From 5a007a74529766b5b27f8e054d4fad79172d2d5c Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 29 Jan 2014 03:33:37 +0000 Subject: Clean up OID database. Would have done this years ago, had I understood how the globals() function works. svn path=/branches/tk671/; revision=5652 --- rpkid/tests/testpoke.py | 1 - 1 file changed, 1 deletion(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/testpoke.py b/rpkid/tests/testpoke.py index 00dbc300..fd5ab206 100644 --- a/rpkid/tests/testpoke.py +++ b/rpkid/tests/testpoke.py @@ -36,7 +36,6 @@ import rpki.http import rpki.config import rpki.exceptions import rpki.relaxng -import rpki.oids import rpki.log import rpki.async -- cgit v1.2.3 From 3b1ad8f97bf44ac0969b218f66f2f6dc420cf506 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 19 Feb 2014 20:42:31 +0000 Subject: Start adding router certificates to test harness. svn path=/branches/tk671/; revision=5669 --- rpkid/tests/old_irdbd.sql | 55 ++++++++++++++++++++++++++++++++++++++--------- rpkid/tests/smoketest.py | 2 +- 2 files changed, 46 insertions(+), 11 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/old_irdbd.sql b/rpkid/tests/old_irdbd.sql index bf324cd8..0f349e2b 100644 --- a/rpkid/tests/old_irdbd.sql +++ b/rpkid/tests/old_irdbd.sql @@ -42,6 +42,9 @@ DROP TABLE IF EXISTS registrant_net; DROP TABLE IF EXISTS registrant_asn; DROP TABLE IF EXISTS registrant; DROP TABLE IF EXISTS ghostbuster_request; +DROP TABLE IF EXISTS ee_certificate_asn; +DROP TABLE IF EXISTS ee_certificate_net; +DROP TABLE IF EXISTS ee_certificate; CREATE TABLE registrant ( registrant_id SERIAL NOT NULL, @@ -54,29 +57,29 @@ CREATE TABLE registrant ( ) ENGINE=InnoDB; CREATE TABLE registrant_asn ( - registrant_asn_id SERIAL NOT NULL, start_as BIGINT UNSIGNED NOT NULL, end_as BIGINT UNSIGNED NOT NULL, registrant_id BIGINT UNSIGNED NOT NULL, - PRIMARY KEY (registrant_asn_id), + PRIMARY KEY (registrant_id, start_as, end_as), CONSTRAINT registrant_asn_registrant_id - FOREIGN KEY (registrant_id) REFERENCES registrant (registrant_id) ON DELETE CASCADE + FOREIGN KEY (registrant_id) REFERENCES registrant (registrant_id) + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB; CREATE TABLE registrant_net ( - registrant_net_id SERIAL NOT NULL, start_ip VARCHAR(40) NOT NULL, end_ip VARCHAR(40) NOT NULL, version TINYINT UNSIGNED NOT NULL, registrant_id BIGINT UNSIGNED NOT NULL, - PRIMARY KEY (registrant_net_id), + PRIMARY KEY (registrant_id, version, start_ip, end_ip), CONSTRAINT registrant_net_registrant_id - FOREIGN KEY (registrant_id) REFERENCES registrant (registrant_id) ON DELETE CASCADE + FOREIGN KEY (registrant_id) REFERENCES registrant (registrant_id) + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB; CREATE TABLE roa_request ( roa_request_id SERIAL NOT NULL, - roa_request_handle VARCHAR(255) NOT NULL, + self_handle VARCHAR(255) NOT NULL, asn BIGINT UNSIGNED NOT NULL, PRIMARY KEY (roa_request_id) ) ENGINE=InnoDB; @@ -89,17 +92,49 @@ CREATE TABLE roa_request_prefix ( roa_request_id BIGINT UNSIGNED NOT NULL, PRIMARY KEY (roa_request_id, prefix, prefixlen, max_prefixlen), CONSTRAINT roa_request_prefix_roa_request_id - FOREIGN KEY (roa_request_id) REFERENCES roa_request (roa_request_id) ON DELETE CASCADE + FOREIGN KEY (roa_request_id) REFERENCES roa_request (roa_request_id) + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB; CREATE TABLE ghostbuster_request ( ghostbuster_request_id SERIAL NOT NULL, - self_handle VARCHAR(40) NOT NULL, - parent_handle VARCHAR(40), + self_handle VARCHAR(255) NOT NULL, + parent_handle VARCHAR(255), vcard LONGBLOB NOT NULL, PRIMARY KEY (ghostbuster_request_id) ) ENGINE=InnoDB; +CREATE TABLE ee_certificate ( + ee_certificate_id SERIAL NOT NULL, + self_handle VARCHAR(255) NOT NULL, + gski VARCHAR(27) NOT NULL, + router_id INT UNSIGNED, + valid_until DATETIME NOT NULL, + PRIMARY KEY (ee_certificate_id), + UNIQUE (self_handle, gski) +) ENGINE=InnoDB; + +CREATE TABLE ee_certificate_asn ( + start_as BIGINT UNSIGNED NOT NULL, + end_as BIGINT UNSIGNED NOT NULL, + ee_certificate_id BIGINT UNSIGNED NOT NULL, + PRIMARY KEY (ee_certificate_id, start_as, end_as), + CONSTRAINT ee_certificate_asn_ee_certificate_id + FOREIGN KEY (ee_certificate_id) REFERENCES ee_certificate (ee_certificate_id) + ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE ee_certificate_net ( + version TINYINT UNSIGNED NOT NULL, + start_ip VARCHAR(40) NOT NULL, + end_ip VARCHAR(40) NOT NULL, + ee_certificate_id BIGINT UNSIGNED NOT NULL, + PRIMARY KEY (ee_certificate_id, version, start_ip, end_ip), + CONSTRAINT ee_certificate_net_ee_certificate_id + FOREIGN KEY (ee_certificate_id) REFERENCES ee_certificate (ee_certificate_id) + ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + -- Local Variables: -- indent-tabs-mode: nil -- End: diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index e9135a42..81eb3a6d 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -757,7 +757,7 @@ class allocation(object): cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)", (v6_range.min, v6_range.max, registrant_id)) cur.execute("UPDATE registrant SET valid_until = %s WHERE registrant_id = %s", (kid.resources.valid_until, registrant_id)) for r in s.roa_requests: - cur.execute("INSERT roa_request (roa_request_handle, asn) VALUES (%s, %s)", (s.name, r.asn)) + cur.execute("INSERT roa_request (self_handle, asn) VALUES (%s, %s)", (s.name, r.asn)) roa_request_id = cur.lastrowid for version, prefix_set in ((4, r.v4), (6, r.v6)): if prefix_set: -- cgit v1.2.3 From 94479e1684e9e89d5f82f4edc1639127f5423e48 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 19 Feb 2014 22:48:22 +0000 Subject: Add router_cert specification to a test configuration. Take advantage of YAML's automatic line folding to make the embedded shell code in some test configurations a bit more readable. svn path=/branches/tk671/; revision=5670 --- rpkid/tests/revoke.yaml | 300 +++++++++++++++++++++++++++++++++++++------ rpkid/tests/smoketest.1.yaml | 14 +- rpkid/tests/smoketest.3.yaml | 22 +++- rpkid/tests/smoketest.7.yaml | 9 +- 4 files changed, 296 insertions(+), 49 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/revoke.yaml b/rpkid/tests/revoke.yaml index c006460d..2edb8335 100644 --- a/rpkid/tests/revoke.yaml +++ b/rpkid/tests/revoke.yaml @@ -49,150 +49,372 @@ kids: ipv4: 10.3.0.44/32 --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 + - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 - --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 rekey: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - name: R0 revoke: - sleep 10 + --- -- shell sleep 1; dir=rcynic.`date +%s`.data; mkdir $dir; cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | xargs ../../../../utils/uri/uri -s >../${dir%.data}.uris; sleep 1 +- shell sleep 1; + dir=rcynic.`date +%s`.data; mkdir $dir; + cd rcynic-data; + pax -rwl . ../$dir; find . -type f -name '*.cer' | + sort | + xargs ../../../../utils/uri/uri -s + >../${dir%.data}.uris; + sleep 1 - sleep 30 diff --git a/rpkid/tests/smoketest.1.yaml b/rpkid/tests/smoketest.1.yaml index 455e14d6..914aaae4 100644 --- a/rpkid/tests/smoketest.1.yaml +++ b/rpkid/tests/smoketest.1.yaml @@ -40,14 +40,21 @@ kids: roa_request: - asn: 42 ipv4: 192.0.2.32/32 + router_cert: + - router_id: 666 + asn: 42 - name: Bob ipv4: 192.0.2.44-192.0.2.100 ipv4: 10.3.0.0/16 roa_request: - asn: 666 ipv4: 10.3.0.44/32 + --- -- shell set -x; rtr_origin='python ../../../rtr-origin/rtr-origin.py'; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show +- shell set -x; + rtr_origin='python ../../../rtr-origin/rtr-origin.py'; + $rtr_origin --cronjob rcynic-data/authenticated && + $rtr_origin --show --- - name: R0 rekey: @@ -62,7 +69,10 @@ kids: - asn: 17 ipv4: 10.3.0.1/32, 10.0.0.44/32 --- -- shell set -x; rtr_origin='python ../../../rtr-origin/rtr-origin.py'; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show +- shell set -x; + rtr_origin='python ../../../rtr-origin/rtr-origin.py'; + $rtr_origin --cronjob rcynic-data/authenticated && + $rtr_origin --show --- - sleep 30 --- diff --git a/rpkid/tests/smoketest.3.yaml b/rpkid/tests/smoketest.3.yaml index f7e4d2a9..e6a10a12 100644 --- a/rpkid/tests/smoketest.3.yaml +++ b/rpkid/tests/smoketest.3.yaml @@ -50,13 +50,20 @@ kids: - asn: 666 ipv4: 10.3.0.0/23 --- -#- shell find publication -type f -name '*.roa' -print -exec ../../../utils/print_roa/print_roa {} \; -#- shell find publication -type f -name '*.mft' -print -exec ../../../utils/print_manifest/print_manifest {} \; +#- shell find publication -type f -name '*.roa' +# -print -exec ../../../utils/print_roa/print_roa {} \; +#- shell find publication -type f -name '*.mft' +# -print -exec ../../../utils/print_manifest/print_manifest {} \; #--- -#- shell find publication -type f -name '*.roa' -print -exec ../../../utils/print_roa/print_roa {} \; -#- shell find publication -type f -name '*.mft' -print -exec ../../../utils/print_manifest/print_manifest {} \; +#- shell find publication -type f -name '*.roa' +# -print -exec ../../../utils/print_roa/print_roa {} \; +#- shell find publication -type f -name '*.mft' +# -print -exec ../../../utils/print_manifest/print_manifest {} \; #--- -- shell set -x; rtr_origin=../../../rtr-origin/rtr-origin; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show +- shell set -x; + rtr_origin=../../../rtr-origin/rtr-origin; + $rtr_origin --cronjob rcynic-data/authenticated && + $rtr_origin --show --- - name: Alice roa_request_del: @@ -68,4 +75,7 @@ kids: ipv4: 192.0.2.0/30-32,192.0.2.32/32 ipv6: 2002:0a00::/32-128 --- -- shell set -x; rtr_origin=../../../rtr-origin/rtr-origin; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show +- shell set -x; + rtr_origin=../../../rtr-origin/rtr-origin; + $rtr_origin --cronjob rcynic-data/authenticated && + $rtr_origin --show diff --git a/rpkid/tests/smoketest.7.yaml b/rpkid/tests/smoketest.7.yaml index 84c98a31..fedd2fff 100644 --- a/rpkid/tests/smoketest.7.yaml +++ b/rpkid/tests/smoketest.7.yaml @@ -68,5 +68,10 @@ roa_request: ipv4: 208.91.236.0/22,203.33.196.0/24,203.27.251.0/24,198.80.148.0/24,198.80.131.0/24,157.130.103.144/30,140.222.224.0/24,65.243.171.0/24,63.122.162.212/30,63.116.191.0/24,63.81.136.0/24,17.0.0.0/8,17.128.0.0/9 --- -- shell set -x; find publication -type f -name '*.roa' -print -exec ../../../utils/print_roa/print_roa {} \; -- shell set -x; rtr_origin=../../../rtr-origin/rtr-origin; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show +- shell set -x; + find publication -type f -name '*.roa' + -print -exec ../../../utils/print_roa/print_roa {} \; + ; + rtr_origin=../../../rtr-origin/rtr-origin; + $rtr_origin --cronjob rcynic-data/authenticated && + $rtr_origin --show -- cgit v1.2.3 From f462c189577d261319432d4f7249c57d8fd1930a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 20 Feb 2014 02:32:50 +0000 Subject: Reformat some bits that were so bad I couldn't read them. svn path=/branches/tk671/; revision=5671 --- rpkid/tests/smoketest.py | 106 