aboutsummaryrefslogtreecommitdiff
path: root/rpkid/rpki
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid/rpki')
-rw-r--r--rpkid/rpki/async.py16
-rw-r--r--rpkid/rpki/ipaddrs.py28
-rw-r--r--rpkid/rpki/left_right.py101
-rw-r--r--rpkid/rpki/publication.py4
-rw-r--r--rpkid/rpki/rpki_engine.py144
-rw-r--r--rpkid/rpki/sql.py48
-rw-r--r--rpkid/rpki/sundial.py44
-rw-r--r--rpkid/rpki/up_down.py24
-rw-r--r--rpkid/rpki/x509.py100
-rw-r--r--rpkid/rpki/xml_utils.py44
10 files changed, 431 insertions, 122 deletions
diff --git a/rpkid/rpki/async.py b/rpkid/rpki/async.py
index 5bff4d45..dedab83a 100644
--- a/rpkid/rpki/async.py
+++ b/rpkid/rpki/async.py
@@ -159,7 +159,9 @@ class timer(object):
pass
def is_set(self):
- """Test whether this timer is currently set."""
+ """
+ Test whether this timer is currently set.
+ """
return self in self.queue
def handler(self):
@@ -187,7 +189,9 @@ class timer(object):
rpki.log.traceback()
def set_errback(self, errback):
- """Set a timer's errback. Like set_handler(), for errbacks."""
+ """
+ Set a timer's errback. Like set_handler(), for errbacks.
+ """
self.errback = errback
@classmethod
@@ -268,7 +272,9 @@ def run_deferred():
rpki.log.traceback()
def _raiseExitNow(signum, frame):
- """Signal handler for event_loop()."""
+ """
+ Signal handler for event_loop().
+ """
raise ExitNow
def event_loop(catch_signals = (signal.SIGINT, signal.SIGTERM)):
@@ -363,7 +369,9 @@ class sync_wrapper(object):
return self.res
def exit_event_loop():
- """Force exit from event_loop()."""
+ """
+ Force exit from event_loop().
+ """
raise ExitNow
class gc_summary(object):
diff --git a/rpkid/rpki/ipaddrs.py b/rpkid/rpki/ipaddrs.py
index 58185cc1..531bcbb9 100644
--- a/rpkid/rpki/ipaddrs.py
+++ b/rpkid/rpki/ipaddrs.py
@@ -63,16 +63,22 @@ class v4addr(long):
return long.__new__(cls, x)
def to_bytes(self):
- """Convert a v4addr object to a raw byte string."""
+ """
+ Convert a v4addr object to a raw byte string.
+ """
return struct.pack("!I", long(self))
@classmethod
def from_bytes(cls, x):
- """Convert from a raw byte string to a v4addr object."""
+ """
+ Convert from a raw byte string to a v4addr object.
+ """
return cls(struct.unpack("!I", x)[0])
def __str__(self):
- """Convert a v4addr object to string format."""
+ """
+ Convert a v4addr object to string format.
+ """
return socket.inet_ntop(socket.AF_INET, self.to_bytes())
class v6addr(long):
@@ -85,24 +91,32 @@ class v6addr(long):
bits = 128
def __new__(cls, x):
- """Construct a v6addr object."""
+ """
+ Construct a v6addr object.
+ """
if isinstance(x, str):
return cls.from_bytes(socket.inet_pton(socket.AF_INET6, x))
else:
return long.__new__(cls, x)
def to_bytes(self):
- """Convert a v6addr object to a raw byte string."""
+ """
+ Convert a v6addr object to a raw byte string.
+ """
return struct.pack("!QQ", long(self) >> 64, long(self) & 0xFFFFFFFFFFFFFFFF)
@classmethod
def from_bytes(cls, x):
- """Convert from a raw byte string to a v6addr object."""
+ """
+ Convert from a raw byte string to a v6addr object.
+ """
x = struct.unpack("!QQ", x)
return cls((x[0] << 64) | x[1])
def __str__(self):
- """Convert a v6addr object to string format."""
+ """
+ Convert a v6addr object to string format.
+ """
return socket.inet_ntop(socket.AF_INET6, self.to_bytes())
def parse(s):
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 81ff9ce6..e37af620 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -58,11 +58,15 @@ class data_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistent, left_right_name
self_handle = None
def self(self):
- """Fetch self object to which this object links."""
+ """
+ Fetch self object to which this object links.
+ """
return self_elt.sql_fetch(self.gctx, self.self_id)
def bsc(self):
- """Return BSC object to which this object links."""
+ """
+ Return BSC object to which this object links.
+ """
return bsc_elt.sql_fetch(self.gctx, self.bsc_id)
def make_reply_clone_hook(self, r_pdu):
@@ -143,23 +147,33 @@ class self_elt(data_elt):
bpki_glue = None
def bscs(self):
- """Fetch all BSC objects that link to this self object."""
+ """
+ Fetch all BSC objects that link to this self object.
+ """
return bsc_elt.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
def repositories(self):
- """Fetch all repository objects that link to this self object."""
+ """
+ Fetch all repository objects that link to this self object.
+ """
return repository_elt.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
def parents(self):
- """Fetch all parent objects that link to this self object."""
+ """
+ Fetch all parent objects that link to this self object.
+ """
return parent_elt.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
def children(self):
- """Fetch all child objects that link to this self object."""
+ """
+ Fetch all child objects that link to this self object.
+ """
return child_elt.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
def roas(self):
- """Fetch all ROA objects that link to this self object."""
+ """
+ Fetch all ROA objects that link to this self object.
+ """
return rpki.rpki_engine.roa_obj.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
def serve_post_save_hook(self, q_pdu, r_pdu, cb, eb):
@@ -167,12 +181,13 @@ class self_elt(data_elt):
Extra server actions for self_elt.
"""
rpki.log.trace()
- self.unimplemented_control("reissue")
actions = []
if q_pdu.rekey:
actions.append(self.serve_rekey)
if q_pdu.revoke:
actions.append(self.serve_revoke)
+ if q_pdu.reissue:
+ actions.append(self.serve_reissue)
if q_pdu.revoke_forgotten:
actions.append(self.serve_revoke_forgotten)
if q_pdu.publish_world_now:
@@ -201,6 +216,15 @@ class self_elt(data_elt):
parent.serve_revoke(iterator, eb)
rpki.async.iterator(self.parents(), loop, cb)
+ def serve_reissue(self, cb, eb):
+ """
+ Handle a left-right reissue action for this self.
+ """
+ rpki.log.trace()
+ def loop(iterator, parent):
+ parent.serve_reissue(iterator, eb)
+ rpki.async.iterator(self.parents(), loop, cb)
+
def serve_revoke_forgotten(self, cb, eb):
"""
Handle a left-right revoke_forgotten action for this self.
@@ -587,15 +611,21 @@ class bsc_elt(data_elt):
signing_cert_crl = None
def repositories(self):
- """Fetch all repository objects that link to this BSC object."""
+ """
+ Fetch all repository objects that link to this BSC object.
+ """
return repository_elt.sql_fetch_where(self.gctx, "bsc_id = %s", (self.bsc_id,))
def parents(self):
- """Fetch all parent objects that link to this BSC object."""
+ """
+ Fetch all parent objects that link to this BSC object.
+ """
return parent_elt.sql_fetch_where(self.gctx, "bsc_id = %s", (self.bsc_id,))
def children(self):
- """Fetch all child objects that link to this BSC object."""
+ """
+ Fetch all child objects that link to this BSC object.
+ """
return child_elt.sql_fetch_where(self.gctx, "bsc_id = %s", (self.bsc_id,))
def serve_pre_save_hook(self, q_pdu, r_pdu, cb, eb):
@@ -631,7 +661,9 @@ class repository_elt(data_elt):
bpki_glue = None
def parents(self):
- """Fetch all parent objects that link to this repository object."""
+ """
+ Fetch all parent objects that link to this repository object.
+ """
return parent_elt.sql_fetch_where(self.gctx, "repository_id = %s", (self.repository_id,))
@staticmethod
@@ -724,23 +756,28 @@ class parent_elt(data_elt):
bpki_cms_glue = None
def repository(self):
- """Fetch repository object to which this parent object links."""
+ """
+ Fetch repository object to which this parent object links.
+ """
return repository_elt.sql_fetch(self.gctx, self.repository_id)
def cas(self):
- """Fetch all CA objects that link to this parent object."""
+ """
+ Fetch all CA objects that link to this parent object.
+ """
return rpki.rpki_engine.ca_obj.sql_fetch_where(self.gctx, "parent_id = %s", (self.parent_id,))
def serve_post_save_hook(self, q_pdu, r_pdu, cb, eb):
"""
Extra server actions for parent_elt.
"""
- self.unimplemented_control("reissue")
actions = []
if q_pdu.rekey:
actions.append(self.serve_rekey)
if q_pdu.revoke:
actions.append(self.serve_revoke)
+ if q_pdu.reissue:
+ actions.append(self.serve_reissue)
if q_pdu.revoke_forgotten:
actions.append(self.serve_revoke_forgotten)
def loop(iterator, action):
@@ -763,6 +800,14 @@ class parent_elt(data_elt):
ca.revoke(cb = iterator, eb = eb)
rpki.async.iterator(self.cas(), loop, cb)
+ def serve_reissue(self, cb, eb):
+ """
+ Handle a left-right reissue action for this parent.
+ """
+ def loop(iterator, ca):
+ ca.reissue(cb = iterator, eb = eb)
+ rpki.async.iterator(self.cas(), loop, cb)
+
def serve_revoke_forgotten(self, cb, eb):
"""
Handle a left-right revoke_forgotten action for this parent.
