diff options
| author | Rob Austein <sra@hactrn.net> | 2014-01-09 20:56:06 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-01-09 20:56:06 +0000 |
| commit | b603ea6e8677d61d93f05cb43aa8c1769c1e9d6c (patch) | |
| tree | 4acda8c9d9ba25800d820a4bb6636fd626dc0c24 /scripts/Old | |
| parent | 06023dcd60af34a84c3a71f1a597e477cfa8f408 (diff) | |
Update more copyrights, clean up module doc blocks.
svn path=/trunk/; revision=5624
Diffstat (limited to 'scripts/Old')
31 files changed, 0 insertions, 2594 deletions
diff --git a/scripts/Old/apnic-poke-1.sh b/scripts/Old/apnic-poke-1.sh deleted file mode 100644 index bca4a8f6..00000000 --- a/scripts/Old/apnic-poke-1.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Script to let APNIC test against my server. -# -# This blows away rpkid's database and rebuilds it with what we need -# for this test, and knows far too much about the id numbers that -# rpkid and mysql will assign. In the long run we must do better than -# this, but gotta start somewhere. - -openssl=../openssl/openssl/apps/openssl - -# Halt on first error and show what's happening - -set -ex - -# Generate new key and cert for rootd.py if needed - -if test ! -r rootd.cer -o ! -r rootd.key -then - $openssl req -new -newkey rsa:2048 -nodes -keyout rootd.key -out rootd.req -config rootd.cnf - - $openssl x509 -req -in rootd.req -out rootd.cer -extfile rootd.cnf -extensions req_x509_ext \ - -signkey rootd.key -text -sha256 - - rm -f rootd.req -fi - -# Blow away old rpkid database (!) so we can start clean - -mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <rpki-db-schema.sql - -# Clear out any old publication results - -rm -rf publication/* - -# Start rpkid so we can configure it, make sure we shut it down on exit -# If we're running under screen, just run it in a different screen instead. - -if test -n "$STY" -then - screen python rpkid.py -else - python rpkid.py >>rpkid.log 2>&1 & rpkid=$! - trap "kill $rpkid" 0 1 2 3 13 15 -fi - -# Create a self instance - -python irbe_cli.py self --action create --crl_interval 84600 - -# Create a business signing context, issue the necessary business cert, and set up the cert chain - -python irbe_cli.py --pem_out bsc.req bsc --action create --self_id 1 \ - --generate_keypair --signing_cert biz-certs/Bob-CA.cer - -$openssl x509 -req -in bsc.req -out bsc.cer -CA biz-certs/Bob-CA.cer \ - -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl - -python irbe_cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer - -rm -f bsc.req bsc.cer - -# Create a repository context - -python irbe_cli.py repository --self_id 1 --action create --bsc_id 1 - -# Create a parent context pointing at rootd.py - -python irbe_cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id 1 \ - --peer_contact_uri https://localhost:44333/ \ - --cms_ta biz-certs/Elena-Root.cer \ - --https_ta biz-certs/Elena-Root.cer \ - --sia_base rsync://wombat.invalid/ - -# Create a child context - -python irbe_cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer - -# Run the other daemons, arrange for everything to go away on shutdown, -# run initial cron job to set things up, then wait - -if test -n "$STY" -then - screen python rootd.py - screen python irdbd.py -else - python rootd.py >>rootd.log 2>&1 & rootd=$! - python irdbd.py >>irdbd.log 2>&1 & irdbd=$! - trap "kill $rpkid $irdbd $rootd" 0 1 2 3 13 15 -fi - -python cronjob.py - -if test -z "$STY" -then - tail +0f rpkid.log -fi diff --git a/scripts/Old/apnic-poke-1.yaml b/scripts/Old/apnic-poke-1.yaml deleted file mode 100644 index 24b80561..00000000 --- a/scripts/Old/apnic-poke-1.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# $Id$ - -version: 1 -posturl: https://adrilankha.hactrn.net:4433/up-down/1 -recipient-id: wombat -sender-id: "1" - -cms-cert-file: biz-certs/Frank-EE.cer -cms-key-file: biz-certs/Frank-EE.key -cms-ca-cert-file: biz-certs/Bob-Root.cer -cms-cert-chain-file: [ biz-certs/Frank-CA.cer ] - -ssl-cert-file: biz-certs/Frank-EE.cer -ssl-key-file: biz-certs/Frank-EE.key -ssl-ca-cert-file: biz-certs/Bob-Root.cer - -requests: - list: - type: list - issue: - type: issue - class: 1 - sia: [ "rsync://bandicoot.invalid/some/where/" ] - revoke: - type: revoke - class: 1 - ski: "CB5K6APY-4KcGAW9jaK_cVPXKX0" diff --git a/scripts/Old/apnic-poke-2.sh b/scripts/Old/apnic-poke-2.sh deleted file mode 100644 index 87018111..00000000 --- a/scripts/Old/apnic-poke-2.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -openssl=../openssl/openssl/apps/openssl - -# Halt on first error and show what's happening - -set -ex - -# Blow away old rpkid database (!) so we can start clean - -mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <rpki-db-schema.sql - -# Clear out any old publication results - -rm -rf publication/* - -# Start rpkid so we can configure it, make sure we shut it down on exit -# If we're running under screen, just run it in a different screen instead. - -if test -n "$STY" -then - screen python rpkid.py -else - python rpkid.py >>rpkid.log 2>&1 & rpkid=$! - trap "kill $rpkid" 0 1 2 3 13 15 -fi - -# Create a self instance - -python irbe_cli.py self --action create --crl_interval 84600 - -# Create a business signing context, issue the necessary business cert, and set up the cert chain - -python irbe_cli.py --pem_out bsc.req bsc --action create --self_id 1 \ - --generate_keypair --signing_cert biz-certs/Bob-CA.cer -$openssl x509 -req -in bsc.req -out bsc.cer \ - -CA biz-certs/Bob-CA.cer -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl -python irbe_cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer -rm -f bsc.req bsc.cer - -# List what's in the BSC, for today's debugging fun - -#python irbe_cli.py bsc --action list --self_id 1 - -# Create a repository context - -python irbe_cli.py repository --self_id 1 --action create --bsc_id 1 - -# Create a parent context pointing at APNIC -- this is where we plug in the values from their YAML - -cat >apnic.pem <<-'EOF' - -----BEGIN CERTIFICATE----- - MIIEFjCCAv6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBJMUcwRQYDVQQDEz5Eb2N1 - bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0gTm90IGZv - ciByZWFsIHVzZTAeFw0wNzEyMDEwNjMyNDdaFw0xNzExMjgwNjMyNDdaMEkxRzBF - BgNVBAMTPkRvY3VtZW50YXRpb24gUHJlZml4ZXMgQ01TIFBhcmVudCBUQSBzaWdu - ZXIgLSBOb3QgZm9yIHJlYWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEAtsRcgBpO7cTN+QGPnBaPtmfdsUZbctrfSBycS3QhwAItzZryqIHN9stP - A+0WEOC4+cfaY9xETqGwbq725p8FRwxUx9NBQS7jrL1ToNCJ+2qSH5ThK2hOQiCT - 3fv2FNJ/7gFFqofWt3mLyNEmnis95pRwzTtqH6ZaAaZk+AzwL77ww8AlwL/qfLtD - mjrsUfoELfkbS4ywFK0orjVKeGvzG8Dx7WiGvwmdhNNJ8/IAZmJC0NI8r9VIfcw3 - 2B7bnDGkKH3E0NNRIajPmLbaNfT0Dxw+BjIC3Ty48o3ghSScqviyThNFyj8cr9SB - Ww8ReAU6v9q4XWRnlZt8Lc9WIsF/MwIDAQABo4IBBzCCAQMwDAYDVR0TBAUwAwEB - /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPzZTgRZylsJph8KV9AU3klSgl8r - MHEGA1UdIwRqMGiAFPzZTgRZylsJph8KV9AU3klSgl8roU2kSzBJMUcwRQYDVQQD - Ez5Eb2N1bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0g - Tm90IGZvciByZWFsIHVzZYIBADBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vbWly - aW4uYXBuaWMubmV0L2RvY3VtZW50YXRpb24tcHJlZml4ZXMvY21zL3BhcmVudC9j - bXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCNz/BUN5bsAyMPi0X7oKZV/cAwmr2S - gQgIxaUHnQ6EJp4b2CUmlpPQ9pT/m+gPbajaRgUZmANfMF0uAFZpCP3hTRAc6NMH - 3Pwjzw1ICGSRRJASSizYN4hSxGpWW1hgghGTB3w5CjCm2VlwrQKJjb7/9H/gb4hi - RRZpaudithCEDlgkFhgU4uttSDLH2Rv14GtfmtyqDpmCE33STA7K+e9rdxaCqHC8 - u33zqm4oQxOX7wuJ/JxeJxExtZ0amu8yTZ+tDtQ4Iiu1VPl67o0mjYrBKRV4z2fC - wa/PKqombrC/qs+2+t/66mB9xaK1YpKnW2FL6Rjs+rZUJJQ16JhJkF7T - -----END CERTIFICATE----- -EOF - -python irbe_cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id 1 \ - --peer_contact_uri https://mirin.apnic.net/cgi-bin/up-down-parent.cgi \ - --cms_ta apnic.pem \ - --https_ta apnic.pem \ - --sia_base rsync://wombat.invalid/ \ - --recipient_name PARENT \ - --sender_name CHILD - -rm -f apnic.pem - -# Create a child context - -python irbe_cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer - -# Run the other daemons, arrange for everything to go away on shutdown, -# run initial cron job to set things up, then wait - -if test -n "$STY" -then - screen python irdbd.py -else - python irdbd.py >>irdbd.log 2>&1 & irdbd=$! - trap "kill $rpkid $irdbd" 0 1 2 3 13 15 -fi - -python cronjob.py - -if test -z "$STY" -then - tail +0f rpkid.log -fi diff --git a/scripts/Old/apnic-poke-2.yaml b/scripts/Old/apnic-poke-2.yaml deleted file mode 100644 index 6ba93729..00000000 --- a/scripts/Old/apnic-poke-2.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# $Id$ -# -# This sender config file was created by the make_cfg tool -# Account: TELSTRA-AU - -version: 1 -recipient-id: PARENT -sender-id: CHILD - -cms-cert-file: biz-certs/Bob-EE.cer -cms-key-file: biz-certs/Bob-EE.key -cms-cert-chain-file: [ biz-certs/Bob-CA.cer ] - -cms-ca-cert: | - -----BEGIN CERTIFICATE----- - MIIEFjCCAv6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBJMUcwRQYDVQQDEz5Eb2N1 - bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0gTm90IGZv - ciByZWFsIHVzZTAeFw0wNzEyMDEwNjMyNDdaFw0xNzExMjgwNjMyNDdaMEkxRzBF - BgNVBAMTPkRvY3VtZW50YXRpb24gUHJlZml4ZXMgQ01TIFBhcmVudCBUQSBzaWdu - ZXIgLSBOb3QgZm9yIHJlYWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEAtsRcgBpO7cTN+QGPnBaPtmfdsUZbctrfSBycS3QhwAItzZryqIHN9stP - A+0WEOC4+cfaY9xETqGwbq725p8FRwxUx9NBQS7jrL1ToNCJ+2qSH5ThK2hOQiCT - 3fv2FNJ/7gFFqofWt3mLyNEmnis95pRwzTtqH6ZaAaZk+AzwL77ww8AlwL/qfLtD - mjrsUfoELfkbS4ywFK0orjVKeGvzG8Dx7WiGvwmdhNNJ8/IAZmJC0NI8r9VIfcw3 - 2B7bnDGkKH3E0NNRIajPmLbaNfT0Dxw+BjIC3Ty48o3ghSScqviyThNFyj8cr9SB - Ww8ReAU6v9q4XWRnlZt8Lc9WIsF/MwIDAQABo4IBBzCCAQMwDAYDVR0TBAUwAwEB - /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPzZTgRZylsJph8KV9AU3klSgl8r - MHEGA1UdIwRqMGiAFPzZTgRZylsJph8KV9AU3klSgl8roU2kSzBJMUcwRQYDVQQD - Ez5Eb2N1bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0g - Tm90IGZvciByZWFsIHVzZYIBADBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vbWly - aW4uYXBuaWMubmV0L2RvY3VtZW50YXRpb24tcHJlZml4ZXMvY21zL3BhcmVudC9j - bXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCNz/BUN5bsAyMPi0X7oKZV/cAwmr2S - gQgIxaUHnQ6EJp4b2CUmlpPQ9pT/m+gPbajaRgUZmANfMF0uAFZpCP3hTRAc6NMH - 3Pwjzw1ICGSRRJASSizYN4hSxGpWW1hgghGTB3w5CjCm2VlwrQKJjb7/9H/gb4hi - RRZpaudithCEDlgkFhgU4uttSDLH2Rv14GtfmtyqDpmCE33STA7K+e9rdxaCqHC8 - u33zqm4oQxOX7wuJ/JxeJxExtZ0amu8yTZ+tDtQ4Iiu1VPl67o0mjYrBKRV4z2fC - wa/PKqombrC/qs+2+t/66mB9xaK1YpKnW2FL6Rjs+rZUJJQ16JhJkF7T - -----END CERTIFICATE----- - -ssl-cert-file: biz-certs/Bob-EE.cer -ssl-key-file: biz-certs/Bob-EE.key - -ssl-ca-cert: | - -----BEGIN CERTIFICATE----- - MIIEFjCCAv6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBJMUcwRQYDVQQDEz5Eb2N1 - bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0gTm90IGZv - ciByZWFsIHVzZTAeFw0wNzEyMDEwNjMyNDdaFw0xNzExMjgwNjMyNDdaMEkxRzBF - BgNVBAMTPkRvY3VtZW50YXRpb24gUHJlZml4ZXMgQ01TIFBhcmVudCBUQSBzaWdu - ZXIgLSBOb3QgZm9yIHJlYWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEAtsRcgBpO7cTN+QGPnBaPtmfdsUZbctrfSBycS3QhwAItzZryqIHN9stP - A+0WEOC4+cfaY9xETqGwbq725p8FRwxUx9NBQS7jrL1ToNCJ+2qSH5ThK2hOQiCT - 3fv2FNJ/7gFFqofWt3mLyNEmnis95pRwzTtqH6ZaAaZk+AzwL77ww8AlwL/qfLtD - mjrsUfoELfkbS4ywFK0orjVKeGvzG8Dx7WiGvwmdhNNJ8/IAZmJC0NI8r9VIfcw3 - 2B7bnDGkKH3E0NNRIajPmLbaNfT0Dxw+BjIC3Ty48o3ghSScqviyThNFyj8cr9SB - Ww8ReAU6v9q4XWRnlZt8Lc9WIsF/MwIDAQABo4IBBzCCAQMwDAYDVR0TBAUwAwEB - /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPzZTgRZylsJph8KV9AU3klSgl8r - MHEGA1UdIwRqMGiAFPzZTgRZylsJph8KV9AU3klSgl8roU2kSzBJMUcwRQYDVQQD - Ez5Eb2N1bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0g - Tm90IGZvciByZWFsIHVzZYIBADBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vbWly - aW4uYXBuaWMubmV0L2RvY3VtZW50YXRpb24tcHJlZml4ZXMvY21zL3BhcmVudC9j - bXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCNz/BUN5bsAyMPi0X7oKZV/cAwmr2S - gQgIxaUHnQ6EJp4b2CUmlpPQ9pT/m+gPbajaRgUZmANfMF0uAFZpCP3hTRAc6NMH - 3Pwjzw1ICGSRRJASSizYN4hSxGpWW1hgghGTB3w5CjCm2VlwrQKJjb7/9H/gb4hi - RRZpaudithCEDlgkFhgU4uttSDLH2Rv14GtfmtyqDpmCE33STA7K+e9rdxaCqHC8 - u33zqm4oQxOX7wuJ/JxeJxExtZ0amu8yTZ+tDtQ4Iiu1VPl67o0mjYrBKRV4z2fC - wa/PKqombrC/qs+2+t/66mB9xaK1YpKnW2FL6Rjs+rZUJJQ16JhJkF7T - -----END CERTIFICATE----- - -posturl: https://mirin.apnic.net/cgi-bin/up-down-parent.cgi - -requests: - list: - type: list diff --git a/scripts/Old/async-http.py b/scripts/Old/async-http.py deleted file mode 100644 index 5b5fc1cd..00000000 --- a/scripts/Old/async-http.py +++ /dev/null @@ -1,529 +0,0 @@ -""" -Testbed for figuring out how to write asynchronous HTTPS code. - -$Id$ - -Copyright (C) 2009 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -# Command that may be useful for testing server side of this: -# -# lynx -post_data -mime_header -source http://127.0.0.1:8000/ -# -# Testing the client side of this is more entertaining, both because -# we need to be liberal in what we accept and also because servers do -# wildly different things depending both on HTTP version number and -# options signaled by the client and also on internal details in the -# server context (such as whether the content is static or generated -# by CGI). It's useful to test against static content, but also to -# test against CGI-generated output, eg, the following trivial script: -# -# print "Content-Type: text/plain; charset=US-ASCII\r" -# print "\r" -# for i in xrange(100): -# print "%08d" % i, "." * 120, "\r" -# -# At least with Apache 2.0, result of running this differs -# significantly depending on whether client signals HTTP 1.0 or 1.1; -# the latter produces chunked output. - -import sys, os, time, socket, asyncore, asynchat, traceback, urlparse -import rpki.async, rpki.sundial - -debug = True - -want_persistent_client = True -want_persistent_server = True - -idle_timeout_default = rpki.sundial.timedelta(seconds = 60) -active_timeout_default = rpki.sundial.timedelta(seconds = 15) - -default_http_version = (1, 1) - -class http_message(object): - - software_name = "BalmyBandicoot HTTP test code" - - def __init__(self, version = None, body = None, headers = None): - self.version = version - self.body = body - self.headers = headers - self.normalize_headers() - - def normalize_headers(self, headers = None): - if headers is None: - headers = () if self.headers is None else self.headers.items() - translate_underscore = True - else: - translate_underscore = False - result = {} - for k,v in headers: - if translate_underscore: - k = k.replace("_", "-") - k = "-".join(s.capitalize() for s in k.split("-")) - v = v.strip() - if k in result: - result[k] += ", " + v - else: - result[k] = v - self.headers = result - - @classmethod - def parse_from_wire(cls, headers): - self = cls() - headers = headers.split("\r\n") - self.parse_first_line(*headers.pop(0).split(None, 2)) - for i in xrange(len(headers) - 2, -1, -1): - if headers[i + 1][0].isspace(): - headers[i] += headers[i + 1] - del headers[i + 1] - self.normalize_headers([h.split(":", 1) for h in headers]) - return self - - def format(self): - s = self.format_first_line() - if self.body is not None: - assert isinstance(self.body, str) - self.headers["Content-Length"] = len(self.body) - for kv in self.headers.iteritems(): - s += "%s: %s\r\n" % kv - s += "\r\n" - if self.body is not None: - s += self.body - return s - - def __str__(self): - return self.format() - - def parse_version(self, version): - if version[:5] != "HTTP/": - raise RuntimeError, "Couldn't parse version %s" % version - self.version = tuple(int(i) for i in version[5:].split(".")) - - def persistent(self): - c = self.headers.get("Connection") - if self.version == (1, 1): - return c is None or "close" not in c.lower() - elif self.version == (1, 0): - return c is not None and "keep-alive" in c.lower() - else: - return False - -class http_request(http_message): - - def __init__(self, cmd = None, path = None, version = default_http_version, body = None, callback = None, **headers): - if cmd is not None and cmd != "POST" and body is not None: - raise RuntimeError - http_message.__init__(self, version = version, body = body, headers = headers) - self.cmd = cmd - self.path = path - self.callback = callback - - def parse_first_line(self, cmd, path, version): - self.parse_version(version) - self.cmd = cmd - self.path = path - - def format_first_line(self): - self.headers.setdefault("User-Agent", self.software_name) - return "%s %s HTTP/%d.%d\r\n" % (self.cmd, self.path, self.version[0], self.version[1]) - -class http_response(http_message): - - def __init__(self, code = None, reason = None, version = default_http_version, body = None, **headers): - http_message.__init__(self, version = version, body = body, headers = headers) - self.code = code - self.reason = reason - - def parse_first_line(self, version, code, reason): - self.parse_version(version) - self.code = int(code) - self.reason = reason - - def format_first_line(self): - self.headers.setdefault("Date", time.strftime("%a, %d %b %Y %T GMT")) - self.headers.setdefault("Server", self.software_name) - return "HTTP/%d.%d %s %s\r\n" % (self.version[0], self.version[1], self.code, self.reason) - -def logger(self, msg): - if debug: - print "[%s %r: %s]" % (rpki.sundial.now().strftime("%T"), self, msg) - -class http_stream(asynchat.async_chat): - - log = logger - - idle_timeout = idle_timeout_default - active_timeout = active_timeout_default - - def __init__(self, conn = None): - asynchat.async_chat.