diff options
| -rw-r--r-- | rpkid/Makefile | 3 | ||||
| -rw-r--r-- | rpkid/rpki/https.py | 16 | ||||
| -rw-r--r-- | rpkid/testbed.6.yaml | 51 | ||||
| -rw-r--r-- | rpkid/testbed.py | 83 |
4 files changed, 118 insertions, 35 deletions
diff --git a/rpkid/Makefile b/rpkid/Makefile index 04059c84..85ef7789 100644 --- a/rpkid/Makefile +++ b/rpkid/Makefile @@ -97,6 +97,9 @@ all-tests:: all all-tests:: all python testbed.py -y testbed.5.yaml +test all-tests:: all + python testbed.py -y testbed.6.yaml + # Documentation doc/irdbd.dot: irdbd.sql diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index fd13b3d8..745789b0 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -39,11 +39,17 @@ PERFORMANCE OF THIS SOFTWARE. import time, socket, asyncore, asynchat, traceback, urlparse import rpki.async, rpki.sundial, rpki.x509, rpki.exceptions, rpki.log -print "====== WARNING WARNING WARNING ======" -print "THIS VERSION OF rpki.https DOES NOT SUPPORT TLS." -print "CONNECTIONS ARE NOT SECURE." -print "THIS IS A DEVELOPMENT VERSION, TLS WILL BE ADDED LATER." -print "====== WARNING WARNING WARNING ======" +import os +if os.getlogin() != "sra": + # + # Have to keep this warning for now, but it has long since become + # tedious while testing other code I have to finish first. + # + print "====== WARNING WARNING WARNING ======" + print "THIS VERSION OF rpki.https DOES NOT SUPPORT TLS." + print "CONNECTIONS ARE NOT SECURE." + print "THIS IS A DEVELOPMENT VERSION, TLS WILL BE ADDED LATER." + print "====== WARNING WARNING WARNING ======" rpki_content_type = "application/x-rpki" diff --git a/rpkid/testbed.6.yaml b/rpkid/testbed.6.yaml new file mode 100644 index 00000000..50e6a4fb --- /dev/null +++ b/rpkid/testbed.6.yaml @@ -0,0 +1,51 @@ +# $Id$ + +# Copyright (C) 2009 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +name: RIR +valid_for: 2d +kids: + - name: Alice + hosted_by: RIR + kids: + - name: Betty + hosted_by: RIR + kids: + - name: Carol + hosted_by: RIR + kids: + - name: Dana + hosted_by: RIR + kids: + - name: Eve + hosted_by: RIR + kids: + - name: Fiona + hosted_by: RIR + ipv4: 192.0.2.1-192.0.2.33 + asn: 64533 + ipv6: 2001:db8::44-2001:db8::100 + route_origin: + - asn: 64533 + ipv6: 2001:db8::80/121 +--- +- name: Fiona + add_as: 33 +--- +- name: Fiona + sub_as: 33 +--- +- name: Fiona + valid_for: 365d diff --git a/rpkid/testbed.py b/rpkid/testbed.py index 715a1f9d..05036ddc 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -400,7 +400,8 @@ class allocation_db(list): if a.is_hosted(): a.hosted_by = self.map[a.hosted_by] a.hosted_by.hosts.append(a) - assert a.is_twig() and not a.hosted_by.is_hosted() + assert a.is_twig(), "%s is not twig" % a.name + assert not a.hosted_by.is_hosted(), "%s is hosted by a hosted entity" % a.name def apply_delta(self, delta, cb): """ @@ -615,6 +616,17 @@ class allocation(object): self.rpki_db_name = "rpki%d" % n self.rpki_port = allocate_port() + def get_rpki_port(self): + """ + Get rpki port to use for this entity. + """ + if self.is_hosted(): + assert self.hosted_by.rpki_port is not None + return self.hosted_by.rpki_port + else: + assert self.rpki_port is not None + return self.rpki_port + def setup_bpki_certs(self): """ Create BPKI certificates for this entity. @@ -636,6 +648,7 @@ class allocation(object): Write config files for this entity. """ rpki.log.info("Writing config files for %s" % self.name) + assert self.rpki_port is not None d = { "my_name" : self.name, "testbed_name" : testbed_name, "irdb_db_name" : self.irdb_db_name, @@ -731,7 +744,9 @@ class allocation(object): self = self.hosted_by assert not self.is_hosted() + assert isinstance(pdus, (list, tuple)) + assert self.rpki_port is not None msg = rpki.left_right.msg(pdus) msg.type = "query" @@ -913,39 +928,11 @@ class allocation(object): def got_repository_id(vals): - pdus = [] - for v in vals: s = selves[int(v.tag)] assert s.self_id == v.self_id s.repository_id = v.repository_id - rpki.log.info("Creating rpkid parent object for %s" % s.name) - - if s.is_root(): - rootd_cert = s.cross_certify(rootd_name + "-TA") - pdus.append(rpki.left_right.parent_elt.make_pdu(action = "create", tag = v.tag, self_id = s.self_id, bsc_id = s.bsc_id, - repository_id = s.repository_id, sia_base = s.sia_base, - bpki_cms_cert = rootd_cert, bpki_https_cert = rootd_cert, sender_name = s.name, recipient_name = "Walrus", - peer_contact_uri = "https://localhost:%s/" % rootd_port)) - else: - parent_cms_cert = s.cross_certify(s.parent.name + "-SELF") - parent_https_cert = s.cross_certify(s.parent.name + "-TA") - pdus.append(rpki.left_right.parent_elt.make_pdu(action = "create", tag = v.tag, self_id = s.self_id, bsc_id = s.bsc_id, - repository_id = s.repository_id, sia_base = s.sia_base, - bpki_cms_cert = parent_cms_cert, bpki_https_cert = parent_https_cert, - sender_name = s.name, recipient_name = s.parent.name, - peer_contact_uri = "https://localhost:%s/up-down/%s" % (s.parent.rpki_port, s.child_id))) - - self.call_rpkid(pdus, cb = got_parent_id) - - def got_parent_id(vals): - - for v in vals: - s = selves[int(v.tag)] - assert s.self_id == v.self_id - s.parent_id = v.parent_id - rpki.log.info("Creating rpkid child objects for %s" % self.name) pdus = [] @@ -980,6 +967,40 @@ class allocation(object): sql_cur.close() sql_db.close() + rpki.log.info("Creating rpkid parent objects for %s" % self.name) + + pdus = [] + + for i, s in enumerate(selves): + + rpki.log.info("Creating rpkid parent object for %s" % s.name) + + if s.is_root(): + rootd_cert = s.cross_certify(rootd_name + "-TA") + pdus.append(rpki.left_right.parent_elt.make_pdu(action = "create", tag = str(i), self_id = s.self_id, bsc_id = s.bsc_id, + repository_id = s.repository_id, sia_base = s.sia_base, + bpki_cms_cert = rootd_cert, bpki_https_cert = rootd_cert, sender_name = s.name, recipient_name = "Walrus", + peer_contact_uri = "https://localhost:%s/" % rootd_port)) + else: + parent_cms_cert = s.cross_certify(s.parent.name + "-SELF") + parent_https_cert = s.cross_certify(s.parent.name + "-TA") + pdus.append(rpki.left_right.parent_elt.make_pdu(action = "create", tag = str(i), self_id = s.self_id, bsc_id = s.bsc_id, + repository_id = s.repository_id, sia_base = s.sia_base, + bpki_cms_cert = parent_cms_cert, bpki_https_cert = parent_https_cert, + sender_name = s.name, recipient_name = s.parent.name, + peer_contact_uri = "https://localhost:%s/up-down/%s" % (s.parent.get_rpki_port(), s.child_id))) + + assert pdus, "%s has no parents, something is whacked" % self.name + + self.call_rpkid(pdus, cb = got_parent_id) + + def got_parent_id(vals): + + for v in vals: + s = selves[int(v.tag)] + assert s.self_id == v.self_id + s.parent_id = v.parent_id + rpki.log.info("Creating rpkid route_origin objects for %s" % self.name) pdus = [] @@ -1042,7 +1063,7 @@ class allocation(object): "child_id" : self.child_id, "parent_name" : self.parent.name, "my_name" : self.name, - "https_port" : self.parent.hosted_by.rpki_port if self.parent.is_hosted() else self.parent.rpki_port, + "https_port" : self.parent.get_rpki_port(), "class_name" : 2 if self.parent.is_hosted() else 1, "sia" : self.sia_base, "ski" : ski }) @@ -1055,6 +1076,8 @@ class allocation(object): rpki.log.info("Running cron for %s" % self.name) + assert self.rpki_port is not None + def done(result): assert result == "OK", 'Expected "OK" result from cronjob, got %r' % result cb() |