def set_signature(self, signature: bytes): """ Modify the signature of a CSR. :param bytes signature: the new signature for a CSR. :rtype: None """ der_csr = self.public_bytes(serialization.Encoding.DER) asn1_csr, _ = asn1_decode( der_csr, asn1Spec=CertificationRequest(), ) asn1_csr.setComponentByName("signature", BitString.fromOctetString(signature)) self._x509_req = x509.load_der_x509_csr( asn1_encode(asn1_csr))._x509_req
stdin=subprocess.PIPE, stderr=subprocess.STDOUT) newSignature = pipe.communicate( input=binascii.a2b_base64(dilithium_substrate) + final_hash)[0] # Verify the signature was properly generated, if not, print the error if pipe.returncode != 0: print(newSignature.decode()) exit(-1) # Update the signature algorithm with the one placed inside of the TBS cert["signatureAlgorithm"]["algorithm"] = cert["tbsCertificate"][ "signature"]["algorithm"] # Load the signature into the certificate as a bitstring cert["signatureValue"] = BitString.fromOctetString(newSignature) elif sigAlg == 1: # RSA Signature > openssl call # Open a pipe to send the hash and get back the signature without going through the filesystem pipe = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT) newSignature = pipe.communicate(input=final_hash)[0] # Verify the signature was properly generated, if not, print the error if pipe.returncode != 0: print(newSignature.decode()) exit(-1) # Update the signature algorithm with the one placed inside of the TBS