encrypt_key = no
[req_dn]
CN = Pseudo-%(HOLDER)s testbed root RPKI certificate
[x509v3_extensions]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
keyUsage = critical,keyCertSign,cRLSign
subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/,1.3.6.1.5.5.7.48.10;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/root.mft
certificatePolicies = critical,1.3.6.1.5.5.7.14.2
sbgp-autonomousSysNum = critical,@rfc3779_asns
sbgp-ipAddrBlock = critical,@rfc3997_addrs
[rfc3779_asns]
''' % { "holder" : sys.argv[1].lower(),
"HOLDER" : sys.argv[1].upper() }
for i, asn in enumerate(asn for handle, asn in csv_reader(sys.argv[2] if len(sys.argv) > 2 else "asns.csv", columns = 2)):
print "AS.%d = %s" % (i, asn)
print '''\
[rfc3997_addrs]
'''
for i, prefix in enumerate(prefix for handle, prefix in csv_reader(sys.argv[3] if len(sys.argv) > 2 else "prefixes.csv", columns = 2)):
v = 6 if ":" in prefix else 4
print "IPv%d.%d = %s" % (v, i, prefix)
datum = datum + "-" + datum
try:
t.append(t.parse_str(datum))
except:
print "Error attempting to parse", datum
raise
#print "Looking for: ASNs %s IPv4 %s IPv6 %s" % (asn, ipv4, ipv6)
def matches(set1, datum):
set2 = set1.__class__(datum)
if set1.intersection(set2):
return set2
else:
return False
if asn:
for h, a in csv_reader("asns.csv", columns=2):
m = matches(asn, a)
if m:
print h, m
if ipv4 or ipv6:
for h, a in csv_reader("prefixes.csv", columns=2):
t = ipv6 if ":" in a else ipv4
m = t and matches(t, a)
if m:
print h, m
t = ipv6 if ":" in datum else ipv4
if "-" not in datum and "/" not in datum:
datum = datum + "-" + datum
try:
t.append(t.parse_str(datum))
except:
print "Error attempting to parse", datum
raise
#print "Looking for: ASNs %s IPv4 %s IPv6 %s" % (asn, ipv4, ipv6)
def matches(set1, datum):
set2 = set1.__class__(datum)
if set1.intersection(set2):
return set2
else:
return False
if asn:
for h, a in csv_reader("asns.csv", columns = 2):
m = matches(asn, a)
if m:
print h, m
if ipv4 or ipv6:
for h, a in csv_reader("prefixes.csv", columns = 2):
t = ipv6 if ":" in a else ipv4
m = t and matches(t, a)
if m:
print h, m
asns.writerow((handles[description], record.findtext(tag_number)))
for record in iterate_xml("ipv4-address-space.xml", tag_record):
designation = record.findtext(tag_designation)
if record.findtext(tag_status) != "RESERVED":
prefix, prefixlen = [int(i) for i in record.findtext(tag_prefix).split("/")]
if prefixlen != 8:
raise ValueError("%s violated /8 assumption" % record.findtext(tag_prefix))
rirs[handles.get(designation, "legacy")] |= resource_bag.from_str("%d.0.0.0/8" % prefix)
for record in iterate_xml("ipv6-unicast-address-assignments.xml", tag_record):
description = record.findtext(tag_description)
if record.findtext(tag_description) in handles:
rirs[handles[description]] |= resource_bag.from_str(record.findtext(tag_prefix))
erx = list(csv_reader("erx.csv"))
assert all(r in rirs for r, p in erx)
erx_overrides = resource_bag.from_str(",".join(p for r, p in erx), allow_overlap = True)
for rir in rirs:
if rir != "legacy":
rirs[rir] -= erx_overrides
rirs[rir] |= resource_bag.from_str(",".join(p for r, p in erx if r == rir), allow_overlap = True)
for rir, bag in rirs.iteritems():
for p in bag.v4:
prefixes.writerow((rir, p))
for p in bag.v6:
prefixes.writerow((rir, p))
[x509v3_extensions]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
keyUsage = critical,keyCertSign,cRLSign
subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/,1.3.6.1.5.5.7.48.10;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/root.mft
certificatePolicies = critical,1.3.6.1.5.5.7.14.2
sbgp-autonomousSysNum = critical,@rfc3779_asns
sbgp-ipAddrBlock = critical,@rfc3997_addrs
[rfc3779_asns]
''' % {
"holder": sys.argv[1].lower(),
"HOLDER": sys.argv[1].upper()
}
for i, asn in enumerate(asn for handle, asn in csv_reader(
sys.argv[2] if len(sys.argv) > 2 else "asns.csv", columns=2)):
print "AS.%d = %s" % (i, asn)
print '''\
[rfc3997_addrs]
'''
for i, prefix in enumerate(prefix for handle, prefix in csv_reader(
sys.argv[3] if len(sys.argv) > 2 else "prefixes.csv", columns=2)):
v = 6 if ":" in prefix else 4
print "IPv%d.%d = %s" % (v, i, prefix)
program for two reasons:
- Conversion of some of the RIR data is a very slow process, and it's
both annoying and unnecessary to run it every time we add a new
participant to the testbed.
- This handle translation business now has fingers into half a dozen
scripts, so it needs refactoring in any case, either as a common
library function or as a separate script.
This program takes a list of .CSV files on its command line, and
rewrites them as needed after performing the translation.
"""
import os
import sys
from rpki.csv_utils import csv_reader, csv_writer
translations = dict((src, dst) for src, dst in csv_reader("translations.csv", columns = 2))
for filename in sys.argv[1:]:
f = csv_writer(filename)
for cols in csv_reader(filename):
if cols[0] in translations:
cols[0] = translations[cols[0]]
f.writerow(cols)
f.close()
