diff options
| -rw-r--r-- | scripts/http-client.py | 16 | ||||
| -rw-r--r-- | scripts/http-server.py | 10 | ||||
| -rwxr-xr-x | scripts/irbe-cli.py | 15 | ||||
| -rw-r--r-- | scripts/rpki/https.py | 40 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 1 |
5 files changed, 41 insertions, 41 deletions
diff --git a/scripts/http-client.py b/scripts/http-client.py index 53150a9c..18fcbf9c 100644 --- a/scripts/http-client.py +++ b/scripts/http-client.py @@ -2,5 +2,17 @@ import rpki.config, rpki.https -certInfo = rpki.https.CertInfo(rpki.config.parser("http-demo.conf"), "client") -print rpki.https.client(certInfo=certInfo, msg="This is a test. This is only a test. Had this been real you would now be really confused.\n") +msg = "This is a test. This is only a test. Had this been real you would now be really confused.\n" + +cfg = rpki.config.parser("http-demo.conf") +section = "client" + +privateKey = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key")) + +certChain = rpki.x509.X509_chain() +certChain.load_from_PEM(cfg.multiget(section, "https-cert")) + +x509TrustList = rpki.x509.X509_chain() +x509TrustList.load_from_PEM(cfg.multiget(section, "https-ta")) + +print rpki.https.client(privateKey=privateKey, certChain=certChain, x509TrustList=x509TrustList, msg=msg) diff --git a/scripts/http-server.py b/scripts/http-server.py index 876ea48c..dd7ec9a2 100644 --- a/scripts/http-server.py +++ b/scripts/http-server.py @@ -2,9 +2,15 @@ import rpki.https, tlslite.api, rpki.config -certInfo = rpki.https.CertInfo(rpki.config.parser("http-demo.conf"), "server") +cfg = rpki.config.parser("http-demo.conf") +section = "server" + +privateKey = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key")) + +certChain = rpki.x509.X509_chain() +certChain.load_from_PEM(cfg.multiget(section, "https-cert")) def handler(query, path): return 200, "Path: %s\nQuery: %s" % (path, query) -rpki.https.server(certInfo=certInfo, handlers={"/" : handler}) +rpki.https.server(privateKey=privateKey, certChain=certChain, handlers={"/" : handler}) diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py index 7039cac9..a0afafa7 100755 --- a/scripts/irbe-cli.py +++ b/scripts/irbe-cli.py @@ -136,11 +136,13 @@ def main(): rng = rpki.relaxng.RelaxNG(cfg.get(section, "rng-schema")) - print "rpki.https.CertInfo() needs rewriting!" - # - # ... but use it for now - # - httpsCerts = rpki.https.CertInfo(cfg, section) + privateKey = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key")) + + certChain = rpki.x509.X509_chain() + certChain.load_from_PEM(cfg.multiget(section, "https-cert")) + + x509TrustList = rpki.x509.X509_chain() + x509TrustList.load_from_PEM(cfg.multiget(section, "https-ta")) q_msg = rpki.left_right.msg() @@ -169,7 +171,8 @@ def main(): q_cms = rpki.cms.encode(q_xml, cfg.get(section, "cms-key"), cfg.multiget(section, "cms-cert")) - r_cms = rpki.https.client(certInfo=httpsCerts, msg=q_cms, url="/left-right") + r_cms = rpki.https.client(privateKey=privateKey, certChain=certChain, x509TrustList=x509TrustList, + msg=q_cms, url="/left-right") r_xml = rpki.cms.decode(r_cms, cfg.get(section, "cms-peer")) diff --git a/scripts/rpki/https.py b/scripts/rpki/https.py index 428fb918..fe2d404b 100644 --- a/scripts/rpki/https.py +++ b/scripts/rpki/https.py @@ -7,34 +7,11 @@ subversion repository; generalizing it would not be hard, but the more general version should use SQL anyway. """ -import httplib, BaseHTTPServer, tlslite.api, glob, rpki.x509, rpki.config +import httplib, BaseHTTPServer, tlslite.api, glob, rpki.x509 rpki_content_type = "application/x-rpki" -class CertInfo(object): - """Certificate context. - - This hides a bunch of grotty details about how we store and name - certificates in this test setup. This code will definitely need to - change, soon, but this class keeps most of this rubbish in one - place. - """ - - def __init__(self, cfg, section): - - keypair = rpki.x509.RSA_Keypair(PEM_file = cfg.get(section, "https-key")) - self.privateKey = keypair.get_tlslite() - - chain = rpki.x509.X509_chain() - chain.load_from_PEM(cfg.multiget(section, "https-cert")) - chain.chainsort() - self.certChain = chain.tlslite_certChain() - - trustlist = rpki.x509.X509_chain() - trustlist.load_from_PEM(cfg.multiget(section, "https-ta")) - self.x509TrustList = trustlist.tlslite_trustList() - -def client(msg, certInfo, host="localhost", port=4433, url="/"): +def client(msg, privateKey, certChain, x509TrustList, host="localhost", port=4433, url="/"): """Open client HTTPS connection, send a message, wait for response. This function wraps most of what one needs to do to send a message @@ -45,9 +22,9 @@ def client(msg, certInfo, host="localhost", port=4433, url="/"): httpc = tlslite.api.HTTPTLSConnection(host=host, port=port, - certChain=certInfo.certChain, - privateKey=certInfo.privateKey, - x509TrustList=certInfo.x509TrustList) + privateKey=privateKey.get_tlslite(), + certChain=certChain.tlslite_certChain(), + x509TrustList=x509TrustList.tlslite_trustList()) httpc.connect() httpc.request("POST", url, msg, {"Content-Type" : rpki_content_type}) response = httpc.getresponse() @@ -100,15 +77,16 @@ class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): print "TLS handshake failure:", str(error) return False -def server(handlers, certInfo, port=4433, host=""): +def server(handlers, privateKey, certChain, port=4433, host=""): """Run an HTTPS server and wait (forever) for connections.""" class boundRequestHandler(requestHandler): rpki_handlers = handlers httpd = httpServer((host, port), boundRequestHandler) - httpd.rpki_privateKey = certInfo.privateKey - httpd.rpki_certChain = certInfo.certChain + + httpd.rpki_privateKey = privateKey.get_tlslite() + httpd.rpki_certChain = certChain.tlslite_certChain() httpd.rpki_sessionCache = tlslite.api.SessionCache() httpd.serve_forever() diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 966191a6..49f1e61e 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -224,6 +224,7 @@ class X509_chain(list): def tlslite_certChain(self): """Return a certChain in the format tlslite likes.""" + self.chainsort() return tlslite.api.X509CertChain([x.get_tlslite() for x in self]) def tlslite_trustList(self): |