def _ValidatePubkeyGeneric(self, signing_cert, digest_alg, payload,
enc_digest):
m2_cert = M2_X509.load_cert_der_string(der_encoder.encode(signing_cert))
pubkey = m2_cert.get_pubkey()
pubkey.reset_context(digest_alg().name)
pubkey.verify_init()
pubkey.verify_update(payload)
v = pubkey.verify_final(enc_digest)
if v != 1:
self.openssl_error = M2_Err.get_error()
# Let's try a special case. I have no idea how I would determine when
# to use this instead of the above code, so I'll always try. The
# observed problem was that for one countersignature (RSA on MD5),
# the encrypted digest did not contain an ASN.1 structure, but the
# raw hash value instead.
try:
rsa = pubkey.get_rsa()
except ValueError:
# It's not an RSA key, just fall through...
pass
else:
clear = rsa.public_decrypt(enc_digest, M2_RSA.pkcs1_padding)
if digest_alg(payload).digest() == clear:
return 1
return v
评论列表
文章目录
