Rename a couple of scripts whose names confuse Doxygen. Clean some of

the old test code out of rpkid/ to make real code easier to find.

svn path=/rpkid/Doxyfile; revision=1995

1 files changed, 108 insertions, 0 deletions

diff --git a/rpkid/cross_certify.py b/rpkid/cross_certify.py
new file mode 100644
index 00000000..88c5718f
--- /dev/null
+++ b/rpkid/cross_certify.py
@@ -0,0 +1,108 @@
+"""
+Cross-certification tool to issue a new certificate based on an old
+one that was issued by somebody else.  The point of the exercise is to
+end up with a valid certificate in our own BPKI which has the same
+subject name and subject public key as the one we're replacing.
+
+Much of this code lifted from rpki.x509.X509.issue(), but this is a
+sufficiently different purpose that it's probably not worth
+refactoring.
+
+Usage: python cross_certify.py { -i | --in     } input_cert
+                               { -c | --ca     } issuing_cert
+                               { -k | --key    } issuing_cert_key
+                               { -s | --serial } serial_filename
+                               [ { -h | --help } ]
+                               [ { -o | --out  }     filename  (default: stdout)  ]
+                               [ { -l | --lifetime } timedelta (default: 30 days) ]
+
+$Id$
+
+Copyright (C) 2007--2008  American Registry for Internet Numbers ("ARIN")
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+"""
+
+import os, time, getopt, sys, POW
+import rpki.x509, rpki.sundial
+
+os.environ["TZ"] = "UTC"
+time.tzset()
+
+def usage(code):
+  print __doc__
+  sys.exit(code)
+
+output = None
+lifetime = rpki.sundial.timedelta(days = 30)
+
+opts,argv = getopt.getopt(sys.argv[1:], "h?i:o:c:k:s:l:",
+                          ["help", "in=", "out=", "ca=", "key=", "serial=", "lifetime="])
+for o,a in opts:
+  if o in ("-h", "--help", "-?"):
+    usage(0)
+  elif o in ("-i", "--in"):
+    child = rpki.x509.X509(Auto_file = a)
+  elif o in ("-o", "--out"):
+    output = a
+  elif o in ("-c", "--ca"):
+    parent = rpki.x509.X509(Auto_file = a)
+  elif o in ("-k", "--key"):
+    keypair = rpki.x509.RSA(Auto_file = a)
+  elif o in ("-s", "--serial"):
+    serial_file = a
+  elif o in ("-l", "--lifetime"):
+    lifetime = rpki.sundial.timedelta.parse(a)
+if argv:
+  usage(1)
+
+now = rpki.sundial.now()
+notAfter = now + lifetime
+
+try:
+  f = open(serial_file, "r")
+  serial = f.read()
+  f.close()
+  serial = int(serial.splitlines()[0], 16)
+except IOError:
+  serial = 1
+
+x = POW.pkix.Certificate()
+x.setVersion(2)
+x.setSerial(serial)
+x.setIssuer(parent.get_POWpkix().getSubject())
+x.setSubject(child.get_POWpkix().getSubject())
+x.setNotBefore(now.toASN1tuple())
+x.setNotAfter(notAfter.toASN1tuple())
+x.tbs.subjectPublicKeyInfo.set(child.get_POWpkix().tbs.subjectPublicKeyInfo.get())
+x.setExtensions(((rpki.oids.name2oid["subjectKeyIdentifier"], False,
+                     child.get_SKI()),
+                    (rpki.oids.name2oid["authorityKeyIdentifier"], False,
+                     (parent.get_SKI(), (), None)),
+                    (rpki.oids.name2oid["basicConstraints"], True,
+                     (1, 0))))
+x.sign(keypair.get_POW(), POW.SHA256_DIGEST)
+
+cert = rpki.x509.X509(POWpkix = x)
+
+f = open(serial_file, "w")
+f.write("%02x\n" % (serial + 1))
+f.close()
+
+if output is None:
+  print cert.get_PEM()
+else:
+  f = open(output, "w")
+  f.write(cert.get_PEM())
+  f.close()
+