def validate(self, bucket, key, public_key, digest_data, inflated_digest):
"""Validates a digest file.
Throws a DigestError when the digest is invalid.
:param bucket: Bucket of the digest file
:param key: Key of the digest file
:param public_key: Public key bytes.
:param digest_data: Dict of digest data returned when JSON
decoding a manifest.
:param inflated_digest: Inflated digest file contents as bytes.
"""
try:
decoded_key = base64.b64decode(public_key)
public_key = rsa.PublicKey.load_pkcs1(decoded_key, format='DER')
to_sign = self._create_string_to_sign(digest_data, inflated_digest)
signature_bytes = binascii.unhexlify(digest_data['_signature'])
rsa.verify(to_sign, signature_bytes, public_key)
except PyAsn1Error:
raise DigestError(
('Digest file\ts3://%s/%s\tINVALID: Unable to load PKCS #1 key'
' with fingerprint %s')
% (bucket, key, digest_data['digestPublicKeyFingerprint']))
except rsa.pkcs1.VerificationError:
# Note from the Python-RSA docs: Never display the stack trace of
# a rsa.pkcs1.VerificationError exception. It shows where in the
# code the exception occurred, and thus leaks information about
# the key.
raise DigestSignatureError(bucket, key)
评论列表
文章目录
