aboutsummaryrefslogtreecommitdiff
path: root/rpkid
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid')
-rw-r--r--rpkid/rpki/irdb/zookeeper.py37
-rw-r--r--rpkid/rpki/rpkic.py54
2 files changed, 81 insertions, 10 deletions
diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index b9d44c57..ff05ae2d 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -269,16 +269,13 @@ class Zookeeper(object):
@django.db.transaction.commit_on_success
- def initialize(self):
+ def initialize_server_bpki(self):
"""
- Initialize an RPKI installation. Reads the configuration file,
- creates the BPKI and EntityDB directories, generates the initial
- BPKI certificates, and creates an XML file describing the
- resource-holding aspect of this RPKI installation.
+ Initialize server BPKI portion of an RPKI installation. Reads the
+ configuration file and generates the initial BPKI server
+ certificates needed to start daemons.
"""
- resource_ca, created = rpki.irdb.ResourceHolderCA.objects.get_or_certify(handle = self.handle)
-
if self.run_rpkid or self.run_pubd:
server_ca, created = rpki.irdb.ServerCA.objects.get_or_certify()
rpki.irdb.ServerEE.objects.get_or_certify(issuer = server_ca, purpose = "irbe")
@@ -290,9 +287,35 @@ class Zookeeper(object):
if self.run_pubd:
rpki.irdb.ServerEE.objects.get_or_certify(issuer = server_ca, purpose = "pubd")
+
+ @django.db.transaction.commit_on_success
+ def initialize_resource_bpki(self):
+ """
+ Initialize the resource-holding BPKI for an RPKI installation.
+ Returns XML describing the resource holder.
+
+ This method is present primarily for backwards compatibility with
+ the old combined initialize() method which initialized both the
+ server BPKI and the default resource-holding BPKI in a single
+ method call. In the long run we want to replace this with
+ something that takes a handle as argument and creates the
+ resource-holding BPKI idenity if needed.
+ """
+
+ resource_ca, created = rpki.irdb.ResourceHolderCA.objects.get_or_certify(handle = self.handle)
return self.generate_identity()
+ def initialize(self):
+ """
+ Backwards compatibility wrapper: calls initialize_server_bpki()
+ and initialize_resource_bpki(), returns latter's result.
+ """
+
+ self.initialize_server_bpki()
+ return self.initialize_resource_bpki()
+
+
def generate_identity(self):
"""
Generate identity XML. Broken out of .initialize() because it's
diff --git a/rpkid/rpki/rpkic.py b/rpkid/rpki/rpkic.py
index 28d248c2..79c2e556 100644
--- a/rpkid/rpki/rpkic.py
+++ b/rpkid/rpki/rpkic.py
@@ -168,6 +168,7 @@ class main(rpki.cli.Cmd):
def irdb_handle_complete(self, manager, text, line, begidx, endidx):
return [obj.handle for obj in manager.all() if obj.handle and obj.handle.startswith(text)]
+
def do_select_identity(self, arg):
"""
Select an identity handle for use with later commands.
@@ -193,11 +194,13 @@ class main(rpki.cli.Cmd):
if arg:
raise BadCommandSyntax, "This command takes no arguments"
+ rootd_case = self.zoo.run_rootd and self.zoo.handle == self.zoo.cfg.get("handle")
+
r = self.zoo.initialize()
r.save("%s.identity.xml" % self.zoo.handle,
- None if self.zoo.run_pubd else sys.stdout)
+ None if rootd_case else sys.stdout)
- if self.zoo.run_rootd and self.zoo.handle == self.zoo.cfg.get("handle"):
+ if rootd_case:
r = self.zoo.configure_rootd()
if r is not None:
r.save("%s.%s.repository-request.xml" % (self.zoo.handle, self.zoo.handle), sys.stdout)
@@ -205,6 +208,50 @@ class main(rpki.cli.Cmd):
self.zoo.write_bpki_files()
+ # These aren't quite ready for prime time yet. See https://trac.rpki.net/ticket/466
+
+ if False:
+
+ def do_create_identity(self, arg):
+ """
+ Create a new resource-holding entity. Argument is the handle of
+ the entity to create. Returns XML file describing the new
+ resource holder.
+
+ This command is idempotent: calling it for a resource holder which
+ already exists returns the existing identity.
+ """
+
+ argv = arg.split()
+ if len(argv) != 1:
+ raise BadCommandSyntax("This command expexcts one argument, not %r" % arg)
+
+ self.zoo.reset_identity(argv[0])
+
+ rootd_case = self.zoo.run_rootd and self.zoo.handle == self.zoo.cfg.get("handle")
+
+ r = self.zoo.initialize_resource_bpki()
+ r.save("%s.identity.xml" % self.zoo.handle,
+ None if rootd_case else sys.stdout)
+
+ if rootd_case:
+ r = self.zoo.configure_rootd()
+ if r is not None:
+ r.save("%s.%s.repository-request.xml" % (self.zoo.handle, self.zoo.handle), sys.stdout)
+
+ def do_initialize_server_bpki(self, arg):
+ """
+ Initialize server BPKI portion of an RPKI installation. Reads
+ server configuration from configuration file and creates the
+ server BPKI objects needed to start daemons.
+ """
+
+ if arg:
+ raise BadCommandSyntax, "This command takes no arguments"
+ self.zoo.initialize_server_bpki()
+ self.zoo.write_bpki_files()
+
+
def do_update_bpki(self, arg):
"""
Update BPKI certificates. Assumes an existing RPKI installation.
@@ -218,9 +265,10 @@ class main(rpki.cli.Cmd):
Most likely this should be run under cron.
"""
+ if arg:
+ raise BadCommandSyntax, "This command takes no arguments"
self.zoo.update_bpki()
self.zoo.write_bpki_files()
- self.zoo.synchronize()
def do_configure_child(self, arg):
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-12 08:28:11 +0000
