def ChainVerifyer(self, certs):
for cert in certs:
self.Certobject.append(
x509.load_pem_x509_certificate(cert, default_backend()))
address = self.transport.get_extra_info("peername")[0]
if (address != self.Certobject[0].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value):
return False
verifyaddr = address
for i in range(len(self.Certobject)):
if (verifyaddr.startswith(
self.Certobject[i].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value)):
verifyaddr = self.Certobject[i].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
else:
return False
for i in range(len(self.Certobject) - 1):
this = self.Certobject[i]
issuer = RSA_SIGNATURE_MAC(self.Certobject[i + 1].public_key())
if not issuer.verify(this.tbs_certificate_bytes, this.signature):
return False
print("Certification Authentication Passed!")
return True
def verify_certchain(certs, address):
cert_chain = []
for cert in certs:
cert_chain.append(cert)
cert_chain.append(getRootCert())
X509_list = []
crypto_list = []
for cert in cert_chain:
x509obj = x509.load_pem_x509_certificate(cert, default_backend())
X509_list.append(x509obj)
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
crypto_list.append(cert)
# verify playground address
logging.info("PLS received a connection from address {}".format(address))
logging.info("Common name: {}".format(
X509_list[0].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value))
logging.info("Email address: {}".format(
X509_list[0].subject.get_attributes_for_oid(
NameOID.EMAIL_ADDRESS)[0].value))
if address == X509_list[0].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value:
logging.info("Common name verified")
else:
logging.info("Common name error")
return False
for i in range(len(X509_list) - 1):
this = X509_list[i].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
if this.startswith(X509_list[i + 1].subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value):
logging.info("Address verified")
else:
return False
logging.info("Address error")
# verify the issuer and subject
for i in range(len(crypto_list) - 1):
issuer = crypto_list[i].get_issuer()
logging.info(issuer)
subject = crypto_list[i + 1].get_subject()
logging.info(subject)
if issuer == subject:
logging.info("issuer and subject verified")
else:
return False
# verify the signature sha256
for i in range(len(X509_list) - 1):
this = X509_list[i]
# print(this)
# print(this.signature)
sig = RSA_SIGNATURE_MAC(X509_list[i + 1].public_key())
# print(issuer)
if not sig.verify(this.tbs_certificate_bytes, this.signature):
return False
else:
logging.info("signature verified")
return True
def _verifyReceiptSignature(self, receipt, signature):
verifier = RSA_SIGNATURE_MAC(self._bank_cert.public_key())
return verifier.verify(receipt, signature)