Checkpoint

svn path=/myrpki.rototill/initialize.py; revision=2990

3 files changed, 33 insertions, 5 deletions

diff --git a/myrpki.rototill/initialize.py b/myrpki.rototill/initialize.py
index 15959ca5..66d9f6a8 100644
--- a/myrpki.rototill/initialize.py
+++ b/myrpki.rototill/initialize.py
@@ -138,9 +138,16 @@ myrpki.etree_write(e, handle + ".xml")
 # If we're running rootd, construct a fake parent to go with it.
 
 if run_rootd:
+
   e = Element("parent", xmlns = myrpki.namespace, version = "1",
-              handle = handle,
+              parent_handle = "rootd", child_handle = handle,
               service_uri = "https://localhost:%d/" % cfg.getint("rootd_server_port"))
+
   myrpki.PEMElement(e, "bpki_resource_ca", bpki_myirbe.cer)
   myrpki.PEMElement(e, "bpki_server_ca",   bpki_myirbe.cer)
-  myrpki.etree_write(e, "parents/rootd.xml")
+
+  # Need to add repository offer/hint.
+
+  rootd_filename = "parents/rootd.xml"
+  print "Writing", rootd_filename
+  myrpki.etree_write(e, rootd_filename)
diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py
index 9509e85e..6ea1a6c4 100644
--- a/myrpki.rototill/myrpki.py
+++ b/myrpki.rototill/myrpki.py
@@ -573,6 +573,12 @@ def etree_write(e, filename):
   ElementTree(e).write(filename + ".tmp")
   os.rename(filename + ".tmp", filename)
 
+def tag(t):
+  """
+  Wrap an element name in the right XML namespace goop.
+  """
+  return "{" + namespace + "}" + t
+
 def main(argv = ()):
   """
   Main program.  Must be callable from other programs as well as being
diff --git a/myrpki.rototill/setup_child.py b/myrpki.rototill/setup_child.py
index d2164919..166f1b53 100644
--- a/myrpki.rototill/setup_child.py
+++ b/myrpki.rototill/setup_child.py
@@ -67,19 +67,34 @@ bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory"))
 
 for xml_file in argv:
 
+  # Deduce what we call this child from the filename.  This is a
+  # kludge, but I don't know how to do better (yet).
+  #
+  # Hmm.  Maybe we should make this script responsible for filing the
+  # new blob in the children/ directory, in which case we could make
+  # the default be to honor the handle specified in the XML, with a
+  # command line option to override.  This would probably require us
+  # to change this script to process only one child at a time, but
+  # that's no great loss.
+  #
+  # Blunder ahead for now, but that's probably the way to go.
+  #
   child_handle = os.splitext(os.path.basename(xml_file))[0]
 
-  raise NotImplemented
+  e = ElementTree(file = xml_file).getroot()
+  print "Child calls itself %r, we call it %r" % (e["handle"], child_handle)
 
   # ++ Cross certify child's cert
 
-  # ++ Write parent.xml tailored for this child
+  myrpki.fxcert(pem = e.findtext(myrpki.tag("bpki_ca_certificate")), path_restriction = 1)
 
   e = Element("parent", xmlns = myrpki.namespace, version = "1",
-              handle = child_handle,
+              parent_handle = handle, child_handle = child_handle,
               service_uri = "https://%s:%s/up-down/%s/%s" % (cfg.get("rpkid_server_host"), cfg.get("rpkid_server_port"), handle, child_handle))
 
   myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer)
   myrpki.PEMElement(e, "bpki_server_ca",   bpki_myirbe.cer)
 
+  # Need to add repository offer/hint.
+
   myrpki.etree_write(e, "parent.xml")