diff options
| -rw-r--r-- | rpki/fields.py | 4 | ||||
| -rw-r--r-- | rpki/rpkid.py | 12 | ||||
| -rw-r--r-- | rpki/rpkidb/migrations/0001_initial.py | 233 | ||||
| -rw-r--r-- | rpki/rpkidb/migrations/__init__.py | 0 | ||||
| -rw-r--r-- | rpki/rpkidb/models.py | 147 |
5 files changed, 391 insertions, 5 deletions
diff --git a/rpki/fields.py b/rpki/fields.py index dab6ce14..d1025c35 100644 --- a/rpki/fields.py +++ b/rpki/fields.py @@ -99,6 +99,10 @@ class BlobField(models.Field): guidelines than actual rules. But "BLOB" works. For anything else, we just use "BLOB" and hope for the best. + + NB: This field type predates Django 1.6's BinaryField. Probably + this should be retired in favor of BinaryField, but I'd have to + figure out what that does to field types that derive from this one. """ __metaclass__ = models.SubfieldBase diff --git a/rpki/rpkid.py b/rpki/rpkid.py index 478c46bd..4e376a68 100644 --- a/rpki/rpkid.py +++ b/rpki/rpkid.py @@ -284,12 +284,14 @@ class main(object): if match is None: raise rpki.exceptions.BadContactURL("Bad URL path received in up_down_handler(): %s" % path) self_handle, child_handle = match.groups() - child = rpki.left_right.child_elt.sql_fetch_where1(self, - "self.self_handle = %s AND child.child_handle = %s AND child.self_id = self.self_id", - (self_handle, child_handle), - "self") + child = rpki.left_right.child_elt.sql_fetch_where1( + gctx = self, + where = "self.self_handle = %s AND child.child_handle = %s AND child.self_id = self.self_id", + args = (self_handle, child_handle), + also_from = "self") if child is None: - raise rpki.exceptions.ChildNotFound("Could not find child %s of self %s in up_down_handler()" % (child_handle, self_handle)) + raise rpki.exceptions.ChildNotFound("Could not find child %s of self %s in up_down_handler()" % ( + child_handle, self_handle)) child.serve_up_down(q_der, done) except (rpki.async.ExitNow, SystemExit): raise diff --git a/rpki/rpkidb/migrations/0001_initial.py b/rpki/rpkidb/migrations/0001_initial.py new file mode 100644 index 00000000..77c9012f --- /dev/null +++ b/rpki/rpkidb/migrations/0001_initial.py @@ -0,0 +1,233 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models +import rpki.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ] + + operations = [ + migrations.CreateModel( + name='BSC', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('bsc_handle', models.SlugField(max_length=255)), + ('private_key_id', rpki.fields.KeyField(default=None, serialize=False, blank=True)), + ('pkcs10_request', rpki.fields.PKCS10Field(default=None, serialize=False, blank=True)), + ('hash_alg', rpki.fields.EnumField(choices=[(1, 'sha256')])), + ('signing_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('signing_cert_crl', rpki.fields.CRLField(default=None, serialize=False, null=True, blank=True)), + ], + ), + migrations.CreateModel( + name='CA', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('last_crl_sn', models.BigIntegerField()), + ('last_manifest_sn', models.BigIntegerField()), + ('next_manifest_update', rpki.fields.SundialField(null=True)), + ('next_crl_update', rpki.fields.SundialField(null=True)), + ('last_issued_sn', models.BigIntegerField()), + ('sia_uri', models.TextField(null=True)), + ('parent_resource_class', models.TextField(null=True)), + ], + ), + migrations.CreateModel( + name='CADetail', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('public_key', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('private_key_id', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('latest_crl', rpki.fields.CRLField(default=None, serialize=False, null=True, blank=True)), + ('crl_published', rpki.fields.SundialField(null=True)), + ('latest_ca_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('manifest_private_key_id', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('manifest_public_key', rpki.fields.KeyField(default=None, serialize=False, null=True, blank=True)), + ('latest_manifest_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('latest_manifest', rpki.fields.ManifestField(default=None, serialize=False, null=True, blank=True)), + ('manifest_published', rpki.fields.SundialField(null=True)), + ('state', rpki.fields.EnumField(choices=[(1, 'pending'), (2, 'active'), (3, 'deprecated'), (4, 'revoked')])), + ('ca_cert_uri', models.TextField(null=True)), + ('ca', models.ForeignKey(to='rpkidb.CA')), + ], + ), + migrations.CreateModel( + name='Child', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('child_handle', models.SlugField(max_length=255)), + ('bpki_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('last_cms_timestamp', rpki.fields.SundialField(null=True)), + ('bsc', models.ForeignKey(to='rpkidb.BSC')), + ], + ), + migrations.CreateModel( + name='ChildCert', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ski', rpki.fields.BlobField(default=None, serialize=False, blank=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ('child', models.ForeignKey(to='rpkidb.Child')), + ], + ), + migrations.CreateModel( + name='EECert', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('ski', rpki.fields.BlobField(default=None, serialize=False, blank=True)), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='Ghostbuster', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('vcard', models.TextField()), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('ghostbuster', rpki.fields.GhostbusterField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='Parent', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('parent_handle', models.SlugField(max_length=255)), + ('bpki_cms_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_cms_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('peer_contact_uri', models.TextField(null=True)), + ('sia_base', models.TextField(null=True)), + ('sender_name', models.TextField(null=True)), + ('recipient_name', models.TextField(null=True)), + ('last_cms_timestamp', rpki.fields.SundialField(null=True)), + ('bsc', models.ForeignKey(to='rpkidb.BSC')), + ], + ), + migrations.CreateModel( + name='Repository', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('repository_handle', models.SlugField(max_length=255)), + ('peer_contact_uri', models.TextField(null=True)), + ('bpki_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('last_cms_timestamp', rpki.fields.SundialField(null=True)), + ('bsc', models.ForeignKey(to='rpkidb.BSC')), + ], + ), + migrations.CreateModel( + name='RevokedCert', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('serial', models.BigIntegerField()), + ('revoked', rpki.fields.SundialField()), + ('expires', rpki.fields.SundialField()), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='ROA', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('asn', models.BigIntegerField()), + ('cert', rpki.fields.CertificateField(default=None, serialize=False, blank=True)), + ('roa', rpki.fields.ROAField(default=None, serialize=False, blank=True)), + ('published', rpki.fields.SundialField(null=True)), + ('ca_detail', models.ForeignKey(to='rpkidb.CADetail')), + ], + ), + migrations.CreateModel( + name='ROAPrefix', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('prefix', models.CharField(max_length=40)), + ('prefixlen', models.SmallIntegerField()), + ('max_prefixlen', models.SmallIntegerField()), + ('version', models.SmallIntegerField()), + ('roa', models.ForeignKey(to='rpkidb.ROA')), + ], + ), + migrations.CreateModel( + name='Self', + fields=[ + ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), + ('self_handle', models.SlugField(max_length=255)), + ('use_hsm', models.BooleanField(default=False)), + ('crl_interval', models.BigIntegerField(null=True)), + ('regen_margin', models.BigIntegerField(null=True)), + ('bpki_cert', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ('bpki_glue', rpki.fields.CertificateField(default=None, serialize=False, null=True, blank=True)), + ], + ), + migrations.AddField( + model_name='roa', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='repository', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='parent', + name='repository', + field=models.ForeignKey(to='rpkidb.Repository'), + ), + migrations.AddField( + model_name='parent', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='ghostbuster', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='eecert', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='child', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AddField( + model_name='ca', + name='parent', + field=models.ForeignKey(to='rpkidb.Parent'), + ), + migrations.AddField( + model_name='bsc', + name='self', + field=models.ForeignKey(to='rpkidb.Self'), + ), + migrations.AlterUniqueTogether( + name='repository', + unique_together=set([('self', 'repository_handle')]), + ), + migrations.AlterUniqueTogether( + name='parent', + unique_together=set([('self', 'parent_handle')]), + ), + migrations.AlterUniqueTogether( + name='child', + unique_together=set([('self', 'child_handle')]), + ), + migrations.AlterUniqueTogether( + name='bsc', + unique_together=set([('self', 'bsc_handle')]), + ), + ] diff --git a/rpki/rpkidb/migrations/__init__.py b/rpki/rpkidb/migrations/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/rpki/rpkidb/migrations/__init__.py diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py new file mode 100644 index 00000000..a289b7ee --- /dev/null +++ b/rpki/rpkidb/models.py @@ -0,0 +1,147 @@ +""" +Django ORM models for rpkid. +""" + +from __future__ import unicode_literals +from django.db import models + +from rpki.fields import (EnumField, SundialField, BlobField, + CertificateField, KeyField, CRLField, PKCS10Field, + ManifestField, ROAField, GhostbusterField) + + +# The objects available via the left-right protocol allow NULL values +# in