def signcert():
email = request.json.get("email")
duration = request.json.get("certDuration")
public_key = json.loads(request.json.get("publicKey"))
if not email or not duration or not public_key or email != current_user.email:
return abort(400)
now = time.time()
expiry_time = int(now + float(duration)) * 1000
with open("key.json") as f:
k = json.load(f)
key = load_key("RS256", k)
data = {
"iss": app.config["DOMAIN"],
"exp": expiry_time,
"iat": int(now) * 1000,
"public-key": public_key,
"principal": {"email": current_user.email}
}
signed_data = generate(data, key)
return jsonify(certificate=signed_data)
def check_signature_with_cert(self, cert, signed_data, signature,
algorithm):
data = json.loads(cert)
try:
cert = jwt.load_key(algorithm, data)
except ValueError:
return False
return cert.verify(signed_data, signature)
def check_signature_with_cert(self, cert, signed_data, signature,
algorithm):
data = json.loads(cert)
try:
cert = jwt.load_key(algorithm, data)
except ValueError:
return False
return cert.verify(signed_data, signature)
def check_signature(self, hostname, signed_data, signature, algorithm):
data = self.supportdocs.get_key(hostname)
try:
cert = jwt.load_key(algorithm, data)
except ValueError:
return False
return cert.verify(signed_data, signature)
def check_signature(self, hostname, signed_data, signature, algorithm):
data = self.supportdocs.get_key(hostname)
try:
cert = jwt.load_key(algorithm, data)
except ValueError:
return False
return cert.verify(signed_data, signature)