7 files changed, 108 insertions, 27 deletions
diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf
index 5819ffaf..b54b8066 100644
--- a/myrpki.rototill/examples/myrpki.conf
+++ b/myrpki.rototill/examples/myrpki.conf
@@ -54,7 +54,7 @@ myrpki_bpki_directory		= bpki/myrpki
 # Whether you want to run your own copy of rpkid (and irdbd).  In
 # general, if you're running myirbe.py at all, you want this on.
 
-want_rpkid			= true
+run_rpkid			= true
 
 # DNS hostname and server port numbers for rpkid and irdbd, if you're
 # running them.  rpkid's server host has to be a publicly reachable
@@ -77,7 +77,7 @@ irdbd_server_port		= 4403
 # cause myirbe.py to fail when it attempts to perform runtime
 # configuration of your nonexistant pubd.
 
-want_pubd			= true
+run_pubd			= true
 
 # DNS hostname and server port number for pubd, if you're running it.
 # Hostname has to be a publicly reachable name to be useful, port can
@@ -91,7 +91,7 @@ pubd_server_port             	= 4402
 # very own copy of rootd.  Don't enable this unless you really know
 # what you're doing.  See [rootd] section below for further comments.
 
-want_rootd			= true
+run_rootd			= true
 
 # Server port number for rootd, if you're running it.  This can be any
 # legal TCP port number that you're not using for something else.
diff --git a/myrpki.rototill/initialize.py b/myrpki.rototill/initialize.py
index 9df16e2e..04ef4c8e 100644
--- a/myrpki.rototill/initialize.py
+++ b/myrpki.rototill/initialize.py
@@ -61,12 +61,12 @@ for o, a in opts:
 
 cfg = rpki.config.parser(cfg_file, "myrpki")
 
-handle     = cfg.get("handle")
-want_rpkid = cfg.getboolean("want_rpkid")
-want_pubd  = cfg.getboolean("want_pubd")
-want_rootd = cfg.getboolean("want_rootd")
+handle    = cfg.get("handle")
+run_rpkid = cfg.getboolean("run_rpkid")
+run_pubd  = cfg.getboolean("run_pubd")
+run_rootd = cfg.getboolean("run_rootd")
 
-if want_rootd and (not want_pubd or not want_rpkid):
+if run_rootd and (not run_pubd or not run_rpkid):
   raise RuntimeError, "Can't run rootd unless also running rpkid and pubd"
 
 myrpki.openssl = cfg.get("openssl", "openssl")
@@ -92,14 +92,14 @@ bpki_myrpki.setup(cfg.get("bpki_myrpki_ta_dn",
 # "myirbe" (server-operating) BPKI, its trust anchor, and EE certs for
 # each program we need to run.
 
-if want_rpkid or want_pubd or want_rootd:
+if run_rpkid or run_pubd or run_rootd:
 
   bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory"))
 
   bpki_myirbe.setup(cfg.get("bpki_myirbe_ta_dn",
                             "/CN=%s BPKI Server Trust Anchor" % handle))
 
-  if want_rpkid:
+  if run_rpkid:
     
     bpki_myirbe.ee(cfg.get("bpki_rpkid_ee_dn",
                            "/CN=%s rpkid server certificate" % handle), "rpkid")
@@ -109,18 +109,18 @@ if want_rpkid or want_pubd or want_rootd:
     bpki_myirbe.ee(cfg.get("bpki_irdbd_ee_dn",
                            "/CN=%s irdbd server certificate" % handle), "irdbd")
 
-  if want_pubd:
+  if run_pubd:
     bpki_myirbe.ee(cfg.get("bpki_pubd_ee_dn",
                            "/CN=%s pubd server certificate" % handle), "pubd")
 
-  if want_rpkid or want_pubd:
+  if run_rpkid or run_pubd:
     
     # Client cert for myirbe and irbe_cli
 
     bpki_myirbe.ee(cfg.get("bpki_irbe_ee_dn",
                            "/CN=%s irbe client certificate" % handle), "irbe")
 
-  if want_rootd:
+  if run_rootd:
 
     bpki_myirbe.ee(cfg.get("bpki_rootd_ee_dn",
                            "/CN=%s rootd server certificate" % handle), "rootd")
@@ -134,7 +134,7 @@ myrpki.etree_write(e, handle + ".xml")
 
 # If we're running rootd, construct a fake parent to go with it.
 
-if want_rootd:
+if run_rootd:
   e = Element("parent", xmlns = myrpki.namespace, version = "1",
               handle = handle,
               service_uri = "https://localhost:%d/" % cfg.getint("rootd_server_port"))
diff --git a/myrpki.rototill/myirbe.py b/myrpki.rototill/myirbe.py
index 3e489d36..e3cfd645 100644
--- a/myrpki.rototill/myirbe.py
+++ b/myrpki.rototill/myirbe.py
@@ -140,8 +140,8 @@ myrpki.openssl = cfg.get("openssl", "openssl", "myrpki")
 
 handle = cfg.get("handle", cfg.get("handle", "Amnesiac", "myrpki"))
 
-want_pubd = cfg.getboolean("want_pubd", False)
-want_rootd = cfg.getboolean("want_rootd", False)
+run_pubd  = cfg.getboolean("run_pubd",  False)
+run_rootd = cfg.getboolean("run_rootd", False)
 
 bpki_modified = False
 
@@ -150,9 +150,9 @@ bpki_modified |= bpki.setup(cfg.get("bpki_ta_dn",       "/CN=%s BPKI TA"  % hand
 bpki_modified |= bpki.ee(   cfg.get("bpki_rpkid_ee_dn", "/CN=%s rpkid EE" % handle), "rpkid")
 bpki_modified |= bpki.ee(   cfg.get("bpki_irdbd_ee_dn", "/CN=%s irdbd EE" % handle), "irdbd")
 bpki_modified |= bpki.ee(   cfg.get("bpki_irbe_ee_dn",  "/CN=%s irbe EE"  % handle), "irbe")
-if want_pubd:
+if run_pubd:
   bpki_modified |= bpki.ee( cfg.get("bpki_pubd_ee_dn",  "/CN=%s pubd EE"  % handle), "pubd")
-if want_rootd:
+if run_rootd:
   bpki_modified |= bpki.ee( cfg.get("bpki_rootd_ee_dn", "/CN=%s rootd EE" % handle), "rootd")
 
 if bpki_modified:
@@ -182,7 +182,7 @@ call_rpkid = rpki.async.sync_wrapper(caller(
   server_cert = rpki.x509.X509(PEM_file = bpki.dir + "/rpkid.cer"),
   url         = rpkid_base + "left-right"))
 
-if want_pubd:
+if run_pubd:
 
   call_pubd = rpki.async.sync_wrapper(caller(
     proto       = rpki.publication,
@@ -309,7 +309,7 @@ for xmlfile in xmlfiles:
 
   # See what rpkid and pubd already have on file for this entity.
 
-  if want_pubd:
+  if run_pubd:
     client_pdus = dict((x.client_handle, x)
                        for x in call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),))
                        if isinstance(x, rpki.publication.client_elt))
@@ -477,7 +477,7 @@ for xmlfile in xmlfiles:
   # Publication setup, used to be inferred (badly) from parent setup,
   # now handled explictly via yet another freaking .csv file.
 
-  if want_pubd:
+  if run_pubd:
 
     for client_handle, client_bpki_cert, client_base_uri in myrpki.csv_open(cfg.get("pubclients_csv", "pubclients.csv")):
 
@@ -510,7 +510,7 @@ for xmlfile in xmlfiles:
       assert not isinstance(r, rpki.left_right.report_error_elt)
 
   if pubd_query:
-    assert want_pubd
+    assert run_pubd
     pubd_reply = call_pubd(pubd_query)
     for r in pubd_reply:
       assert not isinstance(r, rpki.publication.report_error_elt)
diff --git a/myrpki.rototill/setup-sql.py b/myrpki.rototill/setup-sql.py
index 9d6772f8..eeddcff4 100644
--- a/myrpki.rototill/setup-sql.py
+++ b/myrpki.rototill/setup-sql.py
@@ -101,7 +101,7 @@ rootdb = MySQLdb.connect(db = "mysql", user = "root", passwd = getpass.getpass("
 sql_setup("irdbd")
 sql_setup("rpkid")
 
