Better error handling on IRDB queries. Partial support for new tag

attributes.  Fix race conditions in test scripts.

svn path=/scripts/biz-certs/Bob-CA.srl; revision=1386

5 files changed, 62 insertions, 32 deletions

diff --git a/scripts/biz-certs/Bob-CA.srl b/scripts/biz-certs/Bob-CA.srl
index 89e0f33d..998fa7f3 100644
--- a/scripts/biz-certs/Bob-CA.srl
+++ b/scripts/biz-certs/Bob-CA.srl
@@ -1 +1 @@
-90801F1ED1945538
+90801F1ED194554B
diff --git a/scripts/irdb.py b/scripts/irdb.py
index c8c32e6a..d65a67ac 100755
--- a/scripts/irdb.py
+++ b/scripts/irdb.py
@@ -15,24 +15,36 @@ def handler(query, path):
     r_msg = rpki.left_right.msg()
 
     for q_pdu in q_msg:
-      assert isinstance(q_pdu, rpki.left_right.list_resources_elt) and q_pdu.type == "query"
-
-      r_pdu = rpki.left_right.list_resources_elt()
-      r_pdu.type = "reply"
-      r_pdu.self_id = q_pdu.self_id
-      r_pdu.child_id = q_pdu.child_id
-
-      cur.execute("""SELECT registrant_id, subject_name, valid_until FROM registrant
-                     WHERE registrant.rpki_self_id = %s AND registrant.rpki_child_id = %s
-                     """ % (q_pdu.self_id, q_pdu.child_id))
-      assert cur.rowcount == 1, "This query should have produced a single exact match, something's messed up (self_id = %s, child_id = %s)" % (self_id, child_id)
-
-      registrant_id, subject_name, valid_until = cur.fetchone()
-      r_pdu.subject_name = subject_name
-      r_pdu.valid_until = valid_until.strftime("%Y-%m-%dT%H:%M:%SZ")
-      r_pdu.as   = rpki.resource_set.resource_set_as.from_sql(cur,   "SELECT start_as, end_as FROM asn WHERE registrant_id = %s" % registrant_id)
-      r_pdu.ipv4 = rpki.resource_set.resource_set_ipv4.from_sql(cur, "SELECT start_ip, end_ip FROM net WHERE registrant_id = %s AND version = 4" % registrant_id)
-      r_pdu.ipv6 = rpki.resource_set.resource_set_ipv6.from_sql(cur, "SELECT start_ip, end_ip FROM net WHERE registrant_id = %s AND version = 6" % registrant_id)
+
+      try:
+        if not isinstance(q_pdu, rpki.left_right.list_resources_elt) or q_pdu.type != "query":
+          raise rpki.exceptions.BadQuery, "Unexpected %s PDU" % repr(q_pdu)
+
+        r_pdu = rpki.left_right.list_resources_elt()
+        r_pdu.type = "reply"
+        r_pdu.tag = q_pdu.tag
+        r_pdu.self_id = q_pdu.self_id
+        r_pdu.child_id = q_pdu.child_id
+
+        cur.execute("""SELECT registrant_id, subject_name, valid_until FROM registrant
+                       WHERE registrant.rpki_self_id = %s AND registrant.rpki_child_id = %s
+                       """ % (q_pdu.self_id, q_pdu.child_id))
+        if cur.rowcount != 1:
+          raise rpki.exceptions.NotInDatabase, \
+                "This query should have produced a single exact match, something's messed up (rowcount = %d, self_id = %s, child_id = %s)" \
+                % (cur.rowcount, q_pdu.self_id, q_pdu.child_id)
+
+        registrant_id, subject_name, valid_until = cur.fetchone()
+        r_pdu.subject_name = subject_name
+        r_pdu.valid_until = valid_until.strftime("%Y-%m-%dT%H:%M:%SZ")
+        r_pdu.as   = rpki.resource_set.resource_set_as.from_sql(cur,   "SELECT start_as, end_as FROM asn WHERE registrant_id = %s" % registrant_id)
+        r_pdu.ipv4 = rpki.resource_set.resource_set_ipv4.from_sql(cur, "SELECT start_ip, end_ip FROM net WHERE registrant_id = %s AND version = 4" % registrant_id)
+        r_pdu.ipv6 = rpki.resource_set.resource_set_ipv6.from_sql(cur, "SELECT start_ip, end_ip FROM net WHERE registrant_id = %s AND version = 6" % registrant_id)
+
+      except Exception, data:
+        traceback.print_exc()
+        r_pdu = rpki.left_right.report_error_elt.from_exception(data, q_pdu.self_id)
+
       r_msg.append(r_pdu)
 
     r_elt = r_msg.toXML()
@@ -40,9 +52,12 @@ def handler(query, path):
     return 200, rpki.cms.xml_sign(r_elt, cms_key, cms_certs)
 
   except Exception, data:
-    # This should generate a <report_error/> PDU, but this will do for initial debugging
     traceback.print_exc()
-    return 500, "Unhandled exception %s" % data
+
+    # We only get here in cases where we couldn't or wouldn't generate
+    # <report_error/>, so just return HTTP failure.
+
+    return 500, "Unhandled exception %s: %s" % (data.__class__.__name__, data)
 
 rpki.log.init("irdb")
 
diff --git a/scripts/rpki/exceptions.py b/scripts/rpki/exceptions.py
index 5fe42254..51327bff 100644
--- a/scripts/rpki/exceptions.py
+++ b/scripts/rpki/exceptions.py
@@ -64,3 +64,6 @@ class SKIMismatch(Exception):
 
 class SubprocessError(Exception):
   """Subprocess returned unexpected error."""
+
+class BadIRDBReply(Exception):
+  """Unexpected reply to IRDB query."""
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index 38e44b5c..1f779af6 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -198,7 +198,7 @@ class self_elt(data_elt):
   """<self/> element."""
 
