aboutsummaryrefslogtreecommitdiff
path: root/scripts/rpki
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/rpki')
-rw-r--r--scripts/rpki/x509.py18
1 files changed, 12 insertions, 6 deletions
diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 47a47b51..478fc6c5 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -15,6 +15,16 @@ some of the nasty details. This involves a lot of format conversion.
import POW, tlslite.api, POW.pkix, base64, time
import rpki.exceptions, rpki.resource_set, rpki.manifest, rpki.cms, rpki.oids, rpki.sundial
+def calculate_SKI(public_key_der):
+ """Calculate the SKI value given the DER representation of a public
+ key, which requires first peeling the ASN.1 wrapper off the key.
+ """
+ k = POW.pkix.SubjectPublicKeyInfo()
+ k.fromString(public_key_der)
+ d = POW.Digest(POW.SHA1_DIGEST)
+ d.update(k.subjectPublicKey.get())
+ return d.digest()
+
class PEM_converter(object):
"""Convert between DER and PEM encodings for various kinds of ASN.1 data."""
@@ -517,9 +527,7 @@ class RSA(DER_object):
def get_SKI(self):
"""Calculate the SKI of this keypair."""
- d = POW.Digest(POW.SHA1_DIGEST)
- d.update(self.get_public_DER())
- return d.digest()
+ return calculate_SKI(self.get_public_DER())
def get_RSApublic(self):
"""Convert the public key of this keypair into a RSApublic object."""
@@ -550,9 +558,7 @@ class RSApublic(DER_object):
def get_SKI(self):
"""Calculate the SKI of this public key."""
- d = POW.Digest(POW.SHA1_DIGEST)
- d.update(self.get_DER())
- return d.digest()
+ return calculate_SKI(self.get_DER())
class SignedManifest(DER_object):
"""Class to hold a signed manifest.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-12 08:23:37 +0000
.ch { color: #888 } /* Comment.Hashbang */ .highlight .cm { color: #888 } /* Comment.Multiline */ .highlight .cp { color: #C00; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888 } /* Comment.Single */ .highlight .cs { color: #C00; font-weight: bold; background-color: #FFF0F0 } /* Comment.Special */ .highlight .gd { color: #000; background-color: #FDD } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */ .highlight .gr { color: #A00 } /* Generic.Error */ .highlight .gh { color: #333 } /* Generic.Heading */ .highlight .gi { color: #000; background-color: #DFD } /* Generic.Inserted */ .highlight .go { color: #888 } /* Generic.Output */ .highlight .gp { color: #555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666 } /* Generic.Subheading */ .highlight .gt { color: #A00 } /* Generic.Traceback */ .highlight .kc { color: #080; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #080; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #080; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #080 } /* Keyword.Pseudo */ .highlight .kr { color: #080; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #00D; font-weight: bold } /* Literal.Number */ .highlight .s { color: #D20; background-color: #FFF0F0 } /* Literal.String */ .highlight .na { color: #369 } /* Name.Attribute */ .highlight .nb { color: #038 } /* Name.Builtin */ .highlight .nc { color: #B06; font-weight: bold } /* Name.Class */ .highlight .no { color: #036; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555 } /* Name.Decorator */ .highlight .ne { color: #B06; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #06B; font-weight: bold } /* Name.Function */ .highlight .nl { color: #369; font-style: italic } /* Name.Label */ .highlight .nn { color: #B06; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #369; font-weight: bold } /* Name.Property */ .highlight .nt { color: #B06; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #369 } /* Name.Variable */ .highlight .ow { color: #080 } /* Operator.Word */ .highlight .w { color: #BBB } /* Text.Whitespace */ .highlight .mb { color: #00D; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #00D; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #00D; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #00D; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #00D; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #D20; background-color: #FFF0F0 } /* Literal.String.Affix */ .highlight .sb { color: #D20; background-color: #FFF0F0 } /* Literal.String.Backtick */ .highlight .sc { color: #D20; background-color: #FFF0F0 } /* Literal.String.Char */ .highlight .dl { color: #D20; background-color: #FFF0F0 } /* Literal.String.Delimiter */ .highlight .sd { color: #D20; background-color: #FFF0F0 } /* Literal.String.Doc */ .highlight .s2 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Double */ .highlight .se { color: #04D; background-color: #FFF0F0 } /* Literal.String.Escape */ .highlight .sh { color: #D20; background-color: #FFF0F0 } /* Literal.String.Heredoc */ .highlight .si { color: #33B; background-color: #FFF0F0 } /* Literal.String.Interpol */ .highlight .sx { color: #2B2; background-color: #F0FFF0 } /* Literal.String.Other */ .highlight .sr { color: #080; background-color: #FFF0FF } /* Literal.String.Regex */ .highlight .s1 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Single */ .highlight .ss { color: #A60; background-color: #FFF0F0 } /* Literal.String.Symbol */ .highlight .bp { color: #038 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #06B; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #369 } /* Name.Variable.Class */ .highlight .vg { color: #D70 } /* Name.Variable.Global */ .highlight .vi { color: #33B } /* Name.Variable.Instance */ .highlight .vm { color: #369 } /* Name.Variable.Magic */ .highlight .il { color: #00D; font-weight: bold } /* Literal.Number.Integer.Long */
"""
Automated setup of all the pesky SQL stuff we need.  Prompts for MySQL
root password, pulls other information from rpki.conf.

$Id$

Copyright (C) 2009--2013  Internet Systems Consortium ("ISC")

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
"""

import getopt
import sys
import getpass
import rpki.config
import rpki.sql_schemas

from rpki.mysql_import import MySQLdb

def read_schema(name):
  """
  Convert an SQL file into a list of SQL statements.
  """

  lines = []
  for line in getattr(rpki.sql_schemas, name, "").splitlines():
    line = " ".join(line.split())
    if line and not line.startswith("--"):
      lines.append(line)

  return [statement.strip() for statement in " ".join(lines).rstrip(";").split(";") if statement.strip()]

def sql_setup(name):
  """
  Create a new SQL database and construct all its tables.
  """

  database = cfg.get("sql-database", section = name)
  username = cfg.get("sql-username", section = name)
  password = cfg.get("sql-password", section = name)
  schema = read_schema(name)

  if missing_only and database in databases:
    print "Database already present and --missing-only set, skipping \"%s\"" % database
    return

  print "Creating database", database
  cur = rootdb.cursor()
  try:
    cur.execute("DROP DATABASE IF EXISTS %s" %  database)
  except Exception:
    pass
  cur.execute("CREATE DATABASE %s" % database)
  cur.execute("GRANT ALL ON %s.* TO %s@localhost IDENTIFIED BY %%s" % (database, username), (password,))
  rootdb.commit()

  db = MySQLdb.connect(db = database, user = username, passwd = password)
  cur = db.cursor()
  for statement in schema:
    if statement.upper().startswith("DROP TABLE"):
      continue
    if verbose:
      print "+", statement
    cur.execute(statement)
  db.commit()
  db.close()

cfg_file = None

verbose = False
mysql_defaults = None
missing_only = False

opts, argv = getopt.getopt(sys.argv[1:], "c:hv?", ["config=", "help", "missing_only", "mysql_defaults=", "verbose"])
for o, a in opts:
  if o in ("-h", "--help", "-?"):
    print __doc__
    sys.exit(0)
  if o in ("-v", "--verbose"):
    verbose = True
  if o in ("-c", "--config"):
    cfg_file = a
  if o == "--missing_only":
    missing_only = not missing_only
  if o == "--mysql_defaults":
    mysql_defaults = a

cfg = rpki.config.parser(cfg_file, "myrpki")

if mysql_defaults is None:
  rootdb = MySQLdb.connect(db = "mysql", user = "root", passwd = getpass.getpass("Please enter your MySQL root password: "))
else:
  mysql_cfg = rpki.config.parser(mysql_defaults, "client")
  rootdb = MySQLdb.connect(db = "mysql", user = mysql_cfg.get("user"), passwd = mysql_cfg.get("password"))

cur = rootdb.cursor()
cur.execute("SHOW DATABASES")
databases = set(d[0] for d in cur.fetchall())
del cur

if cfg.getboolean("start_irdbd", False):
  sql_setup("irdbd")

if cfg.getboolean("start_rpkid", False):
  sql_setup("rpkid")

if cfg.getboolean("start_pubd",  False):
  sql_setup("pubd")

rootdb.close()