RPKI Engine
1.0
|
Public Member Functions | |
def | cross_certify |
def | expired |
def | get_DER |
def | get_POW |
def | get_POWpkix |
def | getIssuer |
def | getNotAfter |
def | getNotBefore |
def | getPublicKey |
def | getSerial |
def | getSubject |
def | issue |
def | normalize_chain |
Public Attributes | |
DER | |
DER value of this object. | |
POW | |
POWpkix | |
Static Public Attributes | |
tuple | formats = ("DER", "POW", "POWpkix") |
Formats supported in this object. | |
tuple | pem_converter = PEM_converter("CERTIFICATE") |
PEM converter for this object. |
X.509 certificates. This class is designed to hold all the different representations of X.509 certs we're using and convert between them. X.509 support in Python a nasty maze of half-cooked stuff (except perhaps for cryptlib, which is just different). Users of this module should not have to care about this implementation nightmare.
def rpki::x509::X509::cross_certify | ( | self, | |
keypair, | |||
source_cert, | |||
serial, | |||
notAfter, | |||
now = None , |
|||
pathLenConstraint = 0 |
|||
) |
Issue a certificate with values taking from an existing certificate. This is used to construct some kinds oF BPKI certificates.
Definition at line 558 of file x509.py.
References get_POWpkix(), rpki::x509::DER_object::get_SKI(), rpki::up_down::revoke_pdu::get_SKI(), rpki::x509::RSA::get_SKI(), rpki::x509::RSApublic::get_SKI(), and getSubject().
def rpki::x509::X509::expired | ( | self | ) |
Test whether this certificate has expired.
Definition at line 491 of file x509.py.
References getNotAfter().
def rpki::x509::X509::get_DER | ( | self | ) |
Get the DER value of this certificate.
Reimplemented from rpki::x509::DER_object.
Definition at line 420 of file x509.py.
Referenced by rpki::x509::XML_CMS_object::dump_to_disk(), rpki::x509::RSApublic::get_SKI(), rpki::x509::CMS_object::verify(), and rpki::x509::XML_CMS_object::wrap().
def rpki::x509::X509::get_POW | ( | self | ) |
Get the rpki.POW value of this certificate.
Definition at line 435 of file x509.py.
Referenced by rpki::x509::CMS_object::extract(), rpki::x509::RSA::get_public_DER(), rpki::x509::CMS_object::get_signingTime(), getIssuer(), rpki::x509::CRL::getIssuer(), getSerial(), getSubject(), and rpki::x509::CMS_object::verify().
def rpki::x509::X509::get_POWpkix | ( | self | ) |
Get the rpki.POW.pkix value of this certificate.
Definition at line 444 of file x509.py.
Referenced by rpki::x509::PKCS10::check_valid_rpki(), cross_certify(), rpki::x509::DER_object::get_3779resources(), rpki::x509::DER_object::get_AIA(), rpki::x509::DER_object::get_AKI(), rpki::x509::DER_object::get_basicConstraints(), rpki::x509::DER_object::get_SIA(), rpki::x509::DER_object::get_SKI(), rpki::x509::CRL::getNextUpdate(), getNotAfter(), getNotBefore(), getPublicKey(), rpki::x509::PKCS10::getPublicKey(), rpki::x509::CRL::getThisUpdate(), and issue().
def rpki::x509::X509::getIssuer | ( | self | ) |
def rpki::x509::X509::getNotAfter | ( | self | ) |
Get the expiration time of this certificate.
Definition at line 473 of file x509.py.
References get_POWpkix().
Referenced by expired(), and rpki::x509::DER_object::get_3779resources().
def rpki::x509::X509::getNotBefore | ( | self | ) |
Get the inception time of this certificate.
Definition at line 467 of file x509.py.
References get_POWpkix().
def rpki::x509::X509::getPublicKey | ( | self | ) |
Extract the public key from this certificate.
Definition at line 485 of file x509.py.
References get_POWpkix().
def rpki::x509::X509::getSerial | ( | self | ) |
def rpki::x509::X509::getSubject | ( | self | ) |
Get the subject of this certificate.
Definition at line 461 of file x509.py.
References get_POW().
Referenced by cross_certify(), and issue().
def rpki::x509::X509::issue | ( | self, | |
keypair, | |||
subject_key, | |||
serial, | |||
sia, | |||
aia, | |||
crldp, | |||
notAfter, | |||
cn = None , |
|||
resources = None , |
|||
is_ca = True |
|||
) |
Issue a certificate.
Definition at line 497 of file x509.py.
References get_POWpkix(), rpki::x509::DER_object::get_SKI(), rpki::up_down::revoke_pdu::get_SKI(), rpki::x509::RSA::get_SKI(), rpki::x509::RSApublic::get_SKI(), and getSubject().
def rpki::x509::X509::normalize_chain | ( | cls, | |
chain | |||
) |
Normalize a chain of certificates into a tuple of X509 objects. Given all the glue certificates needed for BPKI cross certification, it's easiest to allow sloppy arguments to the CMS validation methods and provide a single method that normalizes the allowed cases. So this method allows X509, None, lists, and tuples, and returns a tuple of X509 objects.
DER value of this object.
Reimplemented from rpki::x509::DER_object.
tuple rpki::x509::X509::formats = ("DER", "POW", "POWpkix") [static] |
Formats supported in this object.
Reimplemented from rpki::x509::DER_object.
tuple rpki::x509::X509::pem_converter = PEM_converter("CERTIFICATE") [static] |
PEM converter for this object.
Reimplemented from rpki::x509::DER_object.
Definition at line 437 of file x509.py.
Referenced by rpki::x509::CMS_object::sign().