RPKI Engine
1.0
|
Public Member Functions | |
def | __init__ |
def | bsc |
def | cms_xml_sign |
def | cms_xml_verify |
def | ee |
def | fxcert |
def | run_ca |
def | run_dgst |
def | run_openssl |
def | run_req |
def | setup |
def | touch_file |
def | xcert |
def | xcert_filename |
def | xcert_revoke |
Public Attributes | |
cer | |
cfg | |
crl | |
crlnum | |
dir | |
env | |
index | |
key | |
openssl | |
req | |
serial | |
Static Public Attributes | |
dictionary | path_restriction |
def rpki::myrpki::CA::bsc | ( | self, | |
pkcs10 | |||
) |
Issue BSC certificate, if we have a PKCS #10 request for it.
Definition at line 770 of file myrpki.py.
References rpki::myrpki::EntityDB::dir, dir, run_ca(), run_dgst(), and run_openssl().
Referenced by rpki::left_right::repository_elt::call_pubd(), rpki::left_right::parent_elt::query_up_down(), and rpki::left_right::child_elt::serve_up_down().
def rpki::myrpki::CA::cms_xml_sign | ( | self, | |
ee_name, | |||
base_name, | |||
elt | |||
) |
Sign an XML object with CMS, return Base64 text.
Definition at line 732 of file myrpki.py.
References rpki::myrpki::EntityDB::dir, dir, rpki::rcynic::rcynic_roa::ee, rpki::rcynic::rcynic_ghostbuster::ee, ee(), rpki::myrpki::etree_pre_write(), and run_openssl().
def rpki::myrpki::CA::cms_xml_verify | ( | self, | |
b64, | |||
ca | |||
) |
Attempt to verify and extract XML from a Base64-encoded signed CMS object. CA is the filename of a certificate that we expect to be the issuer of the EE certificate bundled with the CMS, and must previously have been cross-certified under our trust anchor.
Definition at line 745 of file myrpki.py.
References cer, rpki::myrpki::EntityDB::dir, dir, rpki::myrpki::etree_post_read(), and run_openssl().
def rpki::myrpki::CA::ee | ( | self, | |
ee_name, | |||
base_name | |||
) |
Issue an end-enity certificate.
Definition at line 718 of file myrpki.py.
References rpki::myrpki::EntityDB::dir, dir, run_ca(), and run_req().
Referenced by cms_xml_sign().
def rpki::myrpki::CA::fxcert | ( | self, | |
b64, | |||
filename = None , |
|||
path_restriction = 0 |
|||
) |
Write PEM certificate to file, then cross-certify.
Definition at line 791 of file myrpki.py.
References rpki::myrpki::EntityDB::dir, dir, run_openssl(), and xcert().
def rpki::myrpki::CA::run_ca | ( | self, | |
args | |||
) |
Run OpenSSL "ca" command with common initial arguments.
Definition at line 652 of file myrpki.py.
References rpki::config::parser::cfg, rpki::irdbd::main::cfg, cfg, and run_openssl().
Referenced by bsc(), ee(), setup(), xcert(), and xcert_revoke().
def rpki::myrpki::CA::run_dgst | ( | self, | |
input, | |||
algorithm = "md5" |
|||
) |
Run OpenSSL "dgst" command, return cleaned-up result.
Definition at line 669 of file myrpki.py.
References run_openssl().
Referenced by bsc(), and xcert_filename().
def rpki::myrpki::CA::run_openssl | ( | self, | |
cmd, | |||
kwargs | |||
) |
Run an OpenSSL command, suppresses stderr unless OpenSSL returns failure, and returns stdout.
Definition at line 636 of file myrpki.py.
References openssl.
Referenced by bsc(), cms_xml_sign(), cms_xml_verify(), fxcert(), run_ca(), run_dgst(), run_req(), and xcert_filename().
def rpki::myrpki::CA::run_req | ( | self, | |
key_file, | |||
req_file, | |||
log_key = sys.stdout |
|||
) |
Run OpenSSL "genrsa" and "req" commands.
Definition at line 658 of file myrpki.py.
References rpki::config::parser::cfg, rpki::irdbd::main::cfg, cfg, and run_openssl().
Referenced by ee(), and setup().
def rpki::myrpki::CA::setup | ( | self, | |
ca_name | |||
) |
def rpki::myrpki::CA::touch_file | ( | filename, | |
content = None |
|||
) |
def rpki::myrpki::CA::xcert | ( | self, | |
cert, | |||
path_restriction = 0 |
|||
) |
Cross-certify a certificate represented as a PEM file, if we haven't already. This only works for self-signed certs, due to limitations of the OpenSSL command line tool, but that suffices for our purposes.
Definition at line 818 of file myrpki.py.
References path_restriction, run_ca(), and xcert_filename().
Referenced by fxcert().
def rpki::myrpki::CA::xcert_filename | ( | self, | |
cert | |||
) |
Generate filename for a cross-certification. Extracts public key and subject name from PEM file and hash it so we can use the result as a tag for cross-certifying this cert.
Definition at line 804 of file myrpki.py.
References rpki::myrpki::EntityDB::dir, dir, run_dgst(), and run_openssl().
Referenced by xcert(), and xcert_revoke().
def rpki::myrpki::CA::xcert_revoke | ( | self, | |
cert | |||
) |
Revoke a cross-certification and regenerate CRL.
Definition at line 831 of file myrpki.py.
References crl, run_ca(), and xcert_filename().
Definition at line 617 of file myrpki.py.
Referenced by cms_xml_verify(), and setup().
Definition at line 617 of file myrpki.py.
Referenced by rpki::myrpki::main::do_configure_daemons(), run_ca(), and run_req().
Definition at line 617 of file myrpki.py.
Referenced by setup(), and xcert_revoke().
Definition at line 617 of file myrpki.py.
Referenced by bsc(), cms_xml_sign(), cms_xml_verify(), ee(), fxcert(), setup(), and xcert_filename().
Definition at line 617 of file myrpki.py.
Referenced by run_openssl().
dictionary rpki::myrpki::CA::path_restriction [static] |