bold } /* Literal.Number */ .highlight .s { color: #D20; background-color: #FFF0F0 } /* Literal.String */ .highlight .na { color: #369 } /* Name.Attribute */ .highlight .nb { color: #038 } /* Name.Builtin */ .highlight .nc { color: #B06; font-weight: bold } /* Name.Class */ .highlight .no { color: #036; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555 } /* Name.Decorator */ .highlight .ne { color: #B06; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #06B; font-weight: bold } /* Name.Function */ .highlight .nl { color: #369; font-style: italic } /* Name.Label */ .highlight .nn { color: #B06; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #369; font-weight: bold } /* Name.Property */ .highlight .nt { color: #B06; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #369 } /* Name.Variable */ .highlight .ow { color: #080 } /* Operator.Word */ .highlight .w { color: #BBB } /* Text.Whitespace */ .highlight .mb { color: #00D; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #00D; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #00D; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #00D; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #00D; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #D20; background-color: #FFF0F0 } /* Literal.String.Affix */ .highlight .sb { color: #D20; background-color: #FFF0F0 } /* Literal.String.Backtick */ .highlight .sc { color: #D20; background-color: #FFF0F0 } /* Literal.String.Char */ .highlight .dl { color: #D20; background-color: #FFF0F0 } /* Literal.String.Delimiter */ .highlight .sd { color: #D20; background-color: #FFF0F0 } /* Literal.String.Doc */ .highlight .s2 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Double */ .highlight .se { color: #04D; background-color: #FFF0F0 } /* Literal.String.Escape */ .highlight .sh { color: #D20; background-color: #FFF0F0 } /* Literal.String.Heredoc */ .highlight .si { color: #33B; background-color: #FFF0F0 } /* Literal.String.Interpol */ .highlight .sx { color: #2B2; background-color: #F0FFF0 } /* Literal.String.Other */ .highlight .sr { color: #080; background-color: #FFF0FF } /* Literal.String.Regex */ .highlight .s1 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Single */ .highlight .ss { color: #A60; background-color: #FFF0F0 } /* Literal.String.Symbol */ .highlight .bp { color: #038 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #06B; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #369 } /* Name.Variable.Class */ .highlight .vg { color: #D70 } /* Name.Variable.Global */ .highlight .vi { color: #33B } /* Name.Variable.Instance */ .highlight .vm { color: #369 } /* Name.Variable.Magic */ .highlight .il { color: #00D; font-weight: bold } /* Literal.Number.Integer.Long */
#*****************************************************************************#
#*                                                                           *#
#*  Copyright (c) 2002, Peter Shannon                                        *#
#*  All rights reserved.                                                     *#
#*                                                                           *#
#*  Redistribution and use in source and binary forms, with or without       *#
#*  modification, are permitted provided that the following conditions       *#
#*  are met:                                                                 *#
#*                                                                           *#
#*      * Redistributions of source code must retain the above               *#
#*        copyright notice, this list of conditions and the following        *#
#*        disclaimer.                                                        *#
#*                                                                           *#
#*      * Redistributions in binary form must reproduce the above            *#
#*        copyright notice, this list of conditions and the following        *#
#*        disclaimer in the documentation and/or other materials             *#
#*        provided with the distribution.                                    *#
#*                                                                           *#
#*      * The name of the contributors may be used to endorse or promote     *#
#*        products derived from this software without specific prior         *#
#*        written permission.                                                *#
#*                                                                           *#
#*  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS      *#
#*  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT        *#
#*  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS        *#
#*  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS   *#
#*  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,          *#
#*  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT         *#
#*  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,    *#
#*  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY    *#
#*  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT      *#
#*  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE    *#
#*  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.     *#
#*                                                                           *#
#*****************************************************************************#

import string, re, types, pprint

def decodeOid(val):
   val = [int(val,16) for val in val.split(" ")][2:]
   arc12 = val[0]
   arc1, arc2 = divmod(arc12, 40)
   oids = [arc1,arc2]
   total = 0
   for byte in val[1:]:
      if byte & 0x80:
         total = (total << 7) | (byte ^ 0x80)
      else:
         total = (total << 7) | byte
         oids.append(total)
         total = 0
   return tuple(oids)

# for people out there who, like me, hate regexs(too easy to make mistakes
# with) I apologise profusely!

class Parser:
   def __init__(self, filename):
      self.file = filename
      self.handle = open(self.file)
      self.whiteMatch = re.compile(r'^\s*$')
      self.hashMatch = re.compile(r'^#')
      self.warningMatch = re.compile(r'^Warning')
      self.oidMatch = re.compile(r'(?:^OID\s*=\s* )(.*)')
      self.commentMatch = re.compile(r'(?:^Comment\s*=\s*)(.*)')
      self.descriptionMatch = re.compile(r'(?:^Description\s*=\s*)(.*)')
      self.oids = {}
      self.objs = {}
      self.__parse()

   def __store(self, dict):
      self.objs[dict['name']] = dict
      self.oids[dict['oid' ]] = dict

   def __parse(self):
      dict = None
      broken = False
      for line in self.handle:
         m = self.oidMatch.match(line)
         if m:
            if dict and not broken:
               self.__store(dict)
            dict = { 'hexoid' : m.group(1),
                     'oid'    : decodeOid(m.group(1)) }
            broken = False
            continue
         if self.warningMatch.match(line):
            broken = True
            continue
         if self.whiteMatch.match(line) or self.hashMatch.match(line):
            continue
         m = self.commentMatch.match(line)
         if m:
            dict['comment'] = m.group(1)
            continue
         m = self.descriptionMatch.match(line)
         if m:
            dict['description'] = m.group(1)
            dict['name'] = m.group(1).strip().split(' ')[0]
            continue
         raise Exception, 'unhandled pattern'
      if dict and not broken:
         self.__store(dict)

   def dumpobjs(self, path):
      file = open(path, 'w')
      file.write('data = ')
      pprint.pprint( self.objs, file )
      file.close()

   def dumpoids(self, path):
      file = open(path, 'w')
      file.write('data = ')
      pprint.pprint( self.oids, file )
      file.close()