1 files changed, 82 insertions, 121 deletions
diff --git a/rpkid/rpki/oids.py b/rpkid/rpki/oids.py
index 094fa1a2..a97df6a7 100644
--- a/rpkid/rpki/oids.py
+++ b/rpkid/rpki/oids.py
@@ -1,140 +1,101 @@
 # $Id$
 # 
-# Copyright (C) 2009--2012  Internet Systems Consortium ("ISC")
-# 
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-# 
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-# 
+# Copyright (C) 2013--2014  Dragon Research Labs ("DRL")
+# Portions copyright (C) 2009--2012  Internet Systems Consortium ("ISC")
 # Portions copyright (C) 2007--2008  American Registry for Internet Numbers ("ARIN")
 # 
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
+# copyright notices and this permission notice appear in all copies.
 # 
-# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# THE SOFTWARE IS PROVIDED "AS IS" AND DRL, ISC, AND ARIN DISCLAIM ALL
+# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL DRL,
+# ISC, OR ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 """
 OID database.
-"""
-
-## @var oid2name
-# Mapping table of OIDs to conventional string names.
 
-oid2name = {
-  (1, 2, 840, 113549, 1, 1, 11)         : "sha256WithRSAEncryption",
-  (1, 2, 840, 113549, 1, 1, 12)         : "sha384WithRSAEncryption",
-  (1, 2, 840, 113549, 1, 1, 13)         : "sha512WithRSAEncryption",
-  (1, 2, 840, 113549, 1, 7,  1)         : "id-data",
-  (1, 2, 840, 113549, 1, 9, 16)         : "id-smime",
-  (1, 2, 840, 113549, 1, 9, 16, 1)      : "id-ct",
-  (1, 2, 840, 113549, 1, 9, 16, 1, 24)  : "id-ct-routeOriginAttestation",
-  (1, 2, 840, 113549, 1, 9, 16, 1, 26)  : "id-ct-rpkiManifest",
-  (1, 2, 840, 113549, 1, 9, 16, 1, 28)  : "id-ct-xml",
-  (1, 2, 840, 113549, 1, 9, 16, 1, 35)  : "id-ct-rpkiGhostbusters",
-  (1, 3, 6, 1, 5, 5, 7, 1, 1)           : "authorityInfoAccess",
-  (1, 3, 6, 1, 5, 5, 7, 1, 11)          : "subjectInfoAccess",
-  (1, 3, 6, 1, 5, 5, 7, 1, 7)           : "sbgp-ipAddrBlock",
-  (1, 3, 6, 1, 5, 5, 7, 1, 8)           : "sbgp-autonomousSysNum",
-  (1, 3, 6, 1, 5, 5, 7, 14, 2)          : "id-cp-ipAddr-asNumber",
-  (1, 3, 6, 1, 5, 5, 7, 48, 2)          : "id-ad-caIssuers",
-  (1, 3, 6, 1, 5, 5, 7, 48, 5)          : "id-ad-caRepository",
-  (1, 3, 6, 1, 5, 5, 7, 48, 9)          : "id-ad-signedObjectRepository",
-  (1, 3, 6, 1, 5, 5, 7, 48, 10)         : "id-ad-rpkiManifest",
-  (1, 3, 6, 1, 5, 5, 7, 48, 11)         : "id-ad-signedObject",
-  (2, 16, 840, 1, 101, 3, 4, 2, 1)      : "id-sha256",
-  (2, 5, 29, 14)                        : "subjectKeyIdentifier",
-  (2, 5, 29, 15)                        : "keyUsage",
-  (2, 5, 29, 19)                        : "basicConstraints",
-  (2, 5, 29, 20)                        : "cRLNumber",
-  (2, 5, 29, 31)                        : "cRLDistributionPoints",
-  (2, 5, 29, 32)                        : "certificatePolicies",
-  (2, 5, 29, 35)                        : "authorityKeyIdentifier",
-  (2, 5, 29, 37)                        : "extendedKeyUsage",
-  (2, 5, 4, 3)                          : "commonName",
-  (2, 5, 4, 5)                          : "serialNumber",
-  (2, 5, 4, 6)                          : "countryName",
-  (2, 5, 4, 7)                          : "localityName",
-  (2, 5, 4, 8)                          : "stateOrProvinceName",
-  (2, 5, 4, 9)                          : "streetAddress",
-  (2, 5, 4, 10)                         : "organizationName",
-  (2, 5, 4, 11)                         : "organizationalUnitName",
-}
+This used to be fairly complicated, with multiple representations and
+a collection of conversion functions, but now it is very simple:
 
-## @var name2oid
-# Mapping table of string names to OIDs
+- We represent OIDs as Python strings, holding the dotted-decimal
+  form of an OID.  Nothing but decimal digits and "." is legal.
+  This is compatible with the format that rpki.POW uses.
 
-name2oid = dict((v, k) for k, v in oid2name.items())
+- We define symbols in this module whose values are OIDs.
 
