diff options
| author | Rob Austein <sra@hactrn.net> | 2009-07-03 05:42:48 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-07-03 05:42:48 +0000 |
| commit | 47154b52fa004fe88d3be3b2eb04b07bc316998d (patch) | |
| tree | 735bb7a347f6d14e57d83a66784fa4487aeaba94 | |
| parent | 203fe4fc3104a6476ec2bfd359b87c51429f4c10 (diff) | |
Checkpoint
svn path=/myrpki/myirbe.py; revision=2564
| -rw-r--r-- | myrpki/myirbe.py | 21 | ||||
| -rw-r--r-- | myrpki/myrpki.py | 12 |
2 files changed, 26 insertions, 7 deletions
diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py index 0cca8d16..f9f057a4 100644 --- a/myrpki/myirbe.py +++ b/myrpki/myirbe.py @@ -114,19 +114,30 @@ for x in tree.getiterator(tag("child")): db.commit() db.close() +hosted_cacert = tree.findtext(tag("bpki_ca_certificate")) +if hosted_cacert: + p = subprocess.Popen(("openssl", "x509", "-inform", "DER"), stdin = subprocess.PIPE, stdout = subprocess.PIPE) + hosted_cacert = p.communicate(base64.b64decode(hosted_cacert))[0] + if p.wait() != 0: + raise RuntimeError, "Couldn't convert certificate to PEM format" + bpki_rpkid = myrpki.CA(cfg_file, cfg.get("rpkid_ca_directory"), cfg.get("rpkid_ca_certificate")) -bpki_rpkid.setup("/CN=RPKID TEST TA") +bpki_rpkid.setup("/CN=rpkid TA") for name in ("rpkid", "irdbd", "irbe_cli"): bpki_rpkid.ee("/CN=%s EE" % name, name) +if hosted_cacert: + bpki_rpkid.fxcert(my_handle + ".cacert.cer", hosted_cacert, restrict_pathlen = False) bpki_pubd = myrpki.CA(cfg_file, cfg.get("pubd_ca_directory"), cfg.get("pubd_ca_certificate")) -bpki_pubd.setup("/CN=PUBD TEST TA") +bpki_pubd.setup("/CN=pubd TA") for name in ("pubd", "irbe_cli"): - bpki_rpkid.ee("/CN=%s EE" % name, name) + bpki_pubd.ee("/CN=%s EE" % name, name) +if hosted_cacert: + bpki_pubd.fxcert(my_handle + ".cacert.cer", hosted_cacert) bpki_rootd = myrpki.CA(cfg_file, cfg.get("rootd_ca_directory"), cfg.get("rootd_ca_certificate")) -bpki_rootd.setup("/CN=ROOTD TEST TA") -bpki_rpkid.ee("/CN=rootd EE", "rootd") +bpki_rootd.setup("/CN=rootd TA") +bpki_rootd.ee("/CN=rootd EE", "rootd") rpkid_pdus = [ rpki.left_right.self_elt.make_pdu( action = "get", self_handle = my_handle), diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py index ed46b84b..74c2f4b3 100644 --- a/myrpki/myrpki.py +++ b/myrpki/myrpki.py @@ -285,7 +285,14 @@ class CA(object): PEMElement(e, "bpki_bsc_certificate", cer_file) PEMElement(e, "bpki_bsc_pkcs10", req_file) - def xcert(self, cert): + def fxcert(self, filename, cert, restrict_pathlen = True): + fn = os.path.join(self.dir, filename) + f = open(fn, "w") + f.write(cert) + f.close() + return self.xcert(fn, restrict_pathlen) + + def xcert(self, cert, restrict_pathlen = True): if not cert: return None @@ -309,7 +316,8 @@ class CA(object): # OpenSSL command line tool. if not os.path.exists(xcert): - self.run_ca("-ss_cert", cert, "-out", xcert, "-extensions", "ca_x509_ext_xcert") + self.run_ca("-ss_cert", cert, "-out", xcert, "-extensions", + "ca_x509_ext_xcert" if restrict_pathlen else "ca_x509_ext_ca") return xcert |