diff options
| author | Rob Austein <sra@hactrn.net> | 2010-10-01 21:17:07 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-10-01 21:17:07 +0000 |
| commit | 2535301e2d3972806cfd9246f57d15c3f74367e4 (patch) | |
| tree | 5c9c346a20eef98a3cd308e6b41db2d0efff04b9 | |
| parent | ad3fc47a54074b08bc6a191a12ba581da4b14aba (diff) | |
Pull update_bpki command from rpkid/ to rpkid.without_tls/.
svn path=/rpkid.without_tls/rpki/myrpki.py; revision=3453
| -rw-r--r-- | rpkid.without_tls/rpki/myrpki.py | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/rpkid.without_tls/rpki/myrpki.py b/rpkid.without_tls/rpki/myrpki.py index f4fd8218..bdbdbbe9 100644 --- a/rpkid.without_tls/rpki/myrpki.py +++ b/rpkid.without_tls/rpki/myrpki.py @@ -1023,6 +1023,48 @@ class main(rpki.cli.Cmd): etree_write(e, repo_file_name, msg = 'This is the "repository offer" file for you to use if you want to publish in your own repository') + + def do_update_bpki(self, arg): + """ + Update BPKI certificates. Assumes an existing RPKI installation. + + Basic plan here is to reissue all BPKI certificates we can, right + now. In the long run we might want to be more clever about only + touching ones that need maintenance, but this will do for a start. + + Most likely this should be run under cron. + """ + + if self.bpki_servers: + bpkis = (self.bpki_resources, self.bpki_servers) + else: + bpkis = (self.bpki_resources,) + + for bpki in bpkis: + for cer in glob.iglob("%s/*.cer" % bpki.dir): + key = cer[0:-4] + ".key" + req = cer[0:-4] + ".req" + if os.path.exists(key): + print "Regenerating BPKI PKCS #10", req + bpki.run_openssl("x509", "-x509toreq", "-in", cer, "-out", req, "-signkey", key) + print "Clearing BPKI certificate", cer + os.unlink(cer) + if cer == bpki.cer: + assert req == bpki.req + print "Regenerating certificate", cer + bpki.run_ca("-selfsign", "-extensions", "ca_x509_ext_ca", "-in", req, "-out", cer) + + print "Regenerating CRLs" + for bpki in bpkis: + bpki.run_ca("-gencrl", "-out", bpki.crl) + + self.do_initialize(None) + if self.run_rpkid or self.run_pubd or self.run_rootd: + self.do_configure_daemons(arg) + else: + self.do_configure_resources(None) + + def do_configure_child(self, arg): """ Configure a new child of this RPKI entity, given the child's XML |