def verify(pubkey, signature, message):
try:
pubkey.verify(b64decode(signature), message, ec.ECDSA(SHA224()))
except InvalidSignature:
return False
return True
def address(pubkey):
hasher = Hash(SHA224(), openssl_backend)
hasher.update(pub_txt(pubkey))
return b64encode(hasher.finalize())
def sign(prvkey, message):
return b64encode(prvkey.sign(message, ec.ECDSA(SHA224())))
class RSAVerifier(object):
def __init__(self, digest, padding=None):
self._digest = digest
self._padding = padding or PKCS1v15()
def verify(self, pubkey, signed_data, signature):
try:
pubkey.verify(signature, signed_data, self._padding, self._digest)
except InvalidSignature:
return False
else:
return True
RSA_VERIFIERS = {
SIG_RSA_SHA224: RSAVerifier(SHA224()),
SIG_RSA_SHA256: RSAVerifier(SHA256()),
SIG_RSA_SHA384: RSAVerifier(SHA384()),
SIG_RSA_SHA512: RSAVerifier(SHA512()),
}
RSA_SIGNERS = {
SIG_RSA_SHA224: RSASigner(SHA224()),
SIG_RSA_SHA256: RSASigner(SHA256()),
SIG_RSA_SHA384: RSASigner(SHA384()),
SIG_RSA_SHA512: RSASigner(SHA512()),
}
def sign_http_post(xmlstr, key, cert, message=False, assertion=True):
logger.debug('http-post signing')