def calculate_certificate(self, node, key_x509): fingerprint = key_x509.fingerprint(MAP_HASHLIB[self.hash_method]()) _ETSI_Cert = ETSI.Cert( ETSI.CertDigest( DS.DigestMethod(Algorithm=self.hash_method), DS.DigestValue(b64encode(fingerprint).decode()), ), ETSI.IssuerSerial( DS.X509IssuerName(get_rdns_name(key_x509.issuer.rdns)), DS.X509SerialNumber(str(key_x509.serial_number)), ), ) node.append(_ETSI_Cert)
def calculate_certificate(self, node, key_x509): cert = create_node('Cert', node, EtsiNS) cert_digest = create_node('CertDigest', cert, EtsiNS) digest_algorithm = create_node('DigestMethod', cert_digest, DSigNs) digest_algorithm.set('Algorithm', self.hash_method) digest_value = create_node('DigestValue', cert_digest, DSigNs) digest_value.text = b64encode( key_x509.fingerprint(MAP_HASHLIB[self.hash_method]())) issuer_serial = create_node('IssuerSerial', cert, EtsiNS) create_node('X509IssuerName', issuer_serial, DSigNs).text = get_rdns_name(key_x509.issuer.rdns) create_node('X509SerialNumber', issuer_serial, DSigNs).text = str(key_x509.serial_number) return
def validate_certificate(self, node, signature): certs = node.findall('etsi:Cert', namespaces=NS_MAP) x509 = signature.find('ds:KeyInfo/ds:X509Data', namespaces=NS_MAP) x509_data = x509.find('ds:X509Certificate', namespaces=NS_MAP) serial = x509.find('ds:X509IssuerSerial', namespaces=NS_MAP) if serial is not None: serial_name = serial.find( 'ds:X509IssuerName', namespaces=NS_MAP ).text serial_number = serial.find( 'ds:X509SerialNumber', namespaces=NS_MAP ).text certificate = None for cert in certs: if cert.find( 'etsi:IssuerSerial/ds:X509IssuerName', namespaces=NS_MAP ).text == serial_name and cert.find( 'etsi:IssuerSerial/ds:X509SerialNumber', namespaces=NS_MAP ).text == serial_number: certificate = cert assert certificate is not None else: certificate = certs[0] if x509_data is not None: parsed_x509 = load_der_x509_certificate( b64decode(x509_data.text), default_backend() ) assert str(parsed_x509.serial_number) == certificate.find( 'etsi:IssuerSerial/ds:X509SerialNumber', namespaces=NS_MAP ).text dict_compare( rdns_to_map(get_rdns_name(parsed_x509.issuer.rdns)), rdns_to_map(certificate.find( 'etsi:IssuerSerial/ds:X509IssuerName', namespaces=NS_MAP ).text) ) digest = certificate.find( 'etsi:CertDigest', namespaces=NS_MAP ) assert b64encode( parsed_x509.fingerprint(MAP_HASHLIB[digest.find( 'ds:DigestMethod', namespaces=NS_MAP ).get('Algorithm')]())) == digest.find( 'ds:DigestValue', namespaces=NS_MAP).text.encode()