aboutsummaryrefslogtreecommitdiff
path: root/rpkid/rpki/x509.py
AgeCommit message (Collapse)Author
2014-04-05Source tree reorg, phase 1. Almost everything moved, no file contents changed.Rob Austein
svn path=/branches/tk685/; revision=5757
2014-02-25Router certificates working again after changes to get subject name out of ↵Rob Austein
the PKCS !#10. svn path=/branches/tk671/; revision=5683
2014-02-21Add EKU when generating router certificates.Rob Austein
svn path=/branches/tk671/; revision=5681
2014-02-21Add router certificate support to yamltest, rpkic, etc.Rob Austein
svn path=/branches/tk671/; revision=5680
2014-02-20Whack RSA-specific code to a more general API using PrivateKey andRob Austein
PublicKey classes, with RSA and ECDSA as subclasses extending PrivateKey. Revised API not necessarily in final form yet, but good enough for smoketest to generate ECDSA keys for testing router certs. svn path=/branches/tk671/; revision=5679
2014-02-20Checkpoint. Now generating something that looks a bit like a routerRob Austein
cert, but not right yet: RSA where should be ECDSA, EKU missing, and EE certificate class's .reissue() method isn't working properly yet. svn path=/branches/tk671/; revision=5673
2014-02-18Add support for setting serialNumber attribute in certificate names,Rob Austein
since the current router certificate specification uses it. svn path=/branches/tk671/; revision=5667
2014-01-29First cut of zookeeper methods to add router certs and other EE certs.Rob Austein
Likely needs further refactoring before really usable by GUI or CLI. svn path=/branches/tk671/; revision=5654
2014-01-29Rework PKCS #10 sanity checking code.Rob Austein
svn path=/branches/tk671/; revision=5653
2014-01-29Clean up OID database. Would have done this years ago, had IRob Austein
understood how the globals() function works. svn path=/branches/tk671/; revision=5652
2014-01-29CheckpointRob Austein
svn path=/branches/tk671/; revision=5651
2014-01-26Checkpoint.Rob Austein
svn path=/branches/tk671/; revision=5646
2014-01-15Typo in format string was throwing exception-within-exception inRob Austein
DeadDrop.dump(). svn path=/trunk/; revision=5636
2014-01-09Update more copyrights, clean up module doc blocks.Rob Austein
svn path=/trunk/; revision=5624
2014-01-07Clean up non-verifying CMS extraction methods.Rob Austein
svn path=/trunk/; revision=5617
2014-01-07Set notBefore value directly when issuing certificates to avoid raceRob Austein
condition when issuing new manifest EE certificate. See #662. svn path=/trunk/; revision=5614
2013-10-09[5462] change to Auto_update error handling was incomplete.Rob Austein
Fixes #634. svn path=/trunk/; revision=5558
2013-10-08Switch RSA key generation to use a new .generateRSA() class methodRob Austein
rather than abusing the Asymmetric __init__() method, in preparation for adding support for other public key algorithms like ECDSA. svn path=/trunk/; revision=5553
2013-08-23Rip out PEM_converter class, as we no longer need to supportRob Austein
interoperation between three separate ASN.1 packages and our updated rpki.POW PEM functions use the OpenSSL libraries to handle corner cases that PEM_converter did not, like PKCS8. See #603. Fix log-rate-limiting in Auto_update DER objects to be time-based rather than counter based; reorder checks so that daemons will have some chance of recovering when the user does something strange with required .cer or .key files then repairs the error. See #602. svn path=/trunk/; revision=5462
2013-07-24Pickling support.Rob Austein
svn path=/trunk/; revision=5443
2013-07-18Log stale BPKI CMS CRLs. See #294.Rob Austein
svn path=/trunk/; revision=5438
2013-07-17Add ability for auto_update DER objects to coast through transientRob Austein
failures like missing files. Closes #580. svn path=/trunk/; revision=5435
2013-04-19Throw exception when asked to issue a certificate with notAfter <=Rob Austein
notBefore. Don't stomp ghostbuster_obj if we've just reused it. Clean up properly when deleting a ca_detail. Don't reissue expiring certificate if IRDB valid_until field says it's supposed to expire. svn path=/trunk/; revision=5302
2013-03-22.setRFC3779() handling of emtpy iterations was subtly broken in waysRob Austein
that only showed up when we started paying closer attention to inheritence and empty RFC 3779 extensions. Fixes #482. svn path=/trunk/; revision=5200
