Add is_signature_valid method on CertificateRevocationList (#3849)

author: Vincent Pelletier <plr.vincent@gmail.com> 2017-08-12 22:05:00 +0900
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-08-12 08:05:00 -0500
commit: 6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9 (patch)
tree: 5bfb5a0966cd3e00810b0161276e26aac8fdf3bb /src/cryptography/hazmat/backends/openssl/x509.py
parent: ca941bd00baa598cb83d91a4e88b4bbcec0fc265 (diff)
download: cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.tar.gz
cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.tar.bz2
cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 5bf0438e..9637fc0e 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -17,6 +17,7 @@ from cryptography.hazmat.backends.openssl.decode_asn1 import (
     _asn1_string_to_bytes, _decode_x509_name, _obj2txt, _parse_asn1_time
 )
 from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
 
 
 @utils.register_interface(x509.Certificate)
@@ -338,6 +339,21 @@ class _CertificateRevocationList(object):
     def extensions(self):
         return _CRL_EXTENSION_PARSER.parse(self._backend, self._x509_crl)
 
+    def is_signature_valid(self, public_key):
+        if not isinstance(public_key, (dsa.DSAPublicKey, rsa.RSAPublicKey,
+                                       ec.EllipticCurvePublicKey)):
+            raise TypeError('Expecting one of DSAPublicKey, RSAPublicKey,'
+                            ' or EllipticCurvePublicKey.')
+        res = self._backend._lib.X509_CRL_verify(
+            self._x509_crl, public_key._evp_pkey
+        )
+
+        if res != 1:
+            self._backend._consume_errors()
+            return False
+
+        return True
+
 
 @utils.register_interface(x509.CertificateSigningRequest)
 class _CertificateSigningRequest(object):
author	Vincent Pelletier <plr.vincent@gmail.com>	2017-08-12 22:05:00 +0900
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-08-12 08:05:00 -0500
commit	6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9 (patch)
tree	5bfb5a0966cd3e00810b0161276e26aac8fdf3bb /src/cryptography/hazmat/backends/openssl/x509.py
parent	ca941bd00baa598cb83d91a4e88b4bbcec0fc265 (diff)
download	cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.tar.gz cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.tar.bz2 cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.zip