rpki.cms.extract()

svn path=/scripts/rpki/cms.py; revision=1502
author: Rob Austein <sra@hactrn.net> 2008-01-24 01:42:12 +0000
committer: Rob Austein <sra@hactrn.net> 2008-01-24 01:42:12 +0000
commit: 3c5403fd122d35831d627680c0e3d452643587ba (patch)
tree: e2a88e70e892eba05c49d0e0471703e99bec758d
parent: 77cee7bdf01f5ba25b4baee9677c9732dc178dfb (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/scripts/rpki/cms.py b/scripts/rpki/cms.py
index f8027504..7b4916dc 100644
--- a/scripts/rpki/cms.py
+++ b/scripts/rpki/cms.py
@@ -80,13 +80,24 @@ def verify(cms, ta):
       dumpasn1(cms)
     raise rpki.exceptions.CMSVerificationFailed, "CMS verification failed"
 
+# openssl smime -verify -noverify -inform DER -in THING.der
+
+def extract(cms):
+  """Extract the content of a signed CMS message WITHOUT verifying the
+  signature.   Don't try this at home, kids.
+  """
+
+  return POW.derRead(POW.PKCS7_MESSAGE, cms).extract()
+
 def xml_verify(cms, ta):
   """Composite routine to verify CMS-wrapped XML."""
+
   val = lxml.etree.fromstring(verify(cms, ta))
   return val
 
 def xml_sign(elt, key, certs, encoding = "us-ascii"):
   """Composite routine to sign CMS-wrapped XML."""
+
   val = sign(lxml.etree.tostring(elt, pretty_print = True, encoding = encoding, xml_declaration = True),
              key, certs)
   return val
@@ -96,6 +107,7 @@ def dumpasn1(thing):
   Use a temporary file rather than popen4() because dumpasn1 uses
   seek() when decoding ASN.1 content nested in OCTET STRING values.
   """
+
   fn = "dumpasn1.tmp"
   try:
     f = open(fn, "w")
author	Rob Austein <sra@hactrn.net>	2008-01-24 01:42:12 +0000
committer	Rob Austein <sra@hactrn.net>	2008-01-24 01:42:12 +0000
commit	3c5403fd122d35831d627680c0e3d452643587ba (patch)
tree	e2a88e70e892eba05c49d0e0471703e99bec758d
parent	77cee7bdf01f5ba25b4baee9677c9732dc178dfb (diff)