aboutsummaryrefslogtreecommitdiff
path: root/rpkid/rpki
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid/rpki')
-rw-r--r--rpkid/rpki/__init__.py23
-rw-r--r--rpkid/rpki/left_right.py9
-rw-r--r--rpkid/rpki/rpki_engine.py6
-rw-r--r--rpkid/rpki/x509.py6
4 files changed, 26 insertions, 18 deletions
diff --git a/rpkid/rpki/__init__.py b/rpkid/rpki/__init__.py
index 2579d39a..81e0d905 100644
--- a/rpkid/rpki/__init__.py
+++ b/rpkid/rpki/__init__.py
@@ -519,20 +519,33 @@
# TCP port on which to listen for HTTPS
# connections.
#
-# @li @c rpki-key:
+# @li @c rpki-root-key:
# Name of file containing RSA key to use in
# signing resource certificates.
#
-# @li @c rpki-issuer:
+# @li @c rpki-root-cert:
# Name of file containing self-signed root
# resource certificate corresponding to
-# rpki-key.
+# rpki-root-key.
#
-# @li @c rpki-subject-filename:
+# @li @c rpki-root-dir:
+# Name of directory where rootd should write
+# RPKI subject certificate, manifest, and CRL.
+#
+# @li @c rpki-subject-cert:
# Name of file that rootd should use to save the
# one and only certificate it issues.
+# Default is "Subroot.cer".
+#
+# @li @c rpki-root-crl:
+# Name of file to which rootd should save its
+# RPKI CRL. Default is "Root.crl".
+#
+# @li @c rpki-root-manifest:
+# Name of file to which rootd should save its
+# RPKI manifest. Default is "Root.mnf".
#
-# @li @c rpki-pkcs10-filename:
+# @li @c rpki-subject-pkcs10:
# Name of file that rootd should use when saving
# a copy of the received PKCS #10 request for a
# resource certificate. This is only used for
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 55c22dfc..b6272194 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -269,10 +269,8 @@ class bsc_elt(data_elt):
"""
if q_pdu.generate_keypair:
assert q_pdu.key_type in (None, "rsa") and q_pdu.hash_alg in (None, "sha256")
- keypair = rpki.x509.RSA()
- keypair.generate(keylength = q_pdu.key_length or 2048)
- self.private_key_id = keypair
- self.pkcs10_request = rpki.x509.PKCS10.create(keypair)
+ self.private_key_id = rpki.x509.RSA.generate(keylength = q_pdu.key_length or 2048)
+ self.pkcs10_request = rpki.x509.PKCS10.create(self.private_key_id)
r_pdu.pkcs10_request = self.pkcs10_request
class parent_elt(data_elt):
@@ -676,8 +674,7 @@ class route_origin_elt(data_elt):
resources = rpki.resource_set.resource_bag(v4 = v4, v6 = v6)
- keypair = rpki.x509.RSA()
- keypair.generate()
+ keypair = rpki.x509.RSA.generate()
sia = ((rpki.oids.name2oid["id-ad-signedObject"], ("uri", self.roa_uri(ca, keypair))),)
diff --git a/rpkid/rpki/rpki_engine.py b/rpkid/rpki/rpki_engine.py
index e9523f03..49466eb3 100644
--- a/rpkid/rpki/rpki_engine.py
+++ b/rpkid/rpki/rpki_engine.py
@@ -491,12 +491,10 @@ class ca_detail_obj(rpki.sql.sql_persistant):
self.ca_id = ca.ca_id
self.state = "pending"
- self.private_key_id = rpki.x509.RSA()
- self.private_key_id.generate()
+ self.private_key_id = rpki.x509.RSA.generate()
self.public_key = self.private_key_id.get_RSApublic()
- self.manifest_private_key_id = rpki.x509.RSA()
- self.manifest_private_key_id.generate()
+ self.manifest_private_key_id = rpki.x509.RSA.generate()
self.manifest_public_key = self.manifest_private_key_id.get_RSApublic()
self.sql_store()
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index e31760de..dd11e9b9 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -527,10 +527,10 @@ class RSA(DER_object):
self.tlslite = tlslite.api.parsePEMKey(self.get_PEM(), private=True)
return self.tlslite
- def generate(self, keylength = 2048):
+ @classmethod
+ def generate(cls, keylength = 2048):
"""Generate a new keypair."""
- self.clear()
- self.set(POW = POW.Asymmetric(POW.RSA_CIPHER, keylength))
+ return cls(POW = POW.Asymmetric(POW.RSA_CIPHER, keylength))
def get_public_DER(self):
"""Get the DER encoding of the public key from this keypair."""
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-31 06:58:08 +0000