diff options
Diffstat (limited to 'rpkid')
| -rwxr-xr-x | rpkid/portal-gui/scripts/load_csv.py | 11 | ||||
| -rwxr-xr-x | rpkid/portal-gui/scripts/rpkigui-response.py | 7 | ||||
| -rw-r--r-- | rpkid/rpki/myrpki.py | 77 | ||||
| -rw-r--r-- | rpkid/rpki/sundial.py | 7 | ||||
| -rw-r--r-- | rpkid/tests/smoketest.py | 14 |
5 files changed, 88 insertions, 28 deletions
diff --git a/rpkid/portal-gui/scripts/load_csv.py b/rpkid/portal-gui/scripts/load_csv.py index ebb995b6..44d08829 100755 --- a/rpkid/portal-gui/scripts/load_csv.py +++ b/rpkid/portal-gui/scripts/load_csv.py @@ -44,6 +44,11 @@ print 'processing csv files for resource handle', handle conf = models.Conf.objects.get(handle=handle) +class RangeError(Exception): + """ + Problem with ASN range or address range. + """ + # every parent has a favorite def best_child(address_range, parent, parent_range): '''Return the child address range that is the closest match, or @@ -56,7 +61,7 @@ def best_child(address_range, parent, parent_range): return best_child(address_range, q, t) # check for overlap if t.min <= address_range.min <= t.max or t.min <= address_range.max <= t.max: - raise RuntimeError, \ + raise RangeError, \ 'can not handle overlapping ranges: %s and %s' % (address_range, t) return parent, parent_range @@ -79,7 +84,7 @@ def get_or_create_prefix(address_range): # there should only ever be a single matching prefix break else: - raise RuntimeError, '%s does not match any received address range.' % ( + raise RangeError, '%s does not match any received address range.' % ( address_range,) # find the best match among the children + grandchildren @@ -97,7 +102,7 @@ def get_or_create_asn(asn): asn_set = models.Asn.objects.filter(lo__lte=asn.min, hi__gte=asn.max, from_cert__parent__in=conf.parents.all()) if not asn_set: - raise RuntimeError, '%s does not match any received AS range' % (asn,) + raise RangeError, '%s does not match any received AS range' % (asn,) best = best_child(asn, asn_set[0], asn_set[0].as_resource_range())[0] print 'best match for %s is %s' % (asn, best) if best.lo != asn.min or best.hi != asn.max: diff --git a/rpkid/portal-gui/scripts/rpkigui-response.py b/rpkid/portal-gui/scripts/rpkigui-response.py index eb2ee4d0..9b150c51 100755 --- a/rpkid/portal-gui/scripts/rpkigui-response.py +++ b/rpkid/portal-gui/scripts/rpkigui-response.py @@ -44,9 +44,14 @@ if len(sys.argv) < 4: sys.exit(0) +class InvalidResponseType(Exception): + """ + Invalid response type. + """ + request_type = sys.argv[2] if not request_type in ('parent', 'repository'): - raise RuntimeError, 'invalid response type: %s' % request_type + raise InvalidResponseType, 'invalid response type: %s' % request_type # make sure apache process can manipulate the outbox! os.setuid(pwd.getpwnam(settings.WEB_USER)[2]) diff --git a/rpkid/rpki/myrpki.py b/rpkid/rpki/myrpki.py index 2cd2a318..2fa2f8cb 100644 --- a/rpkid/rpki/myrpki.py +++ b/rpkid/rpki/myrpki.py @@ -81,6 +81,41 @@ allow_incomplete = False whine = True +class BadCommandSyntax(Exception): + """ + Bad command line syntax. + """ + +class BadPrefixSyntax(Exception): + """ + Bad prefix syntax. + """ + +class CouldntTalkToDaemon(Exception): + """ + Couldn't talk to daemon. + """ + +class BadCSVSyntax(Exception): + """ + Bad CSV syntax. + """ + +class BadXMLMessage(Exception): + """ + Bad XML message. + """ + +class PastExpiration(Exception): + """ + Expiration date has already passed. + """ + +class CantRunRootd(Exception): + """ + Can't run rootd. + """ + class comma_set(set): """ Minor customization of set(), to provide a print syntax. @@ -138,7 +173,7 @@ class roa_request(object): elif self.v6re.match(prefix): self.v6.add(prefix) else: - raise RuntimeError, "Bad prefix syntax: %r" % (prefix,) + raise BadPrefixSyntax, "Bad prefix syntax: %r" % (prefix,) def xml(self, e): """ @@ -223,7 +258,7 @@ class child(object): elif self.v6re.match(prefix): self.v6.add(prefix) else: - raise RuntimeError, "Bad prefix syntax: %r" % (prefix,) + raise