def validate(self, certificate):
clientissuer = CipherUtil.getCertIssuer(certificate[0])
intermediatesubject = CipherUtil.getCertSubject(certificate[1])
intermediateissuer = CipherUtil.getCertIssuer(certificate[1])
rootcert = CipherUtil.loadCertFromFile("/root/Downloads/root.crt")
rootsubject = CipherUtil.getCertSubject(rootcert)
if clientissuer == intermediatesubject:
print(
"Chain 1 verification succeeded! Going to Check Signature now")
#checking signature first stage
signature = certificate[0].signature
intermediate_pubkey = certificate[1].public_key()
cert_bytes = certificate[0].tbs_certificate_bytes
try:
intermediate_pubkey.verify(signature, cert_bytes,
padding.PKCS1v15(), hashes.SHA256())
print("Signature check stage 1 successful!")
if intermediateissuer == rootsubject:
print(
"Chain 2 verification succeeded! Going to check signature now"
)
#checking signature second stage
signature = certificate[1].signature
cert_bytes = certificate[1].tbs_certificate_bytes
root_pubkey = rootcert.public_key()
try:
root_pubkey.verify(signature, cert_bytes,
padding.PKCS1v15(), hashes.SHA256())
print("Signature check stage 2 successful!")
print("FULLY VALIDATED! AWESOME!")
return True
except Exception:
print("Signature check stage 2 failed")
raise
else:
print(
"Chain 2 verification failed! Check the chain please.")
except Exception:
print("Signature check stage 1 failed")
raise
else:
print("Chain 1 verification failed! Check the chain please.")
def verifyCerts(self, certs):
getCommonName = lambda cert: CipherUtil.getCertSubject(cert)[
"commonName"]
if getCommonName(certs[-1]) == getCommonName(self.rootCert):
certs.pop()
certs.append(self.rootCert)
for i, cert in enumerate(certs):
if i == len(certs) - 1:
break
nextCert = certs[i + 1]
commonName = getCommonName(cert)
nextCommonName = getCommonName(nextCert)
if commonName.split(".")[:-1] != nextCommonName.split("."):
self.dbgPrint("Error: cert common name mismatch: " +
commonName + ", " + nextCommonName)
return False
commonName = getCommonName(certs[0])
peerAddressList = [str(i) for i in self.peerAddress[0].split(".")]
peerAddress = ".".join(peerAddressList)
if commonName != peerAddress:
self.dbgPrint("Error: address mismatch: " + commonName + ", " +
peerAddress)
return False
else:
return CipherUtil.ValidateCertChainSigs(certs)
def validate(self, certificate):
print("In Cert Validation")
clientissuer = CipherUtil.getCertIssuer(certificate[0])
clientsubject = CipherUtil.getCertSubject(certificate[0])
IntermediateIssuer = {'emailAddress': '*****@*****.**', 'stateOrProvinceName': 'MD', 'countryName': 'US', 'commonName': '20174.1.666', 'organizationalUnitName': 'PETF', 'localityName': 'Baltimore', 'organizationName': 'JHUNetworkSecurityFall2017'}
if clientissuer == IntermediateIssuer:
print("Issuer verified.")
Certificate_result = CipherUtil.ValidateCertChainSigs(certificate)
if Certificate_result:
return True
else:
print ("Certificate Validation Failed")
return False
def validate(self, certificate):
serverissuer = CipherUtil.getCertIssuer(certificate[0])
intermediatesubject = CipherUtil.getCertSubject(certificate[1])
intermediateissuer = CipherUtil.getCertIssuer(certificate[1])
encodedrootcert = getRootCert()
rootcert = CipherUtil.getCertFromBytes(encodedrootcert)
print("Type of RootCert: ", type(rootcert))
rootsubject = CipherUtil.getCertSubject(rootcert)
print(" Server PeerAddress is:- ", self.address)
receivedIDCommonName = self.GetCommonName(certificate[0])
intermediateCommonName = self.GetCommonName(certificate[1])
rootCommonName = self.GetCommonName(rootcert)
if self.peerAddress == receivedIDCommonName:
splitlist = re.split('(.*)\.(.*)\.(.*)\.(.*)',
receivedIDCommonName)[1:4]
FirstThreeOctets = '.'.join(splitlist)
if serverissuer == intermediatesubject and FirstThreeOctets == intermediateCommonName:
print(
"Chain 1 verification succeeded! Going to Check Signature now"
)
# checking signature first stage
signature = certificate[0].signature
intermediate_pubkey = certificate[1].public_key()
cert_bytes = certificate[0].tbs_certificate_bytes
try:
intermediate_pubkey.verify(signature, cert_bytes,
padding.PKCS1v15(),
hashes.SHA256())
print("Signature check stage 1 successful!")
splitlist = re.split('(.*)\.(.*)\.(.*)',
intermediateCommonName)[1:3]
FirstTwoOctets = '.'.join(splitlist)
if intermediateissuer == rootsubject and FirstTwoOctets == rootCommonName:
print(
"Chain 2 verification succeeded! Going to check signature now"
)
# checking signature second stage
signature = certificate[1].signature
cert_bytes = certificate[1].tbs_certificate_bytes
root_pubkey = rootcert.public_key()
try:
root_pubkey.verify(signature, cert_bytes,
padding.PKCS1v15(),
hashes.SHA256())
print("Signature check stage 2 successful!")
print("FULLY VALIDATED! AWESOME!")
return True
except Exception:
print("Signature check stage 2 failed")
raise
else:
print(
"Chain 2 verification failed! Check the chain please."
)
except Exception:
print("Signature check stage 1 failed")
raise
else:
print("Chain 1 verification failed! Check the chain please.")
else:
print(
"Peer Address and the address received in the certificate is incorrect! Please check the Identity Certificate"
)
'''