Add POW C function to pull SKI from a certificate, so we can bypass

the slower POW.pkix code in what profiling suggests is a serious
hotspot during manifest generation.  See #20, #274.

svn path=/branches/tk274/; revision=4631

2 files changed, 23 insertions, 1 deletions

diff --git a/rpkid/ext/POW.c b/rpkid/ext/POW.c
index 5584e874..1e673041 100644
--- a/rpkid/ext/POW.c
+++ b/rpkid/ext/POW.c
@@ -1820,6 +1820,20 @@ X509_object_get_extension(x509_object *self, PyObject *args)
   return NULL;
 }
 
+static PyObject *
+X509_object_get_ski(x509_object *self, PyObject *args)
+{
+  /*
+   * Called for side-effect (calls x509v3_cache_extensions() for us).
+   */
+  (void) X509_check_ca(self->x509);
+
+  if (self->x509->skid == NULL)
+    Py_RETURN_NONE;
+  else
+    return Py_BuildValue("s#", self->x509->skid->data, self->x509->skid->length);
+}
+
 static char x509_object_pprint__doc__[] =
 "<method>\n"
 "   <header>\n"
@@ -1900,7 +1914,7 @@ static struct PyMethodDef X509_object_methods[] = {
   {"countExtensions",   (PyCFunction)X509_object_count_extensions, METH_VARARGS,  NULL},
   {"getExtension",      (PyCFunction)X509_object_get_extension,    METH_VARARGS,  NULL},
   {"pprint",            (PyCFunction)x509_object_pprint,           METH_VARARGS,  NULL},
-
+  {"getSKI",            (PyCFunction)X509_object_get_ski,          METH_NOARGS,   NULL},
   {NULL}    /* sentinel */
 };
 
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 95b47f7f..8e8ad604 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -574,6 +574,14 @@ class X509(DER_object):
     """
     return RSApublic(DER = self.get_POWpkix().tbs.subjectPublicKeyInfo.toString())
 
+  def get_SKI(self):
+    """
+    Get the SKI extension from this object.  In theory, this is faster
+    than using the POW.pkix interface, and speed turns out to matter
+    when one is generating a manifest with thousands of entries.
+    """
+    return self.get_POW().getSKI()
+
   def expired(self):
     """
     Test whether this certificate has expired.