def ValidateCertificateSignature(self, signed_cert, signing_cert):
"""Given a cert signed by another cert, validates the signature."""
# First the naive way -- note this does not check expiry / use etc.
signed = x509.load_der_x509_certificate(der_encoder.encode(signed_cert), default_backend())
signing = x509.load_der_x509_certificate(der_encoder.encode(signing_cert), default_backend())
verifier = signing.public_key().verifier(signed.signature, padding.PKCS1v15(), signed.signature_hash_algorithm)
verifier.update(signed.tbs_certificate_bytes)
try:
verifier.verify()
except Exception as e:
raise Asn1Error('1: Validation of cert signature failed: {}'.format(e))
评论列表
文章目录
