diff options
| -rw-r--r-- | scripts/testdb.py | 155 |
1 files changed, 134 insertions, 21 deletions
diff --git a/scripts/testdb.py b/scripts/testdb.py index 2b45b3b1..64aa3743 100644 --- a/scripts/testdb.py +++ b/scripts/testdb.py @@ -18,12 +18,13 @@ def main(): # Steps we need to take here # + # 0: Construct biz keys and certs for this script to use (doh) # 1: Construct config files for rpkid.py and irdb.py instances # 2: Initialize sql for rpki.py and irdb.py instances # 3: Construct biz keys and certs for rpki.py and irdb.py instances for a in db: - setup_biz_certs(a.name) + a.setup_biz_certs() # 4: Populate IRDB(s) # 5: Start RPKI and IRDB instances @@ -105,6 +106,31 @@ class allocation(object): def is_root(self): return self.parent is None def is_twig(self): return self.parent is not None and self.kids + def setup_biz_certs(self): + for tag in ("rpkid", "irdbd"): + setup_biz_cert_chain(self.name + "-" + tag) + +def setup_biz_cert_chain(name): + s = "" + for kind in ("EE", "CA", "TA"): + n = "%s-%s" % (name, kind) + c = biz_cert_fmt_1 % (n, "true" if kind in ("CA", "TA") else "false") + if debug: + print "Would write config file " + n + " containing:\n\n" + c + else: + f = open("%s.cnf" % n, "w") + f.write(c) + f.close() + if not os.path.exists(n + ".key") or not os.path.exists(n + ".req"): + s += biz_cert_fmt_2 % ((n,) * 3) + s += biz_cert_fmt_3 % ((name,) * 14) + if debug: + print "Would execute:\n\n" + s + else: + r = os.system(s) + if r != 0: + raise RunTimeError, "Command failed (status %x):\n%s" % (r, s) + biz_cert_fmt_1 = '''\ [ req ] distinguished_name = req_dn @@ -131,25 +157,112 @@ openssl x509 -req -in %s-CA.req -out %s-CA.cer -extfile %s-CA.cnf -extensions re openssl x509 -req -in %s-EE.req -out %s-EE.cer -extfile %s-EE.cnf -extensions req_x509_ext -CA %s-CA.cer -CAkey %s-CA.key -CAcreateserial ''' -def setup_biz_certs(name): - s = "" - for kind in ("EE", "CA", "TA"): - n = "%s-%s" % (name, kind) - c = biz_cert_fmt_1 % (n, "true" if kind in ("CA", "TA") else "false") - if debug: - print "Would write config file " + n + " containing:\n\n" + c - else: - f = open("%s.cnf" % n, "w") - f.write(c) - f.close() - if not os.path.exists(n + ".key") or not os.path.exists(n + ".req"): - s += biz_cert_fmt_2 % ((n,) * 3) - s += biz_cert_fmt_3 % ((name,) * 14) - if debug: - print "Would execute:\n\n" + s - else: - r = os.system(s) - if r != 0: - raise RunTimeError, "Command failed (status %x):\n%s" % (r, s) +poke_yaml_fmt_1 = '''--- +version: 1 +posturl: https://localhost:%(parent_https_port)s/up-down/%(my_child_id)s +recipient-id: "%(parent_recipient_id)s" +sender-id: "%(my_sender_id)s" + +cms-cert-file: %(my_name)s-EE.cer +cms-key-file: %(my_name)s-EE.key +cms-ca-cert-file: %(parent_name)s-Root.cer +cms-cert-chain-file: [ %(my_name)s-CA.cer ] + +ssl-cert-file: %(my_name)s-EE.cer +ssl-key-file: %(my_name)s-EE.key +ssl-ca-cert-file: %(parent_name)s-Root.cer + +requests: + list: + type: list + issue: + type: issue + class: %(my_class_name)s + sia: [ "%(my_sia_dir)s" ] + revoke: + type: revoke + class: %(my_class_name)s + ski: "%(my_ski)s" +''' + +conf_fmt_1 = '''\ + +[rpkid] + +sql-database = %(rpki_db_name)s +sql-username = rpki +sql-password = %(rpki_db_pass)s + +# RPKI daemon is Bob + +cms-key = Bob-EE.key +cms-cert.0 = Bob-EE.cer +cms-cert.1 = Bob-CA.cer + +cms-ta-irdb = Carol-Root.cer +cms-ta-irbe = Alice-Root.cer + +https-key = Bob-EE.key +https-cert.0 = Bob-EE.cer +https-cert.1 = Bob-CA.cer + +https-ta.0 = Alice-Root.cer +https-ta.1 = Carol-Root.cer +https-ta.2 = Dave-Root.cer +https-ta.3 = Elena-Root.cer +https-ta.4 = Frank-Root.cer +https-ta.5 = Ginny-Root.cer +https-ta.6 = Harry-Root.cer + +irdb-url = https://localhost:4434/ + +[irdb] + +# IRDB is Carol + +sql-database = %(irdb_db_name)s +sql-username = irdb +sql-password = %(irdb_db_pass)s + +cms-key = Carol-EE.key +cms-cert.0 = Carol-EE.cer +cms-cert.1 = Carol-CA.cer +cms-ta = Bob-Root.cer + +https-key = Carol-EE.key +https-cert.0 = Carol-EE.cer +https-cert.1 = Carol-CA.cer +https-ta.0 = Alice-Root.cer +https-ta.1 = Bob-Root.cer +https-ta.2 = Dave-Root.cer +https-ta.3 = Elena-Root.cer +https-ta.4 = Frank-Root.cer +https-ta.5 = Ginny-Root.cer +https-ta.6 = Harry-Root.cer + +https-url = https://localhost:4434/ + +[irbe-cli] + +# IRBE CLI is Alice + +cms-key = Alice-EE.key +cms-cert.0 = Alice-EE.cer +cms-cert.1 = Alice-CA.cer +cms-ta = Bob-Root.cer + +https-key = Alice-EE.key +https-cert.0 = Alice-EE.cer +https-cert.1 = Alice-CA.cer +https-ta.0 = Bob-Root.cer +https-ta.1 = Carol-Root.cer +https-ta.2 = Dave-Root.cer +https-ta.3 = Elena-Root.cer +https-ta.4 = Frank-Root.cer +https-ta.5 = Ginny-Root.cer +https-ta.6 = Harry-Root.cer + +https-url = https://localhost:4433/left-right +''' main() |