def verify_rsa_sha1_signature(client_certificate,
signature,
method, url, oauth_params=None,
*args, **kwargs):
"""
Verifies a RSA-SHA1 OAuth signature.
:see: RSA-SHA1 (http://tools.ietf.org/html/rfc5849#section-3.4.3)
:param client_certificate:
PEM-encoded X.509 certificate or RSA public key.
:param signature:
RSA-SHA1 OAuth signature.
:param method:
Base string HTTP method.
:param url:
Base string URL that may include a query string.
All protocol-specific parameters will be ignored from the query string.
:param oauth_params:
Base string protocol-specific query parameters.
All non-protocol parameters will be ignored.
:returns:
``True`` if verified to be correct; ``False`` otherwise.
"""
from pyoauth.crypto.rsa import create_public_key
oauth_params = oauth_params or {}
base_string = generate_signature_base_string(method, url, oauth_params)
key = create_public_key(client_certificate)
return key.pkcs1_v1_5_verify(sha1_digest(base_string),
base64_decode(signature))
def pem_to_der(pem_cert_string, pem_header, pem_footer):
"""
Extracts the DER as a byte sequence out of an ASCII PEM formatted
certificate or key.
Taken from the Python SSL module.
:param pem_cert_string:
The PEM certificate or key string.
:param pem_header:
The PEM header to find.
:param pem_footer:
The PEM footer to find.
"""
# Be a little lenient.
pem_cert_string = pem_cert_string.strip()
if not pem_cert_string.startswith(pem_header):
raise ValueError("Invalid PEM encoding; must start with %s"
% pem_header)
if not pem_cert_string.endswith(pem_footer):
raise ValueError("Invalid PEM encoding; must end with %s"
% pem_footer)
d = pem_cert_string[len(pem_header):-len(pem_footer)]
return base64_decode(d)
