aboutsummaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/irbe-cli.py6
-rwxr-xr-xscripts/irdb.py4
-rw-r--r--scripts/rpki/cms.py20
-rw-r--r--scripts/rpki/left_right.py12
-rw-r--r--scripts/rpki/x509.py2
-rwxr-xr-xscripts/rpkid.py4
6 files changed, 24 insertions, 24 deletions
diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py
index 4346107a..fc1dd091 100755
--- a/scripts/irbe-cli.py
+++ b/scripts/irbe-cli.py
@@ -144,7 +144,7 @@ while argv:
argv = q_pdu.client_getopt(argv[1:])
q_msg.append(q_pdu)
-# We don't use rpki.cms.xml_encode() and rpki.cms.xml_decode() because
+# We don't use rpki.cms.xml_sign() and rpki.cms.xml_verify() because
# we want to display the raw XML. If and when that changes, we clean
# up the following slightly.
@@ -160,7 +160,7 @@ except lxml.etree.DocumentInvalid:
print "Sending:"
print q_xml
-q_cms = rpki.cms.encode(q_xml,
+q_cms = rpki.cms.sign(q_xml,
rpki.x509.RSA(Auto_file = cfg.get(cfg_section, "cms-key")),
rpki.x509.X509_chain(Auto_files = cfg.multiget(cfg_section, "cms-cert")))
@@ -170,7 +170,7 @@ r_cms = rpki.https.client(privateKey = rpki.x509.RSA(Auto_file = cfg.get(cfg_
url = cfg.get(cfg_section, "https-url"),
msg = q_cms)
-r_xml = rpki.cms.decode(r_cms, rpki.x509.X509(Auto_file = cfg.get(cfg_section, "cms-ta")))
+r_xml = rpki.cms.verify(r_cms, rpki.x509.X509(Auto_file = cfg.get(cfg_section, "cms-ta")))
r_elt = lxml.etree.fromstring(r_xml)
try:
diff --git a/scripts/irdb.py b/scripts/irdb.py
index 4518df10..eb17381b 100755
--- a/scripts/irdb.py
+++ b/scripts/irdb.py
@@ -5,7 +5,7 @@ import rpki.https, rpki.config, rpki.resource_set, rpki.cms
def handler(query, path):
try:
- q_xml = rpki.cms.decode(query, cms_ta)
+ q_xml = rpki.cms.verify(query, cms_ta)
print q_xml
q_elt = lxml.etree.fromstring(q_xml)
rng.assertValid(q_elt)
@@ -41,7 +41,7 @@ def handler(query, path):
r_elt = r_msg.toXML()
rng.assertValid(r_elt)
r_xml = lxml.etree.tostring(r_elt, pretty_print=True, encoding="us-ascii", xml_declaration=True)
- r_cms = rpki.cms.encode(r_xml, cfg.get(section, "cms-key"), cfg.multiget(section, "cms-cert"))
+ r_cms = rpki.cms.sign(r_xml, cfg.get(section, "cms-key"), cfg.multiget(section, "cms-cert"))
return 200, r_cms
diff --git a/scripts/rpki/cms.py b/scripts/rpki/cms.py
index 12343317..604a9ca1 100644
--- a/scripts/rpki/cms.py
+++ b/scripts/rpki/cms.py
@@ -10,8 +10,8 @@ import os, rpki.x509, rpki.exceptions, lxml.etree
# openssl smime -sign -nodetach -outform DER -signer biz-certs/Alice-EE.cer -certfile biz-certs/Alice-CA.cer -inkey biz-certs/Alice-EE.key -in PLAN -out PLAN.der
-def encode(plaintext, keypair, certs):
- """Encode plaintext as CMS signed with a specified key and bag of certificates.
+def sign(plaintext, keypair, certs):
+ """Sign plaintext as CMS with specified key and bag of certificates.
We have to sort the certificates into the correct order before the
OpenSSL CLI tool will accept them. rpki.x509 handles that for us.
@@ -51,8 +51,8 @@ def encode(plaintext, keypair, certs):
# openssl smime -verify -inform DER -in PLAN.der -CAfile biz-certs/Alice-Root.cer
-def decode(cms, ta):
- """Decode and check the signature of a chunk of CMS.
+def verify(cms, ta):
+ """Verify the signature of a chunk of CMS.
Returns the plaintext on success. If OpenSSL CLI tool reports
anything other than successful verification, we raise an exception.
@@ -80,10 +80,10 @@ def decode(cms, ta):
raise rpki.exceptions.CMSVerificationFailed, "CMS verification failed with status %s" % status
-def xml_decode(elt, ta):
- """Composite routine to decode CMS-wrapped XML."""
- return lxml.etree.fromstring(decode(elt, ta))
+def xml_verify(elt, ta):
+ """Composite routine to verify CMS-wrapped XML."""
+ return lxml.etree.fromstring(verify(elt, ta))
-def xml_encode(elt, key, certs):
- """Composite routine to encode CMS-wrapped XML."""
- return encode(lxml.etree.tostring(elt, pretty_print=True, encoding="us-ascii", xml_declaration=True), key, certs)
+def xml_sign(elt, key, certs):
+ """Composite routine to sign CMS-wrapped XML."""
+ return sign(lxml.etree.tostring(elt, pretty_print=True, encoding="us-ascii", xml_declaration=True), key, certs)
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index c567fa5d..52a02d5d 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -383,9 +383,9 @@ class parent_elt(data_elt):
q_msg = rpki.up_down.message_pdu.make_query(q_pdu)
q_elt = q_msg.toXML()
rpki.relaxng.up_down.assertValid(q_elt)
- q_cms = rpki.cms.xml_encode(q_elt, bsc.private_key_id, bsc.signing_cert)
+ q_cms = rpki.cms.xml_sign(q_elt, bsc.private_key_id, bsc.signing_cert)
r_cms = self.client_up_down_reply(gctx, q_pdu, rpki.https.client(x509TrustList = rpki.x509.X509_chain(self.https_ta), msg = q_cms, url = self.peer_contact_uri))
- r_elt = rpki.cms.xml_decode(r_cms, self.cms_ta)
+ r_elt = rpki.cms.xml_verify(r_cms, self.cms_ta)
rpki.relaxng.up_down.assertValid(r_elt)
return rpki.up_down.sax_handler.saxify(r_elt)
@@ -431,7 +431,7 @@ class child_elt(data_elt):
bsc = bsc_elt.sql_fetch(gctx, self.bsc_id)
if bsc is None:
raise rpki.exceptions.NotFound, "Could not find BSC %s" % self.bsc_id
- q_elt = rpki.cms.xml_decode(query, self.cms_ta)
+ q_elt = rpki.cms.xml_verify(query, self.cms_ta)
rpki.relaxng.up_down.assertValid(q_elt)
q_msg = rpki.up_down.sax_handler.saxify(q_elt)
if q_msg.sender != str(self.child_id):
@@ -439,7 +439,7 @@ class child_elt(data_elt):
r_msg = q_msg.serve_top_level(gctx, self)
r_elt = r_msg.toXML()
rpki.relaxng.up_down.assertValid(r_elt)
- return rpki.cms.xml_encode(r_elt, bsc.private_key_id, bsc.signing_cert)
+ return rpki.cms.xml_sign(r_elt, bsc.private_key_id, bsc.signing_cert)
class repository_elt(data_elt):
"""<repository/> element."""
@@ -648,13 +648,13 @@ def irdb_query(gctx, self_id, child_id=None):
q_msg[0].child_id = child_id
q_elt = q_msg.toXML()
rpki.relaxng.left_right.assertValid(q_elt)
- q_cms = rpki.cms.xml_encode(q_elt, gctx.cms_key, gctx.cms_certs)
+ q_cms = rpki.cms.xml_sign(q_elt, gctx.cms_key, gctx.cms_certs)
r_cms = rpki.https.client(privateKey = gctx.https_key,
certChain = gctx.https_certs,
x509TrustList = gctx.https_tas,
url = gctx.irdb_url,
msg = q_cms)
- r_elt = rpki.cms.xml_decode(r_cms, gctx.cms_ta_irbe)
+ r_elt = rpki.cms.xml_verify(r_cms, gctx.cms_ta_irbe)
rpki.relaxng.left_right.assertValid(r_elt)
r_msg = rpki.left_right.sax_handler.saxify(r_elt)
if len(r_msg) != 0 or not isinstance(r_msg[0], list_resources_elt) or r_msg[0].type != "reply":
diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 6aa67507..e7fd1790 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -13,7 +13,7 @@ some of the nasty details. This involves a lot of format conversion.
"""
import POW, tlslite.api, POW.pkix, base64, time
-import rpki.exceptions, rpki.resource_set, rpki.manifest
+import rpki.exceptions, rpki.resource_set, rpki.manifest, rpki.cms
class PEM_converter(object):
"""Convert between DER and PEM encodings for various kinds of ASN.1 data."""
diff --git a/scripts/rpkid.py b/scripts/rpkid.py
index 0b629a6b..b4b20d73 100755
--- a/scripts/rpkid.py
+++ b/scripts/rpkid.py
@@ -10,13 +10,13 @@ import rpki.https, rpki.config, rpki.resource_set, rpki.up_down, rpki.left_right
def left_right_handler(query, path):
try:
- q_elt = rpki.cms.xml_decode(query, gctx.cms_ta_irbe)
+ q_elt = rpki.cms.xml_verify(query, gctx.cms_ta_irbe)
rpki.relaxng.left_right.assertValid(q_elt)
q_msg = rpki.left_right.sax_handler.saxify(q_elt)
r_msg = q_msg.serve_top_level(gctx)
r_elt = r_msg.toXML()
rpki.relaxng.left_right.assertValid(r_elt)
- return 200, rpki.cms.xml_encode(r_elt, gctx.cms_key, gctx.cms_certs)
+ return 200, rpki.cms.xml_sign(r_elt, gctx.cms_key, gctx.cms_certs)
except Exception, data:
traceback.print_exc()
return 500, "Unhandled exception %s" % data
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 21:33:43 +0000