diff options
| author | Vincent Pelletier <plr.vincent@gmail.com> | 2017-08-12 22:05:00 +0900 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-08-12 08:05:00 -0500 |
| commit | 6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9 (patch) | |
| tree | 5bfb5a0966cd3e00810b0161276e26aac8fdf3bb /src | |
| parent | ca941bd00baa598cb83d91a4e88b4bbcec0fc265 (diff) | |
| download | cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.tar.gz cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.tar.bz2 cryptography-6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9.zip | |
Add is_signature_valid method on CertificateRevocationList (#3849)
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 16 | ||||
| -rw-r--r-- | src/cryptography/x509/base.py | 6 |
2 files changed, 22 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 5bf0438e..9637fc0e 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -17,6 +17,7 @@ from cryptography.hazmat.backends.openssl.decode_asn1 import ( _asn1_string_to_bytes, _decode_x509_name, _obj2txt, _parse_asn1_time ) from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa @utils.register_interface(x509.Certificate) @@ -338,6 +339,21 @@ class _CertificateRevocationList(object): def extensions(self): return _CRL_EXTENSION_PARSER.parse(self._backend, self._x509_crl) + def is_signature_valid(self, public_key): + if not isinstance(public_key, (dsa.DSAPublicKey, rsa.RSAPublicKey, + ec.EllipticCurvePublicKey)): + raise TypeError('Expecting one of DSAPublicKey, RSAPublicKey,' + ' or EllipticCurvePublicKey.') + res = self._backend._lib.X509_CRL_verify( + self._x509_crl, public_key._evp_pkey + ) + + if res != 1: + self._backend._consume_errors() + return False + + return True + @utils.register_interface(x509.CertificateSigningRequest) class _CertificateSigningRequest(object): diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index ffa71916..2c96c5bc 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -250,6 +250,12 @@ class CertificateRevocationList(object): Checks not equal. """ + @abc.abstractmethod + def is_signature_valid(self, public_key): + """ + Verifies signature of revocation list against given public key. + """ + @six.add_metaclass(abc.ABCMeta) class CertificateSigningRequest(object): |