diff options
Diffstat (limited to 'rpkid/rpki')
| -rw-r--r-- | rpkid/rpki/https.py | 30 | ||||
| -rw-r--r-- | rpkid/rpki/left_right.py | 40 | ||||
| -rw-r--r-- | rpkid/rpki/rpki_engine.py | 25 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 21 |
4 files changed, 55 insertions, 61 deletions
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index a291f771..8592b578 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -1075,10 +1075,12 @@ class http_queue(object): processing this result, kick off next message in the queue, if any. """ - if not self.queue: + try: + req = self.queue.pop(0) + except IndexError: self.log("No caller, this should not happen. Dropping result %r" % result) + return - req = self.queue.pop(0) self.log("Dequeuing request %r" % req) try: @@ -1215,33 +1217,29 @@ class caller(object): def __call__(self, cb, eb, *pdus): - def done(cms): + def done(r_der): """ Handle CMS-wrapped XML response message. """ - result = self.proto.cms_msg.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = self.debug) + r_cms = self.proto.cms_msg(DER = r_der) + r_msg = r_cms.unwrap((self.server_ta, self.server_cert)) if self.debug: - msg, xml = result print "<!-- Reply -->" - print xml - else: - msg = result - cb(msg) + print r_cms.pretty_print_content() + cb(r_msg) - msg = self.proto.msg.query(*pdus) - result = self.proto.cms_msg.wrap(msg, self.client_key, self.client_cert, pretty_print = self.debug) + q_msg = self.proto.msg.query(*pdus) + q_cms = self.proto.cms_msg() + q_der = q_cms.wrap(q_msg, self.client_key, self.client_cert) if self.debug: - cms, xml = result print "<!-- Query -->" - print xml - else: - cms = result + print q_cms.pretty_print_content() client( client_key = self.client_key, client_cert = self.client_cert, server_ta = self.server_ta, url = self.url, - msg = cms, + msg = q_der, callback = done, errback = eb) diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 63ab9f87..8d2bf0ad 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -667,12 +667,12 @@ class repository_elt(data_elt): rpki.log.info("Sending <%s %r %r> to pubd" % (q_pdu.action, q_pdu.uri, q_pdu.payload)) bsc = self.bsc() - q_cms = rpki.publication.cms_msg.wrap(q_msg, bsc.private_key_id, bsc.signing_cert, bsc.signing_cert_crl) + q_der = rpki.publication.cms_msg().wrap(q_msg, bsc.private_key_id, bsc.signing_cert, bsc.signing_cert_crl) bpki_ta_path = (self.gctx.bpki_ta, self.self().bpki_cert, self.self().bpki_glue, self.bpki_cert, self.bpki_glue) - def done(r_cms): + def done(r_der): try: - r_msg = rpki.publication.cms_msg.unwrap(r_cms, bpki_ta_path) + r_msg = rpki.publication.cms_msg(DER = r_der).unwrap(bpki_ta_path) for r_pdu in r_msg: handler = handlers.get(r_pdu.tag, self.default_pubd_handler) if handler: @@ -690,7 +690,7 @@ class repository_elt(data_elt): client_cert = bsc.signing_cert, server_ta = bpki_ta_path, url = self.peer_contact_uri, - msg = q_cms, + msg = q_der, callback = done, errback = errback) @@ -821,15 +821,17 @@ class parent_elt(data_elt): sender = self.sender_name, recipient = self.recipient_name) - q_cms = rpki.up_down.cms_msg.wrap(q_msg, bsc.private_key_id, - bsc.signing_cert, - bsc.signing_cert_crl) + q_der = rpki.up_down.cms_msg().wrap(q_msg, bsc.private_key_id, + bsc.signing_cert, + bsc.signing_cert_crl) - def unwrap(der): + def unwrap(r_der): try: - r_msg = rpki.up_down.cms_msg.unwrap(der, (self.gctx.bpki_ta, - self.self().bpki_cert, self.self().bpki_glue, - self.bpki_cms_cert, self.bpki_cms_glue)) + r_msg = rpki.up_down.cms_msg(DER = r_der).unwrap((self.gctx.bpki_ta, + self.self().bpki_cert, + self.self().bpki_glue, + self.bpki_cms_cert, + self.bpki_cms_glue)) r_msg.payload.check_response() except (SystemExit, rpki.async.ExitNow): raise @@ -843,7 +845,7 @@ class parent_elt(data_elt): self.bpki_https_cert, self.bpki_https_glue), client_key = bsc.private_key_id, client_cert = bsc.signing_cert, - msg = q_cms, + msg = q_der, url = self.peer_contact_uri, callback = unwrap, errback = eb) @@ -931,9 +933,11 @@ class child_elt(data_elt): bsc = self.bsc() if bsc is None: raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id - q_msg = rpki.up_down.cms_msg.unwrap(query, (self.gctx.bpki_ta, - self.self().bpki_cert, self.self().bpki_glue, - self.bpki_cert, self.bpki_glue)) + q_msg = rpki.up_down.cms_msg(DER = query).unwrap((self.gctx.bpki_ta, + self.self().bpki_cert, + self.self().bpki_glue, + self.bpki_cert, + self.bpki_glue)) q_msg.payload.gctx = self.gctx if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id): raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender @@ -944,9 +948,9 @@ class child_elt(data_elt): # sane way of reporting errors in the error reporting mechanism. # May require refactoring, ignore the issue for now. # - r_cms = rpki.up_down.cms_msg.wrap(r_msg, bsc.private_key_id, - bsc.signing_cert, bsc.signing_cert_crl) - callback(r_cms) + reply = rpki.up_down.cms_msg().wrap(r_msg, bsc.private_key_id, + bsc.signing_cert, bsc.signing_cert_crl) + callback(reply) try: q_msg.serve_top_level(self, done) diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py index 36b53616..f3326939 100644 --- a/rpkid/rpki/rpki_engine.py +++ b/rpkid/rpki/rpki_engine.py @@ -83,7 +83,7 @@ class rpkid_context(object): else: rpki.log.debug("Not using internal clock, start_cron() call ignored") - def irdb_query(self, q_pdu, callback, errback): + def irdb_query(self, q_pdu, callback, errback, expected_pdu_count = None): """ Perform an IRDB callback query. """ @@ -92,12 +92,17 @@ class rpkid_context(object): q_msg = rpki.left_right.msg.query() q_msg.append(q_pdu) - q_cms = rpki.left_right.cms_msg.wrap(q_msg, self.rpkid_key, self.rpkid_cert) + q_der = rpki.left_right.cms_msg().wrap(q_msg, self.rpkid_key, self.rpkid_cert) - def unwrap(der): - r_msg = rpki.left_right.cms_msg.unwrap(der, (self.bpki_ta, self.irdb_cert)) + def unwrap(r_der): + r_cms = rpki.left_right.cms_msg(DER = r_der) + r_msg = r_cms.unwrap((self.bpki_ta, self.irdb_cert)) if not r_msg.is_reply() or not all(type(r_pdu) is type(q_pdu) for r_pdu in r_msg): - raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii") + raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % r_cms.pretty_print_content() + if expected_pdu_count is not None and len(r_msg) != expected_pdu_count: + assert isinstance(expected_pdu_count, (int, long)) + raise rpki.exceptions.BadIRDBReply, "Expected exactly %d PDU%s from IRDB: %s" ( + expected_pdu_count, "" if expected_pdu_count == 1 else "s", r_cms.pretty_print_content()) callback(r_msg) rpki.https.client( @@ -105,7 +110,7 @@ class rpkid_context(object): client_key = self.rpkid_key, client_cert = self.rpkid_cert, url = self.irdb_url, - msg = q_cms, + msg = q_der, callback = unwrap, errback = errback) @@ -121,15 +126,13 @@ class rpkid_context(object): q_pdu.child_handle = child_handle def done(r_msg): - if len(r_msg) != 1: - raise rpki.exceptions.BadIRDBReply, "Expected exactly one PDU from IRDB: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii") callback(rpki.resource_set.resource_bag( asn = r_msg[0].asn, v4 = r_msg[0].ipv4, v6 = r_msg[0].ipv6, valid_until = r_msg[0].valid_until)) - self.irdb_query(q_pdu, done, errback) + self.irdb_query(q_pdu, done, errback, expected_pdu_count = 1) def irdb_query_roa_requests(self, self_handle, callback, errback): """ @@ -151,13 +154,13 @@ class rpkid_context(object): rpki.log.trace() def done(r_msg): - reply = rpki.left_right.cms_msg.wrap(r_msg, self.rpkid_key, self.rpkid_cert) + reply = rpki.left_right.cms_msg().wrap(r_msg, self.rpkid_key, self.rpkid_cert) self.sql.sweep() cb(200, reply) try: self.sql.ping() - q_msg = rpki.left_right.cms_msg.unwrap(query, (self.bpki_ta, self.irbe_cert)) + q_msg = rpki.left_right.cms_msg(DER = query).unwrap((self.bpki_ta, self.irbe_cert)) if not q_msg.is_query(): raise rpki.exceptions.BadQuery, "Message type is not query" q_msg.serve_top_level(self, done) diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index dcbf3b20..317ef334 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -1146,38 +1146,27 @@ class XML_CMS_object(CMS_object): f.write(self.get_DER()) f.close() - @classmethod - def wrap(cls, msg, keypair, certs, crls = None, pretty_print = False): + def wrap(self, msg, keypair, certs, crls = None): """ - Build a CMS-wrapped XML PDU and return its DER encoding. + Wrap an XML PDU in CMS and return its DER encoding. """ rpki.log.trace() - self = cls() self.set_content(msg.toXML()) self.schema_check() self.sign(keypair, certs, crls) if self.dump_outbound_cms: self.dump_outbound_cms.dump(self) - if pretty_print: - return self.get_DER(), self.pretty_print_content() - else: - return self.get_DER() + return self.get_DER() - @classmethod - def unwrap(cls, der, ta, pretty_print = False): + def unwrap(self, ta): """ Unwrap a CMS-wrapped XML PDU and return Python objects. """ - self = cls(DER = der) if self.dump_inbound_cms: self.dump_inbound_cms.dump(self) self.verify(ta) self.schema_check() - msg = self.saxify(self.get_content()) - if pretty_print: - return msg, self.pretty_print_content() - else: - return msg + return self.saxify(self.get_content()) class CRL(DER_object): """ |