Changes to support structured pubd client names.

svn path=/myrpki/myirbe.py; revision=2722
author: Rob Austein <sra@hactrn.net> 2009-08-31 22:24:48 +0000
committer: Rob Austein <sra@hactrn.net> 2009-08-31 22:24:48 +0000
commit: 1b65eb039f50792d7479cbfbd196f29ff89c7c4d (patch)
tree: c17808904c99f3783e4feefc39448584d2c596da
parent: f6be347c09042f59b8042083f5009cb98496fbb7 (diff)
12 files changed, 58 insertions, 17 deletions
diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py
index a1ac1e5d..683e9c1b 100644
--- a/myrpki/myirbe.py
+++ b/myrpki/myirbe.py
@@ -288,9 +288,9 @@ for xmlfile in xmlfiles:
   # See what rpkid and pubd already have on file for this entity.
 
   if want_pubd:
-    pubd_reply = call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),))
-
-    client_pdus = dict((x.client_handle, x) for x in pubd_reply if isinstance(x, rpki.publication.client_elt))
+    client_pdus = dict((x.client_handle, x)
+                       for x in call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),))
+                       if isinstance(x, rpki.publication.client_elt))
 
   rpkid_reply = call_rpkid((
     rpki.left_right.self_elt.make_pdu(      action = "get",  tag = "self",       self_handle = handle),
@@ -367,7 +367,7 @@ for xmlfile in xmlfiles:
   if repository_cert:
 
     repository_pdu = repository_pdus.pop(repository_handle, None)
-    repository_uri = pubd_base + "client/" + handle
+    repository_uri = pubd_base + "client/" + tree.get("repository_handle")
 
     if (repository_pdu is None or
         repository_pdu.bsc_handle != bsc_handle or
diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf
index 5b37034a..d71a8365 100644
--- a/myrpki/myrpki.conf
+++ b/myrpki/myrpki.conf
@@ -15,6 +15,7 @@ asn_csv				= asns.csv
 xml_filename			= myrpki.xml
 bpki_directory			= bpki.myrpki
 repository_bpki_certificate	= bpki.pubd/ca.cer
+repository_handle		= wombat
 
 [constants]
 digest				= sha256
diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py
index 7ab6aa8c..fe4b460b 100644
--- a/myrpki/myrpki.py
+++ b/myrpki/myrpki.py
@@ -548,6 +548,7 @@ def main(argv = ()):
   bpki_dir                      = cfg.get(myrpki_section, "bpki_directory")
   xml_filename                  = cfg.get(myrpki_section, "xml_filename")
   repository_bpki_certificate   = cfg.get(myrpki_section, "repository_bpki_certificate")
+  repository_handle             = cfg.get(myrpki_section, "repository_handle")
 
   bpki = CA(cfg_file, bpki_dir)
   bpki.setup("/CN=%s TA" % my_handle)
@@ -558,7 +559,7 @@ def main(argv = ()):
   else:
     bsc_req, bsc_cer = None, None
 
-  e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle)
+  e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle, repository_handle = repository_handle)
 
   roa_requests.from_csv(roa_csv_file).xml(e)
 
diff --git a/myrpki/schema.py b/myrpki/schema.py
index 726f2a97..33752636 100644
--- a/myrpki/schema.py
+++ b/myrpki/schema.py
@@ -20,6 +20,12 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encodin
       <param name="pattern">[\-_A-Za-z0-9]*</param>
     </data>
   </define>
+  <define name="pubd_handle">
+    <data type="string">
+      <param name="maxLength">255</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
+    </data>
+  </define>
   <define name="uri">
     <data type="anyURI">
       <param name="maxLength">4096</param>
@@ -53,6 +59,9 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encodin
       <attribute name="handle">
         <ref name="object_handle"/>
       </attribute>
+      <attribute name="repository_handle">
+        <ref name="pubd_handle"/>
+      </attribute>
       <zeroOrMore>
         <ref name="roa_request_elt"/>
       </zeroOrMore>
diff --git a/myrpki/schema.rnc b/myrpki/schema.rnc
index 57a8ebab..8ec48195 100644
--- a/myrpki/schema.rnc
+++ b/myrpki/schema.rnc
@@ -9,6 +9,7 @@ default namespace = "http://www.hactrn.net/uris/rpki/myrpki/"
 