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 79 insertions(+), 27 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 81eb3a6d..00b08fd9 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -228,7 +228,8 @@ def main(): rootd_process = subprocess.Popen((prog_python, prog_rootd, "-d", "-c", rootd_name + ".conf")) rpki.log.info("Starting pubd") - pubd_process = subprocess.Popen((prog_python, prog_pubd, "-d", "-c", pubd_name + ".conf") + (("-p", pubd_name + ".prof") if args.profile else ())) + pubd_process = subprocess.Popen((prog_python, prog_pubd, "-d", "-c", pubd_name + ".conf") + + (("-p", pubd_name + ".prof") if args.profile else ())) rpki.log.info("Starting rsyncd") rsyncd_process = subprocess.Popen((prog_rsyncd, "--daemon", "--no-detach", "--config", rsyncd_name + ".conf")) @@ -588,10 +589,12 @@ class allocation(object): raise CantRekeyYAMLLeaf, "Can't rekey YAML leaf %s, sorry" % self.name elif target is None: rpki.log.info("Rekeying %s" % self.name) - self.call_rpkid([rpki.left_right.self_elt.make_pdu(action = "set", self_handle = self.name, rekey = "yes")], cb = done) + self.call_rpkid([rpki.left_right.self_elt.make_pdu( + action = "set", self_handle = self.name, rekey = "yes")], cb = done) else: rpki.log.info("Rekeying %s %s" % (self.name, target)) - self.call_rpkid([rpki.left_right.parent_elt.make_pdu(action = "set", self_handle = self.name, parent_handle = target, rekey = "yes")], cb = done) + self.call_rpkid([rpki.left_right.parent_elt.make_pdu( + action = "set", self_handle = self.name, parent_handle = target, rekey = "yes")], cb = done) def apply_revoke(self, target, cb): @@ -607,10 +610,12 @@ class allocation(object): cb() elif target is None: rpki.log.info("Revoking %s" % self.name) - self.call_rpkid([rpki.left_right.self_elt.make_pdu(action = "set", self_handle = self.name, revoke = "yes")], cb = done) + self.call_rpkid([rpki.left_right.self_elt.make_pdu( + action = "set", self_handle = self.name, revoke = "yes")], cb = done) else: rpki.log.info("Revoking %s %s" % (self.name, target)) - self.call_rpkid([rpki.left_right.parent_elt.make_pdu(action = "set", self_handle = self.name, parent_handle = target, revoke = "yes")], cb = done) + self.call_rpkid([rpki.left_right.parent_elt.make_pdu( + action = "set", self_handle = self.name, parent_handle = target, revoke = "yes")], cb = done) def __str__(self): s = self.name + "\n" @@ -747,21 +752,28 @@ class allocation(object): cur.execute("DELETE FROM roa_request") for s in [self] + self.hosts: for kid in s.kids: - cur.execute("SELECT registrant_id FROM registrant WHERE registrant_handle = %s AND registry_handle = %s", (kid.name, s.name)) + cur.execute("SELECT registrant_id FROM registrant WHERE registrant_handle = %s AND registry_handle = %s", + (kid.name, s.name)) registrant_id = cur.fetchone()[0] for as_range in kid.resources.asn: - cur.execute("INSERT registrant_asn (start_as, end_as, registrant_id) VALUES (%s, %s, %s)", (as_range.min, as_range.max, registrant_id)) + cur.execute("INSERT registrant_asn (start_as, end_as, registrant_id) VALUES (%s, %s, %s)", + (as_range.min, as_range.max, registrant_id)) for v4_range in kid.resources.v4: - cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 4, %s)", (v4_range.min, v4_range.max, registrant_id)) + cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 4, %s)", + (v4_range.min, v4_range.max, registrant_id)) for v6_range in kid.resources.v6: - cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)", (v6_range.min, v6_range.max, registrant_id)) - cur.execute("UPDATE registrant SET valid_until = %s WHERE registrant_id = %s", (kid.resources.valid_until, registrant_id)) + cur.execute("INSERT registrant_net (start_ip, end_ip, version, registrant_id) VALUES (%s, %s, 6, %s)", + (v6_range.min, v6_range.max, registrant_id)) + cur.execute("UPDATE registrant SET valid_until = %s WHERE registrant_id = %s", + (kid.resources.valid_until, registrant_id)) for r in s.roa_requests: - cur.execute("INSERT roa_request (self_handle, asn) VALUES (%s, %s)", (s.name, r.asn)) + cur.execute("INSERT roa_request (self_handle, asn) VALUES (%s, %s)", + (s.name, r.asn)) roa_request_id = cur.lastrowid for version, prefix_set in ((4, r.v4), (6, r.v6)): if prefix_set: - cur.executemany("INSERT roa_request_prefix (roa_request_id, prefix, prefixlen, max_prefixlen, version) VALUES (%s, %s, %s, %s, %s)", + cur.executemany("INSERT roa_request_prefix (roa_request_id, prefix, prefixlen, max_prefixlen, version) " + "VALUES (%s, %s, %s, %s, %s)", ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) for x in prefix_set)) db.close() @@ -770,7 +782,8 @@ class allocation(object): Run daemons for this entity. """ rpki.log.info("Running daemons for %s" % self.name) - self.rpkid_process = subprocess.Popen((prog_python, prog_rpkid, "-d", "-c", self.name + ".conf") + (("-p", self.name + ".prof") if args.profile else ())) + self.rpkid_process = subprocess.Popen((prog_python, prog_rpkid, "-d", "-c", self.name + ".conf") + + (("-p", self.name + ".prof") if args.profile else ())) self.irdbd_process = subprocess.Popen((prog_python, prog_irdbd, "-d", "-c", self.name + ".conf")) def kill_daemons(self): @@ -974,7 +987,8 @@ class allocation(object): bpki_cms_cert = s.cross_certify(s.parent.name + "-SELF"), sender_name = s.name, recipient_name = s.parent.name, - peer_contact_uri = "http://localhost:%s/up-down/%s/%s" % (s.parent.get_rpki_port(), s.parent.name, s.name))) + peer_contact_uri = "http://localhost:%s/up-down/%s/%s" % (s.parent.get_rpki_port(), + s.parent.name, s.name))) def