diff options
| author | Rob Austein <sra@hactrn.net> | 2007-11-01 23:58:28 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-11-01 23:58:28 +0000 |
| commit | 73b48ecc296883031e67f6806044dece8a878709 (patch) | |
| tree | dccb38b9fabb335bb5e58b5df371b9c148e387aa | |
| parent | 4298f47f8bf028cd952c0e67d5c5f5d5da229ac6 (diff) | |
Checkpoint
svn path=/scripts/rpki/exceptions.py; revision=1229
| -rw-r--r-- | scripts/rpki/exceptions.py | 3 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 25 | ||||
| -rwxr-xr-x | scripts/testroot.py | 5 |
3 files changed, 28 insertions, 5 deletions
diff --git a/scripts/rpki/exceptions.py b/scripts/rpki/exceptions.py index 3c65f2b1..e3a9da25 100644 --- a/scripts/rpki/exceptions.py +++ b/scripts/rpki/exceptions.py @@ -40,3 +40,6 @@ class BadIssueResponse(Exception): class NotImplementedYet(Exception): """Internal error -- not implemented yet.""" + +class BadPKCS10(Exception): + """Bad PKCS #10 object.""" diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 16ca17e9..60a86017 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -15,6 +15,22 @@ some of the nasty details. This involves a lot of format conversion. import POW, tlslite.api, POW.pkix, base64, time import rpki.exceptions, rpki.resource_set, rpki.manifest, rpki.cms +# There should be -one- OID mapping table for this package, but I'm +# chasing a bug as I type this and don't want to sidetrack.... + +oid2name = { + (1, 2, 840, 113549, 1, 1, 11) : "sha256WithRSAEncryption", + (1, 2, 840, 113549, 1, 1, 12) : "sha384WithRSAEncryption", + (1, 2, 840, 113549, 1, 1, 13) : "sha512WithRSAEncryption", + (2, 5, 29, 19) : "basicConstraints", + (2, 5, 29, 15) : "keyUsage", + (1, 3, 6, 1, 5, 5, 7, 1, 11) : "subjectInfoAccess", + (1, 3, 6, 1, 5, 5, 7, 48, 2) : "caIssuers", + (1, 3, 6, 1, 5, 5, 7, 48, 5) : "caRepository", + (1, 3, 6, 1, 5, 5, 7, 48, 9) : "signedObjectRepository", + (1, 3, 6, 1, 5, 5, 7, 48, 10) : "rpkiManifest", +} + class PEM_converter(object): """Convert between DER and PEM encodings for various kinds of ASN.1 data.""" @@ -413,16 +429,15 @@ class PKCS10(DER_object): if not self.get_POWpkix().verify(): raise rpki.exceptions.BadPKCS10, "Signature check failed" - if self.get_POWpkix().certificationRequestInfo.version != 0: + if self.get_POWpkix().certificationRequestInfo.version.get() != 0: raise rpki.exceptions.BadPKCS10, \ "Bad version number %s" % self.get_POWpkix().certificationRequestInfo.version - if oid2name.get(self.get_POWpkix().signatureAlgorithm) not in ("sha256WithRSAEncryption", - "sha384WithRSAEncryption", - "sha512WithRSAEncryption"): + if oid2name.get(self.get_POWpkix().signatureAlgorithm.algorithm.get()) \ + not in ("sha256WithRSAEncryption", "sha384WithRSAEncryption", "sha512WithRSAEncryption"): raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % self.get_POWpkix().signatureAlgorithm - exts = self.getExtensions() + exts = self.get_POWpkix().getExtensions() for oid, critical, value in exts: if oid2name.get(oid) not in ("basicConstraints", "keyUsage", "subjectInfoAccess"): raise rpki.exceptions.BadExtension, "Forbidden extension %s" % oid diff --git a/scripts/testroot.py b/scripts/testroot.py index ba6cf809..21b8bcc1 100755 --- a/scripts/testroot.py +++ b/scripts/testroot.py @@ -53,6 +53,11 @@ class list_pdu(rpki.up_down.list_pdu): class issue_pdu(rpki.up_down.issue_pdu): def serve_pdu(self, xxx1, q_msg, r_msg, xxx2): + + f = open("testroot.pkcs10", "w") + f.write(self.pkcs10.get_DER()) + f.close() + self.pkcs10.check_valid_rpki() rpki_subject = get_subject_cert() if rpki_subject is not None: |