diff options
| author | Rob Austein <sra@hactrn.net> | 2007-09-29 04:27:57 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-09-29 04:27:57 +0000 |
| commit | f8e063d084a350b454f2171f2395ecd5e2a66a5e (patch) | |
| tree | 9a68de25f47b946fa61e52e00532631a7eaf3ed9 /scripts/rpki/up_down.py | |
| parent | e3df99f94c94b18861ec07edc1033375d1a9ba63 (diff) | |
Checkpoint
svn path=/pow/POW-0.7/lib/pkix.py; revision=1054
Diffstat (limited to 'scripts/rpki/up_down.py')
| -rw-r--r-- | scripts/rpki/up_down.py | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 814a8534..388ba21c 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -234,18 +234,14 @@ class issue_pdu(base_elt): if oids.get(self.pkcs10.get_POWpkix().signatureAlgorithm) not in ("sha256WithRSAEncryption", "sha384WithRSAEncryption", "sha512WithRSAEncryption"): raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % self.pkcs10.get_POWpkix().signatureAlgorithm exts = self.pkcs10.getExtensions() - if exts is None: - exts = {} - else: - exts = exts.get() - for oid, critical, value in exts: - if oids.get(oid) not in ("basicConstraints", "keyUsage", "subjectInfoAccess"): - raise rpki.exceptions.BadExtension, "Forbidden extension %s" % oid - exts = dict((oids[oid], value) for (oid, critical, value) in exts) + for oid, critical, value in exts: + if oids.get(oid) not in ("basicConstraints", "keyUsage", "subjectInfoAccess"): + raise rpki.exceptions.BadExtension, "Forbidden extension %s" % oid + exts = dict((oids[oid], value) for (oid, critical, value) in exts) if "basicConstraints" not in exts or not exts["basicConstraints"][0]: raise rpki.exceptions.BadPKCS10, "request for EE cert not allowed here" if exts["basicConstraints"][1] is not None: - raise rpki.exceptions.BadPKCS10, "basicConstraints extension must not specify Path Length" + raise rpki.exceptions.BadPKCS10, "basicConstraints must not specify Path Length" if "keyUsage" in exts and (not exts["keyUsage"][5] or not exts["keyUsage"][6]): raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints" for method, location in exts.get("subjectInfoAccess", ()): @@ -257,9 +253,9 @@ class issue_pdu(base_elt): # resources (approximately the same algorithm used for # list_response). Check: # - # 3a) that resources match exactly + # 3a) that public key matches exactly # - # 3b) that public key matches exactly + # 3b) that resources match exactly # # 3c) that any relevant extensions in the pkcs10 match exactly # @@ -275,12 +271,8 @@ class issue_pdu(base_elt): else: child_cert = None if child_cert is not None: - pass + pass # Fill in remaining tests here - # - # In theory the spec requires that that public keys here be - # different, so at most one key should match. Sez here. - # Anyway, need to perform remaining tests on the match if we got one. raise NotImplementedError |