diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/biz-certs/Bob-CA.srl | 2 | ||||
| -rw-r--r-- | scripts/rpki/sql.py | 2 | ||||
| -rw-r--r-- | scripts/rpki/up_down.py | 2 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 4 | ||||
| -rw-r--r-- | scripts/testpoke.yaml | 2 | ||||
| -rw-r--r-- | scripts/testroot.sh | 5 |
6 files changed, 11 insertions, 6 deletions
diff --git a/scripts/biz-certs/Bob-CA.srl b/scripts/biz-certs/Bob-CA.srl index 4774c36e..42789784 100644 --- a/scripts/biz-certs/Bob-CA.srl +++ b/scripts/biz-certs/Bob-CA.srl @@ -1 +1 @@ -90801F1ED19454DF +90801F1ED19454EC diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index 055e4476..c1681bd7 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -507,7 +507,7 @@ class ca_detail_obj(sql_persistant): if now > child_cert.cert.getNotAfter() + crl_interval: child_cert.sql_delete() else: - certlist.append((child_cert.cert.getSerial(), child_cert.revoked, ())) + certlist.append((child_cert.cert.getSerial(), child_cert.revoked.toASN1tuple(), ())) certlist.sort() self.latest_crl = rpki.x509.CRL.generate( diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index e4285257..bf9e37a1 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -333,7 +333,7 @@ class revoke_pdu(revoke_syntax): def get_SKI(self): """Convert g(SKI) encoding from PDU back to raw SKI.""" - return base64.b64decode(self.ski.replace("_", "/").replace("-", "+")) + return base64.urlsafe_b64decode(self.ski + "=") def serve_pdu(self, gctx, q_msg, r_msg, child): """Serve one revoke request PDU.""" diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 478fc6c5..93adf196 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -155,7 +155,7 @@ class DER_object(object): """Calculate g(SKI) for this object. Only work for subclasses that implement get_SKI(). """ - return base64.b64encode(self.get_SKI()).replace("+", "-").replace("/", "_") + return base64.urlsafe_b64encode(self.get_SKI()).rstrip("=") def get_AKI(self): """Get the AKI extension from this object. Only works for subclasses that support getExtension().""" @@ -673,7 +673,7 @@ class CRL(DER_object): def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1, digestType = "sha256WithRSAEncryption"): crl = POW.pkix.CertificateList() crl.setVersion(version) - crl.setIssuer(issuer.get_POWpkix().getIssuer()) + crl.setIssuer(issuer.get_POWpkix().getSubject()) crl.setThisUpdate(thisUpdate.toASN1tuple()) crl.setNextUpdate(nextUpdate.toASN1tuple()) if revokedCertificates: diff --git a/scripts/testpoke.yaml b/scripts/testpoke.yaml index 470ad532..22e2d35f 100644 --- a/scripts/testpoke.yaml +++ b/scripts/testpoke.yaml @@ -25,4 +25,4 @@ requests: revoke: type: revoke class: 1 - ski: "CB5K6APY-4KcGAW9jaK_cVPXKX0=" + ski: "CB5K6APY-4KcGAW9jaK_cVPXKX0" diff --git a/scripts/testroot.sh b/scripts/testroot.sh index f3818496..df9716e9 100644 --- a/scripts/testroot.sh +++ b/scripts/testroot.sh @@ -87,4 +87,9 @@ then mimencode -u | $openssl x509 -noout -inform DER -text + python testpoke.py -r revoke + python testpoke.py -r list + python http-client.py + python testpoke.py -r list + fi |