diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-02-26 15:18:45 +0200 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-02-26 16:43:45 +0200 |
| commit | b0ff5cd7d6aa05bb97dd4bd2bde6d16168e02c7c (patch) | |
| tree | f11f6643a44cab5cfd867d35d28d464d65d76f50 | |
| parent | 847297c1b1ca5b2e633187dec67612b07a2b0d44 (diff) | |
| download | dmvpn-tools-b0ff5cd7d6aa05bb97dd4bd2bde6d16168e02c7c.tar.bz2 dmvpn-tools-b0ff5cd7d6aa05bb97dd4bd2bde6d16168e02c7c.tar.xz | |
nhrp-events: move extension parsing to dmvpn module
| -rw-r--r-- | dmvpn.lua | 38 | ||||
| -rwxr-xr-x | nhrp-events | 30 |
2 files changed, 42 insertions, 26 deletions
@@ -1,8 +1,44 @@ --[[ Copyright (c) 2014-2018 Kaarle Ritvanen +Copyright (c) 2015-2017 Timo Teräs See LICENSE file for license details ]]-- +local asn1 = require('asn1') +local rfc3779 = require('asn1.rfc3779') + local base = '1.3.6.1.4.1.31536.1.' -return {OID_IS_HUB=base..'1', OID_HUB_HOSTS=base..'2'} +local M = {OID_IS_HUB=base..'1', OID_HUB_HOSTS=base..'2'} + +local decoders={ + ['sbgp-autonomousSysNum']=function(d) + local asn = rfc3779.ASIdentifiers.decode(d) + if asn and asn.asnum and asn.asnum.asIdsOrRanges then + for _, as in ipairs(asn.asnum.asIdsOrRanges) do + if as.id then return as.id end + end + end + end, + ['sbgp-ipAddrBlock']=function(d) + local res = {} + for _, ab in ipairs(rfc3779.IPAddrBlocks.decode(d)) do + if ab.ipAddressChoice and ab.ipAddressChoice.addressesOrRanges then + for _, a in ipairs(ab.ipAddressChoice.addressesOrRanges) do + if a.addressPrefix then + table.insert(res, a.addressPrefix) + end + end + end + end + return res + end, + [M.OID_IS_HUB]=function(d) return asn1.boolean.decode(d) end, + [M.OID_HUB_HOSTS]=function(d) + return asn1.sequence_of(asn1.ia5string).decode(d) + end +} + +function M.decode_ext(oid, ext) return decoders[oid](ext:getData()) end + +return M diff --git a/nhrp-events b/nhrp-events index f87463b..3d791b2 100755 --- a/nhrp-events +++ b/nhrp-events @@ -17,8 +17,6 @@ local cq = require 'cqueues' local cqs = require 'cqueues.socket' local x509 = require 'openssl.x509' local x509an = require 'openssl.x509.altname' -local asn1 = require 'asn1' -local rfc3779 = require 'asn1.rfc3779' local dmvpn = require 'dmvpn' local SOCK = "/var/run/nhrp-events.sock" @@ -37,10 +35,10 @@ function string.hex2bin(str) return str:gsub('..', function(cc) return string.char(tonumber(cc, 16)) end) end -local function decode_ext(cert, name, tpe) +local function decode_ext(cert, name) local ext = cert:getExtension(name) if not ext then return end - return tpe.decode(ext:getData()) + return dmvpn.decode_ext(name, ext) end local function do_parse_cert(cert, out) @@ -51,26 +49,8 @@ local function do_parse_cert(cert, out) end if #out.GRE == 0 then return end - local asn = decode_ext(cert, 'sbgp-autonomousSysNum', rfc3779.ASIdentifiers) - if asn and asn.asnum and asn.asnum.asIdsOrRanges then - for _, as in ipairs(asn.asnum.asIdsOrRanges) do - if as.id then - out.AS = tonumber(as.id) - break - end - end - end - - local addrBlocks = decode_ext(cert, 'sbgp-ipAddrBlock', rfc3779.IPAddrBlocks) - for _, ab in ipairs(addrBlocks or {}) do - if ab.ipAddressChoice and ab.ipAddressChoice.addressesOrRanges then - for _, a in ipairs(ab.ipAddressChoice.addressesOrRanges) do - if a.addressPrefix then - table.insert(out.NET, a.addressPrefix) - end - end - end - end + out.AS = decode_ext(cert, 'sbgp-autonomousSysNum') + out.NET = decode_ext(cert, 'sbgp-ipAddrBlock') return true end @@ -84,7 +64,7 @@ local function parse_cert(certhex) } local cert = x509.new(certhex:hex2bin(), 'der') out.cn = tostring(cert:getSubject()) - out.hub = decode_ext(cert, dmvpn.OID_IS_HUB, asn1.boolean) + out.hub = decode_ext(cert, dmvpn.OID_IS_HUB) do_parse_cert(cert, out) return out end |