diff options
Diffstat (limited to 'potpourri/extract-key.py')
| -rw-r--r-- | potpourri/extract-key.py | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/potpourri/extract-key.py b/potpourri/extract-key.py new file mode 100644 index 00000000..b85c3d55 --- /dev/null +++ b/potpourri/extract-key.py @@ -0,0 +1,64 @@ +# $Id$ + +# Copyright (C) 2014 Dragon Research Labs ("DRL") +# Portions copyright (C) 2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notices and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND AND ARIN DISCLAIM ALL +# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR +# ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA +# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +""" +Extract a private key from rpkid's database. + +This is a debugging tool. rpkid goes to some trouble not to expose +private keys, which is correct for normal operation, but for debugging +it is occasionally useful to be able to extract the private key from +MySQL. This script is just a convenience, it doesn't enable anything +that couldn't be done via the mysql command line tool. + +While we're at this we also extract the corresponding certificate. +""" + +import os +import time +import argparse +import sys +import MySQLdb +import rpki.x509 + +os.environ["TZ"] = "UTC" +time.tzset() + +parser = argparse.ArgumentParser(description = __doc__) +parser.add_argument("-s", "--self", required = True, help = "self handle") +parser.add_argument("-b", "--bsc", required = True, help = "BSC handle") +parser.add_argument("-u", "--user", required = True, help = "MySQL user name") +parser.add_argument("-d", "--db", required = True, help = "MySQL database name") +parser.add_argument("-p", "--password", required = True, help = "MySQL password") +args = parser.parse_args() + +cur = MySQLdb.connect(user = args.user, db = args.db, passwd = args.password).cursor() + +cur.execute( + """ + SELECT bsc.private_key_id, bsc.signing_cert + FROM bsc, self + WHERE self.self_handle = %s AND self.self_id = bsc.self_id AND bsc_handle = %s + """, + (args.self, args.bsc)) + +key, cer = cur.fetchone() + +print rpki.x509.RSA(DER = key).get_PEM() + +if cer: + print rpki.x509.X509(DER = cer).get_PEM() |