From 1bd77e2f4ee2fcdd9233ea36ed74edeee02817c5 Mon Sep 17 00:00:00 2001 From: Joern Heissler Date: Wed, 13 Jan 2016 22:51:37 +0100 Subject: Add verify method on CertificateSigningRequest --- src/cryptography/hazmat/backends/openssl/x509.py | 12 +++++++++++- src/cryptography/x509/base.py | 6 ++++++ 2 files changed, 17 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index a6f7d69e..18274aa1 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function import operator from cryptography import utils, x509 -from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature from cryptography.hazmat.backends.openssl.decode_asn1 import ( _CERTIFICATE_EXTENSION_PARSER, _CRL_EXTENSION_PARSER, _CSR_EXTENSION_PARSER, _REVOKED_CERTIFICATE_EXTENSION_PARSER, @@ -362,3 +362,13 @@ class _CertificateSigningRequest(object): @property def signature(self): return _asn1_string_to_bytes(self._backend, self._x509_req.signature) + + def verify(self): + pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req) + self._backend.openssl_assert(pkey != self._backend._ffi.NULL) + pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) + res = self._backend._lib.X509_REQ_verify(self._x509_req, pkey) + + if res != 1: + self._backend._consume_errors() + raise InvalidSignature diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 55e965f7..d24070d5 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -288,6 +288,12 @@ class CertificateSigningRequest(object): 2986. """ + @abc.abstractmethod + def verify(self): + """ + Verifies signature of signing request. + """ + @six.add_metaclass(abc.ABCMeta) class RevokedCertificate(object): -- cgit v1.2.3 From fbda8ce83d8aa774bbd5438dfd98def87585df3b Mon Sep 17 00:00:00 2001 From: Joern Heissler Date: Mon, 18 Jan 2016 00:24:44 +0100 Subject: Change method to property --- src/cryptography/hazmat/backends/openssl/x509.py | 9 ++++++--- src/cryptography/x509/base.py | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 18274aa1..c71f8d92 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function import operator from cryptography import utils, x509 -from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.openssl.decode_asn1 import ( _CERTIFICATE_EXTENSION_PARSER, _CRL_EXTENSION_PARSER, _CSR_EXTENSION_PARSER, _REVOKED_CERTIFICATE_EXTENSION_PARSER, @@ -363,7 +363,8 @@ class _CertificateSigningRequest(object): def signature(self): return _asn1_string_to_bytes(self._backend, self._x509_req.signature) - def verify(self): + @property + def is_signature_valid(self): pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req) self._backend.openssl_assert(pkey != self._backend._ffi.NULL) pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) @@ -371,4 +372,6 @@ class _CertificateSigningRequest(object): if res != 1: self._backend._consume_errors() - raise InvalidSignature + return False + + return True diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index d24070d5..4a22ed02 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -288,8 +288,8 @@ class CertificateSigningRequest(object): 2986. """ - @abc.abstractmethod - def verify(self): + @abc.abstractproperty + def is_signature_valid(self): """ Verifies signature of signing request. """ -- cgit v1.2.3