aboutsummaryrefslogtreecommitdiff
path: root/scripts/manifests.py
blob: 0204e8820f9c8b033ff906328b62581658c9b9fd (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# $Id$

import time, glob, os
import rpki.x509, rpki.manifest, rpki.sundial

show_content_1                  = False
show_signed_manifest_PEM        = False
show_signed_manifest_asn1dump   = True
show_content_2                  = False
show_content_3                  = False
dump_signed_manifest_DER        = False
dump_manifest_content_DER       = False
test_empty_manifest             = False

def dumpasn1(thing):
  # Save to file rather than using popen4() because dumpasn1 uses
  # seek() when decoding ASN.1 content nested in OCTET STRING values.
  try:
    fn = "dumpasn1.tmp"
    f = open(fn, "w")
    f.write(thing)
    f.close()
    f = os.popen("dumpasn1 2>&1 -a " + fn)
    print "\n".join(x for x in f.read().splitlines() if x.startswith(" "))
    f.close()
  finally:
    os.unlink(fn)

if test_empty_manifest:
  names_and_objs = []
else:
  names_and_objs = [(fn, rpki.x509.X509(Auto_file = fn)) for fn in glob.glob("resource-cert-samples/*.cer")]

m = rpki.x509.SignedManifest()
m.build(
  serial         = 17,
  nextUpdate     = rpki.sundial.datetime.utcnow() + rpki.sundial.timedelta(days = 1),
  names_and_objs = names_and_objs,
  keypair        = rpki.x509.RSA(Auto_file = "biz-certs/Alice-EE.key"),
  certs          = rpki.x509.X509_chain(Auto_files = ("biz-certs/Alice-EE.cer", "biz-certs/Alice-CA.cer")))

if show_content_1:
  dumpasn1(m.get_content().toString())

if show_signed_manifest_PEM:
  print m.get_PEM()

if dump_manifest_content_DER:
  f = open("manifest-content.der", "wb")
  f.write(m.get_content().toString())
  f.close()

if dump_signed_manifest_DER:
  f = open("signed-manifest.der", "wb")
  f.write(m.get_DER())
  f.close()

if show_signed_manifest_asn1dump:
  dumpasn1(m.get_DER())

n = rpki.x509.SignedManifest(DER = m.get_DER())

n.verify(ta = rpki.x509.X509(Auto_file = "biz-certs/Alice-Root.cer"))

if show_content_2:
  dumpasn1(n.get_content().toString())

assert m.get_content().toString() == n.get_content().toString()
assert m.get_content().get()      == n.get_content().get()

if show_content_3:
  print
  print n.get_content().get()
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 19:45:59 +0000