rpkimancer.cert.ca module

RPKI Certificate Authority implementation - RFC6487.

class rpkimancer.cert.ca.CertificateAuthority(*, common_name='CA', crl_days=7, mft_days=7, **kwargs)

Bases: BaseResourceCertificate

RPKI Certificate Authority - RFC6487.

Parameters:

  • common_name (str) –

  • crl_days (int) –

  • mft_days (int) –

  • kwargs (Any) –

property crl: Optional[CertificateRevocationList]

Get the last CRL issued by this CA.

property crl_der: bytes

Get the last CRL as DER-encoded bytes.

property repo_path: str

Get the filesystem path to this CA’s publication point.

property cert_path: str

Get the filesystem path to cert in the issuer publication point.

property mft_entry: Optional[Tuple[str, bytes]]

Get an entry for inclusion in the issuer’s manifest.

property crl_path: str

Get the filesystem path to the CRL in publication point.

property mft_path: str

Get the filesystem path to the manifest in publication point.

property issued: Iterable[BaseResourceCertificate]

Get a generator over the certifactes issued by this CA.

property crldp: Optional[CRLDistributionPoints]

Get the CRLDistributionPoint extension for the certificate.

property aia: Optional[AuthorityInformationAccess]

Get the AuthorityInformationAccess extension for the certificate.

property sia: Optional[SubjectInformationAccess]

Get the SubjectInformationAccess extension for the certificate.

issue_cert(subject=None)

Issue a new Resource Certificate with this CA.

Parameters:

subject (Optional[BaseResourceCertificate]) –

Return type:

Certificate

issue_crl(to_revoke=None)

Issue a new CRL for this CA.

Parameters:

to_revoke (Optional[Iterable[BaseResourceCertificate]]) –

Return type:

None

issue_mft(file_list)

Issue a new manifest for this CA.

Parameters:

file_list (List[Tuple[str, bytes]]) –

Return type:

None

property mft: RpkiManifest

Get the last manifest issued by this CA.

publish(*, pub_path, recursive=True, **kwargs)

Publish this CA’s artifacts as DER files in the PP.

Parameters:

  • pub_path (str) –

  • recursive (bool) –

  • kwargs (Any) –

Return type:

None

class rpkimancer.cert.ca.TACertificateAuthority(*, common_name='TA', base_uri='rsync://rpki.example.net/rpki', **kwargs)

Bases: CertificateAuthority

RPKI Trust Anchor Certificate Authority - RFC6487.

Parameters:

  • common_name (str) –

  • base_uri (str) –

  • kwargs (Any) –

property repo_path: str

Get the filesystem path to this CA’s publication point.

property cert_path: str

Get the filesystem path to cert in the publication point root.

property tal_path: str

Get the filesystem path to the trust anchor locator.

property tal: bytes

Get the contents of the TAL for this trust anchor.

publish(*, pub_path, tal_path=None, recursive=True, **kwargs)

Publish this CA’s artifacts and TAL.

Parameters:

  • pub_path (str) –

  • tal_path (Optional[str]) –

  • recursive (bool) –

  • kwargs (Any) –

Return type:

None