Implement CMS-timestamp-based replay protection. Closes #35.

svn path=/trunk/; revision=4586
author: Rob Austein <sra@hactrn.net> 2012-07-06 05:17:08 +0000
committer: Rob Austein <sra@hactrn.net> 2012-07-06 05:17:08 +0000
commit: aedaacf9aed490ce053c65c98a7cf6d18383ba60 (patch)
tree: 710dd9baa257ae7fe4a02e39053e66aedf1c5d36 /rpkid/rpki/rootd.py
parent: 617838817ef21db22f8699ab126e41f6ba090a02 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/rpkid/rpki/rootd.py b/rpkid/rpki/rootd.py
index 26b5db11..75257a80 100644
--- a/rpkid/rpki/rootd.py
+++ b/rpkid/rpki/rootd.py
@@ -264,7 +264,9 @@ class main(object):
 
   def up_down_handler(self, query, path, cb):
     try:
-      q_msg = cms_msg(DER = query).unwrap((self.bpki_ta, self.child_bpki_cert))
+      q_cms = cms_msg(DER = query)
+      q_msg = q_cms.unwrap((self.bpki_ta, self.child_bpki_cert))
+      self.cms_timestamp = q_cms.check_replay(self.cms_timestamp)
     except (rpki.async.ExitNow, SystemExit):
       raise
     except Exception, e:
@@ -323,6 +325,7 @@ class main(object):
     self.crl_number = None
     self.revoked = []
     self.foreground = False
+    self.cms_timestamp = None
 
     os.environ["TZ"] = "UTC"
     time.tzset()
author	Rob Austein <sra@hactrn.net>	2012-07-06 05:17:08 +0000
committer	Rob Austein <sra@hactrn.net>	2012-07-06 05:17:08 +0000
commit	aedaacf9aed490ce053c65c98a7cf6d18383ba60 (patch)
tree	710dd9baa257ae7fe4a02e39053e66aedf1c5d36 /rpkid/rpki/rootd.py
parent	617838817ef21db22f8699ab126e41f6ba090a02 (diff)