@@ -869,13 +914,35 @@ class child_elt(data_elt):
bpki_glue = None
def child_certs(self, ca_detail = None, ski = None, unique = False):
- """Fetch all child_cert objects that link to this child object."""
+ """
+ Fetch all child_cert objects that link to this child object.
+ """
return rpki.rpki_engine.child_cert_obj.fetch(self.gctx, self, ca_detail, ski, unique)
def parents(self):
- """Fetch all parent objects that link to self object to which this child object links."""
+ """
+ Fetch all parent objects that link to self object to which this child object links.
+ """
return parent_elt.sql_fetch_where(self.gctx, "self_id = %s", (self.self_id,))
+ def serve_post_save_hook(self, q_pdu, r_pdu, cb, eb):
+ """
+ Extra server actions for child_elt.
+ """
+ if q_pdu.reissue:
+ self.serve_reissue(cb, eb)
+ else:
+ cb()
+
+ def serve_reissue(self, cb, eb):
+ """
+ Handle a left-right reissue action for this child.
+ """
+ publisher = rpki.rpki_engine.publication_queue()
+ for child_cert in self.child_certs():
+ child_cert.reissue(child_cert.ca_detail(), publisher, force = True)
+ publisher.call_pubd(cb, eb)
+
def ca_from_class_name(self, class_name):
"""
Fetch the CA corresponding to an up-down class_name.
diff --git a/rpkid/rpki/publication.py b/rpkid/rpki/publication.py
index 486dea45..1f5ed812 100644
--- a/rpkid/rpki/publication.py
+++ b/rpkid/rpki/publication.py
@@ -136,7 +136,9 @@ class client_elt(control_elt):
return self.sql_fetch_where1(self.gctx, "client_handle = %s", self.client_handle)
def serve_fetch_all(self):
- """Find client objects on which a list method should operate."""
+ """
+ Find client objects on which a list method should operate.
+ """
return self.sql_fetch_all(self.gctx)
def check_allowed_uri(self, uri):
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py
index ba7f1cf7..d7ff9c5e 100644
--- a/rpkid/rpki/rpki_engine.py
+++ b/rpkid/rpki/rpki_engine.py
@@ -291,27 +291,39 @@ class ca_obj(rpki.sql.sql_persistent):
last_manifest_sn = 0
def parent(self):
- """Fetch parent object to which this CA object links."""
+ """
+ Fetch parent object to which this CA object links.
+ """
return rpki.left_right.parent_elt.sql_fetch(self.gctx, self.parent_id)
def ca_details(self):
- """Fetch all ca_detail objects that link to this CA object."""
+ """
+ Fetch all ca_detail objects that link to this CA object.
+ """
return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s", (self.ca_id,))
def fetch_pending(self):
- """Fetch the pending ca_details for this CA, if any."""
+ """
+ Fetch the pending ca_details for this CA, if any.
+ """
return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND state = 'pending'", (self.ca_id,))
def fetch_active(self):
- """Fetch the active ca_detail for this CA, if any."""
+ """
+ Fetch the active ca_detail for this CA, if any.
+ """
return ca_detail_obj.sql_fetch_where1(self.gctx, "ca_id = %s AND state = 'active'", (self.ca_id,))
def fetch_deprecated(self):
- """Fetch deprecated ca_details for this CA, if any."""
+ """
+ Fetch deprecated ca_details for this CA, if any.
+ """
return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND state = 'deprecated'", (self.ca_id,))
def fetch_revoked(self):
- """Fetch revoked ca_details for this CA, if any."""
+ """
+ Fetch revoked ca_details for this CA, if any.
+ """
return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND state = 'revoked'", (self.ca_id,))
def fetch_issue_response_candidates(self):
@@ -526,6 +538,17 @@ class ca_obj(rpki.sql.sql_persistent):
rpki.async.iterator(self.fetch_deprecated(), loop, cb)
+ def reissue(self, cb, eb):
+ """
+ Reissue all current certificates issued by this CA.
+ """
+
+ ca_detail = self.fetch_active()
+ if ca_detail:
+ ca_detail.reissue(cb, eb)
+ else:
+ cb()
+
class ca_detail_obj(rpki.sql.sql_persistent):
"""
Internal CA detail object.
@@ -561,31 +584,45 @@ class ca_detail_obj(rpki.sql.sql_persistent):
assert self.manifest_public_key is None or self.manifest_private_key_id is None or self.manifest_public_key.get_DER() == self.manifest_private_key_id.get_public_DER()
def ca(self):
- """Fetch CA object to which this ca_detail links."""
+ """
+ Fetch CA object to which this ca_detail links.
+ """
return ca_obj.sql_fetch(self.gctx, self.ca_id)
def child_certs(self, child = None, ski = None, unique = False):
- """Fetch all child_cert objects that link to this ca_detail."""
+ """
+ Fetch all child_cert objects that link to this ca_detail.
+ """
return rpki.rpki_engine.child_cert_obj.fetch(self.gctx, child, self, ski, unique)
def revoked_certs(self):
- """Fetch all revoked_cert objects that link to this ca_detail."""
+ """
+ Fetch all revoked_cert objects that link to this ca_detail.
+ """
return revoked_cert_obj.sql_fetch_where(self.gctx, "ca_detail_id = %s", (self.ca_detail_id,))
def roas(self):
- """Fetch all ROA objects that link to this ca_detail."""
+ """
+ Fetch all ROA objects that link to this ca_detail.
+ """
return rpki.rpki_engine.roa_obj.sql_fetch_where(self.gctx, "ca_detail_id = %s", (self.ca_detail_id,))
def crl_uri(self, ca):
- """Return publication URI for this ca_detail's CRL."""
+ """
+ Return publication URI for this ca_detail's CRL.
+ """
return ca.sia_uri + self.crl_uri_tail()
def crl_uri_tail(self):
- """Return tail (filename portion) of publication URI for this ca_detail's CRL."""
+ """
+ Return tail (filename portion) of publication URI for this ca_detail's CRL.
+ """
return self.public_key.gSKI() + ".crl"
def manifest_uri(self, ca):
- """Return publication URI for this ca_detail's manifest."""
+ """
+ Return publication URI for this ca_detail's manifest.
+ """
return ca.sia_uri + self.public_key.gSKI() + ".mnf"
def activate(self, ca, cert, uri, callback, errback, predecessor = None):
@@ -812,8 +849,12 @@ class ca_detail_obj(rpki.sql.sql_persistent):
child_cert.ski = cert.get_SKI()
child_cert.published = rpki.sundial.now()
child_cert.sql_store()
- publisher.publish(cls = rpki.publication.certificate_elt, uri = child_cert.uri(ca), obj = child_cert.cert, repository = ca.parent().repository(),
- handler = child_cert.published_callback)
+ publisher.publish(
+ cls = rpki.publication.certificate_elt,
+ uri = child_cert.uri(ca),
+ obj = child_cert.cert,
+ repository = ca.parent().repository(),
+ handler = child_cert.published_callback)
self.generate_manifest(publisher = publisher)
return child_cert
@@ -903,6 +944,17 @@ class ca_detail_obj(rpki.sql.sql_persistent):
self.manifest_published = None
self.sql_mark_dirty()
+ def reissue(self, cb, eb):
+ """
+ Reissue all current certificates issued by this ca_detail.
+ """
+
+ publisher = publication_queue()
+ for roa in self.roas():
+ roa.regenerate(publisher, fast = True)
+ for child_cert in self.child_certs():
+ child_cert.reissue(self, publisher, force = True)
+ publisher.call_pubd(cb, eb)
class child_cert_obj(rpki.sql.sql_persistent):
"""
@@ -932,19 +984,27 @@ class child_cert_obj(rpki.sql.sql_persistent):
self.sql_mark_dirty()
def child(self):
- """Fetch child object to which this child_cert object links."""
+ """
+ Fetch child object to which this child_cert object links.
+ """
return rpki.left_right.child_elt.sql_fetch(self.gctx, self.child_id)
def ca_detail(self):
- """Fetch ca_detail object to which this child_cert object links."""
+ """
+ Fetch ca_detail object to which this child_cert object links.
+ """
return ca_detail_obj.sql_fetch(self.gctx, self.ca_detail_id)
def uri_tail(self):
- """Return the tail (filename) portion of the URI for this child_cert."""
+ """
+ Return the tail (filename) portion of the URI for this child_cert.
+ """
return self.cert.gSKI() + ".cer"
def uri(self, ca):
- """Return the publication URI for this child_cert."""
+ """
+ Return the publication URI for this child_cert.