 base64		= xsd:base64Binary { maxLength="512000" }
 object_handle	= xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]*" }
+pubd_handle     = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" }
 uri		= xsd:anyURI { maxLength="4096" }
 asn_list	= xsd:string { maxLength="512000" pattern="[\-,0-9]*" }
 ipv4_list	= xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" }
@@ -17,6 +18,7 @@ ipv6_list	= xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" }
 start = element myrpki {
   attribute version { xsd:positiveInteger { maxInclusive="1" } },
   attribute handle { object_handle },
+  attribute repository_handle { pubd_handle },
   roa_request_elt*,
   child_elt*,
   parent_elt*,
diff --git a/myrpki/schema.rng b/myrpki/schema.rng
index 80817b5b..5e380784 100644
--- a/myrpki/schema.rng
+++ b/myrpki/schema.rng
@@ -19,6 +19,12 @@
       <param name="pattern">[\-_A-Za-z0-9]*</param>
     </data>
   </define>
+  <define name="pubd_handle">
+    <data type="string">
+      <param name="maxLength">255</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
+    </data>
+  </define>
   <define name="uri">
     <data type="anyURI">
       <param name="maxLength">4096</param>
@@ -52,6 +58,9 @@
       <attribute name="handle">
         <ref name="object_handle"/>
       </attribute>
+      <attribute name="repository_handle">
+        <ref name="pubd_handle"/>
+      </attribute>
       <zeroOrMore>
         <ref name="roa_request_elt"/>
       </zeroOrMore>
diff --git a/myrpki/yamltest.py b/myrpki/yamltest.py
index 2454e2cd..469238ef 100644
--- a/myrpki/yamltest.py
+++ b/myrpki/yamltest.py
@@ -76,8 +76,6 @@ prog_rootd  = cleanpath(rpkid_dir, "rootd.py")
 
 prog_openssl = cleanpath(this_dir, "../openssl/openssl/apps/openssl")
 
-only_one_pubd = True
-
 class roa_request(object):
   """
   Representation of a ROA request.
@@ -135,6 +133,10 @@ class allocation_db(list):
         a.crl_interval = a.parent.crl_interval
       if a.regen_margin is None:
         a.regen_margin = a.parent.regen_margin
+      i = 0
+      for j in xrange(3):
+        i = a.sia_base.index("/", i) + 1
+      a.client_handle = a.sia_base[i:].rstrip("/")
     self.root.closure()
     self.map = dict((a.name, a) for a in self)
     for a in self:
@@ -367,7 +369,7 @@ class allocation(object):
     """
     if self.runs_pubd():
       f = self.csvout(fn)
-      f.writerows((s.name, s.path("bpki.myrpki/ca.cer"), s.sia_base)
+      f.writerows((s.client_handle, s.path("bpki.myrpki/ca.cer"), s.sia_base)
                   for s in (db if only_one_pubd else [self] + self.kids))
 
   def dump_conf(self, fn):
@@ -409,6 +411,7 @@ class allocation(object):
     r["myirbe", "pubd_base"]  = "https://localhost:%d/" % s.pubd_port
     r["myirbe", "rsync_base"] = "rsync://localhost:%d/" % s.rsync_port
     r["myrpki", "repository_bpki_certificate"] = s.path("bpki.myirbe/ca.cer")
+    r["myrpki", "repository_handle"] = self.client_handle
 
     if self.is_root():
       r["rootd", "server-port"] = "%d" % self.rootd_port
@@ -554,10 +557,12 @@ try:
   rpkid_password = cfg.get("rpkid_db_pass")
   irdbd_password = cfg.get("irdbd_db_pass")
   pubd_password  = cfg.get("pubd_db_pass")
+  only_one_pubd  = cfg.getboolean("only_one_pubd", True)
 except:
   rpkid_password = None
   irdbd_password = None
   pubd_password  = None
+  only_one_pubd  = True
 
 # Start clean
 
diff --git a/rpkid/pubd.py b/rpkid/pubd.py
index e772acad..ec6f3fcf 100755
--- a/rpkid/pubd.py
+++ b/rpkid/pubd.py
@@ -93,7 +93,7 @@ class pubd_context(object):
       rpki.log.traceback()
       cb(500, "Unhandled exception %s" % data)
 
