def Verify(self, public_key): """Verify the data in this blob. Args: public_key: The public key to use for verification. Returns: True when verification succeeds. Raises: rdfvalue.DecodeError if the data is not suitable verified. """ if self.digest_type != self.HashType.SHA256: raise rdfvalue.DecodeError("Unsupported digest.") if self.signature_type not in [ self.SignatureType.RSA_PKCS1v15, self.SignatureType.RSA_PSS ]: raise rdfvalue.DecodeError("Unsupported signature type.") try: public_key.Verify(self.data, self.signature) except InvalidSignature as e: raise rdfvalue.DecodeError("Could not verify blob. Error: %s" % e) return True
def GetCN(self): subject = self._value.subject try: cn_attributes = subject.get_attributes_for_oid(oid.NameOID.COMMON_NAME) if len(cn_attributes) > 1: raise rdfvalue.DecodeError("Cert has more than 1 CN entries.") cn_attribute = cn_attributes[0] except IndexError: raise rdfvalue.DecodeError("Cert has no CN") return cn_attribute.value
def ParseFromString(self, string): try: self._value = x509.load_pem_x509_certificate( string, backend=openssl.backend) except (ValueError, TypeError) as e: raise rdfvalue.DecodeError("Invalid certificate %s: %s" % (string, e)) # This can also raise if there isn't exactly one CN entry. self.GetCN()