diff options
Diffstat (limited to 'scripts')
61 files changed, 557 insertions, 3116 deletions
diff --git a/scripts/Old/apnic-poke-1.sh b/scripts/Old/apnic-poke-1.sh deleted file mode 100644 index bca4a8f6..00000000 --- a/scripts/Old/apnic-poke-1.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Script to let APNIC test against my server. -# -# This blows away rpkid's database and rebuilds it with what we need -# for this test, and knows far too much about the id numbers that -# rpkid and mysql will assign. In the long run we must do better than -# this, but gotta start somewhere. - -openssl=../openssl/openssl/apps/openssl - -# Halt on first error and show what's happening - -set -ex - -# Generate new key and cert for rootd.py if needed - -if test ! -r rootd.cer -o ! -r rootd.key -then - $openssl req -new -newkey rsa:2048 -nodes -keyout rootd.key -out rootd.req -config rootd.cnf - - $openssl x509 -req -in rootd.req -out rootd.cer -extfile rootd.cnf -extensions req_x509_ext \ - -signkey rootd.key -text -sha256 - - rm -f rootd.req -fi - -# Blow away old rpkid database (!) so we can start clean - -mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <rpki-db-schema.sql - -# Clear out any old publication results - -rm -rf publication/* - -# Start rpkid so we can configure it, make sure we shut it down on exit -# If we're running under screen, just run it in a different screen instead. - -if test -n "$STY" -then - screen python rpkid.py -else - python rpkid.py >>rpkid.log 2>&1 & rpkid=$! - trap "kill $rpkid" 0 1 2 3 13 15 -fi - -# Create a self instance - -python irbe_cli.py self --action create --crl_interval 84600 - -# Create a business signing context, issue the necessary business cert, and set up the cert chain - -python irbe_cli.py --pem_out bsc.req bsc --action create --self_id 1 \ - --generate_keypair --signing_cert biz-certs/Bob-CA.cer - -$openssl x509 -req -in bsc.req -out bsc.cer -CA biz-certs/Bob-CA.cer \ - -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl - -python irbe_cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer - -rm -f bsc.req bsc.cer - -# Create a repository context - -python irbe_cli.py repository --self_id 1 --action create --bsc_id 1 - -# Create a parent context pointing at rootd.py - -python irbe_cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id 1 \ - --peer_contact_uri https://localhost:44333/ \ - --cms_ta biz-certs/Elena-Root.cer \ - --https_ta biz-certs/Elena-Root.cer \ - --sia_base rsync://wombat.invalid/ - -# Create a child context - -python irbe_cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer - -# Run the other daemons, arrange for everything to go away on shutdown, -# run initial cron job to set things up, then wait - -if test -n "$STY" -then - screen python rootd.py - screen python irdbd.py -else - python rootd.py >>rootd.log 2>&1 & rootd=$! - python irdbd.py >>irdbd.log 2>&1 & irdbd=$! - trap "kill $rpkid $irdbd $rootd" 0 1 2 3 13 15 -fi - -python cronjob.py - -if test -z "$STY" -then - tail +0f rpkid.log -fi diff --git a/scripts/Old/apnic-poke-1.yaml b/scripts/Old/apnic-poke-1.yaml deleted file mode 100644 index 24b80561..00000000 --- a/scripts/Old/apnic-poke-1.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# $Id$ - -version: 1 -posturl: https://adrilankha.hactrn.net:4433/up-down/1 -recipient-id: wombat -sender-id: "1" - -cms-cert-file: biz-certs/Frank-EE.cer -cms-key-file: biz-certs/Frank-EE.key -cms-ca-cert-file: biz-certs/Bob-Root.cer -cms-cert-chain-file: [ biz-certs/Frank-CA.cer ] - -ssl-cert-file: biz-certs/Frank-EE.cer -ssl-key-file: biz-certs/Frank-EE.key -ssl-ca-cert-file: biz-certs/Bob-Root.cer - -requests: - list: - type: list - issue: - type: issue - class: 1 - sia: [ "rsync://bandicoot.invalid/some/where/" ] - revoke: - type: revoke - class: 1 - ski: "CB5K6APY-4KcGAW9jaK_cVPXKX0" diff --git a/scripts/Old/apnic-poke-2.sh b/scripts/Old/apnic-poke-2.sh deleted file mode 100644 index 87018111..00000000 --- a/scripts/Old/apnic-poke-2.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -openssl=../openssl/openssl/apps/openssl - -# Halt on first error and show what's happening - -set -ex - -# Blow away old rpkid database (!) so we can start clean - -mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <rpki-db-schema.sql - -# Clear out any old publication results - -rm -rf publication/* - -# Start rpkid so we can configure it, make sure we shut it down on exit -# If we're running under screen, just run it in a different screen instead. - -if test -n "$STY" -then - screen python rpkid.py -else - python rpkid.py >>rpkid.log 2>&1 & rpkid=$! - trap "kill $rpkid" 0 1 2 3 13 15 -fi - -# Create a self instance - -python irbe_cli.py self --action create --crl_interval 84600 - -# Create a business signing context, issue the necessary business cert, and set up the cert chain - -python irbe_cli.py --pem_out bsc.req bsc --action create --self_id 1 \ - --generate_keypair --signing_cert biz-certs/Bob-CA.cer -$openssl x509 -req -in bsc.req -out bsc.cer \ - -CA biz-certs/Bob-CA.cer -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl -python irbe_cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer -rm -f bsc.req bsc.cer - -# List what's in the BSC, for today's debugging fun - -#python irbe_cli.py bsc --action list --self_id 1 - -# Create a repository context - -python irbe_cli.py repository --self_id 1 --action create --bsc_id 1 - -# Create a parent context pointing at APNIC -- this is where we plug in the values from their YAML - -cat >apnic.pem <<-'EOF' - -----BEGIN CERTIFICATE----- - MIIEFjCCAv6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBJMUcwRQYDVQQDEz5Eb2N1 - bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0gTm90IGZv - ciByZWFsIHVzZTAeFw0wNzEyMDEwNjMyNDdaFw0xNzExMjgwNjMyNDdaMEkxRzBF - BgNVBAMTPkRvY3VtZW50YXRpb24gUHJlZml4ZXMgQ01TIFBhcmVudCBUQSBzaWdu - ZXIgLSBOb3QgZm9yIHJlYWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEAtsRcgBpO7cTN+QGPnBaPtmfdsUZbctrfSBycS3QhwAItzZryqIHN9stP - A+0WEOC4+cfaY9xETqGwbq725p8FRwxUx9NBQS7jrL1ToNCJ+2qSH5ThK2hOQiCT - 3fv2FNJ/7gFFqofWt3mLyNEmnis95pRwzTtqH6ZaAaZk+AzwL77ww8AlwL/qfLtD - mjrsUfoELfkbS4ywFK0orjVKeGvzG8Dx7WiGvwmdhNNJ8/IAZmJC0NI8r9VIfcw3 - 2B7bnDGkKH3E0NNRIajPmLbaNfT0Dxw+BjIC3Ty48o3ghSScqviyThNFyj8cr9SB - Ww8ReAU6v9q4XWRnlZt8Lc9WIsF/MwIDAQABo4IBBzCCAQMwDAYDVR0TBAUwAwEB - /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPzZTgRZylsJph8KV9AU3klSgl8r - MHEGA1UdIwRqMGiAFPzZTgRZylsJph8KV9AU3klSgl8roU2kSzBJMUcwRQYDVQQD - Ez5Eb2N1bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0g - Tm90IGZvciByZWFsIHVzZYIBADBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vbWly - aW4uYXBuaWMubmV0L2RvY3VtZW50YXRpb24tcHJlZml4ZXMvY21zL3BhcmVudC9j - bXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCNz/BUN5bsAyMPi0X7oKZV/cAwmr2S - gQgIxaUHnQ6EJp4b2CUmlpPQ9pT/m+gPbajaRgUZmANfMF0uAFZpCP3hTRAc6NMH - 3Pwjzw1ICGSRRJASSizYN4hSxGpWW1hgghGTB3w5CjCm2VlwrQKJjb7/9H/gb4hi - RRZpaudithCEDlgkFhgU4uttSDLH2Rv14GtfmtyqDpmCE33STA7K+e9rdxaCqHC8 - u33zqm4oQxOX7wuJ/JxeJxExtZ0amu8yTZ+tDtQ4Iiu1VPl67o0mjYrBKRV4z2fC - wa/PKqombrC/qs+2+t/66mB9xaK1YpKnW2FL6Rjs+rZUJJQ16JhJkF7T - -----END CERTIFICATE----- -EOF - -python irbe_cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id 1 \ - --peer_contact_uri https://mirin.apnic.net/cgi-bin/up-down-parent.cgi \ - --cms_ta apnic.pem \ - --https_ta apnic.pem \ - --sia_base rsync://wombat.invalid/ \ - --recipient_name PARENT \ - --sender_name CHILD - -rm -f apnic.pem - -# Create a child context - -python irbe_cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer - -# Run the other daemons, arrange for everything to go away on shutdown, -# run initial cron job to set things up, then wait - -if test -n "$STY" -then - screen python irdbd.py -else - python irdbd.py >>irdbd.log 2>&1 & irdbd=$! - trap "kill $rpkid $irdbd" 0 1 2 3 13 15 -fi - -python cronjob.py - -if test -z "$STY" -then - tail +0f rpkid.log -fi diff --git a/scripts/Old/apnic-poke-2.yaml b/scripts/Old/apnic-poke-2.yaml deleted file mode 100644 index 6ba93729..00000000 --- a/scripts/Old/apnic-poke-2.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# $Id$ -# -# This sender config file was created by the make_cfg tool -# Account: TELSTRA-AU - -version: 1 -recipient-id: PARENT -sender-id: CHILD - -cms-cert-file: biz-certs/Bob-EE.cer -cms-key-file: biz-certs/Bob-EE.key -cms-cert-chain-file: [ biz-certs/Bob-CA.cer ] - -cms-ca-cert: | - -----BEGIN CERTIFICATE----- - MIIEFjCCAv6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBJMUcwRQYDVQQDEz5Eb2N1 - bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0gTm90IGZv - ciByZWFsIHVzZTAeFw0wNzEyMDEwNjMyNDdaFw0xNzExMjgwNjMyNDdaMEkxRzBF - BgNVBAMTPkRvY3VtZW50YXRpb24gUHJlZml4ZXMgQ01TIFBhcmVudCBUQSBzaWdu - ZXIgLSBOb3QgZm9yIHJlYWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEAtsRcgBpO7cTN+QGPnBaPtmfdsUZbctrfSBycS3QhwAItzZryqIHN9stP - A+0WEOC4+cfaY9xETqGwbq725p8FRwxUx9NBQS7jrL1ToNCJ+2qSH5ThK2hOQiCT - 3fv2FNJ/7gFFqofWt3mLyNEmnis95pRwzTtqH6ZaAaZk+AzwL77ww8AlwL/qfLtD - mjrsUfoELfkbS4ywFK0orjVKeGvzG8Dx7WiGvwmdhNNJ8/IAZmJC0NI8r9VIfcw3 - 2B7bnDGkKH3E0NNRIajPmLbaNfT0Dxw+BjIC3Ty48o3ghSScqviyThNFyj8cr9SB - Ww8ReAU6v9q4XWRnlZt8Lc9WIsF/MwIDAQABo4IBBzCCAQMwDAYDVR0TBAUwAwEB - /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPzZTgRZylsJph8KV9AU3klSgl8r - MHEGA1UdIwRqMGiAFPzZTgRZylsJph8KV9AU3klSgl8roU2kSzBJMUcwRQYDVQQD - Ez5Eb2N1bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0g - Tm90IGZvciByZWFsIHVzZYIBADBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vbWly - aW4uYXBuaWMubmV0L2RvY3VtZW50YXRpb24tcHJlZml4ZXMvY21zL3BhcmVudC9j - bXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCNz/BUN5bsAyMPi0X7oKZV/cAwmr2S - gQgIxaUHnQ6EJp4b2CUmlpPQ9pT/m+gPbajaRgUZmANfMF0uAFZpCP3hTRAc6NMH - 3Pwjzw1ICGSRRJASSizYN4hSxGpWW1hgghGTB3w5CjCm2VlwrQKJjb7/9H/gb4hi - RRZpaudithCEDlgkFhgU4uttSDLH2Rv14GtfmtyqDpmCE33STA7K+e9rdxaCqHC8 - u33zqm4oQxOX7wuJ/JxeJxExtZ0amu8yTZ+tDtQ4Iiu1VPl67o0mjYrBKRV4z2fC - wa/PKqombrC/qs+2+t/66mB9xaK1YpKnW2FL6Rjs+rZUJJQ16JhJkF7T - -----END CERTIFICATE----- - -ssl-cert-file: biz-certs/Bob-EE.cer -ssl-key-file: biz-certs/Bob-EE.key - -ssl-ca-cert: | - -----BEGIN CERTIFICATE----- - MIIEFjCCAv6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBJMUcwRQYDVQQDEz5Eb2N1 - bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0gTm90IGZv - ciByZWFsIHVzZTAeFw0wNzEyMDEwNjMyNDdaFw0xNzExMjgwNjMyNDdaMEkxRzBF - BgNVBAMTPkRvY3VtZW50YXRpb24gUHJlZml4ZXMgQ01TIFBhcmVudCBUQSBzaWdu - ZXIgLSBOb3QgZm9yIHJlYWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEAtsRcgBpO7cTN+QGPnBaPtmfdsUZbctrfSBycS3QhwAItzZryqIHN9stP - A+0WEOC4+cfaY9xETqGwbq725p8FRwxUx9NBQS7jrL1ToNCJ+2qSH5ThK2hOQiCT - 3fv2FNJ/7gFFqofWt3mLyNEmnis95pRwzTtqH6ZaAaZk+AzwL77ww8AlwL/qfLtD - mjrsUfoELfkbS4ywFK0orjVKeGvzG8Dx7WiGvwmdhNNJ8/IAZmJC0NI8r9VIfcw3 - 2B7bnDGkKH3E0NNRIajPmLbaNfT0Dxw+BjIC3Ty48o3ghSScqviyThNFyj8cr9SB - Ww8ReAU6v9q4XWRnlZt8Lc9WIsF/MwIDAQABo4IBBzCCAQMwDAYDVR0TBAUwAwEB - /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPzZTgRZylsJph8KV9AU3klSgl8r - MHEGA1UdIwRqMGiAFPzZTgRZylsJph8KV9AU3klSgl8roU2kSzBJMUcwRQYDVQQD - Ez5Eb2N1bWVudGF0aW9uIFByZWZpeGVzIENNUyBQYXJlbnQgVEEgc2lnbmVyIC0g - Tm90IGZvciByZWFsIHVzZYIBADBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vbWly - aW4uYXBuaWMubmV0L2RvY3VtZW50YXRpb24tcHJlZml4ZXMvY21zL3BhcmVudC9j - bXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCNz/BUN5bsAyMPi0X7oKZV/cAwmr2S - gQgIxaUHnQ6EJp4b2CUmlpPQ9pT/m+gPbajaRgUZmANfMF0uAFZpCP3hTRAc6NMH - 3Pwjzw1ICGSRRJASSizYN4hSxGpWW1hgghGTB3w5CjCm2VlwrQKJjb7/9H/gb4hi - RRZpaudithCEDlgkFhgU4uttSDLH2Rv14GtfmtyqDpmCE33STA7K+e9rdxaCqHC8 - u33zqm4oQxOX7wuJ/JxeJxExtZ0amu8yTZ+tDtQ4Iiu1VPl67o0mjYrBKRV4z2fC - wa/PKqombrC/qs+2+t/66mB9xaK1YpKnW2FL6Rjs+rZUJJQ16JhJkF7T - -----END CERTIFICATE----- - -posturl: https://mirin.apnic.net/cgi-bin/up-down-parent.cgi - -requests: - list: - type: list diff --git a/scripts/Old/async-http.py b/scripts/Old/async-http.py deleted file mode 100644 index 5b5fc1cd..00000000 --- a/scripts/Old/async-http.py +++ /dev/null @@ -1,529 +0,0 @@ -""" -Testbed for figuring out how to write asynchronous HTTPS code. - -$Id$ - -Copyright (C) 2009 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -# Command that may be useful for testing server side of this: -# -# lynx -post_data -mime_header -source http://127.0.0.1:8000/ -# -# Testing the client side of this is more entertaining, both because -# we need to be liberal in what we accept and also because servers do -# wildly different things depending both on HTTP version number and -# options signaled by the client and also on internal details in the -# server context (such as whether the content is static or generated -# by CGI). It's useful to test against static content, but also to -# test against CGI-generated output, eg, the following trivial script: -# -# print "Content-Type: text/plain; charset=US-ASCII\r" -# print "\r" -# for i in xrange(100): -# print "%08d" % i, "." * 120, "\r" -# -# At least with Apache 2.0, result of running this differs -# significantly depending on whether client signals HTTP 1.0 or 1.1; -# the latter produces chunked output. - -import sys, os, time, socket, asyncore, asynchat, traceback, urlparse -import rpki.async, rpki.sundial - -debug = True - -want_persistent_client = True -want_persistent_server = True - -idle_timeout_default = rpki.sundial.timedelta(seconds = 60) -active_timeout_default = rpki.sundial.timedelta(seconds = 15) - -default_http_version = (1, 1) - -class http_message(object): - - software_name = "BalmyBandicoot HTTP test code" - - def __init__(self, version = None, body = None, headers = None): - self.version = version - self.body = body - self.headers = headers - self.normalize_headers() - - def normalize_headers(self, headers = None): - if headers is None: - headers = () if self.headers is None else self.headers.items() - translate_underscore = True - else: - translate_underscore = False - result = {} - for k,v in headers: - if translate_underscore: - k = k.replace("_", "-") - k = "-".join(s.capitalize() for s in k.split("-")) - v = v.strip() - if k in result: - result[k] += ", " + v - else: - result[k] = v - self.headers = result - - @classmethod - def parse_from_wire(cls, headers): - self = cls() - headers = headers.split("\r\n") - self.parse_first_line(*headers.pop(0).split(None, 2)) - for i in xrange(len(headers) - 2, -1, -1): - if headers[i + 1][0].isspace(): - headers[i] += headers[i + 1] - del headers[i + 1] - self.normalize_headers([h.split(":", 1) for h in headers]) - return self - - def format(self): - s = self.format_first_line() - if self.body is not None: - assert isinstance(self.body, str) - self.headers["Content-Length"] = len(self.body) - for kv in self.headers.iteritems(): - s += "%s: %s\r\n" % kv - s += "\r\n" - if self.body is not None: - s += self.body - return s - - def __str__(self): - return self.format() - - def parse_version(self, version): - if version[:5] != "HTTP/": - raise RuntimeError, "Couldn't parse version %s" % version - self.version = tuple(int(i) for i in version[5:].split(".")) - - def persistent(self): - c = self.headers.get("Connection") - if self.version == (1, 1): - return c is None or "close" not in c.lower() - elif self.version == (1, 0): - return c is not None and "keep-alive" in c.lower() - else: - return False - -class http_request(http_message): - - def __init__(self, cmd = None, path = None, version = default_http_version, body = None, callback = None, **headers): - if cmd is not None and cmd != "POST" and body is not None: - raise RuntimeError - http_message.__init__(self, version = version, body = body, headers = headers) - self.cmd = cmd - self.path = path - self.callback = callback - - def parse_first_line(self, cmd, path, version): - self.parse_version(version) - self.cmd = cmd - self.path = path - - def format_first_line(self): - self.headers.setdefault("User-Agent", self.software_name) - return "%s %s HTTP/%d.%d\r\n" % (self.cmd, self.path, self.version[0], self.version[1]) - -class http_response(http_message): - - def __init__(self, code = None, reason = None, version = default_http_version, body = None, **headers): - http_message.__init__(self, version = version, body = body, headers = headers) - self.code = code - self.reason = reason - - def parse_first_line(self, version, code, reason): - self.parse_version(version) - self.code = int(code) - self.reason = reason - - def format_first_line(self): - self.headers.setdefault("Date", time.strftime("%a, %d %b %Y %T GMT")) - self.headers.setdefault("Server", self.software_name) - return "HTTP/%d.%d %s %s\r\n" % (self.version[0], self.version[1], self.code, self.reason) - -def logger(self, msg): - if debug: - print "[%s %r: %s]" % (rpki.sundial.now().strftime("%T"), self, msg) - -class http_stream(asynchat.async_chat): - - log = logger - - idle_timeout = idle_timeout_default - active_timeout = active_timeout_default - - def __init__(self, conn = None): - asynchat.async_chat.__init__(self, conn = conn) - self.buffer = [] - self.timer = rpki.async.timer(self.handle_timeout) - self.restart() - - def restart(self, idle = True): - assert not self.buffer - self.chunk_handler = None - self.set_terminator("\r\n\r\n") - timeout = self.idle_timeout if idle else self.active_timeout - if timeout is not None: - self.timer.set(timeout) - else: - self.timer.cancel() - - def update_active_timeout(self): - if self.active_timeout is not None: - self.timer.set(self.active_timeout) - else: - self.timer.cancel() - - def collect_incoming_data(self, data): - """Buffer the data""" - self.buffer.append(data) - self.update_active_timeout() - - def get_buffer(self): - val = "".join(self.buffer) - self.buffer = [] - return val - - def found_terminator(self): - self.update_active_timeout() - if self.chunk_handler: - self.chunk_handler() - elif not isinstance(self.get_terminator(), str): - self.handle_body() - else: - self.log("Got headers") - self.msg = self.parse_type.parse_from_wire(self.get_buffer()) - if self.msg.version == (1, 1) and "chunked" in self.msg.headers.get("Transfer-Encoding", "").lower(): - self.msg.body = [] - self.chunk_handler = self.chunk_header - self.set_terminator("\r\n") - elif "Content-Length" in self.msg.headers: - self.set_terminator(int(self.msg.headers["Content-Length"])) - else: - self.handle_no_content_length() - - def chunk_header(self): - n = int(self.get_buffer().partition(";")[0], 16) - self.log("Chunk length %s" % n) - if n: - self.chunk_handler = self.chunk_body - self.set_terminator(n) - else: - self.msg.body = "".join(self.msg.body) - self.chunk_handler = self.chunk_discard_trailer - - def chunk_body(self): - self.log("Chunk body") - self.msg.body += self.buffer - self.buffer = [] - self.chunk_handler = self.chunk_discard_crlf - self.set_terminator("\r\n") - - def chunk_discard_crlf(self): - self.log("Chunk CRLF") - s = self.get_buffer() - assert s == "", "Expected chunk CRLF, got '%s'" % s - self.chunk_handler = self.chunk_header - - def chunk_discard_trailer(self): - self.log("Chunk trailer") - s = self.get_buffer() - assert s == "", "Expected end of chunk trailers, got '%s'" % s - self.chunk_handler = None - self.handle_message() - - def handle_body(self): - self.msg.body = self.get_buffer() - self.handle_message() - - def handle_error(self): - self.log("Error in HTTP stream handler") - print traceback.format_exc() - asyncore.close_all() - - def handle_timeout(self): - self.log("Timeout, closing") - self.close() - - def handle_close(self): - asynchat.async_chat.handle_close(self) - self.timer.cancel() - self.log("Closed") - -class http_server(http_stream): - - parse_type = http_request - - def __init__(self, conn, handlers): - self.handlers = handlers - http_stream.__init__(self, conn) - self.expect_close = not want_persistent_server - - def handle_no_content_length(self): - self.handle_message() - - def find_handler(self, path): - """Helper method to search self.handlers.""" - for s, h in self.handlers: - if path.startswith(s): - return h - return None - - def handle_message(self): - if not self.msg.persistent(): - self.expect_close = True - handler = self.find_handler(self.msg.path) - error = None - if False and self.msg.cmd != "POST": - error = 501, "No handler for method %s" % self.msg.cmd - elif False and self.headers["Content-Type"] != rpki_content_type: - error = 415, "No handler for Content-Type %s" % self.headers["Content-Type"] - elif handler is None: - error = 404, "No handler for URL %s" % self.msg.path - if error is None: - handler(self.msg, self.send_message) - else: - self.send_error(*error) - - def send_error(self, code, reason): - self.handle_message_message(http_response(code = code, reason = reason)) - - def send_message(self, msg): - msg.headers["Connection"] = "Close" if self.expect_close else "Keep-Alive" - self.push(msg.format()) - if self.expect_close: - self.log("Closing") - self.timer.cancel() - self.close_when_done() - else: - self.log("Listening for next message") - self.restart() - -class http_listener(asyncore.dispatcher): - - log = logger - - def __init__(self, handlers, port = 80, host = ""): - asyncore.dispatcher.__init__(self) - self.handlers = handlers - self.create_socket(socket.AF_INET, socket.SOCK_STREAM) - self.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - self.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) - self.bind((host, port)) - self.listen(5) - self.log("Listening on (host, port) %r, handlers %r" % ((host, port), handlers)) - - def handle_accept(self): - self.log("Accepting connection") - server = http_server(conn = self.accept()[0], handlers = self.handlers) - - def handle_error(self): - self.log("Error in HTTP listener") - print traceback.format_exc() - asyncore.close_all() - -class http_client(http_stream): - - parse_type = http_response - - def __init__(self, queue, hostport): - self.log("Creating new connection to %s" % repr(hostport)) - http_stream.