diff options
Diffstat (limited to 'rpki')
| -rw-r--r-- | rpki/irdb/migrations/0002_root.py | 34 | ||||
| -rw-r--r-- | rpki/irdb/models.py | 22 | ||||
| -rw-r--r-- | rpki/irdb/zookeeper.py | 15 | ||||
| -rw-r--r-- | rpki/rpkic.py | 10 |
4 files changed, 74 insertions, 7 deletions
diff --git a/rpki/irdb/migrations/0002_root.py b/rpki/irdb/migrations/0002_root.py new file mode 100644 index 00000000..73c08dde --- /dev/null +++ b/rpki/irdb/migrations/0002_root.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models +import rpki.irdb.models +import rpki.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('irdb', '0001_initial'), + ] + + operations = [ + migrations.CreateModel( + name='Root', + fields=[ + ('turtle_ptr', models.OneToOneField(parent_link=True, auto_created=True, primary_key=True, serialize=False, to='irdb.Turtle')), + ('certificate', rpki.fields.CertificateField()), + ('handle', rpki.irdb.models.HandleField(max_length=120)), + ('ta', rpki.fields.CertificateField()), + ('asn_resources', models.TextField()), + ('ipv4_resources', models.TextField()), + ('ipv6_resources', models.TextField()), + ('issuer', models.OneToOneField(related_name='root', to='irdb.ResourceHolderCA')), + ], + bases=('irdb.turtle', models.Model), + ), + migrations.AlterUniqueTogether( + name='root', + unique_together=set([('issuer', 'handle')]), + ), + ] diff --git a/rpki/irdb/models.py b/rpki/irdb/models.py index a663c36f..dc3723d8 100644 --- a/rpki/irdb/models.py +++ b/rpki/irdb/models.py @@ -457,6 +457,22 @@ class Parent(CrossCertification, Turtle): class Meta: unique_together = ("issuer", "handle") +class Root(CrossCertification, Turtle): + # + # This is sort of a cross between a Rootd and a Parent with extra + # fields for the root resources. As with Parent, the private key + # comes from a BSC rather than from a server EE cert as with + # Rootd, so this looks looks to us like a cross certification (of + # ourself). We may want to revisit this. + # + issuer = django.db.models.OneToOneField(ResourceHolderCA, related_name = "root") + asn_resources = django.db.models.TextField() + ipv4_resources = django.db.models.TextField() + ipv6_resources = django.db.models.TextField() + + class Meta: + unique_together = ("issuer", "handle") + class ROARequest(django.db.models.Model): issuer = django.db.models.ForeignKey(ResourceHolderCA, related_name = "roa_requests") asn = django.db.models.BigIntegerField() @@ -485,9 +501,11 @@ class ROARequestPrefix(django.db.models.Model): def as_roa_prefix(self): if self.version == 'IPv4': - return rpki.resource_set.roa_prefix_ipv4(rpki.POW.IPAddress(self.prefix), self.prefixlen, self.max_prefixlen) + return rpki.resource_set.roa_prefix_ipv4(rpki.POW.IPAddress(self.prefix), + self.prefixlen, self.max_prefixlen) else: - return rpki.resource_set.roa_prefix_ipv6(rpki.POW.IPAddress(self.prefix), self.prefixlen, self.max_prefixlen) + return rpki.resource_set.roa_prefix_ipv6(rpki.POW.IPAddress(self.prefix), + self.prefixlen, self.max_prefixlen) def as_resource_range(self): return self.as_roa_prefix().to_resource_range() diff --git a/rpki/irdb/zookeeper.py b/rpki/irdb/zookeeper.py index 5bfed98b..7446e7c7 100644 --- a/rpki/irdb/zookeeper.py +++ b/rpki/irdb/zookeeper.py @@ -365,8 +365,9 @@ class Zookeeper(object): @django.db.transaction.atomic - def configure_rootd(self): + def configure_root(self, handle, resources): + # XXX This should be some other exception, not an assertion assert self.run_rpkid and self.run_pubd and self.run_rootd rpki.irdb.models.Rootd.objects.get_or_certify( @@ -374,10 +375,18 @@ class Zookeeper(object): service_uri = "http://localhost:%s/" % self.cfg.get("rootd_server_port", section = myrpki_section)) - return self.generate_rootd_repository_offer() + rpki.irdb.models.Root.objects.get_or_certify( + handle = handle or self.handle, + issuer = self.resource_ca, + ta = self.resource_ca.certificate, + asn_resources = str(resources.asn), + ipv4_resources = str(resources.v4), + ipv6_resources = str(resources.v6)) + return self.generate_root_repository_offer() - def generate_rootd_repository_offer(self): + + def generate_root_repository_offer(self): """ Generate repository offer for rootd. Split out of configure_rootd() because that's easier for the GUI. diff --git a/rpki/rpkic.py b/rpki/rpkic.py index a595fa2c..e8cb8362 100644 --- a/rpki/rpkic.py +++ b/rpki/rpkic.py @@ -416,7 +416,11 @@ class main(Cmd): return self.irdb_handle_complete(self.zoo.resource_ca.parents, *args) - @parsecmd(argsubparsers) + @parsecmd(argsubparsers, + cmdarg("--resources", help = "restrict root to specified resources", + type = rpki.resource_set.resource_bag.from_str, + default = "0.0.0.0/0,::/0,0-4294967295"), + cmdarg("--root_handle", help = "override default handle for new root")) def do_configure_root(self, args): """ Configure the current resource holding identity as a root. @@ -425,7 +429,9 @@ class main(Cmd): Returns repository request XML file like configure_parent does. """ - r = self.zoo.configure_rootd() + print "Generating root for resources {!s}".format(args.resources) # XXX + + r = self.zoo.configure_root(args.root_handle, args.resources) if r is not None: with swap_uids(): r.save("%s.%s.repository-request.xml" % (self.zoo.handle, self.zoo.handle), sys.stdout) |