aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rpkid/rpki/irdb/models.py2
-rw-r--r--rpkid/rpki/rootd.py2
-rw-r--r--rpkid/rpki/rpkid.py2
-rw-r--r--rpkid/rpki/x509.py21
4 files changed, 12 insertions, 15 deletions
diff --git a/rpkid/rpki/irdb/models.py b/rpkid/rpki/irdb/models.py
index 94b2e7c0..7727e0fe 100644
--- a/rpkid/rpki/irdb/models.py
+++ b/rpkid/rpki/irdb/models.py
@@ -306,7 +306,7 @@ class CA(django.db.models.Model):
def generate_crl(self):
now = rpki.sundial.now()
self.revocations.filter(expires__lt = now).delete()
- revoked = [(r.serial, rpki.sundial.datetime.fromdatetime(r.revoked).toASN1tuple(), ())
+ revoked = [(r.serial, rpki.sundial.datetime.fromdatetime(r.revoked))
for r in self.revocations.all()]
self.latest_crl = rpki.x509.CRL.generate(
keypair = self.private_key,
diff --git a/rpkid/rpki/rootd.py b/rpkid/rpki/rootd.py
index f4638807..1dad93f2 100644
--- a/rpkid/rpki/rootd.py
+++ b/rpkid/rpki/rootd.py
@@ -247,7 +247,7 @@ class main(object):
f.close()
def revoke_subject_cert(self, now):
- self.revoked.append((self.get_subject_cert().getSerial(), now.toASN1tuple(), ()))
+ self.revoked.append((self.get_subject_cert().getSerial(), now))
def compose_response(self, r_msg, pkcs10 = None):
subject_cert = self.issue_subject_cert_maybe(pkcs10)
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index 15d75b79..75218be5 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -1106,7 +1106,7 @@ class ca_detail_obj(rpki.sql.sql_persistent):
if now > revoked_cert.expires + crl_interval:
revoked_cert.sql_delete()
else:
- certlist.append((revoked_cert.serial, revoked_cert.revoked.toASN1tuple(), ()))
+ certlist.append((revoked_cert.serial, revoked_cert.revoked))
certlist.sort()
self.latest_crl = rpki.x509.CRL.generate(
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 20013316..c65fbb72 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -1775,22 +1775,19 @@ class CRL(DER_object):
return self.get_POW().getCRLNumber()
@classmethod
- def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1, digestType = "sha256WithRSAEncryption"):
+ def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1):
"""
Generate a new CRL.
"""
- crl = rpki.POW.pkix.CertificateList()
+ crl = rpki.POW.CRL()
crl.setVersion(version)
- crl.setIssuer(issuer.get_POWpkix().getSubject())
- crl.setThisUpdate(thisUpdate.toASN1tuple())
- crl.setNextUpdate(nextUpdate.toASN1tuple())
- if revokedCertificates:
- crl.setRevokedCertificates(revokedCertificates)
- crl.setExtensions(
- ((rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer.get_SKI(), (), None)),
- (rpki.oids.name2oid["cRLNumber"], False, serial)))
- crl.sign(keypair.get_POW(), digestType)
- return cls(POWpkix = crl)
+ crl.setIssuer(issuer.getSubject().get_POW())
+ crl.setThisUpdate(thisUpdate.toGeneralizedTime())
+ crl.setNextUpdate(nextUpdate.toGeneralizedTime())
+ crl.setAKI(issuer.get_SKI())
+ crl.setCRLNumber(serial)
+ crl.sign(keypair.get_POW())
+ return cls(POW = crl)
@property
def creation_timestamp(self):
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-14 04:05:20 +0000