diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/rpki/sql.py | 6 | ||||
| -rw-r--r-- | scripts/rpki/up_down.py | 8 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 4 |
3 files changed, 14 insertions, 4 deletions
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py index 070e0c62..72570edb 100644 --- a/scripts/rpki/sql.py +++ b/scripts/rpki/sql.py @@ -222,6 +222,12 @@ class ca_obj(sql_persistant): need to create and set up a corresponding CA object. """ self = cls() + self.parent_id = parent.parent_id + self.sql_store(gctx) + self.sia_uri = self.construct_sia_uri(gctx, parent, rc) + + issue_response = rpki.up_down.issue_pdu.query(gctx, parent, self) + raise NotImplementedError, "NIY" def delete(self, gctx): diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py index fb810082..61800b11 100644 --- a/scripts/rpki/up_down.py +++ b/scripts/rpki/up_down.py @@ -16,7 +16,10 @@ oid2name = { (2, 5, 29, 19) : "basicConstraints", (2, 5, 29, 15) : "keyUsage", (1, 3, 6, 1, 5, 5, 7, 1, 11) : "subjectInfoAccess", + (1, 3, 6, 1, 5, 5, 7, 48, 2) : "caIssuers", (1, 3, 6, 1, 5, 5, 7, 48, 5) : "caRepository", + (1, 3, 6, 1, 5, 5, 7, 48, 9) : "signedObjectRepository", + (1, 3, 6, 1, 5, 5, 7, 48, 10) : "rpkiManifest", } name2oid = dict((v,k) for k,v in oid2name.items()) @@ -294,14 +297,15 @@ class issue_pdu(base_elt): r_msg.payload.classes.append(rc) @classmethod - def query(cls, gctx, ca, sia, ca_detail = None): + def query(cls, gctx, parent, ca, ca_detail = None): """Send an "issue" request to parent associated with ca.""" - parent = rpki.left_right.parent_elt.sql_fetch(gctx, ca.parent_id) if ca_detail is None: ca_detail = rpki.sql.ca_detail_obj.sql_fetch_active(gctx, ca.ca_id) if ca_detail is None: ca_detail = rpki.sql.ca_detail_obj.create(gctx, ca) assert ca_detail is not None and ca_detail.state != "deprecated" + sia = (((1, 3, 6, 1, 5, 5, 7, 48, 5), ("uri", ca.sia_uri)), + ((1, 3, 6, 1, 5, 5, 7, 48, 10), ("uri", ca.sia_uri + ca_detail.public_key.gSKI() + ".mnf"))) self = cls() self.class_name = ca.parent_resource_class self.pkcs10 = rpki.x509.PKCS10.create_ca(ca_detail.private_key_id, sia) diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 99fa922b..f4418cd0 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -266,8 +266,8 @@ class X509(DER_object): exts = [ ("subjectKeyIdentifier", False, ski), ("authorityKeyIdentifier", False, (aki, (), None)), ("cRLDistributionPoints", False, ((("fullName", (("uri", crldp),)), None, ()),)), - ("authorityInfoAccess", False, aia), # (((1, 3, 6, 1, 5, 5, 7, 48, 2), ('uri', 'rsync://repository.apnic.net/TRUSTANCHORS/apnic.cer')),) - ("subjectInfoAccess", False, sia), # (((1, 3, 6, 1, 5, 5, 7, 48, 5), ('uri', 'rsync://repository.apnic.net/APNIC/q66IrWSGuBE7jqx8PAUHAlHCqRw/')),) + ("authorityInfoAccess", False, aia), + ("subjectInfoAccess", False, sia), ("certificatePolicies", True, (((1, 3, 6, 1, 5, 5, 7, 14, 2), ()),)) ] if is_ca: |