RPKI Engine  1.0
Public Member Functions | Public Attributes | Static Public Attributes
rpki::myrpki::CA Class Reference
Inheritance diagram for rpki::myrpki::CA:
Inheritance graph
Collaboration diagram for rpki::myrpki::CA:
Collaboration graph

List of all members.

Public Member Functions

def __init__
def bsc
def cms_xml_sign
def cms_xml_verify
def ee
def fxcert
def run_ca
def run_dgst
def run_openssl
def run_req
def setup
def touch_file
def xcert
def xcert_filename
def xcert_revoke

Public Attributes

 cer
 cfg
 crl
 crlnum
 dir
 env
 index
 key
 openssl
 req
 serial

Static Public Attributes

dictionary path_restriction

Detailed Description

Representation of one certification authority.

Definition at line 606 of file myrpki.py.


Constructor & Destructor Documentation

def rpki::myrpki::CA::__init__ (   self,
  cfg_file,
  dir 
)

Definition at line 617 of file myrpki.py.


Member Function Documentation

def rpki::myrpki::CA::bsc (   self,
  pkcs10 
)
Issue BSC certificate, if we have a PKCS #10 request for it.

Definition at line 770 of file myrpki.py.

References rpki::myrpki::EntityDB::dir, dir, run_ca(), run_dgst(), and run_openssl().

Referenced by rpki::left_right::repository_elt::call_pubd(), rpki::left_right::parent_elt::query_up_down(), and rpki::left_right::child_elt::serve_up_down().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::cms_xml_sign (   self,
  ee_name,
  base_name,
  elt 
)
Sign an XML object with CMS, return Base64 text.

Definition at line 732 of file myrpki.py.

References rpki::myrpki::EntityDB::dir, dir, rpki::rcynic::rcynic_roa::ee, rpki::rcynic::rcynic_ghostbuster::ee, ee(), rpki::myrpki::etree_pre_write(), and run_openssl().

Here is the call graph for this function:

def rpki::myrpki::CA::cms_xml_verify (   self,
  b64,
  ca 
)
Attempt to verify and extract XML from a Base64-encoded signed CMS
object.  CA is the filename of a certificate that we expect to be
the issuer of the EE certificate bundled with the CMS, and must
previously have been cross-certified under our trust anchor.

Definition at line 745 of file myrpki.py.

References cer, rpki::myrpki::EntityDB::dir, dir, rpki::myrpki::etree_post_read(), and run_openssl().

Here is the call graph for this function:

def rpki::myrpki::CA::ee (   self,
  ee_name,
  base_name 
)
Issue an end-enity certificate.

Definition at line 718 of file myrpki.py.

References rpki::myrpki::EntityDB::dir, dir, run_ca(), and run_req().

Referenced by cms_xml_sign().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::fxcert (   self,
  b64,
  filename = None,
  path_restriction = 0 
)
Write PEM certificate to file, then cross-certify.

Definition at line 791 of file myrpki.py.

References rpki::myrpki::EntityDB::dir, dir, run_openssl(), and xcert().

Here is the call graph for this function:

def rpki::myrpki::CA::run_ca (   self,
  args 
)
Run OpenSSL "ca" command with common initial arguments.

Definition at line 652 of file myrpki.py.

References rpki::config::parser::cfg, rpki::irdbd::main::cfg, cfg, and run_openssl().

Referenced by bsc(), ee(), setup(), xcert(), and xcert_revoke().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::run_dgst (   self,
  input,
  algorithm = "md5" 
)
Run OpenSSL "dgst" command, return cleaned-up result.

Definition at line 669 of file myrpki.py.

References run_openssl().

Referenced by bsc(), and xcert_filename().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::run_openssl (   self,
  cmd,
  kwargs 
)
Run an OpenSSL command, suppresses stderr unless OpenSSL returns
failure, and returns stdout.

Definition at line 636 of file myrpki.py.

References openssl.

Referenced by bsc(), cms_xml_sign(), cms_xml_verify(), fxcert(), run_ca(), run_dgst(), run_req(), and xcert_filename().

Here is the caller graph for this function:

def rpki::myrpki::CA::run_req (   self,
  key_file,
  req_file,
  log_key = sys.stdout 
)
Run OpenSSL "genrsa" and  "req" commands.

Definition at line 658 of file myrpki.py.

References rpki::config::parser::cfg, rpki::irdbd::main::cfg, cfg, and run_openssl().

Referenced by ee(), and setup().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::setup (   self,
  ca_name 
)
Set up this CA.  ca_name is an X.509 distinguished name in
/tag=val/tag=val format.

Definition at line 692 of file myrpki.py.

References cer, crl, crlnum, rpki::myrpki::EntityDB::dir, dir, index, key, req, run_ca(), run_req(), serial, and touch_file().

Here is the call graph for this function:

def rpki::myrpki::CA::touch_file (   filename,
  content = None 
)
Create dumb little text files expected by OpenSSL "ca" utility.

Definition at line 682 of file myrpki.py.

Referenced by setup().

Here is the caller graph for this function:

def rpki::myrpki::CA::xcert (   self,
  cert,
  path_restriction = 0 
)
Cross-certify a certificate represented as a PEM file, if we
haven't already.  This only works for self-signed certs, due to
limitations of the OpenSSL command line tool, but that suffices
for our purposes.

Definition at line 818 of file myrpki.py.

References path_restriction, run_ca(), and xcert_filename().

Referenced by fxcert().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::xcert_filename (   self,
  cert 
)
Generate filename for a cross-certification.

Extracts public key and subject name from PEM file and hash it so
we can use the result as a tag for cross-certifying this cert.

Definition at line 804 of file myrpki.py.

References rpki::myrpki::EntityDB::dir, dir, run_dgst(), and run_openssl().

Referenced by xcert(), and xcert_revoke().

Here is the call graph for this function:

Here is the caller graph for this function:

def rpki::myrpki::CA::xcert_revoke (   self,
  cert 
)
Revoke a cross-certification and regenerate CRL.

Definition at line 831 of file myrpki.py.

References crl, run_ca(), and xcert_filename().

Here is the call graph for this function:


Member Data Documentation

Definition at line 617 of file myrpki.py.

Referenced by cms_xml_verify(), and setup().

Definition at line 617 of file myrpki.py.

Referenced by rpki::myrpki::main::do_configure_daemons(), run_ca(), and run_req().

Definition at line 617 of file myrpki.py.

Referenced by setup(), and xcert_revoke().

Definition at line 617 of file myrpki.py.

Referenced by setup().

Definition at line 617 of file myrpki.py.

Referenced by bsc(), cms_xml_sign(), cms_xml_verify(), ee(), fxcert(), setup(), and xcert_filename().

Definition at line 617 of file myrpki.py.

Definition at line 617 of file myrpki.py.

Referenced by setup().

Definition at line 617 of file myrpki.py.

Referenced by setup().

Definition at line 617 of file myrpki.py.

Referenced by run_openssl().

Initial value:
{ 0 : "ca_x509_ext_xcert0",
                       1 : "ca_x509_ext_xcert1" }

Definition at line 614 of file myrpki.py.

Referenced by xcert().

Definition at line 617 of file myrpki.py.

Referenced by setup().

Definition at line 617 of file myrpki.py.

Referenced by setup().


The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables Properties