diff options
| author | Rob Austein <sra@hactrn.net> | 2012-07-06 05:17:08 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-07-06 05:17:08 +0000 |
| commit | aedaacf9aed490ce053c65c98a7cf6d18383ba60 (patch) | |
| tree | 710dd9baa257ae7fe4a02e39053e66aedf1c5d36 /rpkid/rpki/left_right.py | |
| parent | 617838817ef21db22f8699ab126e41f6ba090a02 (diff) | |
Implement CMS-timestamp-based replay protection. Closes #35.
svn path=/trunk/; revision=4586
Diffstat (limited to 'rpkid/rpki/left_right.py')
| -rw-r--r-- | rpkid/rpki/left_right.py | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index 17d665c9..4c8c6cd0 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -791,6 +791,7 @@ class repository_elt(data_elt): bpki_cert = None bpki_glue = None + last_cms_timestamp = None @property def parents(self): @@ -840,7 +841,9 @@ class repository_elt(data_elt): def done(r_der): try: - r_msg = rpki.publication.cms_msg(DER = r_der).unwrap(bpki_ta_path) + r_cms = rpki.publication.cms_msg(DER = r_der) + r_msg = r_cms.unwrap(bpki_ta_path) + r_cms.check_replay_sql(self) for r_pdu in r_msg: handler = handlers.get(r_pdu.tag, self.default_pubd_handler) if handler: @@ -887,6 +890,7 @@ class parent_elt(data_elt): bpki_cms_cert = None bpki_cms_glue = None + last_cms_timestamp = None @property def repository(self): @@ -1066,11 +1070,13 @@ class parent_elt(data_elt): def unwrap(r_der): try: - r_msg = rpki.up_down.cms_msg(DER = r_der).unwrap((self.gctx.bpki_ta, - self.self.bpki_cert, - self.self.bpki_glue, - self.bpki_cms_cert, - self.bpki_cms_glue)) + r_cms = rpki.up_down.cms_msg(DER = r_der) + r_msg = r_cms.unwrap((self.gctx.bpki_ta, + self.self.bpki_cert, + self.self.bpki_glue, + self.bpki_cms_cert, + self.bpki_cms_glue)) + r_cms.check_replay_sql(self) r_msg.payload.check_response() except (SystemExit, rpki.async.ExitNow): raise @@ -1105,6 +1111,7 @@ class child_elt(data_elt): bpki_cert = None bpki_glue = None + last_cms_timestamp = None def fetch_child_certs(self, ca_detail = None, ski = None, unique = False): """ @@ -1178,11 +1185,13 @@ class child_elt(data_elt): bsc = self.bsc if bsc is None: raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id - q_msg = rpki.up_down.cms_msg(DER = query).unwrap((self.gctx.bpki_ta, - self.self.bpki_cert, - self.self.bpki_glue, - self.bpki_cert, - self.bpki_glue)) + q_cms = rpki.up_down.cms_msg(DER = query) + q_msg = q_cms.unwrap((self.gctx.bpki_ta, + self.self.bpki_cert, + self.self.bpki_glue, + self.bpki_cert, + self.bpki_glue)) + q_cms.check_replay_sql(self) q_msg.payload.gctx = self.gctx if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id): raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender |