diff options
| author | Rob Austein <sra@hactrn.net> | 2014-04-12 14:46:30 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-04-12 14:46:30 +0000 |
| commit | 7ca4c3eaac0a159d6daa39db781f4622ed0fbc24 (patch) | |
| tree | 29130c2e789b0321984446434fc244d374c18f6c /rp/utils/scan_routercerts | |
| parent | be51aaa71e5b0f49b3a36b74e01e037925ff8625 (diff) | |
Clean up kludges left from before RP code could use our the Python
libraries.
svn path=/trunk/; revision=5787
Diffstat (limited to 'rp/utils/scan_routercerts')
| -rwxr-xr-x | rp/utils/scan_routercerts | 44 |
1 files changed, 16 insertions, 28 deletions
diff --git a/rp/utils/scan_routercerts b/rp/utils/scan_routercerts index 342fa272..aa3ed9e6 100755 --- a/rp/utils/scan_routercerts +++ b/rp/utils/scan_routercerts @@ -20,50 +20,38 @@ Scan rcynic validated output looking for router certificates, print out stuff that the rpki-rtr code cares about. """ -# This program represents a weird temporary state, mostly to avoid -# diving into a recursive yak shaving exercise. -# -# Under the old scheme, anything used by the RP code should be either -# C code or pure Python code using just the standard libraries. This -# has gotten silly, but we haven't yet refactored the current packaged -# builds from two packages into three (adding a -libs package). -# -# So, by rights, this program should be a C monstrosity written using -# the OpenSSL C API. I started coding it that way, but it was just -# too painful for something we're probably going to rewrite as a few -# lines of Python once we refactor, but by the same token I didn't -# want to delay router certificate support until the refactoring. -# -# So this program anticipates the new scheme of things, but makes one -# concession to current reality: if it has a problem importing the -# RPKI-specific libraries, it just quietly exits as if everything were -# fine and there simply are no router certificates to report. This -# isn't the right answer in the long run, but will suffice to avoid -# further bald yaks. - import os import sys import base64 +import argparse +import rpki.POW +import rpki.oids + +def check_dir(s): + if not os.path.isdir(s): + raise argparse.ArgumentTypeError("%r is not a directory" % s) + return s -try: - import rpki.POW - import rpki.oids -except ImportError: - sys.exit(0) +parser = argparse.ArgumentParser(description = __doc__) +parser.add_argument("rcynic_dir", type = check_dir, help = "rcynic authenticated output directory") +args = parser.parse_args() -rcynic_dir = sys.argv[1] +for root, dirs, files in os.walk(args.rcynic_dir): -for root, dirs, files in os.walk(rcynic_dir): for fn in files: + if not fn.endswith(".cer"): continue + x = rpki.POW.X509.derReadFile(os.path.join(root, fn)) if rpki.oids.id_kp_bgpsec_router not in (x.getEKU() or ()): continue sys.stdout.write(base64.urlsafe_b64encode(x.getSKI()).rstrip("=")) + for min_asn, max_asn in x.getRFC3779()[0]: for asn in xrange(min_asn, max_asn + 1): sys.stdout.write(" %s" % asn) + sys.stdout.write(" %s\n" % base64.b64encode(x.getPublicKey().derWritePublic())) |