def IsSignedBy(self, other_cert):
"""Check that this cert was signed by another cert.
Args:
other_cert: X509Certificate object for the other cert
Returns:
True if so
False if not
Raises:
CertificateValueError: if the other cert is not a CA cert
"""
if not other_cert.GetMayActAsCA():
raise CertificateValueError('Other cert is not a CA cert')
sig = tlslite_bridge.StrToArray(self.GetSignatureData())
fields = tlslite_bridge.StrToArray(self.GetFieldsData())
pk = other_cert.GetPublicKey()
if self._cert['sig_algorithm'] == OID_SHA256_WITH_RSA_ENC:
# tlslite doesn't support SHA256, so manually construct bytes to verify.
fields_digest = hashlib.sha256(fields).digest()
hash_bytes = tlslite_bridge.StrToArray(fields_digest)
prefix_bytes = tlslite_bridge.StrToArray([
48, 49, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32])
return pk.verify(sig, prefix_bytes + hash_bytes)
else:
return pk.hashAndVerify(sig, fields)
def testIsSignedBy(self):
"""Test IsSignedBy()."""
self.mox.StubOutWithMock(tlslite_bridge, 'StrToArray')
self.mox.StubOutWithMock(self.x, 'GetSignatureData')
self.mox.StubOutWithMock(self.x, 'GetFieldsData')
mock_othercert = self.mox.CreateMockAnything()
mock_othercert.GetMayActAsCA().AndReturn(True)
mock_othercert.GetPublicKey().AndReturn(mock_othercert) # lazy re-use
self.x.GetSignatureData().AndReturn('sigdata')
self.x.GetFieldsData().AndReturn('fieldsdata')
tlslite_bridge.StrToArray('sigdata').AndReturn('arysigdata')
tlslite_bridge.StrToArray('fieldsdata').AndReturn('aryfieldsdata')
mock_othercert.hashAndVerify('arysigdata', 'aryfieldsdata').AndReturn(True)
self.mox.ReplayAll()
self.assertTrue(self.x.IsSignedBy(mock_othercert))
self.mox.VerifyAll()
def testStrToArray(self):
"""Test StrToArray()."""
r = tlslite_bridge.StrToArray('12313')
self.assertEqual(5, len(r))
self.assertTrue(isinstance(r, bytearray) or isinstance(r, array.array))