__init__(self, conn = conn) - self.buffer = [] - self.timer = rpki.async.timer(self.handle_timeout) - self.restart() - - def restart(self, idle = True): - assert not self.buffer - self.chunk_handler = None - self.set_terminator("\r\n\r\n") - timeout = self.idle_timeout if idle else self.active_timeout - if timeout is not None: - self.timer.set(timeout) - else: - self.timer.cancel() - - def update_active_timeout(self): - if self.active_timeout is not None: - self.timer.set(self.active_timeout) - else: - self.timer.cancel() - - def collect_incoming_data(self, data): - """Buffer the data""" - self.buffer.append(data) - self.update_active_timeout() - - def get_buffer(self): - val = "".join(self.buffer) - self.buffer = [] - return val - - def found_terminator(self): - self.update_active_timeout() - if self.chunk_handler: - self.chunk_handler() - elif not isinstance(self.get_terminator(), str): - self.handle_body() - else: - self.log("Got headers") - self.msg = self.parse_type.parse_from_wire(self.get_buffer()) - if self.msg.version == (1, 1) and "chunked" in self.msg.headers.get("Transfer-Encoding", "").lower(): - self.msg.body = [] - self.chunk_handler = self.chunk_header - self.set_terminator("\r\n") - elif "Content-Length" in self.msg.headers: - self.set_terminator(int(self.msg.headers["Content-Length"])) - else: - self.handle_no_content_length() - - def chunk_header(self): - n = int(self.get_buffer().partition(";")[0], 16) - self.log("Chunk length %s" % n) - if n: - self.chunk_handler = self.chunk_body - self.set_terminator(n) - else: - self.msg.body = "".join(self.msg.body) - self.chunk_handler = self.chunk_discard_trailer - - def chunk_body(self): - self.log("Chunk body") - self.msg.body += self.buffer - self.buffer = [] - self.chunk_handler = self.chunk_discard_crlf - self.set_terminator("\r\n") - - def chunk_discard_crlf(self): - self.log("Chunk CRLF") - s = self.get_buffer() - assert s == "", "Expected chunk CRLF, got '%s'" % s - self.chunk_handler = self.chunk_header - - def chunk_discard_trailer(self): - self.log("Chunk trailer") - s = self.get_buffer() - assert s == "", "Expected end of chunk trailers, got '%s'" % s - self.chunk_handler = None - self.handle_message() - - def handle_body(self): - self.msg.body = self.get_buffer() - self.handle_message() - - def handle_error(self): - self.log("Error in HTTP stream handler") - print traceback.format_exc() - asyncore.close_all() - - def handle_timeout(self): - self.log("Timeout, closing") - self.close() - - def handle_close(self): - asynchat.async_chat.handle_close(self) - self.timer.cancel() - self.log("Closed") - -class http_server(http_stream): - - parse_type = http_request - - def __init__(self, conn, handlers): - self.handlers = handlers - http_stream.__init__(self, conn) - self.expect_close = not want_persistent_server - - def handle_no_content_length(self): - self.handle_message() - - def find_handler(self, path): - """Helper method to search self.handlers.""" - for s, h in self.handlers: - if path.startswith(s): - return h - return None - - def handle_message(self): - if not self.msg.persistent(): - self.expect_close = True - handler = self.find_handler(self.msg.path) - error = None - if False and self.msg.cmd != "POST": - error = 501, "No handler for method %s" % self.msg.cmd - elif False and self.headers["Content-Type"] != rpki_content_type: - error = 415, "No handler for Content-Type %s" % self.headers["Content-Type"] - elif handler is None: - error = 404, "No handler for URL %s" % self.msg.path - if error is None: - handler(self.msg, self.send_message) - else: - self.send_error(*error) - - def send_error(self, code, reason): - self.handle_message_message(http_response(code = code, reason = reason)) - - def send_message(self, msg): - msg.headers["Connection"] = "Close" if self.expect_close else "Keep-Alive" - self.push(msg.format()) - if self.expect_close: - self.log("Closing") - self.timer.cancel() - self.close_when_done() - else: - self.log("Listening for next message") - self.restart() - -class http_listener(asyncore.dispatcher): - - log = logger - - def __init__(self, handlers, port = 80, host = ""): - asyncore.dispatcher.__init__(self) - self.handlers = handlers - self.create_socket(socket.AF_INET, socket.SOCK_STREAM) - self.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - self.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) - self.bind((host, port)) - self.listen(5) - self.log("Listening on (host, port) %r, handlers %r" % ((host, port), handlers)) - - def handle_accept(self): - self.log("Accepting connection") - server = http_server(conn = self.accept()[0], handlers = self.handlers) - - def handle_error(self): - self.log("Error in HTTP listener") - print traceback.format_exc() - asyncore.close_all() - -class http_client(http_stream): - - parse_type = http_response - - def __init__(self, queue, hostport): - self.log("Creating new connection to %s" % repr(hostport)) - http_stream.__init__(self) - self.queue = queue - self.state = "idle" - self.expect_close = not want_persistent_client - self.create_socket(socket.AF_INET, socket.SOCK_STREAM) - self.connect(hostport) - - def handle_no_content_length(self): - self.set_terminator(None) - - def send_request(self, msg): - self.log("Sending request") - assert self.state == "idle" - if msg is not None: - self.state = "request-sent" - msg.headers["Connection"] = "Close" if self.expect_close else "Keep-Alive" - self.push(msg.format()) - self.restart(idle = False) - - def handle_message(self): - if not self.msg.persistent(): - self.expect_close = True - self.log("Message received, state %s" % self.state) - msg = None - if self.state == "request-sent": - msg = self.queue.done_with_request() - elif self.state == "idle": - self.log("Received unsolicited message") - elif self.state == "closing": - assert not self.msg.body - self.log("Ignoring empty response received while closing") - return - else: - raise RuntimeError, "[%r: Unexpected state]" % self - self.state = "idle" - if msg != None: - msg.callback(self.msg) - msg = self.queue.next_request(not self.expect_close) - if msg is not None: - self.log("Got a new message to send from my queue") - self.send_request(msg) - elif self.expect_close: - self.log("Closing") - self.state = "closing" - self.queue.closing(self) - self.close_when_done() - else: - self.log("Idling") - self.timer.set(self.idle_timeout) - - def handle_connect(self): - self.log("Connected") - self.send_request(self.queue.next_request(True)) - - def kickstart(self): - self.log("Kickstart") - assert self.state == "idle" - self.send_request(self.queue.next_request(True)) - - def handle_close(self): - http_stream.handle_close(self) - self.queue.closing(self) - if self.get_terminator() is None: - self.handle_body() - -class http_queue(object): - - log = logger - - def __init__(self, hostport): - self.log("Creating queue for %s" % repr(hostport)) - self.hostport = hostport - self.client = None - self.queue = [] - - def request(self, *requests): - self.log("Adding requests %r" % requests) - need_kick = self.client is not None and not self.queue - self.queue.extend(requests) - if self.client is None: - self.client = http_client(self, self.hostport) - elif need_kick: - self.client.kickstart() - - def done_with_request(self): - req = self.queue.pop(0) - self.log("Dequeuing request %r" % req) - return req - - def next_request(self, usable): - if not self.queue: - self.log("Queue is empty") - return None - self.log("Queue: %r" % self.queue) - if usable: - self.log("Queue not empty and connection usable") - return self.queue[0] - else: - self.log("Queue not empty but connection not usable, spawning") - self.client = http_client(self, self.hostport) - self.log("Spawned connection %r" % self.client) - return None - - def closing(self, client): - if client is self.client: - self.log("Removing client") - self.client = None - -class http_manager(dict): - - log = logger - - def query(self, url, callback, body = None): - u = urlparse.urlparse(url) - assert u.scheme == "http" and u.username is None and u.password is None and u.params == "" and u.query == "" and u.fragment == "" - request = http_request(cmd = "POST", path = u.path, body = body, callback = callback, - Host = u.hostname, Content_Type = "text/plain") - hostport = (u.hostname or "localhost", u.port or 80) - self.log("Created request %r for %r" % (request, hostport)) - if hostport not in self: - self[hostport] = http_queue(hostport) - self[hostport].request(request) - - def __repr__(self): - return "<%s object at %s>" % (self.__class__.__name__, id(self)) - -def client(msg, url, timeout = 300, callback = None): - pass - -def server(handlers, port, host =""): - if not isinstance(handlers, (tuple, list)): - handlers = (("/", handlers),) - listener = http_listener(port = 8000, handlers = handlers) - rpki.async.event_loop() - -if len(sys.argv) == 1: - - def handler(query_message, reply_callback): - reply_callback(http_response( - code = 200, - reason = "OK", - body = str(query_message), - Cache_Control = "no-cache,no-store", - Content_Type = "text/plain")) - - def other_handler(query_message, reply_callback): - reply_callback(http_response( - code = 200, - reason = "OK", - body = "Ok, you found it.\r\n\r\n" + str(query_message), - Cache_Control = "no-cache,no-store", - Content_Type = "text/plain")) - - server(port = 8000, handlers = (("/wombat", other_handler), ("/", handler))) - -else: - - def got_one(msg): - logger(None, "Got response") - if True: - print msg - print - - manager = http_manager() - - timer = rpki.async.timer() - - def loop(iterator, url): - logger(None, "Scheduler loop") - manager.query(url = url, callback = got_one, body = "Hi, I'm trying to talk to URL %s" % url) - timer.set(rpki.sundial.timedelta(seconds = 3)) - - def done(): - logger(None, "Scheduler done") - - timer.set_handler(rpki.async.iterator(sys.argv[1:], loop, done)) - - rpki.async.event_loop() - - for q in manager.values(): - assert not q.queue, "Requests still scheduled: %r %r %r" % (q, q.hostport, q.queue) - - assert not rpki.async.timer.queue, "Timers still scheduled: %r" % rpki.async.timer.queue diff --git a/scripts/Old/biz-certs-setup.sh b/scripts/Old/biz-certs-setup.sh deleted file mode 100644 index 64ebd7d8..00000000 --- a/scripts/Old/biz-certs-setup.