Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def _verify_cert(self, cert, pubkey):
"""Returns True if cert contains a correct signature made using the
provided key
NB: This *only* checks the signature. No other checks are performed.
E.g. the trust chain, expiry are all ignored.
"""
cert_signature = cert.signature
cert_bytes = cert.tbs_certificate_bytes
if isinstance(pubkey, rsa.RSAPublicKey):
verifier = pubkey.verifier(
cert_signature,
padding.PKCS1v15(),
cert.signature_hash_algorithm
)
elif isinstance(pubkey, ec.EllipticCurvePublicKey):
verifier = pubkey.verifier(
cert_signature,
ec.ECDSA(cert.signature_hash_algorithm)
)
else:
raise ValueError("Unsupported public key value")
verifier.update(cert_bytes)
try:
verifier.verify()
return True
except InvalidSignature:
def create_proof_data(self, verification_report, evidence_payload):
verification_report_json = json.dumps(verification_report)
signature = \
self._report_private_key.sign(
verification_report_json.encode(),
padding.PKCS1v15(),
hashes.SHA256())
proof_data_dict = OrderedDict([
('evidence_payload', evidence_payload),
('verification_report', verification_report_json),
('signature', base64.b64encode(signature).decode())]
)
return json.dumps(proof_data_dict)
def signproc(tosign, algosig):
key = p12[0]
signed_value_signature = key.sign(
tosign,
padding.PKCS1v15(),
getattr(hashes, algosig.upper())()
)
return signed_value_signature
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def _sign(self, msg):
if not self._signing_key:
return None
return self._signing_key.sign(
(self._queue + msg).encode('utf-8'),
padding.PKCS1v15(), hashes.SHA256())
def sign(self, data, algorithm):
"""Sign a block of data"""
priv_key = self.pyca_key
return priv_key.sign(data, PKCS1v15(), self.get_hash(algorithm))
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt_secret(public_key, shared_secret):
return public_key.encrypt(
plaintext=shared_secret,
padding=padding.PKCS1v15())
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def sign(self, msg, key):
return key.sign(msg, padding.PKCS1v15(), self.hash_alg())