3 files changed, 26 insertions, 23 deletions

diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py
index f9f057a4..087c5f47 100644
--- a/myrpki/myirbe.py
+++ b/myrpki/myirbe.py
@@ -33,7 +33,7 @@ time.tzset()
 
 rpki.log.init("myirbe")
 
-cfg_file = "myirbe.conf"
+cfg_file = "myrpki.conf"
 
 opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"])
 for o, a in opts:
@@ -47,12 +47,15 @@ if argv:
 
 cfg = rpki.config.parser(cfg_file, "myirbe")
 
+# This probably ought to come from the command line
 tree = lxml.etree.parse("myrpki.xml").getroot()
 rng.assertValid(tree)
 
-db = MySQLdb.connect(user   = cfg.get("sql-username"),
-                     db     = cfg.get("sql-database"),
-                     passwd = cfg.get("sql-password"))
+irdbd_cfg = rpki.config.parser(cfg.get("irdbd_conf"), "irdbd")
+
+db = MySQLdb.connect(user   = irdbd_cfg.get("sql-username"),
+                     db     = irdbd_cfg.get("sql-database"),
+                     passwd = irdbd_cfg.get("sql-password"))
 
 cur = db.cursor()
 
@@ -121,21 +124,21 @@ if hosted_cacert:
   if p.wait() != 0:
     raise RuntimeError, "Couldn't convert certificate to PEM format"
 
-bpki_rpkid = myrpki.CA(cfg_file, cfg.get("rpkid_ca_directory"), cfg.get("rpkid_ca_certificate"))
+bpki_rpkid = myrpki.CA(cfg_file, cfg.get("rpkid_ca_directory"))
 bpki_rpkid.setup("/CN=rpkid TA")
 for name in ("rpkid", "irdbd", "irbe_cli"):
   bpki_rpkid.ee("/CN=%s EE" % name, name)
 if hosted_cacert:
   bpki_rpkid.fxcert(my_handle + ".cacert.cer", hosted_cacert, restrict_pathlen = False)
 
-bpki_pubd  = myrpki.CA(cfg_file, cfg.get("pubd_ca_directory"),  cfg.get("pubd_ca_certificate"))
+bpki_pubd  = myrpki.CA(cfg_file, cfg.get("pubd_ca_directory"))
 bpki_pubd.setup("/CN=pubd TA")
 for name in ("pubd", "irbe_cli"):
   bpki_pubd.ee("/CN=%s EE" % name, name)
 if hosted_cacert:
   bpki_pubd.fxcert(my_handle + ".cacert.cer", hosted_cacert)
 
-bpki_rootd = myrpki.CA(cfg_file, cfg.get("rootd_ca_directory"), cfg.get("rootd_ca_certificate"))
+bpki_rootd = myrpki.CA(cfg_file, cfg.get("rootd_ca_directory"))
 bpki_rootd.setup("/CN=rootd TA")
 bpki_rootd.ee("/CN=rootd EE", "rootd")
 
diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf
index 51c5d931..132ebfd3 100644
--- a/myrpki/myrpki.conf
+++ b/myrpki/myrpki.conf
@@ -12,9 +12,7 @@ parents_csv		= parents.csv
 prefix_csv		= prefixes.csv
 asn_csv			= asns.csv
 xml_filename		= myrpki.xml
-
-bpki_ca_directory	= bpki
-bpki_ca_certificate	= bpki/ca.cer
+bpki_directory		= bpki.myrpki
 
 [constants]
 digest			= sha256
@@ -22,6 +20,12 @@ key_length		= 2048
 cert_days		= 365
 crl_days		= 365
 
+[myirbe]
+irdbd_conf		= irdbd.conf
+rpkid_ca_directory	= bpki.rpkid
+pubd_ca_directory	= bpki.pubd
+rootd_ca_directory	= bpki.rootd
+
 [req]
 default_bits		= ${constants::key_length}
 default_md		= ${constants::digest}
@@ -48,10 +52,10 @@ authorityKeyIdentifier	= keyid:always
 
 [ca]
 default_ca		= ca
-certificate		= ${myrpki::bpki_ca_certificate}
-dir			= ${myrpki::bpki_ca_directory}
+dir			= ${ENV::BPKI_DIRECTORY}
 new_certs_dir		= $dir
 database		= $dir/index
+certificate		= $dir/ca.cer
 private_key		= $dir/ca.key
 default_days		= ${constants::cert_days}
 default_crl_days	= ${constants::crl_days}
diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py
index 74c2f4b3..dbe445fd 100644
--- a/myrpki/myrpki.py
+++ b/myrpki/myrpki.py
@@ -199,12 +199,10 @@ def PEMElement(e, tag, filename):
 
 class CA(object):
 
-  debug = True
-
-  def __init__(self, cfg, dir, cer):
+  def __init__(self, cfg, dir):
     self.cfg    = cfg
     self.dir    = dir
-    self.cer    = cer
+    self.cer    = dir + "/ca.cer"
     self.key    = dir + "/ca.key"
     self.req    = dir + "/ca.req"
     self.crl    = dir + "/ca.crl"
@@ -212,13 +210,12 @@ class CA(object):
     self.serial = dir + "/serial"
     self.crlnum = dir + "/crl_number"
 
-    self.env = { "PATH" : os.environ["PATH"], "BPKI_DIRECTORY" : dir }
+    self.env = { "PATH" : os.environ["PATH"],
+                 "BPKI_DIRECTORY" : dir,
+                 "RANDFILE" : ".OpenSSL.whines.unless.I.set.this" }
 
   def run_ca(self, *args):
     cmd = ("openssl", "ca", "-notext", "-verbose", "-batch", "-config",  self.cfg) + args
-    if self.debug:
-      print "cmd: %r" % (cmd,)
-      print "env: %r" % (self.env,)
     subprocess.check_call(cmd, env = self.env)
 
   def run_req(self, key_file, req_file):
@@ -348,8 +345,7 @@ def main():
   parents_csv_file     = cfg.get(myrpki_section, "parents_csv")
   prefix_csv_file      = cfg.get(myrpki_section, "prefix_csv")
   asn_csv_file         = cfg.get(myrpki_section, "asn_csv")
-  bpki_dir             = cfg.get(myrpki_section, "bpki_ca_directory")
-  bpki_cacert          = cfg.get(myrpki_section, "bpki_ca_certificate")
+  bpki_dir             = cfg.get(myrpki_section, "bpki_directory")
   xml_filename         = cfg.get(myrpki_section, "xml_filename")
 
   bsc_req = None
@@ -359,7 +355,7 @@ def main():
     if r:
       bsc_req = base64.b64decode(r)
 
-  bpki = CA(cfg_file, bpki_dir, bpki_cacert)
+  bpki = CA(cfg_file, bpki_dir)
   bpki.setup("/CN=%s TA" % my_handle)
 
   e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle)