aboutsummaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rw-r--r--scripts/PLAN14
-rwxr-xr-xscripts/encode-test.pl (renamed from scripts/xml-parse-test.pl)0
-rwxr-xr-xscripts/encode-test.py161
-rwxr-xr-xscripts/xml-parse-test.py188
4 files changed, 349 insertions, 14 deletions
diff --git a/scripts/PLAN b/scripts/PLAN
index ad9a60e0..13f9de93 100644
--- a/scripts/PLAN
+++ b/scripts/PLAN
@@ -27,17 +27,3 @@ Rough plan for initial prototype RE.
3) Whack (2) into something that does this over minimal HTTP.
4) [to be continued...]
-
-
-
-More fun with RelaxNG:
-
-The current schema is not very tight. See RelaxNG reference for how
-to tighten it up if we think that'd be useful. RelaxNG supports
-regexps, among other things:
-
- xsd:decimal {pattern = "1|1\.5"}
-
-RelaxNG (and XML Schema) regular expressions ("patterns") are
-implicitly anchored, you need to prefix (and suffix?) with ".*" if you
-want to match only part of the field.
diff --git a/scripts/xml-parse-test.pl b/scripts/encode-test.pl
index ae82435e..ae82435e 100755
--- a/scripts/xml-parse-test.pl
+++ b/scripts/encode-test.pl
diff --git a/scripts/encode-test.py b/scripts/encode-test.py
new file mode 100755
index 00000000..08f78d82
--- /dev/null
+++ b/scripts/encode-test.py
@@ -0,0 +1,161 @@
+# $Id$
+
+import os
+
+def run(func, arg, *cmd):
+ i, o = func(cmd)
+ i.write(arg)
+ i.close()
+ value = o.read()
+ o.close()
+ return value
+
+def encode(xml, cer, key):
+ return run(os.popen2, xml, "openssl", "smime", "-sign", "-nodetach", "-outform", "PEM", "-signer", cer, "-inkey", key)
+
+def decode(cms, dir):
+ return run(os.popen2, cms, "openssl", "smime", "-verify", "-inform", "PEM", "-CApath", dir)
+
+def relaxng(xml, rng):
+ return run(os.popen4, xml, "xmllint", "--noout", "--relaxng", rng, "-")
+
+def main():
+ dir = "biz-certs"
+ cer = "biz-certs/Alice-EE.cer"
+ key = "biz-certs/Alice-EE.key"
+ rng = "up-down-medium-schema.rng"
+
+ for x in xml:
+ print x
+ e = encode(x, cer, key)
+ print e
+ d = decode(e, dir)
+ print d
+ v = relaxng(d, rng)
+ print v
+ print "=====\n"
+
+# Ugly inline stuff here for initial testing
+
+xml = [
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="error_response">
+ <status>2001</status>
+ <last_msg_processed>17</last_msg_processed>
+ <description xml:lang="en-US">[Readable text]</description>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42" type="issue">
+ <request class_name="class name"
+ req_resource_set_as=""
+ req_resource_set_ipv4="10.0.0.44/32"
+ req_resource_set_ipv6="dead:beef::/32">
+ deadbeef
+ </request>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="1"
+ type="issue_response">
+ <class class_name="class name"
+ cert_url="url"
+ cert_ski="g(ski)"
+ resource_set_as="22,42,44444-5555555"
+ resource_set_ipv4="10.0.0.44-10.3.0.44,10.6.0.2/32"
+ resource_set_ipv6="dead:beef::/128">
+ <certificate cert_url="url"
+ cert_ski="g(ski)"
+ cert_aki="g(aki)"
+ cert_serial="1"
+ resource_set_as="14-17"
+ resource_set_ipv4="128.224.1.136/22"
+ resource_set_ipv6="0:0::/22"
+ req_resource_set_as=""
+ req_resource_set_ipv4="10.0.0.77/16,127.0.0.1/8"
+ req_resource_set_ipv6="dead:beef::/16"
+ status="match">
+ deadbeef
+ </certificate>
+ <issuer>deadbeef</issuer>
+ </class>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="list"/>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="list_response">
+ <class class_name="class name"
+ cert_url="url"
+ cert_ski="g(ski)"
+ resource_set_as="1,2,4,6,16-32"
+ resource_set_ipv4="128.224.1.1-128.22.4.32"
+ resource_set_ipv6=""
+ suggested_sia_head="rsync://wombat.example/fnord/">
+ <certificate cert_url="url"
+ cert_ski="g(ski)"
+ cert_aki="g(aki)"
+ cert_serial="1"
+ resource_set_as=""
+ resource_set_ipv4=""
+ resource_set_ipv6=""
+ req_resource_set_as=""
+ req_resource_set_ipv4=""
+ req_resource_set_ipv6=""
+ status="match">
+ deadbeef
+ </certificate>
+ <!-- Repeated for each current certificate naming the client as subject -->
+ <issuer>deadbeef</issuer>
+ </class>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="revoke">
+ <key class_name="class name"
+ ski="g(ski)"/>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="revoke_response">
+ <key class_name="class name"
