aboutsummaryrefslogtreecommitdiff
path: root/rpkid/rpki
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid/rpki')
-rw-r--r--rpkid/rpki/irdb/models.py6
-rw-r--r--rpkid/rpki/irdb/zookeeper.py12
-rw-r--r--rpkid/rpki/irdbd.py2
-rw-r--r--rpkid/rpki/relaxng.py48
-rw-r--r--rpkid/rpki/x509.py4
5 files changed, 41 insertions, 31 deletions
diff --git a/rpkid/rpki/irdb/models.py b/rpkid/rpki/irdb/models.py
index 6772b542..e29e332e 100644
--- a/rpkid/rpki/irdb/models.py
+++ b/rpkid/rpki/irdb/models.py
@@ -596,12 +596,12 @@ class EECertificateRequest(ResourceSet):
ee_asn = rpki.irdb.EECertificateRequestASN.objects.raw("""
SELECT *
FROM irdb_eecertificaterequestasn
- WHERE eecertificaterequest_id = %s
+ WHERE ee_certificate_request_id = %s
""", [self.id])
- ee_net = rpki.irdb.EECertificateRequestNET.objects.raw("""
+ ee_net = rpki.irdb.EECertificateRequestNet.objects.raw("""
SELECT *
FROM irdb_eecertificaterequestnet
- WHERE eecertificaterequest_id = %s
+ WHERE ee_certificate_request_id = %s
""", [self.id])
return ee_asn, ee_net
diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index 9f7cd15e..339503fb 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -1642,7 +1642,7 @@ class Zookeeper(object):
pkcs10 = rpki.x509.PKCS10(Base64 = req.text)
router_id = long(req.get("router_id"))
- asns = req.get("asn")
+ asns = rpki.resource_set.resource_set_as(req.get("asn"))
if not valid_until:
valid_until = req.get("valid_until")
@@ -1656,13 +1656,11 @@ class Zookeeper(object):
pkcs10.check_valid_request_router()
- gski = pkcs10.gSKI()
-
ee_request = self.resource_ca.ee_certificate_requests.create(
- pkcs10 = pkcs10, gski = gski, valid_until = valid_until, router_id = router_id)
+ pkcs10 = pkcs10,
+ gski = pkcs10.gSKI(),
+ valid_until = valid_until,
+ router_id = router_id)
for range in asns:
ee_request.asns.create(start_as = str(range.min), end_as = str(range.max))
-
- self.log("Added Router certificate request g(SKI) %s router-id %d ASNs %s" % (
- gski, router_id, asns))
diff --git a/rpkid/rpki/irdbd.py b/rpkid/rpki/irdbd.py
index c67111ce..1fec3cbc 100644
--- a/rpkid/rpki/irdbd.py
+++ b/rpkid/rpki/irdbd.py
@@ -87,7 +87,7 @@ class main(object):
def handle_list_ee_certificate_requests(self, q_pdu, r_msg):
for ee_req in rpki.irdb.EECertificateRequest.objects.filter(issuer__handle__exact = q_pdu.self_handle):
- resource = ee_req.resource_bag
+ resources = ee_req.resource_bag
r_pdu = rpki.left_right.list_ee_certificate_requests_elt()
r_pdu.tag = q_pdu.tag
r_pdu.self_handle = q_pdu.self_handle
diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py
index f69968be..a7553d51 100644
--- a/rpkid/rpki/relaxng.py
+++ b/rpkid/rpki/relaxng.py
@@ -2366,31 +2366,43 @@ router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version=
<param name="pattern">.*Z</param>
</data>
</define>
- <!-- Core PDU used in this schema. -->
- <define name="router_certificate_request">
- <element name="router_certificate_request">
- <attribute name="router_id">
- <ref name="router_id"/>
- </attribute>
- <attribute name="asn">
- <ref name="asn_list"/>
+ <!-- Core payload used in this schema. -->
+ <define name="payload">
+ <attribute name="router_id">
+ <ref name="router_id"/>
+ </attribute>
+ <attribute name="asn">
+ <ref name="asn_list"/>
+ </attribute>
+ <optional>
+ <attribute name="valid_until">
+ <ref name="timestamp"/>
</attribute>
- <optional>
- <attribute name="valid_until">
- <ref name="timestamp"/>
- </attribute>
- </optional>
- <ref name="base64"/>
- </element>
+ </optional>
+ <ref name="base64"/>
</define>
+ <!--
+ We allow two forms, one with a wrapper to allow multiple requests in
+ a single file, one without for brevity; the version attribute goes
+ in the outermost element in either case.
+ -->
<start combine="choice">
- <ref name="router_certificate_request"/>
+ <element name="router_certificate_request">
+ <attribute name="version">
+ <ref name="version"/>
+ </attribute>
+ <ref name="payload"/>
+ </element>
</start>
- <!-- Wrapper element to support multiple requests in a single document. -->
<start combine="choice">
<element name="router_certificate_requests">
+ <attribute name="version">
+ <ref name="version"/>
+ </attribute>
<zeroOrMore>
- <ref name="router_certificate_request"/>
+ <element name="router_certificate_request">
+ <ref name="payload"/>
+ </element>
</zeroOrMore>
</element>
</start>
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index c69090e2..847c90f6 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -1001,14 +1001,14 @@ class PKCS10(DER_object):
bc = self.get_POW().getBasicConstraints()
sia = self.get_POW().getSIA()
+ caRepository, rpkiManifest, signedObject = sia or (None, None, None)
+
if alg not in (rpki.oids.sha256WithRSAEncryption, rpki.oids.ecdsa_with_SHA256):
raise rpki.exceptions.BadPKCS10("PKCS #10 has bad signature algorithm for EE: %s" % alg)
if bc is not None and (bc[0] or bc[1] is not None):
raise rpki.exceptions.BadPKCS10("PKCS #10 EE has bad basicConstraints")
- caRepository, rpkiManifest, signedObject = sias or (None, None, None)
-
if caRepository:
raise rpki.exceptions.BadPKCS10("PKCS #10 EE must not have id-ad-caRepository")
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-20 20:43:23 +0000