RPKI Engine  1.0
Public Member Functions | Public Attributes | Static Public Attributes
rpki::x509::CMS_object Class Reference
Inheritance diagram for rpki::x509::CMS_object:
Inheritance graph
Collaboration diagram for rpki::x509::CMS_object:
Collaboration graph

List of all members.

Public Member Functions

def extract
def get_content
def get_DER
def get_POW
def get_signingTime
def set_content
def sign
def verify

Public Attributes

 content
 DER
 DER value of this object.
 POW

Static Public Attributes

 debug_cms_certs = False
 Set this to True to log a lot of chatter about CMS certificates.
 dump_on_verify_failure = True
 Set this to True to get dumpasn1 dumps of ASN.1 on CMS verify failures.
 dump_using_dumpasn1 = False
 Set this to use external dumpasn1 program, which is prettier and more informative than OpenSSL's CMS text dump, but which won't work if the dumpasn1 program isn't installed.
tuple econtent_oid = POWify_OID("id-data")
tuple formats = ("DER", "POW")
 Formats supported in this object.
tuple other_clear = ("content",)
 Other attributes that self.clear() should whack.
tuple pem_converter = PEM_converter("CMS")
 PEM converter for this object.
 print_on_der_error = True
 Set this to True to log alleged DER when we have trouble parsing it, in case it's really a Perl backtrace or something.
 require_crls = False
 Set this to False to make CMS CRLs optional in the cases where we would otherwise require them.

Detailed Description

Class to hold a CMS-wrapped object.

CMS-wrapped objects are a little different from the other DER_object
types because the signed object is CMS wrapping inner content that's
also ASN.1, and due to our current minimal support for CMS we can't
just handle this as a pretty composite object.  So, for now anyway,
a CMS_object is the outer CMS wrapped object so that the usual DER
and PEM operations do the obvious things, and the inner content is
handle via separate methods.

Definition at line 819 of file x509.py.


Member Function Documentation

def rpki::x509::CMS_object::extract (   self)
Extract and store inner content from CMS wrapper without verifying
the CMS.

DANGER WILL ROBINSON!!!

Do not use this method on unvalidated data.  Use the verify()
method instead.

If you don't understand this warning, don't use this method.

Definition at line 994 of file x509.py.

References rpki::x509::DER_CMS_object::decode(), rpki::x509::XML_CMS_object::decode(), rpki::x509::Ghostbuster::decode(), econtent_oid, get_content(), rpki::x509::X509::get_POW(), rpki::x509::RSA::get_POW(), rpki::x509::RSApublic::get_POW(), and get_POW().

Here is the call graph for this function:

def rpki::x509::CMS_object::get_content (   self)
def rpki::x509::CMS_object::get_DER (   self)
Get the DER value of this CMS_object.

Reimplemented from rpki::x509::DER_object.

Definition at line 867 of file x509.py.

Referenced by rpki::x509::XML_CMS_object::dump_to_disk(), verify(), and rpki::x509::XML_CMS_object::wrap().

Here is the caller graph for this function:

def rpki::x509::CMS_object::get_POW (   self)
Get the rpki.POW value of this CMS_object.

Definition at line 879 of file x509.py.

Referenced by extract(), get_signingTime(), rpki::x509::CRL::getIssuer(), and verify().

Here is the caller graph for this function:

def rpki::x509::CMS_object::get_signingTime (   self)
Extract signingTime from CMS signed attributes.

Definition at line 903 of file x509.py.

References rpki::x509::X509::get_POW(), rpki::x509::RSA::get_POW(), rpki::x509::RSApublic::get_POW(), and get_POW().

Here is the call graph for this function:

def rpki::x509::CMS_object::set_content (   self,
  content 
)
Set the (inner) content of this CMS_object, clearing the wrapper.

Definition at line 896 of file x509.py.

Referenced by rpki::x509::SignedManifest::build(), rpki::x509::ROA::build(), rpki::x509::Ghostbuster::build(), and rpki::x509::XML_CMS_object::wrap().

Here is the caller graph for this function:

def rpki::x509::CMS_object::sign (   self,
  keypair,
  certs,
  crls = None,
  no_certs = False 
)
def rpki::x509::CMS_object::verify (   self,
  ta 
)

Member Data Documentation

Reimplemented in rpki::x509::Ghostbuster, rpki::x509::XML_CMS_object, and rpki::x509::DER_CMS_object.

Definition at line 898 of file x509.py.

Referenced by get_content().

Set this to True to log a lot of chatter about CMS certificates.

Definition at line 845 of file x509.py.

Referenced by sign(), and verify().

DER value of this object.

Reimplemented from rpki::x509::DER_object.

Definition at line 869 of file x509.py.

Set this to True to get dumpasn1 dumps of ASN.1 on CMS verify failures.

Definition at line 840 of file x509.py.

Referenced by verify().

Set this to use external dumpasn1 program, which is prettier and more informative than OpenSSL's CMS text dump, but which won't work if the dumpasn1 program isn't installed.

Definition at line 852 of file x509.py.

Referenced by verify().

tuple rpki::x509::CMS_object::econtent_oid = POWify_OID("id-data") [static]

Reimplemented in rpki::x509::Ghostbuster, rpki::x509::XML_CMS_object, rpki::x509::ROA, and rpki::x509::SignedManifest.

Definition at line 834 of file x509.py.

Referenced by extract(), sign(), and verify().

tuple rpki::x509::CMS_object::formats = ("DER", "POW") [static]

Formats supported in this object.

Reimplemented from rpki::x509::DER_object.

Definition at line 832 of file x509.py.

tuple rpki::x509::CMS_object::other_clear = ("content",) [static]

Other attributes that self.clear() should whack.

Reimplemented from rpki::x509::DER_object.

Definition at line 833 of file x509.py.

PEM converter for this object.

Reimplemented from rpki::x509::DER_object.

Reimplemented in rpki::x509::Ghostbuster, rpki::x509::ROA, and rpki::x509::SignedManifest.

Definition at line 835 of file x509.py.

Definition at line 881 of file x509.py.

Referenced by sign().

Set this to True to log alleged DER when we have trouble parsing it, in case it's really a Perl backtrace or something.

Definition at line 865 of file x509.py.

Referenced by verify().

Set this to False to make CMS CRLs optional in the cases where we would otherwise require them.

Some day this option should go away and CRLs should be uncondtionally mandatory in such cases.

Definition at line 859 of file x509.py.

Referenced by verify().


The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables Properties