def sign(self, data, hash_alg, pad_alg="PKCS1v15"):
if self.is_private:
if not isinstance(data, six.binary_type):
data = unicode_to_bytes(data)
hasher = getattr(hashes, hash_alg)
padder = getattr(padding, pad_alg)
return self.key.sign(data, padder(), hasher())
else:
raise XMLSigException('Signing is only possible with a private key.')
def sign(self, data, hash_alg, pad_alg="PKCS1v15"):
if self.is_private:
if not isinstance(data, six.binary_type):
data = unicode_to_bytes(data)
hasher = getattr(hashes, hash_alg)
padder = getattr(padding, pad_alg)
return self.key.sign(data, padder(), hasher())
else:
raise XMLSigException('Signing is only possible with a private key.')
def _digest(data, hash_alg):
"""
Calculate a hash digest of algorithm hash_alg and return the result base64 encoded.
:param hash_alg: String with algorithm, such as 'SHA256' (as named by pyca/cryptography)
:param data: The data to digest
:returns: Base64 string
"""
h = getattr(hashes, hash_alg)
d = hashes.Hash(h(), backend=default_backend())
if not isinstance(data, six.binary_type):
data = unicode_to_bytes(data)
d.update(data)
return base64.b64encode(d.finalize())
def _digest(data, hash_alg):
"""
Calculate a hash digest of algorithm hash_alg and return the result base64 encoded.
:param hash_alg: String with algorithm, such as 'SHA256' (as named by pyca/cryptography)
:param data: The data to digest
:returns: Base64 string
"""
h = getattr(hashes, hash_alg)
d = hashes.Hash(h(), backend=default_backend())
if not isinstance(data, six.binary_type):
data = unicode_to_bytes(data)
d.update(data)
return base64.b64encode(d.finalize())
def verify(self, signature, msg, hash_alg, pad_alg="PKCS1v15"):
if not self.is_private:
if not isinstance(msg, six.binary_type):
msg = unicode_to_bytes(msg)
try:
hasher = getattr(hashes, hash_alg)
padder = getattr(padding, pad_alg)
self.key.public_key().verify(signature, msg, padder(),
hasher())
except InvalidSignature:
return False
return True
else:
raise XMLSigException(
'Verifying is only possible with a certificate.')
def verify(self, signature, msg, hash_alg, pad_alg="PKCS1v15"):
if not self.is_private:
if not isinstance(msg, six.binary_type):
msg = unicode_to_bytes(msg)
try:
hasher = getattr(hashes, hash_alg)
padder = getattr(padding, pad_alg)
self.key.public_key().verify(
signature,
msg,
padder(),
hasher()
)
except InvalidSignature:
return False
return True
else:
raise XMLSigException('Verifying is only possible with a certificate.')