def verify(self, pkey=None): # type: (Optional[EVP.PKey]) -> int assert m2.x509_type_check(self.x509), "'x509' type error" if pkey: return m2.x509_verify(self.x509, pkey.pkey) else: return m2.x509_verify(self.x509, self.get_pubkey().pkey)
def mkcert_casigned(id_xmpp, webid, req, cacert, capk, serial_path="/tmp/xmpp_foaf_cert_serial.txt"): """ Create an x509 CA signed certificate @param id_xmpp: xmpp id @param webid: FOAF WebId @param cacert: CA certificate @param capk: CA private key @param seria_path: serial path @type id_xmpp: string @type webid: string @type cacert: X509.X509 @type capk: EVP.PKey @type serial_path: string @return: x509 CA signed certificate @rtype: X509.X509 """ # the cert public key is the req public key cert = mkcert_defaults(req, serial_path) # if certificate is going to be signed by a CA # this is not optional # set the certificate Issuer name as the CA subject name # issuer = X509.X509_Name() # issuer.C = "CR" # issuer.CN = "Rhizomatik Labs" # cert.set_issuer(issuer) #cert.set_issuer_name(cacert.get_subject().x509_name) # cert.set_issuer_name(x509_name.x509_name) cert.set_issuer(cacert.get_subject()) # set subjectAltName extension # ext = X509.new_extension('subjectAltName', 'DNS:foobar.example.com') ext = X509.new_extension('subjectAltName', 'URI:%s, otherName:%s;UTF8:%s' %(webid, ID_ON_XMPPADDR_OID, id_xmpp)) # ext = X509.new_extension('subjectAltName', 'URI:%s' %webid) ext.set_critical(0) cert.add_ext(ext) # sign the x509 certificate with private? key generated in the request cert.sign(capk, 'sha1') # verify print "Client certificate verfication with CA certificate public key" print m2.x509_verify(cert.x509, m2.x509_get_pubkey(cacert.x509)) # Print the new certificate as a PEM-encoded string print "Generated new client certificate signed with CA" if DEBUG: print cert.as_pem() return cert
def verify_CA_cert(cert, cacert): # verify print "Client certificate verfication with CA certificate key" print m2.x509_verify(cert.x509, m2.x509_get_pubkey(cacert.x509))
def verify(self, pkey=None): assert m2.x509_type_check(self.x509), "'x509' type error" if pkey: return m2.x509_verify(self.x509, pkey.pkey) else: return m2.x509_verify(self.x509, self.get_pubkey().pkey)