Reformat some bits that were so bad I couldn't read them.

svn path=/branches/tk671/; revision=5671
author: Rob Austein <sra@hactrn.net> 2014-02-20 02:32:50 +0000
committer: Rob Austein <sra@hactrn.net> 2014-02-20 02:32:50 +0000
commit: f462c189577d261319432d4f7249c57d8fd1930a (patch)
tree: 620e53ba1e47596c3757d26f7eacd16d65293fbf /rpkid
parent: 94479e1684e9e89d5f82f4edc1639127f5423e48 (diff)
1 files changed, 79 insertions, 27 deletions
diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py
index 81eb3a6d..00b08fd9 100644
--- a/rpkid/tests/smoketest.py
+++ b/rpkid/tests/smoketest.py
@@ -228,7 +228,8 @@ def main():
     rootd_process = subprocess.Popen((prog_python, prog_rootd, "-d", "-c", rootd_name + ".conf"))
 
     rpki.log.info("Starting pubd")
-    pubd_process = subprocess.Popen((prog_python, prog_pubd, "-d", "-c", pubd_name + ".conf") + (("-p", pubd_name + ".prof") if args.profile else ()))
+    pubd_process = subprocess.Popen((prog_python, prog_pubd, "-d", "-c", pubd_name + ".conf") +
+                                    (("-p", pubd_name + ".prof") if args.profile else ()))
 
     rpki.log.info("Starting rsyncd")
     rsyncd_process = subprocess.Popen((prog_rsyncd, "--daemon", "--no-detach", "--config", rsyncd_name + ".conf"))
@@ -588,10 +589,12 @@ class allocation(object):
       raise CantRekeyYAMLLeaf, "Can't rekey YAML leaf %s, sorry" % self.name
     elif target is None:
       rpki.log.info("Rekeying <self/> %s" % self.name)
-      self.call_rpkid([rpki.left_right.self_elt.make_pdu(action = "set", self_handle = self.name, rekey = "yes")], cb = done)
+      self.call_rpkid([rpki.left_right.self_elt.make_pdu(
+        action = "set", self_handle = self.name, rekey = "yes")], cb = done)
     else:
       rpki.log.info("Rekeying <parent/> %s %s" % (self.name, target))
-      self.call_rpkid([rpki.left_right.parent_elt.make_pdu(action = "set", self_handle = self.name, parent_handle = target, rekey = "yes")], cb = done)
+      self.call_rpkid([rpki.left_right.parent_elt.make_pdu(
+        action = "set", self_handle = self.name, parent_handle = target, rekey = "yes")], cb = done)
 
   def apply_revoke(self, target, cb):
 
@@ -607,10 +610,12 @@ class allocation(object):
       cb()
     elif target is None:
       rpki.log.info("Revoking <self/> %s" % self.name)
-      self.call_rpkid([rpki.left_right.self_elt.make_pdu(action = "set", self_handle = self.name, revoke = "yes")], cb = done)
+      self.call_rpkid([rpki.left_right.self_elt.make_pdu(
+        action = "set", self_handle = self.name, revoke = "yes")], cb = done)
     else:
       rpki.log.info("Revoking <parent/> %s %s" % (self.name, target))
-      self.call_rpkid([rpki.left_right.parent_elt.make_pdu(action = "set", self_handle = self.name, parent_handle = target, revoke = "yes")], cb = done)
+      self.call_rpkid([rpki.left_right.parent_elt.make_pdu(
+        action = "set", self_handle = self.name, parent_handle = target, revoke = "yes")], cb = done)
 
   def __str__(self):
     s = self.name + "\n"
@@ -747,21 +752,28 @@ class allocation(object):
     cur.execute("DELETE FROM roa_request")
     for s in [self] + self.hosts:
       for kid in s.kids:
-        cur.execute("SELECT registrant_id FROM registrant WHERE registrant_handle = %s AND registry_handle = %s", (kid.name, s.name))
+        cur.execute("SELECT registrant_id FROM registrant WHERE registrant_handle = %s AND registry_handle = %s",
+                    (kid.name, s.name))
         registrant_id = cur.fetchone()[0]
         for as_range in kid.resources.asn:
-          cur.execute("INSERT registrant_asn (start_as, end_as, registrant_id) VALUES (%s, %s, %s)", (as_range.min, as_range.max, registrant_id))
+          cur.execute("INSERT registrant_asn (start_as, end_as, registrant_id) VALUES (%s, %s, %s)",
+                      (as_range.min, as_range.max, registrant_id))
         for v4_range in kid.resources.v4:
-          cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 4, %s)", (v4_range.min, v4_range.max, registrant_id))
+          cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 4, %s)",
+                      (v4_range.min, v4_range.max, registrant_id))
         for v6_range in kid.resources.v6:
-          cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)", (v6_range.min, v6_range.max, registrant_id))
-        cur.execute("UPDATE registrant SET valid_until = %s WHERE registrant_id = %s", (kid.resources.valid_until, registrant_id))
+          cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)",
+                      (v6_range.min, v6_range.max, registrant_id))
+        cur.execute("UPDATE registrant SET valid_until = %s WHERE registrant_id = %s",
+                    (kid.resources.valid_until, registrant_id))
       for r in s.roa_requests:
-        cur.execute("INSERT roa_request (self_handle, asn) VALUES (%s, %s)", (s.name, r.asn))
+        cur.execute("INSERT roa_request (self_handle, asn) VALUES (%s, %s)",
+                    (s.name, r.asn))
         roa_request_id = cur.lastrowid
         for version, prefix_set in ((4, r.v4), (6, r.v6)):
           if prefix_set:
-            cur.executemany("INSERT roa_request_prefix (roa_request_id, prefix, prefixlen, max_prefixlen, version) VALUES (%s, %s, %s, %s, %s)",
+            cur.executemany("INSERT roa_request_prefix (roa_request_id, prefix, prefixlen, max_prefixlen, version) "
+                            "VALUES (%s, %s, %s, %s, %s)",
                             ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) for x in prefix_set))
     db.close()
 
@@ -770,7 +782,8 @@ class allocation(object):
     Run daemons for this entity.
     """
     rpki.log.info("Running daemons for %s" % self.name)
-    self.rpkid_process = subprocess.Popen((prog_python, prog_rpkid, "-d", "-c", self.name + ".conf") + (("-p", self.name + ".prof") if args.profile else ()))
+    self.rpkid_process = subprocess.Popen((prog_python, prog_rpkid, "-d", "-c", self.name + ".conf") +
+                                          (("-p", self.name + ".prof") if args.profile else ()))
     self.irdbd_process = subprocess.Popen((prog_python, prog_irdbd, "-d", "-c", self.name + ".conf"))
 
   def kill_daemons(self):
@@ -974,7 +987,8 @@ class allocation(object):
           bpki_cms_cert = s.cross_certify(s.parent.name + "-SELF"),
           sender_name = s.name,
           recipient_name = s.parent.name,
-          peer_contact_uri = "http://localhost:%s/up-down/%s/%s" % (s.parent.get_rpki_port(), s.parent.name, s.name)))
+          peer_contact_uri = "http://localhost:%s/up-down/%s/%s" % (s.parent.get_rpki_port(),
+                                                                    s.parent.name, s.name)))
 
     def one():
       call_pubd(pubd_pdus, cb = two)
@@ -992,7 +1006,8 @@ class allocation(object):
         b = bsc_dict[s.name]
 
         rpki.log.info("Issuing BSC EE cert for %s" % s.name)
-        cmd = (prog_openssl, "x509", "-req", "-sha256", "-extfile", s.name + "-RPKI.conf", "-extensions", "req_x509_ext", "-days", "30",
+        cmd = (prog_openssl, "x509", "-req", "-sha256", "-extfile", s.name + "-RPKI.conf",
+               "-extensions", "req_x509_ext", "-days", "30",
                "-CA", s.name + "-SELF.cer", "-CAkey",    s.name + "-SELF.key", "-CAcreateserial", "-text")
         signer = subprocess.Popen(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE)
         signed = signer.communicate(input = b.pkcs10_request.get_PEM())
@@ -1248,8 +1263,8 @@ def set_pubd_crl(cb):
   updated whenever we update the CRL.
   """
   rpki.log.info("Setting pubd's BPKI CRL")
-  call_pubd([rpki.publication.config_elt.make_pdu(action = "set", bpki_crl = rpki.x509.CRL(Auto_file = pubd_name + "-TA.crl"))],
-            cb = lambda ignored: cb())
+  crl = rpki.x509.CRL(Auto_file = pubd_name + "-TA.crl")
+  call_pubd([rpki.publication.config_elt.make_pdu(action = "set", bpki_crl = crl)], cb = lambda ignored: cb())
 
 last_rcynic_run = None
 
@@ -1314,22 +1329,44 @@ bpki_cert_fmt_2 = '''\
 '''
 
 bpki_cert_fmt_3 = '''\
-%(openssl)s req -new -sha256 -key %(name)s-%(kind)s.key -out %(name)s-%(kind)s.req -config %(name)s-%(kind)s.conf &&
+%(openssl)s req -new \
+        -sha256 \
+        -key %(name)s-%(kind)s.key \
+        -out %(name)s-%(kind)s.req \
+        -config %(name)s-%(kind)s.conf &&
 touch %(name)s-%(kind)s.idx &&
 echo >%(name)s-%(kind)s.cnm 01 &&
 '''
 
