diff options
| author | Rob Austein <sra@hactrn.net> | 2007-12-05 05:17:55 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-12-05 05:17:55 +0000 |
| commit | ce469b65294321b9cef0c1734d946b5a1a537f07 (patch) | |
| tree | e9e08210c93389a533b5ee34dea03e2cb87c63bc | |
| parent | cfe926c349a510f12a9f84a8aa62f3428636eb9f (diff) | |
Checkpoint
svn path=/scripts/apnic-poke-1.sh; revision=1364
| -rw-r--r-- | scripts/apnic-poke-1.sh | 3 | ||||
| -rw-r--r-- | scripts/apnic-poke-1.yaml | 2 | ||||
| -rw-r--r-- | scripts/apnic-poke-2.sh | 2 | ||||
| -rw-r--r-- | scripts/biz-certs/Bob-CA.srl | 2 | ||||
| -rw-r--r-- | scripts/rpki/left_right.py | 7 | ||||
| -rw-r--r-- | scripts/rpki/up_down.py | 4 | ||||
| -rwxr-xr-x | scripts/rpkid.py | 7 |
7 files changed, 21 insertions, 6 deletions
diff --git a/scripts/apnic-poke-1.sh b/scripts/apnic-poke-1.sh index aa4d9199..d0bba366 100644 --- a/scripts/apnic-poke-1.sh +++ b/scripts/apnic-poke-1.sh @@ -68,7 +68,8 @@ python irbe-cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id # Create a child context -- note that we're using the -CA as trust anchor rather than -Root, # because the APNIC poke tool doesn't offer any way to construct CMS chains -python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer +#python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer +python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-CA.cer # Run the other daemons, arrange for everything to go away on shutdown, # run initial cron job to set things up, then wait diff --git a/scripts/apnic-poke-1.yaml b/scripts/apnic-poke-1.yaml index 24b80561..1fed7a90 100644 --- a/scripts/apnic-poke-1.yaml +++ b/scripts/apnic-poke-1.yaml @@ -9,7 +9,7 @@ sender-id: "1" cms-cert-file: biz-certs/Frank-EE.cer cms-key-file: biz-certs/Frank-EE.key cms-ca-cert-file: biz-certs/Bob-Root.cer -cms-cert-chain-file: [ biz-certs/Frank-CA.cer ] +#cms-cert-chain-file: [ biz-certs/Frank-CA.cer ] ssl-cert-file: biz-certs/Frank-EE.cer ssl-key-file: biz-certs/Frank-EE.key diff --git a/scripts/apnic-poke-2.sh b/scripts/apnic-poke-2.sh index 32e81652..2e81dca4 100644 --- a/scripts/apnic-poke-2.sh +++ b/scripts/apnic-poke-2.sh @@ -41,7 +41,7 @@ rm -f bsc.req bsc.cer # List what's in the BSC, for today's debugging fun -python irbe-cli.py bsc --action list --self_id 1 --bsc_id 1 +#python irbe-cli.py bsc --action list --self_id 1 # Create a repository context diff --git a/scripts/biz-certs/Bob-CA.srl b/scripts/biz-certs/Bob-CA.srl index 8517ccf2..1888c757 100644 --- a/scripts/biz-certs/Bob-CA.srl +++ b/scripts/biz-certs/Bob-CA.srl @@ -1 +1 @@ -90801F1ED1945507 +90801F1ED1945510 diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index 94022985..e1ab3e2a 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -582,7 +582,12 @@ class parent_elt(data_elt): sender = self.sender_name, recipient = self.recipient_name) q_elt = q_msg.toXML() - rpki.relaxng.up_down.assertValid(q_elt) + try: + rpki.relaxng.up_down.assertValid(q_elt) + except lxml.etree.DocumentInvalid: + print "Message does not pass schema check:" + print lxml.etree.tostring(q_elt, pretty_print = True) + raise q_cms = rpki.cms.xml_sign(q_elt, bsc.private_key_id, bsc.signing_cert, encoding = "UTF-8") r_cms = rpki.https.client(x509TrustList = rpki.x509.X509_chain(self.https_ta), privateKey = gctx.https_key, diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 1e14a422..b8a267ef 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -481,6 +481,10 @@ class message_pdu(base_elt): def make_query(cls, payload, sender, recipient): """Construct one message PDU.""" assert not cls.type2name[type(payload)].endswith("_response") + if sender is None: + sender = "tweedledee" + if recipient is None: + recipient = "tweedledum" self = cls() self.sender = sender self.recipient = recipient diff --git a/scripts/rpkid.py b/scripts/rpkid.py index feed9add..d12fc5bf 100755 --- a/scripts/rpkid.py +++ b/scripts/rpkid.py @@ -8,7 +8,7 @@ Usage: python rpkid.py [ { -c | --config } configfile ] [ { -h | --help } ] Default configuration file is rpkid.conf, override with --config option. """ -import traceback, os, time, getopt, sys, MySQLdb +import traceback, os, time, getopt, sys, MySQLdb, lxml.etree import rpki.resource_set, rpki.up_down, rpki.left_right, rpki.x509 import rpki.https, rpki.config, rpki.cms, rpki.exceptions, rpki.relaxng @@ -23,6 +23,11 @@ def left_right_handler(query, path): rpki.relaxng.left_right.assertValid(r_elt) reply = rpki.cms.xml_sign(r_elt, gctx.cms_key, gctx.cms_certs) return 200, reply + except lxml.etree.DocumentInvalid: + print "Received reply document does not pass schema check:" + print lxml.etree.tostring(r_elt, pretty_print = True) + traceback.print_exc() + return 500, "Schema violation" except Exception, data: traceback.print_exc() return 500, "Unhandled exception %s" % data |