+ """
return ca.sia_uri + self.uri_tail()
def revoke(self, publisher, generate_crl_and_manifest = False):
@@ -963,7 +1023,7 @@ class child_cert_obj(rpki.sql.sql_persistent):
ca_detail.generate_crl(publisher = publisher)
ca_detail.generate_manifest(publisher = publisher)
- def reissue(self, ca_detail, publisher, resources = None, sia = None):
+ def reissue(self, ca_detail, publisher, resources = None, sia = None, force = False):
"""
Reissue an existing child cert, reusing the public key. If the
child cert we would generate is identical to the one we already
@@ -980,6 +1040,8 @@ class child_cert_obj(rpki.sql.sql_persistent):
old_sia = self.cert.get_SIA()
old_ca_detail = self.ca_detail()
+ needed = False
+
if resources is None:
resources = old_resources
@@ -988,17 +1050,39 @@ class child_cert_obj(rpki.sql.sql_persistent):
assert resources.valid_until is not None and old_resources.valid_until is not None
- if resources == old_resources and sia == old_sia and ca_detail == old_ca_detail:
- rpki.log.debug("No change to %r" % self)
- return self
+ if resources != old_resources:
+ rpki.log.debug("Resources changed for %r" % self)
+ needed = True
+
+ if sia != old_sia:
+ rpki.log.debug("SIA changed for %r" % self)
+ needed = True
+
+ if ca_detail != old_ca_detail:
+ rpki.log.debug("Issuer changed for %r" % self)
+ needed = True
must_revoke = old_resources.oversized(resources) or old_resources.valid_until > resources.valid_until
- new_issuer = ca_detail != old_ca_detail
+ if must_revoke:
+ rpki.log.debug("Must revoke any existing cert(s) for %r" % self)
+ needed = True
- rpki.log.debug("Reissuing %r, must_revoke %s, new_issuer %s" % (self, must_revoke, new_issuer))
+ new_issuer = ca_detail != old_ca_detail
+ if new_issuer:
+ rpki.log.debug("Issuer changed for %r" % self)
+ needed = True
if resources.valid_until != old_resources.valid_until:
- rpki.log.debug("Validity changed: %s %s" % ( old_resources.valid_until, resources.valid_until))
+ rpki.log.debug("Validity changed for %r: %s %s" % (self, old_resources.valid_until, resources.valid_until))
+ needed = True
+
+ if not needed and force:
+ rpki.log.debug("No change needed for %r, forcing reissuance anyway" % self)
+ needed = True
+
+ if not needed:
+ rpki.log.debug("No change to %r" % self)
+ return self
if must_revoke:
for x in child.child_certs(ca_detail = ca_detail, ski = self.ski):
@@ -1075,7 +1159,9 @@ class revoked_cert_obj(rpki.sql.sql_persistent):
("expires", rpki.sundial.datetime))
def __init__(self, gctx = None, serial = None, revoked = None, expires = None, ca_detail_id = None):
- """Initialize a revoked_cert_obj."""
+ """
+ Initialize a revoked_cert_obj.
+ """
rpki.sql.sql_persistent.__init__(self)
self.gctx = gctx
self.serial = serial
@@ -1086,7 +1172,9 @@ class revoked_cert_obj(rpki.sql.sql_persistent):
self.sql_mark_dirty()
def ca_detail(self):
- """Fetch ca_detail object to which this revoked_cert_obj links."""
+ """
+ Fetch ca_detail object to which this revoked_cert_obj links.
+ """
return ca_detail_obj.sql_fetch(self.gctx, self.ca_detail_id)
@classmethod
diff --git a/rpkid/rpki/sql.py b/rpkid/rpki/sql.py
index 88ede288..b7acf562 100644
--- a/rpkid/rpki/sql.py
+++ b/rpkid/rpki/sql.py
@@ -106,11 +106,15 @@ class session(object):
return self.cur.lastrowid
def cache_clear(self):
- """Clear the object cache."""
+ """
+ Clear the object cache.
+ """
self.cache.clear()
def assert_pristine(self):
- """Assert that there are no dirty objects in the cache."""
+ """
+ Assert that there are no dirty objects in the cache.
+ """
assert not self.dirty, "Dirty objects in SQL cache: %s" % self.dirty
def sweep(self):
@@ -131,7 +135,9 @@ class template(object):
"""
def __init__(self, table_name, index_column, *data_columns):
- """Build a SQL template."""
+ """
+ Build a SQL template.
+ """
type_map = dict((x[0], x[1]) for x in data_columns if isinstance(x, tuple))
data_columns = tuple(isinstance(x, tuple) and x[0] or x for x in data_columns)
columns = (index_column,) + data_columns
@@ -209,7 +215,9 @@ class sql_persistent(object):
@classmethod
def sql_fetch_all(cls, gctx):
- """Fetch all objects of this type from SQL."""
+ """
+ Fetch all objects of this type from SQL.
+ """
return cls.sql_fetch_where(gctx, None)
@classmethod
@@ -253,19 +261,27 @@ class sql_persistent(object):
return self
def sql_mark_dirty(self):
- """Mark this object as needing to be written back to SQL."""
+ """
+ Mark this object as needing to be written back to SQL.
+ """
self.gctx.sql.dirty.add(self)
def sql_mark_clean(self):
- """Mark this object as not needing to be written back to SQL."""
+ """
+ Mark this object as not needing to be written back to SQL.
+ """
self.gctx.sql.dirty.discard(self)
def sql_is_dirty(self):
- """Query whether this object needs to be written back to SQL."""
+ """
+ Query whether this object needs to be written back to SQL.
+ """
return self in self.gctx.sql.dirty
def sql_mark_deleted(self):
- """Mark this object as needing to be deleted in SQL."""
+ """
+ Mark this object as needing to be deleted in SQL.
+ """
self.sql_deleted = True
self.sql_mark_dirty()
@@ -334,19 +350,27 @@ class sql_persistent(object):
setattr(self, a, vals[a])
def sql_fetch_hook(self):
- """Customization hook."""