 bpki_cert_fmt_4 = '''\
-%(openssl)s x509 -req -sha256 -in %(name)s-TA.req -out %(name)s-TA.cer -extfile %(name)s-TA.conf -extensions req_x509_ext -signkey %(name)s-TA.key -days 60 -text \
+%(openssl)s x509 -req -sha256 \
+        -in %(name)s-TA.req \
+        -out %(name)s-TA.cer \
+        -extfile %(name)s-TA.conf \
+        -extensions req_x509_ext \
+        -signkey %(name)s-TA.key \
+        -days 60 -text \
 '''
 
 bpki_cert_fmt_5 = ''' && \
-%(openssl)s x509 -req -sha256 -in %(name)s-%(kind)s.req -out %(name)s-%(kind)s.cer -extfile %(name)s-%(kind)s.conf -extensions req_x509_ext -days 30 -text \
-                     -CA %(name)s-TA.cer -CAkey %(name)s-TA.key -CAcreateserial \
+%(openssl)s x509 -req \
+        -sha256 \
+        -in %(name)s-%(kind)s.req \
+        -out %(name)s-%(kind)s.cer \
+        -extfile %(name)s-%(kind)s.conf \
+        -extensions req_x509_ext \
+        -days 30 \
+        -text \
+        -CA %(name)s-TA.cer \
+        -CAkey %(name)s-TA.key \
+        -CAcreateserial \
 '''
 
 bpki_cert_fmt_6 = ''' && \
-%(openssl)s ca -batch -gencrl -out %(name)s-%(kind)s.crl -config %(name)s-%(kind)s.conf \
+%(openssl)s ca -batch \
+        -gencrl \
+        -out %(name)s-%(kind)s.crl \
+        -config %(name)s-%(kind)s.conf \
 '''
 
 yaml_fmt_1 = '''---
@@ -1467,11 +1504,16 @@ authorityKeyIdentifier  = keyid:always
 basicConstraints        = critical,CA:true
 subjectKeyIdentifier    = hash
 keyUsage                = critical,keyCertSign,cRLSign
-subjectInfoAccess       = 1.3.6.1.5.5.7.48.5;URI:%(rootd_sia)sroot/,1.3.6.1.5.5.7.48.10;URI:%(rootd_sia)sroot/root.mft
+subjectInfoAccess       = @sia
 sbgp-autonomousSysNum   = critical,AS:0-4294967295
 sbgp-ipAddrBlock        = critical,IPv4:0.0.0.0/0,IPv6:0::/0
 certificatePolicies     = critical, @rpki_certificate_policy
 
+[sia]
+
+1.3.6.1.5.5.7.48.5;URI  = %(rootd_sia)sroot/
+1.3.6.1.5.5.7.48.10;URI = %(rootd_sia)sroot/root.mft
+
 [rpki_certificate_policy]
 
 policyIdentifier = 1.3.6.1.5.5.7.14.2
@@ -1484,10 +1526,20 @@ rootd_fmt_2 = '''\
 rootd_fmt_3 = '''\
 echo >%(rootd_name)s.tal %(rootd_sia)sroot.cer &&
 echo >>%(rootd_name)s.tal &&
-%(openssl)s rsa -pubout -in root.key | awk '!/-----(BEGIN|END)/' >>%(rootd_name)s.tal &&
-%(openssl)s req -new -sha256 -key root.key -out %(rootd_name)s.req -config %(rootd_name)s.conf -text -extensions req_x509_rpki_ext &&
-%(openssl)s x509 -req -sha256 -in %(rootd_name)s.req -out root.cer -outform DER -extfile %(rootd_name)s.conf -extensions req_x509_rpki_ext \
-                      -signkey root.key &&
+%(openssl)s rsa -pubout -in root.key |
+awk '!/-----(BEGIN|END)/' >>%(rootd_name)s.tal &&
+%(openssl)s req -new -text -sha256 \
+            -key root.key \
+            -out %(rootd_name)s.req \
+            -config %(rootd_name)s.conf \
+            -extensions req_x509_rpki_ext &&
+%(openssl)s x509 -req -sha256 \
+            -in %(rootd_name)s.req \
+            -out root.cer \
+            -outform DER \
+            -extfile %(rootd_name)s.conf \
+            -extensions req_x509_rpki_ext \
+            -signkey root.key &&
 ln -f root.cer %(rsyncd_dir)s
 '''
author	Rob Austein <sra@hactrn.net>	2014-02-20 02:32:50 +0000
committer	Rob Austein <sra@hactrn.net>	2014-02-20 02:32:50 +0000
commit	f462c189577d261319432d4f7249c57d8fd1930a (patch)
tree	620e53ba1e47596c3757d26f7eacd16d65293fbf /rpkid
parent	94479e1684e9e89d5f82f4edc1639127f5423e48 (diff)