def test_verify_bogus_certificate(): document = SAMPLE_VALID_IDENTITY_DOC signature = SAMPLE_VALID_IDENTITY_SIGNATURE certificate = SAMPLE_BOGUS_AWS_CERT r = pkcs7_detached.verify_detached_signature(document, signature, certificate) assert r == False
def test_verify_valid(): document = SAMPLE_VALID_IDENTITY_DOC signature = SAMPLE_VALID_IDENTITY_SIGNATURE certificate = SAMPLE_VALID_AWS_CERT r = pkcs7_detached.verify_detached_signature(document, signature, certificate) assert r == True
def main(): print("Verifying ec2 instance identity document") r = requests.get("http://169.254.169.254/latest/dynamic/instance-identity/document") identity_document = r.text r = requests.get("http://169.254.169.254/latest/dynamic/instance-identity/pkcs7") pkcs7 = r.text if verify_detached_signature( identity_document, pkcs7, aws_certificates.PUBLIC_REGIONS ): print("Verified") identity = json.loads(identity_document) pprint(identity) else: print("Identity is not valid")
def test_verify_valid_aws(): r = pkcs7_detached.verify_detached_signature( SAMPLE2_VALID_IDENTITY_DOC, SAMPLE2_VALID_IDENTITY_SIGNATURE, aws_certificates.PUBLIC_REGIONS) assert r == True