Start hacking test framework to support new tools, shake out first set

of trivial bugs. svn path=/myrpki.rototill/myirbe.py; revision=3017
author: Rob Austein <sra@hactrn.net> 2010-03-04 00:50:32 +0000
committer: Rob Austein <sra@hactrn.net> 2010-03-04 00:50:32 +0000
commit: 0a93b48100a3d7c1885384931efd5904bfc077bf (patch)
tree: abd8d2510ea118cc64fe485ad8ec4c9629233d14
parent: 9dc417ab477dc1fff29cdf3c44950d9bee81dbb1 (diff)
4 files changed, 50 insertions, 26 deletions
diff --git a/myrpki.rototill/myirbe.py b/myrpki.rototill/myirbe.py
index c09ec8e1..d6fa330d 100644
--- a/myrpki.rototill/myirbe.py
+++ b/myrpki.rototill/myirbe.py
@@ -267,7 +267,7 @@ for xmlfile in xmlfiles:
     print "Nothing else I can do without a trust anchor for the entity I'm hosting."
     continue
 
-  rpkid_xcert = rpki.x509.X509(PEM_file = bpki.fxcert(pem = hosted_cacert.get_PEM(),
+  rpkid_xcert = rpki.x509.X509(PEM_file = bpki.fxcert(b64 = hosted_cacert.get_Base64(),
                                                       filename = handle + ".cacert.cer",
                                                       path_restriction = 1))
 
diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py
index b35a56e6..6b471393 100644
--- a/myrpki.rototill/myrpki.py
+++ b/myrpki.rototill/myrpki.py
@@ -517,20 +517,22 @@ class CA(object):
       self.run_ca("-extensions", "ca_x509_ext_ee", "-in", req_file, "-out", cer_file)
 
     return req_file, cer_file
-    
-  def fxcert(self, pem, filename = None, path_restriction = 0):
+
+  def fxcert(self, b64, filename = None, path_restriction = 0):
     """
     Write PEM certificate to file, then cross-certify.
     """
     fn = os.path.join(self.dir, filename or "temp.%s.cer" % os.getpid())
     try:
-      f = open(fn, "w")
-      f.write(pem)
-      f.close()
+      p = subprocess.Popen((openssl, "x509", "-inform", "DER", "-out", fn), stdin = subprocess.PIPE)
+      p.communicate(base64.b64decode(b64))
+      if p.wait() != 0:
+        raise RuntimeError, "Couldn't store certificate for cross-certification"
       return self.xcert(fn, path_restriction)
     finally:
       if not filename and os.path.exists(fn):
-        os.unlink(fn)
+        #os.unlink(fn)
+        pass
 
   def xcert(self, cert, path_restriction = 0):
     """
diff --git a/myrpki.rototill/setup.py b/myrpki.rototill/setup.py
index f6fb3a5c..924e5ba9 100644
--- a/myrpki.rototill/setup.py
+++ b/myrpki.rototill/setup.py
@@ -158,11 +158,11 @@ class main(rpki.cli.Cmd):
     c = myrpki.etree_read(argv[0])
 
     if child_handle is None:
-      child_handle = c["handle"]
+      child_handle = c.get("handle")
 
-    print "Child calls itself %r, we call it %r" % (c["handle"], child_handle)
+    print "Child calls itself %r, we call it %r" % (c.get("handle"), child_handle)
 
-    self.bpki_myirbe.fxcert(pem = c.findtext(myrpki.tag("bpki_ca_certificate")))
+    self.bpki_myirbe.fxcert(c.findtext(myrpki.tag("bpki_ca_certificate")))
 
     e = Element("parent", xmlns = myrpki.namespace, version = "1",
                 parent_handle = self.handle, child_handle = child_handle,
@@ -175,7 +175,7 @@ class main(rpki.cli.Cmd):
 
     if self.run_pubd:
       SubElement(e, "repository", type = "offer",
-                 service_url = "https://%s:%d/" % (self.cfg.get("pubd_server_host"),
+                 service_url = "https://%s:%s/" % (self.cfg.get("pubd_server_host"),
                                                    self.cfg.get("pubd_server_port")))
     else:
       print "Warning: I don't yet know how to do publication hints, only offers"
@@ -200,12 +200,12 @@ class main(rpki.cli.Cmd):
     p = myrpki.etree_read(argv[0])
 
     if parent_handle is None:
-      parent_handle = p["parent_handle"]
+      parent_handle = p.get("parent_handle")
 
