diff options
| -rw-r--r-- | rpkid/left-right-schema.rnc | 10 | ||||
| -rw-r--r-- | rpkid/left-right-schema.rng | 25 | ||||
| -rw-r--r-- | rpkid/myrpki.rnc | 12 | ||||
| -rw-r--r-- | rpkid/myrpki.rng | 12 | ||||
| -rw-r--r-- | rpkid/publication-schema.rnc | 4 | ||||
| -rw-r--r-- | rpkid/publication-schema.rng | 4 | ||||
| -rw-r--r-- | rpkid/router-certificate-schema.rnc | 4 | ||||
| -rw-r--r-- | rpkid/router-certificate-schema.rng | 4 | ||||
| -rw-r--r-- | rpkid/rpki/irdb/models.py | 4 | ||||
| -rw-r--r-- | rpkid/rpki/relaxng.py | 45 | ||||
| -rw-r--r-- | rpkid/rpki/rpkid.py | 2 | ||||
| -rw-r--r-- | rpkid/rpki/rpkid_tasks.py | 4 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 25 | ||||
| -rw-r--r-- | rpkid/tests/old_irdbd.sql | 4 | ||||
| -rw-r--r-- | rpkid/tests/smoketest.py | 11 | ||||
| -rw-r--r-- | rpkid/tests/yamltest.py | 4 |
16 files changed, 103 insertions, 71 deletions
diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc index 22b0d29a..62b5ef1e 100644 --- a/rpkid/left-right-schema.rnc +++ b/rpkid/left-right-schema.rnc @@ -91,7 +91,7 @@ base64 = xsd:base64Binary { maxLength="512000" } # in this protocol, so they're turninging into handles. # Length restriction is a MySQL implementation issue. # Handles are case-insensitive (because SQL is, among other reasons). -object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]*" } +object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]+" } # URIs uri = xsd:anyURI { maxLength="4096" } @@ -283,9 +283,9 @@ list_ee_certificate_requests_reply = element list_ee_certificate_requests { attribute asn { asn_list }?, attribute ipv4 { ipv4_list }?, attribute ipv6 { ipv6_list }?, - attribute cn { xsd:string { maxLength="64" pattern="[\-0-9A-Za-z_ ]*" } }?, - attribute sn { xsd:string { maxLength="64" pattern="[0-9A-Fa-f]*" } }?, - attribute eku { xsd:string { maxLength="512000" pattern="[.0-9,]*" } }?, + attribute cn { xsd:string { maxLength="64" pattern="[\-0-9A-Za-z_ ]+" } }?, + attribute sn { xsd:string { maxLength="64" pattern="[0-9A-Fa-f]+" } }?, + attribute eku { xsd:string { maxLength="512000" pattern="[.,0-9]+" } }?, element pkcs10 { base64 } } @@ -332,4 +332,6 @@ report_error_reply = element report_error { # Local Variables: # indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" # End: diff --git a/rpkid/left-right-schema.rng b/rpkid/left-right-schema.rng index 782f6587..c20836b8 100644 --- a/rpkid/left-right-schema.rng +++ b/rpkid/left-right-schema.rng @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rnc 5657 2014-01-31 05:50:52Z sra $ + $Id: left-right-schema.rnc 5682 2014-02-25 20:46:05Z sra $ RelaxNG Schema for RPKI left-right protocol. @@ -198,7 +198,7 @@ <define name="object_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9]*</param> + <param name="pattern">[\-_A-Za-z0-9]+</param> </data> </define> <!-- URIs --> @@ -232,13 +232,6 @@ <param name="pattern">[\-,0-9/:a-fA-F]*</param> </data> </define> - <!-- OID list for Extended Key Usage (EKU) --> - <define name="eku_list"> - <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[.0-9,]*</param> - </data> - </define> <!-- <self/> element --> <define name="self_bool"> <optional> @@ -983,7 +976,7 @@ <attribute name="cn"> <data type="string"> <param name="maxLength">64</param> - <param name="pattern">[\-0-9A-Za-z_ ]*</param> + <param name="pattern">[\-0-9A-Za-z_ ]+</param> </data> </attribute> </optional> @@ -991,7 +984,15 @@ <attribute name="sn"> <data type="string"> <param name="maxLength">64</param> - <param name="pattern">[0-9A-Fa-f]*</param> + <param name="pattern">[0-9A-Fa-f]+</param> + </data> + </attribute> + </optional> + <optional> + <attribute name="eku"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[.,0-9]+</param> </data> </attribute> </optional> @@ -1096,5 +1097,7 @@ <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> diff --git a/rpkid/myrpki.rnc b/rpkid/myrpki.rnc index 74603229..b20e389a 100644 --- a/rpkid/myrpki.rnc +++ b/rpkid/myrpki.rnc @@ -29,13 +29,13 @@ default namespace = "http://www.hactrn.net/uris/rpki/myrpki/" version = "2" base64 = xsd:base64Binary { maxLength="512000" } -object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]*" } -pubd_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" } +object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9]+" } +pubd_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]+" } uri = xsd:anyURI { maxLength="4096" } asn = xsd:positiveInteger -asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]*" } -ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" } -ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" } +asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]+" } +ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]+" } +ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]+" } timestamp = xsd:dateTime { pattern=".*Z" } # Message formate used between configure_resources and @@ -159,4 +159,6 @@ start |= element referral { # Local Variables: # indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" # End: diff --git a/rpkid/myrpki.rng b/rpkid/myrpki.rng index a29d4fa1..5014603a 100644 --- a/rpkid/myrpki.rng +++ b/rpkid/myrpki.rng @@ -38,13 +38,13 @@ <define name="object_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9]*</param> + <param name="pattern">[\-_A-Za-z0-9]+</param> </data> </define> <define name="pubd_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9/]*</param> + <param name="pattern">[\-_A-Za-z0-9/]+</param> </data> </define> <define name="uri"> @@ -58,19 +58,19 @@ <define name="asn_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9]*</param> + <param name="pattern">[\-,0-9]+</param> </data> </define> <define name="ipv4_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9/.]*</param> + <param name="pattern">[\-,0-9/.]+</param> </data> </define> <define name="ipv6_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9/:a-fA-F]*</param> + <param name="pattern">[\-,0-9/:a-fA-F]+</param> </data> </define> <define name="timestamp"> @@ -373,5 +373,7 @@ <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> diff --git a/rpkid/publication-schema.rnc b/rpkid/publication-schema.rnc index 4a4b71c7..4fa6f2ae 100644 --- a/rpkid/publication-schema.rnc +++ b/rpkid/publication-schema.rnc @@ -66,7 +66,7 @@ uri = attribute uri { uri_t } # Handles on remote objects (replaces passing raw SQL IDs). NB: # Unlike the up-down protocol, handles in this protocol allow "/" as a # hierarchy delimiter. -object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" } +object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]+" } # <config/> element (use restricted to repository operator) # config_handle attribute, create, list, and destroy commands omitted deliberately, see code for details @@ -144,4 +144,6 @@ report_error_reply = element report_error { # Local Variables: # indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" # End: diff --git a/rpkid/publication-schema.rng b/rpkid/publication-schema.rng index d2cd41b2..a304ae96 100644 --- a/rpkid/publication-schema.rng +++ b/rpkid/publication-schema.rng @@ -126,7 +126,7 @@ <define name="object_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9/]*</param> + <param name="pattern">[\-_A-Za-z0-9/]+</param> </data> </define> <!