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Quick hack to generate a set of business keys and certs for use with -# early prototype code. Not for production use. -# -# All we're trying to do here is generate a three-level-deep set of -# certs for each of several independent entities. Could easily be -# deeper in practice but this should be enough for simple tests: a -# self-signed root cert to use as a trust anchor, a working CA, and an -# EE cert used for CMS or TLS. -# -# Among other things missing here, we're not doing any restrictions -# beyond basicConstraints and we're not doing CRLs. -# -# One can extract the public key from a .key file by doing: -# -# $ openssl rsa -in foo.key -pubout -# -# I ended up needing this to build simulated packets for the -# left-right protocol. - -for i in Alice Bob Carol Dave Elena Frank Ginny Harry -do - for j in Root CA EE - do - - case $j in - EE) ca=false;; - *) ca=true;; - esac - - test -r $i-$j.cnf || cat >$i-$j.cnf <<-EOF - - [ req ] - distinguished_name = req_dn - x509_extensions = req_x509_ext - prompt = no - default_md = sha256 - - [ req_dn ] - CN = Test Certificate $i $j - - [ req_x509_ext ] - basicConstraints = CA:$ca - subjectKeyIdentifier = hash - authorityKeyIdentifier = keyid:always - - EOF - - test -r $i-$j.key || openssl genrsa -out $i-$j.key 2048 - test -r $i-$j.req || openssl req -new -sha256 -key $i-$j.key -out $i-$j.req -config $i-$j.cnf - - done - - test -r $i-Root.cer || openssl x509 -sha256 -req -in $i-Root.req -out $i-Root.cer -extfile $i-Root.cnf -extensions req_x509_ext -signkey $i-Root.key -days 60 - test -r $i-CA.cer || openssl x509 -sha256 -req -in $i-CA.req -out $i-CA.cer -extfile $i-CA.cnf -extensions req_x509_ext -CA $i-Root.cer -CAkey $i-Root.key -CAcreateserial - test -r $i-EE.cer || openssl x509 -sha256 -req -in $i-EE.req -out $i-EE.cer -extfile $i-EE.cnf -extensions req_x509_ext -CA $i-CA.cer -CAkey $i-CA.key -CAcreateserial - -done - -for i in *.cer -do - h=`openssl x509 -noout -hash -in $i`.0 - test -r $h || - ln -s $i $h -done diff --git a/scripts/Old/blow-away-databases.sh b/scripts/Old/blow-away-databases.sh deleted file mode 100644 index 44df7861..00000000 --- a/scripts/Old/blow-away-databases.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# GRANT ALL ON rpki.* TO rpki@localhost IDENTIFIED BY '<secret>'; -# GRANT ALL ON irdb.* TO irdb@localhost IDENTIFIED BY '<secret>'; - -echo "This script destroys and rebuilds our databases." -echo "Don't type the password unless you're sure you want to do this." - -(echo 'DROP DATABASE rpki; CREATE DATABASE rpki; USE rpki;' - cat ../docs/rpki-db-schema.sql - echo 'DROP DATABASE irdb; CREATE DATABASE irdb; USE irdb;' - cat ../docs/sample-irdb.sql -) | -mysql -u root -p diff --git a/scripts/Old/check-hashes.sh b/scripts/Old/check-hashes.sh deleted file mode 100644 index 8edcced9..00000000 --- a/scripts/Old/check-hashes.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -: ${openssl=/u/sra/isc/route-pki/subvert-rpki.hactrn.net/openssl/openssl/apps/openssl} -: ${switches='-verbose -crl_check_all -policy_check -explicit_policy -policy 1.3.6.1.5.5.7.14.2 -x509_strict'} -: ${hashtree=hashed} - -find $hashtree -type f -name '*.[0-9]*' 2>&1 -print -exec \ - $openssl verify $switches -CApath $(find $hashtree -type d | tr \\012 : | sed 's=:$==') {} \; - -# Hack for analyzing results of running this script: -# -# awk -F: '/^hashed/ && NF == 1 {f = $0; p = 1; next} /^hashed/ && NF == 2 && $1 == f && $2 == " OK" {next} p {print "\n" f; p = 0} {print}' check-hashes.log diff --git a/scripts/Old/cronjob.py b/scripts/Old/cronjob.py deleted file mode 100644 index eee2b945..00000000 --- a/scripts/Old/cronjob.py +++ /dev/null @@ -1,72 +0,0 @@ -""" -Tool to trigger "cron" runs in rpkid. - -Usage: python cronjob.py [ { -c | --config } configfile ] - [ { -d | --debug } ] - [ { -h | --help } ] - -Default configuration file is cronjob.conf, override with --config option. - -$Id$ - -Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import getopt, sys -import rpki.config, rpki.https, rpki.async - -cfg_file = "cronjob.conf" -debug = False - -opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"]) -for o, a in opts: - if o in ("-h", "--help", "-?"): - print __doc__ - sys.exit(0) - elif o in ("-c", "--config"): - cfg_file = a - elif o in ("-d", "--debug"): - debug = True -if argv: - print __doc__ - raise RuntimeError, "Unexpected arguments %s" % argv - -cfg = rpki.config.parser(cfg_file, "cronjob") - -if debug: - rpki.log.init("cronjob") - rpki.log.set_trace(True) - -irbe_key = rpki.x509.RSA( Auto_file = cfg.get("irbe-key")) -irbe_cert = rpki.x509.X509(Auto_file = cfg.get("irbe-cert")) -bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) -rpkid_cert = rpki.x509.X509(Auto_file = cfg.get("rpkid-cert")) - -def cb(*whatever): - print repr(whatever) - -def eb(e): - print repr(e) - raise e - -rpki.https.client(client_key = irbe_key, - client_cert = irbe_cert, - server_ta = (bpki_ta, rpkid_cert), - url = cfg.get("https-url"), - msg = "Please run cron now.", - callback = cb, - errback = eb) - -rpki.async.event_loop() diff --git a/scripts/Old/extract-cert-from-rpki.sh b/scripts/Old/extract-cert-from-rpki.sh deleted file mode 100644 index 3d28bfdb..00000000 --- a/scripts/Old/extract-cert-from-rpki.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -: ${instance=R0} - -python ../rpkid.py -c $instance.conf & -rpkid=$! - -python ../irbe-cli.py -c $instance.conf bsc --self_id 1 --action list | -qh 2>/dev/null | -awk ' - /\(signing_cert/ {p = 1} - /\)signing_cert/ {p = 0} - p && /^-/ { - sub(/-/,""); - cmd = "mimencode -u | openssl x509 -text -inform DER -out " NR ".pem"; - print | cmd; - } -' - -kill $rpkid diff --git a/scripts/Old/gki.pl b/scripts/Old/gki.pl deleted file mode 100644 index e91c4abe..00000000 --- a/scripts/Old/gki.pl +++ /dev/null @@ -1,46 +0,0 @@ -: -# $Id$ -eval 'exec perl -w -S $0 ${1+"$@"}' - if 0; - -use MIME::Base64; - -sub g { - my $x = shift; - $x =~ s{:}{}g; - $x = pack("H*", $x); - $x = encode_base64($x, ""); - $x =~ y{+/}{-_}; - $x =~ s{=+$}{}; - return $x; -} - -while (@ARGV) { - my ($file, $aki, $ski, $a, $s) = shift(@ARGV); - if ($file =~ /\.cer$/) { - open(F, "-|", qw(openssl x509 -noout -inform DER -text -in), $file) - or die("Couldn't run openssl x509 on $file: $!\n"); - } elsif ($file =~ /\.crl$/) { - open(F, "-|", qw(openssl crl -noout -inform DER -text -in), $file) - or die("Couldn't run openssl x509 on $file: $!\n"); - } else { - next; - } - while (<F>) { - chomp; - s/^\s*//; - s/^keyid://; - $a = $. + 1 - if (/X509v3 Authority Key Identifier:/); - $s = $. + 1 - if (/X509v3 Subject Key Identifier:/); - $aki = $_ - if ($a && $. == $a); - $ski = $_ - if ($s && $. == $s); - } - close(F); - my $gaki = $aki ? g($aki) : "=" x 27; - my $gski = $ski ? g($ski) : "=" x 27; - print("$gaki $gski $file\n"); -} diff --git a/scripts/Old/http-client.py b/scripts/Old/http-client.py deleted file mode 100644 index 8acffd41..00000000 --- a/scripts/Old/http-client.py +++ /dev/null @@ -1,50 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -""" -Usage: python http-client [ { -c | --config } configfile ] - [ { -h | --help } ] - [ { -m | --msg } message ] - -Default configuration file is http-demo.conf, override with --config option. -""" - -import rpki.config, rpki.https, getopt, sys - -msg = "This is a test. This is only a test. Had this been real you would now be really confused.\n" - -cfg_file = "http-demo.conf" - -opts,argv = getopt.getopt(sys.argv[1:], "c:hm:?", ["config=", "help", "msg="]) -for o,a in opts: - if o in ("-h", "--help", "-?"): - print __doc__ - sys.exit(0) - elif o in ("-m", "--msg"): - msg = a - elif o in ("-c", "--config"): - cfg_file = a -if argv: - print __doc__ - raise RuntimeError, "Unexpected arguments %s" % argv - -cfg = rpki.config.parser(cfg_file, "client") - -print rpki.https.client(privateKey = rpki.x509.RSA(Auto_file = cfg.get("https-key")), - certChain = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")), - x509TrustList = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta")), - url = cfg.get("https-url"), - msg = msg) diff --git a/scripts/Old/http-demo.conf b/scripts/Old/http-demo.conf deleted file mode 100644 index 3fbd9a91..00000000 --- a/scripts/Old/http-demo.conf +++ /dev/null @@ -1,19 +0,0 @@ -[server] -https-key = biz-certs/Carol-EE.key -https-cert.0 = biz-certs/Carol-EE.cer -https-cert.1 = biz-certs/Carol-CA.cer -https-ta = biz-certs/Dave-Root.cer - -[client] -https-key = biz-certs/Dave-EE.key -https-cert.0 = biz-certs/Dave-EE.cer -https-cert.1 = biz-certs/Dave-CA.cer -https-ta.0 = biz-certs/Alice-Root.cer -https-ta.1 = biz-certs/Bob-Root.cer -https-ta.2 = biz-certs/Carol-Root.cer -https-ta.3 = biz-certs/Elena-Root.cer -https-ta.4 = biz-certs/Frank-Root.cer -https-ta.5 = biz-certs/Ginny-Root.cer -https-ta.6 = biz-certs/Harry-Root.cer - -https-url = https://localhost:4433/cronjob diff --git a/scripts/Old/http-server.py b/scripts/Old/http-server.py deleted file mode 100644 index 0a275cf7..00000000 --- a/scripts/Old/http-server.py +++ /dev/null @@ -1,29 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import rpki.https, tlslite.api, rpki.config - -cfg = rpki.config.parser("http-demo.conf", "server") - -privateKey = rpki.x509.RSA(PEM_file = cfg.get("https-key")) - -certChain = rpki.x509.X509_chain() -certChain.load_from_PEM(cfg.multiget("https-cert")) - -def handler(query, path): - return 200, "Path: %s\nQuery: %s" % (path, query) - -rpki.https.server(privateKey = privateKey, certChain = certChain, handlers = handler) diff --git a/scripts/Old/irbe-setup.py b/scripts/Old/irbe-setup.py deleted file mode 100644 index 11f3a7a0..00000000 --- a/scripts/Old/irbe-setup.py +++ /dev/null @@ -1,118 +0,0 @@ -""" -Set up the relationship between an IRBE and an RPKI engine given an -IRDB. Our main task here is to create child objects in the RPKI -engine for every registrant object in the IRDB. - -NB: This code is badly out of date, and has been kept only because -some of what it's doing might be useful in other tools that haven't -been written yet. Don't believe anything you see here. - - -$Id$ - -Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import os, MySQLdb -import rpki.left_right, rpki.relaxng, rpki.https -import rpki.x509, rpki.config, rpki.log - -rpki.log.init("irbe-setup") - -cfg = rpki.config.parser("irbe.conf", "irbe_cli") - -db = MySQLdb.connect(user = cfg.get("sql-username", section = "irdbd"), - db = cfg.get("sql-database", section = "irdbd"), - passwd = cfg.get("sql-password", section = "irdbd")) -cur = db.cursor() -db.autocommit(True) - -bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) -rpkid_cert = rpki.x509.X509(Auto_files = cfg.get("rpkid-cert")) -irbe_cert = rpki.x509.X509(Auto_files = cfg.get("irbe-cert")) -irbe_key = rpki.x509.RSA( Auto_file = cfg.get("irbe-key")) -https_url = cfg.get("https-url") - -def call_rpkid(pdu): - """ - Hand a PDU to rpkid and get back the response. Just throw an - exception if anything bad happens, no fancy error handling. - """ - - msg = rpki.left_right.msg.query((pdu,)) - cms = rpki.left_right.cms_msg.wrap(msg, irbe_key, irbe_cert) - der = rpki.https.client(client_key = irbe_key, - client_cert = irbe_cert, - server_ta = (bpki_ta, rpkid_cert), - url = https_url, - msg = cms) - msg = rpki.left_right.cms_msg.unwrap(der, (bpki_ta, rpkid_cert)) - pdu = msg[0] - assert len(msg) == 1 and msg.is_reply() and not isinstance(pdu, rpki.left_right.report_error_elt) - return pdu - -print "Create a self instance" -pdu = call_rpkid(rpki.left_right.self_elt.make_pdu(action = "create", crl_interval = 84600)) -self_id = pdu.self_id - -print "Create a business signing context" -pdu = rpki.left_right.bsc_elt.make_pdu(action = "create", self_id = self_id, generate_keypair = True) -pdu = call_rpkid(pdu) -bsc_id = pdu.bsc_id - -print "Issue the business cert" -i, o = os.popen2(("openssl", "x509", "-req", - "-CA", "biz-certs/Bob-CA.cer", - "-CAkey", "biz-certs/Bob-CA.key", - "-CAserial", "biz-certs/Bob-CA.srl")) -i.write(pdu.pkcs10_request.get_PEM()) -i.close() -cer = rpki.x509.X509(PEM = o.read()) -o.close() - -print "Set up the business cert chain" -pdu = rpki.left_right.bsc_elt.make_pdu(action = "set", self_id = self_id, bsc_id = bsc_id, signing_cert = cer) -call_rpkid(pdu) - -print "Create a repository context" -pdu = call_rpkid(rpki.left_right.repository_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id)) -repository_id = pdu.repository_id - -print "Create a parent context" -ta = rpki.x509.X509(Auto_file = "biz-certs/Elena-Root.cer") -pdu = call_rpkid(rpki.left_right.parent_elt.make_pdu( - action = "create", self_id = self_id, bsc_id = bsc_id, repository_id = repository_id, bpki_cms_cert = ta, - peer_contact_uri = "https://localhost:44333/", sia_base = "rsync://wombat.invalid/")) -parent_id = pdu.parent_id - -print "Create child contexts for everybody" -print "Using a single cert for all of these registrants is a crock" - -cer = rpki.x509.X509(Auto_file = "biz-certs/Frank-Root.cer") - -cur.execute("SELECT registrant_id, registrant_name FROM registrant") -registrants = cur.fetchall() - -for registrant_id, registrant_name in registrants: - print "Attempting to bind", registrant_id, registrant_name - pdu = call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id, bpki_cms_cert = cer)) - print "Attempting to bind", registrant_id, registrant_name, pdu.child_id - cur.execute( - """ - UPDATE registrant - SET rpki_self_id = %d, rpki_child_id = %d - WHERE registrant_id = %d - """, - (self_id, pdu.child_id, registrant_id)) diff --git a/scripts/Old/irbe-setup.sh b/scripts/Old/irbe-setup.sh deleted file mode 100644 index 31342aaa..00000000 --- a/scripts/Old/irbe-setup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Run irbe-setup.py, under screen if possible. - -#make test - -if test -n "$STY" -then - screen python rpkid.py -else - python rpkid.py >>rpkid.log 2>&1 & rpkid=$! - trap "kill $rpkid" 0 1 2 3 13 15 -fi - -sleep 5 - -exec python irbe-setup.py diff --git a/scripts/Old/make-hashes.pl b/scripts/Old/make-hashes.pl deleted file mode 100644 index 4b58a9d0..00000000 --- a/scripts/Old/make-hashes.pl +++ /dev/null @@ -1,42 +0,0 @@ -# -*- Perl -*- -# $Id$ - -use strict; - -my $openssl = "/u/sra/isc/route-pki/subvert-rpki.hactrn.net/openssl/openssl/apps/openssl"; -my $dir = "hashed"; - -my @cmds; -my %hashes; - -exit unless (@ARGV); - -open(F, "-|", "find", @ARGV, qw{-type f ( -name *.cer -o -name *.crl )}) - or die("Couldn't run find: $!\n"); - -@ARGV = (); - -while (<F>) { - chomp; - my $f = $_; - my $type = /\.cer$/ ? "x509" : "crl"; - $_ = "$dir/$f"; - s=/[^/]+$==; - my $d = $_; - my $h = `$openssl $type -inform DER -in $f -noout -hash`; - chomp($h); - $h .= "."; - $h .= "r" if ($type eq "crl"); - $h .= 0 + $hashes{$d}{$h}++; - push(@cmds, "$openssl $type -inform DER -outform PEM -out $d/$h -in $f\n"); -} - -close(F); - -print("rm -rf $dir\n"); - -print("test -d $_ || mkdir -p $_\n") - foreach (sort(keys(%hashes))); - -print($_) - foreach (@cmds); diff --git a/scripts/Old/manifests.py b/scripts/Old/manifests.py deleted file mode 100644 index df8bc2d4..00000000 --- a/scripts/Old/manifests.py +++ /dev/null @@ -1,90 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import time, glob, os -import rpki.x509, rpki.manifest, rpki.sundial - -show_content_1 = False -show_signed_manifest_PEM = False -show_signed_manifest_asn1dump = True -show_content_2 = False -show_content_3 = False -dump_signed_manifest_DER = False -dump_manifest_content_DER = False -test_empty_manifest = False - -def dumpasn1(thing): - # Save to file rather than using popen4() because dumpasn1 uses - # seek() when decoding ASN.1 content nested in OCTET STRING values. - try: - fn = "dumpasn1.tmp" - f = open(fn, "w") - f.write(thing) - f.close() - f = os.popen("dumpasn1 2>&1 -a " + fn) - print "\n".join(x for x in f.read().splitlines() if x.startswith(" ")) - f.close() - finally: - os.unlink(fn) - -if test_empty_manifest: - names_and_objs = [] -else: - names_and_objs = [(fn, rpki.x509.X509(Auto_file = fn)) for fn in glob.glob("resource-cert-samples/*.cer")] - -now = rpki.sundial.datetime.utcnow() - -m = rpki.x509.SignedManifest() -m.build( - serial = 17, - thisUpdate = now, - nextUpdate = now + rpki.sundial.timedelta(days = 1), - names_and_objs = names_and_objs, - keypair = rpki.x509.RSA(Auto_file = "biz-certs/Alice-EE.key"), - certs = rpki.x509.X509_chain(Auto_files = ("biz-certs/Alice-EE.cer", "biz-certs/Alice-CA.cer"))) - -if show_content_1: - dumpasn1(m.get_content().toString()) - -if show_signed_manifest_PEM: - print m.get_PEM() - -if dump_manifest_content_DER: - f = open("manifest-content.der", "wb") - f.write(m.get_content().toString()) - f.close() - -if dump_signed_manifest_DER: - f = open("signed-manifest.der", "wb") - f.write(m.get_DER()) - f.close() - -if show_signed_manifest_asn1dump: - dumpasn1(m.get_DER()) - -n = rpki.x509.SignedManifest(DER = m.get_DER()) - -n.verify(ta = rpki.x509.X509(Auto_file = "biz-certs/Alice-Root.cer")) - -if show_content_2: - dumpasn1(n.get_content().toString()) - -assert m.get_content().toString() == n.get_content().toString() -assert m.get_content().get() == n.get_content().get() - -if show_content_3: - print - print n.get_content().get() diff --git a/scripts/Old/master.sh b/scripts/Old/master.sh deleted file mode 100644 index 8f59d357..00000000 --- a/scripts/Old/master.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -# $Id$ - -scripts="subvert-rpki.hactrn.net/scripts" - -repositories="ca-trial.ripe.net/RIPE ca-trial.ripe.net/ARIN repository.apnic.net" - -cd `dirname $0` - -. $scripts/mirror-apnic.sh -. $scripts/mirror-ripe.sh - -perl $scripts/gen-verify-test.pl $repositories | -tee verify.sh | -sh 2>&1 | -tee verify.log - -perl $scripts/make-hashes.pl $repositories | -tee make-hashes.sh | -sh 2>&1 | -tee make-hashes.log - -sh $scripts/check-hashes.sh 2>&1 | -tee check-hashes.log diff --git a/scripts/Old/mirror-apnic.sh b/scripts/Old/mirror-apnic.sh deleted file mode 100644 index 995efcb8..00000000 --- a/scripts/Old/mirror-apnic.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# $Id$ - -# An unknown entity representing itself as gmm says that this is the -# trust anchor for the APNIC test repository. -# -fetch -m -o repository.apnic.net/trust-anchor.cer \ - http://mirin.apnic.net/resourcecerts/trust-anchor.cer - -# Mirror the repository itself -# -rsync -aiz --delete rsync://repository.apnic.net/APNIC/ repository.apnic.net/APNIC/ diff --git a/scripts/Old/mirror-ripe.sh b/scripts/Old/mirror-ripe.sh deleted file mode 100644 index f2ba5a17..00000000 --- a/scripts/Old/mirror-ripe.