Checkpoint

svn path=/myrpki.rototill/myrpki.py; revision=3038
author: Rob Austein <sra@hactrn.net> 2010-03-06 22:33:34 +0000
committer: Rob Austein <sra@hactrn.net> 2010-03-06 22:33:34 +0000
commit: 6de014f746a0d65499e98d2b78cba7ee8a7fe1ee (patch)
tree: 05be5841655b53a70b9e06cd6ee8369b01afb0db
parent: 4fb609e2b1520bdf572b01fc59f009c3d24ec491 (diff)
3 files changed, 61 insertions, 50 deletions
diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py
index 6a62b0ba..7c8642aa 100644
--- a/myrpki.rototill/myrpki.py
+++ b/myrpki.rototill/myrpki.py
@@ -49,7 +49,7 @@ PERFORMANCE OF THIS SOFTWARE.
 
 # Only standard Python libraries for this program, please.
 
-import subprocess, csv, re, os, getopt, sys, ConfigParser, base64
+import subprocess, csv, re, os, getopt, sys, ConfigParser, base64, glob
 
 from xml.etree.ElementTree import Element, SubElement, ElementTree
 
@@ -245,14 +245,19 @@ class children(dict):
       c.xml(e)
 
   @classmethod
-  def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file, xcert):
+  def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file, fxcert):
     """
     Parse child resources, certificates, and validity dates from CSV files.
     """
     self = cls()
-    # childname date pemfile
-    for handle, date, pemfile in csv_open(children_csv_file):
-      self.add(handle = handle, validity = date, bpki_certificate = xcert(pemfile))
+
+    # Need something like setup.py's entitydb() function.  Wire in pathnames for now.
+    for f in glob.iglob("entitydb/children/*.xml"):
+      c = etree_read(f)
+      self.add(handle = os.path.splitext(os.path.split(f)[-1])[0],
+               validity = c.get("valid_until"),
+               bpki_certificate = fxcert(c.findtext("bpki_child_ta")))
+
     # childname p/n
     for handle, pn in csv_open(prefix_csv_file):
       self.add(handle = handle, prefix = pn)
@@ -353,19 +358,33 @@ class parents(dict):
       c.xml(e)
 
   @classmethod
-  def from_csv(cls, parents_csv_file, xcert):
+  def from_csv(cls, parents_csv_file, fxcert):
     """
     Parse parent data from CSV file.
     """
     self = cls()
-    # parentname service_uri parent_bpki_cms_pemfile parent_bpki_https_pemfile myhandle sia_base
-    for handle, service_uri, parent_cms_pemfile, parent_https_pemfile, myhandle, sia_base in csv_open(parents_csv_file):
-      self.add(handle = handle,
-               service_uri = service_uri,
-	       bpki_cms_certificate = xcert(parent_cms_pemfile),
-	       bpki_https_certificate = xcert(parent_https_pemfile),
-               myhandle = myhandle,
-               sia_base = sia_base)
+    if False:
+      # parentname service_uri parent_bpki_cms_pemfile parent_bpki_https_pemfile myhandle sia_base
+      for handle, service_uri, parent_cms_pemfile, parent_https_pemfile, myhandle, sia_base in csv_open(parents_csv_file):
+        self.add(handle = handle,
+                 service_uri = service_uri,
+                 bpki_cms_certificate = xcert(parent_cms_pemfile),
+                 bpki_https_certificate = xcert(parent_https_pemfile),
+                 myhandle = myhandle,
+                 sia_base = sia_base)
+    else:
+      # Need something like setup.py's entitydb() function.  Wire in pathnames for now.
+      for f in glob.iglob("entitydb/parents/*.xml"):
+        h = os.path.splitext(os.path.split(f)[-1])[0]
+        p = etree_read(f)
+        r = etree_read(f.replace("/parents/", "/repositories/"))
+        assert r.get("type") == "confirmed"
+        self.add(handle = h,
+                 service_uri = p.get("service_uri"),
+                 bpki_cms_certificate = fxcert(p.findtext("bpki_resource_ta")),
+                 bpki_https_certificate = fxcert(p.findtext("bpki_server_ta")),
+                 myhandle = p.get("child_handle"),
+                 sia_base = r.get("sia_base"))
     return self
 
 def csv_open(filename):
@@ -665,11 +684,11 @@ def main(argv = ()):
     children_csv_file = children_csv_file,
     prefix_csv_file = prefix_csv_file,
     asn_csv_file = asn_csv_file,
-    xcert = bpki.xcert).xml(e)
+    fxcert = bpki.fxcert).xml(e)
 
   parents.from_csv(
     parents_csv_file = parents_csv_file,
-    xcert = bpki.xcert).xml(e)
+    fxcert = bpki.fxcert).xml(e)
 