-- @@ -582,5 +582,7 @@ <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> diff --git a/rpkid/router-certificate-schema.rnc b/rpkid/router-certificate-schema.rnc index 8ec5f84a..53f2e44c 100644 --- a/rpkid/router-certificate-schema.rnc +++ b/rpkid/router-certificate-schema.rnc @@ -31,7 +31,7 @@ default namespace = "http://www.hactrn.net/uris/rpki/router-certificate/" version = "1" base64 = xsd:base64Binary { maxLength="512000" } router_id = xsd:unsignedInt -asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]*" } +asn_list = xsd:string { maxLength="512000" pattern="[0-9][\-,0-9]*" } timestamp = xsd:dateTime { pattern=".*Z" } # Core payload used in this schema. @@ -59,4 +59,6 @@ start |= element router_certificate_requests { # Local Variables: # indent-tabs-mode: nil +# comment-start: "# " +# comment-start-skip: "#[ \t]*" # End: diff --git a/rpkid/router-certificate-schema.rng b/rpkid/router-certificate-schema.rng index b87323d5..b6441976 100644 --- a/rpkid/router-certificate-schema.rng +++ b/rpkid/router-certificate-schema.rng @@ -43,7 +43,7 @@ <define name="asn_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9]*</param> + <param name="pattern">[0-9][\-,0-9]*</param> </data> </define> <define name="timestamp"> @@ -95,5 +95,7 @@ <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> diff --git a/rpkid/rpki/irdb/models.py b/rpkid/rpki/irdb/models.py index 7a3c8521..1ad9b4e3 100644 --- a/rpkid/rpki/irdb/models.py +++ b/rpkid/rpki/irdb/models.py @@ -583,8 +583,8 @@ class EECertificateRequest(ResourceSet): issuer = django.db.models.ForeignKey(ResourceHolderCA, related_name = "ee_certificate_requests") pkcs10 = PKCS10Field() gski = django.db.models.CharField(max_length = 27) - cn = django.db-models.CharField(max_length = 64) - sn = django.db-models.CharField(max_length = 64) + cn = django.db.models.CharField(max_length = 64) + sn = django.db.models.CharField(max_length = 64) eku = django.db.models.TextField(null = True) def _select_resource_bag(self): diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index 9162fdfa..714a7b28 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -6,7 +6,7 @@ import lxml.etree ## Parsed RelaxNG left_right schema left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: left-right-schema.rnc 5657 2014-01-31 05:50:52Z sra $ + $Id: left-right-schema.rnc 5682 2014-02-25 20:46:05Z sra $ RelaxNG Schema for RPKI left-right protocol. @@ -204,7 +204,7 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <define name="object_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9]*</param> + <param name="pattern">[\-_A-Za-z0-9]+</param> </data> </define> <!-- URIs --> @@ -238,13 +238,6 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <param name="pattern">[\-,0-9/:a-fA-F]*</param> </data> </define> - <!-- OID list for Extended Key Usage (EKU) --> - <define name="eku_list"> - <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[.0-9,]*</param> - </data> - </define> <!-- <self/> element --> <define name="self_bool"> <optional> @@ -989,7 +982,7 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <attribute name="cn"> <data type="string"> <param name="maxLength">64</param> - <param name="pattern">[\-0-9A-Za-z_ ]*</param> + <param name="pattern">[\-0-9A-Za-z_ ]+</param> </data> </attribute> </optional> @@ -997,7 +990,15 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <attribute name="sn"> <data type="string"> <param name="maxLength">64</param> - <param name="pattern">[0-9A-Fa-f]*</param> + <param name="pattern">[0-9A-Fa-f]+</param> + </data> + </attribute> + </optional> + <optional> + <attribute name="eku"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[.,0-9]+</param> </data> </attribute> </optional> @@ -1102,6 +1103,8 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" en <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> ''')) @@ -1488,7 +1491,7 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" e <define name="object_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9/]*</param> + <param name="pattern">[\-_A-Za-z0-9/]+</param> </data> </define> <!