diff options
| -rwxr-xr-x | potpourri/rrdp-fetch-from-tal | 26 | ||||
| -rwxr-xr-x | potpourri/rrdp-fetch.py | 2 | ||||
| -rwxr-xr-x | potpourri/rrdp-test-tool | 2 | ||||
| -rw-r--r-- | rpki/x509.py | 33 |
4 files changed, 51 insertions, 12 deletions
diff --git a/potpourri/rrdp-fetch-from-tal b/potpourri/rrdp-fetch-from-tal index 0a97955e..08d245dd 100755 --- a/potpourri/rrdp-fetch-from-tal +++ b/potpourri/rrdp-fetch-from-tal @@ -40,6 +40,32 @@ class Tags(object): tags = Tags("notification", "delta", "snapshot", "publish", "withdraw") +class RSyncHandler(urllib2.BaseHandler): + """ + Jam support for rsync:// URIs into urllib2 framework. + Very basic, probably not paranoid enough. + """ + + _n = 0 + + def rsync_open(self, req): + import subprocess, mimetools + u = req.get_full_url() + if u.endswith("/"): + raise urllib2.URLError("rsync directory URI not allowed") + t = "/tmp/rrdp-fetch-from-tal.%d.%d" % (os.getpid(), self._n) + self._n += 1 + subprocess.check_call(("rsync", u, t)) + h = mimetools.Message(open("/dev/null")) + h["Content-type"] = "text/plain" + h["Content-length"] = str(os.stat(t).st_size) + f = open(t, "rb") + os.unlink(t) + return urllib2.addinfourl(f, h, u) + +urllib2.install_opener(urllib2.build_opener(RSyncHandler)) + + class main(object): def __init__(self): diff --git a/potpourri/rrdp-fetch.py b/potpourri/rrdp-fetch.py index aa5b762b..469c0c9f 100755 --- a/potpourri/rrdp-fetch.py +++ b/potpourri/rrdp-fetch.py @@ -33,7 +33,7 @@ class BadHash(Exception): def fetch(elt): uri = elt.get("uri") - hash = elt.get("hash") + hash = elt.get("hash").lower() print "Fetching", uri text = urlopen(uri).read() diff --git a/potpourri/rrdp-test-tool b/potpourri/rrdp-test-tool index 8ea90f17..ccf17960 100755 --- a/potpourri/rrdp-test-tool +++ b/potpourri/rrdp-test-tool @@ -90,7 +90,7 @@ class main(object): def del_obj(self, uri, hash): fn = self.uri_to_filename(uri) with open(fn, "rb") as f: - if hash != rpki.x509.sha256(f.read()).encode("hex"): + if hash.lower() != rpki.x509.sha256(f.read()).encode("hex"): raise RuntimeError("Hash mismatch for URI %s" % uri) os.unlink(fn) dn = os.path.dirname(fn) diff --git a/rpki/x509.py b/rpki/x509.py index 99e96d61..61022520 100644 --- a/rpki/x509.py +++ b/rpki/x509.py @@ -70,29 +70,41 @@ def looks_like_PEM(text): i = text.find("-----BEGIN ") return i >= 0 and text.find("\n-----END ", i) > i -def first_rsync_uri(xia): +def first_uri_matching_prefix(xia, prefix): """ - Find first rsync URI in a sequence of AIA or SIA URIs. - Returns the URI if found, otherwise None. + Find first URI in a sequence of AIA or SIA URIs which matches a + particular prefix string. Returns the URI if found, otherwise None. """ if xia is not None: for uri in xia: - if uri.startswith("rsync://"): + if uri.startswith(prefix): return uri return None +def first_rsync_uri(xia): + """ + Find first rsync URI in a sequence of AIA or SIA URIs. + Returns the URI if found, otherwise None. + """ + + return first_uri_matching_prefix(xia, "rsync://") + def first_http_uri(xia): """ Find first HTTP URI in a sequence of AIA or SIA URIs. Returns the URI if found, otherwise None. """ - if xia is not None: - for uri in xia: - if uri.startswith("http://"): - return uri - return None + return first_uri_matching_prefix(xia, "http://") + +def first_https_uri(xia): + """ + Find first HTTPS URI in a sequence of AIA or SIA URIs. + Returns the URI if found, otherwise None. + """ + + return first_uri_matching_prefix(xia, "https://") def sha1(data): """ @@ -508,11 +520,12 @@ class DER_object(object): def get_sia_rrdp_notify(self): """ Get SIA RRDP (id-ad-rpkiNotify) URI from this object. + We prefer HTTPS over HTTP if both are present. Only works for subclasses that support getSIA(). """ sia = self.get_POW().getSIA() - return None if sia is None else first_http_uri(sia[3]) + return None if sia is None else first_https_uri(sia[3]) or first_http_uri(sia[3]) def get_AIA(self): """ |