   PEMElement(e, "bpki_ca_certificate", bpki.cer)
   PEMElement(e, "bpki_crl",            bpki.crl)
diff --git a/myrpki.rototill/setup.py b/myrpki.rototill/setup.py
index 61eb6b1c..1f03e4a9 100644
--- a/myrpki.rototill/setup.py
+++ b/myrpki.rototill/setup.py
@@ -155,14 +155,14 @@ class main(rpki.cli.Cmd):
 
     if self.run_rootd:
 
-      e = Element("parent", parent_handle = "rootd", child_handle = self.handle,
-                  service_url = "https://localhost:%s/" % self.cfg.get("rootd_server_port"),
+      e = Element("parent", parent_handle = self.handle, child_handle = self.handle,
+                  service_uri = "https://localhost:%s/" % self.cfg.get("rootd_server_port"),
                   valid_until = str(rpki.sundial.now() + rpki.sundial.timedelta(days = 365)))
       PEMElement(e, "bpki_resource_ta", self.bpki_servers.cer)
       PEMElement(e, "bpki_server_ta", self.bpki_servers.cer)
       PEMElement(e, "bpki_child_ta", self.bpki_resources.cer)
       SubElement(e, "repository", type = "offer")
-      myrpki.etree_write(e, self.entitydb("parents", "rootd.xml"))
+      myrpki.etree_write(e, self.entitydb("parents", "%s.xml" % self.handle))
 
       self.bpki_resources.xcert(self.bpki_servers.cer)
 
@@ -174,7 +174,7 @@ class main(rpki.cli.Cmd):
     # if we had received an offer.
 
     if self.run_pubd:
-      e = Element("repository", type = "request", handle = self.handle)
+      e = Element("repository", type = "request", handle = self.handle, parent_handle = self.handle)
       SubElement(e, "contact_info").text = self.pubd_contact_info
       PEMElement(e, "bpki_ta", self.bpki_resources.cer)
       myrpki.etree_write(e, self.entitydb("repositories", "%s.xml" % self.handle))
@@ -207,7 +207,7 @@ class main(rpki.cli.Cmd):
     self.bpki_servers.fxcert(c.findtext("bpki_ta"))
 
     e = Element("parent", parent_handle = self.handle, child_handle = child_handle,
-                service_url = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"),
+                service_uri = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"),
                                                                self.cfg.get("rpkid_server_port"),
                                                                self.handle, child_handle),
                 valid_until = str(rpki.sundial.now() + rpki.sundial.timedelta(days = 365)))
@@ -240,14 +240,11 @@ class main(rpki.cli.Cmd):
     self.load_xml()
 
     parent_handle = None
-    repository_handle = None
 
-    opts, argv = getopt.getopt(arg.split(), "", ["parent_handle=", "repository_handle="])
+    opts, argv = getopt.getopt(arg.split(), "", ["parent_handle="])
     for o, a in opts:
       if o == "--parent_handle":
         parent_handle = a
-      elif o == "--repository_handle":
-        repository_handle = a
 
     if len(argv) != 1:
       raise RuntimeError, "Need to specify filename for parent.xml on command line"
@@ -257,12 +254,8 @@ class main(rpki.cli.Cmd):
     if parent_handle is None:
       parent_handle = p.get("parent_handle")
 
-    if repository_handle is None:
-      repository_handle = parent_handle
-
     print "Parent calls itself %r, we call it %r" % (p.get("parent_handle"), parent_handle)
     print "Parent calls us %r" % p.get("child_handle")
-    print "We call repository %r" % repository_handle
 
     self.bpki_resources.fxcert(p.findtext("bpki_resource_ta"))
     self.bpki_resources.fxcert(p.findtext("bpki_server_ta"))
@@ -273,8 +266,9 @@ class main(rpki.cli.Cmd):
 
     if r is not None and r.get("type") in ("offer", "hint"):
       r.set("handle", self.handle)
+      r.set("parent_handle", parent_handle)
       PEMElement(r, "bpki_ta", self.bpki_resources.cer)
-      myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % repository_handle))
+      myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % parent_handle))
 
     else:
       print "Couldn't find repository offer or hint"
@@ -322,7 +316,7 @@ class main(rpki.cli.Cmd):
 
