def calc_pub_key_hash(public_key: RSAPublicKey, backend: BackendClass = openssl_backend) -> bytes:
"""Calculate a hash out of public key's exponent and modulus."""
exponent = public_key.public_numbers().e # type: ignore # MyPy is unable to pickup the class member
exp_len = math.ceil(exponent.bit_length() / 8)
exp_bytes = exponent.to_bytes(exp_len, "big")
modulus = public_key.public_numbers().n # type: ignore # MyPy is unable to pickup the class member
mod_len = math.ceil(modulus.bit_length() / 8)
mod_bytes = modulus.to_bytes(mod_len, "big")
return backend.hash(mod_bytes + exp_bytes)
def verify_chain(
first_pubkey: rsa.RSAPublicKey,
chain: List["X509Certificate"],
last_pubkey: rsa.RSAPublicKey,
) -> bool:
"""
tests with the sequence defined by the list, if the chain of certificate is valid for this very certificate.
In particular, it checks if certificates are valid one by one and then if they chain well two by two in sequence
A proves to B that they are related if B can verify such a chain with the function
[CertB(PubC1), CertC1(PubC2), ..., CertCn(PubCn+1), CertCn+1(PubA)]
:first_pubkey in B's pubkey
"""
if list(chain) == []:
raise ValueError("Empty list")
if chain[-1].public_key().public_numbers(
) != last_pubkey.public_numbers():
raise ValueError(
"The chain does not end with the right certificate")
pubkey = first_pubkey
for cert in chain:
if not X509Certificate.verify(cert, pubkey):
return False
pubkey = cert.public_key()
print("chain of cert is valid")
return True
def encode_public(
self, public_key: rsa.RSAPublicKey, f_pub: _FragList
) -> None:
"""Write RSA public key"""
pubn = public_key.public_numbers()
f_pub.put_mpint(pubn.e)
f_pub.put_mpint(pubn.n)
def _to_jwk(key: RSAPublicKey) -> dict:
""" Gives the jwk representation 1given a RSAPublicKey (from the cryptography library)
see https://tools.ietf.org/html/rfc7517 for details
:param key: An RSAPublicKey from the cryptography library
:return: a dict representing the key in JWK format
"""
# Public key
numbers = key.public_numbers()
obj = {
'alg': 'RS256',
'kty': 'RSA',
'n': to_base64url_uint(numbers.n).decode('utf-8'),
'e': to_base64url_uint(numbers.e).decode('utf-8'),
'kid': '1' # TODO do I have to change this?
}
return obj
def __init__(self, pubkey: cr_rsa.RSAPublicKey):
self._pubkey = pubkey
self._public_numbers = pubkey.public_numbers()
