예제 #1
0
파일: util.py 프로젝트: mskf3000/rpki.net
def fetch_published_objects():
    """Query rpkid for all objects published by local users, and look up the
    current validation status of each object.  The validation status is used
    later to send alerts for objects which have transitioned to invalid.

    """
    logger.info('querying for published objects')

    handles = [conf.handle for conf in Conf.objects.all()]
    req = [
        rpki.left_right.list_published_objects_elt.make_pdu(action='list',
                                                            self_handle=h,
                                                            tag=h)
        for h in handles
    ]
    z = Zookeeper()
    pdus = z.call_rpkid(*req)
    for pdu in pdus:
        if isinstance(pdu, rpki.left_right.list_published_objects_elt):
            # Look up the object in the rcynic cache
            qs = models.RepositoryObject.objects.filter(uri=pdu.uri)
            if qs:
                # get the current validity state
                valid = qs[0].statuses.filter(status=object_accepted).exists()
                uris[pdu.uri] = (pdu.self_handle, valid, False, None)
                logger.debug('adding ' + pdu.uri)
            else:
                # this object is not in the cache.  it was either published
                # recently, or disappared previously.  if it disappeared
                # previously, it has already been alerted.  in either case, we
                # omit the uri from the list since we are interested only in
                # objects which were valid and are no longer valid
                pass
        elif isinstance(pdu, rpki.left_right.report_error_elt):
            logging.error('rpkid reported an error: %s', pdu.error_code)
예제 #2
0
def list_received_resources(log, conf):
    """
    Query rpkid for this resource handle's received resources.

    The semantics are to clear the entire table and populate with the list of
    certs received.  Other models should not reference the table directly with
    foreign keys.
    """

    z = Zookeeper(handle=conf.handle, disable_signal_handlers=True)
    req = Element(tag_msg, nsmap=nsmap, type="query", version=version)
    SubElement(req,
               tag_list_received_resources,
               tenant_handle=conf.handle,
               tag=conf.handle)
    try:
        pdus = z.call_rpkid(req)
    except Exception as err:
        logger.error('caught exception while attempting to query rpkid')
        logger.exception(err)
        return

    # pdus is sometimes None (see https://trac.rpki.net/ticket/681)
    if pdus is None:
        print >> log, 'error: call_rpkid() returned None for handle %s when fetching received resources' % conf.handle
        return

    models.ResourceCert.objects.filter(conf=conf).delete()

    for pdu in pdus:
        if pdu.get("parent_handle") != conf.handle:
            parent = models.Parent.objects.get(issuer=conf,
                                               handle=pdu.get("parent_handle"))
        else:
            # root cert, self-signed
            parent = None

        not_before = datetime.strptime(pdu.get("notBefore"),
                                       "%Y-%m-%dT%H:%M:%SZ")
        not_after = datetime.strptime(pdu.get("notAfter"),
                                      "%Y-%m-%dT%H:%M:%SZ")

        cert = models.ResourceCert.objects.create(conf=conf,
                                                  parent=parent,
                                                  not_before=not_before,
                                                  not_after=not_after,
                                                  uri=pdu.get("uri"))

        for asn in resource_set_as(pdu.get("asn")):
            cert.asn_ranges.create(min=asn.min, max=asn.max)

        for rng in resource_set_ipv4(pdu.get("ipv4")):
            cert.address_ranges.create(prefix_min=rng.min, prefix_max=rng.max)

        for rng in resource_set_ipv6(pdu.get("ipv6")):
            cert.address_ranges_v6.create(prefix_min=rng.min,
                                          prefix_max=rng.max)
예제 #3
0
def list_received_resources(log, conf):
    """
    Query rpkid for this resource handle's received resources.

    The semantics are to clear the entire table and populate with the list of
    certs received.  Other models should not reference the table directly with
    foreign keys.

    """

    z = Zookeeper(handle=conf.handle, disable_signal_handlers=True)
    pdus = z.call_rpkid(list_received_resources_elt.make_pdu(self_handle=conf.handle))
    # pdus is sometimes None (see https://trac.rpki.net/ticket/681)
    if pdus is None:
        print >>log, 'error: call_rpkid() returned None for handle %s when fetching received resources' % conf.handle
        return

    models.ResourceCert.objects.filter(conf=conf).delete()

    for pdu in pdus:
        if isinstance(pdu, report_error_elt):
            # this will cause the db to be rolled back so the above delete()
            # won't clobber existing resources
            raise LeftRightError(pdu)
        elif isinstance(pdu, list_received_resources_elt):
            if pdu.parent_handle != conf.handle:
                parent = models.Parent.objects.get(issuer=conf,
                                                   handle=pdu.parent_handle)
            else:
                # root cert, self-signed
                parent = None

            not_before = datetime.strptime(pdu.notBefore, "%Y-%m-%dT%H:%M:%SZ")
            not_after = datetime.strptime(pdu.notAfter, "%Y-%m-%dT%H:%M:%SZ")

            cert = models.ResourceCert.objects.create(
                conf=conf, parent=parent, not_before=not_before,
                not_after=not_after, uri=pdu.uri)

            for asn in resource_set_as(pdu.asn):
                cert.asn_ranges.create(min=asn.min, max=asn.max)

            for rng in resource_set_ipv4(pdu.ipv4):
                cert.address_ranges.create(prefix_min=rng.min,
                                           prefix_max=rng.max)

            for rng in resource_set_ipv6(pdu.ipv6):
                cert.address_ranges_v6.create(prefix_min=rng.min,
                                              prefix_max=rng.max)
        else:
            print >>log, "error: unexpected pdu from rpkid type=%s" % type(pdu)
예제 #4
0
def list_received_resources(log, conf):
    """
    Query rpkid for this resource handle's received resources.

    The semantics are to clear the entire table and populate with the list of
    certs received.  Other models should not reference the table directly with
    foreign keys.
    """

    z = Zookeeper(handle=conf.handle, disable_signal_handlers=True)
    req = Element(tag_msg, nsmap=nsmap, type="query", version=version)
    SubElement(req, tag_list_received_resources, tenant_handle=conf.handle, tag=conf.handle)
    try:
	pdus = z.call_rpkid(req)
    except Exception as err:
	logger.error('caught exception while attempting to query rpkid')
	logger.exception(err)
	return

    # pdus is sometimes None (see https://trac.rpki.net/ticket/681)
    if pdus is None:
        print >>log, 'error: call_rpkid() returned None for handle %s when fetching received resources' % conf.handle
        return

    models.ResourceCert.objects.filter(conf=conf).delete()

    for pdu in pdus:
        if pdu.get("parent_handle") != conf.handle:
            parent = models.Parent.objects.get(issuer=conf,
                                               handle=pdu.get("parent_handle"))
        else:
            # root cert, self-signed
            parent = None

        not_before = datetime.strptime(pdu.get("notBefore"), "%Y-%m-%dT%H:%M:%SZ")
        not_after = datetime.strptime(pdu.get("notAfter"), "%Y-%m-%dT%H:%M:%SZ")

        cert = models.ResourceCert.objects.create(
            conf=conf, parent=parent, not_before=not_before,
            not_after=not_after, uri=pdu.get("uri"))

        for asn in resource_set_as(pdu.get("asn")):
            cert.asn_ranges.create(min=asn.min, max=asn.max)

        for rng in resource_set_ipv4(pdu.get("ipv4")):
            cert.address_ranges.create(prefix_min=rng.min,
                                       prefix_max=rng.max)

        for rng in resource_set_ipv6(pdu.get("ipv6")):
            cert.address_ranges_v6.create(prefix_min=rng.min,
                                          prefix_max=rng.max)
예제 #5
0
def fetch_published_objects():
    """Query rpkid for all objects published by local users, and look up the
    current validation status of each object.  The validation status is used
    later to send alerts for objects which have transitioned to invalid.
    """
    logger.info('querying for published objects')

    handles = [conf.handle for conf in Conf.objects.all()]
    q_msg = Element(rpki.left_right.tag_msg, nsmap = rpki.left_right.nsmap,
                    type = "query", version = rpki.left_right.version)
    for h in handles:
        SubElement(q_msg, rpki.left_right.tag_list_published_objects, tenant_handle=h, tag=h)
    try:
        z = Zookeeper()
        r_msg = z.call_rpkid(q_msg)
    except Exception as err:
        logger.error('Unable to connect to rpkid to fetch list of published objects')
        logger.exception(err)
        # Should be safe to continue processing the rcynic cache, we just don't do any notifications
        return

    for r_pdu in r_msg:
        if r_pdu.tag == rpki.left_right.tag_list_published_objects:
            # Look up the object in the rcynic cache
            uri = r_pdu.get('uri')
            ext = os.path.splitext(uri)[1]
	    if ext in model_map:
		model = model_map[ext]
		handle = r_pdu.get('tenant_handle')

		if model.objects.filter(uri=uri).exists():
		    v = uris.setdefault(handle, [])
		    v.append(uri)
		    logger.debug('adding %s', uri)
		#else:
		    # this object is not in the cache.  it was either published
		    # recently, or disappared previously.  if it disappeared
		    # previously, it has already been alerted.  in either case, we
		    # omit the uri from the list since we are interested only in
		    # objects which were valid and are no longer valid
	    else:
		logger.debug('skipping object ext=%s uri=%s' % (ext, uri))

        elif r_pdu.tag == rpki.left_right.tag_report_error:
            logging.error('rpkid reported an error: %s', r_pdu.get("error_code"))