def test_verify_bogus_certificate():
document = SAMPLE_VALID_IDENTITY_DOC
signature = SAMPLE_VALID_IDENTITY_SIGNATURE
certificate = SAMPLE_BOGUS_AWS_CERT
r = pkcs7_detached.verify_detached_signature(document, signature,
certificate)
assert r == False
def test_verify_valid():
document = SAMPLE_VALID_IDENTITY_DOC
signature = SAMPLE_VALID_IDENTITY_SIGNATURE
certificate = SAMPLE_VALID_AWS_CERT
r = pkcs7_detached.verify_detached_signature(document, signature,
certificate)
assert r == True
def main():
print("Verifying ec2 instance identity document")
r = requests.get("http://169.254.169.254/latest/dynamic/instance-identity/document")
identity_document = r.text
r = requests.get("http://169.254.169.254/latest/dynamic/instance-identity/pkcs7")
pkcs7 = r.text
if verify_detached_signature(
identity_document, pkcs7, aws_certificates.PUBLIC_REGIONS
):
print("Verified")
identity = json.loads(identity_document)
pprint(identity)
else:
print("Identity is not valid")
def test_verify_valid_aws():
r = pkcs7_detached.verify_detached_signature(
SAMPLE2_VALID_IDENTITY_DOC, SAMPLE2_VALID_IDENTITY_SIGNATURE,
aws_certificates.PUBLIC_REGIONS)
assert r == True