__init__(self) - self.queue = queue - self.state = "idle" - self.expect_close = not want_persistent_client - self.create_socket(socket.AF_INET, socket.SOCK_STREAM) - self.connect(hostport) - - def handle_no_content_length(self): - self.set_terminator(None) - - def send_request(self, msg): - self.log("Sending request") - assert self.state == "idle" - if msg is not None: - self.state = "request-sent" - msg.headers["Connection"] = "Close" if self.expect_close else "Keep-Alive" - self.push(msg.format()) - self.restart(idle = False) - - def handle_message(self): - if not self.msg.persistent(): - self.expect_close = True - self.log("Message received, state %s" % self.state) - msg = None - if self.state == "request-sent": - msg = self.queue.done_with_request() - elif self.state == "idle": - self.log("Received unsolicited message") - elif self.state == "closing": - assert not self.msg.body - self.log("Ignoring empty response received while closing") - return - else: - raise RuntimeError, "[%r: Unexpected state]" % self - self.state = "idle" - if msg != None: - msg.callback(self.msg) - msg = self.queue.next_request(not self.expect_close) - if msg is not None: - self.log("Got a new message to send from my queue") - self.send_request(msg) - elif self.expect_close: - self.log("Closing") - self.state = "closing" - self.queue.closing(self) - self.close_when_done() - else: - self.log("Idling") - self.timer.set(self.idle_timeout) - - def handle_connect(self): - self.log("Connected") - self.send_request(self.queue.next_request(True)) - - def kickstart(self): - self.log("Kickstart") - assert self.state == "idle" - self.send_request(self.queue.next_request(True)) - - def handle_close(self): - http_stream.handle_close(self) - self.queue.closing(self) - if self.get_terminator() is None: - self.handle_body() - -class http_queue(object): - - log = logger - - def __init__(self, hostport): - self.log("Creating queue for %s" % repr(hostport)) - self.hostport = hostport - self.client = None - self.queue = [] - - def request(self, *requests): - self.log("Adding requests %r" % requests) - need_kick = self.client is not None and not self.queue - self.queue.extend(requests) - if self.client is None: - self.client = http_client(self, self.hostport) - elif need_kick: - self.client.kickstart() - - def done_with_request(self): - req = self.queue.pop(0) - self.log("Dequeuing request %r" % req) - return req - - def next_request(self, usable): - if not self.queue: - self.log("Queue is empty") - return None - self.log("Queue: %r" % self.queue) - if usable: - self.log("Queue not empty and connection usable") - return self.queue[0] - else: - self.log("Queue not empty but connection not usable, spawning") - self.client = http_client(self, self.hostport) - self.log("Spawned connection %r" % self.client) - return None - - def closing(self, client): - if client is self.client: - self.log("Removing client") - self.client = None - -class http_manager(dict): - - log = logger - - def query(self, url, callback, body = None): - u = urlparse.urlparse(url) - assert u.scheme == "http" and u.username is None and u.password is None and u.params == "" and u.query == "" and u.fragment == "" - request = http_request(cmd = "POST", path = u.path, body = body, callback = callback, - Host = u.hostname, Content_Type = "text/plain") - hostport = (u.hostname or "localhost", u.port or 80) - self.log("Created request %r for %r" % (request, hostport)) - if hostport not in self: - self[hostport] = http_queue(hostport) - self[hostport].request(request) - - def __repr__(self): - return "<%s object at %s>" % (self.__class__.__name__, id(self)) - -def client(msg, url, timeout = 300, callback = None): - pass - -def server(handlers, port, host =""): - if not isinstance(handlers, (tuple, list)): - handlers = (("/", handlers),) - listener = http_listener(port = 8000, handlers = handlers) - rpki.async.event_loop() - -if len(sys.argv) == 1: - - def handler(query_message, reply_callback): - reply_callback(http_response( - code = 200, - reason = "OK", - body = str(query_message), - Cache_Control = "no-cache,no-store", - Content_Type = "text/plain")) - - def other_handler(query_message, reply_callback): - reply_callback(http_response( - code = 200, - reason = "OK", - body = "Ok, you found it.\r\n\r\n" + str(query_message), - Cache_Control = "no-cache,no-store", - Content_Type = "text/plain")) - - server(port = 8000, handlers = (("/wombat", other_handler), ("/", handler))) - -else: - - def got_one(msg): - logger(None, "Got response") - if True: - print msg - print - - manager = http_manager() - - timer = rpki.async.timer() - - def loop(iterator, url): - logger(None, "Scheduler loop") - manager.query(url = url, callback = got_one, body = "Hi, I'm trying to talk to URL %s" % url) - timer.set(rpki.sundial.timedelta(seconds = 3)) - - def done(): - logger(None, "Scheduler done") - - timer.set_handler(rpki.async.iterator(sys.argv[1:], loop, done)) - - rpki.async.event_loop() - - for q in manager.values(): - assert not q.queue, "Requests still scheduled: %r %r %r" % (q, q.hostport, q.queue) - - assert not rpki.async.timer.queue, "Timers still scheduled: %r" % rpki.async.timer.queue diff --git a/scripts/Old/biz-certs-setup.sh b/scripts/Old/biz-certs-setup.sh deleted file mode 100644 index 64ebd7d8..00000000 --- a/scripts/Old/biz-certs-setup.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Quick hack to generate a set of business keys and certs for use with -# early prototype code. Not for production use. -# -# All we're trying to do here is generate a three-level-deep set of -# certs for each of several independent entities. Could easily be -# deeper in practice but this should be enough for simple tests: a -# self-signed root cert to use as a trust anchor, a working CA, and an -# EE cert used for CMS or TLS. -# -# Among other things missing here, we're not doing any restrictions -# beyond basicConstraints and we're not doing CRLs. -# -# One can extract the public key from a .key file by doing: -# -# $ openssl rsa -in foo.key -pubout -# -# I ended up needing this to build simulated packets for the -# left-right protocol. - -for i in Alice Bob Carol Dave Elena Frank Ginny Harry -do - for j in Root CA EE - do - - case $j in - EE) ca=false;; - *) ca=true;; - esac - - test -r $i-$j.cnf || cat >$i-$j.cnf <<-EOF - - [ req ] - distinguished_name = req_dn - x509_extensions = req_x509_ext - prompt = no - default_md = sha256 - - [ req_dn ] - CN = Test Certificate $i $j - - [ req_x509_ext ] - basicConstraints = CA:$ca - subjectKeyIdentifier = hash - authorityKeyIdentifier = keyid:always - - EOF - - test -r $i-$j.key || openssl genrsa -out $i-$j.key 2048 - test -r $i-$j.req || openssl req -new -sha256 -key $i-$j.key -out $i-$j.req -config $i-$j.cnf - - done - - test -r $i-Root.cer || openssl x509 -sha256 -req -in $i-Root.req -out $i-Root.cer -extfile $i-Root.cnf -extensions req_x509_ext -signkey $i-Root.key -days 60 - test -r $i-CA.cer || openssl x509 -sha256 -req -in $i-CA.req -out $i-CA.cer -extfile $i-CA.cnf -extensions req_x509_ext -CA $i-Root.cer -CAkey $i-Root.key -CAcreateserial - test -r $i-EE.cer || openssl x509 -sha256 -req -in $i-EE.req -out $i-EE.cer -extfile $i-EE.cnf -extensions req_x509_ext -CA $i-CA.cer -CAkey $i-CA.key -CAcreateserial - -done - -for i in *.cer -do - h=`openssl x509 -noout -hash -in $i`.0 - test -r $h || - ln -s $i $h -done diff --git a/scripts/Old/blow-away-databases.sh b/scripts/Old/blow-away-databases.sh deleted file mode 100644 index 44df7861..00000000 --- a/scripts/Old/blow-away-databases.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# GRANT ALL ON rpki.* TO rpki@localhost IDENTIFIED BY '<secret>'; -# GRANT ALL ON irdb.* TO irdb@localhost IDENTIFIED BY '<secret>'; - -echo "This script destroys and rebuilds our databases." -echo "Don't type the password unless you're sure you want to do this." - -(echo 'DROP DATABASE rpki; CREATE DATABASE rpki; USE rpki;' - cat ../docs/rpki-db-schema.sql - echo 'DROP DATABASE irdb; CREATE DATABASE irdb; USE irdb;' - cat ../docs/sample-irdb.sql -) | -mysql -u root -p diff --git a/scripts/Old/check-hashes.sh b/scripts/Old/check-hashes.sh deleted file mode 100644 index 8edcced9..00000000 --- a/scripts/Old/check-hashes.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -: ${openssl=/u/sra/isc/route-pki/subvert-rpki.hactrn.net/openssl/openssl/apps/openssl} -: ${switches='-verbose -crl_check_all -policy_check -explicit_policy -policy 1.3.6.1.5.5.7.14.2 -x509_strict'} -: ${hashtree=hashed} - -find $hashtree -type f -name '*.[0-9]*' 2>&1 -print -exec \ - $openssl verify $switches -CApath $(find $hashtree -type d | tr \\012 : | sed 's=:$==') {} \; - -# Hack for analyzing results of running this script: -# -# awk -F: '/^hashed/ && NF == 1 {f = $0; p = 1; next} /^hashed/ && NF == 2 && $1 == f && $2 == " OK" {next} p {print "\n" f; p = 0} {print}' check-hashes.log diff --git a/scripts/Old/cronjob.py b/scripts/Old/cronjob.py deleted file mode 100644 index eee2b945..00000000 --- a/scripts/Old/cronjob.py +++ /dev/null @@ -1,72 +0,0 @@ -""" -Tool to trigger "cron" runs in rpkid. - -Usage: python cronjob.py [ { -c | --config } configfile ] - [ { -d | --debug } ] - [ { -h | --help } ] - -Default configuration file is cronjob.conf, override with --config option. - -$Id$ - -Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import getopt, sys -import rpki.config, rpki.https, rpki.async - -cfg_file = "cronjob.conf" -debug = False - -opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"]) -for o, a in opts: - if o in ("-h", "--help", "-?"): - print __doc__ - sys.exit(0) - elif o in ("-c", "--config"): - cfg_file = a - elif o in ("-d", "--debug"): - debug = True -if argv: - print __doc__ - raise RuntimeError, "Unexpected arguments %s" % argv - -cfg = rpki.config.parser(cfg_file, "cronjob") - -if debug: - rpki.log.init("cronjob") - rpki.log.set_trace(True) - -irbe_key = rpki.x509.RSA( Auto_file = cfg.get("irbe-key")) -irbe_cert = rpki.x509.X509(Auto_file = cfg.get("irbe-cert")) -bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) -rpkid_cert = rpki.x509.X509(Auto_file = cfg.get("rpkid-cert")) - -def cb(*whatever): - print repr(whatever) - -def eb(e): - print repr(e) - raise e - -rpki.https.client(client_key = irbe_key, - client_cert = irbe_cert, - server_ta = (bpki_ta, rpkid_cert), - url = cfg.get("https-url"), - msg = "Please run cron now.", - callback = cb, - errback = eb) - -rpki.async.event_loop() diff --git a/scripts/Old/extract-cert-from-rpki.sh b/scripts/Old/extract-cert-from-rpki.sh deleted file mode 100644 index 3d28bfdb..00000000 --- a/scripts/Old/extract-cert-from-rpki.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -: ${instance=R0} - -python ../rpkid.py -c $instance.conf & -rpkid=$! - -python ../irbe-cli.py -c $instance.conf bsc --self_id 1 --action list | -qh 2>/dev/null | -awk ' - /\(signing_cert/ {p = 1} - /\)signing_cert/ {p = 0} - p && /^-/ { - sub(/-/,""); - cmd = "mimencode -u | openssl x509 -text -inform DER -out " NR ".pem"; - print | cmd; - } -' - -kill $rpkid diff --git a/scripts/Old/gki.pl b/scripts/Old/gki.pl deleted file mode 100644 index e91c4abe..00000000 --- a/scripts/Old/gki.pl +++ /dev/null @@ -1,46 +0,0 @@ -: -# $Id$ -eval 'exec perl -w -S $0 ${1+"$@"}' - if 0; - -use MIME::Base64; - -sub g { - my $x = shift; - $x =~ s{:}{}g; - $x = pack("H*", $x); - $x = encode_base64($x, ""); - $x =~ y{+/}{-_}; - $x =~ s{=+$}{}; - return $x; -} - -while (@ARGV) { - my ($file, $aki, $ski, $a, $s) = shift(@ARGV); - if ($file =~ /\.cer$/) { - open(F, "-|", qw(openssl x509 -noout -inform DER -text -in), $file) - or die("Couldn't run openssl x509 on $file: $!\n"); - } elsif ($file =~ /\.crl$/) { - open(F, "-|", qw(openssl crl -noout -inform DER -text -in), $file) - or die("Couldn't run openssl x509 on $file: $!\n"); - } else { - next; - } - while (<F>) { - chomp; - s/^\s*//; - s/^keyid://; - $a = $. + 1 - if (/X509v3 Authority Key Identifier:/); - $s = $. + 1 - if (/X509v3 Subject Key Identifier:/); - $aki = $_ - if ($a && $. == $a); - $ski = $_ - if ($s && $. == $s); - } - close(F); - my $gaki = $aki ? g($aki) : "=" x 27; - my $gski = $ski ? g($ski) : "=" x 27; - print("$gaki $gski $file\n"); -} diff --git a/scripts/Old/http-client.py b/scripts/Old/http-client.py deleted file mode 100644 index 8acffd41..00000000 --- a/scripts/Old/http-client.py +++ /dev/null @@ -1,50 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -""" -Usage: python http-client [ { -c | --config } configfile ] - [ { -h | --help } ] - [ { -m | --msg } message ] - -Default configuration file is http-demo.conf, override with --config option. -""" - -import rpki.config, rpki.https, getopt, sys - -msg = "This is a test. This is only a test. Had this been real you would now be really confused.\n" - -cfg_file = "http-demo.conf" - -opts,argv = getopt.getopt(sys.argv[1:], "c:hm:?", ["config=", "help", "msg="]) -for o,a in opts: - if o in ("-h", "--help", "-?"): - print __doc__ - sys.exit(0) - elif o in ("-m", "--msg"): - msg = a - elif o in ("-c", "--config"): - cfg_file = a -if argv: - print __doc__ - raise RuntimeError, "Unexpected arguments %s" % argv - -cfg = rpki.config.parser(cfg_file, "client") - -print rpki.https.client(privateKey = rpki.x509.RSA(Auto_file = cfg.get("https-key")), - certChain = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")), - x509TrustList = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta")), - url = cfg.get("https-url"), - msg = msg) diff --git a/scripts/Old/http-demo.conf b/scripts/Old/http-demo.conf deleted file mode 100644 index 3fbd9a91..00000000 --- a/scripts/Old/http-demo.conf +++ /dev/null @@ -1,19 +0,0 @@ -[server] -https-key = biz-certs/Carol-EE.key -https-cert.0 = biz-certs/Carol-EE.cer -https-cert.1 = biz-certs/Carol-CA.cer -https-ta = biz-certs/Dave-Root.cer - -[client] -https-key = biz-certs/Dave-EE.key -https-cert.0 = biz-certs/Dave-EE.cer -https-cert.1 = biz-certs/Dave-CA.cer -https-ta.0 = biz-certs/Alice-Root.cer -https-ta.1 = biz-certs/Bob-Root.cer -https-ta.2 = biz-certs/Carol-Root.cer -https-ta.3 = biz-certs/Elena-Root.cer -https-ta.4 = biz-certs/Frank-Root.cer -https-ta.5 = biz-certs/Ginny-Root.cer -https-ta.6 = biz-certs/Harry-Root.cer - -https-url = https://localhost:4433/cronjob diff --git a/scripts/Old/http-server.py b/scripts/Old/http-server.py deleted file mode 100644 index 0a275cf7..00000000 --- a/scripts/Old/http-server.py +++ /dev/null @@ -1,29 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import rpki.https, tlslite.api, rpki.config - -cfg = rpki.config.parser("http-demo.conf", "server") - -privateKey = rpki.x509.RSA(PEM_file = cfg.get("https-key")) - -certChain = rpki.x509.X509_chain() -certChain.load_from_PEM(cfg.multiget("https-cert")) - -def handler(query, path): - return 200, "Path: %s\nQuery: %s" % (path, query) - -rpki.https.server(privateKey = privateKey, certChain = certChain, handlers = handler) diff --git a/scripts/Old/irbe-setup.py b/scripts/Old/irbe-setup.py deleted file mode 100644 index 11f3a7a0..00000000 --- a/scripts/Old/irbe-setup.py +++ /dev/null @@ -1,118 +0,0 @@ -""" -Set up the relationship between an IRBE and an RPKI engine given an -IRDB. Our main task here is to create child objects in the RPKI -engine for every registrant object in the IRDB. - -NB: This code is badly out of date, and has been kept only because -some of what it's doing might be useful in other tools that haven't -been written yet. Don't believe anything you see here. - - -$Id$ - -Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import os, MySQLdb -import rpki.left_right, rpki.relaxng, rpki.https -import rpki.x509, rpki.config, rpki.log - -rpki.log.init("irbe-setup") - -cfg = rpki.config.parser("irbe.conf", "irbe_cli") - -db = MySQLdb.connect(user = cfg.get("sql-username", section = "irdbd"), - db = cfg.get("sql-database", section = "irdbd"), - passwd = cfg.get("sql-password", section = "irdbd")) -cur = db.cursor() -db.autocommit(True) - -bpki_ta = rpki.x509.X509(Auto_file = cfg.get("bpki-ta")) -rpkid_cert = rpki.x509.X509(Auto_files = cfg.get("rpkid-cert")) -irbe_cert = rpki.x509.X509(Auto_files = cfg.get("irbe-cert")) -irbe_key = rpki.x509.RSA( Auto_file = cfg.get("irbe-key")) -https_url = cfg.get("https-url") - -def call_rpkid(pdu): - """ - Hand a PDU to rpkid and get back the response. Just throw an - exception if anything bad happens, no fancy error handling. - """ - - msg = rpki.left_right.msg.query((pdu,)) - cms = rpki.left_right.cms_msg.wrap(msg, irbe_key, irbe_cert) - der = rpki.https.client(client_key = irbe_key, - client_cert = irbe_cert, - server_ta = (bpki_ta, rpkid_cert), - url = https_url, - msg = cms) - msg = rpki.left_right.cms_msg.unwrap(der, (bpki_ta, rpkid_cert)) - pdu = msg[0] - assert len(msg) == 1 and msg.is_reply() and not isinstance(pdu, rpki.left_right.report_error_elt) - return pdu - -print "Create a self instance" -pdu = call_rpkid(rpki.left_right.self_elt.make_pdu(action = "create", crl_interval = 84600)) -self_id = pdu.self_id - -print "Create a business signing context" -pdu = rpki.left_right.bsc_elt.make_pdu(action = "create", self_id = self_id, generate_keypair = True) -pdu = call_rpkid(pdu) -bsc_id = pdu.bsc_id - -print "Issue the business cert" -i, o = os.popen2(("openssl", "x509", "-req", - "-CA", "biz-certs/Bob-CA.cer", - "-CAkey", "biz-certs/Bob-CA.key", - "-CAserial", "biz-certs/Bob-CA.srl")) -i.write(pdu.pkcs10_request.get_PEM()) -i.close() -cer = rpki.x509.X509(PEM = o.read()) -o.close() - -print "Set up the business cert chain" -pdu = rpki.left_right.bsc_elt.make_pdu(action = "set", self_id = self_id, bsc_id = bsc_id, signing_cert = cer) -call_rpkid(pdu) - -print "Create a repository context" -pdu = call_rpkid(rpki.left_right.repository_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id)) -repository_id = pdu.repository_id - -print "Create a parent context" -ta = rpki.x509.X509(Auto_file = "biz-certs/Elena-Root.cer") -pdu = call_rpkid(rpki.left_right.parent_elt.make_pdu( - action = "create", self_id = self_id, bsc_id = bsc_id, repository_id = repository_id, bpki_cms_cert = ta, - peer_contact_uri = "https://localhost:44333/", sia_base = "rsync://wombat.invalid/")) -parent_id = pdu.parent_id - -print "Create child contexts for everybody" -print "Using a single cert for all of these registrants is a crock" - -cer = rpki.x509.X509(Auto_file = "biz-certs/Frank-Root.cer") - -cur.execute("SELECT registrant_id, registrant_name FROM registrant") -registrants = cur.fetchall() - -for registrant_id, registrant_name in registrants: - print "Attempting to bind", registrant_id, registrant_name - pdu = call_rpkid(rpki.left_right.child_elt.make_pdu(action = "create", self_id = self_id, bsc_id = bsc_id, bpki_cms_cert = cer)) - print "Attempting to bind", registrant_id, registrant_name, pdu.child_id - cur.execute( - """ - UPDATE registrant - SET rpki_self_id = %d, rpki_child_id = %d - WHERE registrant_id = %d - """, - (self_id, pdu.child_id, registrant_id)) diff --git a/scripts/Old/irbe-setup.sh b/scripts/Old/irbe-setup.sh deleted file mode 100644 index 31342aaa..00000000 --- a/scripts/Old/irbe-setup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Run irbe-setup.py, under screen if possible. - -#make test - -if test -n "$STY" -then - screen python rpkid.py -else - python rpkid.py >>rpkid.log 2>&1 & rpkid=$! - trap "kill $rpkid" 0 1 2 3 13 15 -fi - -sleep 5 - -exec python irbe-setup.py diff --git a/scripts/Old/make-hashes.pl b/scripts/Old/make-hashes.pl deleted file mode 100644 index 4b58a9d0..00000000 --- a/scripts/Old/make-hashes.pl +++ /dev/null @@ -1,42 +0,0 @@ -# -*- Perl -*- -# $Id$ - -use strict; - -my $openssl = "/u/sra/isc/route-pki/subvert-rpki.hactrn.net/openssl/openssl/apps/openssl"; -my $dir = "hashed"; - -my @cmds; -my %hashes; - -exit unless (@ARGV); - -open(F, "-|", "find", @ARGV, qw{-type f ( -name *.cer -o -name *.crl )}) - or die("Couldn't run find: $!\n"); - -@ARGV = (); - -while (<F>) { - chomp; - my $f = $_; - my $type = /\.cer$/ ? "x509" : "crl"; - $_ = "$dir/$f"; - s=/[^/]+$==; - my $d = $_; - my $h = `$openssl $type -inform DER -in $f -noout -hash`; - chomp($h); - $h .= "."; - $h .= "r" if ($type eq "crl"); - $h .= 0 + $hashes{$d}{$h}++; - push(@cmds, "$openssl $type -inform DER -outform PEM -out $d/$h -in $f\n"); -} - -close(F); - -print("rm -rf $dir\n"); - -print("test -d $_ || mkdir -p $_\n") - foreach (sort(keys(%hashes))); - -print($_) - foreach (@cmds); diff --git a/scripts/Old/manifests.py b/scripts/Old/manifests.py deleted file mode 100644 index df8bc2d4..00000000 --- a/scripts/Old/manifests.py +++ /dev/null @@ -1,90 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import time, glob, os -import rpki.x509, rpki.manifest, rpki.sundial - -show_content_1 = False -show_signed_manifest_PEM = False -show_signed_manifest_asn1dump = True -show_content_2 = False -show_content_3 = False -dump_signed_manifest_DER = False -dump_manifest_content_DER = False -test_empty_manifest = False - -def dumpasn1(thing): - # Save to file rather than using popen4() because dumpasn1 uses - # seek() when decoding ASN.1 content nested in OCTET STRING values. - try: - fn = "dumpasn1.tmp" - f = open(fn, "w") - f.write(thing) - f.close() - f = os.popen("dumpasn1 2>&1 -a " + fn) - print "\n".join(x for x in f.read().splitlines() if x.startswith(" ")) - f.close() - finally: - os.unlink(fn) - -if test_empty_manifest: - names_and_objs = [] -else: - names_and_objs = [(fn, rpki.x509.X509(Auto_file = fn)) for fn in glob.glob("resource-cert-samples/*.cer")] - -now = rpki.sundial.datetime.utcnow() - -m = rpki.x509.SignedManifest() -m.build( - serial = 17, - thisUpdate = now, - nextUpdate = now + rpki.sundial.timedelta(days = 1), - names_and_objs = names_and_objs, - keypair = rpki.x509.RSA(Auto_file = "biz-certs/Alice-EE.key"), - certs = rpki.x509.X509_chain(Auto_files = ("biz-certs/Alice-EE.cer", "biz-certs/Alice-CA.cer"))) - -if show_content_1: - dumpasn1(m.get_content().toString()) - -if show_signed_manifest_PEM: - print m.get_PEM() - -if dump_manifest_content_DER: - f = open("manifest-content.der", "wb") - f.write(m.get_content().toString()) - f.close() - -if dump_signed_manifest_DER: - f = open("signed-manifest.der", "wb") - f.write(m.get_DER()) - f.close() - -if show_signed_manifest_asn1dump: - dumpasn1(m.get_DER()) - -n = rpki.x509.SignedManifest(DER = m.get_DER()) - -n.verify(ta = rpki.x509.X509(Auto_file = "biz-certs/Alice-Root.cer")) - -if show_content_2: - dumpasn1(n.get_content().toString()) - -assert m.get_content().toString() == n.get_content().toString() -assert m.get_content().get() == n.get_content().get() - -if show_content_3: - print - print n.get_content().get() diff --git a/scripts/Old/master.sh b/scripts/Old/master.sh deleted file mode 100644 index 8f59d357..00000000 --- a/scripts/Old/master.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -# $Id$ - -scripts="subvert-rpki.hactrn.net/scripts" - -repositories="ca-trial.ripe.net/RIPE ca-trial.ripe.net/ARIN repository.apnic.net" - -cd `dirname $0` - -. $scripts/mirror-apnic.sh -. $scripts/mirror-ripe.sh - -perl $scripts/gen-verify-test.pl $repositories | -tee verify.sh | -sh 2>&1 | -tee verify.log - -perl $scripts/make-hashes.pl $repositories | -tee make-hashes.sh | -sh 2>&1 | -tee make-hashes.log - -sh $scripts/check-hashes.sh 2>&1 | -tee check-hashes.log diff --git a/scripts/Old/mirror-apnic.sh b/scripts/Old/mirror-apnic.sh deleted file mode 100644 index 995efcb8..00000000 --- a/scripts/Old/mirror-apnic.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# $Id$ - -# An unknown entity representing itself as gmm says that this is the -# trust anchor for the APNIC test repository. -# -fetch -m -o repository.apnic.net/trust-anchor.cer \ - http://mirin.apnic.net/resourcecerts/trust-anchor.cer - -# Mirror the repository itself -# -rsync -aiz --delete rsync://repository.apnic.net/APNIC/ repository.apnic.net/APNIC/ diff --git a/scripts/Old/mirror-ripe.sh b/scripts/Old/mirror-ripe.sh deleted file mode 100644 index f2ba5a17..00000000 --- a/scripts/Old/mirror-ripe.