Start splitting BPKI initialization into separate ServerCA and

ResourceHolderCA chunks, so that we can call the former during package
installation while leaving the latter for the operator.  Not complete
yet because I haven't yet sorted out what to do with rootd.  See #466.

svn path=/trunk/; revision=5206

1 files changed, 30 insertions, 7 deletions

diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index b9d44c57..ff05ae2d 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -269,16 +269,13 @@ class Zookeeper(object):
 
 
   @django.db.transaction.commit_on_success
-  def initialize(self):
+  def initialize_server_bpki(self):
     """
-    Initialize an RPKI installation.  Reads the configuration file,
-    creates the BPKI and EntityDB directories, generates the initial
-    BPKI certificates, and creates an XML file describing the
-    resource-holding aspect of this RPKI installation.
+    Initialize server BPKI portion of an RPKI installation.  Reads the
+    configuration file and generates the initial BPKI server
+    certificates needed to start daemons.
     """
 
-    resource_ca, created = rpki.irdb.ResourceHolderCA.objects.get_or_certify(handle = self.handle)
-
     if self.run_rpkid or self.run_pubd:
       server_ca, created = rpki.irdb.ServerCA.objects.get_or_certify()
       rpki.irdb.ServerEE.objects.get_or_certify(issuer = server_ca, purpose = "irbe")
@@ -290,9 +287,35 @@ class Zookeeper(object):
     if self.run_pubd:
       rpki.irdb.ServerEE.objects.get_or_certify(issuer = server_ca, purpose = "pubd")
 
+
+  @django.db.transaction.commit_on_success
+  def initialize_resource_bpki(self):
+    """
+    Initialize the resource-holding BPKI for an RPKI installation.
+    Returns XML describing the resource holder.
+
+    This method is present primarily for backwards compatibility with
+    the old combined initialize() method which initialized both the
+    server BPKI and the default resource-holding BPKI in a single
+    method call.  In the long run we want to replace this with
+    something that takes a handle as argument and creates the
+    resource-holding BPKI idenity if needed.
+    """
+
+    resource_ca, created = rpki.irdb.ResourceHolderCA.objects.get_or_certify(handle = self.handle)
     return self.generate_identity()
 
 
+  def initialize(self):
+    """
+    Backwards compatibility wrapper: calls initialize_server_bpki()
+    and initialize_resource_bpki(), returns latter's result.
+    """
+
+    self.initialize_server_bpki()
+    return self.initialize_resource_bpki()
+
+
   def generate_identity(self):
     """
     Generate identity XML.  Broken out of .initialize() because it's