diff options
| author | Rob Austein <sra@hactrn.net> | 2010-02-20 07:37:45 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-02-20 07:37:45 +0000 |
| commit | 58a7ec6bbd8e2d2938c980d3d91943183146ee83 (patch) | |
| tree | 51631ecb7d77ee3e3a0cb6a35b9853f40e6d359c | |
| parent | 3f23e4bd922de85eff79542a5b95cae0b29bf840 (diff) | |
Checkpoint
svn path=/myrpki.rototill/initialize.py; revision=2989
| -rw-r--r-- | myrpki.rototill/initialize.py | 3 | ||||
| -rw-r--r-- | myrpki.rototill/myirbe.py | 4 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.py | 18 | ||||
| -rw-r--r-- | myrpki.rototill/setup_child.py | 22 |
4 files changed, 29 insertions, 18 deletions
diff --git a/myrpki.rototill/initialize.py b/myrpki.rototill/initialize.py index 04ef4c8e..15959ca5 100644 --- a/myrpki.rototill/initialize.py +++ b/myrpki.rototill/initialize.py @@ -58,6 +58,9 @@ for o, a in opts: elif o in ("-h", "--help", "-?"): print __doc__ sys.exit(0) +if argv: + print __doc__ + sys.exit(1) cfg = rpki.config.parser(cfg_file, "myrpki") diff --git a/myrpki.rototill/myirbe.py b/myrpki.rototill/myirbe.py index e3cfd645..1ea20b43 100644 --- a/myrpki.rototill/myirbe.py +++ b/myrpki.rototill/myirbe.py @@ -303,8 +303,8 @@ for xmlfile in xmlfiles: print "Nothing else I can do without a trust anchor for the entity I'm hosting." continue - rpkid_xcert = rpki.x509.X509(PEM_file = bpki.fxcert(handle + ".cacert.cer", - hosted_cacert.get_PEM(), + rpkid_xcert = rpki.x509.X509(PEM_file = bpki.fxcert(pem = hosted_cacert.get_PEM(), + filename = handle + ".cacert.cer", path_restriction = 1)) # See what rpkid and pubd already have on file for this entity. diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index 5466ef8d..9509e85e 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -516,16 +516,20 @@ class CA(object): self.run_ca("-extensions", "ca_x509_ext_ee", "-in", req_file, "-out", cer_file) return req_file, cer_file - - def fxcert(self, filename, cert, path_restriction = 0): + + def fxcert(self, pem, filename = None, path_restriction = 0): """ Write PEM certificate to file, then cross-certify. """ - fn = os.path.join(self.dir, filename) - f = open(fn, "w") - f.write(cert) - f.close() - return self.xcert(fn, path_restriction) + fn = os.path.join(self.dir, filename or "temp.%s.cer" % os.getpid()) + try: + f = open(fn, "w") + f.write(pem) + f.close() + return self.xcert(fn, path_restriction) + finally: + if not filename and os.path.exists(fn): + os.unlink(fn) def xcert(self, cert, path_restriction = 0): """ diff --git a/myrpki.rototill/setup_child.py b/myrpki.rototill/setup_child.py index 272ef127..d2164919 100644 --- a/myrpki.rototill/setup_child.py +++ b/myrpki.rototill/setup_child.py @@ -65,17 +65,21 @@ myrpki.openssl = cfg.get("openssl", "openssl") bpki_myrpki = myrpki.CA(cfg_file, cfg.get("myrpki_bpki_directory")) bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory")) -raise NotImplemented +for xml_file in argv: -# ++ Cross certify child's cert + child_handle = os.splitext(os.path.basename(xml_file))[0] -# ++ Write parent.xml tailored for this child + raise NotImplemented -e = Element("parent", xmlns = myrpki.namespace, version = "1", - handle = handle, - service_uri = "https://%s:%s/up-down/%s/%s" % (cfg.get("rpkid_server_host"), cfg.get("rpkid_server_port"), handle, child_handle)) + # ++ Cross certify child's cert -myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer) -myrpki.PEMElement(e, "bpki_server_ca", bpki_myirbe.cer) + # ++ Write parent.xml tailored for this child -myrpki.etree_write(e, "parent.xml") + e = Element("parent", xmlns = myrpki.namespace, version = "1", + handle = child_handle, + service_uri = "https://%s:%s/up-down/%s/%s" % (cfg.get("rpkid_server_host"), cfg.get("rpkid_server_port"), handle, child_handle)) + + myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer) + myrpki.PEMElement(e, "bpki_server_ca", bpki_myirbe.cer) + + myrpki.etree_write(e, "parent.xml") |