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# $Id$ - -# The following are freshly produced in conformance with Geoff & -# George's latest developments - I hope. - -# Trust Anchors (consider this an out-of-band delivery method): - -# RIPE TA: -fetch -m -o ca-trial.ripe.net/riperoot/repos/root.cer \ - http://ca-trial.ripe.net/~riperoot/repos/root.cer - -# ARIN TA: -fetch -m -o ca-trial.ripe.net/arinroot/repos/root.cer \ - http://ca-trial.ripe.net/~arinroot/repos/root.cer - -# The repositories are here: -rsync -aiz --delete rsync://ca-trial.ripe.net/RIPE/ ca-trial.ripe.net/RIPE/ -rsync -aiz --delete rsync://ca-trial.ripe.net/ARIN/ ca-trial.ripe.net/ARIN/ - -# Some test certificates: - -# RIPE->RIPE->ISP: -fetch -m -o ca-trial.ripe.net/ripeprod/repos/ripe-08.cer \ - http://ca-trial.ripe.net/~ripeprod/repos/ripe-08.cer - -# ARIN->ARIN->ISP: -fetch -m -o ca-trial.ripe.net/arinprod/repos/arin-01.cer \ - http://ca-trial.ripe.net/~arinprod/repos/arin-01.cer - -# RIPE->ARIN->ISP: -fetch -m -o ca-trial.ripe.net/arinprod/repos/ripe-01.cer \ - http://ca-trial.ripe.net/~arinprod/repos/ripe-01.cer - -# ARIN->RIPE->ISP: -fetch -m -o ca-trial.ripe.net/ripeprod/repos/arin-01.cer \ - http://ca-trial.ripe.net/~ripeprod/repos/arin-01.cer - -# I think they work with full up-down chaining, provided that I copied -# everything in place. -# -# George, please look at these, I believe I only need your SIA for these to be -# ready: -# -# RIPE->APNIC cert currently: http://ca-trial.ripe.net/~riperoot/repos/root-0E.cer -# ARIN->APNIC cert currently: http://ca-trial.ripe.net/~arinroot/repos/root-09.cer diff --git a/scripts/Old/pkcs10.py b/scripts/Old/pkcs10.py deleted file mode 100644 index 386229f2..00000000 --- a/scripts/Old/pkcs10.py +++ /dev/null @@ -1,100 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import POW.pkix, glob, os -import rpki.x509, rpki.resource_set, rpki.oids - -parse_test = False -generate_test = True - -parse_extensions = True -show_attributes = False -show_algorithm = False -do_verify = True -show_signature = False -show_publickey = False - -def hexify(thing): - return ":".join(["%02X" % ord(i) for i in thing]) - -if parse_test: - - for name in glob.glob("resource-cert-samples/*.req") + glob.glob("biz-certs/*.req"): - pkcs10 = rpki.x509.PKCS10(Auto_file = name).get_POWpkix() - - print "[", name, "]" - - if show_algorithm: - print pkcs10.signatureAlgorithm - print - print pkcs10.signatureAlgorithm.get() - print - - if show_signature: - print pkcs10.signatureValue, hexify(pkcs10.signatureValue.get()) - print - - if show_publickey: - print pkcs10.certificationRequestInfo.subjectPublicKeyInfo - print pkcs10.certificationRequestInfo.subjectPublicKeyInfo.get() - print hexify(pkcs10.certificationRequestInfo.subjectPublicKeyInfo.toString()) - print - - if show_attributes: - print pkcs10.certificationRequestInfo.attributes.oid, pkcs10.certificationRequestInfo.attributes.oid.get() - print - print pkcs10.certificationRequestInfo.attributes.val, pkcs10.certificationRequestInfo.attributes.val.get() - print - print pkcs10.certificationRequestInfo.attributes.val.choice, pkcs10.certificationRequestInfo.attributes.val.choices - print - print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice] - print - print len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]) - print - if len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]) > 0: - print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice][0] - print - - if parse_extensions: - - exts = pkcs10.getExtensions() - - bag = rpki.resource_set.parse_extensions(exts) - if bag.as: print "ASN =", bag.as - if bag.v4: print "IPv4 =", bag.v4 - if bag.v6: print "IPv6 =", bag.v6 - - for oid, crit, val in exts: - if oid in (rpki.oids.name2oid["sbgp-ipAddrBlock"], - rpki.oids.name2oid["sbgp-autonomousSysNum"]): - continue - if isinstance(val, str): - val = hexify(val) - print POW.pkix.oid2obj(oid), oid, "=", val - - if do_verify: - print - print "Signature verification: %s" % pkcs10.verify() - - print - -if generate_test: - keypair = rpki.x509.RSA() - keypair.generate() - pkcs10 = rpki.x509.PKCS10.create(keypair) - f = os.popen("openssl req -text -config /dev/null", "w") - f.write(pkcs10.get_PEM()) - f.close() diff --git a/scripts/Old/resource-cert-samples.py b/scripts/Old/resource-cert-samples.py deleted file mode 100644 index 16986d9b..00000000 --- a/scripts/Old/resource-cert-samples.py +++ /dev/null @@ -1,277 +0,0 @@ -""" -Generate an RPKI test repository. - -This script generates a toy RPKI repository for test purposes. It's -designed to be relatively easy to reconfigure, making it simple to -test whatever is of interest on a given day, without a lot of setup -overhead. - -Outputs are a bunch of config files for the OpenSSL CLI tool and a -makefile to drive everything. - -$Id$ - -Copyright (C) 2009 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - -Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import rpki.resource_set, os - -subdir = "resource-cert-samples" -openssl = "../../openssl/openssl/apps/openssl" -keybits = 2048 - -def main(): - """ - Main program, including the toy database itself. - """ - - db = allocation_db() - db.add("ISP1", ipv4 = "192.0.2.1-192.0.2.33", asn = "64533") - db.add("ISP2", ipv4 = "192.0.2.44-192.0.2.100") - db.add("ISP3", ipv6 = "2001:db8::44-2001:db8::100") - db.add("ISP4", ipv6 = "2001:db8::10:0:44/128", asn = "64544") - db.add("ISP5a", ipv4 = "10.0.0.0/24", ipv6 = "2001:db8::a00:0/120") - db.add("ISP5b", ipv4 = "10.3.0.0/24", ipv6 = "2001:db8::a03:0/120") - db.add("ISP5c", asn = "64534-64540") - db.add("LIR1", children = ["ISP1", "ISP2"]) - db.add("LIR2", children = ["ISP3", "ISP4"]) - db.add("LIR3", children = ["ISP5a", "ISP5b", "ISP5c"]) - db.add("RIR", children = ["LIR1", "LIR2", "LIR3"]) - - if not os.path.isdir(subdir): - os.mkdir(subdir) - - for i in db: - write_maybe("%s/%s.cnf" % (subdir, i.name), i.cfg_string()) - - write_maybe("%s/Makefile" % subdir, - "# Automatically generated, do not edit.\n" + - "".join([i.makefile_rules() for i in db])) - -def write_maybe(name, new_content): - """ - Write a file if and only if its contents have changed. This - simplifies interactions with "make". - """ - old_content = None - if os.path.isfile(name): - f = open(name, "r") - old_content = f.read() - f.close() - if old_content != new_content: - print "Writing", name - f = open(name, "w") - f.write(new_content) - f.close() - -class allocation_db(list): - """ - Class to represent an allocation database. - """ - - def __init__(self): - self.allocation_map = {} - - def add(self, name, **kw): - """ - Add a new entry to this allocation database. All arguments passed - through to the allocation constructor. - """ - self.insert(0, allocation(name = name, allocation_map = self.allocation_map, **kw)) - -class allocation(object): - """ - Class representing one entity holding allocated resources. - - In order to simplify configuration, this class automatically - computes the set of resources that this entity must hold in order to - serve both itself and its children. - """ - - parent = None - - def __init__(self, name, asn = None, ipv4 = None, ipv6 = None, children = (), allocation_map = None): - """ - Create a new allocation entry. - - This binds the parent attributes of any children, and computes the - transitive closure of the set of resources this entity needs. - """ - self.name = name - self.children = [allocation_map[i] for i in children] - for child in self.children: - assert child.parent is None - child.parent = self - self.asn = self.summarize("asn", rpki.resource_set.resource_set_as(asn)) - self.ipv4 = self.summarize("ipv4", rpki.resource_set.resource_set_ipv4(ipv4)) - self.ipv6 = self.summarize("ipv6", rpki.resource_set.resource_set_ipv6(ipv6)) - allocation_map[name] = self - - def summarize(self, attrname, seed = None): - """ - Compute the transitive resource closure for one resource attribute. - """ - if seed is None: - seed = getattr(self, attrname) - for child in self.children: - seed = seed.union(child.summarize(attrname)) - return seed - - def __str__(self): - return "%s\n ASN: %s\n IPv4: %s\n IPv6: %s" % (self.name, self.asn, self.ipv4, self.ipv6) - - def cfg_string(self): - """ - Generate the OpenSSL configuration file needed for this entity. - """ - keys = { "self" : self.name, - "keybits" : keybits, - "no_parent" : "#", - "no_asid" : "#", - "no_addr" : "#", - "parent" : "???", - "asid" : "???", - "addr" : "???" } - if self.parent: - keys["no_parent"] = "" - keys["parent"] = self.parent.name - if self.asn: - keys["no_asid"] = "" - keys["asid"] = ",".join(["AS:" + str(x) for x in self.asn]) - if self.ipv4 or self.ipv6: - keys["no_addr"] = "" - keys["addr"] = ",".join(["IPv4:" + str(x) for x in self.ipv4] + ["IPv6:" + str(x) for x in self.ipv6]) - return openssl_cfg_fmt % keys - - def makefile_rules(self): - """ - Generate the makefile rules needed for this entity. - """ - keys = { "self" : self.name, - "keybits" : keybits, - "openssl" : openssl } - if self.parent: - keys["signconf"] = "%s.cnf" % self.parent.name - keys["signdeps"] = "%s.key" % self.parent.name - else: - keys["signconf"] = "%s.cnf -selfsign" % self.name - keys["signdeps"] = "%s.key" % self.name - return makefile_fmt % keys - -makefile_fmt = '''\ - -all:: %(self)s.cer - -%(self)s.key: - %(openssl)s genrsa -out $@ %(keybits)d - -%(self)s.req: %(self)s.key %(self)s.cnf Makefile - %(openssl)s req -new -config %(self)s.cnf -key %(self)s.key -out $@ - -%(self)s.cer: %(self)s.req %(self)s.cnf %(signdeps)s Makefile - @test -d %(self)s || mkdir %(self)s - @test -f %(self)s/index || touch %(self)s/index - @test -f %(self)s/serial || echo 01 >%(self)s/serial - %(openssl)s ca -batch -out $@ -in %(self)s.req -extfile %(self)s.cnf -config %(signconf)s - - -show_req:: - %(openssl)s req -noout -text -in %(self)s.req -config /dev/null - -show_cer:: - %(openssl)s x509 -noout -text -in %(self)s.cer -''' - -openssl_cfg_fmt = '''# Automatically generated, do not edit. - -[ ca ] -default_ca = ca_default - -[ ca_default ] -certificate = %(self)s.cer -serial = %(self)s/serial -private_key = %(self)s.key -database = %(self)s/index -new_certs_dir = %(self)s -name_opt = ca_default -cert_opt = ca_default -default_days = 365 -default_crl_days = 30 -default_md = sha256 -preserve = no -copy_extensions = copy -policy = ca_policy_anything -unique_subject = no -x509_extensions = ca_x509_ext -crl_extensions = crl_x509_ext - -[ ca_policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -givenName = optional -surname = optional - -[ req ] -default_bits = %(keybits)d -encrypt_key = no -distinguished_name = req_dn -req_extensions = req_x509_ext -prompt = no - -[ req_dn ] -CN = TEST ENTITY %(self)s - -[ req_x509_ext ] -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/%(self)s/ -%(no_parent)sauthorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/%(parent)s.cer -%(no_asid)ssbgp-autonomousSysNum = critical,%(asid)s -%(no_addr)ssbgp-ipAddrBlock = critical,%(addr)s - -[ ca_x509_ext ] -basicConstraints = critical,CA:true -%(no_parent)sauthorityKeyIdentifier = keyid:always -keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/%(self)s/ -%(no_parent)sauthorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/%(parent)s.cer -%(no_asid)ssbgp-autonomousSysNum = critical,%(asid)s -%(no_addr)ssbgp-ipAddrBlock = critical,%(addr)s - -[ crl_x509_ext ] -authorityKeyIdentifier = keyid:always -''' - -main() diff --git a/scripts/Old/resource-set.py b/scripts/Old/resource-set.py deleted file mode 100644 index 11c11e45..00000000 --- a/scripts/Old/resource-set.py +++ /dev/null @@ -1,97 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import socket -import re - -class ip_address(object): - - def __init__(self, text): - self.addr = socket.inet_pton(self.af, text) - - def __str__(self): - return socket.inet_ntop(self.af, self.addr) - - def __eq__(self, other): - return self.addr == other.addr - - def __hash__(self): - return self.addr.__hash__() - -class ipv4_address(ip_address): - af = socket.AF_INET - -class ipv6_address(ip_address): - af = socket.AF_INET6 - -class resource(object): - pass - -class asn(resource, long): - pass - -class ip_prefix(resource): - - def __init__(self, addr, prefixlen): - self.addr = self.ac(addr) - self.prefixlen = prefixlen - - def __str__(self): - return str(self.addr) + "/" + str(self.prefixlen) - - def __eq__(self, other): - return self.addr == other.addr and self.prefixlen == other.prefixlen - - def __hash__(self): - return self.addr.__hash__() + self.prefixlen.__hash__() - -class ipv4_prefix(ip_prefix): - ac = ipv4_address - -class ipv6_prefix(ip_prefix): - ac = ipv6_address - -class resource_range(resource): - - def __init__(self, min, max): - assert isinstance(min, resource) and isinstance(max, resource) - self.min = min - self.max = max - - def __str__(self): - return str(self.min) + "-" + str(self.max) - - def __eq__(self, other): - return self.min == other.min and self.max == other.max - - def __hash__(self): - return self.min.__hash__() + self.max.__hash__() - -class resource_set(set): - - def __init__(self, *elts): - for e in elts: - assert isinstance(e, resource) - set.__init__(self, elts) - - def __str__(self): - s = [i for i in self] - s.sort() - return "{" + ", ".join(map(str, s)) + "}" - -s = resource_set(ipv6_prefix("fe80::", 16), ipv4_prefix("10.0.0.44", 32), ipv4_prefix("10.3.0.44", 32)) - -print s diff --git a/scripts/Old/rootd.cnf b/scripts/Old/rootd.cnf deleted file mode 100644 index 1e400c04..00000000 --- a/scripts/Old/rootd.cnf +++ /dev/null @@ -1,30 +0,0 @@ -# $Id$ -# -# Generate test root resource certificate for use with rootd.py server. - -[ req ] -default_bits = 2048 -encrypt_key = no -distinguished_name = req_dn -req_extensions = req_x509_ext -prompt = no - -[ req_dn ] -CN = Completely Bogus Test Root (NOT FOR PRODUCTION USE) - -[ req_x509_ext ] -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombat.invalid/ -sbgp-autonomousSysNum = critical,@req_asid_ext -sbgp-ipAddrBlock = critical,@req_addr_ext - -[ req_asid_ext ] - -AS.0 = 1-65535 - -[ req_addr_ext ] - -IPv4.0 = 0.0.0.0/0 -IPv6.0 = 0::/0 diff --git a/scripts/Old/rootd.sh b/scripts/Old/rootd.sh deleted file mode 100644 index 73411a16..00000000 --- a/scripts/Old/rootd.sh +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/sh - -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Script to test against rootd.py. -# -# This blows away rpkid's database and rebuilds it with what we need -# for this test, and knows far too much about the id numbers that -# rpkid and mysql will assign. In the long run we must do better than -# this, but gotta start somewhere. - -openssl=../openssl/openssl/apps/openssl - -# Halt on first error - -set -e - -# Generate new key and cert for rootd.py if needed - -if test ! -r rootd.cer -o ! -r rootd.key -then - $openssl req -new -newkey rsa:2048 -nodes -keyout rootd.key -out rootd.req -config rootd.cnf - $openssl x509 -req -in rootd.req -out rootd.cer -extfile rootd.cnf -extensions req_x509_ext -signkey rootd.key -text -sha256 - rm -f rootd.req -fi - -# Blow away old rpkid database (!) so we can start clean - -mysql -u rpki -p`awk '$1 == "sql-password" {print $3}' rpkid.conf` rpki <rpki-db-schema.sql - -# Start rpkid so we can configure it, make sure we shut it down on exit - -python rpkid.py & rpkid=$! -trap "kill $rpkid" 0 1 2 3 13 15 - -: Waiting to let rpkid start up; sleep 5 - -# Create a self instance - -time python irbe_cli.py self --action create --crl_interval 84600 - -# Create a business signing context, issue the necessary business cert, and set up the cert chain - -time python irbe_cli.py --pem_out bsc.req bsc --action create --self_id 1 --generate_keypair --signing_cert biz-certs/Bob-CA.cer -time $openssl x509 -req -in bsc.req -out bsc.cer -CA biz-certs/Bob-CA.cer -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl -time python irbe_cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer -rm -f bsc.req bsc.cer - -# Create a repository context - -time python irbe_cli.py repository --self_id 1 --action create --bsc_id 1 - -# Create a parent context pointing at rootd.py - -time python irbe_cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id 1 \ - --peer_contact_uri https://localhost:44333/ \ - --cms_ta biz-certs/Elena-Root.cer \ - --https_ta biz-certs/Elena-Root.cer \ - --sia_base rsync://wombat.invalid/ \ - --sender_name tweedledee \ - --recipient_name tweedledum - -# Create a child context - -time python irbe_cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer - -# Need to link irdb to created child and clear conflicting links. -# For now, just do this "manually" in MySQL CLI. - -echo ' - UPDATE registrant SET rpki_self_id = NULL, rpki_child_id = NULL; - UPDATE registrant SET rpki_self_id = 1, rpki_child_id = 1 WHERE subject_name = "Epilogue Technology Corporation"; -' | -mysql -u irdb -p`awk '$1 == "sql-password" {print $3}' irbe.conf` irdb - -if test "$1" = "run" -then - - rm -rf publication - - python rootd.py & rootd=$! - python irdbd.py & irdbd=$! - trap "kill $rpkid $irdbd $rootd" 0 1 2 3 13 15 - - : Waiting to let daemons start up; sleep 5 - - date; time python cronjob.py - date; time python testpoke.py -r list - date; time python testpoke.py -r issue - - date; time python cronjob.py - date; time python testpoke.py -r list - date; time python testpoke.py -r issue - - date; python testpoke.py -r issue | - qh | - sed -n '/^(certificate/,/^)certificate/s/^-//p' | - mimencode -u | - $openssl x509 -noout -inform DER -text - - date; time python testpoke.py -r revoke - date; time python testpoke.py -r list - date; time python cronjob.py - date; time python testpoke.py -r list - - date; time python cronjob.py - date; time python testpoke.py -r list - date; time python testpoke.py -r issue - - date; time python testpoke.py -r revoke - date; time python testpoke.py -r list - date; time python cronjob.py - date; time python testpoke.py -r list - - date; time python testpoke.py -r issue - date; time python testpoke.py -r revoke - date; time python testpoke.py -r issue - date; time python testpoke.py -r revoke - date; time python testpoke.py -r issue - date; time python testpoke.py -r revoke - date; time python testpoke.py -r list - date; time python cronjob.py - date; time python testpoke.py -r list - - date; time python testpoke.py -r issue - date; time python cronjob.py - date; time python testpoke.py -r list - date - -fi diff --git a/scripts/Old/test-pow-cms.py b/scripts/Old/test-pow-cms.py deleted file mode 100644 index f7acc912..00000000 --- a/scripts/Old/test-pow-cms.py +++ /dev/null @@ -1,68 +0,0 @@ -""" -$Id$ - -Copyright (C) 2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import POW, rpki.x509, os, traceback - -key = rpki.x509.RSA(Auto_file = "biz-certs/Alice-EE.key").get_POW() -ee = rpki.x509.X509(Auto_file = "biz-certs/Alice-EE.cer").get_POW() - -ca = rpki.x509.X509(Auto_file = "biz-certs/Alice-CA.cer").get_POW() -ta = rpki.x509.X509(Auto_file = "biz-certs/Alice-Root.cer").get_POW() - -store = POW.X509Store() -store.addTrust(ta) - -if store.verify(ca): - print "Verified CA" - store.addTrust(ca) -else: - print "Couldn't verify CA" - -if store.verify(ee): - print "Verified EE" - store.addTrust(ee) -else: - print "Couldn't verify EE" - -oid = "1.2.840.113549.1.9.16.1.24" - -plaintext = "Wombats Are Us" - -for args in ((ee, key, plaintext, [ca], (), oid), - (ee, key, plaintext, [ca], (), oid, POW.CMS_NOATTR), - (ee, key, plaintext, [ca], (), oid, POW.CMS_NOCERTS), - (ee, key, plaintext, [], (), oid), - (ee, key, plaintext, [], (), oid, POW.CMS_NOATTR), - (ee, key, plaintext, [], (), oid, POW.CMS_NOCERTS)): - - print "Testing", repr(args) - - cms = POW.CMS() - cms.sign(*args) - - #print cms.pprint() - - print "Certs:" - for x in cms.certs(): - print x.pprint() - - print "CRLs:" - for c in cms.crls(): - print c.pprint() - - cms.verify(store, [ee]) diff --git a/scripts/Old/test-pow.py b/scripts/Old/test-pow.py deleted file mode 100644 index 2fb6be48..00000000 --- a/scripts/Old/test-pow.py +++ /dev/null @@ -1,103 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import POW, POW.pkix, base64, rpki.ipaddrs, rpki.resource_set - -Alice_EE = """ -MIIDGDCCAgCgAwIBAgIJANkdU8+R7K3dMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV -BAMTGVRlc3QgQ2VydGlmaWNhdGUgQWxpY2UgQ0EwHhcNMDcwNjE5MTk1MzE4WhcN -MDcwNzE5MTk1MzE4WjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEFsaWNl -IEVFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxuYZsSzM7J4D/GN -TiSB/EzRF7U91bYIoqZHG/NcLePFJfHKvKd7LuRNXI4WXrUjQ+6VlcQGdPfo6uvZ -9r/UKocS3ATc7p28CkMNM99RcLM4OWg70021MwmS04CaMpUftsQCtSwAVrWkL3dM -C9LuMdChA619q1x56RGrBeqgnk9NfHahUjmqjhUVQejTk2fYfLcINdxUwOQP9GT5 -bQLhf5hxq+QsixyBjB0BE/h1KxCRJITu5JLzCZIxHxMeN/MdDz3T0m1Vhwd7KZZS -H1Iq5WIBArhzuLQsekSL4GmDLXSxuLi68w8W53YEpc4hRzS29+p1mMK5bZMttvYN -hfoVOQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTDNm3cT2DjtkzqsI7N -hTSoXmbGsDAfBgNVHSMEGDAWgBRqTejqD9pJQzENNALChYOBrglzEzANBgkqhkiG -9w0BAQUFAAOCAQEAZac7WWRWCItjea9O6YJgB1EUy0NdN7rRuzQSJg9LQfsevwJK -s2R/gV6RF8c53BnexUoVOu5VxSFZin9qRMMZxEMzo3TlFY2JuhPchLFrnYQ5SsjL -w25iLY9xaswZoaAdu4HG5IbN+Drew4Hlfqfoqgi1x79MbL4i+xdPjrHjV+5T/bLE -hADax/Ki7qWOMW2eMWIYuhyHwlqaJaa4xvgSuBdzccPur9nYuYyMQhR5FEtiBrFk -H+SG3DPUYnJjHo/0hqZ+cRRtoNJO00gfgzDUYGIrDak4aGapJsGcJ5/6xIvYKrpu -mkmvYl9m3IB1QYSAtu+0C98ShPgIFNqLvWOceA== -""" - -APNIC_Root = """ -MIIHMjCCBhqgAwIBAgIBcjANBgkqhkiG9w0BAQsFADBNMS4wLAYDVQQDEyVEZW1v -IEFQTklDIFJPT1QgQ0EgLSBOb3QgZm9yIHJlYWwgdXNlMRswGQYJKoZIhvcNAQkB -FgxjYUBhcG5pYy5uZXQwHhcNMDYxMTE2MDU1MDEwWhcNMDcxMTE2MDU1MDEwWjA2 -MTQwMgYDVQQDEytEZW1vIFByb2R1Y3Rpb24gQVBOSUMgQ0EgLSBOb3QgZm9yIHJl -YWwgdXNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64tZcEhcMvdF -s0sXVF+op473Px/0ANRBHKl772wzTIBno6I4+RNmh8zkasTh6aKhNwcpkc03AaTs -cFmPrlq5PREyZrO1vzq6McShEH5/FcVLUcHKKq46/f+0mx7ec/ExaeRljHJeIVxJ -TuKUrs87PbPYBz+KI6bjb4e0ICsVgomat6DphPPd3krCBJVNqBD6W2UCv1huK9Kx -6egiWaqAYzcrI3W0TFNA5+RUnjnybB0qg1pOkdgKDOEFnIkl0MnX4ENSWNOnezHF -myV3ypJ+42Zllu5OZacqbPh+UJzHv4rMdfKjwpvn1ofiqglYG74HY2lzXSUyYPuA -cZX9572A9wIDAQABo4IEMjCCBC4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E -BAMCAQYwHQYDVR0OBBYEFKuuiK1khrgRO46sfDwFBwJRwqkcMB8GA1UdIwQYMBaA -FKb6Y78FHkIsdnueF/Hxm4ZnWDKNMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw -PQYDVR0fBDYwNDAyoDCgLoYscnN5bmM6Ly9yZXBvc2l0b3J5LmFwbmljLm5ldC9B -UE5JQy9BUE5JQy5jcmwwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzAChjNyc3lu -YzovL3JlcG9zaXRvcnkuYXBuaWMubmV0L1RSVVNUQU5DSE9SUy9hcG5pYy5jZXIw -WwYIKwYBBQUHAQsETzBNMEsGCCsGAQUFBzAFhj9yc3luYzovL3JlcG9zaXRvcnku -YXBuaWMubmV0L0FQTklDL3E2NklyV1NHdUJFN2pxeDhQQVVIQWxIQ3FSdy8wggJF -BggrBgEFBQcBCAEB/wSCAjQwggIwoIICLDCCAigCAgCtAgICqQICBMUCAgTRAgIE -1QICBOICAgZ7AgIGqDAIAgIG6AICBukCAgb1AgIHOwICB/oCAghgAgIJUTAIAgIJ -wQICCeACAgnpAgIJ+gICCgMwCAICCgkCAgoKAgIKiQICCpICAgqZAgIKxAICCswC -AgrUAgILBwICC1sCAgtjMAgCAgttAgILbgICDR0CAg0jAgINNgICDT8CAg1DAgIN -hAICDYYCAg2gAgINtgICDd4wCAICDeYCAg3nAgIN/wICDhUCAg4YMAgCAg5NAgIO -TjAIAgIOaQICDm0CAg5/AgIOhTAIAgIOowICDqQwCAICDq0CAg6uAgIOvQICDr8C -Ag7IMAgCAg7KAgIOywICDuUCAg7xAgIO/DAIAgIO/wICDwACAg9ZAgIPgQICD4gC -Ag+nAgIPyAICD9ECAg/aAgIP3AICECYCAhAuAgIQPjAIAgIQTgICEE8CAhBlAgIQ -agICEJsCAhCyAgIRADAIAgIRHQICER4CAhFPMAgCAhFRAgIRUgICEaMCAhGwAgIR -ugICEfICAhH9MAgCAhIAAgITAAICE2EwCAICE5kCAhOaAgITuwICE90CAhPfAgIW -TQICF7QCAhgTAgIYdgICGdsCAhn4AgIb2wICHAcwCAICHSsCAh4qAgIerwICHt0w -CAICJAACAif/AgIqNwICLMswCAICRAACAkf/AgJM+TAIAgJcAAICX/8wCgIDAJQA -AgMAl/8wewYIKwYBBQUHAQcBAf8EbDBqMDQEAgABMC4wCAMCAToDAgE8MAgDAgB5 -AwIAfgMCAJYDAgCjAwIBygMCAdIwCAMCAdoDAgDeMDIEAgACMCwDBAEgAQIDBAIg -AQwDBAEgAUQwDAMEByABgAMEBCABoDAKAwICJAMEAyQAQDANBgkqhkiG9w0BAQsF -AAOCAQEAxjUMY1cBdWUXWmPOwK6zk8E7BOVR3U7U62AfYqlE75cjt2RhRQBcc0XP -tEG8rl6DJMmzH6XB0+czrsUijeBdRBeC+WTMbJd1ZMzgqrqHgXI0CjdjPMR0k6Dx -qpsdDXmlIuAIUHy/GISIel9N/eXSu8ctsWXV2YYlaf7WVGHIhmJs03iSu324vJSk -vhlLtNxdV+neQhkXT54mrx7mADxWYz5+rjWFvJuiOfQicXJI4uh5oAN8POcfx4hu -7xYYqCunudhilCEz53CCcjzCAx5pW1jl32YdguWEwTf6ttwTnTsXQ0a+waMk4ljw -uMsR5Xzvy12ti/m+7MSTLR1kMxJOFA== -""" - -alice = base64.b64decode(Alice_EE) -apnic = base64.b64decode(APNIC_Root) - -verbose = True - -for der in (alice, apnic): - cert = POW.derRead(POW.X509_CERTIFICATE, der) - print cert.pprint() - cert = POW.pkix.Certificate() - cert.fromString(der) - if verbose: - for oid, crit, val in cert.getExtensions(): - print " OID: ", oid, POW.pkix.oid2obj(oid) - print " Crit: ", crit - print " Value:", val - print - bag = rpki.resource_set.parse_extensions(cert.getExtensions()) - if bag.as: print ",".join(map(lambda x: "AS:" + str(x), bag.as)) - if bag.v4: print ",".join(map(lambda x: "IPv4:" + str(x), bag.v4)) - if bag.v6: print ",".join(map(lambda x: "IPv6:" + str(x), bag.v6)) - if bag.as is not None: print bag.as.to_tuple() - if bag.v4 is not None: print bag.v4.to_tuple() - if bag.v6 is not None: print bag.v6.to_tuple() diff --git a/scripts/Old/test-sql.py b/scripts/Old/test-sql.py deleted file mode 100644 index bc059e71..00000000 --- a/scripts/Old/test-sql.py +++ /dev/null @@ -1,50 +0,0 @@ -# $Id$ - -# Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -import MySQLdb, rpki.config - -def test(filename, section): - - print "[Checking " + filename + "]\n" - - cfg = rpki.config.parser(filename, section) - - db = MySQLdb.connect(user = cfg.get("sql-username"), - db = cfg.get("sql-database"), - passwd = cfg.get("sql-password")) - - cur = db.cursor() - - def duh(db, cmd, header): - cur.execute(cmd) - print header - print "-" * len(header) - print cur.description - for i in cur.fetchall(): - print i[0] - print - - duh(db, "SHOW DATABASES", "Databases") - duh(db, "SELECT DATABASE()", "Current database") - duh(db, "SHOW TABLES", "Current tables") - - db.close() - -print MySQLdb.Timestamp(2007,6,9,9,45,51), MySQLdb.DateFromTicks(1000), \ - MySQLdb.Binary("Hi, Mom!"), MySQLdb.STRING, MySQLdb.BINARY, MySQLdb.NUMBER, MySQLdb.NULL, "\n" - -test("re.conf", "rpki") -test("irbe.conf", "irdb") diff --git a/scripts/Old/timers.sh b/scripts/Old/timers.sh deleted file mode 100644 index c880a029..00000000 --- a/scripts/Old/timers.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - -# $Id$ -# -# Copyright (C) 2009 Internet Systems Consortium ("ISC") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# Postprocess output of timer debug log. I'll probably never need -# this again, but I'd rather not have to write it a second time. - -awk ' - /<timer/ { - time = $2; tag = $3; $1 = $2 = $3 = ""; - print tag, time, $0; - } - ' ${1-screenlog.0} | -sort | -sed ' - s=
==; - /testbed\[/d; - s= datetime([0-9, ]*)==; - s=<bound method.*>>==; - s=/u/sra/rpki/subvert-rpki.hactrn.net/[a-z]*/rpki/==; - s= timedelta([0-9, ]*)==; - s= None = =; - s= at = =; - s= to from = from = - ' | -awk ' - BEGIN { - SUBSEP = "<"; - } - { - #print; - state[$1, $5] = $3; - } - /Creating/ { - created[$1, $5] = $NF; - } - END { - for (i in state) - print i, state[i], created[i]; - } - ' | -sort diff --git a/scripts/Old/uri.pl b/scripts/Old/uri.pl deleted file mode 100644 index cd029fec..00000000 --- a/scripts/Old/uri.pl +++ /dev/null @@ -1,53 +0,0 @@ -: -# $Id$ -eval 'exec perl -w -S $0 ${1+"$@"}' - if 0; - -use strict; - -my $format = "DER"; -my $badsia = 0; - -while ($ARGV[0] =~ /^--/) { - $_ = shift; - if (/^--der/) { $format = "DER"; next } - if (/^--pem/) { $format = "PEM"; next } - if (/^--badsia/) { $badsia = 1; next } - if (/^--help/) { - print("$0 [ --der | --pem ] [ --badsia ] cert [ cert ...]\n"); - exit; - } - die("Unrecognized option: $_"); -} - -while (@ARGV) { - my $file = shift(@ARGV); - my ($aia, $sia, $cdp, $a, $s, $c) = qw(- - -); - next unless ($file =~ /\.cer$/); - open(F, "-|", ( qw(openssl x509 -noout -inform), $format, - qw(-text -in), $file)) - or die("Couldn't run openssl x509 on $file: $!\n"); - while (<F>) { - chomp; - s{^.+URI:rsync://}{}; - $a = $. + 1 - if (/Authority Information Access:/); - $s = $. + 1 - if (/Subject Information Access:/); - $c = $. + 1 - if (/X509v3 CRL Distribution Points:/); - $aia = $_ - if ($a && $. == $a); - $sia = $_ - if ($s && $. == $s); - $cdp = $_ - if ($c && $. == $c); - } - close(F); - if ($badsia) { - print("$file\n\t$sia\n") - if ($sia && $sia =~ m=[^/]$=); - } else { - print("$aia $sia $cdp $file\n"); - } -} diff --git a/scripts/analyze-rcynic-history.py b/scripts/analyze-rcynic-history.py index 79c9c175..24a6524e 100644 --- a/scripts/analyze-rcynic-history.py +++ b/scripts/analyze-rcynic-history.py @@ -1,22 +1,22 @@ +# $Id$ +# +# Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse traffic data out of rynic XML output, whack it a bit, print some summaries and run gnuplot to draw some pictures. - -$Id$ - -Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ plot_all_hosts = False diff --git a/scripts/analyze-transition.py b/scripts/analyze-transition.py index ff82b9c8..e2125dfb 100644 --- a/scripts/analyze-transition.py +++ b/scripts/analyze-transition.py @@ -1,21 +1,21 @@ +# $Id$ +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Compare rcynic.xml files, tell the user what became invalid, and why. - -$Id$ - -Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/apnic-to-csv.py b/scripts/apnic-to-csv.py index f7b0d0a1..62293a51 100644 --- a/scripts/apnic-to-csv.py +++ b/scripts/apnic-to-csv.py @@ -1,22 +1,22 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse APNIC "Extended Allocation and Assignment" reports and write out (just) the RPKI-relevant fields in myrpki-format CSV syntax. - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ from rpki.csv_utils import csv_writer diff --git a/scripts/arin-to-csv.py b/scripts/arin-to-csv.py index dcb508ff..a4e7ffc3 100644 --- a/scripts/arin-to-csv.py +++ b/scripts/arin-to-csv.py @@ -1,6 +1,22 @@ +# $Id$ +# +# Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ -Parse a WHOIS research dump and write out (just) the RPKI-relevant -fields in myrpki-format CSV syntax. +Parse an ARIN database research dump and write out (just) the +RPKI-relevant fields in myrpki-format CSV syntax. NB: The input data for this script comes from ARIN under an agreement that allows research use but forbids redistribution, so if you think @@ -10,25 +26,10 @@ Input format used to be RPSL WHOIS dump, but ARIN recently went Java, so we have to parse a 3.5GB XML "document". Credit to Liza Daly for explaining the incantations needed to convince lxml to do this nicely, see: http://www.ibm.com/developerworks/xml/library/x-hiperfparse/ - -$Id$ - -Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import sys, lxml.etree +import sys +import lxml.etree from rpki.csv_utils import csv_writer diff --git a/scripts/convert-from-csv-to-entitydb.py b/scripts/convert-from-csv-to-entitydb.py index 41147815..bfa85b15 100644 --- a/scripts/convert-from-csv-to-entitydb.py +++ b/scripts/convert-from-csv-to-entitydb.py @@ -1,25 +1,33 @@ +# $Id$ +# +# Copyright (C) 2010 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Convert {parents,children,pubclients}.csv into new XML formats. - -$Id$ - -Copyright (C) 2010 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import subprocess, re, os, getopt, sys, base64, urlparse -import rpki.sundial, rpki.myrpki, rpki.config +import subprocess +import re +import os +import getopt +import sys +import base64 +import urlparse +import rpki.sundial +import rpki.myrpki +import rpki.config from lxml.etree import Element, SubElement, ElementTree diff --git a/scripts/convert-from-entitydb-to-sql.py b/scripts/convert-from-entitydb-to-sql.py index d8147574..5371aa78 100644 --- a/scripts/convert-from-entitydb-to-sql.py +++ b/scripts/convert-from-entitydb-to-sql.py @@ -1,24 +1,24 @@ +# $Id$ +# +# Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Merge XML entitydb and OpenSSL command-line BPKI into SQL IRDB. This is a work in progress, don't use it unless you really know what you're doing. - -$Id$ - -Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys, os, time, getopt, glob, subprocess, base64 diff --git a/scripts/convert-https-to-http.py b/scripts/convert-https-to-http.py index 68c0725c..a6411e53 100644 --- a/scripts/convert-https-to-http.py +++ b/scripts/convert-https-to-http.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2010-2011 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Conversion tool for flag day on which we rip TLS (HTTPS) support out of rpkid and friends. @@ -7,25 +23,14 @@ Usage: python convert-https-to-http.py [ { -c | --config } configfile ] [ { -h | --help } ] Default configuration file is rpki.conf, override with --config option. - -$Id$ - -Copyright (C) 2010-2011 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import getopt, sys, os, warnings, lxml.etree, rpki.config +import getopt +import sys +import os +import warnings +import lxml.etree +import rpki.config cfg_file = "rpki.conf" entitydb_dir = "entitydb" diff --git a/scripts/cross_certify.py b/scripts/cross_certify.py index 2c4614cb..c696923c 100644 --- a/scripts/cross_certify.py +++ b/scripts/cross_certify.py @@ -1,3 +1,33 @@ +# $Id$ +# +# Copyright (C) 2009-2011 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +# +# Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Cross-certification tool to issue a new certificate based on an old one that was issued by somebody else. The point of the exercise is to @@ -12,35 +42,6 @@ Usage: python cross_certify.py { -i | --in } input_cert [ { -o | --out } filename (default: stdout) ] [ { -l | --lifetime } timedelta (default: 30 days) ] -$Id$ - -Copyright (C) 2009-2011 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - -Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import os, time, getopt, sys, rpki.x509, rpki.sundial diff --git a/scripts/csvgrep.py b/scripts/csvgrep.py index 66fd4c4f..68bdd259 100644 --- a/scripts/csvgrep.py +++ b/scripts/csvgrep.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Utility to simplify finding handles in one of the pseudo-RIR databases. @@ -10,22 +26,6 @@ by having dots (IPv4) or colons (IPv6). After eating all of the command line arguments, we search asns.csv for any ASNs given, and prefixes.csv for any prefixes given. - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/debug-roas.py b/scripts/debug-roas.py index 4ad47885..689f9870 100644 --- a/scripts/debug-roas.py +++ b/scripts/debug-roas.py @@ -1,3 +1,33 @@ +# $Id$ +# +# Copyright (C) 2009-2010 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +# +# Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Debugging tool for chasing a particular weird ROA problem. Dumps contents of roa objects from SQL. Dog ugly, do not read output @@ -7,41 +37,19 @@ Usage: python debug-roas.py [ { -c | --config } configfile ] [ { -h | --help } ] Default configuration file is rpkid.conf, override with --config option. - -$Id$ - -Copyright (C) 2009-2010 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - -Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import os, time, getopt, sys, re -import rpki.sql, rpki.config, rpki.log, rpki.resource_set -import rpki.rpki_engine, rpki.left_right +import os +import time +import getopt +import sys +import re +import rpki.sql +import rpki.config +import rpki.log +import rpki.resource_set +import rpki.rpki_engine +import rpki.left_right class main(object): diff --git a/scripts/expand-roa-prefixes.py b/scripts/expand-roa-prefixes.py index c4fcb08f..ae34ea0a 100644 --- a/scripts/expand-roa-prefixes.py +++ b/scripts/expand-roa-prefixes.py @@ -1,28 +1,30 @@ +# $Id$ +# +# Copyright (C) 2011 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ I got tired of trying to explain in English how the maxLength macro hack works in ROAs, so this is an attempt to explain it as code. Given one or more ROA prefix sets on the command line, this script prints out the expansion as a list of prefixes. - -$Id$ - -Copyright (C) 2011 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import sys, rpki.resource_set, rpki.ipaddrs +import sys +import rpki.resource_set +import rpki.ipaddrs class NotAPrefix(Exception): """ diff --git a/scripts/extract-key.py b/scripts/extract-key.py index 0944b3ce..402d65d8 100644 --- a/scripts/extract-key.py +++ b/scripts/extract-key.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Extract a private key from rpkid's database. @@ -17,25 +33,13 @@ Usage: python extract-key.py [ { -s | --self } self_handle ] [ { -h | --help } ] Default for both user and db is "rpki". - -$Id$ - -Copyright (C) 2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import os, time, getopt, sys, MySQLdb +import os +import time +import getopt +import sys +import MySQLdb import rpki.x509 os.environ["TZ"] = "UTC" diff --git a/scripts/fakerootd.py b/scripts/fakerootd.py index 4f799e75..6275a2a9 100644 --- a/scripts/fakerootd.py +++ b/scripts/fakerootd.py @@ -1,24 +1,27 @@ +# $Id$ +# +# Copyright (C) 2011 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Hack to fake a catatonic rootd, for testing. - -$Id$ - -Copyright (C) 2011 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import sys, socket, datetime, signal +import sys +import socket +import datetime +import signal port = int(sys.argv[1]) if len(sys.argv) > 1 else 4405 limit = int(sys.argv[2]) if len(sys.argv) > 2 else 5 diff --git a/scripts/find-roa-expiration.py b/scripts/find-roa-expiration.py index 151de446..1401dc42 100644 --- a/scripts/find-roa-expiration.py +++ b/scripts/find-roa-expiration.py @@ -1,23 +1,23 @@ +# $Id$ +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Look for ROAs for particular prefixes, like find_roa, then, for each ROA we find, dig out the expiration times of all the certificates involved in the authorization chain, all the way back to the root. - -$Id$ - -Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/format-application-x-rpki.py b/scripts/format-application-x-rpki.py index 00a101aa..873c7ee0 100644 --- a/scripts/format-application-x-rpki.py +++ b/scripts/format-application-x-rpki.py @@ -1,24 +1,24 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Take the basic application/x-rpki messages that rpkid and friends log and translate them into a text version that's easier to search, without losing any of the original data. We use MH for the output format because nmh makes a handy viewer. - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import email.mime diff --git a/scripts/generate-ripe-root-cert.py b/scripts/generate-ripe-root-cert.py index 3d88c396..3407bc51 100644 --- a/scripts/generate-ripe-root-cert.py +++ b/scripts/generate-ripe-root-cert.py @@ -1,22 +1,22 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse IANA XML data and write out just what we need to generate a root cert for Pseudo-RIPE. - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/guess-roas-from-routeviews.py b/scripts/guess-roas-from-routeviews.py index 403c99bf..d8fb9c4c 100644 --- a/scripts/guess-roas-from-routeviews.py +++ b/scripts/guess-roas-from-routeviews.py @@ -1,6 +1,20 @@ -""" -$Id$ +# $Id$ +# +# Copyright (C) 2009 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +""" Pull RFC 3779 resources from a cert, attempt to mine routeviews (via DNS, using the dnspython toolkit) for what the ROAs might look like for the addresses found in the cert. @@ -14,23 +28,11 @@ it. Do not use output of this script production. Sanity check. Beware of dog. If you issue ROAs using this script and your wallpaper peels, your cat explodes, or your children turn blue, it's your own fault for using this script. You have been warned. - -Copyright (C) 2009 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import sys, dns.resolver, rpki.x509 +import sys +import dns.resolver +import rpki.x509 from rpki.ipaddrs import v4addr from rpki.resource_set import roa_prefix_ipv4, resource_set_ipv4, resource_range_ipv4 diff --git a/scripts/iana-to-csv.py b/scripts/iana-to-csv.py index ee8c53d1..f803a21e 100644 --- a/scripts/iana-to-csv.py +++ b/scripts/iana-to-csv.py @@ -1,21 +1,21 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse IANA XML data. - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/missing-oids.py b/scripts/missing-oids.py index e442828a..16316eac 100644 --- a/scripts/missing-oids.py +++ b/scripts/missing-oids.py @@ -1,21 +1,21 @@ +# $Id$ +# +# Copyright (C) 2008 American Registry for Internet Numbers ("ARIN") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Figure out what OIDs from rpki.oids are missing from dumpasn1's database. - -$Id$ - -Copyright (C) 2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import rpki.POW.pkix, rpki.oids diff --git a/scripts/rcynic-diff.py b/scripts/rcynic-diff.py index aeeeef04..327a7b71 100644 --- a/scripts/rcynic-diff.py +++ b/scripts/rcynic-diff.py @@ -1,21 +1,21 @@ +# $Id$ +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Diff a series of rcynic.xml files, sort of. - -$Id$ - -Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/ripe-asns-to-csv.py b/scripts/ripe-asns-to-csv.py index 78e6f11d..50251ce8 100644 --- a/scripts/ripe-asns-to-csv.py +++ b/scripts/ripe-asns-to-csv.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse a WHOIS research dump and write out (just) the RPKI-relevant fields in myrpki-format CSV syntax. @@ -5,22 +21,6 @@ fields in myrpki-format CSV syntax. NB: The input data for this script is publicly available via FTP, but you'll have to fetch the data from RIPE yourself, and be sure to see the terms and conditions referenced by the data file header comments. - -$Id$ - -Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import gzip diff --git a/scripts/ripe-to-csv.py b/scripts/ripe-to-csv.py index ff069732..b864345b 100644 --- a/scripts/ripe-to-csv.py +++ b/scripts/ripe-to-csv.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse a WHOIS research dump and write out (just) the RPKI-relevant fields in myrpki-format CSV syntax. @@ -18,22 +34,6 @@ Feh. NB: The input data for this script is publicly available via FTP, but you'll have to fetch the data from RIPE yourself, and be sure to see the terms and conditions referenced by the data file header comments. - -$Id$ - -Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import gzip diff --git a/scripts/roa-to-irr.py b/scripts/roa-to-irr.py index d02e1e3a..05ef05aa 100644 --- a/scripts/roa-to-irr.py +++ b/scripts/roa-to-irr.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Generate IRR route and route6 objects from ROAs. @@ -19,23 +35,6 @@ irr_rpsl_submit. The other options allow control of several required fields, to let you change email addresses and so forth if the defaults values aren't right. - - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import os diff --git a/scripts/rrd-rcynic-history.py b/scripts/rrd-rcynic-history.py index fa8717d3..8a0d50a8 100644 --- a/scripts/rrd-rcynic-history.py +++ b/scripts/rrd-rcynic-history.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Parse traffic data out of rynic XML output, whack it a bit, and stuff it into one or more RRDs (Round Robin Databases -- see rrdtool). @@ -8,22 +24,6 @@ elsewhere. This is an initial adaptation of analyze-rcynic-history.py, which uses gnuplot and a shelve database. It's also my first attempt to do anything with rrdtool, so no doubt I'll get half of it wrong. - -$Id$ - -Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import mailbox diff --git a/scripts/show-tracking-data.py b/scripts/show-tracking-data.py index b032160a..07e0a144 100644 --- a/scripts/show-tracking-data.py +++ b/scripts/show-tracking-data.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Show tracking data for a bunch of objects retrieved by rcynic. @@ -5,22 +21,6 @@ This script takes one required argument, which is the name of a directory tree containing the validated outpt of an rcynic run. If you follow the default naming scheme this will be /some/where/rcynic-data/authenticated. - -$Id$ - -Copyright (C) 2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import os diff --git a/scripts/testbed-rootcert.py b/scripts/testbed-rootcert.py index 43885355..0716be2f 100644 --- a/scripts/testbed-rootcert.py +++ b/scripts/testbed-rootcert.py @@ -1,25 +1,25 @@ +# $Id$ +# +# Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Generate config for a test RPKI root certificate for resources specified in asns.csv and prefixes.csv. This script is separate from arin-to-csv.py so that we can convert on the fly rather than having to pull the entire database into memory. - -$Id$ - -Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys diff --git a/scripts/translate-handles.py b/scripts/translate-handles.py index cdff4b77..49848277 100644 --- a/scripts/translate-handles.py +++ b/scripts/translate-handles.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Translate handles from the ones provided in a database dump into the ones we use in our testbed. This has been broken out into a separate @@ -13,22 +29,6 @@ program for two reasons: This program takes a list of .CSV files on its command line, and rewrites them as needed after performing the translation. - -$Id$ - -Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import os diff --git a/scripts/upgrade-add-ghostbusters.py b/scripts/upgrade-add-ghostbusters.py index 8bfd5a81..a8c8a92b 100644 --- a/scripts/upgrade-add-ghostbusters.py +++ b/scripts/upgrade-add-ghostbusters.py @@ -1,22 +1,22 @@ +# $Id$ +# +# Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Add SQL tables needed for Ghostbusters support. Most of the code here lifted from rpki-sql-setup.py - -$Id$ - -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import getopt, sys, rpki.config, warnings diff --git a/scripts/whack-ripe-asns.py b/scripts/whack-ripe-asns.py index b6457918..9c702271 100644 --- a/scripts/whack-ripe-asns.py +++ b/scripts/whack-ripe-asns.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2010 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Fix problems in asns.csv generated from RIPE's database. @@ -19,22 +35,6 @@ set, as the chance of deadlock would approach 100%, but in this case we know that the sort program must consume and buffer (somehow) all of its input before writing a single line of output, so a single script can safely act as a filter both before and after sort. - -$Id$ - -Copyright (C) 2010 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ import sys, subprocess diff --git a/scripts/whack-ripe-prefixes.py b/scripts/whack-ripe-prefixes.py index 58af6b07..52ea3f18 100644 --- a/scripts/whack-ripe-prefixes.py +++ b/scripts/whack-ripe-prefixes.py @@ -1,3 +1,19 @@ +# $Id$ +# +# Copyright (C) 2010 Internet Systems Consortium ("ISC") +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + """ Fix problems in prefixes.csv generated from RIPE's database. @@ -22,25 +38,11 @@ set, as the chance of deadlock would approach 100%, but in this case we know that the sort program must consume and buffer (somehow) all of its input before writing a single line of output, so a single script can safely act as a filter both before and after sort. - -$Id$ - -Copyright (C) 2010 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. """ -import sys, subprocess, rpki.ipaddrs +import sys +import subprocess +import rpki.ipaddrs sorter = subprocess.Popen(("sort", "-T.", "-n"), stdin = subprocess.PIPE, |