+ """
+ Customization hook.
+ """
pass
def sql_insert_hook(self):
- """Customization hook."""
+ """
+ Customization hook.
+ """
pass
def sql_update_hook(self):
- """Customization hook."""
+ """
+ Customization hook.
+ """
self.sql_delete_hook()
self.sql_insert_hook()
def sql_delete_hook(self):
- """Customization hook."""
+ """
+ Customization hook.
+ """
pass
diff --git a/rpkid/rpki/sundial.py b/rpkid/rpki/sundial.py
index eef69258..d9cac459 100644
--- a/rpkid/rpki/sundial.py
+++ b/rpkid/rpki/sundial.py
@@ -48,7 +48,9 @@ import datetime as pydatetime
import re
def now():
- """Get current timestamp."""
+ """
+ Get current timestamp.
+ """
return datetime.utcnow()
class datetime(pydatetime.datetime):
@@ -66,21 +68,29 @@ class datetime(pydatetime.datetime):
@classmethod
def fromUTCTime(cls, x):
- """Convert from ASN.1 UTCTime."""
+ """
+ Convert from ASN.1 UTCTime.
+ """
x = str(x)
return cls.fromGeneralizedTime(("19" if x[0] >= "5" else "20") + x)
def toUTCTime(self):
- """Convert to ASN.1 UTCTime."""
+ """
+ Convert to ASN.1 UTCTime.
+ """
return self.strftime("%y%m%d%H%M%SZ")
@classmethod
def fromGeneralizedTime(cls, x):
- """Convert from ASN.1 GeneralizedTime."""
+ """
+ Convert from ASN.1 GeneralizedTime.
+ """
return cls.strptime(x, "%Y%m%d%H%M%SZ")
def toGeneralizedTime(self):
- """Convert to ASN.1 GeneralizedTime."""
+ """
+ Convert to ASN.1 GeneralizedTime.
+ """
return self.strftime("%Y%m%d%H%M%SZ")
@classmethod
@@ -119,7 +129,9 @@ class datetime(pydatetime.datetime):
return cls.strptime(x, "%Y-%m-%dT%H:%M:%SZ")
def toXMLtime(self):
- """Convert to XML time representation."""
+ """
+ Convert to XML time representation.
+ """
return self.strftime("%Y-%m-%dT%H:%M:%SZ")
def __str__(self):
@@ -135,7 +147,9 @@ class datetime(pydatetime.datetime):
@classmethod
def from_sql(cls, x):
- """Convert from SQL storage format."""
+ """
+ Convert from SQL storage format.
+ """
return cls.fromdatetime(x)
def to_sql(self):
@@ -154,11 +168,15 @@ class datetime(pydatetime.datetime):
microsecond = 0, tzinfo = None)
def later(self, other):
- """Return the later of two timestamps."""
+ """
+ Return the later of two timestamps.
+ """
return other if other > self else self
def earlier(self, other):
- """Return the earlier of two timestamps."""
+ """
+ Return the earlier of two timestamps.
+ """
return other if other < self else self
def __add__(self, y): return _cast(pydatetime.datetime.__add__(self, y))
@@ -233,12 +251,16 @@ class timedelta(pydatetime.timedelta):
raise RuntimeError, "Couldn't parse timedelta %r" % (arg,)
def convert_to_seconds(self):
- """Convert a timedelta interval to seconds."""
+ """
+ Convert a timedelta interval to seconds.
+ """
return self.days * 24 * 60 * 60 + self.seconds
@classmethod
def fromtimedelta(cls, x):
- """Convert a datetime.timedelta object into this subclass."""
+ """
+ Convert a datetime.timedelta object into this subclass.
+ """
return cls(days = x.days, seconds = x.seconds, microseconds = x.microseconds)
def __abs__(self): return _cast(pydatetime.timedelta.__abs__(self))
diff --git a/rpkid/rpki/up_down.py b/rpkid/rpki/up_down.py
index 4320b173..dcfa54bb 100644
--- a/rpkid/rpki/up_down.py
+++ b/rpkid/rpki/up_down.py
@@ -83,11 +83,15 @@ class base_elt(object):
lxml.etree.SubElement(elt, "{%s}%s" % (xmlns, name), nsmap=nsmap).text = value.get_Base64()
def serve_pdu(self, q_msg, r_msg, child, callback, errback):
- """Default PDU handler to catch unexpected types."""
+ """
+ Default PDU handler to catch unexpected types.
+ """
raise rpki.exceptions.BadQuery, "Unexpected query type %s" % q_msg.type
def check_response(self):
- """Placeholder for response checking."""
+ """
+ Placeholder for response checking.
+ """
pass
class multi_uri(list):
@@ -111,7 +115,9 @@ class multi_uri(list):
raise TypeError
def __str__(self):
- """Convert a multi_uri back to a string representation."""
