diff options
| author | Rob Austein <sra@hactrn.net> | 2007-09-25 22:37:20 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-09-25 22:37:20 +0000 |
| commit | 9dbb0fecd60bda5f7ae600d9e0c0f6798cad2cec (patch) | |
| tree | da7adbfb6e70dcf2e7ffc0e3fa7fc63dc6c8475a | |
| parent | a683f101edd0512fc2c34433ad23d6986e66bd4a (diff) | |
Checkpoint
svn path=/scripts/rpki/up_down.py; revision=1034
| -rw-r--r-- | scripts/rpki/up_down.py | 9 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 11 |
2 files changed, 11 insertions, 9 deletions
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 6e3ff660..f8fe7f5d 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -144,18 +144,13 @@ def cons_resource_class(gctx, now, child, ca_id, irdb_as, irdb_v4, irdb_v6): ca_detail = c if not ca_detail: return None - rc_as, rc_v4, rc_v6 = ca_detail.latest_ca_cert.get_3779resources() - rc_as.intersection(irdb_as) - rc_v4.intersection(irdb_v4) - rc_v6.intersection(irdb_v6) + rc_as, rc_v4, rc_v6 = ca_detail.latest_ca_cert.get_3779resources(irdb_as, irdb_v4, irdb_v6) if not rc_as and not rc_v4 and not rc_v6: return None rc = class_elt() rc.class_name = str(ca_id) rc.cert_url = "rsync://niy.invalid" - rc.resource_set_as = rc_as - rc.resource_set_ipv4 = rc_v4 - rc.resource_set_ipv6 = rc_v6 + rc.resource_set_as, rc.resource_set_ipv4, rc.resource_set_ipv6 = rc_as, rc_v4, rc_v6 for child_cert in rpki.sql.child_cert_obj.sql_fetch_where(gctx.db, gctx.cur, "child_id = %s AND ca_detail_id = %s" % (child.child_id, ca_detail.ca_detail_id)): c = certificate_elt() c.cert_url = "rsync://niy.invalid" diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 1952ab8a..1efabe77 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -218,9 +218,16 @@ class X509(DER_object): """Get the SKI extension from this certificate.""" return self._get_POW_extensions().get("subjectKeyIdentifier") - def get_3779resources(self): + def get_3779resources(self, as_intersector = None, v4_intersector = None, v6_intersector = None): """Get RFC 3779 resources as rpki.resource_set objects.""" - return rpki.resource_set.parse_extensions(self.get_POWpkix().getExtensions()) + as, v4, v6 = rpki.resource_set.parse_extensions(self.get_POWpkix().getExtensions()) + if as_intersector: + as = as.intersection(as_intersector) + if v4_intersector: + v4 = v4.intersection(v4_intersector) + if v6_intersector: + v6 = v6.intersection(v6_intersector) + return as, v4, v6 class X509_chain(list): """Collections of certs. |