-- @@ -1944,6 +1947,8 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" e <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> ''')) @@ -1990,13 +1995,13 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encodi <define name="object_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9]*</param> + <param name="pattern">[\-_A-Za-z0-9]+</param> </data> </define> <define name="pubd_handle"> <data type="string"> <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9/]*</param> + <param name="pattern">[\-_A-Za-z0-9/]+</param> </data> </define> <define name="uri"> @@ -2010,19 +2015,19 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encodi <define name="asn_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9]*</param> + <param name="pattern">[\-,0-9]+</param> </data> </define> <define name="ipv4_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9/.]*</param> + <param name="pattern">[\-,0-9/.]+</param> </data> </define> <define name="ipv6_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9/:a-fA-F]*</param> + <param name="pattern">[\-,0-9/:a-fA-F]+</param> </data> </define> <define name="timestamp"> @@ -2325,6 +2330,8 @@ myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encodi <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> ''')) @@ -2376,7 +2383,7 @@ router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version= <define name="asn_list"> <data type="string"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9]*</param> + <param name="pattern">[0-9][\-,0-9]*</param> </data> </define> <define name="timestamp"> @@ -2428,6 +2435,8 @@ router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version= <!-- Local Variables: indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" End: --> ''')) diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py index 9b83cc59..9fd73067 100644 --- a/rpkid/rpki/rpkid.py +++ b/rpkid/rpki/rpkid.py @@ -2369,7 +2369,7 @@ class ee_cert_obj(rpki.sql.sql_persistent): self.cert = ca_detail.issue_ee( ca = ca_detail.ca, subject_key = self.cert.getPublicKey(), - eku = self.cert.getEKU(), + eku = self.cert.get_EKU(), sia = None, resources = resources, notAfter = resources.valid_until, diff --git a/rpkid/rpki/rpkid_tasks.py b/rpkid/rpki/rpkid_tasks.py index fe08b7cc..1811967b 100644 --- a/rpkid/rpki/rpkid_tasks.py +++ b/rpkid/rpki/rpkid_tasks.py @@ -624,13 +624,11 @@ class UpdateEECertificatesTask(AbstractTask): rpki.log.debug("Existing EE certificate for %s %s is no longer covered" % (req.gski, resources)) ee.revoke(publisher = publisher) - eku = (rpki.oids.id_kp_bgpsec_router,) if req.router_id else None - for ca_detail in covering: rpki.log.debug("No existing EE certificate for %s %s" % (req.gski, resources)) rpki.rpkid.ee_cert_obj.create( ca_detail = ca_detail, - subject_name = rpki.x509.X501DN.from_cn(req.cn, req.dn), + subject_name = rpki.x509.X501DN.from_cn(req.cn, req.sn), subject_key = req.pkcs10.getPublicKey(), resources = resources, publisher = publisher, diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 5cb5efd6..fb1a5a2b 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -133,10 +133,14 @@ class X501DN(object): @classmethod def from_cn(cls, cn, sn = None): assert isinstance(cn, (str, unicode)) - assert sn is None or isinstance(sn, (int, long)) or (isinstance(sn, (str, unicode)) and sn.isdigit()) + if isinstance(sn, (int, long)): + sn = "%08X" % sn + elif isinstance(sn, (str, unicode)): + assert all(c in "0123456789abcdefABCDEF" for c in sn) + sn = str(sn) self = cls() if sn is not None: - self.dn = (((rpki.oids.commonName, cn),), ((rpki.oids.serialNumber, str(sn)),)) + self.dn = (((rpki.oids.commonName, cn),), ((rpki.oids.serialNumber, sn),)) else: self.dn = (((rpki.oids.commonName, cn),),) return self @@ -391,18 +395,22 @@ class