Commit c25e02d4 authored by Guillaume Bury's avatar Guillaume Bury

Ip allocation finished

parent 2c071ec5
#!/usr/bin/env python
import argparse, random, smtplib, sqlite3
import argparse, math, random, smtplib, sqlite3
from email.mime.text import MIMEText
from SimpleXMLRPCServer import SimpleXMLRPCServer
from OpenSSL import crypto
......@@ -8,6 +8,8 @@ import netaddr
class main(object):
def __init__(self):
self.cert_duration = 365 * 86400
# Command line parsing
parser = argparse.ArgumentParser(
description='Peer discovery http server for vifibnet')
......@@ -18,8 +20,6 @@ class main(object):
help='Path to ca.crt file')
_('--key', required=True,
help='Path to certificate key')
_('--network', required=True,
help='Vifib subnet')
config = parser.parser_arg()
# Database initializing
......@@ -29,16 +29,18 @@ class main(object):
email text not null,
prefix_len integer not null default 16,
date integer not null)""")
self.db.execute("""CREATE TABLE IF NOT EXISTS certificates (
self.db.execute("""CREATE TABLE IF NOT EXISTS vifib (
prefix text primary key not null,
email text not null,
cert text not null)""")
email text,
cert text)""")
# Loading certificates
with open(config.ca) as f:
self.ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
with open(config.key) as f:
self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
# Get vifib network prefix
self.network = bin(self.ca.get_serial())[3:]
# Starting server
server = SimpleXMLRPCServer(("localhost", 8000))
......@@ -66,45 +68,54 @@ class main(object):
s.sendmail(me, email, msg.as_string())
s.quit()
def _getPrefix(self, prefix_len):
assert 0 < prefix_len <= 128 - len(self.network)
for prefix in self.db.execute("""SELECT prefix FROM vifib WHERE length(prefix) <= ? AND cert is null
ORDER BY length(prefix) DESC""", (prefix_len,)):
while len(prefix) < prefix_len:
self.db.execute("UPDATE vifib SET prefix = ? WHERE prefix = ?", (prefix + '1', prefix))
prefix += '0'
self.db.execute("INSERT INTO vifib VALUES (?,null,null)", (prefix,))
return prefix
raise RuntimeError # TODO: raise better exception
def requestCertificate(self, token, cert_req):
n = len(cert_req_list)
req = crypto.load_certificate_request(crypto.FILETYPE_PEM, cert_req)
try:
# TODO : check syntax
token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).fetchone()
with self.db:
try:
token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).next()
except StopIteration:
# TODO: return nice error message
raise
self.db.execute("DELETE FROM tokens WHERE token = ?", (token,))
# Create a new prefix
# TODO : FIX !
# i impair => ok
# récursif sinon
for i, prefix in enumerate(self.db.execute("""SELECT DISTINCT substr(prefix,1,?) FROM certificates
WHERE length(prefix) >= ? ORDER BY prefix""", (prefix_len, prefix_len))):
if i != int(prefix, 2):
pass
break
else:
prefix = i
# create certificate
# Get a new prefix
prefix = self._getPrefix(prefix_len)
# Get complete ipv6 address from prefix
#ip = hex(int(prefix.ljust(80, '0'),2))[2::] # XXX: do not hardcode
#ip6 = self.vifib
#for i in xrange(0, len(ip), 4):
# ip6 += ip[i:i+4] + ':'
#ip6 = ip6.rstrip(':')
# Create certificate
cert = crypto.X509()
#cert.set_serial_number(serial)
#cert.gmtime_adj_notBefore(notBefore)
#cert.gmtime_adj_notAfter(notAfter)
cert.set_notBefore(0)
cert.gmtime_adj_notAfter(self.cert_duration)
cert.set_issuer(self.ca.get_subject())
cert.set_subject(req.get_subject())
subject = req.get_subject()
subject.serialNumber = "%u/%u" % (int(prefix, 2), prefix_len)
cert.set_subject(subject)
cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha1')
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
# Insert certificate into db
self.db.execute("INSERT INTO certificates (?,?)", (, email, cert) )
self.db.execute("UPDATE certificates SET email = ?, cert = ? WHERE prefix = ?", (email, cert, prefix) )
# Returning certificate
return cert
except: Exception:
# TODO : what to do ?
pass
return cert
if __name__ == "__main__":
main()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment