From a790548dd7fecf49a9fb4780801694ad3c585c0c Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 7 Aug 2007 02:45:41 +0000
Subject: Start on CMS

svn path=/scripts/rpki/cms.py; revision=833
---
 scripts/rpki/cms.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 scripts/rpki/cms.py

(limited to 'scripts/rpki/cms.py')

diff --git a/scripts/rpki/cms.py b/scripts/rpki/cms.py
new file mode 100644
index 00000000..35386091
--- /dev/null
+++ b/scripts/rpki/cms.py
@@ -0,0 +1,29 @@
+# $Id$
+
+"""
+CMS routines.  For the moment these just call the OpenSSL CLI tool,
+which is slow and which really prefers PEM format to DER.  Fix later.
+"""
+
+import os
+
+# Also see the -certfile option (PEM bag of certs to be included in the message)
+
+def encode(xml, key, cer):
+  i,o = os.popen2("openssl", "smime", "-sign", "-nodetach", "-outform", "PEM", "-signer", cer, "-inkey", key)
+  i.write(xml)
+  i.close()
+  cms = o.read()
+  o.close()
+  return cms
+
+# We should be able to use -CAfile instead of -CApath here as we
+# should be expecting a particular trust anchor.
+
+def decode(cms, dir):
+  i,o = os.popen2("openssl", "smime", "-verify", "-inform", "PEM", "-CApath", dir)
+  i.write(cms)
+  i.close()
+  xml = o.read()
+  o.close()
+  return xml
-- 
cgit v1.2.3