Switch to using new CMS routines.

svn path=/rpkid/irbe-setup.py; revision=1643

3 files changed, 15 insertions, 15 deletions

diff --git a/rpkid/irbe-setup.py b/rpkid/irbe-setup.py
index b3ae8bc1..d34debbe 100644
--- a/rpkid/irbe-setup.py
+++ b/rpkid/irbe-setup.py
@@ -53,7 +53,7 @@ def call_rpkid(pdu):
   except lxml.etree.DocumentInvalid:
     print lxml.etree.tostring(elt, pretty_print = True, encoding = "us-ascii")
     raise
-  elt = rpki.cms.xml_verify(cms = rpki.https.client(client_key   = https_key,
+  elt = rpki.cms.xml_verify(der = rpki.https.client(client_key   = https_key,
                                                     client_certs = https_certs,
                                                     server_ta    = https_tas,
                                                     url          = https_url,
diff --git a/rpkid/rpki/cms.py b/rpkid/rpki/cms.py
index 1bbf18fd..e3e452b5 100644
--- a/rpkid/rpki/cms.py
+++ b/rpkid/rpki/cms.py
@@ -17,7 +17,7 @@
 """CMS routines.
 
 These used to use the OpenSSL CLI too, which was slow.  I've since
-added minimal PKCS #7 / CMS capability to POW, so we now use that
+added minimal PKCS #7 and CMS capability to POW, so we now use that
 instead.  I should write a pretty DER_object wrapper around the POW
 code and include it in x509.py, but I haven't gotten to that yet.
 """
@@ -37,20 +37,20 @@ def sign(plaintext, keypair, certs):
   OpenSSL CLI tool will accept them.  rpki.x509 handles that for us.
   """
 
-  p7 = POW.PKCS7()
-  p7.sign(certs[0].get_POW(), keypair.get_POW(), [x.get_POW() for x in certs[1:]], plaintext)
-  cms = p7.derWrite()
+  cms = POW.CMS()
+  cms.sign(certs[0].get_POW(), keypair.get_POW(), [x.get_POW() for x in certs[1:]], plaintext)
+  der = cms.derWrite()
 
   if debug >= 2:
     print
     print "Signed CMS:"
-    dumpasn1(cms)
+    dumpasn1(der)
 
-  return cms
+  return der
 
 # openssl smime -verify -inform DER -in THING.der -CAfile biz-certs/Alice-Root.cer
 
-def verify(cms, ta):
+def verify(der, ta):
   """Verify the signature of a chunk of CMS.
 
   Returns the plaintext on success, otherwise raise an exception.
@@ -59,15 +59,15 @@ def verify(cms, ta):
   if debug >= 2:
     print
     print "Verifying CMS:"
-    dumpasn1(cms)
+    dumpasn1(der)
 
-  p7 = POW.derRead(POW.PKCS7_MESSAGE, cms)
+  cms = POW.derRead(POW.CMS_MESSAGE, der)
 
   store = POW.X509Store()
   store.addTrust(ta.get_POW())
 
   try:
-    return p7.verify(store)
+    return cms.verify(store)
 
   except:
     if debug >= 1:
@@ -77,13 +77,13 @@ def verify(cms, ta):
       dumpasn1(ta.get_DER())
       print
       print "CMS:"
-      dumpasn1(cms)
+      dumpasn1(der)
     raise rpki.exceptions.CMSVerificationFailed, "CMS verification failed"
 
-def xml_verify(cms, ta):
+def xml_verify(der, ta):
   """Composite routine to verify CMS-wrapped XML."""
 
-  val = lxml.etree.fromstring(verify(cms, ta))
+  val = lxml.etree.fromstring(verify(der, ta))
   return val
 
 def xml_sign(elt, key, certs, encoding = "us-ascii"):
diff --git a/rpkid/testbed.py b/rpkid/testbed.py
index 647b4b0f..8b9ce2ff 100644
--- a/rpkid/testbed.py
+++ b/rpkid/testbed.py
@@ -537,7 +537,7 @@ class allocation(object):
       server_ta    = rpki.x509.X509_chain(self.rpkid_ta),
       url          = url,
       msg          = cms)
-    elt = rpki.cms.xml_verify(cms = cms, ta = self.rpkid_ta)
+    elt = rpki.cms.xml_verify(der = cms, ta = self.rpkid_ta)
     rpki.relaxng.left_right.assertValid(elt)
     rpki.log.debug(lxml.etree.tostring(elt, pretty_print = True, encoding = "us-ascii"))
     pdu = rpki.left_right.sax_handler.saxify(elt)[0]