Start on CMS

svn path=/scripts/rpki/cms.py; revision=833
author: Rob Austein <sra@hactrn.net> 2007-08-07 02:45:41 +0000
committer: Rob Austein <sra@hactrn.net> 2007-08-07 02:45:41 +0000
commit: a790548dd7fecf49a9fb4780801694ad3c585c0c (patch)
tree: afd398f68e9deca462806d435d90ae6bf6664ad7 /scripts/rpki/cms.py
parent: 48e65e954b61b6570be4b9fb4d1f84648b0f1962 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/scripts/rpki/cms.py b/scripts/rpki/cms.py
new file mode 100644
index 00000000..35386091
--- /dev/null
+++ b/scripts/rpki/cms.py
@@ -0,0 +1,29 @@
+# $Id$
+
+"""
+CMS routines.  For the moment these just call the OpenSSL CLI tool,
+which is slow and which really prefers PEM format to DER.  Fix later.
+"""
+
+import os
+
+# Also see the -certfile option (PEM bag of certs to be included in the message)
+
+def encode(xml, key, cer):
+  i,o = os.popen2("openssl", "smime", "-sign", "-nodetach", "-outform", "PEM", "-signer", cer, "-inkey", key)
+  i.write(xml)
+  i.close()
+  cms = o.read()
+  o.close()
+  return cms
+
+# We should be able to use -CAfile instead of -CApath here as we
+# should be expecting a particular trust anchor.
+
+def decode(cms, dir):
+  i,o = os.popen2("openssl", "smime", "-verify", "-inform", "PEM", "-CApath", dir)
+  i.write(cms)
+  i.close()
+  xml = o.read()
+  o.close()
+  return xml
author	Rob Austein <sra@hactrn.net>	2007-08-07 02:45:41 +0000
committer	Rob Austein <sra@hactrn.net>	2007-08-07 02:45:41 +0000
commit	a790548dd7fecf49a9fb4780801694ad3c585c0c (patch)
tree	afd398f68e9deca462806d435d90ae6bf6664ad7 /scripts/rpki/cms.py
parent	48e65e954b61b6570be4b9fb4d1f84648b0f1962 (diff)