one(): call_pubd(pubd_pdus, cb = two) @@ -992,7 +1006,8 @@ class allocation(object): b = bsc_dict[s.name] rpki.log.info("Issuing BSC EE cert for %s" % s.name) - cmd = (prog_openssl, "x509", "-req", "-sha256", "-extfile", s.name + "-RPKI.conf", "-extensions", "req_x509_ext", "-days", "30", + cmd = (prog_openssl, "x509", "-req", "-sha256", "-extfile", s.name + "-RPKI.conf", + "-extensions", "req_x509_ext", "-days", "30", "-CA", s.name + "-SELF.cer", "-CAkey", s.name + "-SELF.key", "-CAcreateserial", "-text") signer = subprocess.Popen(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE) signed = signer.communicate(input = b.pkcs10_request.get_PEM()) @@ -1248,8 +1263,8 @@ def set_pubd_crl(cb): updated whenever we update the CRL. """ rpki.log.info("Setting pubd's BPKI CRL") - call_pubd([rpki.publication.config_elt.make_pdu(action = "set", bpki_crl = rpki.x509.CRL(Auto_file = pubd_name + "-TA.crl"))], - cb = lambda ignored: cb()) + crl = rpki.x509.CRL(Auto_file = pubd_name + "-TA.crl") + call_pubd([rpki.publication.config_elt.make_pdu(action = "set", bpki_crl = crl)], cb = lambda ignored: cb()) last_rcynic_run = None @@ -1314,22 +1329,44 @@ bpki_cert_fmt_2 = '''\ ''' bpki_cert_fmt_3 = '''\ -%(openssl)s req -new -sha256 -key %(name)s-%(kind)s.key -out %(name)s-%(kind)s.req -config %(name)s-%(kind)s.conf && +%(openssl)s req -new \ + -sha256 \ + -key %(name)s-%(kind)s.key \ + -out %(name)s-%(kind)s.req \ + -config %(name)s-%(kind)s.conf && touch %(name)s-%(kind)s.idx && echo >%(name)s-%(kind)s.cnm 01 && ''' bpki_cert_fmt_4 = '''\ -%(openssl)s x509 -req -sha256 -in %(name)s-TA.req -out %(name)s-TA.cer -extfile %(name)s-TA.conf -extensions req_x509_ext -signkey %(name)s-TA.key -days 60 -text \ +%(openssl)s x509 -req -sha256 \ + -in %(name)s-TA.req \ + -out %(name)s-TA.cer \ + -extfile %(name)s-TA.conf \ + -extensions req_x509_ext \ + -signkey %(name)s-TA.key \ + -days 60 -text \ ''' bpki_cert_fmt_5 = ''' && \ -%(openssl)s x509 -req -sha256 -in %(name)s-%(kind)s.req -out %(name)s-%(kind)s.cer -extfile %(name)s-%(kind)s.conf -extensions req_x509_ext -days 30 -text \ - -CA %(name)s-TA.cer -CAkey %(name)s-TA.key -CAcreateserial \ +%(openssl)s x509 -req \ + -sha256 \ + -in %(name)s-%(kind)s.req \ + -out %(name)s-%(kind)s.cer \ + -extfile %(name)s-%(kind)s.conf \ + -extensions req_x509_ext \ + -days 30 \ + -text \ + -CA %(name)s-TA.cer \ + -CAkey %(name)s-TA.key \ + -CAcreateserial \ ''' bpki_cert_fmt_6 = ''' && \ -%(openssl)s ca -batch -gencrl -out %(name)s-%(kind)s.crl -config %(name)s-%(kind)s.conf \ +%(openssl)s ca -batch \ + -gencrl \ + -out %(name)s-%(kind)s.crl \ + -config %(name)s-%(kind)s.conf \ ''' yaml_fmt_1 = '''--- @@ -1467,11 +1504,16 @@ authorityKeyIdentifier = keyid:always basicConstraints = critical,CA:true subjectKeyIdentifier = hash keyUsage = critical,keyCertSign,cRLSign -subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:%(rootd_sia)sroot/,1.3.6.1.5.5.7.48.10;URI:%(rootd_sia)sroot/root.mft +subjectInfoAccess = @sia sbgp-autonomousSysNum = critical,AS:0-4294967295 sbgp-ipAddrBlock = critical,IPv4:0.0.0.0/0,IPv6:0::/0 certificatePolicies = critical, @rpki_certificate_policy +[sia] + +1.3.6.1.5.5.7.48.5;URI = %(rootd_sia)sroot/ +1.3.6.1.5.5.7.48.10;URI = %(rootd_sia)sroot/root.mft + [rpki_certificate_policy] policyIdentifier = 1.3.6.1.5.5.7.14.2 @@ -1484,10 +1526,20 @@ rootd_fmt_2 = '''\ rootd_fmt_3 = '''\ echo >%(rootd_name)s.tal %(rootd_sia)sroot.cer && echo >>%(rootd_name)s.tal && -%(openssl)s rsa -pubout -in root.key | awk '!/-----(BEGIN|END)/' >>%(rootd_name)s.tal && -%(openssl)s req -new -sha256 -key root.key -out %(rootd_name)s.req -config %(rootd_name)s.conf -text -extensions req_x509_rpki_ext && -%(openssl)s x509 -req -sha256 -in %(rootd_name)s.req -out root.cer -outform DER -extfile %(rootd_name)s.conf -extensions req_x509_rpki_ext \ - -signkey root.key && +%(openssl)s rsa -pubout -in root.key | +awk '!/-----(BEGIN|END)/' >>%(rootd_name)s.tal && +%(openssl)s req -new -text -sha256 \ + -key root.key \ + -out %(rootd_name)s.req \ + -config %(rootd_name)s.conf \ + -extensions req_x509_rpki_ext && +%(openssl)s x509 -req -sha256 \ + -in %(rootd_name)s.req \ + -out root.cer \ + -outform DER \ + -extfile %(rootd_name)s.conf \ + -extensions req_x509_rpki_ext \ + -signkey root.key && ln -f root.cer %(rsyncd_dir)s ''' -- cgit v1.2.3 From 8453e66ddfbee5fdf8ab3bc94e88104dae50980b Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 20 Feb 2014 02:42:33 +0000 Subject: Remove dead code (old .is_leaf property, not used for years now). svn path=/branches/tk671/; revision=5672 --- rpkid/tests/smoketest.py | 50 +++++++++++++----------------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 00b08fd9..043acbde 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -249,10 +249,6 @@ def main(): def created_rpki_objects(): - # Setup keys and certs and write YAML files for leaves - for a in db.leaves: - a.setup_yaml_leaf() - # Set pubd's BPKI CRL set_pubd_crl(yaml_loop) @@ -269,10 +265,6 @@ def main(): def run_yaml(): - # Run all YAML clients - for a in db.leaves: - a.run_yaml() - # Run rcynic to check results run_rcynic() @@ -414,7 +406,6 @@ class allocation_db(list): self.root.closure() self.map = dict((a.name, a) for a in self) self.engines = [a for a in self if a.is_engine] - self.leaves = [a for a in self if a.is_leaf] for i, a in enumerate(self.engines): a.set_engine_number(i) for a in self: @@ -585,9 +576,7 @@ class allocation(object): raise e cb() - if self.is_leaf: - raise CantRekeyYAMLLeaf, "Can't rekey YAML leaf %s, sorry" % self.name - elif target is None: + if target is None: rpki.log.info("Rekeying %s" % self.name) self.call_rpkid([rpki.left_right.self_elt.make_pdu( action = "set", self_handle = self.name, rekey = "yes")], cb = done) @@ -604,11 +593,7 @@ class allocation(object): raise e cb() - if self.is_leaf: - rpki.log.info("Attempting to revoke YAML leaf %s" % self.name) - subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "revoke")) - cb() - elif target is None: + if target is None: rpki.log.info("Revoking %s" % self.name) self.call_rpkid([rpki.left_right.self_elt.make_pdu( action = "set", self_handle = self.name, revoke = "yes")], cb = done) @@ -627,10 +612,6 @@ class allocation(object): if self.sia_base: s += " SIA: %s\n" % self.sia_base return s + "Until: %s\n" % self.resources.valid_until - @property - def is_leaf(self): - #return not self.kids and not self.roa_requests - return False @property def is_root(self): @@ -638,7 +619,7 @@ class allocation(object): @property def is_twig(self): - return not self.is_leaf and not self.is_root + return not self.is_root @property def is_hosted(self): @@ -646,7 +627,7 @@ class allocation(object): @property def is_engine(self): - return not self.is_leaf and not self.is_hosted + return not self.is_hosted def set_engine_number(self, n): """ @@ -673,16 +654,13 @@ class allocation(object): Create BPKI certificates for this entity. """ rpki.log.info("Constructing BPKI keys and certs for %s" % self.name) - if self.is_leaf: - setup_bpki_cert_chain(self.name, ee = ("RPKI",)) - else: - setup_bpki_cert_chain(name = self.name, - ee = ("RPKI", "IRDB", "IRBE"), - ca = ("SELF",)) - self.rpkid_ta = rpki.x509.X509(PEM_file = self.name + "-TA.cer") - self.irbe_key = rpki.x509.RSA( PEM_file = self.name + "-IRBE.key") - self.irbe_cert = rpki.x509.X509(PEM_file = self.name + "-IRBE.cer") - self.rpkid_cert = rpki.x509.X509(PEM_file = self.name + "-RPKI.cer") + setup_bpki_cert_chain(name = self.name, + ee = ("RPKI", "IRDB", "IRBE"), + ca = ("SELF",)) + self.rpkid_ta = rpki.x509.X509(PEM_file = self.name + "-TA.cer") + self.irbe_key = rpki.x509.RSA( PEM_file = self.name + "-IRBE.key") + self.irbe_cert = rpki.x509.X509(PEM_file = self.name + "-IRBE.cer") + self.rpkid_cert = rpki.x509.X509(PEM_file = self.name + "-RPKI.cer") def setup_conf_file(self): """ @@ -857,8 +835,6 @@ class allocation(object): if reverse: certifier = certificant certificant = self.name + "-SELF" - elif self.is_leaf: - certifier = self.name + "-TA" else: certifier = self.name + "-SELF" certfile = certifier + "-" + certificant + ".cer" @@ -914,7 +890,7 @@ class allocation(object): #10 requests we get back when we tell rpkid to generate BSC keys. """ - assert not self.is_hosted and not self.is_leaf + assert not self.is_hosted selves = [self] + self.hosts @@ -961,7 +937,7 @@ class allocation(object): self_handle = s.name, child_handle = k.name, bsc_handle = "b", - bpki_cert = s.cross_certify(k.name + ("-TA" if k.is_leaf else "-SELF")))) + bpki_cert = s.cross_certify(k.name + "-SELF"))) if s.is_root: rootd_cert = s.cross_certify(rootd_name + "-TA") -- cgit v1.2.3 From 065c44e912a7fca14ae641a09aa89d0a573c3cdf Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 20 Feb 2014 06:43:48 +0000 Subject: Checkpoint. Now generating something that looks a bit like a router cert, but not right yet: RSA where should be ECDSA, EKU missing, and EE certificate class's .reissue() method isn't working properly yet. svn path=/branches/tk671/; revision=5673 --- rpkid/tests/old_irdbd.sql | 1 + rpkid/tests/smoketest.py | 66 +++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 2 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/old_irdbd.sql b/rpkid/tests/old_irdbd.sql index 0f349e2b..1e5b6d28 100644 --- a/rpkid/tests/old_irdbd.sql +++ b/rpkid/tests/old_irdbd.sql @@ -107,6 +107,7 @@ CREATE TABLE ghostbuster_request ( CREATE TABLE ee_certificate ( ee_certificate_id SERIAL NOT NULL, self_handle VARCHAR(255) NOT NULL, + pkcs10 LONGBLOB NOT NULL, gski VARCHAR(27) NOT NULL, router_id INT UNSIGNED, valid_until DATETIME NOT NULL, diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 043acbde..7f284550 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -375,6 +375,38 @@ class roa_request(object): def parse(cls, yaml): return cls(yaml.get("asn"), yaml.get("ipv4"), yaml.get("ipv6")) +class router_cert(object): + """ + Representation for a router_cert object. + """ + + def __init__(self, asn, router_id): + self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) + self.router_id = router_id + + rpki.log.warn("Code to generate ECDSA keys not written yet, generating RSA as hack for testing") + self.keypair = rpki.x509.RSA.generate() + self.pkcs10 = rpki.x509.PKCS10.create( + keypair = self.keypair, + cn = "ROUTER-%d" % self.asn[0].min, + sn = self.router_id, + eku = (rpki.oids.id_kp_bgpsec_router,)) + self.gski = self.pkcs10.gSKI() + + def __eq__(self, other): + return self.asn == other.asn and self.router_id == other.router_id and self.gski == other.gski + + def __hash__(self): + v6 = tuple(self.v6) if self.v6 is not None else None + return tuple(self.asn).__hash__() + router_id.__hash__() + self.gski.