def __verify_x509_signature(self, c, key):
"""Verify the signature of a certificate or CRL 'c' against a
provided public key 'key'."""
verifier = key.verifier(
c.signature, padding.PKCS1v15(),
c.signature_hash_algorithm)
if isinstance(c, x509.Certificate):
data = c.tbs_certificate_bytes
elif isinstance(c, x509.CertificateRevocationList):
data = c.tbs_certlist_bytes
else:
raise AssertionError("Invalid x509 object for "
"signature verification: {0}".format(type(c)))
verifier.update(data)
try:
verifier.verify()
return True
except Exception:
return False
评论列表
文章目录