PKCS #10 generation

svn path=/pow/POW-0.7/lib/pkix.py; revision=1096

3 files changed, 26 insertions, 3 deletions

diff --git a/pow/POW-0.7/lib/pkix.py b/pow/POW-0.7/lib/pkix.py
index 41e50473..6262ed60 100755
--- a/pow/POW-0.7/lib/pkix.py
+++ b/pow/POW-0.7/lib/pkix.py
@@ -1228,6 +1228,14 @@ class CertificationRequest(Sequence):
       contents = [ self.certificationRequestInfo, self.signatureAlgorithm, self.signatureValue ] 
       Sequence.__init__(self, contents, optional, default)
 
+   def sign(self, rsa, digestType):
+      driver = getCryptoDriver()
+      oid = driver.getOID(digestType)
+      self.certificationRequestInfo.subjectPublicKeyInfo.fromString(driver.toPublicDER(rsa))
+      signedText = driver.sign(rsa, oid, self.certificationRequestInfo.toString())
+      self.signatureAlgorithm.set([oid, None])
+      self.signatureValue.set(signedText)
+
    def verify(self):
       driver = getCryptoDriver()
       oid = self.signatureAlgorithm.get()[0]
@@ -1250,6 +1258,9 @@ class CertificationRequest(Sequence):
             return x
       return None
 
+   def setExtensions(self, exts):
+      self.certificationRequestInfo.attributes.val.choices["set"][0].set(exts)
+
 #---------- PKCS10 ----------#
 #---------- GeneralNames object support ----------#
 class OtherName(Sequence):
@@ -2045,5 +2056,3 @@ class Extension(Sequence):
             return (oid, critical, ())
 
       return (oid, critical, value)
-
-
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py
index f831abb1..1fd28d5f 100644
--- a/scripts/rpki/up_down.py
+++ b/scripts/rpki/up_down.py
@@ -302,7 +302,7 @@ class issue_pdu(base_elt):
       ca_detail = rpki.sql.ca_detail_obj.create(gctx, ca)
     self = cls()
     self.class_name = ca.parent_resource_class
-    self.pkcs10 = rpki.x509.PKCS10(ca_detail.private_key_id, sia)
+    self.pkcs10 = rpki.x509.PKCS10.create(ca_detail.private_key_id, sia)
     return parent.query_up_down(gctx, self)
 
 class issue_response_pdu(class_response_syntax):
diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 4aaeb695..6a030490 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -417,6 +417,20 @@ class PKCS10(DER_object):
     # understand what the spec is telling me to do in this case.
     assert "subjectInfoAccess" in req_exts, "Can't (yet) handle PKCS #10 without an SIA extension"
 
+  @classmethod
+  def create(cls, keypair, sia):
+    """Create a new request for a given keypair, including given SIA value."""
+    req = POW.pkix.CertificationRequest()
+    req.version.set(0)
+    exts = [ ("basicConstraints",  True,  (1, None)),
+             ("keyUsage",          True,  (0, 0, 0, 0, 0, 1, 1)),
+             ("subjectInfoAccess", False, sia) ]
+    for x in exts:
+      x[0] = POW.pkix.obj2oid(x[0])
+    req.setExtension(exts)
+    req.sign(keypair)
+    return cls(POWpkix = req)
+
 class RSA_Keypair(DER_object):
   """Class to hold an RSA key pair."""