我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用OpenSSL.crypto.verify()。
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string, The message to verify. signature: string, The signature on the message. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. """ try: return PKCS1_v1_5.new(self._pubkey).verify( SHA256.new(message), signature) except: return False
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string or bytes, The message to verify. If string, will be encoded to bytes as utf-8. signature: string or bytes, The signature on the message. If string, will be encoded to bytes as utf-8. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. """ message = _to_bytes(message, encoding='utf-8') signature = _to_bytes(signature, encoding='utf-8') try: crypto.verify(self._pubkey, signature, message, 'sha256') return True except crypto.Error: return False
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string, The message to verify. signature: string, The signature on the message. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. """ try: crypto.verify(self._pubkey, signature, message, 'sha256') return True except: return False
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string or bytes, The message to verify. If string, will be encoded to bytes as utf-8. signature: string or bytes, The signature on the message. If string, will be encoded to bytes as utf-8. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. """ message = _helpers._to_bytes(message, encoding='utf-8') signature = _helpers._to_bytes(signature, encoding='utf-8') try: crypto.verify(self._pubkey, signature, message, 'sha256') return True except crypto.Error: return False
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string, The message to verify. signature: string, The signature on the message. Returns: True if message was singed by the private key associated with the public key that this object was constructed with. """ try: crypto.verify(self._pubkey, signature, message, 'sha256') return True except: return False
def _VerifyChain(self, untrusted_certs, cert): tempdir = tempfile.mkdtemp() try: untrusted_path = os.path.join(tempdir, 'untrusted.pem') with open(untrusted_path, 'w') as fh: for cert_str in untrusted_certs: fh.write(cert_str) cert_path = os.path.join(tempdir, 'cert.pem') with open(cert_path, 'w') as fh: fh.write(cert) # Rely on pipe buffering to eat the stdout junk subprocess.check_call([ 'openssl', 'verify', '-CAfile', self._ca_cert_path, '-untrusted', untrusted_path, cert_path, ], stdout=subprocess.PIPE) finally: shutil.rmtree(tempdir)
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string, The message to verify. signature: string, The signature on the message. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. """ from OpenSSL import crypto try: if isinstance(message, six.text_type): message = message.encode('utf-8') crypto.verify(self._pubkey, signature, message, 'sha256') return True except: return False
def verify_signed_message(given_message,given_encoded_sig,given_cert): '''Given strings for the message, its signature, and a certificate object, verify the message. Returns true or false.''' # Decode given signature (expected base64 encoding): try: decoded_sig = base64.b64decode(given_encoded_sig) except: common.logging_error("Could not interpret encoded signature.") return False # Verify the signature: try: # OpenSSL is funny. A successful crypto.verify() returns a None object! crypto.verify(given_cert,decoded_sig,given_message,config_client_pki.CSR_SIGNING_HASH_ALGORITHM) return True except crypto.Error: common.logging_error("Message fails verification.") return False
def validate_signature(app_root, cert): app_metadata_folder = os.path.join(app_root, META_DATA_FOLDER) app_manifest_file = os.path.join(app_metadata_folder, MANIFEST_FILE) signature_file = os.path.join(app_metadata_folder, SIGNATURE_FILE) with open(signature_file, 'rb') as sf: signature = sf.read() checksum = file_checksum(hashlib.sha256, file=app_manifest_file).encode('utf-8') if cert: try: crypto.verify(cert, signature, checksum, 'sha256') except Exception as e: raise InvalidSignature('Invalid Signature: ' + e) else: if checksum != signature: raise InvalidSignature('Invalid Signature')
def verify_chain(self, cert_chain_str_list, cert_str): """ :param cert_chain_str_list: Must be a list of certificate strings, where the first certificate to be validate is in the beginning and the root certificate is last. :param cert_str: The certificate to be validated. :return: """ for tmp_cert_str in cert_chain_str_list: valid, message = self.verify(tmp_cert_str, cert_str) if not valid: return False, message else: cert_str = tmp_cert_str return (True, "Signed certificate is valid and correctly signed by CA " "certificate.")
def test_sign(self): """ L{X509Req.sign} succeeds when passed a private key object and a valid digest function. C{X509Req.verify} can be used to check the signature. """ request = self.signable() key = PKey() key.generate_key(TYPE_RSA, 512) request.set_pubkey(key) request.sign(key, 'MD5') # If the type has a verify method, cover that too. if getattr(request, 'verify', None) is not None: pub = request.get_pubkey() self.assertTrue(request.verify(pub)) # Make another key that won't verify. key = PKey() key.generate_key(TYPE_RSA, 512) self.assertRaises(Error, request.verify, key)
def test_load_pkcs12(self): """ A PKCS12 string generated using the openssl command line can be loaded with L{load_pkcs12} and its components extracted and examined. """ passwd = 'whatever' pem = client_key_pem + client_cert_pem p12_str = _runopenssl( pem, "pkcs12", '-export', '-clcerts', '-passout', 'pass:' + passwd) p12 = load_pkcs12(p12_str, passwd) # verify self.assertTrue(isinstance(p12, PKCS12)) cert_pem = dump_certificate(FILETYPE_PEM, p12.get_certificate()) self.assertEqual(cert_pem, client_cert_pem) key_pem = dump_privatekey(FILETYPE_PEM, p12.get_privatekey()) self.assertEqual(key_pem, client_key_pem) self.assertEqual(None, p12.get_ca_certificates())
def test_get_revoked(self): """ Use python to create a simple CRL with two revocations. Get back the L{Revoked} using L{OpenSSL.CRL.get_revoked} and verify them. """ crl = CRL() revoked = Revoked() now = b(datetime.now().strftime("%Y%m%d%H%M%SZ")) revoked.set_rev_date(now) revoked.set_serial(b('3ab')) crl.add_revoked(revoked) revoked.set_serial(b('100')) revoked.set_reason(b('sUpErSeDEd')) crl.add_revoked(revoked) revs = crl.get_revoked() self.assertEqual(len(revs), 2) self.assertEqual(type(revs[0]), Revoked) self.assertEqual(type(revs[1]), Revoked) self.assertEqual(revs[0].get_serial(), b('03AB')) self.assertEqual(revs[1].get_serial(), b('0100')) self.assertEqual(revs[0].get_rev_date(), now) self.assertEqual(revs[1].get_rev_date(), now)
def __init__(self, pubkey): """Constructor. Args: pubkey: OpenSSL.crypto.PKey, The public key to verify with. """ self._pubkey = pubkey
def __init__(self, pubkey): """Constructor. Args: pubkey, OpenSSL.crypto.PKey, The public key to verify with. """ self._pubkey = pubkey
def __init__(self, pubkey): """Constructor. Args: pubkey, OpenSSL.crypto.PKey (or equiv), The public key to verify with. """ self._pubkey = pubkey
def __init__(self, base_url, ca_cert, image_dir, https_ca_cert, https_client_cert, https_client_key): self._base_url = base_url self._ca_cert_path = ca_cert self._image_dir = image_dir self._session = requests.Session() if https_ca_cert: self._session.verify = https_ca_cert if https_client_cert and https_client_key: self._session.cert = (https_client_cert, https_client_key)