BadPrefixSyntax, "Bad prefix syntax: %r" % (prefix,) if asn is not None: self.asns.add(asn) if validity is not None: @@ -505,9 +540,9 @@ class csv_reader(object): continue fields = line.split() if self.min_columns is not None and len(fields) < self.min_columns: - raise RuntimeError, "%s:%d: Not enough columns in line %r" % (self.filename, line_number, line) + raise BadCSVSyntax, "%s:%d: Not enough columns in line %r" % (self.filename, line_number, line) if self.columns is not None and len(fields) > self.columns: - raise RuntimeError, "%s:%d: Too many columns in line %r" % (self.filename, line_number, line) + raise BadCSVSyntax, "%s:%d: Too many columns in line %r" % (self.filename, line_number, line) if self.columns is not None and len(fields) < self.columns: fields += tuple(None for i in xrange(self.columns - len(fields))) yield fields @@ -875,7 +910,7 @@ def etree_post_read(e, validate = True): if i.tag.startswith(namespaceQName): i.tag = i.tag[len(namespaceQName):] else: - raise RuntimeError, "XML tag %r is not in namespace %r" % (i.tag, namespace) + raise BadXMLMessage, "XML tag %r is not in namespace %r" % (i.tag, namespace) return e def b64_equal(thing1, thing2): @@ -1061,7 +1096,7 @@ class main(rpki.cli.Cmd): self.entitydb = EntityDB(self.cfg) if self.run_rootd and (not self.run_pubd or not self.run_rpkid): - raise RuntimeError, "Can't run rootd unless also running rpkid and pubd" + raise CantRunRootd, "Can't run rootd unless also running rpkid and pubd" self.bpki_resources = CA(self.cfg.filename, self.cfg.get("bpki_resources_directory")) if self.run_rpkid or self.run_pubd or self.run_rootd: @@ -1085,7 +1120,7 @@ class main(rpki.cli.Cmd): """ if arg: - raise RuntimeError, "This command takes no arguments" + raise BadCommandSyntax, "This command takes no arguments" self.bpki_resources.setup(self.cfg.get("bpki_resources_ta_dn", "/CN=%s BPKI Resource Trust Anchor" % self.handle)) @@ -1217,7 +1252,7 @@ class main(rpki.cli.Cmd): child_handle = a if len(argv) != 1: - raise RuntimeError, "Need to specify filename for child.xml" + raise BadCommandSyntax, "Need to specify filename for child.xml" c = etree_read(argv[0]) @@ -1319,7 +1354,7 @@ class main(rpki.cli.Cmd): parent_handle = a if len(argv) != 1: - raise RuntimeError, "Need to specify filename for parent.xml on command line" + raise BadCommandSyntax, "Need to specify filename for parent.xml on command line" p = etree_read(argv[0]) @@ -1379,7 +1414,7 @@ class main(rpki.cli.Cmd): sia_base = a if len(argv) != 1: - raise RuntimeError, "Need to specify filename for client.xml" + raise BadCommandSyntax, "Need to specify filename for client.xml" client = etree_read(argv[0]) @@ -1392,12 +1427,12 @@ class main(rpki.cli.Cmd): try: auth = client.find("authorization") if auth is None: - raise RuntimeError, "Malformed referral, couldn't find <auth/> element" + raise BadXMLMessage, "Malformed referral, couldn't find <auth/> element" referrer = etree_read(self.entitydb("pubclients", auth.get("referrer").replace("/","."))) referrer = self.bpki_servers.fxcert(referrer.findtext("bpki_client_ta")) referral = self.bpki_servers.cms_xml_verify(auth.text, referrer) if not b64_equal(referral.text, client.findtext("bpki_client_ta")): - raise RuntimeError, "Referral trust anchor does not match" + raise BadXMLMessage, "Referral trust anchor does not match" sia_base = referral.get("authorized_sia_base") except IOError: print "We have no record of client (%s) alleged to have made this referral" % auth.get("referrer") @@ -1406,7 +1441,7 @@ class main(rpki.cli.Cmd): print "This looks like an offer, client claims to be our child, checking" client_ta = client.findtext("bpki_client_ta") if not client_ta: - raise RuntimeError, "Malformed offer, couldn't find <bpki_client_ta/> element" + raise BadXMLMessage, "Malformed offer, couldn't find <bpki_client_ta/> element" for child in self.entitydb.iterate("children"): c = etree_read(child) if b64_equal(c.findtext("bpki_child_ta"), client_ta): @@ -1422,7 +1457,7 @@ class main(rpki.cli.Cmd): sia_base = "rsync://%s/%s/%s/" % (self.rsync_server, self.rsync_module, client.get("handle")) if not sia_base.startswith("rsync://"): - raise RuntimeError, "Malformed sia_base parameter %r, should start with 'rsync://'" % sia_base + raise BadXMLMessage, "Malformed sia_base parameter %r, should start with 'rsync://'" % sia_base client_handle = "/".join(sia_base.rstrip("/").split("/")[4:]) @@ -1483,7 +1518,7 @@ class main(rpki.cli.Cmd): parent_handle = a if len(argv) != 1: - raise RuntimeError, "Need to specify filename for repository.xml on command line" + raise BadCommandSyntax, "Need to specify filename for repository.xml on command line" r = etree_read(argv[0]) @@ -1527,11 +1562,11 @@ class main(rpki.cli.Cmd): if plural: if len(argv) != 0: - raise RuntimeError, "Unexpected arguments" + raise BadCommandSyntax, "Unexpected arguments" children = "*" else: if len(argv) != 1: - raise RuntimeError, "Need to specify child handle" + raise BadCommandSyntax, "Need to specify child handle" children = argv[0] if valid_until is None: @@ -1539,7 +1574,7 @@ class main(rpki.cli.Cmd): else: valid_until = rpki.sundial.fromXMLtime(valid_until) if valid_until < rpki.sundial.now(): - raise RuntimeError, "Specified new expiration time %s has passed" % valid_until + raise PastExpiration, "Specified new expiration time %s has passed" % valid_until print "New validity date", valid_until @@ -1629,7 +1664,7 @@ class main(rpki.cli.Cmd): """ if arg: - raise RuntimeError, "Unexpected argument %r" % arg + raise BadCommandSyntax, "Unexpected argument %r" % arg self.configure_resources_main(msg = "Send this file to the rpkid operator who is hosting you") @@ -1978,7 +2013,7 @@ class main(rpki.cli.Cmd): print r.error_text if failed: - raise RuntimeError + raise CouldntTalkToDaemon if pubd_query: assert self.run_pubd @@ -1991,7 +2026,7 @@ class main(rpki.cli.Cmd): print r.error_text if failed: - raise RuntimeError + raise CouldntTalkToDaemon # Rewrite XML. diff --git a/rpkid/rpki/sundial.py b/rpkid/rpki/sundial.py index 63b3f2e2..dc322b96 100644 --- a/rpkid/rpki/sundial.py +++ b/rpkid/rpki/sundial.py @@ -53,6 +53,11 @@ def now(): """ return datetime.utcnow() +class ParseFailure(Exception): + """ + Parse failure constructing timedelta. + """ + class datetime(pydatetime.datetime): """ RPKI extensions to standard datetime.datetime class. All work here @@ -258,7 +263,7 @@ class timedelta(pydatetime.timedelta): d["seconds"] += d.pop("years") * cls.years_to_seconds return cls(**d) else: - raise RuntimeError, "Couldn't parse timedelta %r" % (arg,) + raise ParseFailure, "Couldn't parse timedelta %r" % (arg,) def convert_to_seconds(self): """ diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 127e3f79..4c767409 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -146,6 +146,16 @@ pubd_irbe_key = None pubd_irbe_cert = None pubd_pubd_cert = None +class CantRekeyYAMLLeaf(Exception): + """ + Can't rekey YAML leaf. + """ + +class CouldntIssueBSCEECertificate(Exception): + """ + Couldn't issue BSC EE certificate + """ + def main(): """ Main program. @@ -580,7 +590,7 @@ class allocation(object): cb() if self.is_leaf: - raise RuntimeError, "Can't rekey YAML leaf %s, sorry" % self.name + raise CantRekeyYAMLLeaf, "Can't rekey YAML leaf %s, sorry" % self.name elif target is None: rpki.log.info("Rekeying <self/> %s" % self.name) self.call_rpkid([rpki.left_right.self_elt.make_pdu(action = "set", self_handle = self.name, rekey = "yes")], cb = done) @@ -983,7 +993,7 @@ class allocation(object): signed = signer.communicate(input = b.pkcs10_request.get_PEM()) if not signed[0]: rpki.log.warn(signed[1]) - raise RuntimeError, "Couldn't issue BSC EE certificate" + raise CouldntIssueBSCEECertificate, "Couldn't issue BSC EE certificate" s.bsc_ee = rpki.x509.X509(PEM = signed[0]) s.bsc_crl = rpki.x509.CRL(PEM_file = s.name + "-SELF.crl") rpki.log.info("BSC EE cert for %s SKI %s" % (s.name, s.bsc_ee.hSKI())) |