+ """
+ Convert a multi_uri back to a string representation.
+ """
return ",".join(self)
def rsync(self):
@@ -163,7 +169,9 @@ class class_elt(base_elt):
issuer = None
def __init__(self):
- """Initialize class_elt."""
+ """
+ Initialize class_elt.
+ """
base_elt.__init__(self)
self.certs = []
@@ -458,7 +466,9 @@ class revoke_pdu(revoke_syntax):
"""
def get_SKI(self):
- """Convert g(SKI) encoding from PDU back to raw SKI."""
+ """
+ Convert g(SKI) encoding from PDU back to raw SKI.
+ """
return base64.urlsafe_b64decode(self.ski + "=")
def serve_pdu(self, q_msg, r_msg, child, cb, eb):
@@ -608,7 +618,9 @@ class message_pdu(base_elt):
stack.append(self.payload)
def __str__(self):
- """Convert a message PDU to a string."""
+ """
+ Convert a message PDU to a string.
+ """
lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "UTF-8")
def serve_top_level(self, child, callback):
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 61b5fef7..41f89bf0 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -236,11 +236,15 @@ class DER_object(object):
raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available"
def get_Base64(self):
- """Get the Base64 encoding of the DER value of this object."""
+ """
+ Get the Base64 encoding of the DER value of this object.
+ """
return base64_with_linebreaks(self.get_DER())
def get_PEM(self):
- """Get the PEM representation of this object."""
+ """
+ Get the PEM representation of this object.
+ """
return self.pem_converter.to_PEM(self.get_DER())
def __cmp__(self, other):
@@ -365,11 +369,15 @@ class DER_object(object):
@classmethod
def from_sql(cls, x):
- """Convert from SQL storage format."""
+ """
+ Convert from SQL storage format.
+ """
return cls(DER = x)
def to_sql(self):
- """Convert to SQL storage format."""
+ """
+ Convert to SQL storage format.
+ """
return self.get_DER()
def dumpasn1(self):
@@ -441,31 +449,45 @@ class X509(DER_object):
return self.POWpkix
def getIssuer(self):
- """Get the issuer of this certificate."""
+ """
+ Get the issuer of this certificate.
+ """
return self.get_POW().getIssuer()
def getSubject(self):
- """Get the subject of this certificate."""
+ """
+ Get the subject of this certificate.
+ """
return self.get_POW().getSubject()
def getNotBefore(self):
- """Get the inception time of this certificate."""
+ """
+ Get the inception time of this certificate.
+ """
return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().tbs.validity.notBefore.get())
def getNotAfter(self):
- """Get the expiration time of this certificate."""
+ """
+ Get the expiration time of this certificate.
+ """
return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().tbs.validity.notAfter.get())
def getSerial(self):
- """Get the serial number of this certificate."""
+ """
+ Get the serial number of this certificate.
+ """
return self.get_POW().getSerial()
def getPublicKey(self):
- """Extract the public key from this certificate."""
+ """
+ Extract the public key from this certificate.
+ """
return RSApublic(DER = self.get_POWpkix().tbs.subjectPublicKeyInfo.toString())
def expired(self):
- """Test whether this certificate has expired."""
+ """
+ Test whether this certificate has expired.
+ """
return self.getNotAfter() <= rpki.sundial.now()
def issue(self, keypair, subject_key, serial, sia, aia, crldp, notAfter,
@@ -603,7 +625,9 @@ class PKCS10(DER_object):
return self.POWpkix
def getPublicKey(self):
- """Extract the public key from this certification request."""
+ """
+ Extract the public key from this certification request.
+ """
return RSApublic(DER = self.get_POWpkix().certificationRequestInfo.subjectPublicKeyInfo.toString())
def check_valid_rpki(self):
@@ -718,15 +742,21 @@ class RSA(DER_object):
return cls(POW = POW.Asymmetric(POW.RSA_CIPHER, keylength))
def get_public_DER(self):
- """Get the DER encoding of the public key from this keypair."""
+ """
+ Get the DER encoding of the public key from this keypair.
+ """
return self.get_POW().derWrite(POW.RSA_PUBLIC_KEY)
def get_SKI(self):
- """Calculate the SKI of this keypair."""
+ """
+ Calculate the SKI of this keypair.
+ """
return calculate_SKI(self.get_public_DER())
def get_RSApublic(self):
- """Convert the public key of this keypair into a RSApublic object."""
+ """
+ Convert the public key of this keypair into a RSApublic object.
+ """
return RSApublic(DER = self.get_public_DER())
class RSApublic(DER_object):
@@ -759,7 +789,9 @@ class RSApublic(DER_object):
return self.POW
def get_SKI(self):
- """Calculate the SKI of this public key."""
+ """
+ Calculate the SKI of this public key.
+ """
return calculate_SKI(self.get_DER())
def POWify_OID(oid):
@@ -999,7 +1031,9 @@ class DER_CMS_object(CMS_object):
"""
def encode(self):
- """Encode inner content for signing."""
+ """
+ Encode inner content for signing.
+ """
return self.get_content().toString()
def decode(self, der):
@@ -1020,11 +1054,15 @@ class SignedManifest(DER_CMS_object):
econtent_oid = POWify_OID("id-ct-rpkiManifest")
def getThisUpdate(self):
- """Get thisUpdate value from this manifest."""
+ """
+ Get thisUpdate value from this manifest.
+ """
return rpki.sundial.datetime.fromGeneralizedTime(self.get_content().thisUpdate.get())
def getNextUpdate(self):
- """Get nextUpdate value from this manifest."""
+ """
+ Get nextUpdate value from this manifest.
+ """
return rpki.sundial.datetime.fromGeneralizedTime(self.get_content().nextUpdate.get())
@classmethod
@@ -1121,15 +1159,21 @@ class XML_CMS_object(CMS_object):
dump_inbound_cms = None
def encode(self):
- """Encode inner content for signing."""
+ """
+ Encode inner content for signing.
+ """
return lxml.etree.tostring(self.get_content(), pretty_print = True, encoding = self.encoding, xml_declaration = True)
def decode(self, xml):
- """Decode XML and set inner content."""
+ """
+ Decode XML and set inner content.
+ """
self.content = lxml.etree.fromstring(xml)
def pretty_print_content(self):
- """Pretty print XML content of this message."""
+ """
+ Pretty print XML content of this message.
+ """
return lxml.etree.tostring(self.get_content(), pretty_print = True, encoding = self.encoding, xml_declaration = True)
def schema_check(self):
@@ -1218,15 +1262,21 @@ class CRL(DER_object):
return self.POWpkix
def getThisUpdate(self):
- """Get thisUpdate value from this CRL."""
+ """
+ Get thisUpdate value from this CRL.
+ """
return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().getThisUpdate())
def getNextUpdate(self):
- """Get nextUpdate value from this CRL."""
+ """
+ Get nextUpdate value from this CRL.
+ """
return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().getNextUpdate())
def getIssuer(self):
- """Get issuer value of this CRL."""
+ """
+ Get issuer value of this CRL.
+ """
return self.get_POW().getIssuer()
@classmethod
diff --git a/rpkid/rpki/xml_utils.py b/rpkid/rpki/xml_utils.py
index 4933cda9..7b8297a4 100644
--- a/rpkid/rpki/xml_utils.py
+++ b/rpkid/rpki/xml_utils.py
@@ -59,15 +59,21 @@ class sax_handler(xml.sax.handler.ContentHandler):
self.stack = []
def startElementNS(self, name, qname, attrs):
- """Redirect startElementNS() events to startElement()."""
+ """
+ Redirect startElementNS() events to startElement().
+ """
return self.startElement(name[1], attrs)
def endElementNS(self, name, qname):
- """Redirect endElementNS() events to endElement()."""
+ """
+ Redirect endElementNS() events to endElement().
+ """
return self.endElement(name[1])
def characters(self, content):
- """Accumulate a chuck of element content (text)."""
+ """
+ Accumulate a chuck of element content (text).
+ """
self.text += content
def startElement(self, name, attrs):
@@ -286,7 +292,9 @@ class data_elt(base_elt):
return r_pdu
def make_reply_clone_hook(self, r_pdu):
- """Overridable hook."""
+ """
+ Overridable hook.
+ """
pass
def serve_fetch_one(self):
@@ -300,11 +308,15 @@ class data_elt(base_elt):
return r
def serve_pre_save_hook(self, q_pdu, r_pdu, cb, eb):
- """Overridable hook."""
+ """
+ Overridable hook.
+ """
cb()
def serve_post_save_hook(self, q_pdu, r_pdu, cb, eb):
- """Overridable hook."""
+ """
+ Overridable hook.
+ """
cb()
def serve_create(self, r_msg, cb, eb):
@@ -436,7 +448,9 @@ class msg(list):
stack.pop()
def __str__(self):
- """Convert msg object to string."""
+ """
+ Convert msg object to string.
+ """
lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "us-ascii")
def toXML(self):
@@ -449,22 +463,30 @@ class msg(list):
@classmethod
def query(cls, *args):
- """Create a query PDU."""
+ """
+ Create a query PDU.
+ """
self = cls(args)
self.type = "query"
return self
@classmethod
def reply(cls, *args):
- """Create a reply PDU."""
+ """
+ Create a reply PDU.
+ """
self = cls(args)
self.type = "reply"
return self
def is_query(self):
- """Is this msg a query?"""
+ """
+ Is this msg a query?
+ """
return self.type == "query"
def is_reply(self):
- """Is this msg a reply?"""
+ """
+ Is this msg a reply?
+ """
return self.type == "reply"
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 04:57:42 +0000