def set_signature(self, signature: bytes):
"""
Modify the signature of a CSR.
:param bytes signature: the new signature for a CSR.
:rtype: None
"""
der_csr = self.public_bytes(serialization.Encoding.DER)
asn1_csr, _ = asn1_decode(
der_csr,
asn1Spec=CertificationRequest(),
)
asn1_csr.setComponentByName("signature",
BitString.fromOctetString(signature))
self._x509_req = x509.load_der_x509_csr(
asn1_encode(asn1_csr))._x509_req
stdin=subprocess.PIPE,
stderr=subprocess.STDOUT)
newSignature = pipe.communicate(
input=binascii.a2b_base64(dilithium_substrate) + final_hash)[0]
# Verify the signature was properly generated, if not, print the error
if pipe.returncode != 0:
print(newSignature.decode())
exit(-1)
# Update the signature algorithm with the one placed inside of the TBS
cert["signatureAlgorithm"]["algorithm"] = cert["tbsCertificate"][
"signature"]["algorithm"]
# Load the signature into the certificate as a bitstring
cert["signatureValue"] = BitString.fromOctetString(newSignature)
elif sigAlg == 1: # RSA Signature > openssl call
# Open a pipe to send the hash and get back the signature without going through the filesystem
pipe = subprocess.Popen(cmd,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE,
stderr=subprocess.STDOUT)
newSignature = pipe.communicate(input=final_hash)[0]
# Verify the signature was properly generated, if not, print the error
if pipe.returncode != 0:
print(newSignature.decode())
exit(-1)
# Update the signature algorithm with the one placed inside of the TBS
