def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string, The message to verify.
signature: string, The signature on the message.
Returns:
True if message was signed by the private key associated with the public
key that this object was constructed with.
"""
try:
return PKCS1_v1_5.new(self._pubkey).verify(
SHA256.new(message), signature)
except:
return False
python类verify()的实例源码
def validate_signature(app_root, cert):
app_metadata_folder = os.path.join(app_root, META_DATA_FOLDER)
app_manifest_file = os.path.join(app_metadata_folder, MANIFEST_FILE)
signature_file = os.path.join(app_metadata_folder, SIGNATURE_FILE)
with open(signature_file, 'rb') as sf:
signature = sf.read()
checksum = file_checksum(hashlib.sha256,
file=app_manifest_file).encode('utf-8')
if cert:
try:
crypto.verify(cert, signature, checksum, 'sha256')
except Exception as e:
raise InvalidSignature('Invalid Signature: ' + e)
else:
if checksum != signature:
raise InvalidSignature('Invalid Signature')
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string or bytes, The message to verify. If string, will be
encoded to bytes as utf-8.
signature: string or bytes, The signature on the message. If string,
will be encoded to bytes as utf-8.
Returns:
True if message was signed by the private key associated with the
public key that this object was constructed with.
"""
message = _helpers._to_bytes(message, encoding='utf-8')
signature = _helpers._to_bytes(signature, encoding='utf-8')
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except crypto.Error:
return False
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string or bytes, The message to verify. If string, will be
encoded to bytes as utf-8.
signature: string or bytes, The signature on the message. If string,
will be encoded to bytes as utf-8.
Returns:
True if message was signed by the private key associated with the
public key that this object was constructed with.
"""
message = _helpers._to_bytes(message, encoding='utf-8')
signature = _helpers._to_bytes(signature, encoding='utf-8')
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except crypto.Error:
return False
def verify_chain(self, cert_chain_str_list, cert_str):
"""
:param cert_chain_str_list: Must be a list of certificate strings,
where the first certificate to be validate
is in the beginning and the root certificate is last.
:param cert_str: The certificate to be validated.
:return:
"""
for tmp_cert_str in cert_chain_str_list:
valid, message = self.verify(tmp_cert_str, cert_str)
if not valid:
return False, message
else:
cert_str = tmp_cert_str
return (True,
"Signed certificate is valid and correctly signed by CA "
"certificate.")
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string or bytes, The message to verify. If string, will be
encoded to bytes as utf-8.
signature: string or bytes, The signature on the message. If string,
will be encoded to bytes as utf-8.
Returns:
True if message was signed by the private key associated with the
public key that this object was constructed with.
"""
message = _to_bytes(message, encoding='utf-8')
signature = _to_bytes(signature, encoding='utf-8')
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except crypto.Error:
return False
def test_sign(self):
"""
L{X509Req.sign} succeeds when passed a private key object and a valid
digest function. C{X509Req.verify} can be used to check the signature.
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
request.set_pubkey(key)
request.sign(key, 'MD5')
# If the type has a verify method, cover that too.
if getattr(request, 'verify', None) is not None:
pub = request.get_pubkey()
self.assertTrue(request.verify(pub))
# Make another key that won't verify.
key = PKey()
key.generate_key(TYPE_RSA, 512)
self.assertRaises(Error, request.verify, key)
def test_load_pkcs12(self):
"""
A PKCS12 string generated using the openssl command line can be loaded
with L{load_pkcs12} and its components extracted and examined.
"""
passwd = 'whatever'
pem = client_key_pem + client_cert_pem
p12_str = _runopenssl(
pem, "pkcs12", '-export', '-clcerts', '-passout', 'pass:' + passwd)
p12 = load_pkcs12(p12_str, passwd)
# verify
self.assertTrue(isinstance(p12, PKCS12))
cert_pem = dump_certificate(FILETYPE_PEM, p12.get_certificate())
self.assertEqual(cert_pem, client_cert_pem)
key_pem = dump_privatekey(FILETYPE_PEM, p12.get_privatekey())
self.assertEqual(key_pem, client_key_pem)
self.assertEqual(None, p12.get_ca_certificates())
def test_get_revoked(self):
"""
Use python to create a simple CRL with two revocations.
Get back the L{Revoked} using L{OpenSSL.CRL.get_revoked} and
verify them.
"""
crl = CRL()
revoked = Revoked()
now = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
revoked.set_rev_date(now)
revoked.set_serial(b('3ab'))
crl.add_revoked(revoked)
revoked.set_serial(b('100'))
revoked.set_reason(b('sUpErSeDEd'))
crl.add_revoked(revoked)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(type(revs[0]), Revoked)
self.assertEqual(type(revs[1]), Revoked)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[0].get_rev_date(), now)
self.assertEqual(revs[1].get_rev_date(), now)
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string, The message to verify.
signature: string, The signature on the message.
Returns:
True if message was signed by the private key associated with the public
key that this object was constructed with.
"""
from OpenSSL import crypto
try:
if isinstance(message, six.text_type):
message = message.encode('utf-8')
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except:
return False
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string, The message to verify.
signature: string, The signature on the message.
Returns:
True if message was signed by the private key associated with the public
key that this object was constructed with.
"""
try:
return PKCS1_v1_5.new(self._pubkey).verify(
SHA256.new(message), signature)
except:
return False
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string, The message to verify.
signature: string, The signature on the message.
Returns:
True if message was signed by the private key associated with the public
key that this object was constructed with.
"""
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except:
return False
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string, The message to verify.
signature: string, The signature on the message.
Returns:
True if message was signed by the private key associated with the public
key that this object was constructed with.
"""
try:
return PKCS1_v1_5.new(self._pubkey).verify(
SHA256.new(message), signature)
except:
return False
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string or bytes, The message to verify. If string, will be
encoded to bytes as utf-8.
signature: string or bytes, The signature on the message. If string,
will be encoded to bytes as utf-8.
Returns:
True if message was signed by the private key associated with the
public key that this object was constructed with.
"""
message = _to_bytes(message, encoding='utf-8')
signature = _to_bytes(signature, encoding='utf-8')
try:
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except crypto.Error:
return False
def __init__(self, pubkey):
"""Constructor.
Args:
pubkey: OpenSSL.crypto.PKey, The public key to verify with.
"""
self._pubkey = pubkey
def __init__(self, pubkey):
"""Constructor.
Args:
pubkey, OpenSSL.crypto.PKey, The public key to verify with.
"""
self._pubkey = pubkey
def __init__(self, pubkey):
"""Constructor.
Args:
pubkey, OpenSSL.crypto.PKey (or equiv), The public key to verify with.
"""
self._pubkey = pubkey
def __init__(self, pubkey):
"""Constructor.
Args:
pubkey: OpenSSL.crypto.PKey, The public key to verify with.
"""
self._pubkey = pubkey
def __init__(self, pubkey):
"""Constructor.
Args:
pubkey, OpenSSL.crypto.PKey, The public key to verify with.
"""
self._pubkey = pubkey
def __init__(self, base_url, ca_cert, image_dir, https_ca_cert, https_client_cert, https_client_key):
self._base_url = base_url
self._ca_cert_path = ca_cert
self._image_dir = image_dir
self._session = requests.Session()
if https_ca_cert:
self._session.verify = https_ca_cert
if https_client_cert and https_client_key:
self._session.cert = (https_client_cert, https_client_key)
