diff options
| -rw-r--r-- | myrpki.rototill/myirbe.py | 62 | ||||
| -rw-r--r-- | myrpki/myirbe.py | 56 | ||||
| -rw-r--r-- | rpkid/irbe_cli.py | 67 | ||||
| -rw-r--r-- | rpkid/rpki/https.py | 43 |
4 files changed, 85 insertions, 143 deletions
diff --git a/myrpki.rototill/myirbe.py b/myrpki.rototill/myirbe.py index 1ea20b43..c09ec8e1 100644 --- a/myrpki.rototill/myirbe.py +++ b/myrpki.rototill/myirbe.py @@ -75,44 +75,6 @@ def findbase64(tree, name, b64type = rpki.x509.X509): bsc_handle = "bsc" repository_handle = "repository" -class caller(object): - """ - Handle client-side mechanics for left-right and publication - protocols. - """ - - debug = True - - def __init__(self, proto, client_key, client_cert, server_ta, server_cert, url): - self.proto = proto - self.client_key = client_key - self.client_cert = client_cert - self.server_ta = server_ta - self.server_cert = server_cert - self.url = url - - def __call__(self, cb, eb, pdus): - - def done(cms): - msg, xml = self.proto.cms_msg.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = True) - if self.debug: - print "Reply:", xml - cb(msg) - - msg = self.proto.msg.query(*pdus) - cms, xml = self.proto.cms_msg.wrap(msg, self.client_key, self.client_cert, pretty_print = True) - if self.debug: - print "Query:", xml - - rpki.https.client( - client_key = self.client_key, - client_cert = self.client_cert, - server_ta = self.server_ta, - url = self.url, - msg = cms, - callback = done, - errback = eb) - os.environ["TZ"] = "UTC" time.tzset() @@ -174,29 +136,31 @@ updown_regexp = re.compile(re.escape(rpkid_base) + "up-down/([-A-Z0-9_]+)/([-A-Z # Wrappers to simplify calling rpkid and pubd. -call_rpkid = rpki.async.sync_wrapper(caller( +call_rpkid = rpki.async.sync_wrapper(rpki.https.caller( proto = rpki.left_right, client_key = rpki.x509.RSA( PEM_file = bpki.dir + "/irbe.key"), client_cert = rpki.x509.X509(PEM_file = bpki.dir + "/irbe.cer"), server_ta = rpki.x509.X509(PEM_file = bpki.cer), server_cert = rpki.x509.X509(PEM_file = bpki.dir + "/rpkid.cer"), - url = rpkid_base + "left-right")) + url = rpkid_base + "left-right", + debug = True)) if run_pubd: - call_pubd = rpki.async.sync_wrapper(caller( + call_pubd = rpki.async.sync_wrapper(rpki.https.caller( proto = rpki.publication, client_key = rpki.x509.RSA( PEM_file = bpki.dir + "/irbe.key"), client_cert = rpki.x509.X509(PEM_file = bpki.dir + "/irbe.cer"), server_ta = rpki.x509.X509(PEM_file = bpki.cer), server_cert = rpki.x509.X509(PEM_file = bpki.dir + "/pubd.cer"), - url = pubd_base + "control")) + url = pubd_base + "control", + debug = True)) # Make sure that pubd's BPKI CRL is up to date. - call_pubd((rpki.publication.config_elt.make_pdu( + call_pubd(rpki.publication.config_elt.make_pdu( action = "set", - bpki_crl = rpki.x509.CRL(PEM_file = bpki.crl)),)) + bpki_crl = rpki.x509.CRL(PEM_file = bpki.crl))) irdbd_cfg = rpki.config.parser(cfg.get("irdbd_conf", cfg_file), "irdbd") @@ -311,15 +275,15 @@ for xmlfile in xmlfiles: if run_pubd: client_pdus = dict((x.client_handle, x) - for x in call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),)) + for x in call_pubd(rpki.publication.client_elt.make_pdu(action = "list")) if isinstance(x, rpki.publication.client_elt)) - rpkid_reply = call_rpkid(( + rpkid_reply = call_rpkid( rpki.left_right.self_elt.make_pdu( action = "get", tag = "self", self_handle = handle), rpki.left_right.bsc_elt.make_pdu( action = "list", tag = "bsc", self_handle = handle), rpki.left_right.repository_elt.make_pdu(action = "list", tag = "repository", self_handle = handle), rpki.left_right.parent_elt.make_pdu( action = "list", tag = "parent", self_handle = handle), - rpki.left_right.child_elt.make_pdu( action = "list", tag = "child", self_handle = handle))) + rpki.left_right.child_elt.make_pdu( action = "list", tag = "child", self_handle = handle)) self_pdu = rpkid_reply[0] bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) @@ -502,7 +466,7 @@ for xmlfile in xmlfiles: # If we changed anything, ship updates off to daemons if rpkid_query: - rpkid_reply = call_rpkid(rpkid_query) + rpkid_reply = call_rpkid(*rpkid_query) bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) if bsc_handle in bsc_pdus and bsc_pdus[bsc_handle].pkcs10_request: bsc_req = bsc_pdus[bsc_handle].pkcs10_request @@ -511,7 +475,7 @@ for xmlfile in xmlfiles: if pubd_query: assert run_pubd - pubd_reply = call_pubd(pubd_query) + pubd_reply = call_pubd(*pubd_query) for r in pubd_reply: assert not isinstance(r, rpki.publication.report_error_elt) diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py index ad54c9aa..3bb001bd 100644 --- a/myrpki/myirbe.py +++ b/myrpki/myirbe.py @@ -75,44 +75,6 @@ def findbase64(tree, name, b64type = rpki.x509.X509): bsc_handle = "bsc" repository_handle = "repository" -class caller(object): - """ - Handle client-side mechanics for left-right and publication - protocols. - """ - - debug = True - - def __init__(self, proto, client_key, client_cert, server_ta, server_cert, url): - self.proto = proto - self.client_key = client_key - self.client_cert = client_cert - self.server_ta = server_ta - self.server_cert = server_cert - self.url = url - - def __call__(self, cb, eb, pdus): - - def done(cms): - msg, xml = self.proto.cms_msg.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = True) - if self.debug: - print "Reply:", xml - cb(msg) - - msg = self.proto.msg.query(*pdus) - cms, xml = self.proto.cms_msg.wrap(msg, self.client_key, self.client_cert, pretty_print = True) - if self.debug: - print "Query:", xml - - rpki.https.client( - client_key = self.client_key, - client_cert = self.client_cert, - server_ta = self.server_ta, - url = self.url, - msg = cms, - callback = done, - errback = eb) - os.environ["TZ"] = "UTC" time.tzset() @@ -174,7 +136,7 @@ updown_regexp = re.compile(re.escape(rpkid_base) + "up-down/([-A-Z0-9_]+)/([-A-Z # Wrappers to simplify calling rpkid and pubd. -call_rpkid = rpki.async.sync_wrapper(caller( +call_rpkid = rpki.async.sync_wrapper(rpki.https.caller( proto = rpki.left_right, client_key = rpki.x509.RSA( PEM_file = bpki.dir + "/irbe.key"), client_cert = rpki.x509.X509(PEM_file = bpki.dir + "/irbe.cer"), @@ -184,7 +146,7 @@ call_rpkid = rpki.async.sync_wrapper(caller( if want_pubd: - call_pubd = rpki.async.sync_wrapper(caller( + call_pubd = rpki.async.sync_wrapper(rpki.https.caller( proto = rpki.publication, client_key = rpki.x509.RSA( PEM_file = bpki.dir + "/irbe.key"), client_cert = rpki.x509.X509(PEM_file = bpki.dir + "/irbe.cer"), @@ -194,9 +156,9 @@ if want_pubd: # Make sure that pubd's BPKI CRL is up to date. - call_pubd((rpki.publication.config_elt.make_pdu( + call_pubd(rpki.publication.config_elt.make_pdu( action = "set", - bpki_crl = rpki.x509.CRL(PEM_file = bpki.crl)),)) + bpki_crl = rpki.x509.CRL(PEM_file = bpki.crl))) irdbd_cfg = rpki.config.parser(cfg.get("irdbd_conf", cfg_file), "irdbd") @@ -312,15 +274,15 @@ for xmlfile in xmlfiles: if want_pubd: client_pdus = dict((x.client_handle, x) - for x in call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),)) + for x in call_pubd(rpki.publication.client_elt.make_pdu(action = "list")) if isinstance(x, rpki.publication.client_elt)) - rpkid_reply = call_rpkid(( + rpkid_reply = call_rpkid( rpki.left_right.self_elt.make_pdu( action = "get", tag = "self", self_handle = handle), rpki.left_right.bsc_elt.make_pdu( action = "list", tag = "bsc", self_handle = handle), rpki.left_right.repository_elt.make_pdu(action = "list", tag = "repository", self_handle = handle), rpki.left_right.parent_elt.make_pdu( action = "list", tag = "parent", self_handle = handle), - rpki.left_right.child_elt.make_pdu( action = "list", tag = "child", self_handle = handle))) + rpki.left_right.child_elt.make_pdu( action = "list", tag = "child", self_handle = handle)) self_pdu = rpkid_reply[0] bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) @@ -503,7 +465,7 @@ for xmlfile in xmlfiles: # If we changed anything, ship updates off to daemons if rpkid_query: - rpkid_reply = call_rpkid(rpkid_query) + rpkid_reply = call_rpkid(*rpkid_query) bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) if bsc_handle in bsc_pdus and bsc_pdus[bsc_handle].pkcs10_request: bsc_req = bsc_pdus[bsc_handle].pkcs10_request @@ -512,7 +474,7 @@ for xmlfile in xmlfiles: if pubd_query: assert want_pubd - pubd_reply = call_pubd(pubd_query) + pubd_reply = call_pubd(*pubd_query) for r in pubd_reply: assert not isinstance(r, rpki.publication.report_error_elt) diff --git a/rpkid/irbe_cli.py b/rpkid/irbe_cli.py index 0c329409..c347f672 100644 --- a/rpkid/irbe_cli.py +++ b/rpkid/irbe_cli.py @@ -38,43 +38,6 @@ import rpki.publication, rpki.async pem_out = None -class caller(object): - """ - Handle client-side mechanics for left-right and publication - protocols. - """ - - def __init__(self, cms_class, client_key, client_cert, server_ta, server_cert, url): - self.cms_class = cms_class - self.client_key = client_key - self.client_cert = client_cert - self.server_ta = server_ta - self.server_cert = server_cert - self.url = url - - def __call__(self, cb, eb, msg): - - def done(cms): - msg, xml = self.cms_class.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = True) - if verbose: - print "<!-- Reply -->" - print xml - cb(msg) - - cms, xml = self.cms_class.wrap(msg, self.client_key, self.client_cert, pretty_print = True) - if verbose: - print "<!-- Query -->" - print xml - - rpki.https.client( - client_key = self.client_key, - client_cert = self.client_cert, - server_ta = self.server_ta, - url = self.url, - msg = cms, - callback = done, - errback = eb) - class UsageWrapper(textwrap.TextWrapper): """ Call interface around Python textwrap.Textwrapper class. @@ -319,8 +282,8 @@ if not argv: cfg = rpki.config.parser(cfg_file, "irbe_cli") -q_msg_left_right = left_right_msg.query() -q_msg_publication = publication_msg.query() +q_msg_left_right = [] +q_msg_publication = [] while argv: if argv[0] in left_right_msg.pdus: @@ -336,24 +299,34 @@ while argv: if q_msg_left_right: - call_rpkid = rpki.async.sync_wrapper(caller( - cms_class = left_right_cms_msg, + class left_right_proto(object): + cms_msg = left_right_cms_msg + msg = left_right_msg + + call_rpkid = rpki.async.sync_wrapper(rpki.https.caller( + proto = left_right_proto, client_key = rpki.x509.RSA( Auto_file = cfg.get("rpkid-irbe-key")), client_cert = rpki.x509.X509(Auto_file = cfg.get("rpkid-irbe-cert")), server_ta = rpki.x509.X509(Auto_file = cfg.get("rpkid-bpki-ta")), server_cert = rpki.x509.X509(Auto_file = cfg.get("rpkid-cert")), - url = cfg.get("rpkid-url"))) + url = cfg.get("rpkid-url"), + debug = verbose)) - call_rpkid(q_msg_left_right) + call_rpkid(*q_msg_left_right) if q_msg_publication: - call_pubd = rpki.async.sync_wrapper(caller( - cms_class = publication_cms_msg, + class publication_proto(object): + msg = publication_msg + cms_msg = publication_cms_msg + + call_pubd = rpki.async.sync_wrapper(rpki.https.caller( + proto = publication_proto, client_key = rpki.x509.RSA( Auto_file = cfg.get("pubd-irbe-key")), client_cert = rpki.x509.X509(Auto_file = cfg.get("pubd-irbe-cert")), server_ta = rpki.x509.X509(Auto_file = cfg.get("pubd-bpki-ta")), server_cert = rpki.x509.X509(Auto_file = cfg.get("pubd-cert")), - url = cfg.get("pubd-url"))) + url = cfg.get("pubd-url")), + debug = verbose) - call_pubd(q_msg_publication) + call_pubd(*q_msg_publication) diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index 26b1cd87..d9bf4488 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -776,3 +776,46 @@ def build_https_ta_cache(certs): """ return set(certs) + +class caller(object): + """ + Handle client-side mechanics for protocols based on HTTPS, CMS, and + rpki.xml_utils. Calling sequence is intended to nest within + rpki.async.sync_wrapper. + """ + + debug = False + + def __init__(self, proto, client_key, client_cert, server_ta, server_cert, url, debug = None): + self.proto = proto + self.client_key = client_key + self.client_cert = client_cert + self.server_ta = server_ta + self.server_cert = server_cert + self.url = url + if debug is not None: + self.debug = debug + + def __call__(self, cb, eb, *pdus): + + def done(cms): + msg, xml = self.proto.cms_msg.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = True) + if self.debug: + print "<!-- Reply -->" + print xml + cb(msg) + + msg = self.proto.msg.query(*pdus) + cms, xml = self.proto.cms_msg.wrap(msg, self.client_key, self.client_cert, pretty_print = True) + if self.debug: + print "<!-- Query -->" + print xml + + client( + client_key = self.client_key, + client_cert = self.client_cert, + server_ta = self.server_ta, + url = self.url, + msg = cms, + callback = done, + errback = eb) |