2 files changed, 20 insertions, 38 deletions

diff --git a/scripts/pkcs10.py b/scripts/pkcs10.py
index 5636027b..3a88b779 100644
--- a/scripts/pkcs10.py
+++ b/scripts/pkcs10.py
@@ -3,11 +3,11 @@
 import POW.pkix, rpki.x509, glob, rpki.resource_set
 
 parse_extensions        = True
-list_extensions         = False
 show_attributes         = False
 show_algorithm          = False
 do_verify               = True
-show_signature          = True
+show_signature          = False
+show_publickey          = False
 
 def hexify(thing):
   return ":".join(["%02X" % ord(i) for i in thing])
@@ -27,6 +27,12 @@ for name in glob.glob("resource-cert-samples/*.req") + glob.glob("biz-certs/*.re
     print pkcs10.signatureValue, hexify(pkcs10.signatureValue.get())
     print
 
+  if show_publickey:
+    print pkcs10.certificationRequestInfo.subjectPublicKeyInfo
+    print pkcs10.certificationRequestInfo.subjectPublicKeyInfo.get()
+    print hexify(pkcs10.certificationRequestInfo.subjectPublicKeyInfo.toString())
+    print
+
   if show_attributes:
     print pkcs10.certificationRequestInfo.attributes.oid, pkcs10.certificationRequestInfo.attributes.oid.get()
     print
@@ -42,32 +48,16 @@ for name in glob.glob("resource-cert-samples/*.req") + glob.glob("biz-certs/*.re
       print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice][0]
       print
 
-  if False:
-    extc = pkcs10.certificationRequestInfo.attributes.val
-    exts = extc.choices[extc.choice][0]
-    assert exts is pkcs10.getExtensions()
-  else:
-    exts = pkcs10.getExtensions()
-
-  #print len(exts), exts[0].extnValue
-
-  if list_extensions and exts is not None:
-    for x in exts:
-      oid = x.extnID.get()
-      name = POW.pkix.oid2obj(oid)
-      crit = x.critical.get()
-      value = x.extnValue.get()
-      assert isinstance(value, str)
-      print [ name, oid, crit, hexify(value) ]
+  if parse_extensions:
 
-  if parse_extensions and exts is not None:
+    exts = pkcs10.getExtensions()
 
-    as, v4, v6 = rpki.resource_set.parse_extensions(exts.get())
+    as, v4, v6 = rpki.resource_set.parse_extensions(exts)
     if as: print "ASN  =", as
     if v4: print "IPv4 =", v4
     if v6: print "IPv6 =", v6
 
-    for oid, crit, val in exts.get():
+    for oid, crit, val in exts:
       if oid in ((1, 3, 6, 1, 5, 5, 7, 1, 7), (1, 3, 6, 1, 5, 5, 7, 1, 8)):
         continue
       if isinstance(val, str):
diff --git a/scripts/rpki/up_down.py b/scripts/rpki/up_down.py
index 814a8534..388ba21c 100644
--- a/scripts/rpki/up_down.py
+++ b/scripts/rpki/up_down.py
@@ -234,18 +234,14 @@ class issue_pdu(base_elt):
     if oids.get(self.pkcs10.get_POWpkix().signatureAlgorithm) not in ("sha256WithRSAEncryption", "sha384WithRSAEncryption", "sha512WithRSAEncryption"):
       raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % self.pkcs10.get_POWpkix().signatureAlgorithm
     exts = self.pkcs10.getExtensions()
-    if exts is None:
-      exts = {}
-    else:
-      exts = exts.get()
-      for oid, critical, value in exts:
-        if oids.get(oid) not in ("basicConstraints", "keyUsage", "subjectInfoAccess"):
-          raise rpki.exceptions.BadExtension, "Forbidden extension %s" % oid
-      exts = dict((oids[oid], value) for (oid, critical, value) in exts)
+    for oid, critical, value in exts:
+      if oids.get(oid) not in ("basicConstraints", "keyUsage", "subjectInfoAccess"):
+        raise rpki.exceptions.BadExtension, "Forbidden extension %s" % oid
+    exts = dict((oids[oid], value) for (oid, critical, value) in exts)
     if "basicConstraints" not in exts or not exts["basicConstraints"][0]:
       raise rpki.exceptions.BadPKCS10, "request for EE cert not allowed here"
     if exts["basicConstraints"][1] is not None:
-      raise rpki.exceptions.BadPKCS10, "basicConstraints extension must not specify Path Length"
+      raise rpki.exceptions.BadPKCS10, "basicConstraints must not specify Path Length"
     if "keyUsage" in exts and (not exts["keyUsage"][5] or not exts["keyUsage"][6]):
       raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints"
     for method, location in exts.get("subjectInfoAccess", ()):
@@ -257,9 +253,9 @@ class issue_pdu(base_elt):
     #    resources (approximately the same algorithm used for
     #    list_response).  Check:
     #
-    # 3a) that resources match exactly
+    # 3a) that public key matches exactly
     #
-    # 3b) that public key matches exactly
+    # 3b) that resources match exactly
     #
     # 3c) that any relevant extensions in the pkcs10 match exactly
     #
@@ -275,12 +271,8 @@ class issue_pdu(base_elt):
     else:
       child_cert = None
     if child_cert is not None:
-      pass
+      pass                              # Fill in remaining tests here
 
-    #
-    # In theory the spec requires that that public keys here be
-    # different, so at most one key should match.  Sez here.
-    # Anyway, need to perform remaining tests on the match if we got one.
 
     raise NotImplementedError