def verify(self):
if self.signed_by_id != self.id:
return False
key = self.get_public_key()
try:
return crypto.verify(self._hashable_representation(), crypto.decode_base64(self.signature), key)
except:
return False
def verify(self):
# if nobody signed it, verification fails
if not self.signed_by_id:
return False
# if it's not a trusted device...
if not self.signed_by.get_metadata().is_trusted:
# but it's a model class that requires trusted signatures, verification fails
if self.requires_trusted_signature:
return False
if settings.CENTRAL_SERVER:
# if it's not in a zone at all (or its DeviceZone was revoked), verification fails
if not self.signed_by.get_zone():
return False
else:
# or if it's not in the same zone as our device (or the DeviceZone was revoked), verification fails
if self.signed_by.get_zone() != Device.get_own_device().get_zone():
return False
# by this point, we know that we're ok with accepting this model from the device that it says signed it
# now, we just need to check whether or not it is actually signed by that model's private key
key = self.signed_by.get_public_key()
try:
return crypto.verify(self._hashable_representation(), crypto.decode_base64(self.signature), key)
except:
return False
def _verify_signature(self, device, signature):
return crypto.verify(self._hashable_representation(), crypto.decode_base64(signature), device.get_public_key())
