diff options
| author | Rob Austein <sra@hactrn.net> | 2008-05-08 20:20:21 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-05-08 20:20:21 +0000 |
| commit | 98f953e1dcc6d5e7c572686c743d81394158e196 (patch) | |
| tree | d5ca864c1d0c0d567597675a8b0e2db454f25b0a /rpkid/cross-certify.py | |
| parent | db439da511fbe159297a0c041c60bdf3d647a350 (diff) | |
Use file to handle serial numbers, like openssl x509.
svn path=/rpkid/cross-certify.py; revision=1757
Diffstat (limited to 'rpkid/cross-certify.py')
| -rw-r--r-- | rpkid/cross-certify.py | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/rpkid/cross-certify.py b/rpkid/cross-certify.py index 028d991b..442035bd 100644 --- a/rpkid/cross-certify.py +++ b/rpkid/cross-certify.py @@ -26,7 +26,7 @@ refactoring. Usage: python cross-certify.py { -i | --in } input_cert { -c | --ca } issuing_cert { -k | --key } issuing_cert_key - { -s | --serial } serial_number + { -s | --serial } serial_filename [ { -h | --help } ] [ { -o | --out } filename (default: stdout) ] [ { -l | --lifetime } timedelta (default: 30 days) ] @@ -46,7 +46,7 @@ output = None lifetime = rpki.sundial.timedelta(days = 30) opts,argv = getopt.getopt(sys.argv[1:], "h?i:o:c:k:s:l:", - ["help", "in", "out", "ca", "key", "serial", "lifetime"]) + ["help", "in=", "out=", "ca=", "key=", "serial=", "lifetime="]) for o,a in opts: if o in ("-h", "--help", "-?"): usage(0) @@ -59,7 +59,7 @@ for o,a in opts: elif o in ("-k", "--key"): keypair = rpki.x509.RSA(Auto_file = a) elif o in ("-s", "--serial"): - serial = int(a) + serial_file = a elif o in ("-l", "--lifetime"): lifetime = rpki.sundial.timedelta.parse(a) if argv: @@ -68,6 +68,14 @@ if argv: now = rpki.sundial.now() notAfter = now + lifetime +try: + f = open(serial_file, "r") + serial = f.read() + f.close() + serial = int(serial.splitlines()[0], 16) +except IOError: + serial = 1 + x = POW.pkix.Certificate() x.setVersion(2) x.setSerial(serial) @@ -86,6 +94,10 @@ x.sign(keypair.get_POW(), POW.SHA256_DIGEST) cert = rpki.x509.X509(POWpkix = x) +f = open(serial_file, "w") +f.write("%02x\n" % (serial + 1)) +f.close() + if output is None: print cert.get_PEM() else: |