DER_object(object): def get_AKI(self): """ - Get the AKI extension from this object. Only works for subclasses - that support getExtension(). + Get the AKI extension from this object, if supported. """ return self.get_POW().getAKI() def get_SKI(self): """ - Get the SKI extension from this object. Only works for subclasses - that support getExtension(). + Get the SKI extension from this object, if supported. """ return self.get_POW().getSKI() + def get_EKU(self): + """ + Get the Extended Key Usage extension from this object, if supported. + """ + return self.get_POW().getEKU() + def get_SIA(self): """ Get the SIA extension from this object. Only works for subclasses @@ -1053,7 +1061,10 @@ class PKCS10(DER_object): if alg != rpki.oids.ecdsa_with_SHA256: raise rpki.exceptions.BadPKCS10("PKCS #10 has bad signature algorithm for router: %s" % alg) - if eku is None or rpki.oids.id_kp_bgpsec_router not in eku: + # Not really clear to me whether PKCS #10 should have EKU or not, so allow + # either, but insist that it be the right one if present. + + if eku is not None and rpki.oids.id_kp_bgpsec_router not in eku: raise rpki.exceptions.BadPKCS10("PKCS #10 router must have EKU") diff --git a/rpkid/tests/old_irdbd.sql b/rpkid/tests/old_irdbd.sql index cef319a4..e773bb2e 100644 --- a/rpkid/tests/old_irdbd.sql +++ b/rpkid/tests/old_irdbd.sql @@ -109,9 +109,9 @@ CREATE TABLE ee_certificate ( self_handle VARCHAR(255) NOT NULL, pkcs10 LONGBLOB NOT NULL, gski VARCHAR(27) NOT NULL, - cn VARCHAR(64), + cn VARCHAR(64) NOT NULL, sn VARCHAR(64), - eku TEXT, + eku TEXT NOT NULL, valid_until DATETIME NOT NULL, PRIMARY KEY (ee_certificate_id), UNIQUE (self_handle, gski) diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py index 1d9e600a..28bedaa4 100644 --- a/rpkid/tests/smoketest.py +++ b/rpkid/tests/smoketest.py @@ -394,12 +394,11 @@ class router_cert(object): self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) self.router_id = router_id self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) - self.pkcs10 = rpki.x509.PKCS10.create( - keypair = self.keypair, - eku = (rpki.oids.id_kp_bgpsec_router,)) + self.pkcs10 = rpki.x509.PKCS10.create(keypair = self.keypair) self.gski = self.pkcs10.gSKI() self.cn = "ROUTER-%08x" % self.asn[0].min self.sn = "%08x" % self.router_id + self.eku = rpki.oids.id_kp_bgpsec_router def __eq__(self, other): return self.asn == other.asn and self.sn == other.sn and self.gski == other.gski @@ -817,9 +816,9 @@ class allocation(object): ((roa_request_id, x.prefix, x.prefixlen, x.max_prefixlen, version) for x in prefix_set)) for r in s.router_certs: - cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, cn, sn, valid_until) " - "VALUES (%s, %s, %s, %s, %s, %s)", - (s.name, r.pkcs10.get_DER(), r.gski, r.cn, r.sn, s.resources.valid_until)) + cur.execute("INSERT ee_certificate (self_handle, pkcs10, gski, cn, sn, eku, valid_until) " + "VALUES (%s, %s, %s, %s, %s, %s, %s)", + (s.name, r.pkcs10.get_DER(), r.gski, r.cn, r.sn, r.eku, s.resources.valid_until)) ee_certificate_id = cur.lastrowid cur.executemany("INSERT ee_certificate_asn (ee_certificate_id, start_as, end_as) VALUES (%s, %s, %s)", ((ee_certificate_id, a.min, a.max) for a in r.asn)) diff --git a/rpkid/tests/yamltest.py b/rpkid/tests/yamltest.py index 9525a048..5eb3bd2f 100644 --- a/rpkid/tests/yamltest.py +++ b/rpkid/tests/yamltest.py @@ -129,9 +129,7 @@ class router_cert(object): self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split())) self.router_id = router_id self.keypair = rpki.x509.ECDSA.generate(self.ecparams()) - self.pkcs10 = rpki.x509.PKCS10.create( - keypair = self.keypair, - eku = (rpki.oids.id_kp_bgpsec_router,)) + self.pkcs10 = rpki.x509.PKCS10.create(keypair = self.keypair) self.gski = self.pkcs10.gSKI() def __eq__(self, other): |