def check_sig(*args, **kwargs): id = get_id() if request.headers.get('x-signature'): sig = request.headers.get('x-signature') else: log.info('No x-signature header present, Signature Check Failed [ID: %s]' % id) return create_json_response(False, 'Missing x-signature header', 400) try: vk = VerifyingKey.from_der(request.headers.get('x-identity').decode('hex')) except UnexpectedDER as e: log.info('Bad Key Format [ID: %s]: %s' % (id, str(e))) return create_json_response(False, 'Bad Public Key Format', 400) try: verified = vk.verify(sig.decode('hex'), str(request.url) + str(request.data)) if verified: return f(*args, **kwargs) else: return create_json_response(False, 'Signature Verification Error', 401) except BadDigestError as e: log.info('Digest Error During Signature Validation [ID: %s]: %s' % (id, str(e))) return create_json_response(False, 'Signature Verification Error', 401) except BadSignatureError as e: log.info('Bad Signature Encountered During Signature Validation [ID: %s]: %s' % (id, str(e))) return create_json_response(False, 'Signature Verification Error', 401)
def check_sig(*args, **kwargs): id = get_id() if request.headers.get('x-signature'): sig = request.headers.get('x-signature') else: log.info('No x-signature header present, Signature Check Failed [ID: %s]' % id) return create_json_response(False, 'Missing x-signature header', 400) try: xidentity = request.headers.get('x-identity').decode('hex') vk = from_sec(xidentity) or VerifyingKey.from_der(xidentity) except UnexpectedDER as e: log.info('Bad Key Format [ID: %s]: %s' % (id, str(e))) return create_json_response(False, 'Bad Public Key Format', 400) try: url = urlparse(request.url).hostname.rstrip('/') + request.path verified = vk.verify(sig.decode('hex'), str(request.method) + str(url) + str(request.data), hashfunc=sha256, sigdecode=sigdecode_der) if verified: return f(*args, **kwargs) else: return create_json_response(False, 'Signature Verification Error', 401) except BadDigestError as e: log.info('Digest Error During Signature Validation [ID: %s]: %s' % (id, str(e))) return create_json_response(False, 'Signature Verification Error', 401) except BadSignatureError as e: log.info('Bad Signature Encountered During Signature Validation [ID: %s]: %s' % (id, str(e))) return create_json_response(False, 'Signature Verification Error', 401)
def _eddsa_pubkey_parsing(self, subject_public_key_info): """ Convert the raw DER encoded EdDSA parameters into public key object. :param subject_public_key_info: bytes like object with the DER encoded public key in it """ try: # python ecdsa knows how to parse curve OIDs so re-use that # code public_key = VerifyingKey.from_der( compatHMAC(subject_public_key_info)) except Exception: raise SyntaxError("Malformed or unsupported public key in " "certificate") self.publicKey = _create_public_eddsa_key(public_key)