Checkpoint

svn path=/scripts/rpki/exceptions.py; revision=1249

6 files changed, 46 insertions, 30 deletions

diff --git a/scripts/rpki/exceptions.py b/scripts/rpki/exceptions.py
index 2819dff8..b5f0010f 100644
--- a/scripts/rpki/exceptions.py
+++ b/scripts/rpki/exceptions.py
@@ -49,3 +49,9 @@ class UpstreamError(Exception):
 
 class ChildNotFound(Exception):
   """Could not find specified child in database."""
+
+class BSCNotFound(Exception):
+  """Could not find specified BSC in database."""
+
+class BadSender(Exception):
+  """Unexpected XML sender value."""
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index b9d96415..5fea299f 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -2,7 +2,7 @@
 
 """RPKI "left-right" protocol."""
 
-import base64, lxml.etree, time
+import base64, lxml.etree, time, traceback
 import rpki.sax_utils, rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions
 import rpki.https, rpki.up_down, rpki.relaxng
 
@@ -435,7 +435,7 @@ class parent_elt(data_elt):
     """
     bsc = bsc_elt.sql_fetch(gctx, self.bsc_id)
     if bsc is None:
-      raise rpki.exceptions.NotFound, "Could not find BSC %s" % self.bsc_id
+      raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id
     q_msg = rpki.up_down.message_pdu.make_query(q_pdu)
     q_elt = q_msg.toXML()
     rpki.relaxng.up_down.assertValid(q_elt)
@@ -492,12 +492,12 @@ class child_elt(data_elt):
     """Outer layer of server handling for one up-down PDU from this child."""
     bsc = bsc_elt.sql_fetch(gctx, self.bsc_id)
     if bsc is None:
-      raise rpki.exceptions.NotFound, "Could not find BSC %s" % self.bsc_id
+      raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id
     q_elt = rpki.cms.xml_verify(query, self.cms_ta)
     rpki.relaxng.up_down.assertValid(q_elt)
     q_msg = rpki.up_down.sax_handler.saxify(q_elt)
     if q_msg.sender != str(self.child_id):
-      raise rpki.exceptions.NotFound, "Unexpected XML sender %s" % q_msg.sender
+      raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender
     try:
       r_msg = q_msg.serve_top_level(gctx, self)
     except Exception, data:
@@ -627,6 +627,7 @@ class list_resources_elt(base_elt):
 
   element_name = "list_resources"
   attributes = ("type", "self_id", "child_id", "valid_until", "as", "ipv4", "ipv6", "subject_name")
+  valid_until = None
 
   def startElement(self, stack, name, attrs):
     """Handle <list_resources/> element."""
@@ -735,7 +736,7 @@ def irdb_query(gctx, self_id, child_id = None):
   needed for the event-driven code that this function will need to become.
   """
 
-  q_msg = msg_elt()
+  q_msg = msg()
   q_msg.append(list_resources_elt())
   q_msg[0].type = "query"
   q_msg[0].self_id = self_id
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py
index 7b4065cb..a507203c 100644
--- a/scripts/rpki/up_down.py
+++ b/scripts/rpki/up_down.py
@@ -415,9 +415,12 @@ class error_response_pdu(base_elt):
   def toXML(self):
     """Generate payload of "error_response" PDU."""
     assert self.status in self.codes
-    elt = self.make_elt("status")
-    elt.text = str(self.status)
-    return [elt]
+    status_elt = self.make_elt("status")
+    status_elt.text = str(self.status)
+    description_elt = self.make_elt("description")
+    description_elt.text = str(self.description)
+    description_elt.set("xml:lang", "en")
+    return [status_elt, description_elt]
 
   def check_syntax(self):
     """Handle an error response.  For the moment, just raise an
diff --git a/scripts/testpoke.py b/scripts/testpoke.py
index 9a349e28..646755e4 100644
--- a/scripts/testpoke.py
+++ b/scripts/testpoke.py
@@ -21,13 +21,23 @@ def get_PEM(name, cls):
     return cls(PEM_file = yaml_data[name + "-file"])
   return None
 
