diff options
| author | Rob Austein <sra@hactrn.net> | 2010-03-10 06:55:02 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-03-10 06:55:02 +0000 |
| commit | 45f43a79e647537498001f78666a20f3a07b90ab (patch) | |
| tree | c1466a284082cd30f45d3c69eea434e6e8c2f7ef | |
| parent | 257857abba98bcfcaf684404d833e6a307b1f892 (diff) | |
(Re)Add support for rpkid hosting. Not yet tested, as new setup
procedure requires that hosted parent have talked to its host before
talking to its children, which will require changes to test harness.
svn path=/myrpki.rototill/examples/myrpki.conf; revision=3062
| -rw-r--r-- | myrpki.rototill/examples/myrpki.conf | 2 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.py | 53 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.rnc | 4 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.rng | 10 |
4 files changed, 36 insertions, 33 deletions
diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf index dd00ca3c..d091cde2 100644 --- a/myrpki.rototill/examples/myrpki.conf +++ b/myrpki.rototill/examples/myrpki.conf @@ -30,8 +30,6 @@ handle = Me # a good reason. roa_csv = roas.csv -children_csv = children.csv -parents_csv = parents.csv prefix_csv = prefixes.csv asn_csv = asns.csv xml_filename = myrpki.xml diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index d9c15848..85edd75e 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -309,7 +309,7 @@ class children(dict): c.xml(e) @classmethod - def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file, fxcert, entitydb): + def from_csv(cls, prefix_csv_file, asn_csv_file, fxcert, entitydb): """ Parse child resources, certificates, and validity dates from CSV files. """ @@ -932,22 +932,29 @@ class main(rpki.cli.Cmd): if len(argv) != 1: raise RuntimeError, "Need to specify filename for child.xml" - if not self.run_rpkid: - raise RuntimeError, "Don't (yet) know how to set up child unless we run rpkid" - c = etree_read(argv[0]) if child_handle is None: child_handle = c.get("handle") + if self.run_rpkid: + service_uri = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), + self.cfg.get("rpkid_server_port"), + self.handle, child_handle) + else: + try: + e = etree_read(self.cfg.get("xml_filename")) + service_uri = "%s/%s" % (e.get("service_uri"), child_handle) + except IOError: + print "Sorry, you can't set up children in a hosted config that itself has not yet been set up" + return + print "Child calls itself %r, we call it %r" % (c.get("handle"), child_handle) self.bpki_servers.fxcert(c.findtext("bpki_ta")) e = Element("parent", parent_handle = self.handle, child_handle = child_handle, - service_uri = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), - self.cfg.get("rpkid_server_port"), - self.handle, child_handle), + service_uri = service_uri, valid_until = str(rpki.sundial.now() + rpki.sundial.timedelta(days = 365))) PEMElement(e, "bpki_resource_ta", self.bpki_resources.cer) @@ -1125,7 +1132,6 @@ class main(rpki.cli.Cmd): """ roa_csv_file = self.cfg.get("roa_csv") - children_csv_file = self.cfg.get("children_csv") prefix_csv_file = self.cfg.get("prefix_csv") asn_csv_file = self.cfg.get("asn_csv") @@ -1143,7 +1149,6 @@ class main(rpki.cli.Cmd): roa_requests.from_csv(roa_csv_file).xml(e) children.from_csv( - children_csv_file = children_csv_file, prefix_csv_file = prefix_csv_file, asn_csv_file = asn_csv_file, fxcert = self.bpki_resources.fxcert, @@ -1206,10 +1211,6 @@ class main(rpki.cli.Cmd): pubd_base = "https://%s:%s/" % (self.cfg.get("pubd_server_host"), self.cfg.get("pubd_server_port")) rpkid_base = "https://%s:%s/" % (self.cfg.get("rpkid_server_host"), self.cfg.get("rpkid_server_port")) - # Nasty regexp for parsing rpkid's up-down service URLs. - - updown_regexp = re.compile(re.escape(rpkid_base) + "up-down/([-A-Z0-9_]+)/([-A-Z0-9_]+)$", re.I) - # Wrappers to simplify calling rpkid and pubd. call_rpkid = rpki.async.sync_wrapper(rpki.https.caller( @@ -1552,25 +1553,17 @@ class main(rpki.cli.Cmd): # Rewrite XML. e = tree.find("bpki_bsc_pkcs10") - if e is None and bsc_req is not None: - e = SubElement(tree, "bpki_bsc_pkcs10") - elif bsc_req is None: + if e is not None: tree.remove(e) - if bsc_req is not None: - assert e is not None - s = bsc_req.get_Base64() - s = "\n".join(s[64*i : 64*(i+1)] for i in xrange(1 + len(s)/64)).strip() - e.text = "\n" + s + "\n" - - # Something weird going on here with lxml linked against recent - # versions of libxml2. Looks like modifying the tree above somehow - # produces validation errors, but it works fine if we convert it to - # a string and parse it again. I'm not seeing any problems with any - # of the other code that uses lxml to do validation, just this one - # place. Weird. Kludge around it for now. - # - #tree = lxml.etree.fromstring(lxml.etree.tostring(tree)) + SubElement(tree, "bpki_bsc_pkcs10").text = bsc_req.get_Base64() + + tree.set("service_uri", rpkid_base + "up-down/" + self.handle) + + e = tree.find("bpki_server_ta") + if e is not None: + tree.remove(e) + PEMElement(tree, "bpki_server_ta", self.bpki_resources.cer) etree_write(tree, xmlfile, validate = True) diff --git a/myrpki.rototill/myrpki.rnc b/myrpki.rototill/myrpki.rnc index feb3cf0f..e2e18b33 100644 --- a/myrpki.rototill/myrpki.rnc +++ b/myrpki.rototill/myrpki.rnc @@ -25,6 +25,7 @@ start |= repository_pdu myrpki_pdu = element myrpki { attribute version { version }, attribute handle { object_handle }, + attribute service_uri { uri }?, element roa_request { attribute asn { xsd:positiveInteger }, attribute v4 { ipv4_list }, @@ -54,7 +55,8 @@ myrpki_pdu = element myrpki { element bpki_ca_certificate { base64 }?, element bpki_crl { base64 }?, element bpki_bsc_certificate { base64 }?, - element bpki_bsc_pkcs10 { base64 }? + element bpki_bsc_pkcs10 { base64 }?, + element bpki_server_ta { base64 }? } identity_pdu = element identity { diff --git a/myrpki.rototill/myrpki.rng b/myrpki.rototill/myrpki.rng index 6c98132d..2c4e8901 100644 --- a/myrpki.rototill/myrpki.rng +++ b/myrpki.rototill/myrpki.rng @@ -71,6 +71,11 @@ <attribute name="handle"> <ref name="object_handle"/> </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> <zeroOrMore> <element name="roa_request"> <attribute name="asn"> @@ -185,6 +190,11 @@ <ref name="base64"/> </element> </optional> + <optional> + <element name="bpki_server_ta"> + <ref name="base64"/> + </element> + </optional> </element> </define> <define name="identity_pdu"> |