-  client_url_regexp = re.compile("/client/([-A-Z0-9_]+)$", re.I)
+  client_url_regexp = re.compile("/client/([-A-Z0-9_/]+)$", re.I)
 
   def client_handler(self, query, path, cb):
     """
diff --git a/rpkid/publication-schema.rnc b/rpkid/publication-schema.rnc
index 6cbcf7d0..2b92e239 100644
--- a/rpkid/publication-schema.rnc
+++ b/rpkid/publication-schema.rnc
@@ -31,8 +31,10 @@ base64 = xsd:base64Binary { maxLength="512000" }
 uri_t = xsd:anyURI { maxLength="4096" }
 uri = attribute uri { uri_t }
 
-# Handles on remote objects (replaces passing raw SQL IDs)
-object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]*" }
+# Handles on remote objects (replaces passing raw SQL IDs).  NB:
+# Unlike the up-down protocol, handles in this protocol allow "/" as a
+# hierarchy delimiter.
+object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" }
 
 # <config/> element (use restricted to repository operator)
 # config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details
diff --git a/rpkid/publication-schema.rng b/rpkid/publication-schema.rng
index 5bc8a275..f1e87e2f 100644
--- a/rpkid/publication-schema.rng
+++ b/rpkid/publication-schema.rng
@@ -84,11 +84,15 @@
       <ref name="uri_t"/>
     </attribute>
   </define>
-  <!-- Handles on remote objects (replaces passing raw SQL IDs) -->
+  <!--
+    Handles on remote objects (replaces passing raw SQL IDs).  NB:
+    Unlike the up-down protocol, handles in this protocol allow "/" as a
+    hierarchy delimiter.
+  -->
   <define name="object_handle">
     <data type="string">
       <param name="maxLength">255</param>
-      <param name="pattern">[\-_A-Za-z0-9]*</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
     </data>
   </define>
   <!--
diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py
index 83fa739a..099c3da1 100644
--- a/rpkid/rpki/relaxng.py
+++ b/rpkid/rpki/relaxng.py
@@ -1231,11 +1231,15 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" en
       <ref name="uri_t"/>
     </attribute>
   </define>
-  <!-- Handles on remote objects (replaces passing raw SQL IDs) -->
+  <!--
+    Handles on remote objects (replaces passing raw SQL IDs).  NB:
+    Unlike the up-down protocol, handles in this protocol allow "/" as a
+    hierarchy delimiter.
+  -->
   <define name="object_handle">
     <data type="string">
       <param name="maxLength">255</param>
-      <param name="pattern">[\-_A-Za-z0-9]*</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
     </data>
   </define>
   <!--
diff --git a/rpkid/testbed.py b/rpkid/testbed.py
index c61fb4de..b76e9499 100644
--- a/rpkid/testbed.py
+++ b/rpkid/testbed.py
@@ -387,6 +387,10 @@ class allocation_db(list):
         a.crl_interval = a.parent.crl_interval
       if a.regen_margin is None:
         a.regen_margin = a.parent.regen_margin
+      i = 0
+      for j in xrange(4):
+        i = a.sia_base.index("/", i) + 1
+      a.client_handle = a.sia_base[i:].rstrip("/")
     self.root.closure()
     self.map = dict((a.name, a) for a in self)
     self.engines = [a for a in self if a.is_engine()]
@@ -871,7 +875,7 @@ class allocation(object):
 
       pubd_pdus.append(rpki.publication.client_elt.make_pdu(
         action = "create",
-        client_handle = s.name,
+        client_handle = s.client_handle,
         base_uri = s.sia_base,
         bpki_cert = s.cross_certify(pubd_name + "-TA", reverse = True)))
 
@@ -884,7 +888,7 @@ class allocation(object):
         repository_handle = "r",
         bpki_cms_cert = repository_cert,
         bpki_https_cert = repository_cert,
-        peer_contact_uri = "https://localhost:%d/client/%s" % (pubd_port, s.name)))
+        peer_contact_uri = "https://localhost:%d/client/%s" % (pubd_port, s.client_handle)))
 
       for k in s.kids:
         rpkid_pdus.append(rpki.left_right.child_elt.make_pdu(
author	Rob Austein <sra@hactrn.net>	2009-08-31 22:24:48 +0000
committer	Rob Austein <sra@hactrn.net>	2009-08-31 22:24:48 +0000
commit	1b65eb039f50792d7479cbfbd196f29ff89c7c4d (patch)
tree	c17808904c99f3783e4feefc39448584d2c596da
parent	f6be347c09042f59b8042083f5009cb98496fbb7 (diff)