Add URIs for parents and BPKI TAs for parents and children.

svn path=/myrpki/myirbe.py; revision=2546

5 files changed, 130 insertions, 38 deletions

diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py
index 42526f58..e29fff30 100644
--- a/myrpki/myirbe.py
+++ b/myrpki/myirbe.py
@@ -126,6 +126,17 @@ def showpem(label, b64, kind):
     raise subprocess.CalledProcessError(returncode = p.returncode, cmd = cmd)
   print label, text
 
+for x in tree.getiterator(tag("child")):
+  ta = x.findtext(tag("bpki_ta"))
+  if ta:
+    showpem("Child", ta, "x509")
+
+for x in tree.getiterator(tag("parent")):
+  print "Parent URI:", x.get("uri")
+  ta = x.findtext(tag("bpki_ta"))
+  if ta:
+    showpem("Parent", ta, "x509")
+
 ca = tree.findtext(tag("bpki_ca_certificate"))
 if ca:
   showpem("CA", ca, "x509")
diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf
index e66364c2..54d63e04 100644
--- a/myrpki/myrpki.conf
+++ b/myrpki/myrpki.conf
@@ -9,7 +9,8 @@
 
 handle			= wombat
 roa_csv			= roas.csv
-validity_csv		= validity.csv
+children_csv		= children.csv
+parents_csv		= parents.csv
 prefix_csv		= prefixes.csv
 asn_csv			= asns.csv
 bpki_ca_certificate	= bpki-ca-cert.pem
diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py
index 8e5b6f6f..8bdcef4b 100644
--- a/myrpki/myrpki.py
+++ b/myrpki/myrpki.py
@@ -88,8 +88,9 @@ class child(object):
     self.v4 = comma_set()
     self.v6 = comma_set()
     self.validity = None
+    self.ta = None
 
-  def add(self, prefix = None, asn = None, validity = None):
+  def add(self, prefix = None, asn = None, validity = None, ta = None):
     if prefix is not None:
       if self.v4re.match(prefix):
         self.v4.add(prefix)
@@ -101,32 +102,37 @@ class child(object):
       self.asns.add(asn)
     if validity is not None:
       self.validity = validity
+    if ta is not None:
+      self.ta = ta
 
   def xml(self, e):
-    return SubElement(e, "child",
-                      handle = self.handle,
-                      valid_until = self.validity,
-                      asns = str(self.asns),
-                      v4 = str(self.v4),
-                      v6 = str(self.v6))
+    e = SubElement(e, "child",
+                   handle = self.handle,
+                   valid_until = self.validity,
+                   asns = str(self.asns),
+                   v4 = str(self.v4),
+                   v6 = str(self.v6))
+    if self.ta:
+      PEMElement(e, "bpki_ta", self.ta)
+    return e
 
 class children(dict):
 
-  def add(self, handle, prefix = None, asn = None, validity = None):
+  def add(self, handle, prefix = None, asn = None, validity = None, ta = None):
     if handle not in self:
       self[handle] = child(handle)
-    self[handle].add(prefix = prefix, asn = asn, validity = validity)
+    self[handle].add(prefix = prefix, asn = asn, validity = validity, ta = ta)
 
   def xml(self, e):
     for c in self.itervalues():
       c.xml(e)
 
   @classmethod
-  def from_csv(cls, validity_csv_file, prefix_csv_file, asn_csv_file):
+  def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file):
     self = cls()
-    # childname date
-    for handle, date in csv_open(validity_csv_file):
-      self.add(handle = handle, validity = date)
+    # childname date pemfile
+    for handle, date, pemfile in csv_open(children_csv_file):
+      self.add(handle = handle, validity = date, ta = pemfile)
     # childname p/n
     for handle, pn in csv_open(prefix_csv_file):
       self.add(handle = handle, prefix = pn)
@@ -135,6 +141,46 @@ class children(dict):
       self.add(handle = handle, asn = asn)
     return self
 
+class parent(object):
+
+  def __init__(self, handle):
+    self.handle = handle
+    self.uri = None
+    self.ta = None
+
+  def add(self, uri = None, ta = None):
+    if uri is not None:
+      self.uri = uri
+    if ta is not None:
+      self.ta = ta
+
+  def xml(self, e):
+    e = SubElement(e, "parent",
+                   handle = self.handle,
+                   uri = self.uri)
+    if self.ta:
+      PEMElement(e, "bpki_ta", self.ta)
+    return e
+
+class parents(dict):
+
+  def add(self, handle, uri = None, ta = None):
+    if handle not in self:
+      self[handle] = parent(handle)
+    self[handle].add(uri = uri, ta = ta)
+
+  def xml(self, e):
+    for c in self.itervalues():
+      c.xml(e)
+
+  @classmethod
+  def from_csv(cls, parents_csv_file):
+    self = cls()
+    # parentname uri pemfile
+    for handle, uri, pemfile in csv_open(parents_csv_file):
+      self.add(handle = handle, uri = uri, ta = pemfile)
+    return self
+
 def csv_open(filename, delimiter = "\t", dialect = None):
   return csv.reader(open(filename, "rb"), dialect = dialect, delimiter = delimiter)
 
