anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b799ade8169e5e335bdd7e59f007e668f3e91d64
DECNET/decnet/rpki/base.py
anti 1a11287f76 feat(rpki): provider scaffold — base, factory, paths, ripestat skeleton 
New decnet/rpki/ module mirrors decnet/asn/ shape. Validator ABC,
lazy singleton factory (DECNET_RPKI_PROVIDER=ripestat default),
paths.py with DECNET_RPKI_ROOT override. RipeStatValidator stub
returns 'unknown' unconditionally — HTTP wired in next commit.

enrich_rpki(ip, asn) -> (status, source) | (None, None); short-circuits
on DECNET_RPKI_ENABLED=false or asn=None.
2026-05-21 16:10:01 -04:00

39 lines
1.1 KiB
Python
Raw Blame History

"""RPKI validator protocol.
Concrete validators (:mod:`decnet.rpki.ripestat`, future offline providers)
implement this. Callers must go through
:func:`~decnet.rpki.factory.get_validator`; never import a concrete
validator class directly.
"""
from __future__ import annotations
from abc import ABC, abstractmethod
from dataclasses import dataclass
from datetime import datetime
from typing import Literal, Optional
RpkiStatus = Literal["valid", "invalid", "not-found", "unknown"]
@dataclass(frozen=True)
class RpkiResult:
"""Outcome of a single RPKI validity check."""
status: RpkiStatus
prefix: Optional[str] = None # announced prefix the validator resolved for this IP
validated_at: Optional[datetime] = None
class Validator(ABC):
"""Abstract RPKI validator."""
#: Short tag written to ``Attacker.rpki_source`` (e.g. ``'ripestat'``).
name: str
@abstractmethod
def validate(self, ip: str, asn: int) -> RpkiResult:
"""Return RPKI validity for (ip, asn). Never raises."""
def refresh(self) -> None:
"""No-op for online validators; offline providers may override."""
Reference in New Issue View Git Blame Copy Permalink