diff options
| author | Rob Austein <sra@hactrn.net> | 2010-02-22 21:31:52 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-02-22 21:31:52 +0000 |
| commit | d4cdbf054556b5771e11e0a8b2fe27f7b2d4bd2f (patch) | |
| tree | b3a5aada81e95b2bfefb939c8cceb1b1ff36e973 | |
| parent | 556a7c3cd9f014c449bb90bff89a5ab9088fa791 (diff) | |
Checkpoint
svn path=/myrpki.rototill/setup_child.py; revision=2992
| -rw-r--r-- | myrpki.rototill/setup_child.py | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/myrpki.rototill/setup_child.py b/myrpki.rototill/setup_child.py index 166f1b53..f1a34823 100644 --- a/myrpki.rototill/setup_child.py +++ b/myrpki.rototill/setup_child.py @@ -46,17 +46,24 @@ time.tzset() cfg_file = "myrpki.conf" -opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"]) +child_handle = None + +opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help", "--child_handle="]) for o, a in opts: - if o in ("-c", "--config"): + if o == "--child_handle": + child_handle = a + elif o in ("-c", "--config"): cfg_file = a elif o in ("-h", "--help", "-?"): print __doc__ sys.exit(0) +if len(argv) != 1 or not os.path.exists(argv[0]): + raise RuntimeError, "Need to specify filename for child.xml on command line" + cfg = rpki.config.parser(cfg_file, "myrpki") -handle = cfg.get("handle") +my_handle = cfg.get("handle") run_rpkid = cfg.getboolean("run_rpkid") run_pubd = cfg.getboolean("run_pubd") @@ -65,36 +72,28 @@ myrpki.openssl = cfg.get("openssl", "openssl") bpki_myrpki = myrpki.CA(cfg_file, cfg.get("myrpki_bpki_directory")) bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory")) -for xml_file in argv: +e = ElementTree(file = argv[0]).getroot() + +if child_handle is None: + child_handle = e["handle"] - # Deduce what we call this child from the filename. This is a - # kludge, but I don't know how to do better (yet). - # - # Hmm. Maybe we should make this script responsible for filing the - # new blob in the children/ directory, in which case we could make - # the default be to honor the handle specified in the XML, with a - # command line option to override. This would probably require us - # to change this script to process only one child at a time, but - # that's no great loss. - # - # Blunder ahead for now, but that's probably the way to go. - # - child_handle = os.splitext(os.path.basename(xml_file))[0] +print "Child calls itself %r, we call it %r" % (e["handle"], child_handle) - e = ElementTree(file = xml_file).getroot() - print "Child calls itself %r, we call it %r" % (e["handle"], child_handle) +# Cross certify child's cert - # ++ Cross certify child's cert +myrpki.fxcert(pem = e.findtext(myrpki.tag("bpki_ca_certificate")), path_restriction = 1) - myrpki.fxcert(pem = e.findtext(myrpki.tag("bpki_ca_certificate")), path_restriction = 1) +# Build result - e = Element("parent", xmlns = myrpki.namespace, version = "1", - parent_handle = handle, child_handle = child_handle, - service_uri = "https://%s:%s/up-down/%s/%s" % (cfg.get("rpkid_server_host"), cfg.get("rpkid_server_port"), handle, child_handle)) +e = Element("parent", xmlns = myrpki.namespace, version = "1", + parent_handle = handle, child_handle = child_handle, + service_uri = "https://%s:%s/up-down/%s/%s" % (cfg.get("rpkid_server_host"), + cfg.get("rpkid_server_port"), + handle, child_handle)) - myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer) - myrpki.PEMElement(e, "bpki_server_ca", bpki_myirbe.cer) +myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer) +myrpki.PEMElement(e, "bpki_server_ca", bpki_myirbe.cer) - # Need to add repository offer/hint. +# Need to add repository offer/hint. - myrpki.etree_write(e, "parent.xml") +myrpki.etree_write(e, "children/%s.xml" % child_handle) |