diff options
| -rw-r--r-- | myrpki.rototill/examples/myrpki.conf | 2 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.py | 53 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.rnc | 4 | ||||
| -rw-r--r-- | myrpki.rototill/myrpki.rng | 10 |
4 files changed, 36 insertions, 33 deletions
diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf index dd00ca3c..d091cde2 100644 --- a/myrpki.rototill/examples/myrpki.conf +++ b/myrpki.rototill/examples/myrpki.conf @@ -30,8 +30,6 @@ handle = Me # a good reason. roa_csv = roas.csv -children_csv = children.csv -parents_csv = parents.csv prefix_csv = prefixes.csv asn_csv = asns.csv xml_filename = myrpki.xml diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py index d9c15848..85edd75e 100644 --- a/myrpki.rototill/myrpki.py +++ b/myrpki.rototill/myrpki.py @@ -309,7 +309,7 @@ class children(dict): c.xml(e) @classmethod - def from_csv(cls, children_csv_file, prefix_csv_file, asn_csv_file, fxcert, entitydb): + def from_csv(cls, prefix_csv_file, asn_csv_file, fxcert, entitydb): """ Parse child resources, certificates, and validity dates from CSV files. """ @@ -932,22 +932,29 @@ class main(rpki.cli.Cmd): if len(argv) != 1: raise RuntimeError, "Need to specify filename for child.xml" - if not self.run_rpkid: - raise RuntimeError, "Don't (yet) know how to set up child unless we run rpkid" - c = etree_read(argv[0]) if child_handle is None: child_handle = c.get("handle") + if self.run_rpkid: + service_uri = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), + self.cfg.get("rpkid_server_port"), + self.handle, child_handle) + else: + try: + e = etree_read(self.cfg.get("xml_filename")) + service_uri = "%s/%s" % (e.get("service_uri"), child_handle) + except IOError: + print "Sorry, you can't set up children in a hosted config that itself has not yet been set up" + return + print "Child calls itself %r, we call it %r" % (c.get("handle"), child_handle) self.bpki_servers.fxcert(c.findtext("bpki_ta")) e = Element("parent", parent_handle = self.handle, child_handle = child_handle, - service_uri = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), - self.cfg.get("rpkid_server_port"), - self.handle, child_handle), + service_uri = service_uri, valid_until = str(rpki.sundial.now() + rpki.sundial.timedelta(days = 365))) PEMElement(e, "bpki_resource_ta", self.bpki_resources.cer) @@ -1125,7 +1132,6 @@ class main(rpki.cli.Cmd): """ roa_csv_file = self.cfg.get("roa_csv") - children_csv_file = self.cfg.get("children_csv") prefix_csv_file = self.cfg.get("prefix_csv") asn_csv_file = self.cfg.get("asn_csv") @@ -1143,7 +1149,6 @@ class main(rpki.cli.Cmd): roa_requests.from_csv(roa_csv_file).xml(e) children.from_csv( - children_csv_file = children_csv_file, prefix_csv_file = prefix_csv_file, asn_csv_file = asn_csv_file, fxcert = self.bpki_resources.fxcert, @@ -1206,10 +1211,6 @@ class main(rpki.cli.Cmd): pubd_base = "https://%s:%s/" % (self.cfg.get("pubd_server_host"), self.cfg.get("pubd_server_port")) rpkid_base = "https://%s:%s/" % (self.cfg.get("rpkid_server_host"), self.cfg.get("rpkid_server_port")) - # Nasty regexp for parsing rpkid's up-down service URLs. - - updown_regexp = re.compile(re.escape(rpkid_base) + "up-down/([-A-Z0-9_]+)/([-A-Z0-9_]+)$", re.I) - # Wrappers to simplify calling rpkid and pubd. call_rpkid = rpki.async.sync_wrapper(rpki.https.caller( @@ -1552,25 +1553,17 @@ class main(rpki.cli.Cmd): # Rewrite XML. e = tree.find("bpki_bsc_pkcs10") - if e is None and bsc_req is not None: - e = SubElement(tree, "bpki_bsc_pkcs10") - elif bsc_req is None: + if e is not None: tree.remove(e) - if bsc_req is not None: - assert e is not None - s = bsc_req.get_Base64() - s = "\n".join(s[64*i : 64*(i+1)] for i in xrange(1 + len(s)/64)).strip() - e.text = "\n" + s + "\n" - - # Something weird going on here with lxml linked against recent - # versions of libxml2. Looks like modifying the tree above somehow - # produces validation errors, but it works fine if we convert it to - # a string and parse it again. I'm not seeing any problems with any - # of the other code that uses lxml to do validation, just this one - # place. Weird. Kludge around it for now. - # - #tree = lxml.etree.fromstring(lxml.etree.tostring(tree)) + SubElement(tree, "bpki_bsc_pkcs10").text = bsc_req.get_Base64() + + tree.set("service_uri", rpkid_base + "up-down/" + self.handle) + + e = tree.find("bpki_server_ta") + if e is not None: + tree.remove(e) + PEMElement(tree, "bpki_server_ta", self.bpki_resources.cer) etree_write(tree, xmlfile, validate = True) diff --git a/myrpki.rototill/myrpki.rnc b/myrpki.rototill/myrpki.rnc index feb3cf0f..e2e18b33 100644 --- a/myrpki.rototill/myrpki.rnc +++ b/myrpki.rototill/myrpki.rnc @@ -25,6 +25,7 @@ start |= repository_pdu myrpki_pdu = element myrpki { attribute version { version }, attribute handle { object_handle }, + attribute service_uri { uri }?, element roa_request { attribute asn { xsd:positiveInteger }, attribute v4 { ipv4_list }, @@ -54,7 +55,8 @@ myrpki_pdu = element myrpki { element bpki_ca_certificate { base64 }?, element bpki_crl { base64 }?, element bpki_bsc_certificate { base64 }?, - element bpki_bsc_pkcs10 { base64 }? + element bpki_bsc_pkcs10 { base64 }?, + element bpki_server_ta { base64 }? } identity_pdu = element identity { diff --git a/myrpki.rototill/myrpki.rng b/myrpki.rototill/myrpki.rng index 6c98132d..2c4e8901 100644 --- a/myrpki.rototill/myrpki.rng +++ b/myrpki.rototill/myrpki.rng @@ -71,6 +71,11 @@ <attribute name="handle"> <ref name="object_handle"/> </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> <zeroOrMore> <element name="roa_request"> <attribute name="asn"> @@ -185,6 +190,11 @@ <ref name="base64"/> </element> </optional> + <optional> + <element name="bpki_server_ta"> + <ref name="base64"/> + </element> + </optional> </element> </define> <define name="identity_pdu"> |