Merge tk274 performance work back to trunk. Closes #274.

svn path=/trunk/; revision=4878

8 files changed, 24 insertions, 140 deletions

diff --git a/scripts/Old/test-pow-tls.py b/scripts/Old/test-pow-tls.py
deleted file mode 100644
index bc9ea9a0..00000000
--- a/scripts/Old/test-pow-tls.py
+++ /dev/null
@@ -1,61 +0,0 @@
-"""
-Grope towards testing TLS functionality in POW
-
-$Id$
-
-Copyright (C) 2008  American Registry for Internet Numbers ("ARIN")
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-"""
-
-# openssl s_server -tls1 -Verify 9 -cert biz-certs/Alice-EE.cer -key biz-certs/Alice-EE.key -www -CApath biz-certs -chain
-
-# openssl s_client -connect localhost:4433 -tls1 -cert biz-certs/Bob-EE.cer -key biz-certs/Bob-EE.key -verify 9 -CApath biz-certs -crlf
-
-import POW, socket
-
-def pow_error_iterator():
-  err = POW.getError()
-  if err is None:
-    raise StopIteration
-  else:
-    yield err
-
-key = POW.pemRead(POW.RSA_PRIVATE_KEY,  open("biz-certs/Bob-EE.key").read())
-cer = POW.pemRead(POW.X509_CERTIFICATE, open("biz-certs/Bob-EE.cer").read())
-ca  = POW.pemRead(POW.X509_CERTIFICATE, open("biz-certs/Bob-CA.cer").read())
-
-s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.connect(("localhost", 4433))
-
-try:
-  t = POW.Ssl(POW.TLSV1_CLIENT_METHOD)
-  t.useCertificate(cer)
-  t.useKey(key)
-  t.addCertificate(ca)
-  t.setFd(s.fileno())
-  t.connect()
-  x = t.peerCertificate()
-  if x is not None:
-    print "Peer", x.pprint()
-  t.write("GET / HTTP/1.0\r\n")
-  if False:
-    print t.read(10000)
-  else:
-    while True:
-      print t.read()
-except:
-  print "ERROR:"
-  for e in pow_error_iterator():
-    print e
-  raise
diff --git a/scripts/Old/tls-client.py b/scripts/Old/tls-client.py
deleted file mode 100644
index ef879a5c..00000000
--- a/scripts/Old/tls-client.py
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id$
-
-import socket, POW, time
-
-key = POW.pemRead(POW.RSA_PRIVATE_KEY, open("Carol.key", "r").read())
-cer = POW.pemRead(POW.X509_CERTIFICATE, open("Carol.cer", "r").read())
-ta  = POW.pemRead(POW.X509_CERTIFICATE, open("Alice-TA.cer", "r").read())
-
-s = socket.socket()
-s.connect(('',6666))
-
-ssl = POW.Ssl(POW.TLSV1_CLIENT_METHOD)
-
-ssl.useCertificate(cer)
-ssl.useKey(key)
-ssl.setVerifyMode(POW.SSL_VERIFY_PEER | POW.SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-ssl.trustCertificate(ta)
-
-ssl.setFd(s.fileno())
-ssl.connect()
-
-peer = ssl.peerCertificate()
-if peer is not None:
-  print peer.pprint()
-
-print ssl.read(100)
-ssl.write("Bye")
diff --git a/scripts/Old/tls-server.py b/scripts/Old/tls-server.py
deleted file mode 100644
index d3798a32..00000000
--- a/scripts/Old/tls-server.py
+++ /dev/null
@@ -1,40 +0,0 @@
-# $Id$
-
-import socket, POW, time
-
-key = POW.pemRead(POW.RSA_PRIVATE_KEY, open("Alice.key", "r").read())
-cer = POW.pemRead(POW.X509_CERTIFICATE, open("Alice.cer", "r").read())
-ta  = POW.pemRead(POW.X509_CERTIFICATE, open("Carol-TA.cer", "r").read())
-
-listener = socket.socket()
-listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
-listener.bind(('',6666))
-listener.listen(5)
-
-s, addr = listener.accept()
-while not s:
-  time.sleep(2)
-  s, addr = listener.accept()
-
-s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
-
-print "Got connection %r from %r" % (s, addr)
-
-ssl = POW.Ssl(POW.TLSV1_SERVER_METHOD)
-
-ssl.useCertificate(cer)
-ssl.useKey(key)
-ssl.setVerifyMode(POW.SSL_VERIFY_PEER | POW.SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-ssl.trustCertificate(ta)
-
-ssl.setFd(s.fileno())
-ssl.accept()
-
-peer = ssl.peerCertificate()
-if peer is not None:
-  print peer.pprint()
-
-ssl.write("Hello, TLS")
-print ssl.read(100)
diff --git a/scripts/convert-from-entitydb-to-sql.py b/scripts/convert-from-entitydb-to-sql.py
index 57f7588b..d8147574 100644
--- a/scripts/convert-from-entitydb-to-sql.py
+++ b/scripts/convert-from-entitydb-to-sql.py
@@ -6,7 +6,7 @@ you're doing.
 
