diff options
| author | Rob Austein <sra@hactrn.net> | 2008-04-18 23:39:55 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-04-18 23:39:55 +0000 |
| commit | a0be939602e58f77d99d09acfc12743b7ff5146b (patch) | |
| tree | fa0433fa95dc0f4a460ab4e1eb887d7b13737ffa /rpkid/rpki | |
| parent | e11002b6beffdbd9b847038693d666f01cc1bc9e (diff) | |
Clean up unnecessarily complicated trust anchor code
svn path=/rpkid/cronjob.py; revision=1677
Diffstat (limited to 'rpkid/rpki')
| -rw-r--r-- | rpkid/rpki/gctx.py | 6 | ||||
| -rw-r--r-- | rpkid/rpki/https.py | 13 | ||||
| -rw-r--r-- | rpkid/rpki/left_right.py | 2 |
3 files changed, 10 insertions, 11 deletions
diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py index 9be163de..d0d3d2c4 100644 --- a/rpkid/rpki/gctx.py +++ b/rpkid/rpki/gctx.py @@ -41,10 +41,10 @@ class global_context(object): self.cms_key = rpki.x509.RSA(Auto_file = cfg.get("cms-key")) self.cms_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-cert")) + self.https_ta_irdb = rpki.x509.X509(Auto_file = cfg.get("https-ta-irdb")) + self.https_ta_irbe = rpki.x509.X509(Auto_file = cfg.get("https-ta-irbe")) self.https_key = rpki.x509.RSA(Auto_file = cfg.get("https-key")) self.https_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")) - self.https_ta_irdb = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta-irdb")) - self.https_ta_irbe = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta-irbe")) self.irdb_url = cfg.get("irdb-url") @@ -190,7 +190,7 @@ class global_context(object): children = rpki.left_right.child_elt.sql_fetch_all(self) certs = [c.peer_biz_cert for c in children if c.peer_biz_cert is not None] + \ [c.peer_biz_glue for c in children if c.peer_biz_glue is not None] + \ - self.https_ta_irbe + [ self.https_ta_irbe ] for x in certs: if rpki.https.debug_tls_certs: rpki.log.debug("HTTPS dynamic trust anchor %s" % x.getSubject()) diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index f73667b2..db94e721 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -38,17 +38,16 @@ rpki_content_type = "application/x-rpki" class Checker(tlslite.api.Checker): """Derived class to handle X.509 client certificate checking.""" - def __init__(self, trust_anchors = None, dynamic_x509store = None): + def __init__(self, trust_anchor = None, dynamic_x509store = None): """Initialize our modified certificate checker.""" self.dynamic_x509store = dynamic_x509store if dynamic_x509store is None: self.x509store = POW.X509Store() - for x in trust_anchors: - if debug_tls_certs: - rpki.log.debug("HTTPS trust anchor %s" % x.getSubject()) - self.x509store.addTrust(x.get_POW()) + if debug_tls_certs: + rpki.log.debug("HTTPS trust anchor %s" % trust_anchor.getSubject()) + self.x509store.addTrust(trust_anchor.get_POW()) elif debug_tls_certs: rpki.log.debug("HTTPS dynamic trust anchors") @@ -92,7 +91,7 @@ class httpsClient(tlslite.api.HTTPTLSConnection): self, host = host, port = port, settings = settings, certChain = client_certs, privateKey = client_key) - self.checker = Checker(trust_anchors = server_ta) + self.checker = Checker(trust_anchor = server_ta) def client(msg, client_key, client_certs, server_ta, url, timeout = 300): """Open client HTTPS connection, send a message, wait for response. @@ -220,6 +219,6 @@ def server(handlers, server_key, server_certs, port = 4433, host = "", client_ta httpd.rpki_server_key = server_key.get_tlslite() httpd.rpki_server_certs = server_certs.tlslite_certChain() httpd.rpki_sessionCache = tlslite.api.SessionCache() - httpd.rpki_checker = Checker(trust_anchors = client_ta, dynamic_x509store = dynamic_x509store) + httpd.rpki_checker = Checker(trust_anchor = client_ta, dynamic_x509store = dynamic_x509store) httpd.serve_forever() diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 4aec4417..5a3ae255 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -617,7 +617,7 @@ class parent_elt(data_elt): raise q_cms = rpki.cms.xml_sign(q_elt, bsc.private_key_id, bsc.signing_cert, encoding = "UTF-8") - r_cms = rpki.https.client(server_ta = rpki.x509.X509_chain(self.peer_biz_cert), + r_cms = rpki.https.client(server_ta = self.peer_biz_cert, client_key = bsc.private_key_id, client_certs = bsc.signing_cert, msg = q_cms, |