-if cfg.getboolean("want_pubd", False):
+if cfg.getboolean("run_pubd", False):
   sql_setup("pubd")
 
 rootdb.close()
diff --git a/myrpki.rototill/setup_child.py b/myrpki.rototill/setup_child.py
new file mode 100644
index 00000000..6ecbd4bb
--- /dev/null
+++ b/myrpki.rototill/setup_child.py
@@ -0,0 +1,81 @@
+"""
+Step 2: User sends me.xml to parent, who saves it in a file
+        children/foo.xml (where foo is the parent's name for this
+        child).  Parent also feeds this file and and parent's own
+        me.xml into another new script (call it"setup_child" for now,
+        since the parent uses it to set up its child).  This script
+        writes out a customized parent record (another XML blob)
+        tailored to this particular child (service url including
+        parent's and child's names, parent's rpkid server bpki cert,
+        etc -- most of the data that goes into a line in parents.csv
+        now).  This XML blob can (and usually does) also include
+        either an offer of publication service (if the parent runs
+        pubd and is willing to act as repository for this child) or a
+        hint pointing to some other repository (probably the one the
+        parent itself uses).  The distinction between offer and hint
+        here is that the parent can only offer a pubd server it runs;
+        for anything else it can only hint.  Parent sends this xml
+        result blob back to child, who stores at in a parents/
+        directory with a name corresponding to the current
+        parent_handle (ie, the filename is the child's name for the
+        parent, eg, arin.xml).
+
+$Id$
+
+Copyright (C) 2010  Internet Systems Consortium ("ISC")
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+"""
+
+import subprocess, csv, re, os, getopt, sys, base64, time, myrpki, rpki.config
+
+from xml.etree.ElementTree import Element, SubElement, ElementTree
+
+os.environ["TZ"] = "UTC"
+time.tzset()
+
+cfg_file = "myrpki.conf"
+
+opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"])
+for o, a in opts:
+  if o in ("-c", "--config"):
+    cfg_file = a
+  elif o in ("-h", "--help", "-?"):
+    print __doc__
+    sys.exit(0)
+
+cfg = rpki.config.parser(cfg_file, "myrpki")
+
+handle    = cfg.get("handle")
+run_rpkid = cfg.getboolean("run_rpkid")
+run_pubd  = cfg.getboolean("run_pubd")
+
+myrpki.openssl = cfg.get("openssl", "openssl")
+
+bpki_myrpki = myrpki.CA(cfg_file, cfg.get("myrpki_bpki_directory"))
+bpki_myirbe = myrpki.CA(cfg_file, cfg.get("myirbe_bpki_directory"))
+
+raise NotImplemented
+
+# ++ Cross certify child's cert
+
+# ++ Write parent.xml tailored for this child
+
+e = Element("parent", xmlns = myrpki.namespace, version = "1",
+            handle = handle,
+            service_uri = "https://localhost:%d/" % cfg.getint("rootd_server_port"))
+
+myrpki.PEMElement(e, "bpki_resource_ca", bpki_myrpki.cer)
+myrpki.PEMElement(e, "bpki_server_ca",   bpki_myirbe.cer)
+
+myrpki.etree_write(e, "parent.xml")
diff --git a/myrpki.rototill/start-servers.py b/myrpki.rototill/start-servers.py
index b551f79b..4de8f1a9 100644
--- a/myrpki.rototill/start-servers.py
+++ b/myrpki.rototill/start-servers.py
@@ -58,10 +58,10 @@ names = ["irdbd", "rpkid"]
 
 cfg = rpki.config.parser(cfg_file, "myrpki")
 
-if cfg.getboolean("want_pubd", False):
+if cfg.getboolean("run_pubd", False):
   names.append("pubd")
 
-if cfg.getboolean("want_rootd", False):
+if cfg.getboolean("run_rootd", False):
   names.append("rootd")
 
 for name in names:
diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py
index 8a36cf8a..d35b6cc3 100644
--- a/myrpki.rototill/yamltest.py
+++ b/myrpki.rototill/yamltest.py
@@ -392,8 +392,8 @@ class allocation(object):
       r["rpkid",  "irdb-url"]      = "https://localhost:%d/" % self.irdbd_port
       r["rpkid",  "server-port"]   = "%d" % self.rpkid_port
       r["rpkid",  "sql-database"]  = "rpki%d" % self.engine
-      r["myrpki", "want_pubd"]     = "true" if self.runs_pubd() else "false"
-      r["myrpki", "want_rootd"]    = "true" if self.is_root() else "false"
+      r["myrpki", "run_pubd"]      = "true" if self.runs_pubd() else "false"
+      r["myrpki", "run_rootd"]     = "true" if self.is_root() else "false"
       r["irbe_cli", "rpkid-url"]   = "https://localhost:%d/left-right" % self.rpkid_port
 
     if self.is_root():