+def get_PEM_chain(name, cert = None):
+  chain = rpki.x509.X509_chain()
+  if cert is not None:
+    chain.append(cert)
+  if name in yaml_data:
+    chain.extend([rpki.x509.X509(PEM = x) for x in yaml_data[name]])
+  elif name + "-file" in yaml_data:
+    chain.extend([rpki.x509.X509(PEM_file = x) for x in yaml_data[name + "-file"]])
+  return chain
+
 def query_up_down(q_pdu):
-  q_msg = rpki.up_down.message_pdu.make_query(q_pdu)
+  q_msg = rpki.up_down.message_pdu.make_query(q_pdu, sender = yaml_data["sender-id"], recipient = yaml_data["recipient-id"])
   q_elt = q_msg.toXML()
   rpki.relaxng.up_down.assertValid(q_elt)
   q_cms = rpki.cms.xml_sign(q_elt, cms_key, cms_certs, encoding = "UTF-8")
   r_cms = rpki.https.client(x509TrustList = https_tas, privateKey = https_key, certChain = https_certs, msg = q_cms, url = yaml_data["posturl"])
-  r_xml = rpki.cms.verify(r_cms, cms_tas)
+  r_xml = rpki.cms.verify(r_cms, cms_ta)
   r_elt = lxml.etree.fromstring(r_xml)
   rpki.relaxng.up_down.assertValid(r_elt)
   return r_xml
@@ -71,20 +81,15 @@ if yaml_req is None and len(yaml_data["requests"]) == 1:
 cms_ta      = get_PEM("cms-ca-cert", rpki.x509.X509)
 cms_cert    = get_PEM("cms-cert", rpki.x509.X509)
 cms_key     = get_PEM("cms-key", rpki.x509.RSA)
-cms_certs   = rpki.x509.X509_chain()
-if cms_cert is not None:
-  cms_certs.append(cms_cert)
+cms_certs   = get_PEM_chain("cms-cert-chain", cms_cert)
 
+https_ta    = get_PEM("ssl-ta", rpki.x509.X509)
 https_key   = get_PEM("ssl-key", rpki.x509.RSA)
 https_cert  = get_PEM("ssl-cert", rpki.x509.X509)
-https_ta    = get_PEM("ssl-ca-cert", rpki.x509.X509)
+https_certs = get_PEM_chain("ssl-cert-chain", https_cert)
 
 https_tas   = rpki.x509.X509_chain()
 if https_ta is not None:
   https_tas.append(https_ta)
 
-https_certs = rpki.x509.X509_chain()
-if https_cert is not None:
-  https_certs.append(https_cert)
-
 dispatch[yaml_data["requests"][yaml_req]["type"]]()
diff --git a/scripts/testpoke.yaml b/scripts/testpoke.yaml
index b0635740..dad2136a 100644
--- a/scripts/testpoke.yaml
+++ b/scripts/testpoke.yaml
@@ -4,24 +4,25 @@
 version: 1
 posturl: https://localhost:4433/up-down/1
 recipient-id: wombat
-sender-id: bandicoot
+sender-id: "1"
 
 cms-cert-file: biz-certs/Frank-EE.cer
 cms-key-file: biz-certs/Frank-EE.key
 cms-ca-cert-file: biz-certs/Bob-Root.cer
+cms-cert-chain-file: [ biz-certs/Frank-CA.cer ]
 
-#ssl-cert-file: biz-certs/Frank-EE.cer
-#ssl-key-file: biz-certs/Frank-EE.key
+ssl-cert-file: biz-certs/Frank-EE.cer
+ssl-key-file: biz-certs/Frank-EE.key
 ssl-ca-cert-file: biz-certs/Bob-Root.cer
 
 requests:
   list:
     type: list
-  issue:
-    type: issue
-    class: 1
-    sia: [ "rsync://bandicoot.invalid/some/where" ]
-  revoke:
-    type: revoke
-    class: 1
-    ski: FillThisIn
+# issue:
+#   type: issue
+#   class: 1
+#   sia: [ "rsync://bandicoot.invalid/some/where" ]
+# revoke:
+#   type: revoke
+#   class: 1
+#   ski: FillThisIn
diff --git a/scripts/testroot.sh b/scripts/testroot.sh
index d06737ea..6368d9c0 100644
--- a/scripts/testroot.sh
+++ b/scripts/testroot.sh
@@ -53,7 +53,7 @@ python irbe-cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id
 # Create a child context -- note that we're using the -CA as trust anchor rather than -Root,
 # because the APNIC poke tool doesn't offer any way to construct CMS chains
 
-python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-CA.cer
+python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer
 
 # Shut down rpkid