diff options
| -rw-r--r-- | myrpki.rototill/myrpki.py | 51 | ||||
| -rw-r--r-- | myrpki.rototill/setup.py | 46 | ||||
| -rw-r--r-- | myrpki.rototill/yamltest.py | 14 |
3 files changed, 61 insertions, 50 deletions
diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index 6a62b0ba..7c8642aa 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -49,7 +49,7 @@ PERFORMANCE OF THIS SOFTWARE. # Only standard Python libraries for this program, please. -import subprocess, csv, re, os, getopt, sys, ConfigParser, base64 +import subprocess, csv, re, os, getopt, sys, ConfigParser, base64, glob from xml.etree.ElementTree import Element, SubElement, ElementTree @@ -245,14 +245,19 @@ class children(dict): c.xml(e) @classmethod - def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file, xcert): + def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file, fxcert): """ Parse child resources, certificates, and validity dates from CSV files. """ self = cls() - # childname date pemfile - for handle, date, pemfile in csv_open(children_csv_file): - self.add(handle = handle, validity = date, bpki_certificate = xcert(pemfile)) + + # Need something like setup.py's entitydb() function. Wire in pathnames for now. + for f in glob.iglob("entitydb/children/*.xml"): + c = etree_read(f) + self.add(handle = os.path.splitext(os.path.split(f)[-1])[0], + validity = c.get("valid_until"), + bpki_certificate = fxcert(c.findtext("bpki_child_ta"))) + # childname p/n for handle, pn in csv_open(prefix_csv_file): self.add(handle = handle, prefix = pn) @@ -353,19 +358,33 @@ class parents(dict): c.xml(e) @classmethod - def from_csv(cls, parents_csv_file, xcert): + def from_csv(cls, parents_csv_file, fxcert): """ Parse parent data from CSV file. """ self = cls() - # parentname service_uri parent_bpki_cms_pemfile parent_bpki_https_pemfile myhandle sia_base - for handle, service_uri, parent_cms_pemfile, parent_https_pemfile, myhandle, sia_base in csv_open(parents_csv_file): - self.add(handle = handle, - service_uri = service_uri, - bpki_cms_certificate = xcert(parent_cms_pemfile), - bpki_https_certificate = xcert(parent_https_pemfile), - myhandle = myhandle, - sia_base = sia_base) + if False: + # parentname service_uri parent_bpki_cms_pemfile parent_bpki_https_pemfile myhandle sia_base + for handle, service_uri, parent_cms_pemfile, parent_https_pemfile, myhandle, sia_base in csv_open(parents_csv_file): + self.add(handle = handle, + service_uri = service_uri, + bpki_cms_certificate = xcert(parent_cms_pemfile), + bpki_https_certificate = xcert(parent_https_pemfile), + myhandle = myhandle, + sia_base = sia_base) + else: + # Need something like setup.py's entitydb() function. Wire in pathnames for now. + for f in glob.iglob("entitydb/parents/*.xml"): + h = os.path.splitext(os.path.split(f)[-1])[0] + p = etree_read(f) + r = etree_read(f.replace("/parents/", "/repositories/")) + assert r.get("type") == "confirmed" + self.add(handle = h, + service_uri = p.get("service_uri"), + bpki_cms_certificate = fxcert(p.findtext("bpki_resource_ta")), + bpki_https_certificate = fxcert(p.findtext("bpki_server_ta")), + myhandle = p.get("child_handle"), + sia_base = r.get("sia_base")) return self def csv_open(filename): @@ -665,11 +684,11 @@ def main(argv = ()): children_csv_file = children_csv_file, prefix_csv_file = prefix_csv_file, asn_csv_file = asn_csv_file, - xcert = bpki.xcert).xml(e) + fxcert = bpki.fxcert).xml(e) parents.from_csv( parents_csv_file = parents_csv_file, - xcert = bpki.xcert).xml(e) + fxcert = bpki.fxcert).xml(e) PEMElement(e, "bpki_ca_certificate", bpki.cer) PEMElement(e, "bpki_crl", bpki.crl) diff --git a/myrpki.rototill/setup.py b/myrpki.rototill/setup.py index 61eb6b1c..1f03e4a9 100644 --- a/myrpki.rototill/setup.py +++ b/myrpki.rototill/setup.py @@ -155,14 +155,14 @@ class main(rpki.cli.Cmd): if self.run_rootd: - e = Element("parent", parent_handle = "rootd", child_handle = self.handle, - service_url = "https://localhost:%s/" % self.cfg.get("rootd_server_port"), + e = Element("parent", parent_handle = self.handle, child_handle = self.handle, + service_uri = "https://localhost:%s/" % self.cfg.get("rootd_server_port"), valid_until = str(rpki.sundial.now() + rpki.sundial.timedelta(days = 365))) PEMElement(e, "bpki_resource_ta", self.bpki_servers.cer) PEMElement(e, "bpki_server_ta", self.bpki_servers.cer) PEMElement(e, "bpki_child_ta", self.bpki_resources.cer) SubElement(e, "repository", type = "offer") - myrpki.etree_write(e, self.entitydb("parents", "rootd.xml")) + myrpki.etree_write(e, self.entitydb("parents", "%s.xml" % self.handle)) self.bpki_resources.xcert(self.bpki_servers.cer) @@ -174,7 +174,7 @@ class main(rpki.cli.Cmd): # if we had received an offer. if self.run_pubd: - e = Element("repository", type = "request", handle = self.handle) + e = Element("repository", type = "request", handle = self.handle, parent_handle = self.handle) SubElement(e, "contact_info").text = self.pubd_contact_info PEMElement(e, "bpki_ta", self.bpki_resources.cer) myrpki.etree_write(e, self.entitydb("repositories", "%s.xml" % self.handle)) @@ -207,7 +207,7 @@ class main(rpki.cli.Cmd): self.bpki_servers.fxcert(c.findtext("bpki_ta")) e = Element("parent", parent_handle = self.handle, child_handle = child_handle, - service_url = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), + service_uri = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), self.cfg.get("rpkid_server_port"), self.handle, child_handle), valid_until = str(rpki.sundial.now() + rpki.sundial.timedelta(days = 365))) @@ -240,14 +240,11 @@ class main(rpki.cli.Cmd): self.load_xml() parent_handle = None - repository_handle = None - opts, argv = getopt.getopt(arg.split(), "", ["parent_handle=", "repository_handle="]) + opts, argv = getopt.getopt(arg.split(), "", ["parent_handle="]) for o, a in opts: if o == "--parent_handle": parent_handle = a - elif o == "--repository_handle": - repository_handle = a if len(argv) != 1: raise RuntimeError, "Need to specify filename for parent.xml on command line" @@ -257,12 +254,8 @@ class main(rpki.cli.Cmd): if parent_handle is None: parent_handle = p.get("parent_handle") - if repository_handle is None: - repository_handle = parent_handle - print "Parent calls itself %r, we call it %r" % (p.get("parent_handle"), parent_handle) print "Parent calls us %r" % p.get("child_handle") - print "We call repository %r" % repository_handle self.bpki_resources.fxcert(p.findtext("bpki_resource_ta")) self.bpki_resources.fxcert(p.findtext("bpki_server_ta")) @@ -273,8 +266,9 @@ class main(rpki.cli.Cmd): if r is not None and r.get("type") in ("offer", "hint"): r.set("handle", self.handle) + r.set("parent_handle", parent_handle) PEMElement(r, "bpki_ta", self.bpki_resources.cer) - myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % repository_handle)) + myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % parent_handle)) else: print "Couldn't find repository offer or hint" @@ -322,7 +316,7 @@ class main(rpki.cli.Cmd): # For the moment we cheat egregiously, no crypto, blind trust of # what we're sent, while I focus on the basic semantics. - # + if sia_base is None and c.get("proposed_sia_base"): sia_base = c.get("proposed_sia_base") elif sia_base is None and c.get("handle") == self.handle: @@ -332,15 +326,19 @@ class main(rpki.cli.Cmd): client_handle = "/".join(sia_base.rstrip("/").split("/")[3:]) + parent_handle = c.get("parent_handle") + print "Client calls itself %r, we call it %r" % (c.get("handle"), client_handle) + print "Client says its parent handle is %r" % parent_handle self.bpki_servers.fxcert(c.findtext("bpki_ta")) e = Element("repository", type = "confirmed", repository_handle = self.handle, client_handle = client_handle, + parent_handle = parent_handle, sia_base = sia_base, - service_url = "https://%s:%s/client/%s" % (self.cfg.get("pubd_server_host"), + service_uri = "https://%s:%s/client/%s" % (self.cfg.get("pubd_server_host"), self.cfg.get("pubd_server_port"), client_handle)) @@ -354,25 +352,19 @@ class main(rpki.cli.Cmd): self.load_xml() - repository_handle = None - - opts, argv = getopt.getopt(arg.split(), "", ["repository_handle="]) - for o, a in opts: - if o == "--repository_handle": - repository_handle = a + argv = arg.split() if len(argv) != 1: raise RuntimeError, "Need to specify filename for repository.xml on command line" r = myrpki.etree_read(argv[0]) - if repository_handle is None: - repository_handle = r.get("repository_handle") + parent_handle = r.get("parent_handle") - print "Repository calls itself %r, we call it %r" % (r.get("repository_handle"), repository_handle) - print "Repository calls us %r" % r.get("client_handle") + print "Repository calls itself %r, calls us %r" % (r.get("repository_handle"), r.get("client_handle")) + print "Repository response associated with parent_handle %r" % parent_handle - myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % repository_handle)) + myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % parent_handle)) def do_compose_request_to_host(self, arg): diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py index 97952532..131df947 100644 --- a/myrpki.rototill/yamltest.py +++ b/myrpki.rototill/yamltest.py @@ -624,7 +624,13 @@ for d in db: # setup. for d in db: - if not d.is_root(): + if d.is_root(): + print + d.run_setup("answer_repository_client", d.path("entitydb", "repositories", "%s.xml" % d.name)) + print + d.run_setup("process_repository_answer", d.path("entitydb", "pubclients", "%s.xml" % d.name)) + print + else: print d.parent.run_setup("answer_child", d.path("entitydb", "identity.xml")) print @@ -635,12 +641,6 @@ for d in db: print d.run_setup("process_repository_answer", p.path("entitydb", "pubclients", "%s.xml" % n)) print - else: - print - d.run_setup("answer_repository_client", d.path("entitydb", "identity.xml")) - print - d.run_setup("process_repository_answer", d.path("entitydb", "pubclients", "%s.xml" % d.name)) - print # Run myrpki.py several times for each entity. First pass misses # stuff that isn't generated until later in first pass. Second pass |