RPKI Engine 1.0
Public Member Functions | Public Attributes | Static Public Attributes

rpki.myrpki.CA Class Reference

Inheritance diagram for rpki.myrpki.CA:
Inheritance graph
Collaboration diagram for rpki.myrpki.CA:
Collaboration graph

List of all members.

Public Member Functions

def __init__
def bsc
def cms_xml_sign
def cms_xml_verify
def ee
def fxcert
def run_ca
def run_dgst
def run_openssl
def run_req
def setup
def touch_file
def xcert
def xcert_filename
def xcert_revoke

Public Attributes

 cer
 cfg
 crl
 crlnum
 dir
 env
 index
 key
 openssl
 req
 serial

Static Public Attributes

dictionary path_restriction

Detailed Description

Representation of one certification authority.

Definition at line 573 of file myrpki.py.


Constructor & Destructor Documentation

def rpki.myrpki.CA.__init__ (   self,
  cfg_file,
  dir 
)

Definition at line 584 of file myrpki.py.


Member Function Documentation

def rpki.myrpki.CA.bsc (   self,
  pkcs10 
)
Issue BSC certificate, if we have a PKCS #10 request for it.

Definition at line 737 of file myrpki.py.

def rpki.myrpki.CA.cms_xml_sign (   self,
  ee_name,
  base_name,
  elt 
)
Sign an XML object with CMS, return Base64 text.

Definition at line 699 of file myrpki.py.

def rpki.myrpki.CA.cms_xml_verify (   self,
  b64,
  ca 
)
Attempt to verify and extract XML from a Base64-encoded signed CMS
object.  CA is the filename of a certificate that we expect to be
the issuer of the EE certificate bundled with the CMS, and must
previously have been cross-certified under our trust anchor.

Definition at line 712 of file myrpki.py.

def rpki.myrpki.CA.ee (   self,
  ee_name,
  base_name 
)
Issue an end-enity certificate.

Definition at line 685 of file myrpki.py.

def rpki.myrpki.CA.fxcert (   self,
  b64,
  filename = None,
  path_restriction = 0 
)
Write PEM certificate to file, then cross-certify.

Definition at line 758 of file myrpki.py.

def rpki.myrpki.CA.run_ca (   self,
  args 
)
Run OpenSSL "ca" command with common initial arguments.

Definition at line 619 of file myrpki.py.

def rpki.myrpki.CA.run_dgst (   self,
  input,
  algorithm = "md5" 
)
Run OpenSSL "dgst" command, return cleaned-up result.

Definition at line 636 of file myrpki.py.

def rpki.myrpki.CA.run_openssl (   self,
  cmd,
  kwargs 
)
Run an OpenSSL command, suppresses stderr unless OpenSSL returns
failure, and returns stdout.

Definition at line 603 of file myrpki.py.

def rpki.myrpki.CA.run_req (   self,
  key_file,
  req_file,
  log_key = sys.stdout 
)
Run OpenSSL "genrsa" and  "req" commands.

Definition at line 625 of file myrpki.py.

def rpki.myrpki.CA.setup (   self,
  ca_name 
)
Set up this CA.  ca_name is an X.509 distinguished name in
/tag=val/tag=val format.

Definition at line 659 of file myrpki.py.

def rpki.myrpki.CA.touch_file (   filename,
  content = None 
)
Create dumb little text files expected by OpenSSL "ca" utility.

Definition at line 649 of file myrpki.py.

def rpki.myrpki.CA.xcert (   self,
  cert,
  path_restriction = 0 
)
Cross-certify a certificate represented as a PEM file, if we
haven't already.  This only works for self-signed certs, due to
limitations of the OpenSSL command line tool, but that suffices
for our purposes.

Definition at line 785 of file myrpki.py.

def rpki.myrpki.CA.xcert_filename (   self,
  cert 
)
Generate filename for a cross-certification.

Extracts public key and subject name from PEM file and hash it so
we can use the result as a tag for cross-certifying this cert.

Definition at line 771 of file myrpki.py.

def rpki.myrpki.CA.xcert_revoke (   self,
  cert 
)
Revoke a cross-certification and regenerate CRL.

Definition at line 798 of file myrpki.py.


Member Data Documentation

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.

dictionary rpki.myrpki.CA.path_restriction [static]
Initial value:
{ 0 : "ca_x509_ext_xcert0",
                       1 : "ca_x509_ext_xcert1" }

Definition at line 581 of file myrpki.py.

Definition at line 584 of file myrpki.py.

Definition at line 584 of file myrpki.py.


The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables