diff options
| -rw-r--r-- | rpkid/irdbd.py | 8 | ||||
| -rw-r--r-- | rpkid/pubd.py | 8 | ||||
| -rw-r--r-- | rpkid/rpki/rpki_engine.py | 10 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 68 |
4 files changed, 62 insertions, 32 deletions
diff --git a/rpkid/irdbd.py b/rpkid/irdbd.py index fa694fd2..f7724d89 100644 --- a/rpkid/irdbd.py +++ b/rpkid/irdbd.py @@ -198,10 +198,10 @@ db = MySQLdb.connect(user = cfg.get("sql-username"), cur = db.cursor() db.autocommit(True) -bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) -rpkid_cert = rpki.x509.X509(Auto_file = cfg.get("rpkid-cert")) -irdbd_cert = rpki.x509.X509(Auto_file = cfg.get("irdbd-cert")) -irdbd_key = rpki.x509.RSA( Auto_file = cfg.get("irdbd-key")) +bpki_ta = rpki.x509.X509(Auto_update = cfg.get("bpki-ta")) +rpkid_cert = rpki.x509.X509(Auto_update = cfg.get("rpkid-cert")) +irdbd_cert = rpki.x509.X509(Auto_update = cfg.get("irdbd-cert")) +irdbd_key = rpki.x509.RSA( Auto_update = cfg.get("irdbd-key")) u = urlparse.urlparse(cfg.get("https-url")) diff --git a/rpkid/pubd.py b/rpkid/pubd.py index ca097923..a9ddca6b 100644 --- a/rpkid/pubd.py +++ b/rpkid/pubd.py @@ -52,10 +52,10 @@ class pubd_context(object): self.sql = rpki.sql.session(cfg) - self.bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) - self.irbe_cert = rpki.x509.X509(Auto_file = cfg.get("irbe-cert")) - self.pubd_cert = rpki.x509.X509(Auto_file = cfg.get("pubd-cert")) - self.pubd_key = rpki.x509.RSA( Auto_file = cfg.get("pubd-key")) + self.bpki_ta = rpki.x509.X509(Auto_update = cfg.get("bpki-ta")) + self.irbe_cert = rpki.x509.X509(Auto_update = cfg.get("irbe-cert")) + self.pubd_cert = rpki.x509.X509(Auto_update = cfg.get("pubd-cert")) + self.pubd_key = rpki.x509.RSA( Auto_update = cfg.get("pubd-key")) self.https_server_host = cfg.get("server-host", "") self.https_server_port = int(cfg.get("server-port", "4434")) diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py index 5b79f6e5..69dd7201 100644 --- a/rpkid/rpki/rpki_engine.py +++ b/rpkid/rpki/rpki_engine.py @@ -45,11 +45,11 @@ class rpkid_context(object): self.sql = rpki.sql.session(cfg) - self.bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) - self.irdb_cert = rpki.x509.X509(Auto_file = cfg.get("irdb-cert")) - self.irbe_cert = rpki.x509.X509(Auto_file = cfg.get("irbe-cert")) - self.rpkid_cert = rpki.x509.X509(Auto_file = cfg.get("rpkid-cert")) - self.rpkid_key = rpki.x509.RSA( Auto_file = cfg.get("rpkid-key")) + self.bpki_ta = rpki.x509.X509(Auto_update = cfg.get("bpki-ta")) + self.irdb_cert = rpki.x509.X509(Auto_update = cfg.get("irdb-cert")) + self.irbe_cert = rpki.x509.X509(Auto_update = cfg.get("irbe-cert")) + self.rpkid_cert = rpki.x509.X509(Auto_update = cfg.get("rpkid-cert")) + self.rpkid_key = rpki.x509.RSA( Auto_update = cfg.get("rpkid-key")) self.irdb_url = cfg.get("irdb-url") diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index f7929d00..0fef3235 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -139,10 +139,7 @@ class DER_object(object): """ Test whether this object is empty. """ - for a in self.formats: - if getattr(self, a, None) is not None: - return False - return True + return all(getattr(self, a, None) is None for a in self.formats) def clear(self): """ @@ -150,6 +147,8 @@ class DER_object(object): """ for a in self.formats + self.other_clear: setattr(self, a, None) + self.filename = None + self.timestamp = None def __init__(self, **kw): """ @@ -183,6 +182,10 @@ class DER_object(object): self.clear() self.DER = base64.b64decode(kw[name]) return + if name == "Auto_update": + self.filename = kw[name] + self.check_auto_update() + return if name in ("PEM_file", "DER_file", "Auto_file"): f = open(kw[name], "rb") value = f.read() @@ -194,13 +197,40 @@ class DER_object(object): return raise rpki.exceptions.DERObjectConversionError, "Can't honor conversion request %r" % (kw,) + def check_auto_update(self): + """ + Check for updates to a DER object that auto-updates from a file. + """ + if self.filename is None: + return + filename = self.filename + timestamp = os.stat(self.filename).st_mtime + if self.timestamp is None or self.timestamp < timestamp: + rpki.log.debug("Updating %s, timestamp %s" % (filename, rpki.sundial.datetime.fromtimestamp(timestamp))) + f = open(filename, "rb") + value = f.read() + f.close() + if self.pem_converter.looks_like_PEM(value): + value = self.pem_converter.to_DER(value) + self.clear() + self.DER = value + self.filename = filename + self.timestamp = timestamp + + def check(self): + """ + Perform basic checks on a DER object. + """ + assert not self.empty() + self.check_auto_update() + def get_DER(self): """ Get the DER value of this object. Subclasses will almost certainly override this method. """ - assert not self.empty() + self.check() if self.DER: return self.DER raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" @@ -379,7 +409,7 @@ class X509(DER_object): """ Get the DER value of this certificate. """ - assert not self.empty() + self.check() if self.DER: return self.DER if self.POW: @@ -394,7 +424,7 @@ class X509(DER_object): """ Get the POW value of this certificate. """ - assert not self.empty() + self.check() if not self.POW: self.POW = POW.derRead(POW.X509_CERTIFICATE, self.get_DER()) return self.POW @@ -403,7 +433,7 @@ class X509(DER_object): """ Get the POW.pkix value of this certificate. """ - assert not self.empty() + self.check() if not self.POWpkix: cert = POW.pkix.Certificate() cert.fromString(self.get_DER()) @@ -547,7 +577,7 @@ class PKCS10(DER_object): """ Get the DER value of this certification request. """ - assert not self.empty() + self.check() if self.DER: return self.DER if self.POWpkix: @@ -559,7 +589,7 @@ class PKCS10(DER_object): """ Get the POW.pkix value of this certification request. """ - assert not self.empty() + self.check() if not self.POWpkix: req = POW.pkix.CertificationRequest() req.fromString(self.get_DER()) @@ -656,7 +686,7 @@ class RSA(DER_object): """ Get the DER value of this keypair. """ - assert not self.empty() + self.check() if self.DER: return self.DER if self.POW: @@ -668,7 +698,7 @@ class RSA(DER_object): """ Get the POW value of this keypair. """ - assert not self.empty() + self.check() if not self.POW: self.POW = POW.derRead(POW.RSA_PRIVATE_KEY, self.get_DER()) return self.POW @@ -705,7 +735,7 @@ class RSApublic(DER_object): """ Get the DER value of this public key. """ - assert not self.empty() + self.check() if self.DER: return self.DER if self.POW: @@ -717,7 +747,7 @@ class RSApublic(DER_object): """ Get the POW value of this public key. """ - assert not self.empty() + self.check() if not self.POW: self.POW = POW.derRead(POW.RSA_PUBLIC_KEY, self.get_DER()) return self.POW @@ -781,7 +811,7 @@ class CMS_object(DER_object): """ Get the DER value of this CMS_object. """ - assert not self.empty() + self.check() if self.DER: return self.DER if self.POW: @@ -793,7 +823,7 @@ class CMS_object(DER_object): """ Get the POW value of this CMS_object. """ - assert not self.empty() + self.check() if not self.POW: self.POW = POW.derRead(POW.CMS_MESSAGE, self.get_DER()) return self.POW @@ -1155,7 +1185,7 @@ class CRL(DER_object): """ Get the DER value of this CRL. """ - assert not self.empty() + self.check() if self.DER: return self.DER if self.POW: @@ -1170,7 +1200,7 @@ class CRL(DER_object): """ Get the POW value of this CRL. """ - assert not self.empty() + self.check() if not self.POW: self.POW = POW.derRead(POW.X509_CRL, self.get_DER()) return self.POW @@ -1179,7 +1209,7 @@ class CRL(DER_object): """ Get the POW.pkix value of this CRL. """ - assert not self.empty() + self.check() if not self.POWpkix: crl = POW.pkix.CertificateList() crl.fromString(self.get_DER()) |