     # For the moment we cheat egregiously, no crypto, blind trust of
     # what we're sent, while I focus on the basic semantics.
-    #
+
     if sia_base is None and c.get("proposed_sia_base"):
       sia_base = c.get("proposed_sia_base")
     elif sia_base is None and c.get("handle") == self.handle:
@@ -332,15 +326,19 @@ class main(rpki.cli.Cmd):
 
     client_handle = "/".join(sia_base.rstrip("/").split("/")[3:])
 
+    parent_handle = c.get("parent_handle")
+
     print "Client calls itself %r, we call it %r" % (c.get("handle"), client_handle)
+    print "Client says its parent handle is %r" % parent_handle
 
     self.bpki_servers.fxcert(c.findtext("bpki_ta"))
 
     e = Element("repository", type = "confirmed",
                 repository_handle = self.handle,
                 client_handle = client_handle,
+                parent_handle = parent_handle,
                 sia_base = sia_base,
-                service_url = "https://%s:%s/client/%s" % (self.cfg.get("pubd_server_host"),
+                service_uri = "https://%s:%s/client/%s" % (self.cfg.get("pubd_server_host"),
                                                            self.cfg.get("pubd_server_port"),
                                                            client_handle))
 
@@ -354,25 +352,19 @@ class main(rpki.cli.Cmd):
 
     self.load_xml()
 
-    repository_handle = None
-
-    opts, argv = getopt.getopt(arg.split(), "", ["repository_handle="])
-    for o, a in opts:
-      if o == "--repository_handle":
-        repository_handle = a
+    argv = arg.split()
 
     if len(argv) != 1:
       raise RuntimeError, "Need to specify filename for repository.xml on command line"
 
     r = myrpki.etree_read(argv[0])
 
-    if repository_handle is None:
-       repository_handle = r.get("repository_handle")
+    parent_handle = r.get("parent_handle")
 
-    print "Repository calls itself %r, we call it %r" % (r.get("repository_handle"), repository_handle)
-    print "Repository calls us %r" % r.get("client_handle")
+    print "Repository calls itself %r, calls us %r" % (r.get("repository_handle"), r.get("client_handle"))
+    print "Repository response associated with parent_handle %r" % parent_handle
 
-    myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % repository_handle))
+    myrpki.etree_write(r, self.entitydb("repositories", "%s.xml" % parent_handle))
 
 
   def do_compose_request_to_host(self, arg):
diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py
index 97952532..131df947 100644
--- a/myrpki.rototill/yamltest.py
+++ b/myrpki.rototill/yamltest.py
@@ -624,7 +624,13 @@ for d in db:
 # setup.
 
 for d in db:
-  if not d.is_root():
+  if d.is_root():
+    print
+    d.run_setup("answer_repository_client", d.path("entitydb", "repositories", "%s.xml" % d.name))
+    print
+    d.run_setup("process_repository_answer", d.path("entitydb", "pubclients", "%s.xml" % d.name))
+    print
+  else:
     print
     d.parent.run_setup("answer_child", d.path("entitydb", "identity.xml"))
     print
@@ -635,12 +641,6 @@ for d in db:
     print
     d.run_setup("process_repository_answer", p.path("entitydb", "pubclients", "%s.xml" % n))
     print
-  else:
-    print
-    d.run_setup("answer_repository_client", d.path("entitydb", "identity.xml"))
-    print
-    d.run_setup("process_repository_answer", d.path("entitydb", "pubclients", "%s.xml" % d.name))
-    print
 
 # Run myrpki.py several times for each entity.  First pass misses
 # stuff that isn't generated until later in first pass.  Second pass
author	Rob Austein <sra@hactrn.net>	2010-03-06 22:33:34 +0000
committer	Rob Austein <sra@hactrn.net>	2010-03-06 22:33:34 +0000
commit	6de014f746a0d65499e98d2b78cba7ee8a7fe1ee (patch)
tree	05be5841655b53a70b9e06cd6ee8369b01afb0db
parent	4fb609e2b1520bdf572b01fc59f009c3d24ec491 (diff)