1 files changed, 33 insertions, 0 deletions

diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py
index b1ecdcd0..fd25b5ba 100644
--- a/rpkid/rpki/gctx.py
+++ b/rpkid/rpki/gctx.py
@@ -23,6 +23,9 @@ import traceback, os, time, getopt, sys, MySQLdb, lxml.etree
 import rpki.resource_set, rpki.up_down, rpki.left_right, rpki.x509, rpki.sql
 import rpki.https, rpki.config, rpki.cms, rpki.exceptions, rpki.relaxng, rpki.log
 
+# This should be wrapped somewhere in rpki.x509 eventually
+import POW
+
 class global_context(object):
   """A container for various global parameters."""
 
@@ -159,3 +162,33 @@ class global_context(object):
       s.regenerate_crls_and_manifests()
     self.sql_sweep()
     return 200, "OK"
+
+  def build_x509store(self):
+    """Build a dynamic x509store object.  This is horribly
+    inefficient, so will require some kind of caching scheme
+    eventually, but the task at hand is just to confirm that this
+    method will work at all.
+    """
+
+    store = POW.X509Store()
+
+    def add_anchors(x, y = None):
+      if x is not None:
+        rpki.log.debug("HTTPS dynamic trust anchor %s" % x.getSubject())
+        store.addTrust(x.get_POW())
+      if y is not None and y != x:
+        rpki.log.debug("HTTPS dynamic trust anchor %s" % y.getSubject())
+        store.addTrust(y.get_POW())
+
+    for parent in rpki.left_right.parent_elt.sql_fetch_all(self):
+      add_anchors(parent.cms_ta, parent.https_ta)
+
+    for child in rpki.left_right.child_elt.sql_fetch_all(self):
+      add_anchors(child.cms_ta)
+
+    for repository in rpki.left_right.repository_elt.sql_fetch_all(self):
+      add_anchors(repository.cms_ta, repository.https_ta)
+
+    add_anchors(self.https_ta_irbe[0])
+    
+    return store