   element_name = "self"
-  attributes = ("action", "type", "self_id", "crl_interval")
+  attributes = ("action", "type", "tag", "self_id", "crl_interval")
   elements = ("extension_preference",)
   booleans = ("rekey", "reissue", "revoke", "run_now", "publish_world_now", "clear_extension_preferences")
 
@@ -408,7 +408,7 @@ class bsc_elt(data_elt):
   """<bsc/> (Business Signing Context) element."""
   
   element_name = "bsc"
-  attributes = ("action", "type", "self_id", "bsc_id", "key_type", "hash_alg", "key_length")
+  attributes = ("action", "type", "tag", "self_id", "bsc_id", "key_type", "hash_alg", "key_length")
   elements = ('signing_cert',)
   booleans = ("generate_keypair", "clear_signing_certs")
 
@@ -501,7 +501,7 @@ class parent_elt(data_elt):
   """<parent/> element."""
 
   element_name = "parent"
-  attributes = ("action", "type", "self_id", "parent_id", "bsc_id", "repository_id",
+  attributes = ("action", "type", "tag", "self_id", "parent_id", "bsc_id", "repository_id",
                 "peer_contact_uri", "sia_base", "sender_name", "recipient_name")
   elements = ("cms_ta", "https_ta")
   booleans = ("rekey", "reissue", "revoke")
@@ -625,7 +625,7 @@ class child_elt(data_elt):
   """<child/> element."""
 
   element_name = "child"
-  attributes = ("action", "type", "self_id", "child_id", "bsc_id")
+  attributes = ("action", "type", "tag", "self_id", "child_id", "bsc_id")
   elements = ("cms_ta",)
   booleans = ("reissue", )
 
@@ -712,7 +712,7 @@ class repository_elt(data_elt):
   """<repository/> element."""
 
   element_name = "repository"
-  attributes = ("action", "type", "self_id", "repository_id", "bsc_id", "peer_contact_uri")
+  attributes = ("action", "type", "tag", "self_id", "repository_id", "bsc_id", "peer_contact_uri")
   elements = ("cms_ta", "https_ta")
 
   sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id",
@@ -797,7 +797,7 @@ class route_origin_elt(data_elt):
   """<route_origin/> element."""
 
   element_name = "route_origin"
-  attributes = ("action", "type", "self_id", "route_origin_id", "as_number", "ipv4", "ipv6")
+  attributes = ("action", "type", "tag", "self_id", "route_origin_id", "as_number", "ipv4", "ipv6")
   booleans = ("suppress_publication",)
 
   sql_template = rpki.sql.template("route_origin", "route_origin_id", "self_id", "as_number",
@@ -861,7 +861,7 @@ class list_resources_elt(base_elt):
   """<list_resources/> element."""
 
   element_name = "list_resources"
-  attributes = ("type", "self_id", "child_id", "valid_until", "as", "ipv4", "ipv6", "subject_name")
+  attributes = ("type", "self_id", "tag", "child_id", "valid_until", "as", "ipv4", "ipv6", "subject_name")
   valid_until = None
 
   def startElement(self, stack, name, attrs):
@@ -888,7 +888,7 @@ class report_error_elt(base_elt):
   """<report_error/> element."""
 
   element_name = "report_error"
-  attributes = ("self_id", "error_code")
+  attributes = ("tag", "self_id", "error_code")
 
   def startElement(self, stack, name, attrs):
     """Handle <report_error/> element."""
@@ -899,6 +899,14 @@ class report_error_elt(base_elt):
     """Generate <report_error/> element."""
     return self.make_elt()
 
+  @classmethod
+  def from_exception(cls, exc, self_id = None):
+    """Generate a <report_error/> element from an exception."""
+    self = cls()
+    self.self_id = self_id
+    self.error_code = exc.__class__.__name__
+    return self
+
 class msg(list):
   """Left-right PDU."""
 
@@ -988,7 +996,7 @@ def irdb_query(gctx, self_id, child_id = None):
   rpki.relaxng.left_right.assertValid(r_elt)
   r_msg = rpki.left_right.sax_handler.saxify(r_elt)
   if len(r_msg) == 0 or not isinstance(r_msg[0], list_resources_elt) or r_msg[0].type != "reply":
-    raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % r_msg.toXML()
+    raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii")
   return rpki.resource_set.resource_bag(
     as          = r_msg[0].as,
     v4          = r_msg[0].ipv4,
diff --git a/scripts/testroot.sh b/scripts/testroot.sh
index d8b9b1d3..b4d62c36 100644
--- a/scripts/testroot.sh
+++ b/scripts/testroot.sh
@@ -30,7 +30,9 @@ mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <../docs
 # Start rpkid so we can configure it, make sure we shut it down on exit
 
 python rpkid.py & rpkid=$!
-trap "kill $rpkid" 0
+trap "kill $rpkid" 0 1 2 3 13 15
+
+: Waiting to let rpkid start up; sleep 5
 
 # Create a self instance
 
@@ -72,7 +74,9 @@ then
 
   python testroot.py & testroot=$!
   python irdb.py     & irdb=$!
-  trap "kill $rpkid $irdb $testroot" 0
+  trap "kill $rpkid $irdb $testroot" 0 1 2 3 13 15
+
+  : Waiting to let daemons start up; sleep 5
 
   date; time python http-client.py
   date; time python testpoke.py -r list