4 files changed, 32 insertions, 27 deletions

diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py
index a5225a65..8e5b6f6f 100644
--- a/myrpki/myrpki.py
+++ b/myrpki/myrpki.py
@@ -142,7 +142,7 @@ def PEMElement(e, tag, filename):
   e = SubElement(e, tag)
   e.text = "".join(p.strip() for p in open(filename).readlines()[1:-1])
 
-def bpki_ca(e, bpki_ca_key_file, bpki_ca_cert_file, cfg_file):
+def bpki_ca(e, bpki_ca_key_file, bpki_ca_cert_file, bpki_crl_file, bpki_index_file, cfg_file):
 
   if not os.path.exists(bpki_ca_key_file):
     subprocess.check_call(("openssl", "genrsa",
@@ -156,7 +156,17 @@ def bpki_ca(e, bpki_ca_key_file, bpki_ca_cert_file, cfg_file):
                            "-key", bpki_ca_key_file,
                            "-out", bpki_ca_cert_file))
 
+  if not os.path.exists(bpki_crl_file):
+
+    if not os.path.exists(bpki_index_file):
+      open(bpki_index_file, "w").close()
+
+    subprocess.check_call(("openssl", "ca", "-batch", "-verbose", "-gencrl",
+                           "-out", bpki_crl_file,
+                           "-config", cfg_file))
+
   PEMElement(e, "bpki_ca_certificate", bpki_ca_cert_file)
+  PEMElement(e, "bpki_crl", bpki_crl_file)
 
 def bpki_ee(e, bpki_ee_req_file, bpki_ee_cert_file, bpki_ca_cert_file, bpki_ca_key_file):
 
@@ -171,20 +181,7 @@ def bpki_ee(e, bpki_ee_req_file, bpki_ee_cert_file, bpki_ca_cert_file, bpki_ca_k
                              "-CAcreateserial"))
 
     PEMElement(e, "bpki_ee_certificate", bpki_ee_cert_file)
-
-def bpki_crl(e, bpki_crl_file, bpki_index_file, cfg_file):
-
-  if not os.path.exists(bpki_crl_file):
-
-    if not os.path.exists(bpki_index_file):
-      open(bpki_index_file, "w").close()
-
-    subprocess.check_call(("openssl", "ca", "-batch", "-verbose", "-gencrl",
-                           "-out", bpki_crl_file,
-                           "-config", cfg_file))
-
-  PEMElement(e, "bpki_crl", bpki_crl_file)
-  
+ 
 def extract_resources():
   pass
 
@@ -229,16 +226,14 @@ def main():
   bpki_ca(e,
           bpki_ca_key_file  = bpki_ca_key_file,
           bpki_ca_cert_file = bpki_ca_cert_file,
+          bpki_crl_file    = bpki_crl_file,
+          bpki_index_file  = bpki_index_file,
           cfg_file          = cfg_file)
   bpki_ee(e,
           bpki_ee_req_file  = bpki_ee_req_file,
           bpki_ee_cert_file = bpki_ee_cert_file,
           bpki_ca_cert_file = bpki_ca_cert_file,
           bpki_ca_key_file  = bpki_ca_key_file)
-  bpki_crl(e,
-           bpki_crl_file    = bpki_crl_file,
-           bpki_index_file  = bpki_index_file,
-           cfg_file         = cfg_file)
 
   ElementTree(e).write(output_filename + ".tmp")
   os.rename(output_filename + ".tmp", output_filename)
diff --git a/myrpki/myrpki.rnc b/myrpki/myrpki.rnc
index 88e60ef7..cf19e676 100644
--- a/myrpki/myrpki.rnc
+++ b/myrpki/myrpki.rnc
@@ -20,8 +20,8 @@ start = element myrpki {
   roa_request*,
   child*,
   bpki_ca_certificate?,
-  bpki_ee_certificate?,
-  bpki_crl?
+  bpki_crl?,
+  bpki_ee_certificate?
 }
 
 roa_request = element roa_request {
diff --git a/myrpki/myrpki.rng b/myrpki/myrpki.rng
index af34c2b2..fa03c8a3 100644
--- a/myrpki/myrpki.rng
+++ b/myrpki/myrpki.rng
@@ -62,10 +62,10 @@
         <ref name="bpki_ca_certificate"/>
       </optional>
       <optional>
-        <ref name="bpki_ee_certificate"/>
+        <ref name="bpki_crl"/>
       </optional>
       <optional>
-        <ref name="bpki_crl"/>
+        <ref name="bpki_ee_certificate"/>
       </optional>
     </element>
   </start>
diff --git a/myrpki/xml-parse-test.py b/myrpki/xml-parse-test.py
index 862289ef..27c2c0cf 100755
--- a/myrpki/xml-parse-test.py
+++ b/myrpki/xml-parse-test.py
@@ -1,6 +1,6 @@
 # $Id$
 
-import lxml.etree, rpki.resource_set
+import lxml.etree, rpki.resource_set, base64, subprocess
 
 rng = lxml.etree.RelaxNG(lxml.etree.parse("myrpki.rng"))
 
@@ -30,6 +30,7 @@ for x in tree.getiterator(tag("child")):
   print "  IPv4:  ", rpki.resource_set.resource_set_ipv4(x.get("v4"))
   print "  Valid: ", x.get("valid_until")
   showitems(x)
+print
 
 print "ROA requests:"
 for x in tree.getiterator(tag("roa_request")):
@@ -38,15 +39,24 @@ for x in tree.getiterator(tag("roa_request")):
   print "  IPv4:", rpki.resource_set.roa_prefix_set_ipv4(x.get("v4"))
   print "  IPv6:", rpki.resource_set.roa_prefix_set_ipv6(x.get("v6"))
   showitems(x)
+print
+
+def showpem(label, b64, kind):
+  cmd = ("openssl", kind, "-noout", "-text", "-inform", "DER")
+  p = subprocess.Popen(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE)
+  text = p.communicate(input = base64.b64decode(b64))[0]
+  if p.returncode != 0:
+    raise subprocess.CalledProcessError(returncode = p.returncode, cmd = cmd)
+  print label, text
 
 ca = tree.findtext(tag("bpki_ca_certificate"))
 if ca:
-  print "CA certificate:", ca
+  showpem("CA", ca, "x509")
 
 ee = tree.findtext(tag("bpki_ee_certificate"))
 if ee:
-  print "EE certificate:", ee
+  showpem("EE", ee, "x509")
 
 crl = tree.findtext(tag("bpki_crl"))
 if crl:
-  print "CRL:", crl
+  showpem("CA", crl, "crl")