__hash__() + + def __str__(self): + return "%s: %s: %s" % (self.asn, self.router_id, self.gski) + + @classmethod + def parse(cls, yaml): + return cls(yaml.get("asn"), yaml.get("router_id")) + class allocation_db(list): """ Representation of all the entities and allocations in the test @@ -485,6 +517,9 @@ class allocation(object): self.base.v4 |= r.v4.to_resource_set() if r.v6: self.base.v6 |= r.v6.to_resource_set() + self.router_certs = [router_cert.parse(y) for y in yaml.get("router_cert", ())] + for r in self.router_certs: + self.base.asn |= r.asn self.hosted_by = yaml.get("hosted_by") self.extra_conf = yaml.get("extra_conf", []) self.hosts = [] @@ -568,6 +603,20 @@ class allocation(object): self.roa_requests.remove(r) cb() + def apply_router_cert_add(self, yaml, cb): + for y in yaml: + r = router_cert.parse(y) + if r not in self.router_certs: + self.router_certs.append(r) + cb() + + def apply_router_cert_del(self, yaml, cb): + for y in yaml: + r = router_cert.parse(y) + if r in self.router_certs: + self.router_certs.remove(r) + cb() + def apply_rekey(self, target, cb): def done(e): @@ -728,6 +777,10 @@ class allocation(object): cur.execute("DELETE FROM registrant_net") cur.execute("DELETE FROM roa_request_prefix") cur.execute("DELETE FROM roa_request") + cur.execute("DELETE FROM ee_certificate_asn") + cur.execute("DELETE FROM ee_certificate_net") + cur.execute("DELETE FROM ee_certificate") + for s in [self] + self.hosts: for kid in s.kids: cur.execute("SELECT registrant_id FROM registrant WHERE registrant_handle = %s AND registry_handle = %s", @@ -750,9 +803,18 @@ class allocation(object): roa_request_id = cur.lastrowid for version, prefix_set in ((4, r.v4), (6, r.v6)): if prefix_set: - cur.executemany("INSERT roa_request_prefix (roa_request_id, prefix, prefixlen, max_prefixlen, version) " + cur.executemany("INSERT roa_request_prefix " + "(roa_request_id, prefix, prefixlen, max_prefixlen, version) " "VALUES (%s, %s, %s, %s, %s)", - ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) for x in prefix_set)) + ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) + for x in prefix_set)) + for r in s.router_certs: + cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, router_id, valid_until) " + "VALUES (%s, %s, %s, %s, %s)", + (s.name, r.pkcs10.get_DER(), r.gski, r.router_id, s.resources.valid_until)) + ee_certificate_id = cur.lastrowid + cur.executemany("INSERT ee_certificate_asn (ee_certificate_id, start_as, end_as) VALUES (%s, %s, %s)", + ((ee_certificate_id, a.min, a.max) for a in r.asn)) db.close() def run_daemons(self): -- cgit v1.2.3 From 401bbea99c1ba43ae0987b6346c65293a8efafa0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 20 Feb 2014 23:03:11 +0000 Subject: Whack RSA-specific code to a more general API using PrivateKey and PublicKey classes, with RSA and ECDSA as subclasses extending PrivateKey. Revised API not necessarily in final form yet, but good enough for smoketest to generate ECDSA keys for testing router certs. svn path=/branches/tk671/; revision=5679 --- rpkid/tests/smoketest.py | 14 +++++++++++--- rpkid/tests/yamlconf.py | 4 ++-- rpkid/tests/yamltest.py | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 7f284550..5512b5bc 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -134,6 +134,8 @@ pubd_pubd_cert = None pubd_last_cms_time = None +ecdsa_params = None + class CantRekeyYAMLLeaf(Exception): """ Can't rekey YAML leaf. @@ -380,12 +382,18 @@ class router_cert(object): Representation for a router_cert object. """ + _ecparams = None + + @classmethod + def ecparams(cls): + if cls._ecparams is None: + cls._ecparams = rpki.x509.KeyParams.generateEC() + return cls._ecparams + def __init__(self, asn, router_id): self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) self.router_id = router_id - - rpki.log.warn("Code to generate ECDSA keys not written yet, generating RSA as hack for testing") - self.keypair = rpki.x509.RSA.generate() + self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) self.pkcs10 = rpki.x509.PKCS10.create( keypair = self.keypair, cn = "ROUTER-%d" % self.asn[0].min, diff --git a/rpkid/tests/yamlconf.py b/rpkid/tests/yamlconf.py index 81698fbf..3c71d3cd 100644 --- a/rpkid/tests/yamlconf.py +++ b/rpkid/tests/yamlconf.py @@ -467,7 +467,7 @@ class allocation(object): root_cert = rpki.x509.X509.self_certify( keypair = root_key, - subject_key = root_key.get_RSApublic(), + subject_key = root_key.get_public(), serial = 1, sia = root_sia, notAfter = rpki.sundial.now() + rpki.sundial.timedelta(days = 365), @@ -481,7 +481,7 @@ class allocation(object): with open(cleanpath(test_dir, "root.tal"), "w") as f: f.write("rsync://%s/root/root.cer\n\n%s" % ( - self.rsync_server, root_key.get_RSApublic().get_Base64())) + self.rsync_server, root_key.get_public().get_Base64())) def mkdir(self, *path): path = self.path(*path) diff --git a/rpkid/tests/yamltest.py b/rpkid/tests/yamltest.py index 08da81f3..9131a595 100644 --- a/rpkid/tests/yamltest.py +++ b/rpkid/tests/yamltest.py @@ -553,7 +553,7 @@ def create_root_certificate(db_root): root_cert = rpki.x509.X509.self_certify( keypair = root_key, - subject_key = root_key.get_RSApublic(), + subject_key = root_key.get_public(), serial = 1, sia = root_sia, notAfter = rpki.sundial.now() + rpki.sundial.timedelta(days = 365), @@ -569,7 +569,7 @@ def create_root_certificate(db_root): f = open(os.path.join(test_dir, "root.tal"), "w") f.write("rsync://localhost:%d/root/root.cer\n\n" % db_root.pubd.rsync_port) - f.write(root_key.get_RSApublic().get_Base64()) + f.write(root_key.get_public().get_Base64()) f.close() -- cgit v1.2.3 From a25c336c1d7752b60a251fcce51f2fbd81d930bf Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 21 Feb 2014 02:05:36 +0000 Subject: Add router certificate