diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/gski.py | 11 | ||||
| -rw-r--r-- | scripts/rpki/sql.py | 4 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 45 |
3 files changed, 45 insertions, 15 deletions
diff --git a/scripts/gski.py b/scripts/gski.py index 210f1a60..4a11a485 100644 --- a/scripts/gski.py +++ b/scripts/gski.py @@ -1,14 +1,7 @@ # $Id$ -import rpki.x509, POW.pkix, base64, sys - -def g(x): - return base64.b64encode(x).replace("+", "-").replace("/", "_") - -def h(x): - return ":".join(("%02X" % ord(i) for i in x)) +import rpki.x509, sys for file in sys.argv[1:]: cert = rpki.x509.X509(Auto_file = file) - ski = cert.get_SKI() - print g(ski), h(ski), file + print cert.gSKI(), cert.hSKI(), file diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index edff706b..6cb3ef6b 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -203,11 +203,11 @@ class ca_obj(sql_persistant): cert_map = dict((c.get_SKI(), c) for c in rc.certs) for ca_detail in ca_detail_obj.sql_fetch_where(gctx, "ca_id = %s AND latest_ca_cert IS NOT NULL", ca.ca_id): ski = ca_detail.latest_ca_cert.get_SKI() - assert ski in cert_map, "Certificate in our database missing from list_response, SKI %s" % ":".join(("%02X" % ord(i) for i in ski)) + assert ski in cert_map, "Certificate in our database missing from list_response, SKI %s" % ca_detail.latest_ca_cert.hSKI() if ca_detail.latest_ca_cert != cert_map[ski]: ca_detail.update_latest_ca_cert(cert_map[ski]) del cert_map[ski] - assert not cert_map, "Certificates in list_response missing from our database, SKIs %s" % " ".join(":".join("%02X" % ord(i) for i in j) for j in cert_map.keys()) + assert not cert_map, "Certificates in list_response missing from our database, SKIs %s" % ", ".join(c.hSKI() for c in cert_map.values()) @classmethod def create(cls, gctx, parent, rc): diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index a18cfd2b..d4c2d9d3 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -132,6 +132,18 @@ class DER_object(object): """Compare two DER-encoded objects.""" return cmp(self.get_DER(), other.get_DER()) + def hSKI(self): + """Return hexadecimal string representation of SKI for this + object. Only work for subclasses that implement get_SKI(). + """ + return ":".join(("%02X" % ord(i) for i in self.get_SKI())) + + def gSKI(self): + """Calculate g(SKI) for this object. Only work for subclasses + that implement get_SKI(). + """ + return base64.b64encode(self.get_SKI()).replace("+", "-").replace("/", "_") + class X509(DER_object): """X.509 certificates. @@ -222,10 +234,6 @@ class X509(DER_object): """Get the SKI extension from this certificate.""" return (self.get_POWpkix().getExtension((2, 5, 29, 14)) or ((), 0, None))[2] - def gSKI(self): - """Calculate g(SKI) for this certificate.""" - return base64.b64encode(self.get_SKI()).replace("+", "-").replace("/", "_") - def get_3779resources(self, as_intersector = None, v4_intersector = None, v6_intersector = None): """Get RFC 3779 resources as rpki.resource_set objects.""" as, v4, v6 = rpki.resource_set.parse_extensions(self.get_POWpkix().getExtensions()) @@ -482,6 +490,35 @@ class RSA(DER_object): d.update(self.get_public_DER()) return d.digest() + def get_RSApublic(self): + return RSApublic(DER = self.get_public_DER()) + +class RSApublic(DER_object): + """Class to hold an RSA public key.""" + + formats = ("DER", "POW") + pem_converter = PEM_converter("RSA PUBLIC KEY") + + def get_DER(self): + assert not self.empty() + if self.DER: + return self.DER + if self.POW: + self.DER = self.POW.derWrite(POW.RSA_PUBLIC_KEY) + return self.get_DER() + raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" + + def get_POW(self): + assert not self.empty() + if not self.POW: + self.POW = POW.derRead(POW.RSA_PUBLIC_KEY, self.get_DER()) + return self.POW + + def get_SKI(self): + d = POW.Digest(POW.SHA1_DIGEST) + d.update(self.get_DER()) + return d.digest() + class Manifest(DER_object): """Class to hold a signed manifest.""" |