Inherits object.
List of all members.
Detailed Description
Representation of one certification authority.
Definition at line 559 of file myrpki.py.
Member Function Documentation
def rpki.myrpki.CA.__init__ |
( |
|
self, |
|
|
|
cfg_file, |
|
|
|
dir | |
|
) |
| | |
def rpki.myrpki.CA.bsc |
( |
|
self, |
|
|
|
pkcs10 | |
|
) |
| | |
Issue BSC certificiate, if we have a PKCS #10 request for it.
Definition at line 723 of file myrpki.py.
def rpki.myrpki.CA.cms_xml_sign |
( |
|
self, |
|
|
|
ee_name, |
|
|
|
base_name, |
|
|
|
elt | |
|
) |
| | |
Sign an XML object with CMS, return Base64 text.
Definition at line 685 of file myrpki.py.
def rpki.myrpki.CA.cms_xml_verify |
( |
|
self, |
|
|
|
b64, |
|
|
|
ca | |
|
) |
| | |
Attempt to verify and extract XML from a Base64-encoded signed CMS
object. CA is the filename of a certificate that we expect to be
the issuer of the EE certificate bundled with the CMS, and must
previously have been cross-certified under our trust anchor.
Definition at line 698 of file myrpki.py.
def rpki.myrpki.CA.ee |
( |
|
self, |
|
|
|
ee_name, |
|
|
|
base_name | |
|
) |
| | |
Issue an end-enity certificate.
Definition at line 671 of file myrpki.py.
def rpki.myrpki.CA.fxcert |
( |
|
self, |
|
|
|
b64, |
|
|
|
filename = None , |
|
|
|
path_restriction = 0 | |
|
) |
| | |
Write PEM certificate to file, then cross-certify.
Definition at line 744 of file myrpki.py.
def rpki.myrpki.CA.run_ca |
( |
|
self, |
|
|
|
args | |
|
) |
| | |
Run OpenSSL "ca" command with common initial arguments.
Definition at line 605 of file myrpki.py.
def rpki.myrpki.CA.run_dgst |
( |
|
self, |
|
|
|
input, |
|
|
|
algorithm = "md5" | |
|
) |
| | |
Run OpenSSL "dgst" command, return cleaned-up result.
Definition at line 622 of file myrpki.py.
def rpki.myrpki.CA.run_openssl |
( |
|
self, |
|
|
|
cmd, |
|
|
|
kwargs | |
|
) |
| | |
Run an OpenSSL command, suppresses stderr unless OpenSSL returns
failure, and returns stdout.
Definition at line 589 of file myrpki.py.
def rpki.myrpki.CA.run_req |
( |
|
self, |
|
|
|
key_file, |
|
|
|
req_file, |
|
|
|
log_key = sys.stdout | |
|
) |
| | |
Run OpenSSL "genrsa" and "req" commands.
Definition at line 611 of file myrpki.py.
def rpki.myrpki.CA.setup |
( |
|
self, |
|
|
|
ca_name | |
|
) |
| | |
Set up this CA. ca_name is an X.509 distinguished name in
/tag=val/tag=val format.
Definition at line 645 of file myrpki.py.
def rpki.myrpki.CA.touch_file |
( |
|
filename, |
|
|
|
content = None | |
|
) |
| | |
Create dumb little text files expected by OpenSSL "ca" utility.
Definition at line 635 of file myrpki.py.
def rpki.myrpki.CA.xcert |
( |
|
self, |
|
|
|
cert, |
|
|
|
path_restriction = 0 | |
|
) |
| | |
Cross-certify a certificate represented as a PEM file, if we
haven't already. This only works for self-signed certs, due to
limitations of the OpenSSL command line tool, but that suffices
for our purposes.
Definition at line 771 of file myrpki.py.
def rpki.myrpki.CA.xcert_filename |
( |
|
self, |
|
|
|
cert | |
|
) |
| | |
Generate filename for a cross-certification.
Extracts public key and subject name from PEM file and hash it so
we can use the result as a tag for cross-certifying this cert.
Definition at line 757 of file myrpki.py.
def rpki.myrpki.CA.xcert_revoke |
( |
|
self, |
|
|
|
cert | |
|
) |
| | |
Revoke a cross-certification and regenerate CRL.
Definition at line 784 of file myrpki.py.
Member Data Documentation
Initial value:{ 0 : "ca_x509_ext_xcert0",
1 : "ca_x509_ext_xcert1" }
Definition at line 567 of file myrpki.py.
The documentation for this class was generated from the following file: