aboutsummaryrefslogtreecommitdiff
path: root/scripts/testdb.py
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/testdb.py')
-rw-r--r--scripts/testdb.py191
1 files changed, 106 insertions, 85 deletions
diff --git a/scripts/testdb.py b/scripts/testdb.py
index 01781d39..2b45b3b1 100644
--- a/scripts/testdb.py
+++ b/scripts/testdb.py
@@ -2,6 +2,40 @@
import rpki.resource_set, os, yaml
+debug = True
+
+def main():
+
+ y = [y for y in yaml.safe_load_all(open("testdb2.yaml"))]
+
+ db = allocation_db(y[0])
+ db.dump()
+
+ for delta in y[1:]:
+ print "Applying delta %s\n" % delta
+ db.apply_delta(delta)
+ db.dump()
+
+ # Steps we need to take here
+ #
+ # 1: Construct config files for rpkid.py and irdb.py instances
+ # 2: Initialize sql for rpki.py and irdb.py instances
+ # 3: Construct biz keys and certs for rpki.py and irdb.py instances
+
+ for a in db:
+ setup_biz_certs(a.name)
+
+ # 4: Populate IRDB(s)
+ # 5: Start RPKI and IRDB instances
+ # 6: Create objects in RPKI engines
+ # 7: Write YAML files for leaves
+ # 8: Start cycle:
+ # 8a: Run cron in all RPKI instances
+ # 8b: Run all YAML clients
+ # 8c: Read and apply next deltas from master YAML
+ #
+ # This is going to be ugly
+
class allocation_db(list):
def __init__(self, yaml):
@@ -9,20 +43,23 @@ class allocation_db(list):
assert self.root.is_root()
self.root.closure()
self.map = dict((a.name, a) for a in self)
- for i, a in zip(range(len(self)), self):
+ twigs = [a for a in self if a.is_twig()]
+ for i, a in zip(range(len(twigs)), twigs):
a.number = i
- def get(self, name, default = None):
- return self.map.get(name, default)
-
def apply_delta(self, delta):
for d in delta:
self.map[d["name"]].apply_delta(d)
self.root.closure()
+ def dump(self):
+ for a in self:
+ print a
+
class allocation(object):
parent = None
+ number = None
def __init__(self, yaml, db, parent = None):
db.append(self)
@@ -47,88 +84,72 @@ class allocation(object):
if k != "name":
getattr(self, "apply_" + k)(v)
- def apply_add_as(self, text):
- self.base.as = self.base.as.union(rpki.resource_set.resource_set_as(text))
-
- def apply_add_v4(self, text):
- self.base.v4 = self.base.v4.union(rpki.resource_set.resource_set_ipv4(text))
-
- def apply_add_v6(self, text):
- self.base.v6 = self.base.v6.union(rpki.resource_set.resource_set_ipv6(text))
-
- def apply_sub_as(self, text):
- self.base.as = self.base.as.difference(rpki.resource_set.resource_set_as(text))
-
- def apply_sub_v4(self, text):
- self.base.v4 = self.base.v4.difference(rpki.resource_set.resource_set_ipv4(text))
-
- def apply_sub_v6(self, text):
- self.base.v6 = self.base.v6.difference(rpki.resource_set.resource_set_ipv6(text))
-
- def dict(self):
- return { "name" : self.name,
- "as" : self.resources.as,
- "v4" : self.resources.v4,
- "v6" : self.resources.v6,
- "number" : str(self.number) }
-
- def is_leaf(self):
- return not self.kids
-
- def is_root(self):
- return self.parent is None
-
- def is_twig(self):
- return self.parent is not None and self.kids
-
- def write_conf(self):
- if self.is_twig():
- f = open(self.name + ".conf", "w")
- f.write(conf_fmt % self.dict())
- f.close()
+ def apply_add_as(self, text): self.base.as = self.base.as.union(rpki.resource_set.resource_set_as(text))
+ def apply_add_v4(self, text): self.base.v4 = self.base.v4.union(rpki.resource_set.resource_set_ipv4(text))
+ def apply_add_v6(self, text): self.base.v6 = self.base.v6.union(rpki.resource_set.resource_set_ipv6(text))
