diff options
| author | Rob Austein <sra@hactrn.net> | 2009-05-16 23:20:31 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-05-16 23:20:31 +0000 |
| commit | 9cf1645a35acd49b7e9e395dda9d50a0c66add48 (patch) | |
| tree | bead58d465bbd5063b99ed586f0772dd3a0ae4e3 /rpkid/testbed.py | |
| parent | c23189835fccc191f51ce7c1d1b26b2f47e118e0 (diff) | |
Checkpoint
svn path=/rpkid/testbed.py; revision=2435
Diffstat (limited to 'rpkid/testbed.py')
| -rw-r--r-- | rpkid/testbed.py | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/rpkid/testbed.py b/rpkid/testbed.py index 75ed97b5..a27e7495 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -133,6 +133,7 @@ prog_pubd = cfg.get("prog_pubd", "../pubd.py") prog_openssl = cfg.get("prog_openssl", "../../openssl/openssl/apps/openssl") prog_rsyncd = cfg.get("prog_rsyncd", "rsync") prog_rcynic = cfg.get("prog_rcynic", "../../rcynic/rcynic") +prog_xcert = cfg.get("prog_xcert", "../cross_certify.py") rcynic_stats = cfg.get("rcynic_stats", "xsltproc --param refresh 0 ../../rcynic/rcynic.xsl %s.xml | w3m -T text/html -dump" % rcynic_name) @@ -246,8 +247,7 @@ def main(): # This is probably where we should be updating expired BPKI # objects, particular CRLs - # Run cron in all RPKI instances - + rpki.log.info("Running cron for all RPKI engines") rpki.async.iterator(db.engines, run_cron, run_yaml) def run_cron(iterator, a): @@ -770,20 +770,25 @@ class allocation(object): certifier = self.name + "-SELF" certfile = certifier + "-" + certificant + ".cer" rpki.log.info("Cross certifying %s into %s's BPKI (%s)" % (certificant, certifier, certfile)) - signer = subprocess.Popen((prog_openssl, "x509", "-req", "-sha256", "-text", - "-extensions", "req_x509_ext", "-CAcreateserial", - "-in", certificant + ".req", - "-out", certfile, - "-extfile", certifier + ".conf", - "-CA", certifier + ".cer", - "-CAkey", certifier + ".key"), - stdout = subprocess.PIPE, - stderr = subprocess.PIPE) - errors = signer.communicate()[1] - if signer.returncode != 0: - msg = "Couldn't cross-certify %s into %s's BPKI: %s" % (certificant, certifier, errors) - rpki.log.error(msg) - raise RuntimeError, msg + cmd = (prog_python, prog_xcert, + "-c", certifier + ".cer", + "-k", certifier + ".key", + "-s", certifier + ".srl", + "-i", certificant + ".cer", + "-o", certfile) + + if False: + signer = subprocess.Popen(cmd, + stdout = subprocess.PIPE, + stderr = subprocess.PIPE) + errors = signer.communicate()[1] + if signer.returncode != 0: + msg = "Couldn't cross-certify %s into %s's BPKI: %s" % (certificant, certifier, errors) + rpki.log.error(msg) + raise RuntimeError, msg + else: + subprocess.check_call(cmd) + return rpki.x509.X509(Auto_file = certfile) def create_rpki_objects(self, cb): @@ -1105,6 +1110,7 @@ def call_pubd(pdu, cb): url = "https://localhost:%d/control" % pubd_port def call_pubd_cb(val): + rpki.log.debug("call_pubd_cb(%r)" % (val,)) if isinstance(val, Exception): raise val msg, xml = rpki.publication.cms_msg.unwrap(val, (pubd_ta, pubd_pubd_cert), |