7 files changed, 35 insertions, 8 deletions

diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py
index a1ac1e5d..683e9c1b 100644
--- a/myrpki/myirbe.py
+++ b/myrpki/myirbe.py
@@ -288,9 +288,9 @@ for xmlfile in xmlfiles:
   # See what rpkid and pubd already have on file for this entity.
 
   if want_pubd:
-    pubd_reply = call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),))
-
-    client_pdus = dict((x.client_handle, x) for x in pubd_reply if isinstance(x, rpki.publication.client_elt))
+    client_pdus = dict((x.client_handle, x)
+                       for x in call_pubd((rpki.publication.client_elt.make_pdu(action = "list"),))
+                       if isinstance(x, rpki.publication.client_elt))
 
   rpkid_reply = call_rpkid((
     rpki.left_right.self_elt.make_pdu(      action = "get",  tag = "self",       self_handle = handle),
@@ -367,7 +367,7 @@ for xmlfile in xmlfiles:
   if repository_cert:
 
     repository_pdu = repository_pdus.pop(repository_handle, None)
-    repository_uri = pubd_base + "client/" + handle
+    repository_uri = pubd_base + "client/" + tree.get("repository_handle")
 
     if (repository_pdu is None or
         repository_pdu.bsc_handle != bsc_handle or
diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf
index 5b37034a..d71a8365 100644
--- a/myrpki/myrpki.conf
+++ b/myrpki/myrpki.conf
@@ -15,6 +15,7 @@ asn_csv				= asns.csv
 xml_filename			= myrpki.xml
 bpki_directory			= bpki.myrpki
 repository_bpki_certificate	= bpki.pubd/ca.cer
+repository_handle		= wombat
 
 [constants]
 digest				= sha256
diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py
index 7ab6aa8c..fe4b460b 100644
--- a/myrpki/myrpki.py
+++ b/myrpki/myrpki.py
@@ -548,6 +548,7 @@ def main(argv = ()):
   bpki_dir                      = cfg.get(myrpki_section, "bpki_directory")
   xml_filename                  = cfg.get(myrpki_section, "xml_filename")
   repository_bpki_certificate   = cfg.get(myrpki_section, "repository_bpki_certificate")
+  repository_handle             = cfg.get(myrpki_section, "repository_handle")
 
   bpki = CA(cfg_file, bpki_dir)
   bpki.setup("/CN=%s TA" % my_handle)
@@ -558,7 +559,7 @@ def main(argv = ()):
   else:
     bsc_req, bsc_cer = None, None
 
-  e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle)
+  e = Element("myrpki", xmlns = namespace, version = "1", handle = my_handle, repository_handle = repository_handle)
 
   roa_requests.from_csv(roa_csv_file).xml(e)
 
diff --git a/myrpki/schema.py b/myrpki/schema.py
index 726f2a97..33752636 100644
--- a/myrpki/schema.py
+++ b/myrpki/schema.py
@@ -20,6 +20,12 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encodin
       <param name="pattern">[\-_A-Za-z0-9]*</param>
     </data>
   </define>
+  <define name="pubd_handle">
+    <data type="string">
+      <param name="maxLength">255</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
+    </data>
+  </define>
   <define name="uri">
     <data type="anyURI">
       <param name="maxLength">4096</param>
@@ -53,6 +59,9 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encodin
       <attribute name="handle">
         <ref name="object_handle"/>
       </attribute>
+      <attribute name="repository_handle">
+        <ref name="pubd_handle"/>
+      </attribute>
       <zeroOrMore>
         <ref name="roa_request_elt"/>
       </zeroOrMore>
diff --git a/myrpki/schema.rnc b/myrpki/schema.rnc
index 57a8ebab..8ec48195 100644
--- a/myrpki/schema.rnc
+++ b/myrpki/schema.rnc
@@ -9,6 +9,7 @@ default namespace = "http://www.hactrn.net/uris/rpki/myrpki/"
 
