def IsSignedBy(self, other_cert): """Check that this cert was signed by another cert. Args: other_cert: X509Certificate object for the other cert Returns: True if so False if not Raises: CertificateValueError: if the other cert is not a CA cert """ if not other_cert.GetMayActAsCA(): raise CertificateValueError('Other cert is not a CA cert') sig = tlslite_bridge.StrToArray(self.GetSignatureData()) fields = tlslite_bridge.StrToArray(self.GetFieldsData()) pk = other_cert.GetPublicKey() if self._cert['sig_algorithm'] == OID_SHA256_WITH_RSA_ENC: # tlslite doesn't support SHA256, so manually construct bytes to verify. fields_digest = hashlib.sha256(fields).digest() hash_bytes = tlslite_bridge.StrToArray(fields_digest) prefix_bytes = tlslite_bridge.StrToArray([ 48, 49, 48, 13, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32]) return pk.verify(sig, prefix_bytes + hash_bytes) else: return pk.hashAndVerify(sig, fields)
def testIsSignedBy(self): """Test IsSignedBy().""" self.mox.StubOutWithMock(tlslite_bridge, 'StrToArray') self.mox.StubOutWithMock(self.x, 'GetSignatureData') self.mox.StubOutWithMock(self.x, 'GetFieldsData') mock_othercert = self.mox.CreateMockAnything() mock_othercert.GetMayActAsCA().AndReturn(True) mock_othercert.GetPublicKey().AndReturn(mock_othercert) # lazy re-use self.x.GetSignatureData().AndReturn('sigdata') self.x.GetFieldsData().AndReturn('fieldsdata') tlslite_bridge.StrToArray('sigdata').AndReturn('arysigdata') tlslite_bridge.StrToArray('fieldsdata').AndReturn('aryfieldsdata') mock_othercert.hashAndVerify('arysigdata', 'aryfieldsdata').AndReturn(True) self.mox.ReplayAll() self.assertTrue(self.x.IsSignedBy(mock_othercert)) self.mox.VerifyAll()
def testStrToArray(self): """Test StrToArray().""" r = tlslite_bridge.StrToArray('12313') self.assertEqual(5, len(r)) self.assertTrue(isinstance(r, bytearray) or isinstance(r, array.array))