-    print "Parent calls itself %r, we call it %r" (p["parent_handle"], parent_handle)
+    print "Parent calls itself %r, we call it %r" % (p.get("parent_handle"), parent_handle)
 
-    self.bpki_myrpki.fxcert(pem = p.findtext(myrpki.tag("bpki_resource_ca")))
-    b = self.bpki_myrpki.fxcert(pem = p.findtext(myrpki.tag("bpki_server_ca")))
+    self.bpki_myrpki.fxcert(p.findtext(myrpki.tag("bpki_resource_ca")))
+    b = self.bpki_myrpki.fxcert(p.findtext(myrpki.tag("bpki_server_ca")))
 
     myrpki.etree_write(p, "parents/%s.xml" % parent_handle)
 
diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py
index d35b6cc3..a79cee24 100644
--- a/myrpki.rototill/yamltest.py
+++ b/myrpki.rototill/yamltest.py
@@ -69,6 +69,7 @@ rpkid_dir = cleanpath(this_dir, "../rpkid")
 
 prog_myirbe = cleanpath(this_dir, "myirbe.py")
 prog_myrpki = cleanpath(this_dir, "myrpki.py")
+prog_setup  = cleanpath(this_dir, "setup.py")
 prog_rpkid  = cleanpath(rpkid_dir, "rpkid.py")
 prog_irdbd  = cleanpath(rpkid_dir, "irdbd.py")
 prog_pubd   = cleanpath(rpkid_dir, "pubd.py")
@@ -493,6 +494,13 @@ class allocation(object):
     print "Running myrpki.py for", self.name
     subprocess.check_call(("python", prog_myrpki), cwd = self.path())
 
+  def run_setup(self, *args):
+    """
+    Run setup.py for this entity.
+    """
+    print "Running myrpki.py for", self.name, "with arguments", repr(args)
+    subprocess.check_call(("python", prog_setup) + args, cwd = self.path())
+
   def run_python_daemon(self, prog):
     """
     Start a Python daemon and return a subprocess.Popen object
@@ -611,10 +619,27 @@ for d in db:
   d.dump_clients("pubclients.csv", db)
   d.dump_rsyncd("rsyncd.conf")
 
-# Do initial myirbe.py run for each hosting entity to set up BPKI
+# Initialize BPKI and generate self-descriptor for each entity.
+
+print 'Running "setup initialize" for each entity'
+
+for d in db:
+  d.run_setup("initialize")
+
+print 'Done running "setup initialize"'
+
+# This is where we need to get clever about running setup.py in its
+# various modes to do the service URL and BPKI cross-certification
+# setup.
 
 for d in db:
-  d.run_myirbe()
+  if not d.is_root():
+    print
+    d.parent.run_setup("receive_from_child", d.path("%s.xml" % d.name))
+    print
+    d.run_setup("receive_from_parent", d.parent.path("children/%s.xml" % d.name))
+
+print
 
 # Run myrpki.py several times for each entity.  First pass misses
 # stuff that isn't generated until later in first pass.  Second pass
@@ -625,18 +650,15 @@ for i in xrange(3):
   for d in db:
     d.run_myrpki()
 
-# Set up a few things for rootd
+# Create publication directories.
 
-rootd_openssl = db.make_rootd_openssl()
+for d in db:
+  if d.is_root() or d.runs_pubd():
+    os.makedirs(d.path("publication"))
 
-print "Creating rootd BPKI cross-certificate for its child"
-rootd_openssl("ca", "-notext", "-batch",
-              "-config",  "myrpki.conf",
-              "-ss_cert", "bpki/myrpki/ca.cer",
-              "-out",     "bpki/myirbe/child.cer",
-              "-extensions", "ca_x509_ext_xcert0")
+# Create RPKI root certificate.
 
-os.makedirs(db.root.path("publication"))
+rootd_openssl = db.make_rootd_openssl()
 
 print "Creating rootd RPKI root certificate"
 rootd_openssl("x509", "-req", "-sha256", "-outform", "DER",
author	Rob Austein <sra@hactrn.net>	2010-03-04 00:50:32 +0000
committer	Rob Austein <sra@hactrn.net>	2010-03-04 00:50:32 +0000
commit	0a93b48100a3d7c1885384931efd5904bfc077bf (patch)
tree	abd8d2510ea118cc64fe485ad8ec4c9629233d14
parent	9dc417ab477dc1fff29cdf3c44950d9bee81dbb1 (diff)