Ip allocation finished

c25e02d4 · Guillaume Bury · 2c071ec5 · c25e02d4
Commit c25e02d4 authored Jul 09, 2012 by Guillaume Bury
Show whitespace changes
Inline Side-by-side

Showing with 43 additions and 32 deletions

registry.py registry.py +43 -32

No files found.
--- a/registry.py
+++ b/registry.py
 #!/usr/bin/env python
-import argparse, random, smtplib, sqlite3
+import argparse, math, random, smtplib, sqlite3
 from email.mime.text import MIMEText
 from SimpleXMLRPCServer import SimpleXMLRPCServer
 from OpenSSL import crypto
@@ -8,6 +8,8 @@ import netaddr
 class main(object):

    def __init__(self):
+        self.cert_duration = 365 * 86400
+
        # Command line parsing
        parser = argparse.ArgumentParser(
                description='Peer discovery http server for vifibnet')
@@ -18,8 +20,6 @@ class main(object):
                help='Path to ca.crt file')
        _('--key', required=True,
                help='Path to certificate key')
-        _('--network', required=True,
-                help='Vifib subnet')
        config = parser.parser_arg()

        # Database initializing
@@ -29,16 +29,18 @@ class main(object):
                        email text not null,
                        prefix_len integer not null default 16,
                        date integer not null)""")
-        self.db.execute("""CREATE TABLE IF NOT EXISTS certificates (
+        self.db.execute("""CREATE TABLE IF NOT EXISTS vifib (
                        prefix text primary key not null,
-                        email text not null,
-                        cert text not null)""")
+                        email text,
+                        cert text)""")

        # Loading certificates
        with open(config.ca) as f:
            self.ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
        with open(config.key) as f:
            self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
+        # Get vifib network prefix
+        self.network = bin(self.ca.get_serial())[3:]

        # Starting server
        server = SimpleXMLRPCServer(("localhost", 8000))
@@ -66,45 +68,54 @@ class main(object):
        s.sendmail(me, email, msg.as_string())
        s.quit()

+    def _getPrefix(self, prefix_len):
+        assert 0 < prefix_len <= 128 - len(self.network)
+        for prefix in self.db.execute("""SELECT prefix FROM vifib WHERE length(prefix) <= ? AND cert is null
+                                         ORDER BY length(prefix) DESC""", (prefix_len,)):
+            while len(prefix) < prefix_len:
+                self.db.execute("UPDATE vifib SET prefix = ? WHERE prefix = ?", (prefix + '1', prefix))
+                prefix += '0'
+                self.db.execute("INSERT INTO vifib VALUES (?,null,null)", (prefix,))
+            return prefix
+        raise RuntimeError # TODO: raise better exception
+
    def requestCertificate(self, token, cert_req):
-        n = len(cert_req_list)
        req = crypto.load_certificate_request(crypto.FILETYPE_PEM, cert_req)
+        with self.db:
            try:
-            # TODO : check syntax
-            token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).fetchone()
+                token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).next()
+            except StopIteration:
+                # TODO: return nice error message
+                raise
            self.db.execute("DELETE FROM tokens WHERE token = ?", (token,))

-            # Create a new prefix
-            # TODO : FIX !
-            # i impair => ok
-            # récursif sinon
-            for i, prefix in enumerate(self.db.execute("""SELECT DISTINCT substr(prefix,1,?) FROM certificates 
-                                        WHERE length(prefix) >= ? ORDER BY prefix""", (prefix_len, prefix_len))):
-                if i != int(prefix, 2):
-                    pass
-                    break
-            else:
-                 prefix = i
+            # Get a new prefix
+            prefix = self._getPrefix(prefix_len)
+
+            # Get complete ipv6 address from prefix
+            #ip = hex(int(prefix.ljust(80, '0'),2))[2::] # XXX: do not hardcode
+            #ip6 = self.vifib
+            #for i in xrange(0, len(ip), 4):
+            #    ip6 += ip[i:i+4] + ':'
+            #ip6 = ip6.rstrip(':')

-            # create certificate
+            # Create certificate
            cert = crypto.X509()
            #cert.set_serial_number(serial)
-            #cert.gmtime_adj_notBefore(notBefore)
-            #cert.gmtime_adj_notAfter(notAfter)
+            cert.set_notBefore(0)
+            cert.gmtime_adj_notAfter(self.cert_duration)
            cert.set_issuer(self.ca.get_subject())
-            cert.set_subject(req.get_subject())
+            subject = req.get_subject()
+            subject.serialNumber = "%u/%u" % (int(prefix, 2), prefix_len)
+            cert.set_subject(subject)
            cert.set_pubkey(req.get_pubkey())
            cert.sign(self.key, 'sha1')
            cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)

            # Insert certificate into db
-            self.db.execute("INSERT INTO certificates (?,?)", (, email, cert) )
+            self.db.execute("UPDATE certificates SET email = ?, cert = ? WHERE prefix = ?", (email, cert, prefix) )

-            # Returning certificate
        return cert
-        except: Exception:
-            # TODO : what to do ?
-            pass

 if __name__ == "__main__":
    main()