 base64		= xsd:base64Binary { maxLength="512000" }
 object_handle	= xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]*" }
+pubd_handle     = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" }
 uri		= xsd:anyURI { maxLength="4096" }
 asn_list	= xsd:string { maxLength="512000" pattern="[\-,0-9]*" }
 ipv4_list	= xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" }
@@ -17,6 +18,7 @@ ipv6_list	= xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" }
 start = element myrpki {
   attribute version { xsd:positiveInteger { maxInclusive="1" } },
   attribute handle { object_handle },
+  attribute repository_handle { pubd_handle },
   roa_request_elt*,
   child_elt*,
   parent_elt*,
diff --git a/myrpki/schema.rng b/myrpki/schema.rng
index 80817b5b..5e380784 100644
--- a/myrpki/schema.rng
+++ b/myrpki/schema.rng
@@ -19,6 +19,12 @@
       <param name="pattern">[\-_A-Za-z0-9]*</param>
     </data>
   </define>
+  <define name="pubd_handle">
+    <data type="string">
+      <param name="maxLength">255</param>
+      <param name="pattern">[\-_A-Za-z0-9/]*</param>
+    </data>
+  </define>
   <define name="uri">
     <data type="anyURI">
       <param name="maxLength">4096</param>
@@ -52,6 +58,9 @@
       <attribute name="handle">
         <ref name="object_handle"/>
       </attribute>
+      <attribute name="repository_handle">
+        <ref name="pubd_handle"/>
+      </attribute>
       <zeroOrMore>
         <ref name="roa_request_elt"/>
       </zeroOrMore>
diff --git a/myrpki/yamltest.py b/myrpki/yamltest.py
index 2454e2cd..469238ef 100644
--- a/myrpki/yamltest.py
+++ b/myrpki/yamltest.py
@@ -76,8 +76,6 @@ prog_rootd  = cleanpath(rpkid_dir, "rootd.py")
 
 prog_openssl = cleanpath(this_dir, "../openssl/openssl/apps/openssl")
 
-only_one_pubd = True
-
 class roa_request(object):
   """
   Representation of a ROA request.
@@ -135,6 +133,10 @@ class allocation_db(list):
         a.crl_interval = a.parent.crl_interval
       if a.regen_margin is None:
         a.regen_margin = a.parent.regen_margin
+      i = 0
+      for j in xrange(3):
+        i = a.sia_base.index("/", i) + 1
+      a.client_handle = a.sia_base[i:].rstrip("/")
     self.root.closure()
     self.map = dict((a.name, a) for a in self)
     for a in self:
@@ -367,7 +369,7 @@ class allocation(object):
     """
     if self.runs_pubd():
       f = self.csvout(fn)
-      f.writerows((s.name, s.path("bpki.myrpki/ca.cer"), s.sia_base)
+      f.writerows((s.client_handle, s.path("bpki.myrpki/ca.cer"), s.sia_base)
                   for s in (db if only_one_pubd else [self] + self.kids))
 
   def dump_conf(self, fn):
@@ -409,6 +411,7 @@ class allocation(object):
     r["myirbe", "pubd_base"]  = "https://localhost:%d/" % s.pubd_port
     r["myirbe", "rsync_base"] = "rsync://localhost:%d/" % s.rsync_port
     r["myrpki", "repository_bpki_certificate"] = s.path("bpki.myirbe/ca.cer")
+    r["myrpki", "repository_handle"] = self.client_handle
 
     if self.is_root():
       r["rootd", "server-port"] = "%d" % self.rootd_port
@@ -554,10 +557,12 @@ try:
   rpkid_password = cfg.get("rpkid_db_pass")
   irdbd_password = cfg.get("irdbd_db_pass")
   pubd_password  = cfg.get("pubd_db_pass")
+  only_one_pubd  = cfg.getboolean("only_one_pubd", True)
 except:
   rpkid_password = None
   irdbd_password = None
   pubd_password  = None
+  only_one_pubd  = True
 
 # Start clean