diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-06 20:47:06 -0430 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-06 20:47:06 -0430 |
commit | a372db375a34b57fe8efba331b548247a3c42d1a (patch) | |
tree | 44dfb9dde90db993f6ed31e9306be719dbefa28b /src | |
parent | 40087ae7bde2b2455491f98a33c7fef580284ee5 (diff) | |
parent | fbda8ce83d8aa774bbd5438dfd98def87585df3b (diff) | |
download | cryptography-a372db375a34b57fe8efba331b548247a3c42d1a.tar.gz cryptography-a372db375a34b57fe8efba331b548247a3c42d1a.tar.bz2 cryptography-a372db375a34b57fe8efba331b548247a3c42d1a.zip |
Merge pull request #2670 from joernheissler/x509_req_verify
Add verify method on CertificateSigningRequest
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 13 | ||||
-rw-r--r-- | src/cryptography/x509/base.py | 6 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index a6f7d69e..c71f8d92 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -362,3 +362,16 @@ class _CertificateSigningRequest(object): @property def signature(self): return _asn1_string_to_bytes(self._backend, self._x509_req.signature) + + @property + def is_signature_valid(self): + pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req) + self._backend.openssl_assert(pkey != self._backend._ffi.NULL) + pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) + res = self._backend._lib.X509_REQ_verify(self._x509_req, pkey) + + if res != 1: + self._backend._consume_errors() + return False + + return True diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 55e965f7..4a22ed02 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -288,6 +288,12 @@ class CertificateSigningRequest(object): 2986. """ + @abc.abstractproperty + def is_signature_valid(self): + """ + Verifies signature of signing request. + """ + @six.add_metaclass(abc.ABCMeta) class RevokedCertificate(object): |