diff options
| -rw-r--r-- | myrpki/Makefile | 23 | ||||
| -rw-r--r-- | myrpki/myirbe.py | 8 | ||||
| -rw-r--r-- | myrpki/myrpki.py | 3 | ||||
| -rw-r--r-- | myrpki/relatives.conf | 19 | ||||
| -rw-r--r-- | myrpki/schema.py | 175 | ||||
| -rw-r--r-- | myrpki/schema.rnc (renamed from myrpki/myrpki.rnc) | 0 | ||||
| -rw-r--r-- | myrpki/schema.rng (renamed from myrpki/myrpki.rng) | 2 | ||||
| -rwxr-xr-x | myrpki/xml-parse-test.py | 5 | ||||
| -rw-r--r-- | myrpki/yaml-to-myrpki.py | 8 |
9 files changed, 201 insertions, 42 deletions
diff --git a/myrpki/Makefile b/myrpki/Makefile index 1b39cbb1..0c38f746 100644 --- a/myrpki/Makefile +++ b/myrpki/Makefile @@ -10,16 +10,22 @@ all:: load myrpki.xml: myrpki.py asns.csv children.csv parents.csv prefixes.csv roas.csv python myrpki.py -lint: myrpki.xml myrpki.rng - xmllint --noout --relaxng myrpki.rng myrpki.xml +lint: myrpki.xml schema.rng + xmllint --noout --relaxng schema.rng myrpki.xml -myrpki.rng: myrpki.rnc - trang myrpki.rnc myrpki.rng +schema.rng: schema.rnc + trang schema.rnc schema.rng -parse: myrpki.xml myrpki.rng +schema.py: schema.rng + echo >$@ 'import lxml.etree' + echo >>$@ -n "myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''" + cat >>$@ schema.rng + echo >>$@ "'''))" + +parse: myrpki.xml schema.py python xml-parse-test.py -load: myrpki.xml myrpki.rng +load: myrpki.xml schema.py python myirbe.py bpki.myrpki: @@ -29,11 +35,6 @@ clean: rm -rf *.xml bpki.myrpki bpki.rpkid bpki.pubd bpki.rootd python sql-cleaner.py -relatives: mom.pem dad.pem bro.pem sis.pem - -mom.pem dad.pem bro.pem sis.pem: relatives.conf - CN=$@ openssl req -new -sha256 -x509 -verbose -config relatives.conf -extensions req_x509_ext -newkey rsa:2048 -nodes -keyout /dev/null -out $@ - format: myrpki.xml xmllint --format myrpki.xml diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py index d6c01625..4c8929a1 100644 --- a/myrpki/myirbe.py +++ b/myrpki/myirbe.py @@ -21,9 +21,7 @@ PERFORMANCE OF THIS SOFTWARE. import lxml.etree, base64, subprocess, sys, os, time, re, getopt, MySQLdb import rpki.https, rpki.config, rpki.resource_set, rpki.relaxng import rpki.exceptions, rpki.left_right, rpki.log, rpki.x509, rpki.async -import myrpki - -rng = lxml.etree.RelaxNG(lxml.etree.parse("myrpki.rng")) +import myrpki, schema def tag(t): return "{http://www.hactrn.net/uris/rpki/myrpki/}" + t @@ -171,7 +169,7 @@ my_handle = None for xmlfile in xmlfiles: tree = lxml.etree.parse(xmlfile).getroot() - rng.assertValid(tree) + schema.myrpki.assertValid(tree) handle = tree.get("handle") @@ -452,7 +450,7 @@ for xmlfile in xmlfiles: assert e is not None e.text = bsc_req.get_Base64() - rng.assertValid(tree) + schema.myrpki.assertValid(tree) lxml.etree.ElementTree(tree).write(xmlfile + ".tmp", pretty_print = True) os.rename(xmlfile + ".tmp", xmlfile) diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py index 47980161..724a4c52 100644 --- a/myrpki/myrpki.py +++ b/myrpki/myrpki.py @@ -311,7 +311,8 @@ class CA(object): return None if not os.path.exists(cert): - raise RuntimeError, "PEM file %r does not exist" % (cert,) + print "Certificate %s doesn't exist, skipping" % cert + return None # Extract public key and subject name from PEM file and hash it so # we can use the result as a tag for cross-certifying this cert. diff --git a/myrpki/relatives.conf b/myrpki/relatives.conf deleted file mode 100644 index 8209a4ee..00000000 --- a/myrpki/relatives.conf +++ /dev/null @@ -1,19 +0,0 @@ -# $Id$ -# -# Config file for self-signed test BPKI certificates. -# Not for production use. - -[req] -default_bits = 2048 -default_md = sha256 -distinguished_name = req_dn -x509_extensions = req_x509_ext -prompt = no - -[req_x509_ext] -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always - -[req_dn] -CN = ${ENV::CN} diff --git a/myrpki/schema.py b/myrpki/schema.py new file mode 100644 index 00000000..d5078714 --- /dev/null +++ b/myrpki/schema.py @@ -0,0 +1,175 @@ +import lxml.etree +myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id: schema.rnc -1 $ + + RelaxNG Schema for MyRPKI XML messages + + libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so + run the compact syntax through trang to get XML syntax. +--> +<grammar ns="http://www.hactrn.net/uris/rpki/myrpki/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="base64"> + <data type="base64Binary"> + <param name="maxLength">512000</param> + </data> + </define> + <define name="object_handle"> + <data type="string"> + <param name="maxLength">255</param> + <param name="pattern">[\-_A-Za-z0-9]*</param> + </data> + </define> + <define name="uri"> + <data type="anyURI"> + <param name="maxLength">4096</param> + </data> + </define> + <define name="asn_list"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9]*</param> + </data> + </define> + <define name="ipv4_list"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9/.]*</param> + </data> + </define> + <define name="ipv6_list"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9/:a-fA-F]*</param> + </data> + </define> + <start> + <element name="myrpki"> + <attribute name="version"> + <data type="positiveInteger"> + <param name="maxInclusive">1</param> + </data> + </attribute> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <zeroOrMore> + <ref name="roa_request_elt"/> + </zeroOrMore> + <zeroOrMore> + <ref name="child_elt"/> + </zeroOrMore> + <zeroOrMore> + <ref name="parent_elt"/> + </zeroOrMore> + <optional> + <ref name="bpki_ca_certificate_elt"/> + </optional> + <optional> + <ref name="bpki_crl_elt"/> + </optional> + <optional> + <ref name="bpki_repository_certificate_elt"/> + </optional> + <optional> + <ref name="bpki_bsc_certificate_elt"/> + </optional> + <optional> + <ref name="bpki_bsc_pkcs10_elt"/> + </optional> + </element> + </start> + <define name="roa_request_elt"> + <element name="roa_request"> + <attribute name="asn"> + <data type="positiveInteger"/> + </attribute> + <attribute name="v4"> + <ref name="ipv4_list"/> + </attribute> + <attribute name="v6"> + <ref name="ipv6_list"/> + </attribute> + </element> + </define> + <define name="child_elt"> + <element name="child"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="valid_until"> + <data type="dateTime"> + <param name="pattern">.*Z</param> + </data> + </attribute> + <optional> + <attribute name="asns"> + <ref name="asn_list"/> + </attribute> + </optional> + <optional> + <attribute name="v4"> + <ref name="ipv4_list"/> + </attribute> + </optional> + <optional> + <attribute name="v6"> + <ref name="ipv6_list"/> + </attribute> + </optional> + <optional> + <element name="bpki_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> + </define> + <define name="parent_elt"> + <element name="parent"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <element name="bpki_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> + </define> + <define name="bpki_ca_certificate_elt"> + <element name="bpki_ca_certificate"> + <ref name="base64"/> + </element> + </define> + <define name="bpki_crl_elt"> + <element name="bpki_crl"> + <ref name="base64"/> + </element> + </define> + <define name="bpki_repository_certificate_elt"> + <element name="bpki_repository_certificate"> + <ref name="base64"/> + </element> + </define> + <define name="bpki_bsc_certificate_elt"> + <element name="bpki_bsc_certificate"> + <ref name="base64"/> + </element> + </define> + <define name="bpki_bsc_pkcs10_elt"> + <element name="bpki_bsc_pkcs10"> + <ref name="base64"/> + </element> + </define> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + End: +--> +''')) diff --git a/myrpki/myrpki.rnc b/myrpki/schema.rnc index 0ad11734..0ad11734 100644 --- a/myrpki/myrpki.rnc +++ b/myrpki/schema.rnc diff --git a/myrpki/myrpki.rng b/myrpki/schema.rng index 0580339e..80f2a391 100644 --- a/myrpki/myrpki.rng +++ b/myrpki/schema.rng @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: myrpki.rnc 2598 2009-07-08 17:56:37Z sra $ + $Id: schema.rnc -1 $ RelaxNG Schema for MyRPKI XML messages diff --git a/myrpki/xml-parse-test.py b/myrpki/xml-parse-test.py index 084d748f..8c9e0327 100755 --- a/myrpki/xml-parse-test.py +++ b/myrpki/xml-parse-test.py @@ -19,15 +19,14 @@ PERFORMANCE OF THIS SOFTWARE. """ import lxml.etree, rpki.resource_set, base64, subprocess - -rng = lxml.etree.RelaxNG(lxml.etree.parse("myrpki.rng")) +import schema tree = lxml.etree.parse("myrpki.xml").getroot() if False: print lxml.etree.tostring(tree, pretty_print = True, encoding = "us-ascii", xml_declaration = True) -rng.assertValid(tree) +schema.myrpki.assertValid(tree) def showitems(x): if False: diff --git a/myrpki/yaml-to-myrpki.py b/myrpki/yaml-to-myrpki.py index da34636e..769ac94f 100644 --- a/myrpki/yaml-to-myrpki.py +++ b/myrpki/yaml-to-myrpki.py @@ -144,6 +144,10 @@ class allocation(object): self.rsync_port = allocate_port() self.rpkid_port = allocate_port() self.pubd_port = allocate_port() + else: + self.rsync_port = 0 + self.rpkid_port = 0 + self.pubd_port = 0 def closure(self): resources = self.base @@ -186,12 +190,12 @@ class allocation(object): def dump_children(self, fn): f = self.outfile(fn) for k in self.kids: - f.write("%s\t%s\t%s\n" % (k.name, k.resources.valid_until, k.path("ca.cer"))) + f.write("%s\t%s\t%s\n" % (k.name, k.resources.valid_until, k.path("bpki.myrpki/ca.cer"))) def dump_parents(self, fn): f = self.outfile(fn) if not self.is_root(): - f.write("%s\t%s\t%s\n" % (self.parent.name, "https://some.where.example/", self.parent.path("ca.cer"))) + f.write("%s\t%s\t%s\n" % (self.parent.name, "https://some.where.example/", self.parent.path("bpki.myrpki/ca.cer"))) def dump_prefixes(self, fn): f = self.outfile(fn) |