Implement CMS-timestamp-based replay protection. Closes #35.

svn path=/trunk/; revision=4586
author: Rob Austein <sra@hactrn.net> 2012-07-06 05:17:08 +0000
committer: Rob Austein <sra@hactrn.net> 2012-07-06 05:17:08 +0000
commit: aedaacf9aed490ce053c65c98a7cf6d18383ba60 (patch)
tree: 710dd9baa257ae7fe4a02e39053e66aedf1c5d36 /rpkid/rpki/http.py
parent: 617838817ef21db22f8699ab126e41f6ba090a02 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/rpkid/rpki/http.py b/rpkid/rpki/http.py
index a0055ac9..244a9305 100644
--- a/rpkid/rpki/http.py
+++ b/rpkid/rpki/http.py
@@ -1033,6 +1033,7 @@ class caller(object):
     self.server_ta = server_ta
     self.server_cert = server_cert
     self.url = url
+    self.cms_timestamp = None
     if debug is not None:
       self.debug = debug
 
@@ -1044,6 +1045,7 @@ class caller(object):
       """
       r_cms = self.proto.cms_msg(DER = r_der)
       r_msg = r_cms.unwrap((self.server_ta, self.server_cert))
+      self.cms_timestamp = r_cms.check_replay(self.cms_timestamp)
       if self.debug:
         print "<!-- Reply -->"
         print r_cms.pretty_print_content()
author	Rob Austein <sra@hactrn.net>	2012-07-06 05:17:08 +0000
committer	Rob Austein <sra@hactrn.net>	2012-07-06 05:17:08 +0000
commit	aedaacf9aed490ce053c65c98a7cf6d18383ba60 (patch)
tree	710dd9baa257ae7fe4a02e39053e66aedf1c5d36 /rpkid/rpki/http.py
parent	617838817ef21db22f8699ab126e41f6ba090a02 (diff)