4 files changed, 43 insertions, 24 deletions

diff --git a/rpkid/rpki/exceptions.py b/rpkid/rpki/exceptions.py
index c1475680..5093d2a4 100644
--- a/rpkid/rpki/exceptions.py
+++ b/rpkid/rpki/exceptions.py
@@ -84,3 +84,6 @@ class BadIRDBReply(Exception):
 
 class NotFound(Exception):
   """Object not found in database."""
+
+class MustBePrefix(Exception):
+  """Resource range cannot be expressed as a prefix."""
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 66bfa8d1..d3e51685 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -861,10 +861,11 @@ class route_origin_elt(data_elt):
     content.version.set(0)
     content.asID.set(self.as_number)
     content.exactMatch.set(self.exact_match)
+    content.ipAddrBlocks.set((a.to_roa_tuple() for a in (self.v4, self.v6) if a))
 
-    # Probably want to (tags-query-replace "to_tuple" "to_rfc3779_tuple")
-    # then create parallel functions "to_roa_tuple" (or whatever) for
-    # use here, since syntax is similar but not identical.
+    # Ok, if I've remembered the ASN.1 encoder voodoo correctly,
+    # content.toString() is now the eContent value for the CMS wrapper.
+    # Next task is to figure out what cert is signing this....
 
     raise rpki.exceptions.NotImplementedYet
 
diff --git a/rpkid/rpki/resource_set.py b/rpkid/rpki/resource_set.py
index 40eb4610..f435c9fb 100644
--- a/rpkid/rpki/resource_set.py
+++ b/rpkid/rpki/resource_set.py
@@ -25,7 +25,7 @@ We also provide some basic set operations (union, intersection, etc).
 """
 
 import re
-import rpki.ipaddrs, rpki.oids
+import rpki.ipaddrs, rpki.oids, rpki.exceptions
 
 inherit_token = "<inherit>"
 
@@ -65,8 +65,8 @@ class resource_range_as(resource_range):
     else:
       return str(self.min) + "-" + str(self.max)
 
-  def to_tuple(self):
-    """Convert a resource_range_as to tuple format for ASN.1 encoding."""
+  def to_rfc3779_tuple(self):
+    """Convert a resource_range_as to tuple format for RFC 3779 ASN.1 encoding."""
     if self.min == self.max:
       return ("id", self.min)
     else:
@@ -101,8 +101,8 @@ class resource_range_ip(resource_range):
     else:
       return str(self.min) + "/" + str(prefixlen)
 
-  def to_tuple(self):
-    """Convert a resource_range_ip to tuple format for ASN.1 encoding."""
+  def to_rfc3779_tuple(self):
+    """Convert a resource_range_ip to tuple format for RFC 3779 ASN.1 encoding."""
     prefixlen = self._prefixlen()
     if prefixlen < 0:
       return ("addressRange", (_long2bs(self.min, self.datum_type.bits, strip = 0),
@@ -110,6 +110,13 @@ class resource_range_ip(resource_range):
     else:
       return ("addressPrefix", _long2bs(self.min, self.datum_type.bits, prefixlen = prefixlen))
 
+  def to_roa_tuple(self):
+    """Convert a resource_range_ip to tuple format for ROA ASN.1 encoding."""
+    prefixlen = self._prefixlen()
+    if prefixlen < 0:
+      raise rpki.exceptions.MustBePrefix, "%s cannot be expressed as a prefix" % str(self)
+    return _long2bs(self.min, self.datum_type.bits, prefixlen = prefixlen)
+
 class resource_range_ipv4(resource_range_ip):
   """Range of IPv4 addresses."""
 
@@ -152,7 +159,7 @@ class resource_set(list):
     elif isinstance(ini, str) and len(ini):
       self.extend(map(self.parse_str, ini.split(",")))
     elif isinstance(ini, tuple):
-      self.parse_tuple(ini)
+      self.parse_rfc3779_tuple(ini)
     elif isinstance(ini, list):
       self.extend(ini)
     else:
@@ -292,8 +299,8 @@ class resource_set_as(resource_set):
     else:
       return resource_range_as(long(x), long(x))
 
