aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--scripts/gski.py13
-rwxr-xr-xscripts/irbe-cli.py21
-rw-r--r--scripts/rpki/pkix-m2crypto-driver.py42
3 files changed, 56 insertions, 20 deletions
diff --git a/scripts/gski.py b/scripts/gski.py
index f7e6dbf6..6d1e34c3 100644
--- a/scripts/gski.py
+++ b/scripts/gski.py
@@ -1,6 +1,6 @@
# $Id$
-import POW, POW.pkix, base64, getopt, sys
+import rpki.x509, POW.pkix, base64, getopt, sys
opts, args = getopt.getopt(sys.argv[1:], "", ["pem", "der"])
@@ -11,12 +11,9 @@ for o, a in opts:
if o == "--der": use_pem = False
for file in args:
- f = open(file, "r")
- der = f.read()
- f.close()
if use_pem:
- der = POW.pemRead(POW.X509_CERTIFICATE, der).derWrite()
- cert = POW.pkix.Certificate()
- cert.fromString(der)
- ski = base64.b64encode([x for x in cert.getExtensions() if x[0] == (2, 5, 29, 14)][0][2]).replace("+", "-").replace("/", "_")
+ cert = rpki.x509.X509(PEM_file=file)
+ else:
+ cert = rpki.x509.X509(DER_file=file)
+ ski = base64.b64encode([x for x in cert.get_POWpkix().getExtensions() if x[0] == (2, 5, 29, 14)][0][2]).replace("+", "-").replace("/", "_")
print ski, file
diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py
index 8ebb149e..0320967b 100755
--- a/scripts/irbe-cli.py
+++ b/scripts/irbe-cli.py
@@ -6,11 +6,19 @@ This only handles the control channel. The query back-channel will be
a separate program.
"""
-import glob, rpki.left_right, rpki.relaxng, getopt, sys, lxml.etree, POW, POW.pkix, rpki.cms, rpki.https, xml.sax, lxml.sax
+import glob, rpki.left_right, rpki.relaxng, getopt, sys, lxml.etree, POW.pkix, rpki.cms, rpki.https, xml.sax, lxml.sax, rpki.x509
# Kludge around current test setup all being PEM rather than DER format
convert_from_pem = True
+def read_cert(filename):
+ """Read a certificate file from disk."""
+ if convert_from_pem:
+ cert = rpki.x509.X509(PEM_file=filename)
+ else:
+ cert = rpki.x509.X509(DER_file=filename)
+ return cert.get_POWpkix()
+
class command(object):
"""Command processor mixin class for left-right protocol objects.
@@ -54,17 +62,6 @@ class command(object):
"""Special handler for --peer_ta option."""
self.peer_ta = read_cert(arg)
-def read_cert(filename):
- """Read a certificate file from disk."""
- f = open(filename, "r")
- der = f.read()
- f.close()
- if convert_from_pem:
- der = POW.pemRead(POW.X509_CERTIFICATE, der).derWrite()
- cert = POW.pkix.Certificate()
- cert.fromString(der)
- return cert
-
class self(command, rpki.left_right.self_elt):
'''"self" command.'''
diff --git a/scripts/rpki/pkix-m2crypto-driver.py b/scripts/rpki/pkix-m2crypto-driver.py
new file mode 100644
index 00000000..61dabac7
--- /dev/null
+++ b/scripts/rpki/pkix-m2crypto-driver.py
@@ -0,0 +1,42 @@
+# $Id$
+
+"""Crypto driver for POW.pkix using M2Crypto.
+
+This driver is part of an attempt to salvage the (really nice)
+POW.pkix code from the POW package. I like POW well enough, but it's
+old and missing some pieces and the Python world seems to have moved
+to M2Crypto. But M2Crypto has nothing like POW.pkix, so I whacked
+together an interface to let POW.pkix run over other crypto packages.
+
+This module is a driver for M2Crypto.
+"""
+
+# NB: Module names may change eventually
+
+import POW.pkix
+
+class M2CryptoCryptoDriver(POW.pkix.CryptoDriver):
+ """Dispatcher for crypto calls using M2Crypto package."""
+
+ def __init__(self):
+ import M2Crypto
+ self.driver2OID = {
+ "md5" : (1, 2, 840, 113549, 1, 1, 4), # md5WithRSAEncryption
+ "sha1" : (1, 2, 840, 113549, 1, 1, 5), # sha1withRSAEncryption
+ "ripemd160" : (1, 2, 840, 113549, 1, 1, 6), # ripemd160WithRSAEncryption
+ "sha256" : (1, 2, 840, 113549, 1, 1, 11), # sha256WithRSAEncryption
+ }
+ self.OID2driver = dict((v,k) for k,v in self.driver2OID.iteritems())
+
+ def sign(self, key, oid, plaintext):
+ digest = M2Crypto.EVP.MessageDigest(self.OID2driver[oid])
+ digest.update(plaintext)
+ return key.sign(digest.final(), self.OID2driver[oid])
+
+ def verify(self, key, oid, plaintext, signature):
+ return key.verify(plaintext, signature, self.OID2driver[oid])
+
+ def keyDER(self, key):
+ bio = M2Crypto.BIO.MemoryBuffer()
+ key.save_key_der_bio(bio)
+ return bio.read()
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 15:53:02 +0000