CRL support, not yet tested

svn path=/scripts/biz-certs/Bob-CA.srl; revision=1296
author: Rob Austein <sra@hactrn.net> 2007-11-15 03:24:02 +0000
committer: Rob Austein <sra@hactrn.net> 2007-11-15 03:24:02 +0000
commit: a096bcdca38b419f40c8d37584a4f7900f039589 (patch)
tree: b8b392eb4614b1a2cccec74e1c849cac6cd1ec5a /scripts/rpki/x509.py
parent: 0c09c0596e642b5bb3cc107b0933cf9ad847086c (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 488c1d73..b6c56d1e 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -650,7 +650,17 @@ class CRL(DER_object):
       self.POWpkix = crl
     return self.POWpkix
 
-  def build(self, serial, nextUpdate, names_and_objs, version = 0):
+  @classmethod
+  def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1, digestType = "sha256WithRSAEncryption"):
     crl = POW.pkix.CertificateList()
-    raise rpki.exceptions.NotImplementedYet
-    self.set(POWpkix = crl)
+    crl.setVersion(version)
+    crl.setIssuer(issuer.get_POWpkix().getIssuer())
+    crl.setThisUpdate(thisUpdate.toASN1tuple())
+    crl.setNextUpdate(nextUpdate.toASN1tuple())
+    if revokedCertificates:
+      crl.setRevokedCertificates(revokedCertificates)
+    crl.setExtensions(
+      (rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer.get_SKI(), (), None)),
+      (rpki.oids.name2oid["cRLNumber"], False, serial))
+    crl.sign(keypair.get_POW(), digestType)
+    return cls(POWpkix = crl)
author	Rob Austein <sra@hactrn.net>	2007-11-15 03:24:02 +0000
committer	Rob Austein <sra@hactrn.net>	2007-11-15 03:24:02 +0000
commit	a096bcdca38b419f40c8d37584a4f7900f039589 (patch)
tree	b8b392eb4614b1a2cccec74e1c849cac6cd1ec5a /scripts/rpki/x509.py
parent	0c09c0596e642b5bb3cc107b0933cf9ad847086c (diff)