support to yamltest, rpkic, etc. svn path=/branches/tk671/; revision=5680 --- rpkid/tests/smoketest.py | 2 +- rpkid/tests/yamltest.py | 67 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 5512b5bc..b81117ae 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -387,7 +387,7 @@ class router_cert(object): @classmethod def ecparams(cls): if cls._ecparams is None: - cls._ecparams = rpki.x509.KeyParams.generateEC() + cls._ecparams = rpki.x509.KeyParams.generateEC() return cls._ecparams def __init__(self, asn, router_id): diff --git a/rpkid/tests/yamltest.py b/rpkid/tests/yamltest.py index 9131a595..1b52ced6 100644 --- a/rpkid/tests/yamltest.py +++ b/rpkid/tests/yamltest.py @@ -46,12 +46,14 @@ import sys import yaml import signal import time +import lxml.etree import rpki.resource_set import rpki.sundial import rpki.config import rpki.log import rpki.csv_utils import rpki.x509 +import rpki.relaxng # Nasty regular expressions for parsing config files. Sadly, while # the Python ConfigParser supports writing config files, it does so in @@ -109,6 +111,45 @@ class roa_request(object): """ return cls(y.get("asn"), y.get("ipv4"), y.get("ipv6")) + +class router_cert(object): + """ + Representation for a router_cert object. + """ + + _ecparams = None + + @classmethod + def ecparams(cls): + if cls._ecparams is None: + cls._ecparams = rpki.x509.KeyParams.generateEC() + return cls._ecparams + + def __init__(self, asn, router_id): + self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) + self.router_id = router_id + self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) + self.pkcs10 = rpki.x509.PKCS10.create( + keypair = self.keypair, + cn = "ROUTER-%d" % self.asn[0].min, + sn = self.router_id, + eku = (rpki.oids.id_kp_bgpsec_router,)) + self.gski = self.pkcs10.gSKI() + + def __eq__(self, other): + return self.asn == other.asn and self.router_id == other.router_id and self.gski == other.gski + + def __hash__(self): + v6 = tuple(self.v6) if self.v6 is not None else None + return tuple(self.asn).__hash__() + router_id.__hash__() + self.gski.__hash__() + + def __str__(self): + return "%s: %s: %s" % (self.asn, self.router_id, self.gski) + + @classmethod + def parse(cls, yaml): + return cls(yaml.get("asn"), yaml.get("router_id")) + class allocation_db(list): """ Our allocation database. @@ -207,6 +248,7 @@ class allocation(object): if "regen_margin" in yaml: self.regen_margin = rpki.sundial.timedelta.parse(yaml["regen_margin"]).convert_to_seconds() self.roa_requests = [roa_request.parse(y) for y in yaml.get("roa_request", yaml.get("route_origin", ()))] + self.router_certs = [router_cert.parse(y) for y in yaml.get("router_cert", ())] if "ghostbusters" in yaml: self.ghostbusters = yaml.get("ghostbusters") elif "ghostbuster" in yaml: @@ -218,6 +260,8 @@ class allocation(object): self.base.v4 |= r.v4.to_resource_set() if r.v6: self.base.v6 |= r.v6.to_resource_set() + for r in self.router_certs: + self.base.asn |= r.asn self.hosted_by = yaml.get("hosted_by") self.hosts = [] if not self.is_hosted: @@ -365,6 +409,28 @@ class allocation(object): if not args.stop_after_config: self.run_rpkic("load_ghostbuster_requests", fn) + def dump_router_certificates(self): + """ + Write EE certificates (router certificates, etc). + """ + if self.router_certs: + fn = "%s.routercerts.xml" % d.name + if not args.skip_config: + path = self.path(fn) + print "Writing", path + xmlns = "{http://www.hactrn.net/uris/rpki/router-certificate/}" + xml = lxml.etree.Element(xmlns + "router_certificate_requests", version = "1") + for r in self.router_certs: + x = lxml.etree.SubElement(xml, xmlns + "router_certificate_request", + router_id = str(r.router_id), + asn = str(r.asn), + valid_until = str(self.resources.valid_until)) + x.text = r.pkcs10.get_Base64() + rpki.relaxng.router_certificate.assertValid(xml) + lxml.etree.ElementTree(xml).write(path, pretty_print = True) + if not args.stop_after_config: + self.run_rpkic("add_router_certificate_request", fn) + @property def pubd(self): """ @@ -761,6 +827,7 @@ try: d.dump_prefixes() d.dump_roas() d.dump_ghostbusters() + d.dump_router_certificates() # Wait until something terminates. -- cgit v1.2.3 From de95fb9525bf5f1ced2fb90924b31b78494e1e87 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 25 Feb 2014 20:46:05 +0000 Subject: Something broke MySQLdb on my laptop during a recent upgrade, and I have better things to do than shaving that particular yak today. So I'm committing untested changes (to a development branch that nobody but me is using) so I can test them on a working development platform. svn path=/branches/tk671/; revision=5682 --- rpkid/tests/old_irdbd.sql | 4 +++- rpkid/tests/smoketest.py | 16 ++++++++-------- rpkid/tests/yamltest.py | 4 +--- 3 files changed, 12 insertions(+), 12 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/old_irdbd.sql b/rpkid/tests/old_irdbd.sql index 1e5b6d28..cef319a4 100644 --- a/rpkid/tests/old_irdbd.sql +++ b/rpkid/tests/old_irdbd.sql @@ -109,7 +109,9 @@ CREATE TABLE ee_certificate ( self_handle VARCHAR(255) NOT NULL, pkcs10 LONGBLOB NOT NULL, gski VARCHAR(27) NOT NULL, - router_id INT UNSIGNED, + cn VARCHAR(64), + sn VARCHAR(64), + eku TEXT, valid_until DATETIME NOT NULL, PRIMARY KEY (ee_certificate_id), UNIQUE (self_handle, gski) diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index b81117ae..1d9e600a 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -396,20 +396,20 @@ class router_cert(object): self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) self.pkcs10 = rpki.x509.PKCS10.create( keypair = self.keypair, - cn = "ROUTER-%d" % self.asn[0].min, - sn = self.router_id, eku = (rpki.oids.id_kp_bgpsec_router,)) self.gski = self.pkcs10.gSKI() + self.cn = "ROUTER-%08x" % self.asn[0].min + self.sn = "%08x" % self.router_id def __eq__(self, other): - return self.asn == other.asn and self.router_id == other.router_id and self.gski == other.gski + return self.asn == other.asn and self.sn == other.sn and self.gski == other.gski def __hash__(self): v6 = tuple(self.v6) if self.v6 is not None else None - return tuple(self.asn).