Add --pem_out option to let us save PKCS#10 data from replies.

svn path=/scripts/irbe-cli.py; revision=1003

1 files changed, 72 insertions, 58 deletions

diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py
index 522b2086..28219fb0 100755
--- a/scripts/irbe-cli.py
+++ b/scripts/irbe-cli.py
@@ -9,12 +9,14 @@ The query back-channel is handled by a separate program.
 import getopt, sys, lxml.etree, lxml.sax
 import rpki.left_right, rpki.relaxng, rpki.cms, rpki.https, rpki.x509, rpki.config
 
+pem_out = None
+
 class cmd_mixin(object):
   """Left-right protocol mix-in for command line client."""
 
   def client_getopt(self, argv):
     """Parse options for this class."""
-    opts, args = getopt.getopt(argv, "", [x + "=" for x in self.attributes + self.elements] + list(self.booleans))
+    opts, argv = getopt.getopt(argv, "", [x + "=" for x in self.attributes + self.elements] + list(self.booleans))
     for o, a in opts:
       o = o[2:]
       handler = getattr(self, "client_query_" + o, None)
@@ -25,7 +27,7 @@ class cmd_mixin(object):
       else:
         assert o in self.attributes
         setattr(self, o, a)
-    return args
+    return argv
 
   def client_query_action(self, arg):
     """Special handler for --action option."""
@@ -40,13 +42,13 @@ class cmd_mixin(object):
     pass
 
   def client_reply_show(self):
-    self.client_reply_decode()
     print self.element_name
     for i in self.attributes + self.elements:
       if getattr(self, i) is not None:
         print "  %s: %s" % (i, getattr(self, i))
 
 class self_elt(cmd_mixin, rpki.left_right.self_elt):
+
   def client_query_extension_preference(self, arg):
     """--extension_preferences option."""
     k,v = arg.split("=", 1)
@@ -56,10 +58,18 @@ class self_elt(cmd_mixin, rpki.left_right.self_elt):
     self.prefs.append(pref)
 
 class bsc_elt(cmd_mixin, rpki.left_right.bsc_elt):
+
   def client_query_signing_cert(self, arg):
     """--signing_cert option."""
     self.signing_cert.append(rpki.x509.X509(Auto_file=arg))
 
+  def client_reply_decode(self):
+    global pem_out
+    if pem_out is not None and self.pkcs10_cert_request is not None:
+      if isinstance(pem_out, str):
+        pem_out = open(pem_out, "w")
+      pem_out.write(self.pkcs10_cert_request.get_PEM())
+
 class parent_elt(cmd_mixin, rpki.left_right.parent_elt):
   pass
 
@@ -90,84 +100,88 @@ class msg(rpki.left_right.msg):
 class sax_handler(rpki.left_right.sax_handler):
   pdu = msg
 
-def usage():
-  print "Usage:", sys.argv[0]
+top_opts = ["help", "pem_out="]
+
+def usage(code=1):
+  print "Usage:", sys.argv[0], " ".join(["--" + x for x in top_opts])
   for k,v in msg.pdus.items():
     print " ", k, \
           " ".join(["--" + x + "=" for x in v.attributes + v.elements]), \
           " ".join(["--" + x for x in v.booleans])
-  sys.exit(1)
+  sys.exit(code)
 
-def main():
-  """Main program.
+# Main program
 
-  Work in progress.  At the moment it gets as far as transmitting the
-  generated request, but doesn't yet do anything with responses.
-  """
+cfg = rpki.config.parser("irbe.conf")
+section = "irbe-cli"
 
-  cfg = rpki.config.parser("irbe.conf")
-  section = "irbe-cli"
+privateKey = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key"))
 
-  privateKey = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key"))
+certChain = rpki.x509.X509_chain()
+certChain.load_from_PEM(cfg.multiget(section, "https-cert"))
 
-  certChain = rpki.x509.X509_chain()
-  certChain.load_from_PEM(cfg.multiget(section, "https-cert"))
+x509TrustList = rpki.x509.X509_chain()
+x509TrustList.load_from_PEM(cfg.multiget(section, "https-ta"))
 
