diff options
| author | Rob Austein <sra@hactrn.net> | 2009-07-03 21:41:33 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-07-03 21:41:33 +0000 |
| commit | a31481781ded262d01f1dfacc9d4d7b5938eaa5c (patch) | |
| tree | bb352cb4ba8aeec60b691f76be2728bf90e363d1 | |
| parent | 47154b52fa004fe88d3be3b2eb04b07bc316998d (diff) | |
Cleanup. Get rid of separate myirbe.conf. Silence OpenSSL whining
about inability to save random state.
svn path=/myrpki/myirbe.py; revision=2565
| -rw-r--r-- | myrpki/myirbe.py | 17 | ||||
| -rw-r--r-- | myrpki/myrpki.conf | 14 | ||||
| -rw-r--r-- | myrpki/myrpki.py | 18 |
3 files changed, 26 insertions, 23 deletions
diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py index f9f057a4..087c5f47 100644 --- a/myrpki/myirbe.py +++ b/myrpki/myirbe.py @@ -33,7 +33,7 @@ time.tzset() rpki.log.init("myirbe") -cfg_file = "myirbe.conf" +cfg_file = "myrpki.conf" opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"]) for o, a in opts: @@ -47,12 +47,15 @@ if argv: cfg = rpki.config.parser(cfg_file, "myirbe") +# This probably ought to come from the command line tree = lxml.etree.parse("myrpki.xml").getroot() rng.assertValid(tree) -db = MySQLdb.connect(user = cfg.get("sql-username"), - db = cfg.get("sql-database"), - passwd = cfg.get("sql-password")) +irdbd_cfg = rpki.config.parser(cfg.get("irdbd_conf"), "irdbd") + +db = MySQLdb.connect(user = irdbd_cfg.get("sql-username"), + db = irdbd_cfg.get("sql-database"), + passwd = irdbd_cfg.get("sql-password")) cur = db.cursor() @@ -121,21 +124,21 @@ if hosted_cacert: if p.wait() != 0: raise RuntimeError, "Couldn't convert certificate to PEM format" -bpki_rpkid = myrpki.CA(cfg_file, cfg.get("rpkid_ca_directory"), cfg.get("rpkid_ca_certificate")) +bpki_rpkid = myrpki.CA(cfg_file, cfg.get("rpkid_ca_directory")) bpki_rpkid.setup("/CN=rpkid TA") for name in ("rpkid", "irdbd", "irbe_cli"): bpki_rpkid.ee("/CN=%s EE" % name, name) if hosted_cacert: bpki_rpkid.fxcert(my_handle + ".cacert.cer", hosted_cacert, restrict_pathlen = False) -bpki_pubd = myrpki.CA(cfg_file, cfg.get("pubd_ca_directory"), cfg.get("pubd_ca_certificate")) +bpki_pubd = myrpki.CA(cfg_file, cfg.get("pubd_ca_directory")) bpki_pubd.setup("/CN=pubd TA") for name in ("pubd", "irbe_cli"): bpki_pubd.ee("/CN=%s EE" % name, name) if hosted_cacert: bpki_pubd.fxcert(my_handle + ".cacert.cer", hosted_cacert) -bpki_rootd = myrpki.CA(cfg_file, cfg.get("rootd_ca_directory"), cfg.get("rootd_ca_certificate")) +bpki_rootd = myrpki.CA(cfg_file, cfg.get("rootd_ca_directory")) bpki_rootd.setup("/CN=rootd TA") bpki_rootd.ee("/CN=rootd EE", "rootd") diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf index 51c5d931..132ebfd3 100644 --- a/myrpki/myrpki.conf +++ b/myrpki/myrpki.conf @@ -12,9 +12,7 @@ parents_csv = parents.csv prefix_csv = prefixes.csv asn_csv = asns.csv xml_filename = myrpki.xml - -bpki_ca_directory = bpki -bpki_ca_certificate = bpki/ca.cer +bpki_directory = bpki.myrpki [constants] digest = sha256 @@ -22,6 +20,12 @@ key_length = 2048 cert_days = 365 crl_days = 365 +[myirbe] +irdbd_conf = irdbd.conf +rpkid_ca_directory = bpki.rpkid +pubd_ca_directory = bpki.pubd +rootd_ca_directory = bpki.rootd + [req] default_bits = ${constants::key_length} default_md = ${constants::digest} @@ -48,10 +52,10 @@ authorityKeyIdentifier = keyid:always [ca] default_ca = ca -certificate = ${myrpki::bpki_ca_certificate} -dir = ${myrpki::bpki_ca_directory} +dir = ${ENV::BPKI_DIRECTORY} new_certs_dir = $dir database = $dir/index +certificate = $dir/ca.cer private_key = $dir/ca.key default_days = ${constants::cert_days} default_crl_days = ${constants::crl_days} diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py index 74c2f4b3..dbe445fd 100644 --- a/myrpki/myrpki.py +++ b/myrpki/myrpki.py @@ -199,12 +199,10 @@ def PEMElement(e, tag, filename): class CA(object): - debug = True - - def __init__(self, cfg, dir, cer): + def __init__(self, cfg, dir): self.cfg = cfg self.dir = dir - self.cer = cer + self.cer = dir + "/ca.cer" self.key = dir + "/ca.key" self.req = dir + "/ca.req" self.crl = dir + "/ca.crl" @@ -212,13 +210,12 @@ class CA(object): self.serial = dir + "/serial" self.crlnum = dir + "/crl_number" - self.env = { "PATH" : os.environ["PATH"], "BPKI_DIRECTORY" : dir } + self.env = { "PATH" : os.environ["PATH"], + "BPKI_DIRECTORY" : dir, + "RANDFILE" : ".OpenSSL.whines.unless.I.set.this" } def run_ca(self, *args): cmd = ("openssl", "ca", "-notext", "-verbose", "-batch", "-config", self.cfg) + args - if self.debug: - print "cmd: %r" % (cmd,) - print "env: %r" % (self.env,) subprocess.check_call(cmd, env = self.env) def run_req(self, key_file, req_file): @@ -348,8 +345,7 @@ def main(): parents_csv_file = cfg.get(myrpki_section, "parents_csv") prefix_csv_file = cfg.get(myrpki_section, "prefix_csv") asn_csv_file = cfg.get(myrpki_section, "asn_csv") - bpki_dir = cfg.get(myrpki_section, "bpki_ca_directory") - bpki_cacert = cfg.get(myrpki_section, "bpki_ca_certificate") + bpki_dir = cfg.get(myrpki_section, "bpki_directory") xml_filename = cfg.get(myrpki_section, "xml_filename") bsc_req = None @@ -359,7 +355,7 @@ def main(): if r: bsc_req = base64.b64decode(r) - bpki = CA(cfg_file, bpki_dir, bpki_cacert) + bpki = CA(cfg_file, bpki_dir) bpki.setup("/CN=%s TA" % my_handle) e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle) |