X509Store class removed. X.509 verification moved from

X509Store.verify() to X509.verify().  Result seems to run properly
with trivial modification to existing Python BPKI code.

RPKI extended validation via this interface (the real point of this
exercise) still not tested.

svn path=/branches/tk705/; revision=6176

1 files changed, 4 insertions, 6 deletions

diff --git a/rpki/x509.py b/rpki/x509.py
index 3b19b96d..67a597e6 100644
--- a/rpki/x509.py
+++ b/rpki/x509.py
@@ -1539,8 +1539,6 @@ class CMS_object(DER_object):
             for c in crls:
                 logger.debug("Received CMS CRL issuer %r", c.getIssuer())
 
-        store = rpki.POW.X509Store()
-
         now = rpki.sundial.now()
 
         trusted_ee = None
@@ -1562,7 +1560,6 @@ class CMS_object(DER_object):
                 else:
                     raise rpki.exceptions.MultipleCMSEECert("Multiple CMS EE certificates", *("%s (%s)" % (
                         x.getSubject(), x.hSKI()) for x in ta if not x.is_CA()))
-            #store.addTrust(x.get_POW())
 
         if trusted_ee:
             if self.debug_cms_certs:
@@ -1607,9 +1604,10 @@ class CMS_object(DER_object):
         # machinery.  Awful mess due to history, needs cleanup, but
         # get it working again first.
 
-        store.verify(cert    = (trusted_ee or untrusted_ee).get_POW(),
-                     trusted = (x.get_POW() for x in trusted_ca),
-                     crl     = crls[0].get_POW() if untrusted_ee and crls else None)
+        cert = (trusted_ee or untrusted_ee).get_POW()
+
+        cert.verify(trusted = (x.get_POW() for x in trusted_ca),
+                    crl     = crls[0].get_POW() if untrusted_ee and crls else None)
 
         try:
             # XXX This isn't right yet, but let's test before gettting more complicated