def test_sign_and_verify_simple(self):
"""
verify the signing and verification step by only having an private key
"""
message = b"hey do"
private_key = TEST_PRIV_KEY.encode("utf-8")
public_key = TEST_PUB_KEY.encode("utf-8")
signature = create_rsa_signature(private_key, message)
assert not verify_rsa_signature(public_key, message + b"x", signature)
assert verify_rsa_signature(public_key, message, signature)
def _verify_signature(pub_keys, lic_str, lic_sign):
"""
_verify_signature - the internal signature verification helper
:param pub_key: the dict with the pubkey_name and pubkey
:param lic_str: the license as string
:param lic_sign: the license signature
:return: None or the name of the key
"""
ret = None
# blacklisted signatures
if base64.b64encode(lic_sign) in BLACK_SIGNATURES:
return False
# verify signature with crypto.rsa
for pub_key_name, pub_key in list(pub_keys.items()):
if verify_rsa_signature(pub_key.strip().encode('utf-8'),
lic_str.encode('utf-8'), lic_sign):
ret = pub_key_name
break
log.debug("Licence signature is %r" % ret)
return ret
def test_rsa_cryto(self):
"""
verify the signature of an expired linotp license
"""
# ------------------------------------------------------------------ --
# read the exired license and split it into message and signature
_lic_dict, lic_msg, sig_msg = parse_license(LINOTP_LICENSE)
message = lic_msg.encode("utf-8")
signature = base64.b64decode(sig_msg)
# ------------------------------------------------------------------ --
# prepare the linotp pub key and run the tests
public_key = LINOTP_PUB_KEY.strip().encode("utf-8")
assert not verify_rsa_signature(public_key, message + b"x", signature)
assert verify_rsa_signature(public_key, message, signature)