2 files changed, 33 insertions, 23 deletions

diff --git a/myrpki.rototill/myrpki.py b/myrpki.rototill/myrpki.py
index 85edd75e..37f01c8d 100644
--- a/myrpki.rototill/myrpki.py
+++ b/myrpki.rototill/myrpki.py
@@ -1136,16 +1136,24 @@ class main(rpki.cli.Cmd):
     asn_csv_file                  = self.cfg.get("asn_csv")
 
     # This probably should become an argument instead of (or in
-    # addition to a default from?) config file.
+    # addition to a default from?) a config file option.
     xml_filename                  = self.cfg.get("xml_filename")
 
     try:
-      bsc_req, bsc_cer = self.bpki_resources.bsc(etree_read(xml_filename).findtext("bpki_bsc_pkcs10"))
+      e = etree_read(xml_filename)
+      bsc_req, bsc_cer = self.bpki_resources.bsc(e.findtext("bpki_bsc_pkcs10"))
+      service_uri = e.get("service_uri")
+      server_ta = e.findtext("bpki_server_ta")
     except IOError:
       bsc_req, bsc_cer = None, None
+      service_uri = None
+      server_ta = None
 
     e = Element("myrpki", handle = self.handle)
 
+    if service_uri:
+      e.set("service_uri", service_uri)
+
     roa_requests.from_csv(roa_csv_file).xml(e)
 
     children.from_csv(
@@ -1166,6 +1174,9 @@ class main(rpki.cli.Cmd):
     if bsc_req:
       PEMElement(e, "bpki_bsc_pkcs10", bsc_req)
 
+    if server_ta:
+      SubElement(e, "bpki_server_ta").text = server_ta
+
     etree_write(e, xml_filename)
 
 
diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py
index 0871498c..879c5baa 100644
--- a/myrpki.rototill/yamltest.py
+++ b/myrpki.rototill/yamltest.py
@@ -148,19 +148,6 @@ class allocation_db(list):
     for a in self:
       a.dump()
 
-  def make_rootd_openssl(self):
-    """
-    Factory for a function to run the OpenSSL comand line tool on the
-    root node of our allocation database.  Could easily be generalized
-    if there were a need, but as it happens we only ever need to do
-    this for the root node.
-    """
-    env = { "PATH"           : os.environ["PATH"],
-            "BPKI_DIRECTORY" : self.root.path("bpki/servers"),
-            "OPENSSL_CONF"   : "/dev/null",
-            "RANDFILE"       : ".OpenSSL.whines.unless.I.set.this" }
-    cwd = self.root.path()
-    return lambda *args: subprocess.check_call((prog_openssl,) + args, cwd = cwd, env = env)
 
 class allocation(object):
   """
@@ -534,6 +521,18 @@ class allocation(object):
     print "Running rsyncd for %s: pid %d process %r" % (self.name, p.pid, p)
     return p
 
+  def run_openssl(self, *args, **kwargs):
+    """
+    Run OpenSSL
+    """
+    env = { "PATH"           : os.environ["PATH"],
+            "BPKI_DIRECTORY" : self.path("bpki/servers"),
+            "OPENSSL_CONF"   : "/dev/null",
+            "RANDFILE"       : ".OpenSSL.whines.unless.I.set.this" }
+    env.update(kwargs)
+    subprocess.check_call((prog_openssl,) + args, cwd = self.path(), env = env)
+
+
 os.environ["TZ"] = "UTC"
 time.tzset()
 
@@ -652,15 +651,15 @@ for d in db:
 
 # Create RPKI root certificate.
 
-rootd_openssl = db.make_rootd_openssl()
-
 print "Creating rootd RPKI root certificate"
-rootd_openssl("x509", "-req", "-sha256", "-outform", "DER",
-              "-signkey", "bpki/servers/ca.key",
-              "-in",      "bpki/servers/ca.req",
-              "-out",     "publication/root.cer",
-              "-extfile", "myrpki.conf",
-              "-extensions", "rootd_x509_extensions")
+
+# Should use req -subj here to set subject name.  Later.
+db.root.run_openssl("x509", "-req", "-sha256", "-outform", "DER",
+                    "-signkey", "bpki/servers/ca.key",
+                    "-in",      "bpki/servers/ca.req",
+                    "-out",     "publication/root.cer",
+                    "-extfile", "myrpki.conf",
+                    "-extensions", "rootd_x509_extensions")
 
 # At this point we need to start a whole lotta daemons.