Move StatusCode out of POW.c. New API still needs work, but this

makes the C code considerably simpler. svn path=/branches/tk705/; revision=6180
author: Rob Austein <sra@hactrn.net> 2015-11-18 07:25:09 +0000
committer: Rob Austein <sra@hactrn.net> 2015-11-18 07:25:09 +0000
commit: 6c98d241fbb8e28c24b980dca0b8ce67891c4ca8 (patch)
tree: f3ec0ae4b146522ede33c5a114b48db22d4f931d /rpki/POW
parent: cbb1c240fb629c89760c26019d24717af965bfd7 (diff)
1 files changed, 162 insertions, 11 deletions
diff --git a/rpki/POW/__init__.py b/rpki/POW/__init__.py
index 7f18b548..7f92c2cd 100644
--- a/rpki/POW/__init__.py
+++ b/rpki/POW/__init__.py
@@ -19,21 +19,172 @@
 
 # pylint: disable=W0401,W0622
 
-from rpki.POW._POW import *
-from rpki.POW._POW import __doc__
+from ._POW import *
+from ._POW import __doc__
 
-# Set callback to let POW construct rpki.sundial.datetime objects
+
+# Set callback to let POW construct rpki.sundial.datetime objects.
 
 from rpki.sundial import datetime as sundial_datetime
 customDatetime(sundial_datetime)
 del sundial_datetime
 
-# Construct friendlier representation for validation status codes.
 
-from rpki.POW._POW import _validation_status_codes
-class validation_status(object):
-    "RPKI validation status codes."
-for code in _validation_status_codes:
-    setattr(validation_status, code.name, code)
-del code                                # pylint: disable=W0631
-del _validation_status_codes
+# Status code mechanism, (mostly) moved out of POW.c.
+
+class StatusCode(object):
+
+    def __init__(self, name, text, kind, code = None):
+        assert code is None or isinstance(code, int)
+        assert kind in ("good", "bad", "warn")
+        self.code = code
+        self.name = name
+        self.text = text
+        self.kind = kind
+
+    def __str__(self):
+        return self.name
+
+    def __repr__(self):
+        return "<StatusCode object \"{}\" at {}>".format(self.text, id(self))
+
+    def __hash__(self):
+        return hash(self.name)
+
+    def __cmp__(self, other):
+        return cmp(self.name, other.name)
+
+
+class StatusCodeDB(object):
+
+    def __init__(self, bad, warn, good):
+        for k, v in bad.iteritems():
+            setattr(self, k, StatusCode(name = k, text = v, kind = "bad"))
+        for k, v in warn.iteritems():
+            setattr(self, k, StatusCode(name = k, text = v, kind = "warn"))
+        for k, v in good.iteritems():
+            setattr(self, k, StatusCode(name = k, text = v, kind = "good"))
+
+    # Do we want something to let us use the OpenSSL symbolic names
+    # for the X509_V_ERR_* codes, or just skip that entirely?
+    #
+    # Sort that out when we get to the Python-side API for this stuff.
+
+
+validation_status = StatusCodeDB(
+    bad = dict(
+        AIA_EXTENSION_MISSING                = "AIA extension missing",
+        AIA_EXTENSION_FORBIDDEN              = "AIA extension forbidden",
+        AIA_URI_MISSING                      = "AIA URI missing",
+        AKI_EXTENSION_ISSUER_MISMATCH        = "AKI extension issuer mismatch",
+        AKI_EXTENSION_MISSING                = "AKI extension missing",
+        AKI_EXTENSION_WRONG_FORMAT           = "AKI extension is wrong format",
+        BAD_ASIDENTIFIERS                    = "Bad ASIdentifiers extension",
+        BAD_CERTIFICATE_POLICY               = "Bad certificate policy",
+        BAD_CMS_ECONTENTTYPE                 = "Bad CMS eContentType",
+        BAD_CMS_SI_CONTENTTYPE               = "Bad CMS SI ContentType",
+        BAD_CMS_SIGNER                       = "Bad CMS signer",
+        BAD_CMS_SIGNER_INFOS                 = "Bad CMS signerInfos",
+        BAD_CRL                              = "Bad CRL",
+        BAD_IPADDRBLOCKS                     = "Bad IPAddrBlocks extension",
+        BAD_KEY_USAGE                        = "Bad keyUsage",
+        BAD_MANIFEST_DIGEST_LENGTH           = "Bad manifest digest length",
+        BAD_PUBLIC_KEY                       = "Bad public key",
+        BAD_ROA_ASID                         = "Bad ROA asID",
+        BAD_CERTIFICATE_SERIAL_NUMBER        = "Bad certificate serialNumber",
+        BAD_MANIFEST_NUMBER                  = "Bad manifestNumber",
+        CERTIFICATE_BAD_SIGNATURE            = "Bad certificate signature",
+        CERTIFICATE_FAILED_VALIDATION        = "Certificate failed validation",
+        CMS_ECONTENT_DECODE_ERROR            = "CMS eContent decode error",
+        CMS_INCLUDES_CRLS                    = "CMS includes CRLs",
+        CMS_SIGNER_MISSING                   = "CMS signer missing",
+        CMS_SKI_MISMATCH                     = "CMS SKI mismatch",
+        CMS_VALIDATION_FAILURE               = "CMS validation failure",
+        CRL_ISSUER_NAME_MISMATCH             = "CRL issuer name mismatch",
+        CRL_NOT_IN_MANIFEST                  = "CRL not listed in manifest",
+        CRL_NOT_YET_VALID                    = "CRL not yet valid",
+        CRL_NUMBER_EXTENSION_MISSING         = "CRL number extension missing",
+        CRL_NUMBER_IS_NEGATIVE               = "CRL number is negative",
+        CRL_NUMBER_OUT_OF_RANGE              = "CRL number out of range",
+        CRLDP_DOESNT_MATCH_ISSUER_SIA        = "CRLDP doesn't match issuer's SIA",
+        CRLDP_URI_MISSING                    = "CRLDP URI missing",
+        DISALLOWED_X509V3_EXTENSION          = "Disallowed X.509v3 extension",
+        DUPLICATE_NAME_IN_MANIFEST           = "Duplicate name in manifest",
+        INAPPROPRIATE_EKU_EXTENSION          = "Inappropriate EKU extension",
+        MALFORMED_AIA_EXTENSION              = "Malformed AIA extension",
+        MALFORMED_SIA_EXTENSION              = "Malformed SIA extension",
+        MALFORMED_BASIC_CONSTRAINTS          = "Malformed basicConstraints",
+        MALFORMED_TRUST_ANCHOR               = "Malformed trust anchor",
+        MALFORMED_CADIRECTORY_URI            = "Malformed caDirectory URI",
+        MALFORMED_CRLDP_EXTENSION            = "Malformed CRDLP extension",
+        MALFORMED_CRLDP_URI                  = "Malformed CRDLP URI",
+        MALFORMED_ROA_ADDRESSFAMILY          = "Malformed ROA addressFamily",
+        MALFORMED_TAL_URI                    = "Malformed TAL URI",
+        MANIFEST_CAREPOSITORY_MISMATCH       = "Manifest caRepository mismatch",
+        MANIFEST_INTERVAL_OVERRUNS_CERT      = "Manifest interval overruns certificate",
+        MANIFEST_LISTS_MISSING_OBJECT        = "Manifest lists missing object",
+        MANIFEST_NOT_YET_VALID               = "Manifest not yet valid",
+        MISSING_RESOURCES                    = "Missing resources",
+        NONCONFORMANT_ASN1_TIME_VALUE        = "Nonconformant ASN.1 time value",
+        NONCONFORMANT_PUBLIC_KEY_ALGORITHM   = "Nonconformant public key algorithm",
+        NONCONFORMANT_SIGNATURE_ALGORITHM    = "Nonconformant signature algorithm",
+        NONCONFORMANT_DIGEST_ALGORITHM       = "Nonconformant digest algorithm",
+        NONCONFORMANT_CERTIFICATE_UID        = "Nonconformant certificate UID",
+        OBJECT_REJECTED                      = "Object rejected",
+        RFC3779_INHERITANCE_REQUIRED         = "RFC 3779 inheritance required",
+        ROA_CONTAINS_BAD_AFI_VALUE           = "ROA contains bad AFI value",
+        ROA_MAX_PREFIXLEN_TOO_SHORT          = "ROA maxPrefixlen too short",
+        ROA_RESOURCE_NOT_IN_EE               = "ROA resource not in EE",
+        ROA_RESOURCES_MALFORMED              = "ROA resources malformed",
+        RSYNC_TRANSFER_FAILED                = "rsync transfer failed",
+        RSYNC_TRANSFER_TIMED_OUT             = "rsync transfer timed out",
+        SAFI_NOT_ALLOWED                     = "SAFI not allowed",
+        SIA_CADIRECTORY_URI_MISSING          = "SIA caDirectory URI missing",
+        SIA_EXTENSION_MISSING                = "SIA extension missing",
+        SIA_MANIFEST_URI_MISSING             = "SIA manifest URI missing",
+        SKI_EXTENSION_MISSING                = "SKI extension missing",
+        SKI_PUBLIC_KEY_MISMATCH              = "SKI public key mismatch",
+        TRUST_ANCHOR_KEY_MISMATCH            = "Trust anchor key mismatch",
+        TRUST_ANCHOR_WITH_CRLDP              = "Trust anchor can't have CRLDP",
+        UNKNOWN_AFI                          = "Unknown AFI",
+        UNKNOWN_OPENSSL_VERIFY_ERROR         = "Unknown OpenSSL verify error",
+        UNREADABLE_TRUST_ANCHOR              = "Unreadable trust anchor",
+        UNREADABLE_TRUST_ANCHOR_LOCATOR      = "Unreadable trust anchor locator",
+        WRONG_OBJECT_VERSION                 = "Wrong object version"),
+
+    warn = dict(
+        AIA_DOESNT_MATCH_ISSUER              = "AIA doesn't match issuer",
+        BACKUP_THISUPDATE_NEWER_THAN_CURRENT = "Backup thisUpdate newer than current",
+        BACKUP_NUMBER_HIGHER_THAN_CURRENT    = "Backup number higher than current",
+        BAD_THISUPDATE                       = "Bad CRL thisUpdate",
+        BAD_CMS_SI_SIGNED_ATTRIBUTES         = "Bad CMS SI signed attributes",
+        BAD_SIGNED_OBJECT_URI                = "Bad signedObject URI",
+        CRLDP_NAMES_NEWER_CRL                = "CRLDP names newer CRL",
+        DIGEST_MISMATCH                      = "Digest mismatch",
+        EE_CERTIFICATE_WITH_1024_BIT_KEY     = "EE certificate with 1024 bit key",
+        ISSUER_USES_MULTIPLE_CRLDP_VALUES    = "Issuer uses multiple CRLDP values",\
+        MULTIPLE_RSYNC_URIS_IN_EXTENSION     = "Multiple rsync URIs in extension",
+        NONCONFORMANT_ISSUER_NAME            = "Nonconformant X.509 issuer name",
+        NONCONFORMANT_SUBJECT_NAME           = "Nonconformant X.509 subject name",
+        POLICY_QUALIFIER_CPS                 = "Policy Qualifier CPS",
+        RSYNC_PARTIAL_TRANSFER               = "rsync partial transfer",
+        RSYNC_TRANSFER_SKIPPED               = "rsync transfer skipped",
+        SIA_EXTENSION_MISSING_FROM_EE        = "SIA extension missing from EE",
+        SKIPPED_BECAUSE_NOT_IN_MANIFEST      = "Skipped because not in manifest",
+        STALE_CRL_OR_MANIFEST                = "Stale CRL or manifest",
+        TAINTED_BY_STALE_CRL                 = "Tainted by stale CRL",
+        TAINTED_BY_STALE_MANIFEST            = "Tainted by stale manifest",
+        TAINTED_BY_NOT_BEING_IN_MANIFEST     = "Tainted by not being in manifest",
+        TRUST_ANCHOR_NOT_SELF_SIGNED         = "Trust anchor not self-signed",
+        TRUST_ANCHOR_SKIPPED                 = "Trust anchor skipped",
+        UNKNOWN_OBJECT_TYPE_SKIPPED          = "Unknown object type skipped",
+        URI_TOO_LONG                         = "URI too long",
+        WRONG_CMS_SI_SIGNATURE_ALGORITHM     = "Wrong CMS SI signature algorithm",
+        WRONG_CMS_SI_DIGEST_ALGORITHM        = "Wrong CMS SI digest algorithm"),
+
+    good = dict(
+        NON_RSYNC_URI_IN_EXTENSION           = "Non-rsync URI in extension",
+        OBJECT_ACCEPTED                      = "Object accepted",
+        RECHECKING_OBJECT                    = "Rechecking object",
+        RSYNC_TRANSFER_SUCCEEDED             = "rsync transfer succeeded",
+        VALIDATION_OK                        = "OK"))
author	Rob Austein <sra@hactrn.net>	2015-11-18 07:25:09 +0000
committer	Rob Austein <sra@hactrn.net>	2015-11-18 07:25:09 +0000
commit	6c98d241fbb8e28c24b980dca0b8ce67891c4ca8 (patch)
tree	f3ec0ae4b146522ede33c5a114b48db22d4f931d /rpki/POW
parent	cbb1c240fb629c89760c26019d24717af965bfd7 (diff)