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# $Id$ - -# The following are freshly produced in conformance with Geoff & -# George's latest developments - I hope. - -# Trust Anchors (consider this an out-of-band delivery method): - -# RIPE TA: -fetch -m -o ca-trial.ripe.net/riperoot/repos/root.cer \ - http://ca-trial.ripe.net/~riperoot/repos/root.cer - -# ARIN TA: -fetch -m -o ca-trial.ripe.net/arinroot/repos/root.cer \ - http://ca-trial.ripe.net/~arinroot/repos/root.cer - -# The repositories are here: -rsync -aiz --delete rsync://ca-trial.ripe.net/RIPE/ ca-trial.ripe.net/RIPE/ -rsync -aiz --delete rsync://ca-trial.ripe.net/ARIN/ ca-trial.ripe.net/ARIN/ - -# Some test certificates: - -# RIPE->RIPE->ISP: -fetch -m -o ca-trial.ripe.net/ripeprod/repos/ripe-08.cer \ - http://ca-trial.ripe.net/~ripeprod/repos/ripe-08.cer - -# ARIN->ARIN->ISP: -fetch -m -o ca-trial.ripe.net/arinprod/repos/arin-01.cer \ - http://ca-trial.ripe.net/~arinprod/repos/arin-01.cer - -# RIPE->ARIN->ISP: -fetch -m -o ca-trial.ripe.net/arinprod/repos/ripe-01.cer \ - http://ca-trial.ripe.net/~arinprod/repos/ripe-01.cer - -# ARIN->RIPE->ISP: -fetch -m -o ca-trial.ripe.net/ripeprod/repos/arin-01.cer \ - http://ca-trial.ripe.net/~ripeprod/repos/arin-01.cer - -# I think they work with full up-down chaining, provided that I copied -# everything in place. -# -# George, please look at these, I believe I only need your SIA for these to be -# ready: -# -# RIPE->APNIC cert currently: http://ca-trial.ripe.net/~riperoot/repos/root-0E.cer -# ARIN->APNIC cert currently: http://ca-trial.ripe.net/~arinroot/repos/root-09.cer diff --git a/scripts/Old/pkcs10.py b/scripts/Old/pkcs10.py deleted file mode 100644 index 386229f2..00000000 --- a/scripts/Old/pkcs10.py +++ /dev/null @@ -1,100 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import POW.pkix, glob, os -import rpki.x509, rpki.resource_set, rpki.oids - -parse_test = False -generate_test = True - -parse_extensions = True -show_attributes = False -show_algorithm = False -do_verify = True -show_signature = False -show_publickey = False - -def hexify(thing): - return ":".join(["%02X" % ord(i) for i in thing]) - -if parse_test: - - for name in glob.glob("resource-cert-samples/*.req") + glob.glob("biz-certs/*.req"): - pkcs10 = rpki.x509.PKCS10(Auto_file = name).get_POWpkix() - - print "[", name, "]" - - if show_algorithm: - print pkcs10.signatureAlgorithm - print - print pkcs10.signatureAlgorithm.get() - print - - if show_signature: - print pkcs10.signatureValue, hexify(pkcs10.signatureValue.get()) - print - - if show_publickey: - print pkcs10.certificationRequestInfo.subjectPublicKeyInfo - print pkcs10.certificationRequestInfo.subjectPublicKeyInfo.get() - print hexify(pkcs10.certificationRequestInfo.subjectPublicKeyInfo.toString()) - print - - if show_attributes: - print pkcs10.certificationRequestInfo.attributes.oid, pkcs10.certificationRequestInfo.attributes.oid.get() - print - print pkcs10.certificationRequestInfo.attributes.val, pkcs10.certificationRequestInfo.attributes.val.get() - print - print pkcs10.certificationRequestInfo.attributes.val.choice, pkcs10.certificationRequestInfo.attributes.val.choices - print - print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice] - print - print len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]) - print - if len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]) > 0: - print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice][0] - print - - if parse_extensions: - - exts = pkcs10.getExtensions() - - bag = rpki.resource_set.parse_extensions(exts) - if bag.as: print "ASN =", bag.as - if bag.v4: print "IPv4 =", bag.v4 - if bag.v6: print "IPv6 =", bag.v6 - - for oid, crit, val in exts: - if oid in (rpki.oids.name2oid["sbgp-ipAddrBlock"], - rpki.oids.name2oid["sbgp-autonomousSysNum"]): - continue - if isinstance(val, str): - val = hexify(val) - print POW.pkix.oid2obj(oid), oid, "=", val - - if do_verify: - print - print "Signature verification: %s" % pkcs10.verify() - - print - -if generate_test: - keypair = rpki.x509.RSA() - keypair.generate() - pkcs10 = rpki.x509.PKCS10.create(keypair) - f = os.popen("openssl req -text -config /dev/null", "w") - f.write(pkcs10.get_PEM()) - f.close() diff --git a/scripts/Old/resource-cert-samples.py b/scripts/Old/resource-cert-samples.py deleted file mode 100644 index 16986d9b..00000000 --- a/scripts/Old/resource-cert-samples.py +++ /dev/null @@ -1,277 +0,0 @@ -""" -Generate an RPKI test repository. - -This script generates a toy RPKI repository for test purposes. It's -designed to be relatively easy to reconfigure, making it simple to -test whatever is of interest on a given day, without a lot of setup -overhead. - -Outputs are a bunch of config files for the OpenSSL CLI tool and a -makefile to drive everything. - -$Id$ - -Copyright (C) 2009 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - -Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import rpki.resource_set, os - -subdir = "resource-cert-samples" -openssl = "../../openssl/openssl/apps/openssl" -keybits = 2048 - -def main(): - """ - Main program, including the toy database itself. - """ - - db = allocation_db() - db.add("ISP1", ipv4 = "192.0.2.1-192.0.2.33", asn = "64533") - db.add("ISP2", ipv4 = "192.0.2.44-192.0.2.100") - db.add("ISP3", ipv6 = "2001:db8::44-2001:db8::100") - db.add("ISP4", ipv6 = "2001:db8::10:0:44/128", asn = "64544") - db.add("ISP5a", ipv4 = "10.0.0.0/24", ipv6 = "2001:db8::a00:0/120") - db.add("ISP5b", ipv4 = "10.3.0.0/24", ipv6 = "2001:db8::a03:0/120") - db.add("ISP5c", asn = "64534-64540") - db.add("LIR1", children = ["ISP1", "ISP2"]) - db.add("LIR2", children = ["ISP3", "ISP4"]) - db.add("LIR3", children = ["ISP5a", "ISP5b", "ISP5c"]) - db.add("RIR", children = ["LIR1", "LIR2", "LIR3"]) - - if not os.path.isdir(subdir): - os.mkdir(subdir) - - for i in db: - write_maybe("%s/%s.cnf" % (subdir, i.name), i.cfg_string()) - - write_maybe("%s/Makefile" % subdir, - "# Automatically generated, do not edit.\n" + - "".join([i.makefile_rules() for i in db])) - -def write_maybe(name, new_content): - """ - Write a file if and only if its contents have changed. This - simplifies interactions with "make". - """ - old_content = None - if os.path.isfile(name): - f = open(name, "r") - old_content = f.read() - f.close() - if old_content != new_content: - print "Writing", name - f = open(name, "w") - f.write(new_content) - f.close() - -class allocation_db(list): - """ - Class to represent an allocation database. - """ - - def __init__(self): - self.allocation_map = {} - - def add(self, name, **kw): - """ - Add a new entry to this allocation database. All arguments passed - through to the allocation constructor. - """ - self.insert(0, allocation(name = name, allocation_map = self.allocation_map, **kw)) - -class allocation(object): - """ - Class representing one entity holding allocated resources. - - In order to simplify configuration, this class automatically - computes the set of resources that this entity must hold in order to - serve both itself and its children. - """ - - parent = None - - def __init__(self, name, asn = None, ipv4 = None, ipv6 = None, children = (), allocation_map = None): - """ - Create a new allocation entry. - - This binds the parent attributes of any children, and computes the - transitive closure of the set of resources this entity needs. - """ - self.name = name - self.children = [allocation_map[i] for i in children] - for child in self.children: - assert child.parent is None - child.parent = self - self.asn = self.summarize("asn", rpki.resource_set.resource_set_as(asn)) - self.ipv4 = self.summarize("ipv4", rpki.resource_set.resource_set_ipv4(ipv4)) - self.ipv6 = self.summarize("ipv6", rpki.resource_set.resource_set_ipv6(ipv6)) - allocation_map[name] = self - - def summarize(self, attrname, seed = None): - """ - Compute the transitive resource closure for one resource attribute. - """ - if seed is None: - seed = getattr(self, attrname) - for child in self.children: - seed = seed.union(child.summarize(attrname)) - return seed - - def __str__(self): - return "%s\n ASN: %s\n IPv4: %s\n IPv6: %s" % (self.name, self.asn, self.ipv4, self.ipv6) - - def cfg_string(self): - """ - Generate the OpenSSL configuration file needed for this entity. - """ - keys = { "self" : self.name, - "keybits" : keybits, - "no_parent" : "#", - "no_asid" : "#", - "no_addr" : "#", - "parent" : "???", - "asid" : "???", - "addr" : "???" } - if self.parent: - keys["no_parent"] = "" - keys["parent"] = self.parent.name - if self.asn: - keys["no_asid"] = "" - keys["asid"] = ",".join(["AS:" + str(x) for x in self.asn]) - if self.ipv4 or self.ipv6: - keys["no_addr"] = "" - keys["addr"] = ",".join(["IPv4:" + str(x) for x in self.ipv4] + ["IPv6:" + str(x) for x in self.ipv6]) - return openssl_cfg_fmt % keys - - def makefile_rules(self): - """ - Generate the makefile rules needed for this entity. - """ - keys = { "self" : self.name, - "keybits" : keybits, - "openssl" : openssl } - if self.parent: - keys["signconf"] = "%s.cnf" % self.parent.name - keys["signdeps"] = "%s.key" % self.parent.name - else: - keys["signconf"] = "%s.cnf -selfsign" % self.name - keys["signdeps"] = "%s.key" % self.name - return makefile_fmt % keys - -makefile_fmt = '''\ - -all:: %(self)s.cer - -%(self)s.key: - %(openssl)s genrsa -out $@ %(keybits)d - -%(self)s.req: %(self)s.key %(self)s.cnf Makefile - %(openssl)s req -new -config %(self)s.cnf -key %(self)s.key -out $@ - -%(self)s.cer: %(self)s.req %(self)s.cnf %(signdeps)s Makefile - @test -d %(self)s || mkdir %(self)s - @test -f %(self)s/index || touch %(self)s/index - @test -f %(self)s/serial || echo 01 >%(self)s/serial - %(openssl)s ca -batch -out $@ -in %(self)s.req -extfile %(self)s.cnf -config %(signconf)s - - -show_req:: - %(openssl)s req -noout -text -in %(self)s.req -config /dev/null - -show_cer:: - %(openssl)s x509 -noout -text -in %(self)s.cer -''' - -openssl_cfg_fmt = '''# Automatically generated, do not edit. - -[ ca ] -default_ca = ca_default - -[ ca_default ] -certificate = %(self)s.cer -serial = %(self)s/serial -private_key = %(self)s.key -database = %(self)s/index -new_certs_dir = %(self)s -name_opt = ca_default -cert_opt = ca_default -default_days = 365 -default_crl_days = 30 -default_md = sha256 -preserve = no -copy_extensions = copy -policy = ca_policy_anything -unique_subject = no -x509_extensions = ca_x509_ext -crl_extensions = crl_x509_ext - -[ ca_policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -givenName = optional -surname = optional - -[ req ] -default_bits = %(keybits)d -encrypt_key = no -distinguished_name = req_dn -req_extensions = req_x509_ext -prompt = no - -[ req_dn ] -CN = TEST ENTITY %(self)s - -[ req_x509_ext ] -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/%(self)s/ -%(no_parent)sauthorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/%(parent)s.cer -%(no_asid)ssbgp-autonomousSysNum = critical,%(asid)s -%(no_addr)ssbgp-ipAddrBlock = critical,%(addr)s - -[ ca_x509_ext ] -basicConstraints = critical,CA:true -%(no_parent)sauthorityKeyIdentifier = keyid:always -keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/%(self)s/ -%(no_parent)sauthorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/%(parent)s.cer -%(no_asid)ssbgp-autonomousSysNum = critical,%(asid)s -%(no_addr)ssbgp-ipAddrBlock = critical,%(addr)s - -[ crl_x509_ext ] -authorityKeyIdentifier = keyid:always -''' - -main() diff --git a/scripts/Old/resource-set.py b/scripts/Old/resource-set.py deleted file mode 100644 index 11c11e45..00000000 --- a/scripts/Old/resource-set.py +++ /dev/null @@ -1,97 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import socket -import re - -class ip_address(object): - - def __init__(self, text): - self.addr = socket.inet_pton(self.af, text) - - def __str__(self): - return socket.inet_ntop(self.af, self.addr) - - def __eq__(self, other): - return self.addr == other.addr - - def __hash__(self): - return self.addr.__hash__() - -class ipv4_address(ip_address): - af = socket.AF_INET - -class ipv6_address(ip_address): - af = socket.AF_INET6 - -class resource(object): - pass - -class asn(resource, long): - pass - -class ip_prefix(resource): - - def __init__(self, addr, prefixlen): - self.addr = self.ac(addr) - self.prefixlen = prefixlen - - def __str__(self): - return str(self.addr) + "/" + str(self.prefixlen) - - def __eq__(self, other): - return self.addr == other.addr and self.prefixlen == other.prefixlen - - def __hash__(self): - return self.addr.__hash__() + self.prefixlen.__hash__() - -class ipv4_prefix(ip_prefix): - ac = ipv4_address - -class ipv6_prefix(ip_prefix): - ac = ipv6_address - -class resource_range(resource): - - def __init__(self, min, max): - assert isinstance(min, resource) and isinstance(max, resource) - self.min = min - self.max = max - - def __str__(self): - return str(self.min) + "-" + str(self.max) - - def __eq__(self, other): - return self.min == other.min and self.max == other.max - - def __hash__(self): - return self.min.__hash__() + self.max.__hash__() - -class resource_set(set): - - def __init__(self, *elts): - for e in elts: - assert isinstance(e, resource) - set.__init__(self, elts) - - def __str__(self): - s = [i for i in self] - s.sort() - return "{" + ", ".join(map(str, s)) + "}" - -s = resource_set(ipv6_prefix("fe80::", 16), ipv4_prefix("10.0.0.44", 32), ipv4_prefix("10.3.0.44", 32)) - -print s diff --git a/scripts/Old/rootd.cnf b/scripts/Old/rootd.cnf deleted file mode 100644 index 1e400c04..00000000 --- a/scripts/Old/rootd.cnf +++ /dev/null @@ -1,30 +0,0 @@ -# $Id$ -# -# Generate test root resource certificate for use with rootd.py server. - -[ req ] -default_bits = 2048 -encrypt_key = no -distinguished_name = req_dn -req_extensions = req_x509_ext -prompt = no - -[ req_dn ] -CN = Completely Bogus Test Root (NOT FOR PRODUCTION USE) - -[ req_x509_ext ] -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombat.invalid/ -sbgp-autonomousSysNum = critical,@req_asid_ext -sbgp-ipAddrBlock = critical,@req_addr_ext - -[ req_asid_ext ] - -AS.0 = 1-65535 - -[ req_addr_ext ] - -IPv4.0 = 0.0.0.0/0 -IPv6.0 = 0::/0 diff --git a/scripts/Old/rootd.sh b/scripts/Old/rootd.sh deleted file mode 100644 index 73411a16..00000000 --- a/scripts/Old/rootd.sh +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Script to test against rootd.py. -# -# This blows away rpkid's database and rebuilds it with what we need -# for this test, and knows far too much about the id numbers that -# rpkid and mysql will assign. In the long run we must do better than -# this, but gotta start somewhere. - -openssl=../openssl/openssl/apps/openssl - -# Halt on first error - -set -e - -# Generate new key and cert for rootd.py if needed - -if test ! -r rootd.cer -o ! -r rootd.key -then - $openssl req -new -newkey rsa:2048 -nodes -keyout rootd.key -out rootd.req -config rootd.cnf - $openssl x509 -req -in rootd.req -out rootd.cer -extfile rootd.cnf -extensions req_x509_ext -signkey rootd.key -text -sha256 - rm -f rootd.req -fi - -# Blow away old rpkid database (!) so we can start clean - -mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <rpki-db-schema.sql - -# Start rpkid so we can configure it, make sure we shut it down on exit - -python rpkid.py & rpkid=$! -trap "kill $rpkid" 0 1 2 3 13 15 - -: Waiting to let rpkid start up; sleep 5 - -# Create a self instance - -time python irbe_cli.py self --action create --crl_interval 84600 - -# Create a business signing context, issue the necessary business cert, and set up the cert chain - -time python irbe_cli.py --pem_out bsc.req bsc --action create --self_id 1 --generate_keypair --signing_cert biz-certs/Bob-CA.cer -time $openssl x509 -req -in bsc.req -out bsc.cer -CA biz-certs/Bob-CA.cer -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl -time python irbe_cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer -rm -f bsc.req bsc.cer - -# Create a repository context - -time python irbe_cli.py repository --self_id 1 --action create --bsc_id 1 - -# Create a parent context pointing at rootd.py - -time python irbe_cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id 1 \ - --peer_contact_uri https://localhost:44333/ \ - --cms_ta biz-certs/Elena-Root.cer \ - --https_ta biz-certs/Elena-Root.cer \ - --sia_base rsync://wombat.invalid/ \ - --sender_name tweedledee \ - --recipient_name tweedledum - -# Create a child context - -time python irbe_cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer - -# Need to link irdb to created child and clear conflicting links. -# For now, just do this "manually" in MySQL CLI. - -echo ' - UPDATE registrant SET rpki_self_id = NULL, rpki_child_id = NULL; - UPDATE registrant SET rpki_self_id = 1, rpki_child_id = 1 WHERE subject_name = "Epilogue Technology Corporation"; -' | -mysql -u irdb -p`awk '$1 == "sql-password" {print $3}' irbe.conf` irdb - -if test "$1" = "run" -then - - rm -rf publication - - python rootd.py & rootd=$! - python irdbd.py & irdbd=$! - trap "kill $rpkid $irdbd $rootd" 0 1 2 3 13 15 - - : Waiting to let daemons start up; sleep 5 - - date; time python cronjob.py - date; time python testpoke.py -r list - date; time python testpoke.py -r issue - - date; time python cronjob.py - date; time python testpoke.py -r list - date; time python testpoke.py -r issue - - date; python testpoke.py -r issue | - qh | - sed -n '/^(certificate/,/^)certificate/s/^-//p' | - mimencode -u | - $openssl x509 -noout -inform DER -text - - date; time python testpoke.py -r revoke - date; time python testpoke.py -r list - date; time python cronjob.py - date; time python testpoke.py -r list - - date; time python cronjob.py - date; time python testpoke.py -r list - date; time python testpoke.py -r issue - - date; time python testpoke.py -r revoke - date; time python testpoke.py -r list - date; time python cronjob.py - date; time python testpoke.py -r list - - date; time python testpoke.py -r issue - date; time python testpoke.py -r revoke - date; time python testpoke.py -r issue - date; time python testpoke.py -r revoke - date; time python testpoke.py -r issue - date; time python testpoke.py -r revoke - date; time python testpoke.py -r list - date; time python cronjob.py - date; time python testpoke.py -r list - - date; time python testpoke.py -r issue - date; time python cronjob.py - date; time python testpoke.py -r list - date - -fi diff --git a/scripts/Old/test-pow-cms.py b/scripts/Old/test-pow-cms.py deleted file mode 100644 index f7acc912..00000000 --- a/scripts/Old/test-pow-cms.py +++ /dev/null @@ -1,68 +0,0 @@ -""" -$Id$ - -Copyright (C) 2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import POW, rpki.x509, os, traceback - -key = rpki.x509.RSA(Auto_file = "biz-certs/Alice-EE.key").get_POW() -ee = rpki.x509.X509(Auto_file = "biz-certs/Alice-EE.cer").get_POW() - -ca = rpki.x509.X509(Auto_file = "biz-certs/Alice-CA.cer").get_POW() -ta = rpki.x509.X509(Auto_file = "biz-certs/Alice-Root.cer").get_POW() - -store = POW.X509Store() -store.addTrust(ta) - -if store.verify(ca): - print "Verified CA" - store.addTrust(ca) -else: - print "Couldn't verify CA" - -if store.verify(ee): - print "Verified EE" - store.addTrust(ee) -else: - print "Couldn't verify EE" - -oid = "1.2.840.113549.1.9.16.1.24" - -plaintext = "Wombats Are Us" - -for args in ((ee, key, plaintext, [ca], (), oid), - (ee, key, plaintext, [ca], (), oid, POW.CMS_NOATTR), - (ee, key, plaintext, [ca], (), oid, POW.CMS_NOCERTS), - (ee, key, plaintext, [], (), oid), - (ee, key, plaintext, [], (), oid, POW.CMS_NOATTR), - (ee, key, plaintext, [], (), oid, POW.CMS_NOCERTS)): - - print "Testing", repr(args) - - cms = POW.CMS() - cms.sign(*args) - - #print cms.pprint() - - print "Certs:" - for x in cms.certs(): - print x.pprint() - - print "CRLs:" - for c in cms.crls(): - print c.pprint() - - cms.verify(store, [ee]) diff --git a/scripts/Old/test-pow.py b/scripts/Old/test-pow.py deleted file mode 100644 index 2fb6be48..00000000 --- a/scripts/Old/test-pow.py +++ /dev/null @@ -1,103 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import POW, POW.pkix, base64, rpki.ipaddrs, rpki.resource_set - -Alice_EE = """ -MIIDGDCCAgCgAwIBAgIJANkdU8+R7K3dMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV -BAMTGVRlc3QgQ2VydGlmaWNhdGUgQWxpY2UgQ0EwHhcNMDcwNjE5MTk1MzE4WhcN -MDcwNzE5MTk1MzE4WjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEFsaWNl -IEVFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxuYZsSzM7J4D/GN -TiSB/EzRF7U91bYIoqZHG/NcLePFJfHKvKd7LuRNXI4WXrUjQ+6VlcQGdPfo6uvZ -9r/UKocS3ATc7p28CkMNM99RcLM4OWg70021MwmS04CaMpUftsQCtSwAVrWkL3dM -C9LuMdChA619q1x56RGrBeqgnk9NfHahUjmqjhUVQejTk2fYfLcINdxUwOQP9GT5 -bQLhf5hxq+QsixyBjB0BE/h1KxCRJITu5JLzCZIxHxMeN/MdDz3T0m1Vhwd7KZZS -H1Iq5WIBArhzuLQsekSL4GmDLXSxuLi68w8W53YEpc4hRzS29+p1mMK5bZMttvYN -hfoVOQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTDNm3cT2DjtkzqsI7N -hTSoXmbGsDAfBgNVHSMEGDAWgBRqTejqD9pJQzENNALChYOBrglzEzANBgkqhkiG -9w0BAQUFAAOCAQEAZac7WWRWCItjea9O6YJgB1EUy0NdN7rRuzQSJg9LQfsevwJK -s2R/gV6RF8c53BnexUoVOu5VxSFZin9qRMMZxEMzo3TlFY2JuhPchLFrnYQ5SsjL -w25iLY9xaswZoaAdu4HG5IbN+Drew4Hlfqfoqgi1x79MbL4i+xdPjrHjV+5T/bLE -hADax/Ki7qWOMW2eMWIYuhyHwlqaJaa4xvgSuBdzccPur9nYuYyMQhR5FEtiBrFk -H+SG3DPUYnJjHo/0hqZ+cRRtoNJO00gfgzDUYGIrDak4aGapJsGcJ5/6xIvYKrpu -mkmvYl9m3IB1QYSAtu+0C98ShPgIFNqLvWOceA== -""" - -APNIC_Root = """ -MIIHMjCCBhqgAwIBAgIBcjANBgkqhkiG9w0BAQsFADBNMS4wLAYDVQQDEyVEZW1v -IEFQTklDIFJPT1QgQ0EgLSBOb3QgZm9yIHJlYWwgdXNlMRswGQYJKoZIhvcNAQkB -FgxjYUBhcG5pYy5uZXQwHhcNMDYxMTE2MDU1MDEwWhcNMDcxMTE2MDU1MDEwWjA2 -MTQwMgYDVQQDEytEZW1vIFByb2R1Y3Rpb24gQVBOSUMgQ0EgLSBOb3QgZm9yIHJl -YWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64tZcEhcMvdF -s0sXVF+op473Px/0ANRBHKl772wzTIBno6I4+RNmh8zkasTh6aKhNwcpkc03AaTs -cFmPrlq5PREyZrO1vzq6McShEH5/FcVLUcHKKq46/f+0mx7ec/ExaeRljHJeIVxJ -TuKUrs87PbPYBz+KI6bjb4e0ICsVgomat6DphPPd3krCBJVNqBD6W2UCv1huK9Kx -6egiWaqAYzcrI3W0TFNA5+RUnjnybB0qg1pOkdgKDOEFnIkl0MnX4ENSWNOnezHF -myV3ypJ+42Zllu5OZacqbPh+UJzHv4rMdfKjwpvn1ofiqglYG74HY2lzXSUyYPuA -cZX9572A9wIDAQABo4IEMjCCBC4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E -BAMCAQYwHQYDVR0OBBYEFKuuiK1khrgRO46sfDwFBwJRwqkcMB8GA1UdIwQYMBaA -FKb6Y78FHkIsdnueF/Hxm4ZnWDKNMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw -PQYDVR0fBDYwNDAyoDCgLoYscnN5bmM6Ly9yZXBvc2l0b3J5LmFwbmljLm5ldC9B -UE5JQy9BUE5JQy5jcmwwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzAChjNyc3lu -YzovL3JlcG9zaXRvcnkuYXBuaWMubmV0L1RSVVNUQU5DSE9SUy9hcG5pYy5jZXIw -WwYIKwYBBQUHAQsETzBNMEsGCCsGAQUFBzAFhj9yc3luYzovL3JlcG9zaXRvcnku -YXBuaWMubmV0L0FQTklDL3E2NklyV1NHdUJFN2pxeDhQQVVIQWxIQ3FSdy8wggJF -BggrBgEFBQcBCAEB/wSCAjQwggIwoIICLDCCAigCAgCtAgICqQICBMUCAgTRAgIE -1QICBOICAgZ7AgIGqDAIAgIG6AICBukCAgb1AgIHOwICB/oCAghgAgIJUTAIAgIJ -wQICCeACAgnpAgIJ+gICCgMwCAICCgkCAgoKAgIKiQICCpICAgqZAgIKxAICCswC -AgrUAgILBwICC1sCAgtjMAgCAgttAgILbgICDR0CAg0jAgINNgICDT8CAg1DAgIN -hAICDYYCAg2gAgINtgICDd4wCAICDeYCAg3nAgIN/wICDhUCAg4YMAgCAg5NAgIO -TjAIAgIOaQICDm0CAg5/AgIOhTAIAgIOowICDqQwCAICDq0CAg6uAgIOvQICDr8C -Ag7IMAgCAg7KAgIOywICDuUCAg7xAgIO/DAIAgIO/wICDwACAg9ZAgIPgQICD4gC -Ag+nAgIPyAICD9ECAg/aAgIP3AICECYCAhAuAgIQPjAIAgIQTgICEE8CAhBlAgIQ -agICEJsCAhCyAgIRADAIAgIRHQICER4CAhFPMAgCAhFRAgIRUgICEaMCAhGwAgIR -ugICEfICAhH9MAgCAhIAAgITAAICE2EwCAICE5kCAhOaAgITuwICE90CAhPfAgIW -TQICF7QCAhgTAgIYdgICGdsCAhn4AgIb2wICHAcwCAICHSsCAh4qAgIerwICHt0w -CAICJAACAif/AgIqNwICLMswCAICRAACAkf/AgJM+TAIAgJcAAICX/8wCgIDAJQA -AgMAl/8wewYIKwYBBQUHAQcBAf8EbDBqMDQEAgABMC4wCAMCAToDAgE8MAgDAgB5 -AwIAfgMCAJYDAgCjAwIBygMCAdIwCAMCAdoDAgDeMDIEAgACMCwDBAEgAQIDBAIg -AQwDBAEgAUQwDAMEByABgAMEBCABoDAKAwICJAMEAyQAQDANBgkqhkiG9w0BAQsF -AAOCAQEAxjUMY1cBdWUXWmPOwK6zk8E7BOVR3U7U62AfYqlE75cjt2RhRQBcc0XP -tEG8rl6DJMmzH6XB0+czrsUijeBdRBeC+WTMbJd1ZMzgqrqHgXI0CjdjPMR0k6Dx -qpsdDXmlIuAIUHy/GISIel9N/eXSu8ctsWXV2YYlaf7WVGHIhmJs03iSu324vJSk -vhlLtNxdV+neQhkXT54mrx7mADxWYz5+rjWFvJuiOfQicXJI4uh5oAN8POcfx4hu -7xYYqCunudhilCEz53CCcjzCAx5pW1jl32YdguWEwTf6ttwTnTsXQ0a+waMk4ljw -uMsR5Xzvy12ti/m+7MSTLR1kMxJOFA== -""" - -alice = base64.b64decode(Alice_EE) -apnic = base64.b64decode(APNIC_Root) - -verbose = True - -for der in (alice, apnic): - cert = POW.derRead(POW.X509_CERTIFICATE, der) - print cert.pprint() - cert = POW.pkix.Certificate() - cert.fromString(der) - if verbose: - for oid, crit, val in cert.getExtensions(): - print " OID: ", oid, POW.pkix.oid2obj(oid) - print " Crit: ", crit - print " Value:", val - print - bag = rpki.resource_set.parse_extensions(cert.getExtensions()) - if bag.as: print ",".join(map(lambda x: "AS:" + str(x), bag.as)) - if bag.v4: print ",".join(map(lambda x: "IPv4:" + str(x), bag.v4)) - if bag.v6: print ",".join(map(lambda x: "IPv6:" + str(x), bag.v6)) - if bag.as is not None: print bag.as.to_tuple() - if bag.v4 is not None: print bag.v4.to_tuple() - if bag.v6 is not None: print bag.v6.to_tuple() diff --git a/scripts/Old/test-sql.py b/scripts/Old/test-sql.py deleted file mode 100644 index bc059e71..00000000 --- a/scripts/Old/test-sql.py +++ /dev/null @@ -1,50 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import MySQLdb, rpki.config - -def test(filename, section): - - print "[Checking " + filename + "]\n" - - cfg = rpki.config.parser(filename, section) - - db = MySQLdb.connect(user = cfg.get("sql-username"), - db = cfg.get("sql-database"), - passwd = cfg.get("sql-password")) - - cur = db.cursor() - - def duh(db, cmd, header): - cur.execute(cmd) - print header - print "-" * len(header) - print cur.description - for i in cur.fetchall(): - print i[0] - print - - duh(db, "SHOW DATABASES", "Databases") - duh(db, "SELECT DATABASE()", "Current database") - duh(db, "SHOW TABLES", "Current tables") - - db.close() - -print MySQLdb.Timestamp(2007,6,9,9,45,51), MySQLdb.DateFromTicks(1000), \ - MySQLdb.Binary("Hi, Mom!"), MySQLdb.STRING, MySQLdb.BINARY, MySQLdb.NUMBER, MySQLdb.NULL, "\n" - -test("re.conf", "rpki") -test("irbe.conf", "irdb") diff --git a/scripts/Old/timers.sh b/scripts/Old/timers.sh deleted file mode 100644 index c880a029..00000000 --- a/scripts/Old/timers.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - -# $Id$ -# -# Copyright (C) 2009 Internet Systems Consortium ("ISC") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Postprocess output of timer debug log. I'll probably never need -# this again, but I'd rather not have to write it a second time. - -awk ' - /<timer/ { - time = $2; tag = $3; $1 = $2 = $3 = ""; - print tag, time, $0; - } - ' ${1-screenlog.0} | -sort | -sed ' - s=
==; - /testbed\[/d; - s= datetime([0-9, ]*)==; - s=<bound method.*>>==; - s=/u/sra/rpki/subvert-rpki.hactrn.net/[a-z]*/rpki/==; - s= timedelta([0-9, ]*)==; - s= None = =; - s= at = =; - s= to from = from = - ' | -awk ' - BEGIN { - SUBSEP = "<"; - } - { - #print; - state[$1, $5] = $3; - } - /Creating/ { - created[$1, $5] = $NF; - } - END { - for (i in state) - print i, state[i], created[i]; - } - ' | -sort diff --git a/scripts/Old/uri.pl b/scripts/Old/uri.pl deleted file mode 100644 index cd029fec..00000000 --- a/scripts/Old/uri.pl +++ /dev/null @@ -1,53 +0,0 @@ -: -# $Id$ -eval 'exec perl -w -S $0 ${1+"$@"}' - if 0; - -use strict; - -my $format = "DER"; -my $badsia = 0; - -while ($ARGV[0] =~ /^--/) { - $_ = shift; - if (/^--der/) { $format = "DER"; next } - if (/^--pem/) { $format = "PEM"; next } - if (/^--badsia/) { $badsia = 1; next } - if (/^--help/) { - print("$0 [ --der | --pem ] [ --badsia ] cert [ cert ...]\n"); - exit; - } - die("Unrecognized option: $_"); -} - -while (@ARGV) { - my $file = shift(@ARGV); - my ($aia, $sia, $cdp, $a, $s, $c) = qw(- - -); - next unless ($file =~ /\.cer$/); - open(F, "-|", ( qw(openssl x509 -noout -inform), $format, - qw(-text -in), $file)) - or die("Couldn't run openssl x509 on $file: $!\n"); - while (<F>) { - chomp; - s{^.+URI:rsync://}{}; - $a = $. + 1 - if (/Authority Information Access:/); - $s = $. + 1 - if (/Subject Information Access:/); - $c = $. + 1 - if (/X509v3 CRL Distribution Points:/); - $aia = $_ - if ($a && $. == $a); - $sia = $_ - if ($s && $. == $s); - $cdp = $_ - if ($c && $. == $c); - } - close(F); - if ($badsia) { - print("$file\n\t$sia\n") - if ($sia && $sia =~ m=[^/]$=); - } else { - print("$aia $sia $cdp $file\n"); - } -} |