def verify_signature(data, signature, x509_certificate):
"""Verifies a signature using the given x.509 public key certificate."""
# PyCrypto 2.6 doesn't support x.509 certificates directly, so we'll need
# to extract the public key from it manually.
# This code is based on https://github.com/google/oauth2client/blob/master
# /oauth2client/_pycrypto_crypt.py
pem_lines = x509_certificate.replace(b' ', b'').split()
cert_der = base64.urlsafe_b64decode(b''.join(pem_lines[1:-1]))
cert_seq = DerSequence()
cert_seq.decode(cert_der)
tbs_seq = DerSequence()
tbs_seq.decode(cert_seq[0])
public_key = RSA.importKey(tbs_seq[6])
signer = PKCS1_v1_5.new(public_key)
digest = SHA256.new(data)
return signer.verify(digest, signature)
评论列表
文章目录
