diff options
Diffstat (limited to 'scripts/rpki')
| -rw-r--r-- | scripts/rpki/left_right.py | 50 | ||||
| -rw-r--r-- | scripts/rpki/pkcs10.py | 35 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 14 |
3 files changed, 82 insertions, 17 deletions
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py index 05e067c1..985c61b8 100644 --- a/scripts/rpki/left_right.py +++ b/scripts/rpki/left_right.py @@ -77,32 +77,32 @@ class data_elt(base_elt, rpki.sql.sql_persistant): r_pdu.type = "reply" return r_pdu - def serve_pre_save_hook(self, pdu): + def serve_pre_save_hook(self, q_pdu, r_pdu): pass - def serve_post_save_hook(self, pdu): + def serve_post_save_hook(self, q_pdu, r_pdu): pass def serve_create(self, db, cur, r_msg): r_pdu = self.make_reply() - self.serve_pre_save_hook(self) + self.serve_pre_save_hook(self, r_pdu) self.sql_store(db, cur) setattr(r_pdu, self.sql_template.index, getattr(self, self.sql_template.index)) - self.serve_post_save_hook(self) + self.serve_post_save_hook(self, r_pdu) r_msg.append(r_pdu) def serve_set(self, db, cur, r_msg): db_pdu = self.sql_fetch(db, cur, getattr(self, self.sql_template.index)) if db_pdu is not None: + r_pdu = self.make_reply() for a in db_pdu.sql_template.columns[1:]: v = getattr(self, a) if v is not None: setattr(db_pdu, a, v) db_pdu.sql_dirty = True - db_pdu.serve_pre_save_hook(self) + db_pdu.serve_pre_save_hook(self, r_pdu) db_pdu.sql_store(db, cur) - db_pdu.serve_post_save_hook(self) - r_pdu = self.make_reply() + db_pdu.serve_post_save_hook(self, r_pdu) r_msg.append(r_pdu) else: r_msg.append(make_error_report(self)) @@ -187,11 +187,21 @@ class bsc_elt(data_elt): def sql_delete_hook(self, db, cur): cur.execute("DELETE FROM bsc_cert WHERE bsc_id = %s", self.bsc_id) - def serve_pre_save_hook(self, pdu): - if self is not pdu: - if pdu.clear_signing_certs: + def serve_pre_save_hook(self, q_pdu, r_pdu): + if self is not q_pdu: + if q_pdu.clear_signing_certs: self.signing_cert = [] - self.signing_cert.extend(pdu.signing_cert) + self.signing_cert.extend(q_pdu.signing_cert) + if self.generate_keypair: + # + # Hard wire 2048-bit RSA with SHA-256 in schema for now. + # Assume no HSM for now. + # + keypair = rpki.x509.RSA_Keypair() + keypair.generate(2048) + self.private_key_id = keypair.get_DER() + self.public_key = keypair.get_public_DER() + r_pdu.pkcs10_cert_request = rpki.pkcs10.make_request(keypair) def startElement(self, stack, name, attrs): """Handle <bsc/> element.""" @@ -232,6 +242,10 @@ class parent_elt(data_elt): peer_ta = None + def serve_post_save_hook(self, q_pdu, r_pdu): + if self.rekey or self.reissue or self.revoke: + raise NotImplementedError + def startElement(self, stack, name, attrs): """Handle <bsc/> element.""" if name != "peer_ta": @@ -281,6 +295,10 @@ class child_elt(data_elt): peer_ta = None + def serve_post_save_hook(self, q_pdu, r_pdu): + if self.reissue: + raise NotImplementedError + def startElement(self, stack, name, attrs): """Handle <child/> element.""" if name != "peer_ta": @@ -370,6 +388,10 @@ class route_origin_elt(data_elt): cur.execute("DELETE FROM route_origin_range WHERE route_origin_id = %s", self.route_origin_id) cur.execute("DELETE FROM roa WHERE route_origin_id = %s", self.route_origin_id) + def serve_post_save_hook(self, q_pdu, r_pdu): + if self.suppress_publication: + raise NotImplementedError + def startElement(self, stack, name, attrs): """Handle <route_origin/> element.""" assert name == "route_origin", "Unexpected name %s, stack %s" % (name, stack) @@ -421,12 +443,16 @@ class self_elt(data_elt): def sql_delete_hook(self, db, cur): cur.execute("DELETE FROM self_pref WHERE self_id = %s", self.self_id) - def serve_pre_save_hook(self, pdu): + def serve_pre_save_hook(self, q_pdu, r_pdu): if self is not pdu: if pdu.clear_extension_preferences: self.prefs = [] self.prefs.extend(pdu.prefs) + def serve_post_save_hook(self, q_pdu, r_pdu): + if self.rekey or self.reissue or self.revoke or self.run_now or self.publish_world_now: + raise NotImplementedError + def startElement(self, stack, name, attrs): """Handle <self/> element.""" if name == "extension_preference": diff --git a/scripts/rpki/pkcs10.py b/scripts/rpki/pkcs10.py new file mode 100644 index 00000000..4d6a024a --- /dev/null +++ b/scripts/rpki/pkcs10.py @@ -0,0 +1,35 @@ +# $Id$ + +import POW, rpki.x509, os, rpki.exceptions, binascii + +req_fmt = ''' +[ req ] +distinguished_name = req_dn +prompt = no + +[ req_dn ] +CN = %s +''' + +def make_request(keypair): + + digest = POW.Digest(POW.SHA1_DIGEST) + digest.update(keypair.get_POW().derWrite(POW.RSA_PUBLIC_KEY)) + commonName = "0x" + binascii.hexify(digest.digest()) + + try: + config_filename = "req.tmp.conf" + f = open(config_filename, "w") + f.write(req_fmt % commonName) + f.close() + + i,o = os.popen2(["openssl", "req", "-config", config_filename, "-new", "-key", "/dev/stdin", "-outform", "DER"]) + i.write(keypair.get_PEM()) + i.close() + pkcs10 = o.read() + o.close() + + finally: + os.unlink(config_filename) + + return pkcs10 diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 3e352baf..56ba8df1 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -286,10 +286,7 @@ class PKCS10_Request(DER_object): return self.POWpkix class RSA_Keypair(DER_object): - """Class to hold an RSA key pair. - - This may need to be split into public and private key classes. - """ + """Class to hold an RSA key pair.""" formats = ("DER", "POW", "tlslite") pem_converter = PEM_converter("RSA PRIVATE KEY") @@ -299,7 +296,7 @@ class RSA_Keypair(DER_object): if self.DER: return self.DER if self.POW: - self.DER = self.POW.derWrite() + self.DER = self.POW.derWrite(POW.RSA_PRIVATE_KEY) return self.get_DER() raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" @@ -314,3 +311,10 @@ class RSA_Keypair(DER_object): if not self.tlslite: self.tlslite = tlslite.api.parsePEMKey(self.get_PEM(), private=True) return self.tlslite + + def generate(self, keylength): + self.clear() + self.set(POW=POW.Assymetric(POW.RSA_CIPHER, keylength)) + + def get_public_DER(self): + return self.get_POW().derWrite(POW.RSA_PUBLIC_KEY) |