-  x509TrustList = rpki.x509.X509_chain()
-  x509TrustList.load_from_PEM(cfg.multiget(section, "https-ta"))
+q_msg = rpki.left_right.msg()
 
-  q_msg = rpki.left_right.msg()
+argv = sys.argv[1:]
 
-  argv = sys.argv[1:]
+if not argv:
+  usage(0)
 
-  if not argv:
-    usage()
+opts, argv = getopt.getopt(argv, "h", top_opts)
+for o, a in opts:
+  if o in ("-h", "--help"):
+    usage(0)
+  if o == "--pem_out":
+    pem_out = a
 
-  while argv:
-    try:
-      q_pdu = msg.pdus[argv[0]]()
-    except KeyError:
-      usage()
-    argv = q_pdu.client_getopt(argv[1:])
-    q_msg.append(q_pdu)
+if not argv:
+  usage(1)
 
-  q_elt = q_msg.toXML()
-  q_xml = lxml.etree.tostring(q_elt, pretty_print=True, encoding="us-ascii", xml_declaration=True)
+while argv:
   try:
-    rpki.relaxng.left_right.assertValid(q_elt)
-  except lxml.etree.DocumentInvalid:
-    print "Generated request document doesn't pass schema check:"
-    print q_xml
-    sys.exit(1)
-
-  print "Sending:"
+    q_pdu = msg.pdus[argv[0]]()
+  except KeyError:
+    usage(1)
+  argv = q_pdu.client_getopt(argv[1:])
+  q_msg.append(q_pdu)
+
+q_elt = q_msg.toXML()
+q_xml = lxml.etree.tostring(q_elt, pretty_print=True, encoding="us-ascii", xml_declaration=True)
+try:
+  rpki.relaxng.left_right.assertValid(q_elt)
+except lxml.etree.DocumentInvalid:
+  print "Generated request document doesn't pass schema check:"
   print q_xml
+  sys.exit(1)
 
-  q_cms = rpki.cms.encode(q_xml, cfg.get(section, "cms-key"), cfg.multiget(section, "cms-cert"))
+print "Sending:"
+print q_xml
 
-  r_cms = rpki.https.client(privateKey=privateKey, certChain=certChain, x509TrustList=x509TrustList,
-                            msg=q_cms, url="/left-right")
+q_cms = rpki.cms.encode(q_xml, cfg.get(section, "cms-key"), cfg.multiget(section, "cms-cert"))
 
-  r_xml = rpki.cms.decode(r_cms, cfg.get(section, "cms-ta"))
+r_cms = rpki.https.client(privateKey=privateKey, certChain=certChain, x509TrustList=x509TrustList,
+                          msg=q_cms, url="/left-right")
 
-  r_elt = lxml.etree.fromstring(r_xml)
-  try:
-    rpki.relaxng.left_right.assertValid(r_elt)
-  except lxml.etree.DocumentInvalid:
-    print "Received reply document doesn't pass schema check:"
-    print r_xml
-    sys.exit(1)
+r_xml = rpki.cms.decode(r_cms, cfg.get(section, "cms-ta"))
 
-  print "Received:"
+r_elt = lxml.etree.fromstring(r_xml)
+try:
+  rpki.relaxng.left_right.assertValid(r_elt)
+except lxml.etree.DocumentInvalid:
+  print "Received reply document doesn't pass schema check:"
   print r_xml
+  sys.exit(1)
 
-  handler = sax_handler()
-  lxml.sax.saxify(r_elt, handler)
-  r_msg = handler.result
+print "Received:"
+print r_xml
 
-  # Can't enable this until our reply handler methods are merged into rpki.left_right.
-  if True:
-    for r_pdu in r_msg:
-      r_pdu.client_reply_show()
+handler = sax_handler()
+lxml.sax.saxify(r_elt, handler)
+r_msg = handler.result
 
-if __name__ == "__main__": main()
+for r_pdu in r_msg:
+  r_pdu.client_reply_decode()
+  #r_pdu.client_reply_show()