Commit c25e02d4 authored by Guillaume Bury's avatar Guillaume Bury

Ip allocation finished

parent 2c071ec5
#!/usr/bin/env python #!/usr/bin/env python
import argparse, random, smtplib, sqlite3 import argparse, math, random, smtplib, sqlite3
from email.mime.text import MIMEText from email.mime.text import MIMEText
from SimpleXMLRPCServer import SimpleXMLRPCServer from SimpleXMLRPCServer import SimpleXMLRPCServer
from OpenSSL import crypto from OpenSSL import crypto
...@@ -8,6 +8,8 @@ import netaddr ...@@ -8,6 +8,8 @@ import netaddr
class main(object): class main(object):
def __init__(self): def __init__(self):
self.cert_duration = 365 * 86400
# Command line parsing # Command line parsing
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description='Peer discovery http server for vifibnet') description='Peer discovery http server for vifibnet')
...@@ -18,8 +20,6 @@ class main(object): ...@@ -18,8 +20,6 @@ class main(object):
help='Path to ca.crt file') help='Path to ca.crt file')
_('--key', required=True, _('--key', required=True,
help='Path to certificate key') help='Path to certificate key')
_('--network', required=True,
help='Vifib subnet')
config = parser.parser_arg() config = parser.parser_arg()
# Database initializing # Database initializing
...@@ -29,16 +29,18 @@ class main(object): ...@@ -29,16 +29,18 @@ class main(object):
email text not null, email text not null,
prefix_len integer not null default 16, prefix_len integer not null default 16,
date integer not null)""") date integer not null)""")
self.db.execute("""CREATE TABLE IF NOT EXISTS certificates ( self.db.execute("""CREATE TABLE IF NOT EXISTS vifib (
prefix text primary key not null, prefix text primary key not null,
email text not null, email text,
cert text not null)""") cert text)""")
# Loading certificates # Loading certificates
with open(config.ca) as f: with open(config.ca) as f:
self.ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) self.ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
with open(config.key) as f: with open(config.key) as f:
self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read()) self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
# Get vifib network prefix
self.network = bin(self.ca.get_serial())[3:]
# Starting server # Starting server
server = SimpleXMLRPCServer(("localhost", 8000)) server = SimpleXMLRPCServer(("localhost", 8000))
...@@ -66,45 +68,54 @@ class main(object): ...@@ -66,45 +68,54 @@ class main(object):
s.sendmail(me, email, msg.as_string()) s.sendmail(me, email, msg.as_string())
s.quit() s.quit()
def _getPrefix(self, prefix_len):
assert 0 < prefix_len <= 128 - len(self.network)
for prefix in self.db.execute("""SELECT prefix FROM vifib WHERE length(prefix) <= ? AND cert is null
ORDER BY length(prefix) DESC""", (prefix_len,)):
while len(prefix) < prefix_len:
self.db.execute("UPDATE vifib SET prefix = ? WHERE prefix = ?", (prefix + '1', prefix))
prefix += '0'
self.db.execute("INSERT INTO vifib VALUES (?,null,null)", (prefix,))
return prefix
raise RuntimeError # TODO: raise better exception
def requestCertificate(self, token, cert_req): def requestCertificate(self, token, cert_req):
n = len(cert_req_list)
req = crypto.load_certificate_request(crypto.FILETYPE_PEM, cert_req) req = crypto.load_certificate_request(crypto.FILETYPE_PEM, cert_req)
try: with self.db:
# TODO : check syntax try:
token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).fetchone() token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).next()
except StopIteration:
# TODO: return nice error message
raise
self.db.execute("DELETE FROM tokens WHERE token = ?", (token,)) self.db.execute("DELETE FROM tokens WHERE token = ?", (token,))
# Create a new prefix # Get a new prefix
# TODO : FIX ! prefix = self._getPrefix(prefix_len)
# i impair => ok
# récursif sinon # Get complete ipv6 address from prefix
for i, prefix in enumerate(self.db.execute("""SELECT DISTINCT substr(prefix,1,?) FROM certificates #ip = hex(int(prefix.ljust(80, '0'),2))[2::] # XXX: do not hardcode
WHERE length(prefix) >= ? ORDER BY prefix""", (prefix_len, prefix_len))): #ip6 = self.vifib
if i != int(prefix, 2): #for i in xrange(0, len(ip), 4):
pass # ip6 += ip[i:i+4] + ':'
break #ip6 = ip6.rstrip(':')
else:
prefix = i # Create certificate
# create certificate
cert = crypto.X509() cert = crypto.X509()
#cert.set_serial_number(serial) #cert.set_serial_number(serial)
#cert.gmtime_adj_notBefore(notBefore) cert.set_notBefore(0)
#cert.gmtime_adj_notAfter(notAfter) cert.gmtime_adj_notAfter(self.cert_duration)
cert.set_issuer(self.ca.get_subject()) cert.set_issuer(self.ca.get_subject())
cert.set_subject(req.get_subject()) subject = req.get_subject()
subject.serialNumber = "%u/%u" % (int(prefix, 2), prefix_len)
cert.set_subject(subject)
cert.set_pubkey(req.get_pubkey()) cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha1') cert.sign(self.key, 'sha1')
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
# Insert certificate into db # Insert certificate into db
self.db.execute("INSERT INTO certificates (?,?)", (, email, cert) ) self.db.execute("UPDATE certificates SET email = ?, cert = ? WHERE prefix = ?", (email, cert, prefix) )
# Returning certificate return cert
return cert
except: Exception:
# TODO : what to do ?
pass
if __name__ == "__main__": if __name__ == "__main__":
main() main()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment