def verify_rsa_sha1_signature(client_certificate, signature, method, url, oauth_params=None, *args, **kwargs): """ Verifies a RSA-SHA1 OAuth signature. :see: RSA-SHA1 (http://tools.ietf.org/html/rfc5849#section-3.4.3) :param client_certificate: PEM-encoded X.509 certificate or RSA public key. :param signature: RSA-SHA1 OAuth signature. :param method: Base string HTTP method. :param url: Base string URL that may include a query string. All protocol-specific parameters will be ignored from the query string. :param oauth_params: Base string protocol-specific query parameters. All non-protocol parameters will be ignored. :returns: ``True`` if verified to be correct; ``False`` otherwise. """ from pyoauth.crypto.rsa import create_public_key oauth_params = oauth_params or {} base_string = generate_signature_base_string(method, url, oauth_params) key = create_public_key(client_certificate) return key.pkcs1_v1_5_verify(sha1_digest(base_string), base64_decode(signature))
def pem_to_der(pem_cert_string, pem_header, pem_footer): """ Extracts the DER as a byte sequence out of an ASCII PEM formatted certificate or key. Taken from the Python SSL module. :param pem_cert_string: The PEM certificate or key string. :param pem_header: The PEM header to find. :param pem_footer: The PEM footer to find. """ # Be a little lenient. pem_cert_string = pem_cert_string.strip() if not pem_cert_string.startswith(pem_header): raise ValueError("Invalid PEM encoding; must start with %s" % pem_header) if not pem_cert_string.endswith(pem_footer): raise ValueError("Invalid PEM encoding; must end with %s" % pem_footer) d = pem_cert_string[len(pem_header):-len(pem_footer)] return base64_decode(d)