def verify_certificate(self, peer_cert):
"""
??? ??
:param peer_cert: ?????
:return: ????
"""
# ??? ???? ??
not_after = peer_cert.not_valid_after
now = datetime.datetime.now()
if not_after < now:
logging.error("Certificate is Expired")
return False
# ??? ?? ??
ca_pub = self.__ca_cert.public_key()
signature = peer_cert.signature
data = peer_cert.tbs_certificate_bytes
validation_result = False
try:
ca_pub.verify(
signature=signature,
data=data,
signature_algorithm=ec.ECDSA(hashes.SHA256())
)
validation_result = True
except InvalidSignature:
logging.debug("InvalidSignatureException")
return validation_result
评论列表
文章目录
