From e62cfb013638b5e68218c0702e88c6c4dfeb06f9 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 24 Dec 2007 06:36:18 +0000
Subject: Cleanup
svn path=/scripts/Old/check-hashes.sh; revision=1434
---
scripts/generate-testrepo.py | 234 -------------------------------------------
1 file changed, 234 deletions(-)
delete mode 100644 scripts/generate-testrepo.py
(limited to 'scripts/generate-testrepo.py')
diff --git a/scripts/generate-testrepo.py b/scripts/generate-testrepo.py
deleted file mode 100644
index 9ebcf5bc..00000000
--- a/scripts/generate-testrepo.py
+++ /dev/null
@@ -1,234 +0,0 @@
-# $Id$
-
-"""Generate an RPKI test repository.
-
-This script generates a toy RPKI repository for test purposes. It's
-designed to be relatively easy to reconfigure, making it simple to
-test whatever is of interest on a given day, without a lot of setup
-overhead.
-
-Outputs are a bunch of config files for the OpenSSL CLI tool and a
-makefile to drive everything.
-"""
-
-import rpki.resource_set, os
-
-subdir = "resource-cert-samples"
-openssl = "../../openssl/openssl/apps/openssl"
-keybits = 2048
-
-def main():
- """Main program, including the toy database itself."""
-
- db = allocation_db()
- db.add("ISP1", ipv4="192.0.2.1-192.0.2.33", asn="64533")
- db.add("ISP2", ipv4="192.0.2.44-192.0.2.100")
- db.add("ISP3", ipv6="2001:db8::44-2001:db8::100")
- db.add("ISP4", ipv6="2001:db8::10:0:44/128", asn="64544")
- db.add("ISP5a", ipv4="10.0.0.0/24", ipv6="2001:db8::a00:0/120")
- db.add("ISP5b", ipv4="10.3.0.0/24", ipv6="2001:db8::a03:0/120")
- db.add("ISP5c", asn="64534-64540")
- db.add("LIR1", children=["ISP1", "ISP2"])
- db.add("LIR2", children=["ISP3", "ISP4"])
- db.add("LIR3", children=["ISP5a", "ISP5b", "ISP5c"])
- db.add("RIR", children=["LIR1", "LIR2", "LIR3"])
-
- if not os.path.isdir(subdir):
- os.mkdir(subdir)
-
- for i in db:
- write_maybe("%s/%s.cnf" % (subdir, i.name), i.cfg_string())
-
- write_maybe("%s/Makefile" % subdir,
- "# Automatically generated, do not edit.\n" +
- "".join([i.makefile_rules() for i in db]))
-
-def write_maybe(name, new_content):
- """Write a file if and only if its contents have changed.
- This simplifies interactions with "make".
- """
- old_content = None
- if os.path.isfile(name):
- f = open(name, "r")
- old_content = f.read()
- f.close()
- if old_content != new_content:
- print "Writing", name
- f = open(name, "w")
- f.write(new_content)
- f.close()
-
-class allocation_db(list):
- """Class to represent an allocation database."""
-
- def __init__(self):
- self.allocation_map = {}
-
- def add(self, name, **kw):
- """Add a new entry to this allocation database.
- All arguments passed through to the allocation constructor.
- """
- self.insert(0, allocation(name = name, allocation_map = self.allocation_map, **kw))
-
-class allocation(object):
- """Class representing one entity holding allocated resources.
-
- In order to simplify configuration, this class automatically
- computes the set of resources that this entity must hold in order to
- serve both itself and its children.
- """
-
- parent = None
-
- def __init__(self, name, asn = None, ipv4 = None, ipv6 = None, children = [], allocation_map = None):
- """Create a new allocation entry.
-
- This binds the parent attributes of any children, and computes the
- transitive closure of the set of resources this entity needs.
- """
- self.name = name
- self.children = [allocation_map[i] for i in children]
- for child in self.children:
- assert child.parent is None
- child.parent = self
- self.asn = self.summarize("asn", rpki.resource_set.resource_set_as(asn))
- self.ipv4 = self.summarize("ipv4", rpki.resource_set.resource_set_ipv4(ipv4))
- self.ipv6 = self.summarize("ipv6", rpki.resource_set.resource_set_ipv6(ipv6))
- allocation_map[name] = self
-
- def summarize(self, attrname, seed = None):
- """Compute the transitive resource closure for one resource attribute."""
- if seed is None:
- seed = getattr(self, attrname)
- for child in self.children:
- seed = seed.union(child.summarize(attrname))
- return seed
-
- def __str__(self):
- return "%s\n ASN: %s\n IPv4: %s\n IPv6: %s" % (self.name, self.asn, self.ipv4, self.ipv6)
-
- def cfg_string(self):
- """Generate the OpenSSL configuration file needed for this entity."""
- keys = { "self" : self.name,
- "keybits" : keybits,
- "no_parent" : "#",
- "no_asid" : "#",
- "no_addr" : "#",
- "parent" : "???",
- "asid" : "???",
- "addr" : "???" }
- if self.parent:
- keys["no_parent"] = ""
- keys["parent"] = self.parent.name
- if self.asn:
- keys["no_asid"] = ""
- keys["asid"] = ",".join(["AS:" + str(x) for x in self.asn])
- if self.ipv4 or self.ipv6:
- keys["no_addr"] = ""
- keys["addr"] = ",".join(["IPv4:" + str(x) for x in self.ipv4] + ["IPv6:" + str(x) for x in self.ipv6])
- return openssl_cfg_fmt % keys
-
- def makefile_rules(self):
- """Generate the makefile rules needed for this entity."""
- keys = { "self" : self.name,
- "keybits" : keybits,
- "openssl" : openssl }
- if self.parent:
- keys["signconf"] = "%s.cnf" % self.parent.name
- keys["signdeps"] = "%s.key" % self.parent.name
- else:
- keys["signconf"] = "%s.cnf -selfsign" % self.name
- keys["signdeps"] = "%s.key" % self.name
- return makefile_fmt % keys
-
-makefile_fmt = '''\
-
-all:: %(self)s.cer
-
-%(self)s.key:
- %(openssl)s genrsa -out $@ %(keybits)d
-
-%(self)s.req: %(self)s.key %(self)s.cnf Makefile
- %(openssl)s req -new -config %(self)s.cnf -key %(self)s.key -out $@
-
-%(self)s.cer: %(self)s.req %(self)s.cnf %(signdeps)s Makefile
- @test -d %(self)s || mkdir %(self)s
- @test -f %(self)s/index || touch %(self)s/index
- @test -f %(self)s/serial || echo 01 >%(self)s/serial
- %(openssl)s ca -batch -out $@ -in %(self)s.req -extfile %(self)s.cnf -config %(signconf)s
-
-
-show_req::
- %(openssl)s req -noout -text -in %(self)s.req -config /dev/null
-
-show_cer::
- %(openssl)s x509 -noout -text -in %(self)s.cer
-'''
-
-openssl_cfg_fmt = '''# Automatically generated, do not edit.
-
-[ ca ]
-default_ca = ca_default
-
-[ ca_default ]
-certificate = %(self)s.cer
-serial = %(self)s/serial
-private_key = %(self)s.key
-database = %(self)s/index
-new_certs_dir = %(self)s
-name_opt = ca_default
-cert_opt = ca_default
-default_days = 365
-default_crl_days = 30
-default_md = sha256
-preserve = no
-copy_extensions = copy
-policy = ca_policy_anything
-unique_subject = no
-x509_extensions = ca_x509_ext
-crl_extensions = crl_x509_ext
-
-[ ca_policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-givenName = optional
-surname = optional
-
-[ req ]
-default_bits = %(keybits)d
-encrypt_key = no
-distinguished_name = req_dn
-req_extensions = req_x509_ext
-prompt = no
-
-[ req_dn ]
-CN = TEST ENTITY %(self)s
-
-[ req_x509_ext ]
-basicConstraints = critical,CA:true
-subjectKeyIdentifier = hash
-keyUsage = critical,keyCertSign,cRLSign
-subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/%(self)s/
-%(no_parent)sauthorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/%(parent)s.cer
-%(no_asid)ssbgp-autonomousSysNum = critical,%(asid)s
-%(no_addr)ssbgp-ipAddrBlock = critical,%(addr)s
-
-[ ca_x509_ext ]
-basicConstraints = critical,CA:true
-%(no_parent)sauthorityKeyIdentifier = keyid:always
-keyUsage = critical,keyCertSign,cRLSign
-subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://wombats-r-us.hactrn.net/%(self)s/
-%(no_parent)sauthorityInfoAccess = caIssuers;URI:rsync://wombats-r-us.hactrn.net/%(parent)s.cer
-%(no_asid)ssbgp-autonomousSysNum = critical,%(asid)s
-%(no_addr)ssbgp-ipAddrBlock = critical,%(addr)s
-
-[ crl_x509_ext ]
-authorityKeyIdentifier = keyid:always
-'''
-
-main()
--
cgit v1.2.3