def ChainVerifyer(self, certs): for cert in certs: self.Certobject.append( x509.load_pem_x509_certificate(cert, default_backend())) address = self.transport.get_extra_info("peername")[0] if (address != self.Certobject[0].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value): return False verifyaddr = address for i in range(len(self.Certobject)): if (verifyaddr.startswith( self.Certobject[i].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value)): verifyaddr = self.Certobject[i].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value else: return False for i in range(len(self.Certobject) - 1): this = self.Certobject[i] issuer = RSA_SIGNATURE_MAC(self.Certobject[i + 1].public_key()) if not issuer.verify(this.tbs_certificate_bytes, this.signature): return False print("Certification Authentication Passed!") return True
def verify_certchain(certs, address): cert_chain = [] for cert in certs: cert_chain.append(cert) cert_chain.append(getRootCert()) X509_list = [] crypto_list = [] for cert in cert_chain: x509obj = x509.load_pem_x509_certificate(cert, default_backend()) X509_list.append(x509obj) cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert) crypto_list.append(cert) # verify playground address logging.info("PLS received a connection from address {}".format(address)) logging.info("Common name: {}".format( X509_list[0].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value)) logging.info("Email address: {}".format( X509_list[0].subject.get_attributes_for_oid( NameOID.EMAIL_ADDRESS)[0].value)) if address == X509_list[0].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value: logging.info("Common name verified") else: logging.info("Common name error") return False for i in range(len(X509_list) - 1): this = X509_list[i].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value if this.startswith(X509_list[i + 1].subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value): logging.info("Address verified") else: return False logging.info("Address error") # verify the issuer and subject for i in range(len(crypto_list) - 1): issuer = crypto_list[i].get_issuer() logging.info(issuer) subject = crypto_list[i + 1].get_subject() logging.info(subject) if issuer == subject: logging.info("issuer and subject verified") else: return False # verify the signature sha256 for i in range(len(X509_list) - 1): this = X509_list[i] # print(this) # print(this.signature) sig = RSA_SIGNATURE_MAC(X509_list[i + 1].public_key()) # print(issuer) if not sig.verify(this.tbs_certificate_bytes, this.signature): return False else: logging.info("signature verified") return True
def _verifyReceiptSignature(self, receipt, signature): verifier = RSA_SIGNATURE_MAC(self._bank_cert.public_key()) return verifier.verify(receipt, signature)