diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/rpki/cms.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/scripts/rpki/cms.py b/scripts/rpki/cms.py new file mode 100644 index 00000000..35386091 --- /dev/null +++ b/scripts/rpki/cms.py @@ -0,0 +1,29 @@ +# $Id$ + +""" +CMS routines. For the moment these just call the OpenSSL CLI tool, +which is slow and which really prefers PEM format to DER. Fix later. +""" + +import os + +# Also see the -certfile option (PEM bag of certs to be included in the message) + +def encode(xml, key, cer): + i,o = os.popen2("openssl", "smime", "-sign", "-nodetach", "-outform", "PEM", "-signer", cer, "-inkey", key) + i.write(xml) + i.close() + cms = o.read() + o.close() + return cms + +# We should be able to use -CAfile instead of -CApath here as we +# should be expecting a particular trust anchor. + +def decode(cms, dir): + i,o = os.popen2("openssl", "smime", "-verify", "-inform", "PEM", "-CApath", dir) + i.write(cms) + i.close() + xml = o.read() + o.close() + return xml |