diff options
| author | Rob Austein <sra@hactrn.net> | 2008-04-25 06:45:10 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-04-25 06:45:10 +0000 |
| commit | aac95769f39e37f89ca4b304d76dc514822a7271 (patch) | |
| tree | a131f06614dea05d3c7193730e25fb43ff7e5654 /rpkid/rpki | |
| parent | f4d16327a6048cf932b53e40247df0b820e2dccf (diff) | |
New trust anchor model sort of working. make test runs again, anyway.
svn path=/docs/left-right-xml; revision=1704
Diffstat (limited to 'rpkid/rpki')
| -rw-r--r-- | rpkid/rpki/__init__.py | 15 | ||||
| -rw-r--r-- | rpkid/rpki/gctx.py | 14 | ||||
| -rw-r--r-- | rpkid/rpki/https.py | 8 | ||||
| -rw-r--r-- | rpkid/rpki/left_right.py | 136 | ||||
| -rw-r--r-- | rpkid/rpki/relaxng.py | 77 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 4 |
6 files changed, 156 insertions, 98 deletions
diff --git a/rpkid/rpki/__init__.py b/rpkid/rpki/__init__.py index 3e0c653b..00c921e3 100644 --- a/rpkid/rpki/__init__.py +++ b/rpkid/rpki/__init__.py @@ -464,18 +464,23 @@ ## parent --action= --type= --tag= --self_id= --parent_id= ## --bsc_id= --repository_id= --peer_contact_uri= ## --sia_base= --sender_name= --recipient_name= -## --peer_biz_cert= --peer_biz_glue= --rekey --reissue --revoke +## --bpki_cms_cert= --bpki_cms_glue= +## --bpki_https_cert= --bpki_https_glue= +## --rekey --reissue --revoke ## ## repository --action= --type= --tag= --self_id= --repository_id= -## --bsc_id= --peer_contact_uri= --peer_biz_cert= --peer_biz_glue= +## --bsc_id= --peer_contact_uri= +## --bpki_cms_cert= --bpki_cms_glue= +## --bpki_https_cert= --bpki_https_glue= ## ## self --action= --type= --tag= --self_id= --crl_interval= +## --bpki_cert= --bpki_glue= ## --extension_preference= --rekey --reissue --revoke -## --run_now --publish_world_now -## --clear_extension_preferences +## --run_now --publish_world_now +## --clear_extension_preferences ## ## child --action= --type= --tag= --self_id= --child_id= -## --bsc_id= --peer_biz_cert= --peer_biz_glue= --reissue +## --bsc_id= --bpki_cms_cert= --bpki_cms_glue= --reissue ## ## route_origin --action= --type= --tag= --self_id= --route_origin_id= ## --as_number= --ipv4= --ipv6= --suppress_publication diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py index 127205f7..f3c8c4b4 100644 --- a/rpkid/rpki/gctx.py +++ b/rpkid/rpki/gctx.py @@ -72,12 +72,12 @@ class global_context(object): q_msg[0].child_id = child_id q_cms = rpki.left_right.cms_msg.wrap(q_msg, self.rpkid_key, self.rpkid_cert) der = rpki.https.client( + server_ta = (self.bpki_ta, self.irdb_cert), client_key = self.rpkid_key, client_cert = self.rpkid_cert, - server_ta = self.irdb_cert, url = self.irdb_url, msg = q_cms) - r_msg = rpki.left_right.cms_msg.unwrap(der, self.irdb_cert) + r_msg = rpki.left_right.cms_msg.unwrap(der, (self.bpki_ta, self.irdb_cert)) if len(r_msg) == 0 or not isinstance(r_msg[0], rpki.left_right.list_resources_elt) or r_msg[0].type != "reply": raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii") return rpki.resource_set.resource_bag( @@ -172,14 +172,14 @@ class global_context(object): store = POW.X509Store() selves = rpki.left_right.self_elt.sql_fetch_all(self) children = rpki.left_right.child_elt.sql_fetch_all(self) - certs = [c.peer_biz_cert for c in children if c.peer_biz_cert is not None] + \ - [c.peer_biz_glue for c in children if c.peer_biz_glue is not None] + \ - [s.biz_cert for s in selves if s.biz_cert is not None] + \ - [s.biz_glue for s in selves if s.biz_glue is not None] + \ + certs = [c.bpki_cert for c in children if c.bpki_cert is not None] + \ + [c.bpki_glue for c in children if c.bpki_glue is not None] + \ + [s.bpki_cert for s in selves if s.bpki_cert is not None] + \ + [s.bpki_glue for s in selves if s.bpki_glue is not None] + \ [self.irbe_cert, self.irdb_cert, self.bpki_ta] for x in certs: if rpki.https.debug_tls_certs: - rpki.log.debug("HTTPS dynamic trusted cert %s" % x.getSubject()) + rpki.log.debug("HTTPS dynamic trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) store.addTrust(x.get_POW()) self.https_ta_cache = store diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index b5338f5d..2e70455b 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -60,7 +60,7 @@ class Checker(tlslite.api.Checker): for x in trust_anchor: if debug_tls_certs: - rpki.log.debug("HTTPS trusted cert %s" % x.getSubject()) + rpki.log.debug("HTTPS trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) self.x509store.addTrust(x.get_POW()) def x509store_thunk(self): @@ -83,7 +83,7 @@ class Checker(tlslite.api.Checker): if debug_tls_certs: for i in range(len(chain)): - rpki.log.debug("Received %s TLS cert[%d] %s" % (peer, i, chain[i].getSubject())) + rpki.log.debug("Received %s TLS cert[%d] issuer %s subject %s" % (peer, i, chain[i].getIssuer(), chain[i].getSubject())) if not self.x509store_thunk().verifyChain(chain[0].get_POW(), [x.get_POW() for x in chain[1:]]): if disable_tls_certificate_validation_exceptions: @@ -123,9 +123,11 @@ def client(msg, client_key, client_cert, server_ta, url, timeout = 300): u.query == "" and \ u.fragment == "" + rpki.log.debug("Contacting URL %s" % url) + if debug_tls_certs: for cert in (client_cert,) if isinstance(client_cert, rpki.x509.X509) else client_cert: - rpki.log.debug("Sending client TLS cert %s" % cert.getSubject()) + rpki.log.debug("Sending client TLS cert issuer %s subject %s" % (cert.getIssuer(), cert.getSubject())) # We could add a "settings = foo" argument to the following call to # pass in a tlslite.HandshakeSettings object that would let us diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index db7f9191..2edd8ca3 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -215,18 +215,18 @@ class self_elt(data_elt): element_name = "self" attributes = ("action", "type", "tag", "self_id", "crl_interval", "regen_margin") - elements = ("extension_preference", "biz_cert", "biz_glue") + elements = ("extension_preference", "bpki_cert", "bpki_glue") booleans = ("rekey", "reissue", "revoke", "run_now", "publish_world_now", "clear_extension_preferences") sql_template = rpki.sql.template("self", "self_id", "use_hsm", "crl_interval", "regen_margin", - ("biz_cert", rpki.x509.X509), ("biz_glue", rpki.x509.X509)) + ("bpki_cert", rpki.x509.X509), ("bpki_glue", rpki.x509.X509)) self_id = None use_hsm = False crl_interval = None regen_margin = None - biz_cert = None - biz_glue = None + bpki_cert = None + bpki_glue = None def __init__(self): """Initialize a self_elt.""" @@ -325,16 +325,16 @@ class self_elt(data_elt): self.prefs.append(pref) stack.append(pref) pref.startElement(stack, name, attrs) - elif name not in ("biz_cert", "biz_glue"): + elif name not in ("bpki_cert", "bpki_glue"): assert name == "self", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <self/> element.""" - if name == "biz_cert": - self.biz_cert = rpki.x509.X509(Base64 = text) - elif name == "biz_glue": - self.biz_glue = rpki.x509.X509(Base64 = text) + if name == "bpki_cert": + self.bpki_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_glue": + self.bpki_glue = rpki.x509.X509(Base64 = text) else: assert name == "self", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -342,6 +342,10 @@ class self_elt(data_elt): def toXML(self): """Generate <self/> element.""" elt = self.make_elt() + if self.bpki_cert and not self.bpki_cert.empty(): + self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) + if self.bpki_glue and not self.bpki_glue.empty(): + self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) elt.extend([i.toXML() for i in self.prefs]) return elt @@ -532,15 +536,18 @@ class parent_elt(data_elt): element_name = "parent" attributes = ("action", "type", "tag", "self_id", "parent_id", "bsc_id", "repository_id", "peer_contact_uri", "sia_base", "sender_name", "recipient_name") - elements = ("peer_biz_cert", "peer_biz_glue") + elements = ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue") booleans = ("rekey", "reissue", "revoke") sql_template = rpki.sql.template("parent", "parent_id", "self_id", "bsc_id", "repository_id", - ("peer_biz_cert", rpki.x509.X509), ("peer_biz_glue", rpki.x509.X509), + ("bpki_cms_cert", rpki.x509.X509), ("bpki_cms_glue", rpki.x509.X509), + ("bpki_https_cert", rpki.x509.X509), ("bpki_https_glue", rpki.x509.X509), "peer_contact_uri", "sia_base", "sender_name", "recipient_name") - peer_biz_cert = None - peer_biz_glue = None + bpki_cms_cert = None + bpki_cms_glue = None + bpki_https_cert = None + bpki_https_glue = None def repository(self): """Fetch repository object to which this parent object links.""" @@ -570,16 +577,20 @@ class parent_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <parent/> element.""" - if name not in ("peer_biz_cert", "peer_biz_glue"): + if name not in ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue"): assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <parent/> element.""" - if name == "peer_biz_cert": - self.peer_biz_cert = rpki.x509.X509(Base64 = text) - elif name == "peer_biz_glue": - self.peer_biz_glue = rpki.x509.X509(Base64 = text) + if name == "bpki_cms_cert": + self.bpki_cms_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_cms_glue": + self.bpki_cms_glue = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_cert": + self.bpki_https_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_glue": + self.bpki_https_glue = rpki.x509.X509(Base64 = text) else: assert name == "parent", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -587,10 +598,14 @@ class parent_elt(data_elt): def toXML(self): """Generate <parent/> element.""" elt = self.make_elt() - if self.peer_biz_cert and not self.peer_biz_cert.empty(): - self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) - if self.peer_biz_glue and not self.peer_biz_glue.empty(): - self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) + if self.bpki_cms_cert and not self.bpki_cms_cert.empty(): + self.make_b64elt(elt, "bpki_cms_cert", self.bpki_cms_cert.get_DER()) + if self.bpki_cms_glue and not self.bpki_cms_glue.empty(): + self.make_b64elt(elt, "bpki_cms_glue", self.bpki_cms_glue.get_DER()) + if self.bpki_https_cert and not self.bpki_https_cert.empty(): + self.make_b64elt(elt, "bpki_https_cert", self.bpki_https_cert.get_DER()) + if self.bpki_https_glue and not self.bpki_https_glue.empty(): + self.make_b64elt(elt, "bpki_https_glue", self.bpki_https_glue.get_DER()) return elt def query_up_down(self, q_pdu): @@ -619,13 +634,16 @@ class parent_elt(data_elt): recipient = self.recipient_name) q_cms = rpki.up_down.cms_msg.wrap(q_msg, bsc.private_key_id, bsc.signing_cert) - der = rpki.https.client(server_ta = self.peer_biz_cert, + assert self.self().bpki_cert is not None + assert self.bpki_https_cert is not None + + der = rpki.https.client(server_ta = (self.gctx.bpki_ta, self.self().bpki_cert, self.bpki_https_cert), client_key = bsc.private_key_id, client_cert = bsc.signing_cert, msg = q_cms, url = self.peer_contact_uri) - r_msg = rpki.up_down.cms_msg.unwrap(der, self.peer_biz_cert) + r_msg = rpki.up_down.cms_msg.unwrap(der, (self.gctx.bpki_ta, self.self().bpki_cert, self.bpki_cms_cert)) r_msg.payload.check_response() return r_msg @@ -635,13 +653,15 @@ class child_elt(data_elt): element_name = "child" attributes = ("action", "type", "tag", "self_id", "child_id", "bsc_id") - elements = ("peer_biz_cert", "peer_biz_glue") + elements = ("bpki_cert", "bpki_glue") booleans = ("reissue", ) - sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", ("peer_biz_cert", rpki.x509.X509)) + sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", + ("bpki_cert", rpki.x509.X509), + ("bpki_glue", rpki.x509.X509)) - peer_biz_cert = None - peer_biz_glue = None + bpki_cert = None + bpki_glue = None clear_https_ta_cache = False def child_certs(self, ca_detail = None, ski = None, unique = False): @@ -671,17 +691,17 @@ class child_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <child/> element.""" - if name not in ("peer_biz_cert", "peer_biz_glue"): + if name not in ("bpki_cert", "bpki_glue"): assert name == "child", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <child/> element.""" - if name == "peer_biz_cert": - self.peer_biz_cert = rpki.x509.X509(Base64 = text) + if name == "bpki_cert": + self.bpki_cert = rpki.x509.X509(Base64 = text) self.clear_https_ta_cache = True - elif name == "peer_biz_glue": - self.peer_biz_glue = rpki.x509.X509(Base64 = text) + elif name == "bpki_glue": + self.bpki_glue = rpki.x509.X509(Base64 = text) self.clear_https_ta_cache = True else: assert name == "child", "Unexpected name %s, stack %s" % (name, stack) @@ -690,10 +710,10 @@ class child_elt(data_elt): def toXML(self): """Generate <child/> element.""" elt = self.make_elt() - if self.peer_biz_cert and not self.peer_biz_cert.empty(): - self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) - if self.peer_biz_glue and not self.peer_biz_glue.empty(): - self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) + if self.bpki_cert and not self.bpki_cert.empty(): + self.make_b64elt(elt, "bpki_cert", self.bpki_cert.get_DER()) + if self.bpki_glue and not self.bpki_glue.empty(): + self.make_b64elt(elt, "bpki_glue", self.bpki_glue.get_DER()) return elt def serve_up_down(self, query): @@ -704,7 +724,7 @@ class child_elt(data_elt): bsc = self.bsc() if bsc is None: raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id - q_msg = rpki.up_down.cms_msg.unwrap(query, self.peer_biz_cert) + q_msg = rpki.up_down.cms_msg.unwrap(query, (self.gctx.bpki_ta, self.self().bpki_cert, self.bpki_cert)) q_msg.payload.gctx = self.gctx if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id): raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender @@ -726,14 +746,16 @@ class repository_elt(data_elt): element_name = "repository" attributes = ("action", "type", "tag", "self_id", "repository_id", "bsc_id", "peer_contact_uri") - elements = ("peer_biz_cert", "peer_biz_glue") + elements = ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue") - sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", - ("peer_biz_cert", rpki.x509.X509), "peer_contact_uri", - ("peer_biz_glue", rpki.x509.X509)) + sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", "peer_contact_uri", + ("bpki_cms_cert", rpki.x509.X509), ("bpki_cms_glue", rpki.x509.X509), + ("bpki_https_cert", rpki.x509.X509), ("bpki_https_glue", rpki.x509.X509)) - peer_biz_cert = None - peer_biz_glue = None + bpki_cms_cert = None + bpki_cms_glue = None + bpki_https_cert = None + bpki_https_glue = None def parents(self): """Fetch all parent objects that link to this repository object.""" @@ -741,16 +763,20 @@ class repository_elt(data_elt): def startElement(self, stack, name, attrs): """Handle <repository/> element.""" - if name not in ("peer_biz_cert", "peer_biz_glue"): + if name not in ("bpki_cms_cert", "bpki_cms_glue", "bpki_https_cert", "bpki_https_glue"): assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) self.read_attrs(attrs) def endElement(self, stack, name, text): """Handle <repository/> element.""" - if name == "peer_biz_cert": - self.peer_biz_cert = rpki.x509.X509(Base64 = text) - elif name == "peer_biz_glue": - self.peer_biz_glue = rpki.x509.X509(Base64 = text) + if name == "bpki_cms_cert": + self.bpki_cms_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_cms_glue": + self.bpki_cms_glue = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_cert": + self.bpki_https_cert = rpki.x509.X509(Base64 = text) + elif name == "bpki_https_glue": + self.bpki_https_glue = rpki.x509.X509(Base64 = text) else: assert name == "repository", "Unexpected name %s, stack %s" % (name, stack) stack.pop() @@ -758,10 +784,14 @@ class repository_elt(data_elt): def toXML(self): """Generate <repository/> element.""" elt = self.make_elt() - if self.peer_biz_cert: - self.make_b64elt(elt, "peer_biz_cert", self.peer_biz_cert.get_DER()) - if self.peer_biz_glue: - self.make_b64elt(elt, "peer_biz_glue", self.peer_biz_glue.get_DER()) + if self.bpki_cms_cert: + self.make_b64elt(elt, "bpki_cms_cert", self.bpki_cms_cert.get_DER()) + if self.bpki_cms_glue: + self.make_b64elt(elt, "bpki_cms_glue", self.bpki_cms_glue.get_DER()) + if self.bpki_https_cert: + self.make_b64elt(elt, "bpki_https_cert", self.bpki_https_cert.get_DER()) + if self.bpki_https_glue: + self.make_b64elt(elt, "bpki_https_glue", self.bpki_https_glue.get_DER()) return elt @staticmethod diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index c201cbbc..6dab0e87 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -6,7 +6,7 @@ import lxml.etree ## Parsed RelaxNG left_right schema left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rng 1701 2008-04-24 05:44:46Z sra $ + $Id: left-right-schema.rnc 1701 2008-04-24 05:44:46Z sra $ RelaxNG (Compact Syntax) Schema for RPKI left-right protocol. @@ -146,17 +146,6 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc <param name="maxLength">512000</param> </data> </define> - <!-- How we wrap peer business cert elements --> - <define name="peer_biz_cert"> - <element name="peer_biz_cert"> - <ref name="base64"/> - </element> - </define> - <define name="peer_biz_glue"> - <element name="peer_biz_glue"> - <ref name="base64"/> - </element> - </define> <!-- Base definition for all fields that are really just SQL primary indices --> <define name="sql_id"> <data type="token"> @@ -215,6 +204,16 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc <data type="positiveInteger"/> </attribute> </optional> + <optional> + <element name="bpki_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_glue"> + <ref name="base64"/> + </element> + </optional> <zeroOrMore> <element name="extension_preference"> <attribute name="name"> @@ -227,16 +226,6 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </data> </element> </zeroOrMore> - <optional> - <element name="biz_cert"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="biz_glue"> - <ref name="base64"/> - </element> - </optional> </define> <define name="self_id"> <attribute name="self_id"> @@ -499,10 +488,24 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cms_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_cms_glue"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_cert"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_https_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="parent_elt" combine="choice"> @@ -601,10 +604,14 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cert"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="child_elt" combine="choice"> @@ -703,10 +710,24 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc </attribute> </optional> <optional> - <ref name="peer_biz_cert"/> + <element name="bpki_cms_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_cms_glue"> + <ref name="base64"/> + </element> </optional> <optional> - <ref name="peer_biz_glue"/> + <element name="bpki_https_cert"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_https_glue"> + <ref name="base64"/> + </element> </optional> </define> <define name="repository_elt" combine="choice"> diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 71ff4d53..f43d882a 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -588,13 +588,13 @@ class CMS_object(DER_object): for x in ta: if self.debug_cms_certs: - rpki.log.debug("CMS trusted cert %s" % x.getSubject()) + rpki.log.debug("CMS trusted cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) store.addTrust(x.get_POW()) if self.debug_cms_certs: try: for x in cms.certs(): - rpki.log.debug("Received CMS cert %s" % x.getSubject()) + rpki.log.debug("Received CMS cert issuer %s subject %s" % (x.getIssuer(), x.getSubject())) except: pass |