+ def apply_sub_as(self, text): self.base.as = self.base.as.difference(rpki.resource_set.resource_set_as(text))
+ def apply_sub_v4(self, text): self.base.v4 = self.base.v4.difference(rpki.resource_set.resource_set_ipv4(text))
+ def apply_sub_v6(self, text): self.base.v6 = self.base.v6.difference(rpki.resource_set.resource_set_ipv6(text))
+
+ def __str__(self):
+ s = self.name + "\n"
+ if self.number is not None: s += " #: %s\n" % self.number
+ if self.resources.as: s += " ASN: %s\n" % self.resources.as
+ if self.resources.v4: s += " IPv4: %s\n" % self.resources.v4
+ if self.resources.v6: s += " IPv6: %s\n" % self.resources.v6
+ if self.kids: s += " Kids: %s\n" % ", ".join(k.name for k in self.kids)
+ if self.parent: s += " Up: %s\n" % self.parent.name
+ return s
+
+ def is_leaf(self): return not self.kids
+ def is_root(self): return self.parent is None
+ def is_twig(self): return self.parent is not None and self.kids
+
+biz_cert_fmt_1 = '''\
+[ req ]
+distinguished_name = req_dn
+x509_extensions = req_x509_ext
+prompt = no
+default_md = sha256
+
+[ req_dn ]
+CN = Test Certificate %s
+
+[ req_x509_ext ]
+basicConstraints = CA:%s
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+'''
- def write_yaml(self):
- if self.is_leaf():
- f = open(self.name + ".yaml", "w")
- f.write(yaml_fmt % self.dict())
- f.close()
+biz_cert_fmt_2 = '''\
+openssl req -new -newkey rsa:2048 -nodes -keyout %s.key -out %s.req -config %s.cnf &&
+'''
-dump_fmt = '''\
- #: %(number)s
-Name: %(name)s
- ASN: %(as)s
-IPv4: %(v4)s
-IPv6: %(v6)s
+biz_cert_fmt_3 = '''\
+openssl x509 -req -in %s-TA.req -out %s-TA.cer -extfile %s-TA.cnf -extensions req_x509_ext -signkey %s-TA.key -days 60 &&
+openssl x509 -req -in %s-CA.req -out %s-CA.cer -extfile %s-CA.cnf -extensions req_x509_ext -CA %s-TA.cer -CAkey %s-TA.key -CAcreateserial &&
+openssl x509 -req -in %s-EE.req -out %s-EE.cer -extfile %s-EE.cnf -extensions req_x509_ext -CA %s-CA.cer -CAkey %s-CA.key -CAcreateserial
'''
-def dump():
- for a in db:
- print dump_fmt % a.dict()
-
-y = [y for y in yaml.safe_load_all(open("testdb2.yaml"))]
-
-print "Loading", str(y[0]), "\n"
-
-db = allocation_db(y[0])
-dump()
-
-for delta in y[1:]:
- print "Applying delta", str(delta), "\n"
- db.apply_delta(delta)
- dump()
-
-# Steps we need to take here
-#
-# 1: Construct config files for RPKId and IRDB instances
-# 2: Initialize sql for RPKI and IRDB instances
-# 3: Construct biz keys and certs for RPKI and IRDB instances
-# 4: Populate IRDB(s)
-# 5: Start RPKI and IRDB instances
-# 6: Create objects in RPKI engines
-# 7: Write YAML files for leaves
-# 8: Start cycle:
-# 8a: Run cron in all RPKI instances
-# 8b: Run all YAML clients
-# 8c: Read and apply next deltas from master YAML
-#
-# This is going to be ugly
+def setup_biz_certs(name):
+ s = ""
+ for kind in ("EE", "CA", "TA"):
+ n = "%s-%s" % (name, kind)
+ c = biz_cert_fmt_1 % (n, "true" if kind in ("CA", "TA") else "false")
+ if debug:
+ print "Would write config file " + n + " containing:\n\n" + c
+ else:
+ f = open("%s.cnf" % n, "w")
+ f.write(c)
+ f.close()
+ if not os.path.exists(n + ".key") or not os.path.exists(n + ".req"):
+ s += biz_cert_fmt_2 % ((n,) * 3)
+ s += biz_cert_fmt_3 % ((name,) * 14)
+ if debug:
+ print "Would execute:\n\n" + s
+ else:
+ r = os.system(s)
+ if r != 0:
+ raise RunTimeError, "Command failed (status %x):\n%s" % (r, s)
+
+main()
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-16 01:10:53 +0000