def validate_key_usage(loaded_cert):
"""
Given a cryptography object for the issuer cert, checks that if
the keyUsage extension is being used that the digital signature
bit has been asserted. (As specified in RFC 3820 section 3.1.)
"""
try:
key_usage = loaded_cert.extensions.get_extension_for_oid(
x509.oid.ExtensionOID.KEY_USAGE)
if not key_usage.value.digital_signature:
raise ValueError(
"Certificate is using the keyUsage extension, but has "
"not asserted the Digital Signature bit.")
except x509.ExtensionNotFound: # keyUsage extension not used
return
评论列表
文章目录