2013-03-21Record context in CMS replay exceptions. Closes #458.Rob Austein
svn path=/trunk/; revision=5188
2013-01-30rpki.x509.X509._issue() wasn't passing inheritance flags intoRob Austein
rpki.POW.X509.setRFC3779(), which was resulting in empty IPAddrBlock extensions for manifests and Ghostbusters records. See #406. svn path=/trunk/; revision=4983
2012-10-26Change POW representation of UTCTime and GeneralizedTime to use PythonRob Austein
datetime instead of OpenSSL-like GeneralizedTime strings. Clean up a lot of compiler warnings that gcc only reports with -Wextra. svn path=/branches/tk274/; revision=4791
2012-10-25Add direct conversion of datetime (and subclasses) timestamps toRob Austein
ASN1_TIME, so we can stop mucking about with this conversion in the Python code. svn path=/branches/tk274/; revision=4789
2012-10-18pylintRob Austein
svn path=/branches/tk274/; revision=4786
2012-10-17CRLs work better if one remembers to set the list of certificatesRob Austein
being revoked. Doh. Fixes #295. svn path=/branches/tk274/; revision=4780
2012-10-16Make schema checking configurable at runtime, reenable inbound schemaRob Austein
checking as the default. svn path=/branches/tk274/; revision=4779
2012-10-12Rust In Pieces, POW.pkix.Rob Austein
In the end, there can be only one. svn path=/branches/tk274/; revision=4771
2012-10-11Convert rpki.x509.X509._issue() to use POW instead of POW.pkix.Rob Austein
svn path=/branches/tk274/; revision=4769
2012-10-11Use POW instead of POW.pkix to decode certificate resources.Rob Austein
svn path=/branches/tk274/; revision=4767
2012-10-11CleanupRob Austein
svn path=/branches/tk274/; revision=4766
2012-10-10Convert ROAs and manifests to use POW CMS subclasses. Start inchingRob Austein
resource_set towards using POW.IPAddress class. Closes #293. svn path=/branches/tk274/; revision=4765
2012-10-09Delete broken definition of Ghostbusters class (which nothing everRob Austein
noticed, because the working definition overwrote it). Other minor cleanup. Closes #292. svn path=/branches/tk274/; revision=4762
2012-10-09Whack SIA and AIA code to use POW instead of POW.pkix. WhackRob Austein
smoketest repository layout to silence (correct) rcynic whining about objects not in manifest. svn path=/branches/tk274/; revision=4761
2012-10-09Use POW for PKCS #10 generation.Rob Austein
svn path=/branches/tk274/; revision=4760
2012-10-09Calculate SKI directly from POW.Asymmetric object.Rob Austein
svn path=/branches/tk274/; revision=4758
2012-10-05Convert another chunk of Python code to use new POW classes. Clean upRob Austein
PEM and OID code in POW. Add ENTER() macro to make it easier to track down things like borked reference counts. svn path=/branches/tk274/; revision=4756
2012-10-01Convert CRL creation to use POW rather than POW.pkix.Rob Austein
svn path=/branches/tk274/; revision=4748
2012-09-30Try dbm if gdbm fails for horrible debug-only RSA key speedup hack.Rob Austein
svn path=/branches/tk274/; revision=4742
2012-09-30Implement conversion between DER and POW formats for PKCS10 class.Rob Austein
svn path=/branches/tk274/; revision=4741
2012-09-29Convert BasicConstraints to use new POW method.Rob Austein
svn path=/branches/tk274/; revision=4740
2012-09-29Convert a few rpki.x509 methods to use the new rpki.POW code.Rob Austein
svn path=/branches/tk274/; revision=4739
2012-09-20Whack rest of POW's object I/O (x.derRead(), x.derWrite()) to use newRob Austein
class-based methods instead of old module functions. svn path=/branches/tk274/; revision=4728
2012-09-04As part of dragging POW.c into the 21st century, get rid of hugeRob Austein
swacks of code which either haven't been used in RPKI for years or have never been used in RPKI at all, and which, in either case, I'd rather not have to maintain: SSL/TLS, MD2, RIPEMD160, HMAC. There's almost certainly more to prune, but this was the lowest-hanging fruit. svn path=/branches/tk274/; revision=4696
2012-09-03Fix last (?) remaining direct reference to "POWpkix" outside ofRob Austein
rpki.x509 module. svn path=/branches/tk274/; revision=4694
2012-09-03More useful debugging code.Rob Austein
svn path=/branches/tk274/; revision=4692
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-03 16:07:00 +0000