1 files changed, 21 insertions, 0 deletions

diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 569e017e..42b52f1d 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -1550,6 +1550,27 @@ class XML_CMS_object(CMS_object):
     else:
       return self.saxify(self.get_content())
 
+  def check_replay(self, timestamp):
+    """
+    Check CMS signing-time in this object against a recorded
+    timestamp.  Raises an exception if the recorded timestamp is more
+    recent, otherwise returns the new timestamp.
+    """
+    new_timestamp = self.get_signingTime()
+    if timestamp is not None and timestamp > new_timestamp:
+      raise rpki.exceptions.CMSReplay(
+        "CMS replay: last message %s, this message %s" % (timestamp, new_timestamp))
+    return new_timestamp
+
+  def check_replay_sql(self, obj):
+    """
+    Like .check_replay() but gets recorded timestamp from
+    "last_cms_timestamp" field of an SQL object and stores the new 
+    timestamp back in that same field.
+    """
+    obj.last_cms_timestamp = self.check_replay(obj.last_cms_timestamp)
+    obj.sql_mark_dirty()
+
   ## @var saxify
   # SAX handler hook.  Subclasses can set this to a SAX handler, in
   # which case .unwrap() will call it and return the result.