places we wouldn't otherwise (eg, bpki_cert fields), to support +# existing protocol which allows back-end to build up objects +# gradually. We may want to rethink this eventually, but that yak can +# wait for its shave, particularly since disallowing null should be a +# very simple change given migrations. + + +# "self" was a really bad name for this, but we weren't using Python +# when we named it. Perhaps "Tenant" would be a better name? Even +# means sort of the right thing, well, in French anyway. +# Eventually rename in left-right too, I guess. + +class Self(models.Model): + self_handle = models.SlugField(max_length = 255) + use_hsm = models.BooleanField(default = False) + crl_interval = models.BigIntegerField(null = True) + regen_margin = models.BigIntegerField(null = True) + bpki_cert = CertificateField(null = True) + bpki_glue = CertificateField(null = True) + +class BSC(models.Model): + bsc_handle = models.SlugField(max_length = 255) + private_key_id = KeyField() + pkcs10_request = PKCS10Field() + hash_alg = EnumField(choices = ("sha256",)) + signing_cert = CertificateField(null = True) + signing_cert_crl = CRLField(null = True) + self = models.ForeignKey(Self) + class Meta: + unique_together = ("self", "bsc_handle") + +class Repository(models.Model): + repository_handle = models.SlugField(max_length = 255) + peer_contact_uri = models.TextField(null = True) + bpki_cert = CertificateField(null = True) + bpki_glue = CertificateField(null = True) + last_cms_timestamp = SundialField(null = True) + bsc = models.ForeignKey(BSC) + self = models.ForeignKey(Self) + class Meta: + unique_together = ("self", "repository_handle") + +class Parent(models.Model): + parent_handle = models.SlugField(max_length = 255) + bpki_cms_cert = CertificateField(null = True) + bpki_cms_glue = CertificateField(null = True) + peer_contact_uri = models.TextField(null = True) + sia_base = models.TextField(null = True) + sender_name = models.TextField(null = True) + recipient_name = models.TextField(null = True) + last_cms_timestamp = SundialField(null = True) + self = models.ForeignKey(Self) + bsc = models.ForeignKey(BSC) + repository = models.ForeignKey(Repository) + class Meta: + unique_together = ("self", "parent_handle") + +class CA(models.Model): + last_crl_sn = models.BigIntegerField() + last_manifest_sn = models.BigIntegerField() + next_manifest_update = SundialField(null = True) + next_crl_update = SundialField(null = True) + last_issued_sn = models.BigIntegerField() + sia_uri = models.TextField(null = True) + parent_resource_class = models.TextField(null = True) + parent = models.ForeignKey(Parent) + +class CADetail(models.Model): + public_key = KeyField(null = True) + private_key_id = KeyField(null = True) + latest_crl = CRLField(null = True) + crl_published = SundialField(null = True) + latest_ca_cert = CertificateField(null = True) + manifest_private_key_id = KeyField(null = True) + manifest_public_key = KeyField(null = True) + latest_manifest_cert = CertificateField(null = True) + latest_manifest = ManifestField(null = True) + manifest_published = SundialField(null = True) + state = EnumField(choices = ("pending", "active", "deprecated", "revoked")) + ca_cert_uri = models.TextField(null = True) + ca = models.ForeignKey(CA) + +class Child(models.Model): + child_handle = models.SlugField(max_length = 255) + bpki_cert = CertificateField(null = True) + bpki_glue = CertificateField(null = True) + last_cms_timestamp = SundialField(null = True) + self = models.ForeignKey(Self) + bsc = models.ForeignKey(BSC) + class Meta: + unique_together = ("self", "child_handle") + +class ChildCert(models.Model): + cert = CertificateField() + published = SundialField(null = True) + ski = BlobField() + child = models.ForeignKey(Child) + ca_detail = models.ForeignKey(CADetail) + +class EECert(models.Model): + ski = BlobField() + cert = CertificateField() + published = SundialField(null = True) + self = models.ForeignKey(Self) + ca_detail = models.ForeignKey(CADetail) + +class Ghostbuster(models.Model): + vcard = models.TextField() + cert = CertificateField() + ghostbuster = GhostbusterField() + published = SundialField(null = True) + self = models.ForeignKey(Self) + ca_detail = models.ForeignKey(CADetail) + +class RevokedCert(models.Model): + serial = models.BigIntegerField() + revoked = SundialField() + expires = SundialField() + ca_detail = models.ForeignKey(CADetail) + +class ROA(models.Model): + asn = models.BigIntegerField() + cert = CertificateField() + roa = ROAField() + published = SundialField(null = True) + self = models.ForeignKey(Self) + ca_detail = models.ForeignKey(CADetail) + +class ROAPrefix(models.Model): + prefix = models.CharField(max_length = 40) + prefixlen = models.SmallIntegerField() + max_prefixlen = models.SmallIntegerField() + version = models.SmallIntegerField() + roa = models.ForeignKey(ROA) |