From a096bcdca38b419f40c8d37584a4f7900f039589 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 15 Nov 2007 03:24:02 +0000
Subject: CRL support, not yet tested

svn path=/scripts/biz-certs/Bob-CA.srl; revision=1296
---
 scripts/rpki/x509.py | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'scripts/rpki/x509.py')

diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 488c1d73..b6c56d1e 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -650,7 +650,17 @@ class CRL(DER_object):
       self.POWpkix = crl
     return self.POWpkix
 
-  def build(self, serial, nextUpdate, names_and_objs, version = 0):
+  @classmethod
+  def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1, digestType = "sha256WithRSAEncryption"):
     crl = POW.pkix.CertificateList()
-    raise rpki.exceptions.NotImplementedYet
-    self.set(POWpkix = crl)
+    crl.setVersion(version)
+    crl.setIssuer(issuer.get_POWpkix().getIssuer())
+    crl.setThisUpdate(thisUpdate.toASN1tuple())
+    crl.setNextUpdate(nextUpdate.toASN1tuple())
+    if revokedCertificates:
+      crl.setRevokedCertificates(revokedCertificates)
+    crl.setExtensions(
+      (rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer.get_SKI(), (), None)),
+      (rpki.oids.name2oid["cRLNumber"], False, serial))
+    crl.sign(keypair.get_POW(), digestType)
+    return cls(POWpkix = crl)
-- 
cgit v1.2.3