First cut at CRL/manifest regeneration cron job

svn path=/scripts/README; revision=1312
author: Rob Austein <sra@hactrn.net> 2007-11-17 09:32:03 +0000
committer: Rob Austein <sra@hactrn.net> 2007-11-17 09:32:03 +0000
commit: a0a85a013a52787647cb714e4951c43cba1b3c41 (patch)
tree: 7790aaf96f64e0751c5f28f52bd1526d9d466021 /scripts/rpki/x509.py
parent: 7b515b15407c6de017aa181da3648b261186ba93 (diff)
1 files changed, 20 insertions, 7 deletions
diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index b6c56d1e..47a47b51 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -587,9 +587,13 @@ class SignedManifest(DER_object):
     self.clear()
     self.content = content
 
-  def sign(self, keypair, certs):
-    """Sign this manifest."""
-    self.DER = rpki.cms.sign(self.content.toString(), keypair, certs)
+  def getThisUpdate(self):
+    """Get thisUpdate value from this manifest."""
+    return rpki.sundial.datetime.fromGeneralizedTime(self.get_content())
+
+  def getNextUpdate(self):
+    """Get nextUpdate value from this manifest."""
+    return rpki.sundial.datetime.fromGeneralizedTime(self.get_content())
 
   def verify(self, ta):
     """Verify this manifest."""
@@ -598,8 +602,8 @@ class SignedManifest(DER_object):
     m.fromString(s)
     self.content = m
 
-  def build(self, serial, nextUpdate, names_and_objs, version = 0):
-    """Build the inner content of this manifest."""
+  def build(self, serial, nextUpdate, names_and_objs, keypair, certs, version = 0):
+    """Build the inner content of this manifest and sign it with CMS."""
     filelist = []
     for name, obj in names_and_objs:
       d = POW.Digest(POW.SHA256_DIGEST)
@@ -614,6 +618,7 @@ class SignedManifest(DER_object):
     m.fileHashAlg.set((2, 16, 840, 1, 101, 3, 4, 2, 1)) # id-sha256
     m.fileList.set(filelist)
     self.set_content(m)
+    self.DER = rpki.cms.sign(m.toString(), keypair, certs)
 
 class CRL(DER_object):
   """Class to hold a Certificate Revocation List."""
@@ -650,6 +655,14 @@ class CRL(DER_object):
       self.POWpkix = crl
     return self.POWpkix
 
+  def getThisUpdate(self):
+    """Get thisUpdate value from this CRL."""
+    return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().getThisUpdate())
+
+  def getNextUpdate(self):
+    """Get nextUpdate value from this CRL."""
+    return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().getNextUpdate())
+
   @classmethod
   def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1, digestType = "sha256WithRSAEncryption"):
     crl = POW.pkix.CertificateList()
@@ -660,7 +673,7 @@ class CRL(DER_object):
     if revokedCertificates:
       crl.setRevokedCertificates(revokedCertificates)
     crl.setExtensions(
-      (rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer.get_SKI(), (), None)),
-      (rpki.oids.name2oid["cRLNumber"], False, serial))
+      ((rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer.get_SKI(), (), None)),
+       (rpki.oids.name2oid["cRLNumber"], False, serial)))
     crl.sign(keypair.get_POW(), digestType)
     return cls(POWpkix = crl)
author	Rob Austein <sra@hactrn.net>	2007-11-17 09:32:03 +0000
committer	Rob Austein <sra@hactrn.net>	2007-11-17 09:32:03 +0000
commit	a0a85a013a52787647cb714e4951c43cba1b3c41 (patch)
tree	7790aaf96f64e0751c5f28f52bd1526d9d466021 /scripts/rpki/x509.py
parent	7b515b15407c6de017aa181da3648b261186ba93 (diff)