@@ -205,7 +251,8 @@ def main():
 
   my_handle         = cfg.get(myrpki_section, "handle")
   roa_csv_file      = cfg.get(myrpki_section, "roa_csv")
-  validity_csv_file = cfg.get(myrpki_section, "validity_csv")
+  children_csv_file = cfg.get(myrpki_section, "children_csv")
+  parents_csv_file  = cfg.get(myrpki_section, "parents_csv")
   prefix_csv_file   = cfg.get(myrpki_section, "prefix_csv")
   asn_csv_file      = cfg.get(myrpki_section, "asn_csv")
   bpki_ca_cert_file = cfg.get(myrpki_section, "bpki_ca_certificate")
@@ -218,11 +265,13 @@ def main():
   relaxng_schema    = cfg.get(myrpki_section, "relaxng_schema")
 
   roas = roa_requests.from_csv(roa_csv_file)
-  kids = children.from_csv(validity_csv_file, prefix_csv_file, asn_csv_file)
+  kids = children.from_csv(children_csv_file, prefix_csv_file, asn_csv_file)
+  rents = parents.from_csv(parents_csv_file)
 
   e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle)
   roas.xml(e)
   kids.xml(e)
+  rents.xml(e)
   bpki_ca(e,
           bpki_ca_key_file  = bpki_ca_key_file,
           bpki_ca_cert_file = bpki_ca_cert_file,
diff --git a/myrpki/myrpki.rnc b/myrpki/myrpki.rnc
index cf19e676..0af3a883 100644
--- a/myrpki/myrpki.rnc
+++ b/myrpki/myrpki.rnc
@@ -17,32 +17,38 @@ ipv6_list	= xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" }
 start = element myrpki {
   attribute version { xsd:positiveInteger { maxInclusive="1" } },
   attribute handle { object_handle },
-  roa_request*,
-  child*,
-  bpki_ca_certificate?,
-  bpki_crl?,
-  bpki_ee_certificate?
+  roa_request_elt*,
+  child_elt*,
+  parent_elt*,
+  bpki_ca_certificate_elt?,
+  bpki_crl_elt?,
+  bpki_ee_certificate_elt?
 }
 
-roa_request = element roa_request {
+roa_request_elt = element roa_request {
   attribute asn { xsd:positiveInteger },
   attribute v4 { ipv4_list },
   attribute v6 { ipv6_list }
 }
 
-child = element child {
+child_elt = element child {
   attribute handle { object_handle },
   attribute valid_until { xsd:dateTime { pattern=".*Z" } },
   attribute asns { asn_list }?,
   attribute v4 { ipv4_list }?,
-  attribute v6 { ipv6_list }?
+  attribute v6 { ipv6_list }?,
+  element bpki_ta { base64 }?
 }
 
-bpki_ca_certificate = element bpki_ca_certificate { base64 }
-
-bpki_ee_certificate = element bpki_ee_certificate { base64 }
+parent_elt = element parent {
+  attribute handle { object_handle },
+  attribute uri { uri }?,
+  element bpki_ta { base64 }?
+}
 
-bpki_crl            = element bpki_crl            { base64 }
+bpki_ca_certificate_elt = element bpki_ca_certificate { base64 }
+bpki_ee_certificate_elt = element bpki_ee_certificate { base64 }
+bpki_crl_elt            = element bpki_crl            { base64 }
 
 # Local Variables:
 # indent-tabs-mode: nil
diff --git a/myrpki/myrpki.rng b/myrpki/myrpki.rng
index 9f647dd0..f8816721 100644
--- a/myrpki/myrpki.rng
+++ b/myrpki/myrpki.rng
@@ -53,23 +53,26 @@
         <ref name="object_handle"/>
       </attribute>
       <zeroOrMore>
-        <ref name="roa_request"/>
+        <ref name="roa_request_elt"/>
       </zeroOrMore>
       <zeroOrMore>
-        <ref name="child"/>
+        <ref name="child_elt"/>
+      </zeroOrMore>
+      <zeroOrMore>
+        <ref name="parent_elt"/>
       </zeroOrMore>
       <optional>
-        <ref name="bpki_ca_certificate"/>
+        <ref name="bpki_ca_certificate_elt"/>
       </optional>
       <optional>
-        <ref name="bpki_crl"/>
+        <ref name="bpki_crl_elt"/>
       </optional>
       <optional>
-        <ref name="bpki_ee_certificate"/>
+        <ref name="bpki_ee_certificate_elt"/>
       </optional>
     </element>
   </start>
-  <define name="roa_request">
+  <define name="roa_request_elt">
     <element name="roa_request">
       <attribute name="asn">
         <data type="positiveInteger"/>
@@ -82,7 +85,7 @@
       </attribute>
     </element>
   </define>
-  <define name="child">
+  <define name="child_elt">
     <element name="child">
       <attribute name="handle">
         <ref name="object_handle"/>
@@ -107,19 +110,41 @@
           <ref name="ipv6_list"/>
         </attribute>
       </optional>
+      <optional>
+        <element name="bpki_ta">
+          <ref name="base64"/>
+        </element>
+      </optional>
+    </element>
+  </define>
+  <define name="parent_elt">
+    <element name="parent">
+      <attribute name="handle">
+        <ref name="object_handle"/>
+      </attribute>
+      <optional>
+        <attribute name="uri">
+          <ref name="uri"/>
+        </attribute>
+      </optional>
+      <optional>
+        <element name="bpki_ta">
+          <ref name="base64"/>
+        </element>
+      </optional>
     </element>
   </define>
-  <define name="bpki_ca_certificate">
+  <define name="bpki_ca_certificate_elt">
     <element name="bpki_ca_certificate">
       <ref name="base64"/>
     </element>
   </define>
-  <define name="bpki_ee_certificate">
+  <define name="bpki_ee_certificate_elt">
     <element name="bpki_ee_certificate">
       <ref name="base64"/>
     </element>
   </define>
-  <define name="bpki_crl">
+  <define name="bpki_crl_elt">
     <element name="bpki_crl">
       <ref name="base64"/>
     </element>