 $Id$
 
-Copyright (C) 2011  Internet Systems Consortium ("ISC")
+Copyright (C) 2011-2012  Internet Systems Consortium ("ISC")
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
diff --git a/scripts/find-roa-expiration.py b/scripts/find-roa-expiration.py
index 0ae6fa66..151de446 100644
--- a/scripts/find-roa-expiration.py
+++ b/scripts/find-roa-expiration.py
@@ -48,13 +48,13 @@ for line in subprocess.check_output(["find_roa"] + sys.argv[1:]).splitlines():
   del words[-1]
   print " ".join(words)
 
-  x = rpki.POW.derRead(rpki.POW.CMS_MESSAGE, open(fn, "rb").read()).certs()[0]
+  x = rpki.POW.CMS.derReadFile(fn).certs()[0]
   uri = get_aia(x)
   print x.getNotAfter(), filename_to_uri(fn)
 
   while uri:
     fn = uri_to_filename(uri)
-    x = rpki.POW.derRead(rpki.POW.X509_CERTIFICATE, open(fn, "rb").read())
+    x = rpki.POW.X509.derReadFile(fn)
     print x.getNotAfter(), uri
     uri = get_aia(x)
 
diff --git a/scripts/format-application-x-rpki.py b/scripts/format-application-x-rpki.py
index a7e58f49..00a101aa 100644
--- a/scripts/format-application-x-rpki.py
+++ b/scripts/format-application-x-rpki.py
@@ -6,7 +6,7 @@ format because nmh makes a handy viewer.
 
 $Id$
 
-Copyright (C) 2010  Internet Systems Consortium ("ISC")
+Copyright (C) 2010-2012  Internet Systems Consortium ("ISC")
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
@@ -21,8 +21,18 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 """
 
-import email.mime, email.mime.application, email.mime.text, email.mime.multipart, email.utils, email.encoders
-import mailbox, rpki.POW, lxml.etree, getopt, sys, base64
+import email.mime
+import email.mime.application
+import email.mime.text
+import email.mime.multipart
+import email.utils
+import email.encoders
+import mailbox
+import rpki.POW
+import lxml.etree
+import getopt
+import sys
+import base64
 
 source_name = None
 destination_name = None
@@ -56,7 +66,7 @@ if argv or source_name is None or destination_name is None:
   usage(ok = False)
 
 def pprint_cert(b64):
-  return rpki.POW.derRead(rpki.POW.X509_CERTIFICATE, base64.b64decode(b64)).pprint()
+  return rpki.POW.X509.derRead(base64.b64decode(b64)).pprint()
   
 def up_down():
   msg["X-RPKI-Up-Down-Type"] = xml.get("type")
@@ -101,7 +111,7 @@ try:
       continue
     assert not srcmsg.is_multipart() and srcmsg.get_content_type() == "application/x-rpki"
     payload = srcmsg.get_payload(decode = True)
-    cms = rpki.POW.derRead(rpki.POW.CMS_MESSAGE, payload)
+    cms = rpki.POW.CMS.derRead(payload)
     txt = cms.verify(rpki.POW.X509Store(), None, rpki.POW.CMS_NOCRL | rpki.POW.CMS_NO_SIGNER_CERT_VERIFY | rpki.POW.CMS_NO_ATTR_VERIFY | rpki.POW.CMS_NO_CONTENT_VERIFY)
     xml = lxml.etree.fromstring(txt)
     tag = xml.tag
diff --git a/scripts/show-tracking-data.py b/scripts/show-tracking-data.py
index 93b09ab8..b032160a 100644
--- a/scripts/show-tracking-data.py
+++ b/scripts/show-tracking-data.py
@@ -26,12 +26,14 @@ PERFORMANCE OF THIS SOFTWARE.
 import os
 import sys
 import rpki.x509
+import rpki.sundial
 
 rcynic_dir = sys.argv[1]
 
 for root, dirs, files in os.walk(rcynic_dir):
   for f in files:
     path = os.path.join(root, f)
+    date = rpki.sundial.datetime.utcfromtimestamp(os.stat(path).st_mtime)
     uri = "rsync://" + path[len(rcynic_dir):].lstrip("/")
     obj = rpki.x509.uri_dispatch(uri)(DER_file = path)
-    print obj.tracking_data(uri)
+    print date, obj.tracking_data(uri)
diff --git a/scripts/x509-dot.py b/scripts/x509-dot.py
index 9ad5b79d..c820018e 100644
--- a/scripts/x509-dot.py
+++ b/scripts/x509-dot.py
@@ -3,7 +3,7 @@
 """
 Generate .dot description of a certificate tree.
 
-Copyright (C) 2009-2011  Internet Systems Consortium ("ISC")
+Copyright (C) 2009-2012  Internet Systems Consortium ("ISC")
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
@@ -61,9 +61,9 @@ class x509(object):
     f.close()
 
     if "-----BEGIN" in text:
-      self.pow = rpki.POW.pemRead(rpki.POW.X509_CERTIFICATE, text)
+      self.pow = rpki.POW.X509.pemRead(text)
     else:
-      self.pow = rpki.POW.derRead(rpki.POW.X509_CERTIFICATE, text)
+      self.pow = rpki.POW.X509.derRead(text)
 
     self.extensions = dict((e[0], e[2]) for e in (self.pow.getExtension(i) for i in xrange(self.pow.countExtensions())))