diff options
| -rw-r--r-- | rpkid/ext/POW.c | 16 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 8 |
2 files changed, 23 insertions, 1 deletions
diff --git a/rpkid/ext/POW.c b/rpkid/ext/POW.c index 5584e874..1e673041 100644 --- a/rpkid/ext/POW.c +++ b/rpkid/ext/POW.c @@ -1820,6 +1820,20 @@ X509_object_get_extension(x509_object *self, PyObject *args) return NULL; } +static PyObject * +X509_object_get_ski(x509_object *self, PyObject *args) +{ + /* + * Called for side-effect (calls x509v3_cache_extensions() for us). + */ + (void) X509_check_ca(self->x509); + + if (self->x509->skid == NULL) + Py_RETURN_NONE; + else + return Py_BuildValue("s#", self->x509->skid->data, self->x509->skid->length); +} + static char x509_object_pprint__doc__[] = "<method>\n" " <header>\n" @@ -1900,7 +1914,7 @@ static struct PyMethodDef X509_object_methods[] = { {"countExtensions", (PyCFunction)X509_object_count_extensions, METH_VARARGS, NULL}, {"getExtension", (PyCFunction)X509_object_get_extension, METH_VARARGS, NULL}, {"pprint", (PyCFunction)x509_object_pprint, METH_VARARGS, NULL}, - + {"getSKI", (PyCFunction)X509_object_get_ski, METH_NOARGS, NULL}, {NULL} /* sentinel */ }; diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 95b47f7f..8e8ad604 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -574,6 +574,14 @@ class X509(DER_object): """ return RSApublic(DER = self.get_POWpkix().tbs.subjectPublicKeyInfo.toString()) + def get_SKI(self): + """ + Get the SKI extension from this object. In theory, this is faster + than using the POW.pkix interface, and speed turns out to matter + when one is generating a manifest with thousands of entries. + """ + return self.get_POW().getSKI() + def expired(self): """ Test whether this certificate has expired. |