This is a simple tool to generate RPKI ASPA objects that fulfill the
constraints of the ASN.1 CONTENT-TYPE
definition, but exhibit corner
cases that may need to be explicitly accommodated in decoder implementations.
For example, draft-ietf-sidrops-aspa-profile mandates:
The elements of providers MUST be ordered in ascending numerical order by the value of the providerASID field.
This constraint cannot be expressed in ASN.1 notation, thus implementors will need to hand-code such a check.
The data generated by this tool is intended to assist in creating automated and consistent testing for such checks.
For those simply interested in the default generated data, an output tarball is provided for download for each release.
Test cases are defined in a YAML file. A default set of test cases are provided
in rpki_aspa_test_data/test-cases.yml
.
Each item in the YAML list defines an ASPA object to be generated, using the following metadata:
name
- A short name for the test case.valid
- A boolean indicating whether a conforming implementation should consider the resulting object valid.desc
- An optional long-form description of the test case.customer_asid
- The AS number to place in thecustomerASID
field.providers
- A list of elements describing the contents of theproviders
field:provider_asid
- The AS number to place in theproviderASID
field.afi_limit
- An optional value to place in theafiLimit
field. Must be eitheripv4
oripv6
.
The tool will output a dummy repository tree, containing a single root CA, and a child CA per test case. The ASPA objects will themselves be output to the corresponding child CA's repository directory.
To assist with matching output files with test cases, the file name and subject
commonName
of each issuing CA is set to ca-case-{case.name}-{case.valid}
.
Python 3.9 or greater is required.
There are currently no plans to publish a distribution via PyPI.
Users should install to a virtual environment directly from a git
checkout.
With pipenv
(Recommended)
The Pipfile.lock
file used by pipenv
will pin dependencies to known
working versions:
git clone https://github.com/benmaddison/rpki-aspa-test-data
cd rpki-aspa-test-data
pipenv install
pipenv run generate
For greater control over the packages installed into the local python
environment, in particular on operating systems for which the cryptography
package is not available for installation via pip
:
git clone https://github.com/benmaddison/rpki-aspa-test-data
cd rpki-aspa-test-data
python3 -m venv .venv
# optionally hand-install dependencies...
.venv/bin/python3 -m pip install -e .
.venv/bin/python3 -m rpki_aspa_test_data
--test-cases/-c <PATH>
- Generate objects based on the test cases specification file located at<PATH>
, rather than the provided defaults.--extra-cases/-e <PATH>
- Generate objects based on the additional test cases specification file at<PATH>
. Multiple instances are supported.--output-path/-o <PATH>
- Output files at<PATH>
. Defaults to./target
.
Pull requests are welcome.
If you wish to discuss a change before attempting an implementation, please open an issue in the issue tracker.