaseHTTPServer, tlslite.api, glob, rpki.x509, traceback, rpki.exceptions +import httplib, BaseHTTPServer, tlslite.api, glob, traceback, urlparse +import rpki.x509, rpki.exceptions rpki_content_type = "application/x-rpki" -def client(msg, privateKey, certChain, x509TrustList, host="localhost", port=4433, url="/"): +def client(msg, privateKey, certChain, x509TrustList, url): """Open client HTTPS connection, send a message, wait for response. This function wraps most of what one needs to do to send a message @@ -20,13 +21,22 @@ def client(msg, privateKey, certChain, x509TrustList, host="localhost", port=443 but doesn't appear to handle subjectAltName extensions (sigh). """ - httpc = tlslite.api.HTTPTLSConnection(host=host, - port=port, - privateKey=privateKey.get_tlslite(), - certChain=certChain.tlslite_certChain(), - x509TrustList=x509TrustList.tlslite_trustList()) + u = urlparse.urlparse(url) + + assert u.scheme in ("", "https") and \ + u.username is None and \ + u.password is None and \ + u.params == "" and \ + u.query == "" and \ + u.fragment == "" + + httpc = tlslite.api.HTTPTLSConnection(host = u.hostname or "localhost", + port = u.port or 443, + privateKey = privateKey.get_tlslite(), + certChain = certChain.tlslite_certChain(), + x509TrustList = x509TrustList.tlslite_trustList()) httpc.connect() - httpc.request("POST", url, msg, {"Content-Type" : rpki_content_type}) + httpc.request("POST", u.path, msg, {"Content-Type" : rpki_content_type}) response = httpc.getresponse() if response.status == httplib.OK: return response.read() diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index c270ed3f..e970e7c3 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -344,40 +344,32 @@ class parent_elt(data_elt): self.make_b64elt(elt, "https_ta", self.https_ta.get_DER()) return elt - def query_up_down(self, gctx, q_pdu): + def client_up_down_query(self, gctx, q_pdu): """Client code for sending one up-down query PDU to this parent.""" bsc = bsc_elt.sql_fetch(gctx.db, gctx.cur, self.bsc_id) if bsc is None: raise rpki.exceptions.NotFound, "Could not find BSC %s" % self.bsc_id - - # I have no flipping idea what I should be putting into the sender - # and recipient fields yet. As far as I can tell they're worse - # than useless, in that they provide no information I can't get - # more easily in other ways and I have to check them and store - # data for them. Use bogus values for now, sort out later, may - # require hacking SQL just to have someplace to store the values - # we need to put here. Ick. - - q_msg = rpki.up_down.message_pdu.make_query(sender = 'I have no idea what to put in the "sender" attribute', - recipient = 'I have no idea what to put in the "recipient" attribute', - payload = q_pdu) + q_msg = rpki.up_down.message_pdu.make_query(sender = "tweedledee", recipient = "tweedledum", payload = q_pdu) q_elt = q_msg.toXML() rpki.relaxng.up_down.assertValid(q_elt) q_cms = rpki.cms.xml_encode(q_elt, bsc.private_key_id, bsc.signing_cert) + return self.client_up_down_reply(gctx, q_pdu, rpki.https.client(x509TrustList = rpki.x509.X509_chain(self.https_ta), msg = q_cms, url = self.peer_contact_uri)) - # Er, what do we use for HTTPS trust anchors here?!? + def client_up_down_reply(self, gctx, q_pdu, r_cms): + """Handle up-down reply PDU from this parent. - raise NotImplementedError + This is a separate method because some day this will all be event + driven using the twisted package or something like it. + """ + + # Need to check response CMS, decode, then dispatch to some (as + # yet unnamed) method in the response payload pdu. I think. - # Code from which to steal when completing this: child_elt.serve_up_down(), irbe-cli.py - # - # Need to check response CMS, decode, then dispatch to some (as yet unnamed) method - # in the response payload pdu. I think. - # - # When we handle asynchronous events properly, this method will be - # broken into two separate functions at the point where we're - # waiting for the https response to come back. Second half is probably another - # method of parent_elt so that it can check the response CMS, etc. + r_elt = rpki.cms.xml_decode(r_cms, self.cms_ta) + rpki.relaxng.up_down.assertValid(r_elt) + r_msg = rpki.up_down.sax_handler.saxify(r_elt) + + raise NotImplementedError class child_elt(data_elt): """<child/> element.""" @@ -642,8 +634,6 @@ def irdb_query(gctx, self_id, child_id=None): r_cms = rpki.https.client(privateKey = gctx.https_key, certChain = gctx.https_certs, x509TrustList = gctx.https_tas, - host = gctx.irdb_host, - port = gctx.irdb_port, url = gctx.irdb_url, msg = q_cms) r_elt = rpki.cms.xml_decode(r_cms, gctx.cms_ta_irbe) diff --git a/scripts/rpki/relaxng.py b/scripts/rpki/relaxng.py index aacae01a..e19323b5 100644 --- a/scripts/rpki/relaxng.py +++ b/scripts/rpki/relaxng.py @@ -4,7 +4,7 @@ import lxml.etree left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rnc 1067 2007-10-01 20:22:57Z sra $ + $Id: left-right-schema.rng 1088 2007-10-04 03:06:25Z sra $ RelaxNG (Compact Syntax) Schema for RPKI left-right protocol. |