aboutsummaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rw-r--r--scripts/rpki/up_down.py9
-rw-r--r--scripts/rpki/x509.py11
2 files changed, 11 insertions, 9 deletions
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py
index 6e3ff660..f8fe7f5d 100644
--- a/scripts/rpki/up_down.py
+++ b/scripts/rpki/up_down.py
@@ -144,18 +144,13 @@ def cons_resource_class(gctx, now, child, ca_id, irdb_as, irdb_v4, irdb_v6):
ca_detail = c
if not ca_detail:
return None
- rc_as, rc_v4, rc_v6 = ca_detail.latest_ca_cert.get_3779resources()
- rc_as.intersection(irdb_as)
- rc_v4.intersection(irdb_v4)
- rc_v6.intersection(irdb_v6)
+ rc_as, rc_v4, rc_v6 = ca_detail.latest_ca_cert.get_3779resources(irdb_as, irdb_v4, irdb_v6)
if not rc_as and not rc_v4 and not rc_v6:
return None
rc = class_elt()
rc.class_name = str(ca_id)
rc.cert_url = "rsync://niy.invalid"
- rc.resource_set_as = rc_as
- rc.resource_set_ipv4 = rc_v4
- rc.resource_set_ipv6 = rc_v6
+ rc.resource_set_as, rc.resource_set_ipv4, rc.resource_set_ipv6 = rc_as, rc_v4, rc_v6
for child_cert in rpki.sql.child_cert_obj.sql_fetch_where(gctx.db, gctx.cur, "child_id = %s AND ca_detail_id = %s" % (child.child_id, ca_detail.ca_detail_id)):
c = certificate_elt()
c.cert_url = "rsync://niy.invalid"
diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 1952ab8a..1efabe77 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -218,9 +218,16 @@ class X509(DER_object):
"""Get the SKI extension from this certificate."""
return self._get_POW_extensions().get("subjectKeyIdentifier")
- def get_3779resources(self):
+ def get_3779resources(self, as_intersector = None, v4_intersector = None, v6_intersector = None):
"""Get RFC 3779 resources as rpki.resource_set objects."""
- return rpki.resource_set.parse_extensions(self.get_POWpkix().getExtensions())
+ as, v4, v6 = rpki.resource_set.parse_extensions(self.get_POWpkix().getExtensions())
+ if as_intersector:
+ as = as.intersection(as_intersector)
+ if v4_intersector:
+ v4 = v4.intersection(v4_intersector)
+ if v6_intersector:
+ v6 = v6.intersection(v6_intersector)
+ return as, v4, v6
class X509_chain(list):
"""Collections of certs.
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 16:03:53 +0000