diff options
| -rw-r--r-- | myrpki.rototill/setup.py | 57 |
1 files changed, 30 insertions, 27 deletions
diff --git a/myrpki.rototill/setup.py b/myrpki.rototill/setup.py index 8d1bfd9b..afe87231 100644 --- a/myrpki.rototill/setup.py +++ b/myrpki.rototill/setup.py @@ -62,9 +62,9 @@ class main(rpki.cli.Cmd): if self.run_rootd and (not self.run_pubd or not self.run_rpkid): raise RuntimeError, "Can't run rootd unless also running rpkid and pubd" - self.bpki_myrpki = myrpki.CA(self.cfg_file, self.cfg.get("bpki_resources_directory")) + self.bpki_resources = myrpki.CA(self.cfg_file, self.cfg.get("bpki_resources_directory")) if self.run_rpkid or self.run_pubd or self.run_rootd: - self.bpki_myirbe = myrpki.CA(self.cfg_file, self.cfg.get("bpki_servers_directory")) + self.bpki_servers = myrpki.CA(self.cfg_file, self.cfg.get("bpki_servers_directory")) rpki.cli.Cmd.__init__(self, argv) @@ -79,11 +79,11 @@ class main(rpki.cli.Cmd): if arg: raise RuntimeError, "This command takes no arguments" - self.bpki_myrpki.setup(self.cfg.get("bpki_myrpki_ta_dn", - "/CN=%s BPKI Resource Trust Anchor" % self.handle)) + self.bpki_resources.setup(self.cfg.get("bpki_resources_ta_dn", + "/CN=%s BPKI Resource Trust Anchor" % self.handle)) if self.run_rpkid or self.run_pubd or self.run_rootd: - self.bpki_myirbe.setup(self.cfg.get("bpki_myirbe_ta_dn", - "/CN=%s BPKI Server Trust Anchor" % self.handle)) + self.bpki_servers.setup(self.cfg.get("bpki_servers_ta_dn", + "/CN=%s BPKI Server Trust Anchor" % self.handle)) # Create directories for parents, children, and repositories. # Directory names should become configurable (later). @@ -95,28 +95,28 @@ class main(rpki.cli.Cmd): if self.run_rpkid or self.run_pubd or self.run_rootd: if self.run_rpkid: - self.bpki_myirbe.ee(self.cfg.get("bpki_rpkid_ee_dn", - "/CN=%s rpkid server certificate" % self.handle), "rpkid") - self.bpki_myirbe.ee(self.cfg.get("bpki_irdbd_ee_dn", - "/CN=%s irdbd server certificate" % self.handle), "irdbd") + self.bpki_servers.ee(self.cfg.get("bpki_rpkid_ee_dn", + "/CN=%s rpkid server certificate" % self.handle), "rpkid") + self.bpki_servers.ee(self.cfg.get("bpki_irdbd_ee_dn", + "/CN=%s irdbd server certificate" % self.handle), "irdbd") if self.run_pubd: - self.bpki_myirbe.ee(self.cfg.get("bpki_pubd_ee_dn", - "/CN=%s pubd server certificate" % self.handle), "pubd") + self.bpki_servers.ee(self.cfg.get("bpki_pubd_ee_dn", + "/CN=%s pubd server certificate" % self.handle), "pubd") if self.run_rpkid or self.run_pubd: - self.bpki_myirbe.ee(self.cfg.get("bpki_irbe_ee_dn", - "/CN=%s irbe client certificate" % self.handle), "irbe") + self.bpki_servers.ee(self.cfg.get("bpki_irbe_ee_dn", + "/CN=%s irbe client certificate" % self.handle), "irbe") if self.run_rootd: - self.bpki_myirbe.ee(self.cfg.get("bpki_rootd_ee_dn", - "/CN=%s rootd server certificate" % self.handle), "rootd") + self.bpki_servers.ee(self.cfg.get("bpki_rootd_ee_dn", + "/CN=%s rootd server certificate" % self.handle), "rootd") # Build the me.xml file. Need to check for existing file so we don't # overwrite? Worry about that later. e = Element("me", handle = self.handle) - myrpki.PEMElement(e, "bpki_ca_certificate", self.bpki_myrpki.cer) + myrpki.PEMElement(e, "bpki_ca_certificate", self.bpki_resources.cer) myrpki.etree_write(e, "%s.xml" % self.handle) # If we're running pubd, construct repository entry for it. @@ -125,7 +125,6 @@ class main(rpki.cli.Cmd): r = Element("repository", type = "offer", service_url = "https://%s:%s/" % (self.cfg.get("pubd_server_host"), self.cfg.get("pubd_server_port"))) - myrpki.etree_write(r, "repositories/%s.xml" % self.handle) # If we're running rootd, construct a fake parent to go with it, # and cross-certify in both directions so we can talk to rootd. @@ -136,17 +135,21 @@ class main(rpki.cli.Cmd): parent_handle = "rootd", child_handle = self.handle, service_url = "https://localhost:%s/" % self.cfg.get("rootd_server_port")) - myrpki.PEMElement(e, "bpki_resource_ca", self.bpki_myirbe.cer) - myrpki.PEMElement(e, "bpki_server_ca", self.bpki_myirbe.cer) + myrpki.PEMElement(e, "bpki_resource_ca", self.bpki_servers.cer) + myrpki.PEMElement(e, "bpki_server_ca", self.bpki_servers.cer) e.append(r) myrpki.etree_write(e, "parents/rootd.xml") - self.bpki_myrpki.xcert(self.bpki_myirbe.cer) + self.bpki_resources.xcert(self.bpki_servers.cer) rootd_child_fn = self.cfg.get("child-bpki-cert", None, "rootd") if not os.path.exists(rootd_child_fn): - os.link(self.bpki_myirbe.xcert(self.bpki_myrpki.cer), rootd_child_fn) + os.link(self.bpki_servers.xcert(self.bpki_resources.cer), rootd_child_fn) + + if self.run_pubd: + myrpki.PEMElement(r, "bpki_server_ca", self.bpki_servers.cer) + myrpki.etree_write(r, "repositories/%s.xml" % self.handle) def do_receive_from_child(self, arg): @@ -172,15 +175,15 @@ class main(rpki.cli.Cmd): print "Child calls itself %r, we call it %r" % (c.get("handle"), child_handle) - self.bpki_myirbe.fxcert(c.findtext("bpki_ca_certificate")) + self.bpki_servers.fxcert(c.findtext("bpki_ca_certificate")) e = Element("parent", parent_handle = self.handle, child_handle = child_handle, service_url = "https://%s:%s/up-down/%s/%s" % (self.cfg.get("rpkid_server_host"), self.cfg.get("rpkid_server_port"), self.handle, child_handle)) - myrpki.PEMElement(e, "bpki_resource_ca", self.bpki_myrpki.cer) - myrpki.PEMElement(e, "bpki_server_ca", self.bpki_myirbe.cer) + myrpki.PEMElement(e, "bpki_resource_ca", self.bpki_resources.cer) + myrpki.PEMElement(e, "bpki_server_ca", self.bpki_servers.cer) if self.run_pubd: SubElement(e, "repository", type = "offer", @@ -220,8 +223,8 @@ class main(rpki.cli.Cmd): print "Parent calls us %r" % p.get("child_handle") print "We call repository %r" % repository_handle - self.bpki_myrpki.fxcert(p.findtext("bpki_resource_ca")) - b = self.bpki_myrpki.fxcert(p.findtext("bpki_server_ca")) + self.bpki_resources.fxcert(p.findtext("bpki_resource_ca")) + b = self.bpki_resources.fxcert(p.findtext("bpki_server_ca")) myrpki.etree_write(p, "parents/%s.xml" % parent_handle) |