-  def parse_tuple(self, x):
-    """Parse AS resource sets from intermediate form generated by ASN.1 decoder."""
+  def parse_rfc3779_tuple(self, x):
+    """Parse AS resource from tuple format generated by RFC 3779 ASN.1 decoder."""
     if x[0] == "asIdsOrRanges":
       for aor in x[1]:
         if aor[0] == "range":
@@ -307,10 +314,10 @@ class resource_set_as(resource_set):
       assert x[0] == "inherit"
       self.inherit = True
 
-  def to_tuple(self):
-    """Encode AS resource set into intermediate form used by ASN.1 encoder."""
+  def to_rfc3779_tuple(self):
+    """Convert AS resource set into tuple format used for RFC 3779 ASN.1 encoding."""
     if self:
-      return ("asIdsOrRanges", tuple(a.to_tuple() for a in self))
+      return ("asIdsOrRanges", tuple(a.to_rfc3779_tuple() for a in self))
     elif self.inherit:
       return ("inherit", "")
     else:
@@ -337,8 +344,8 @@ class resource_set_ip(resource_set):
       return self.range_type(min, max)
     raise RuntimeError, 'Bad IP resource "%s"' % (x)
 
-  def parse_tuple(self, x):
-    """Parse IP address resource sets from intermediate form generated by ASN.1 decoder."""
+  def parse_rfc3779_tuple(self, x):
+    """Parse IP address resource sets from tuple format generated by RFC 3779 ASN.1 decoder."""
     if x[0] == "addressesOrRanges":
       for aor in x[1]:
         if aor[0] == "addressRange":
@@ -355,15 +362,23 @@ class resource_set_ip(resource_set):
       assert x[0] == "inherit"
       self.inherit = True
 
-  def to_tuple(self):
-    """Encode IP resource set into intermediate form used by ASN.1 encoder."""
+  def to_rfc3779_tuple(self):
+    """Convert IP resource set into tuple format used by RFC 3779 ASN.1 encoder."""
     if self:
-      return (self.afi, ("addressesOrRanges", tuple(a.to_tuple() for a in self)))
+      return (self.afi, ("addressesOrRanges", tuple(a.to_rfc3779_tuple() for a in self)))
     elif self.inherit:
       return (self.afi, ("inherit", ""))
     else:
       return None
 
+  def to_roa_tuple(self):
+    """Convert IP resource set into tuple format used by ROA ASN.1 encoder.
+       This is a variation on the format used in RFC 3779."""
+    if self:
+      return (self.afi, tuple(a.to_roa_tuple() for a in self))
+    else:
+      return None
+
 class resource_set_ipv4(resource_set_ip):
   """IPv4 address resource set."""
 
@@ -423,8 +438,8 @@ class resource_bag(object):
            not other.v6.issubset(self.v6)
 
   @classmethod
-  def from_asn1_tuples(cls, exts):
-    """Build a resource_bag from intermediate form returned by ASN.1 decoder."""
+  def from_rfc3779_tuples(cls, exts):
+    """Build a resource_bag from intermediate form generated by RFC 3779 ASN.1 decoder."""
     as = None
     v4 = None
     v6 = None
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index c029e5f3..70e79ba6 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -191,7 +191,7 @@ class DER_object(object):
     """Get RFC 3779 resources as rpki.resource_set objects.
     Only works for subclasses that support getExtensions().
     """
-    resources = rpki.resource_set.resource_bag.from_asn1_tuples(self.get_POWpkix().getExtensions())
+    resources = rpki.resource_set.resource_bag.from_rfc3779_tuples(self.get_POWpkix().getExtensions())
     try:
       resources.valid_until = self.getNotAfter()
     except AttributeError:
@@ -322,10 +322,10 @@ class X509(DER_object):
       assert not is_ca
 
     if resources is not None and resources.as:
-      exts.append(["sbgp-autonomousSysNum", True, (resources.as.to_tuple(), None)])
+      exts.append(["sbgp-autonomousSysNum", True, (resources.as.to_rfc3779_tuple(), None)])
 
     if resources is not None and (resources.v4 or resources.v6):
-      exts.append(["sbgp-ipAddrBlock", True, [x for x in (resources.v4.to_tuple(), resources.v6.to_tuple()) if x is not None]])
+      exts.append(["sbgp-ipAddrBlock", True, [x for x in (resources.v4.to_rfc3779_tuple(), resources.v6.to_rfc3779_tuple()) if x is not None]])
 
     for x in exts:
       x[0] = rpki.oids.name2oid[x[0]]