diff options
| author | Rob Austein <sra@hactrn.net> | 2007-10-01 01:53:00 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-10-01 01:53:00 +0000 |
| commit | b9169dc2335409b934ee800248e3907c656abe4d (patch) | |
| tree | 49b40fd2e76b557f142ace41dc9c7e303652cb3b /scripts | |
| parent | 867523a061d586f60f92936eedc0d16d96755a70 (diff) | |
Checkpoint
svn path=/scripts/rpki/up_down.py; revision=1060
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/rpki/up_down.py | 20 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 22 |
2 files changed, 30 insertions, 12 deletions
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index 09a2f478..ac3e5fd2 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -251,7 +251,27 @@ class issue_pdu(base_elt): # # Step 3: If we didn't find a reusable cert, generate a new one. if child_cert is None: + # + # This will need to become a separate function eventually, but + # inline it for now until it's a bit better fleshed out. + raise NotImplementedError + cn_hash = POW.Digest(POW.SHA1_DIGEST) + cn_hash.update(pubkey) + cn = "".join(["%02X" % ord(i) for i in cn_hash.digest()]) + + newcert = POW.pkix.Certificate() + newcert.setVersion(2) + newcert.setNotBefore(('UTCTime', POW.pkix.time2utc(time.time()))) + newcert.setNotAfter(('UTCTime', blah)) + newcert.setIssuer(ca_detail.latest_ca_cert.get_POWpkix().getSubject()) + newcert.setSubject((((name2oid("commonName"), ("printableString", cn)),),)) + newcert.setExtensions((blah, + blah, + blah, + blah)) + newcert.sign(rsakey, name2oid["sha256WithRSAEncryption"]) + child_cert = rpki.x509.X509(POWpkix = newcert) # And finally, return what we got raise NotImplementedError diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index cc11c4f3..9e834607 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -83,30 +83,28 @@ class DER_object(object): this is to let the object's internal converters handle mustering the object into whatever format you need at the moment. """ - name = kw.keys()[0] if len(kw) == 1: + name = kw.keys()[0] if name in self.formats: self.clear() setattr(self, name, kw[name]) return if name == "PEM": - text = self.pem_converter.to_DER(kw[name]) self.clear() - self.DER = text + self.DER = self.pem_converter.to_DER(kw[name]) return if name == "Base64": - text = base64.b64decode(kw[name]) self.clear() - self.DER = text + self.DER = base64.b64decode(kw[name]) return if name in ("PEM_file", "DER_file", "Auto_file"): f = open(kw[name], "r") - text = f.read() + value = f.read() f.close() - if name == "PEM_file" or (name == "Auto_file" and self.pem_converter.looks_like_PEM(text)): - text = self.pem_converter.to_DER(text) + if name == "PEM_file" or (name == "Auto_file" and self.pem_converter.looks_like_PEM(value)): + value = self.pem_converter.to_DER(value) self.clear() - self.DER = text + self.DER = value return raise rpki.exceptions.DERObjectConversionError, "Can't honor conversion request %s" % repr(kw) @@ -221,11 +219,11 @@ class X509(DER_object): def get_3779resources(self, as_intersector = None, v4_intersector = None, v6_intersector = None): """Get RFC 3779 resources as rpki.resource_set objects.""" as, v4, v6 = rpki.resource_set.parse_extensions(self.get_POWpkix().getExtensions()) - if as_intersector: + if as_intersector is not None: as = as.intersection(as_intersector) - if v4_intersector: + if v4_intersector is not None: v4 = v4.intersection(v4_intersector) - if v6_intersector: + if v6_intersector is not None: v6 = v6.intersection(v6_intersector) return as, v4, v6 |