From 30aefe57389439e2d00b2deb63c3ba9cae69b392 Mon Sep 17 00:00:00 2001
From: Brayden Hass <braydenhass@google.com>
Date: Wed, 18 Dec 2024 23:47:28 +0000
Subject: [PATCH] Updates to script to support indirect CRL signing.

---
 credentials/generate-revocation-set.py | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/credentials/generate-revocation-set.py b/credentials/generate-revocation-set.py
index 1bb8fa123a2fdb..f345712512ae80 100644
--- a/credentials/generate-revocation-set.py
+++ b/credentials/generate-revocation-set.py
@@ -99,19 +99,10 @@ def parse_vid_pid_from_distinguished_name(distinguished_name):
 
 
 def get_akid(cert: x509.Certificate) -> Optional[bytes]:
-    try:
-        return cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_KEY_IDENTIFIER).value.key_identifier
-    except Exception:
-        logging.warning("AKID not found in certificate")
-        return None
-
+    return cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_KEY_IDENTIFIER).value.key_identifier
 
 def get_skid(cert: x509.Certificate) -> Optional[bytes]:
-    try:
-        return cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_KEY_IDENTIFIER).value.key_identifier
-    except Exception:
-        logging.warning("SKID not found in certificate")
-        return None
+    return cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_KEY_IDENTIFIER).value.key_identifier
 
 def verify_cert(cert: x509.Certificate, root: x509.Certificate) -> bool:
     '''
@@ -405,8 +396,7 @@ def __init__(self, rest_node_url: str):
         rest_node_url: str
             RESTful API URL
         '''
-
-        if not re.match(r"^https://.*\.dcl\.csa-iot\.org$", rest_node_url):
+        if not re.match(r"^https://(on|on.test-net)\.dcl\.csa-iot\.(org|org/)$", rest_node_url):
             raise ValueError(f"Invalid RESTful API URL: {rest_node_url}")
 
         self.rest_node_url = rest_node_url