__hash__() + router_id.__hash__() + self.gski.__hash__() + return tuple(self.asn).__hash__() + sn.__hash__() + self.gski.__hash__() def __str__(self): - return "%s: %s: %s" % (self.asn, self.router_id, self.gski) + return "%s: %s: %s" % (self.asn, self.cn, self.sn, self.gski) @classmethod def parse(cls, yaml): @@ -817,9 +817,9 @@ class allocation(object): ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) for x in prefix_set)) for r in s.router_certs: - cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, router_id, valid_until) " - "VALUES (%s, %s, %s, %s, %s)", - (s.name, r.pkcs10.get_DER(), r.gski, r.router_id, s.resources.valid_until)) + cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, cn, sn, valid_until) " + "VALUES (%s, %s, %s, %s, %s, %s)", + (s.name, r.pkcs10.get_DER(), r.gski, r.cn, r.sn, s.resources.valid_until)) ee_certificate_id = cur.lastrowid cur.executemany("INSERT ee_certificate_asn (ee_certificate_id, start_as, end_as) VALUES (%s, %s, %s)", ((ee_certificate_id, a.min, a.max) for a in r.asn)) diff --git a/rpkid/tests/yamltest.py b/rpkid/tests/yamltest.py index 1b52ced6..9525a048 100644 --- a/rpkid/tests/yamltest.py +++ b/rpkid/tests/yamltest.py @@ -131,8 +131,6 @@ class router_cert(object): self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) self.pkcs10 = rpki.x509.PKCS10.create( keypair = self.keypair, - cn = "ROUTER-%d" % self.asn[0].min, - sn = self.router_id, eku = (rpki.oids.id_kp_bgpsec_router,)) self.gski = self.pkcs10.gSKI() @@ -141,7 +139,7 @@ class router_cert(object): def __hash__(self): v6 = tuple(self.v6) if self.v6 is not None else None - return tuple(self.asn).__hash__() + router_id.__hash__() + self.gski.__hash__() + return tuple(self.asn).__hash__() + self.router_id.__hash__() + self.gski.__hash__() def __str__(self): return "%s: %s: %s" % (self.asn, self.router_id, self.gski) -- cgit v1.2.3 From ce5fd146cb746836c46c7f1ab435ec7d3d49af4f Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 25 Feb 2014 23:04:11 +0000 Subject: Router certificates working again after changes to get subject name out of the PKCS !#10. svn path=/branches/tk671/; revision=5683 --- rpkid/tests/old_irdbd.sql | 4 ++-- rpkid/tests/smoketest.py | 11 +++++------ rpkid/tests/yamltest.py | 4 +--- 3 files changed, 8 insertions(+), 11 deletions(-) (limited to 'rpkid/tests') diff --git a/rpkid/tests/old_irdbd.sql b/rpkid/tests/old_irdbd.sql index cef319a4..e773bb2e 100644 --- a/rpkid/tests/old_irdbd.sql +++ b/rpkid/tests/old_irdbd.sql @@ -109,9 +109,9 @@ CREATE TABLE ee_certificate ( self_handle VARCHAR(255) NOT NULL, pkcs10 LONGBLOB NOT NULL, gski VARCHAR(27) NOT NULL, - cn VARCHAR(64), + cn VARCHAR(64) NOT NULL, sn VARCHAR(64), - eku TEXT, + eku TEXT NOT NULL, valid_until DATETIME NOT NULL, PRIMARY KEY (ee_certificate_id), UNIQUE (self_handle, gski) diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 1d9e600a..28bedaa4 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -394,12 +394,11 @@ class router_cert(object): self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) self.router_id = router_id self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) - self.pkcs10 = rpki.x509.PKCS10.create( - keypair = self.keypair, - eku = (rpki.oids.id_kp_bgpsec_router,)) + self.pkcs10 = rpki.x509.PKCS10.create(keypair = self.keypair) self.gski = self.pkcs10.gSKI() self.cn = "ROUTER-%08x" % self.asn[0].min self.sn = "%08x" % self.router_id + self.eku = rpki.oids.id_kp_bgpsec_router def __eq__(self, other): return self.asn == other.asn and self.sn == other.sn and self.gski == other.gski @@ -817,9 +816,9 @@ class allocation(object): ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) for x in prefix_set)) for r in s.router_certs: - cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, cn, sn, valid_until) " - "VALUES (%s, %s, %s, %s, %s, %s)", - (s.name, r.pkcs10.get_DER(), r.gski, r.cn, r.sn, s.resources.valid_until)) + cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, cn, sn, eku, valid_until) " + "VALUES (%s, %s, %s, %s, %s, %s, %s)", + (s.name, r.pkcs10.get_DER(), r.gski, r.cn, r.sn, r.eku, s.resources.valid_until)) ee_certificate_id = cur.lastrowid cur.executemany("INSERT ee_certificate_asn (ee_certificate_id, start_as, end_as) VALUES (%s, %s, %s)", ((ee_certificate_id, a.min, a.max) for a in r.asn)) diff --git a/rpkid/tests/yamltest.py b/rpkid/tests/yamltest.py index 9525a048..5eb3bd2f 100644 --- a/rpkid/tests/yamltest.py +++ b/rpkid/tests/yamltest.py @@ -129,9 +129,7 @@ class router_cert(object): self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) self.router_id = router_id self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) - self.pkcs10 = rpki.x509.PKCS10.create( - keypair = self.keypair, - eku = (rpki.oids.id_kp_bgpsec_router,)) + self.pkcs10 = rpki.x509.PKCS10.create(keypair = self.keypair) self.gski = self.pkcs10.gSKI() def __eq__(self, other): -- cgit v1.2.3