5 files changed, 60 insertions, 62 deletions

diff --git a/rpkid/rpki/gctx.py b/rpkid/rpki/gctx.py
index d6a572a4..aad7643a 100644
--- a/rpkid/rpki/gctx.py
+++ b/rpkid/rpki/gctx.py
@@ -74,17 +74,14 @@ class global_context(object):
     q_msg[0].type = "query"
     q_msg[0].self_id = self_id
     q_msg[0].child_id = child_id
-    q_elt = q_msg.toXML()
-    q_cms = rpki.x509.left_right_pdu.build(q_elt, self.cms_key, self.cms_certs)
+    q_cms = rpki.left_right.cms_msg.wrap(q_msg, self.cms_key, self.cms_certs)
     der = rpki.https.client(
       client_key   = self.https_key,
       client_certs = self.https_certs,
       server_ta    = self.https_ta_irdb,
       url          = self.irdb_url,
-      msg          = q_cms.get_DER())
-    r_cms = rpki.x509.left_right_pdu(DER = der)
-    r_elt = r_cms.verify(self.cms_ta_irdb)
-    r_msg = rpki.left_right.sax_handler.saxify(r_elt)
+      msg          = q_cms)
+    r_msg = rpki.left_right.cms_msg.unwrap(der, self.cms_ta_irdb)
     if len(r_msg) == 0 or not isinstance(r_msg[0], rpki.left_right.list_resources_elt) or r_msg[0].type != "reply":
       raise rpki.exceptions.BadIRDBReply, "Unexpected response to IRDB query: %s" % lxml.etree.tostring(r_msg.toXML(), pretty_print = True, encoding = "us-ascii")
     return rpki.resource_set.resource_bag(
@@ -115,19 +112,11 @@ class global_context(object):
     """Process one left-right PDU."""
     rpki.log.trace()
     try:
-      q_cms = rpki.x509.left_right_pdu(DER = query)
-      q_elt = q_cms.verify(self.cms_ta_irbe)
-      q_msg = rpki.left_right.sax_handler.saxify(q_elt)
+      q_msg = rpki.left_right.cms_msg.unwrap(query, self.cms_ta_irbe)
       r_msg = q_msg.serve_top_level(self)
-      r_elt = r_msg.toXML()
-      r_cms = rpki.x509.left_right_pdu.build(r_elt, self.cms_key, self.cms_certs)
-      reply = r_cms.get_DER()
+      reply = rpki.left_right.cms_msg.wrap(r_msg, self.cms_key, self.cms_certs)
       self.sql_sweep()
       return 200, reply
-    except lxml.etree.DocumentInvalid:
-      rpki.log.warn("Received reply document does not pass schema check: " + lxml.etree.tostring(r_elt, pretty_print = True))
-      rpki.log.warn(traceback.format_exc())
-      return 500, "Schema violation"
     except Exception, data:
       rpki.log.error(traceback.format_exc())
       return 500, "Unhandled exception %s" % data
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index e14ed7cb..3361ac5e 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -17,7 +17,7 @@
 """RPKI "left-right" protocol."""
 
 import base64, lxml.etree, time, traceback, os
-import rpki.sax_utils, rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions
+import rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions, rpki.sax_utils
 import rpki.https, rpki.up_down, rpki.relaxng, rpki.sundial, rpki.log, rpki.roa
 
 xmlns = "http://www.hactrn.net/uris/rpki/left-right-spec/"
@@ -609,18 +609,15 @@ class parent_elt(data_elt):
       payload = q_pdu,
       sender = self.sender_name,
       recipient = self.recipient_name)
-    q_elt = q_msg.toXML()
-    q_cms = rpki.x509.up_down_pdu.build(q_elt, bsc.private_key_id, bsc.signing_cert)
+    q_cms = rpki.up_down.cms_msg.wrap(q_msg, bsc.private_key_id, bsc.signing_cert)
 
     der = rpki.https.client(server_ta    = self.peer_biz_cert,
                             client_key   = bsc.private_key_id,
                             client_certs = bsc.signing_cert,
-                            msg          = q_cms.get_DER(),
+                            msg          = q_cms,
                             url          = self.peer_contact_uri)
 
-    r_cms = rpki.x509.up_down_pdu(DER = der)
-    r_elt = r_cms.verify(self.peer_biz_cert)
-    r_msg = rpki.up_down.sax_handler.saxify(r_elt)
+    r_msg = rpki.up_down.cms_msg.unwrap(der, self.peer_biz_cert)
     r_msg.payload.check_response()
     return r_msg
 
@@ -699,9 +696,7 @@ class child_elt(data_elt):
     bsc = self.bsc()
     if bsc is None:
       raise rpki.exceptions.BSCNotFound, "Could not find BSC %s" % self.bsc_id
-    q_cms = rpki.x509.up_down_pdu(DER = query)
-    q_elt = q_cms.verify(self.peer_biz_cert)
-    q_msg = rpki.up_down.sax_handler.saxify(q_elt)
+    q_msg = rpki.up_down.cms_msg.unwrap(query, self.peer_biz_cert)
     q_msg.payload.gctx = self.gctx
     if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id):
       raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender
@@ -715,9 +710,8 @@ class child_elt(data_elt):
     # sane way of reporting errors in the error reporting mechanism.
     # May require refactoring, ignore the issue for now.
     #
-    r_elt = r_msg.toXML()
-    r_cms = rpki.x509.up_down_pdu.build(r_elt, bsc.private_key_id, bsc.signing_cert)
-    return r_cms.get_DER()
+    r_cms = rpki.up_down.cms_msg.wrap(r_msg, bsc.private_key_id, bsc.signing_cert)
+    return r_cms
 
 class repository_elt(data_elt):
   """<repository/> element."""
@@ -1114,11 +1108,13 @@ class msg(list):
 class sax_handler(rpki.sax_utils.handler):
   """SAX handler for Left-Right protocol."""
 
-  ## @var pdu
-  # Top-level PDU class
   pdu = msg
+  name = "msg"
+  version = "1"
 
-  def create_top_level(self, name, attrs):
-    """Top-level PDU for this protocol is <msg/>."""
-    assert name == "msg" and attrs["version"] == "1"
-    return self.pdu()
+class cms_msg(rpki.x509.XML_CMS_object):
+  """Class to hold a CMS-signed left-right PDU."""
+
+  encoding = "us-ascii"
+  schema = rpki.relaxng.left_right
+  saxify = sax_handler.saxify
diff --git a/rpkid/rpki/sax_utils.py b/rpkid/rpki/sax_utils.py
index a472bee9..75443251 100644
--- a/rpkid/rpki/sax_utils.py
+++ b/rpkid/rpki/sax_utils.py
@@ -91,3 +91,8 @@ class handler(xml.sax.handler.ContentHandler):
     self = cls()
     lxml.sax.saxify(elt, self)
     return self.result
+
+  def create_top_level(self, name, attrs):
+    """Handle top-level PDU for this protocol."""
+    assert name == self.name and attrs["version"] == self.version
+    return self.pdu()
diff --git a/rpkid/rpki/up_down.py b/rpkid/rpki/up_down.py
index d69dfd9e..5dbc1e7c 100644
--- a/rpkid/rpki/up_down.py
+++ b/rpkid/rpki/up_down.py
@@ -17,7 +17,8 @@
 """RPKI "up-down" protocol."""
 
 import base64, lxml.etree, time
-import rpki.sax_utils, rpki.resource_set, rpki.x509, rpki.exceptions
+import rpki.resource_set, rpki.x509, rpki.exceptions
+import rpki.sax_utils, rpki.relaxng
 
 xmlns="http://www.apnic.net/specs/rescerts/up-down/"
 
@@ -511,6 +512,13 @@ class message_pdu(base_elt):
 class sax_handler(rpki.sax_utils.handler):
   """SAX handler for Up-Down protocol."""
 
-  def create_top_level(self, name, attrs):
-    """Top-level PDU for this protocol is <message/>."""
-    return message_pdu()
+  pdu = message_pdu
+  name = "message"
+  version = "1"
+
+class cms_msg(rpki.x509.XML_CMS_object):
+  """Class to hold a CMS-signed up-down PDU."""
+
+  encoding = "UTF-8"
+  schema = rpki.relaxng.up_down
+  saxify = sax_handler.saxify
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index fa46fb74..d220f39d 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -28,7 +28,7 @@ some of the nasty details.  This involves a lot of format conversion.
 
 import POW, tlslite.api, POW.pkix, base64, lxml.etree, os
 import rpki.exceptions, rpki.resource_set, rpki.oids, rpki.sundial
-import rpki.manifest, rpki.roa, rpki.relaxng
+import rpki.manifest, rpki.roa
 
 def calculate_SKI(public_key_der):
   """Calculate the SKI value given the DER representation of a public
@@ -209,7 +209,7 @@ class DER_object(object):
     return self.get_DER()
 
   def dumpasn1(self):
-    """Prettyprint an ASN.1 DER object using cryptlib dumpasn1 tool.
+    """Pretty print an ASN.1 DER object using cryptlib dumpasn1 tool.
     Use a temporary file rather than popen4() because dumpasn1 uses
     seek() when decoding ASN.1 content nested in OCTET STRING values.
     """
@@ -754,8 +754,8 @@ class XML_CMS_object(CMS_object):
     """Decode XML and set inner content."""
     self.content = lxml.etree.fromstring(xml)
 
-  def prettyprint_content(self):
-    """Prettyprint XML content of this message."""
+  def pretty_print_content(self):
+    """Pretty print XML content of this message."""
     return lxml.etree.tostring(self.get_content(), pretty_print = True, encoding = self.encoding, xml_declaration = True)
 
   def schema_check(self):
@@ -763,35 +763,35 @@ class XML_CMS_object(CMS_object):
     try:
       self.schema.assertValid(self.get_content())
     except lxml.etree.DocumentInvalid:
-      rpki.log.error("PDU failed schema check: " + self.prettyprint_content())
+      rpki.log.error("PDU failed schema check: " + self.pretty_print_content())
       raise
 
   @classmethod
-  def build(cls, elt, keypair, certs):
-    """Build a CMS-wrapped XML PDU."""
+  def wrap(cls, msg, keypair, certs, pretty_print = False):
+    """Build a CMS-wrapped XML PDU and return its DER encoding."""
     self = cls()
-    self.set_content(elt)
+    self.set_content(msg.toXML())
     self.schema_check()
     self.sign(keypair, certs)
-    return self
+    if pretty_print:
+      return self.get_DER(), self.pretty_print_content()
+    else:
+      return self.get_DER()
 
-  def verify(self, ta):
-    """Wrapper around CMS_object.verify(), adds RelaxNG schema check."""
+  @classmethod
+  def unwrap(cls, der, ta, pretty_print = False):
+    """Unwrap a CMS-wrapped XML PDU and return Python objects."""
+    self = cls(DER = der)
     CMS_object.verify(self, ta)
     self.schema_check()
-    return self.get_content()
-
-class left_right_pdu(XML_CMS_object):
-  """Class to hold a CMS-signed left-right PDU."""
-
-  encoding = "us-ascii"
-  schema = rpki.relaxng.left_right
-
-class up_down_pdu(XML_CMS_object):
-  """Class to hold a CMS-signed up-down PDU."""
+    msg = self.saxify(self.get_content())
+    if pretty_print:
+      return msg, self.pretty_print_content()
+    else:
+      return msg
 
-  encoding = "UTF-8"
-  schema = rpki.relaxng.up_down
+  def verify(self, ta):
+    raise NotImplementedError, "Should not be calling this, it's obsolete"
 
 class CRL(DER_object):
   """Class to hold a Certificate Revocation List."""