-def safe_name2oid(name):
-  """
-  Map name to OID, also parsing numeric (dotted decimal) format.
-  """
-
-  try:
-    return name2oid[name]    
-  except KeyError:
-    fields = name.split(".")
-    if all(field.isdigit() for field in fields):
-      return tuple(int(field) for field in fields)
-    raise
-
-def safe_oid2name(oid):
-  """
-  Map OID to name.  If we have no mapping, generate numeric (dotted
-  decimal) format.
-  """
-
-  try:
-    return oid2name[oid]
-  except KeyError:
-    return oid2dotted(oid)
-
-def oid2dotted(oid):
-  """
-  Convert OID to numeric (dotted decimal) format.
-  """
-
-  return ".".join(str(field) for field in oid)
-
-def dotted2oid(dotted):
-  """
-  Convert dotted decimal format to OID tuple.
-  """
-  
-  fields = dotted.split(".")
-  if all(field.isdigit() for field in fields):
-    return tuple(int(field) for field in fields)
-  raise ValueError("%r is not a dotted decimal OID" % dotted)
+That's pretty much it.  There's a bit of code at the end which checks
+the syntax of the defined strings and provides a pretty-print function
+for the rare occasion when we need to print an OID, but other than
+that this is just a collection of symbolic names for text strings.
+"""
 
-def safe_name2dotted(name):
+ecdsa_with_SHA256               = "1.2.840.10045.4.3.2"
+sha256WithRSAEncryption         = "1.2.840.113549.1.1.11"
+sha384WithRSAEncryption         = "1.2.840.113549.1.1.12"
+sha512WithRSAEncryption         = "1.2.840.113549.1.1.13"
+id_data                         = "1.2.840.113549.1.7.1"
+id_smime                        = "1.2.840.113549.1.9.16"
+id_ct                           = "1.2.840.113549.1.9.16.1"
+id_ct_routeOriginAttestation    = "1.2.840.113549.1.9.16.1.24"
+id_ct_rpkiManifest              = "1.2.840.113549.1.9.16.1.26"
+id_ct_xml                       = "1.2.840.113549.1.9.16.1.28"
+id_ct_rpkiGhostbusters          = "1.2.840.113549.1.9.16.1.35"
+authorityInfoAccess             = "1.3.6.1.5.5.7.1.1"
+sbgp_ipAddrBlock                = "1.3.6.1.5.5.7.1.7"
+sbgp_autonomousSysNum           = "1.3.6.1.5.5.7.1.8"
+subjectInfoAccess               = "1.3.6.1.5.5.7.1.11"
+id_kp_bgpsec_router             = "1.3.6.1.5.5.7.3.30"
+id_cp_ipAddr_asNumber           = "1.3.6.1.5.5.7.14.2"
+id_ad_caIssuers                 = "1.3.6.1.5.5.7.48.2"
+id_ad_caRepository              = "1.3.6.1.5.5.7.48.5"
+id_ad_signedObjectRepository    = "1.3.6.1.5.5.7.48.9"
+id_ad_rpkiManifest              = "1.3.6.1.5.5.7.48.10"
+id_ad_signedObject              = "1.3.6.1.5.5.7.48.11"
+commonName                      = "2.5.4.3"
+serialNumber                    = "2.5.4.5"
+countryName                     = "2.5.4.6"
+localityName                    = "2.5.4.7"
+stateOrProvinceName             = "2.5.4.8"
+streetAddress                   = "2.5.4.9"
+organizationName                = "2.5.4.10"
+organizationalUnitName          = "2.5.4.11"
+subjectKeyIdentifier            = "2.5.29.14"
+keyUsage                        = "2.5.29.15"
+basicConstraints                = "2.5.29.19"
+cRLNumber                       = "2.5.29.20"
+cRLDistributionPoints           = "2.5.29.31"
+certificatePolicies             = "2.5.29.32"
+authorityKeyIdentifier          = "2.5.29.35"
+extendedKeyUsage                = "2.5.29.37"
+id_sha256                       = "2.16.840.1.101.3.4.2.1"
+
+# Make sure all symbols exported so far look like OIDs, and build a
+# dictionary to use when pretty-printing.
+
+_oid2name = {}
+
+for _sym in dir():
+  if not _sym.startswith("_"):
+    _val = globals()[_sym]
+    if not isinstance(_val, str) or not all(_v.isdigit() for _v in _val.split(".")):
+      raise ValueError("Bad OID definition: %s = %r" % (_sym, _val))
+    _oid2name[_val] = _sym.replace("_", "-")
+
+del _sym
+del _val
+
+def oid2name(oid):
   """
-  Convert name to dotted decimal format.
+  Translate an OID into a string suitable for printing.
   """
 
-  return oid2dotted(safe_name2oid(name))
-
-def safe_dotted2name(dotted):
-  """
-  Convert dotted decimal to name if we know one,
-  otherwise just return dotted.
-  """
+  if not isinstance(oid, (str, unicode)) or not all(o.isdigit() for o in oid.split(".")):
+    raise ValueError("Parameter does not look like an OID string: " + repr(oid))
 
-  try:
-    return oid2name[dotted2oid(dotted)]
-  except KeyError:
-    return dotted
+  return _oid2name.get(oid, oid)