+ ski="g(ski)"/>
+</message>
+'''
+]
+
+main()
diff --git a/scripts/xml-parse-test.py b/scripts/xml-parse-test.py
new file mode 100755
index 00000000..2c2a82b9
--- /dev/null
+++ b/scripts/xml-parse-test.py
@@ -0,0 +1,188 @@
+# $Id$
+
+import os
+
+def run(func, arg, *cmd):
+ i, o = func(cmd)
+ i.write(arg)
+ i.close()
+ value = o.read()
+ o.close()
+ return value
+
+def relaxng(xml, rng):
+ return run(os.popen4, xml, "xmllint", "--noout", "--relaxng", rng, "-")
+
+class rpki_updown_msg(object):
+ def toXml(self):
+ return ('''<?xml version="1.0" encoding="UTF-8"?>
+ <message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="%s"
+ recipient="%s"
+ msg_ref="%d"
+ type="%s">\n''' % (self.sender, self.recipient, self.msg_ref, self.type)
+ ) + self.innerToXml() + '</message>\n'
+
+class rpki_updown_err(rpki_updown_msg):
+ def innerToXml(self):
+ return '<status>%d</status>\n' % self.status
+
+class rpki_updown_list(rpki_updown_msg):
+ def innerToXml(self):
+ return ""
+
+class rpki_updown_list_response(rpki_updown_msg):
+ def innerToXml(self):
+ pass
+
+class rpki_updown_issue(rpki_updown_msg):
+ def __init__(self):
+ self.req_as = None
+ self_req_ipv4 = None
+ self.req_ipv6 = None
+ def innerToXml(self):
+ xml = ' <request class_name="%s"' % self.class_name
+ if self.req_as != None:
+ xml += '\n req_resource_set_as="%s"' % self.req_as.toXml()
+ if self.req_ipv4 != None:
+ xml += '\n req_resource_set_ipv4="%s"' % self.req_ipv4.toXml()
+ if self.req_ipv6 != None:
+ xml += '\n req_resource_set_ipv6="%s"' % self.req_ipv6.toXml()
+ return xml + self.pkcs10.toXml() + ' </request>\n'
+
+class rpki_issue_response(rpki_updown_msg):
+ pass
+
+
+
+def main():
+ for x in xml:
+ print x
+ print relaxng(x, "up-down-medium-schema.rng")
+ print "=====\n"
+
+# Ugly inline stuff here for initial testing
+
+xml = [
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="error_response">
+ <status>2001</status>
+ <last_msg_processed>17</last_msg_processed>
+ <description xml:lang="en-US">[Readable text]</description>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42" type="issue">
+ <request class_name="class name"
+ req_resource_set_as=""
+ req_resource_set_ipv4="10.0.0.44/32"
+ req_resource_set_ipv6="dead:beef::/32">
+ deadbeef
+ </request>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="1"
+ type="issue_response">
+ <class class_name="class name"
+ cert_url="url"
+ cert_ski="g(ski)"
+ resource_set_as="22,42,44444-5555555"
+ resource_set_ipv4="10.0.0.44-10.3.0.44,10.6.0.2/32"
+ resource_set_ipv6="dead:beef::/128">
+ <certificate cert_url="url"
+ cert_ski="g(ski)"
+ cert_aki="g(aki)"
+ cert_serial="1"
+ resource_set_as="14-17"
+ resource_set_ipv4="128.224.1.136/22"
+ resource_set_ipv6="0:0::/22"
+ req_resource_set_as=""
+ req_resource_set_ipv4="10.0.0.77/16,127.0.0.1/8"
+ req_resource_set_ipv6="dead:beef::/16"
+ status="match">
+ deadbeef
+ </certificate>
+ <issuer>deadbeef</issuer>
+ </class>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="list"/>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="list_response">
+ <class class_name="class name"
+ cert_url="url"
+ cert_ski="g(ski)"
+ resource_set_as="1,2,4,6,16-32"
+ resource_set_ipv4="128.224.1.1-128.22.4.32"
+ resource_set_ipv6=""
+ suggested_sia_head="rsync://wombat.example/fnord/">
+ <certificate cert_url="url"
+ cert_ski="g(ski)"
+ cert_aki="g(aki)"
+ cert_serial="1"
+ resource_set_as=""
+ resource_set_ipv4=""
+ resource_set_ipv6=""
+ req_resource_set_as=""
+ req_resource_set_ipv4=""
+ req_resource_set_ipv6=""
+ status="match">
+ deadbeef
+ </certificate>
+ <!-- Repeated for each current certificate naming the client as subject -->
+ <issuer>deadbeef</issuer>
+ </class>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="revoke">
+ <key class_name="class name"
+ ski="g(ski)"/>
+</message>
+''',
+'''<?xml version="1.0" encoding="UTF-8"?>
+<message xmlns="http://www.apnic.net/specs/rescerts/up-down/"
+ version="1"
+ sender="sender name"
+ recipient="recipient name"
+ msg_ref="42"
+ type="revoke_response">
+ <key class_name="class name"
+ ski="g(ski)"/>
+</message>
+'''
+]
+
+main()
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 12:01:59 +0000