add support for RSA_SHA256
This commit is contained in:
parent
1e91c0f254
commit
9a3ca0dc31
|
@ -189,13 +189,19 @@ class PaymentRequest:
|
||||||
prev_x = x509_chain[i-1]
|
prev_x = x509_chain[i-1]
|
||||||
|
|
||||||
algo, sig, data = prev_x.extract_sig()
|
algo, sig, data = prev_x.extract_sig()
|
||||||
if algo.getComponentByName('algorithm') != x509.ALGO_RSA_SHA1:
|
|
||||||
self.error = "Algorithm not suported"
|
|
||||||
return
|
|
||||||
|
|
||||||
sig = bytearray(sig[5:])
|
sig = bytearray(sig[5:])
|
||||||
pubkey = x.publicKey
|
pubkey = x.publicKey
|
||||||
verify = pubkey.hashAndVerify(sig, data)
|
if algo.getComponentByName('algorithm') == x509.ALGO_RSA_SHA1:
|
||||||
|
verify = pubkey.hashAndVerify(sig, data)
|
||||||
|
elif algo.getComponentByName('algorithm') == x509.ALGO_RSA_SHA256:
|
||||||
|
hashBytes = bytearray(hashlib.sha256(data).digest())
|
||||||
|
prefixBytes = bytearray([0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20])
|
||||||
|
verify = pubkey.verify(sig, prefixBytes + hashBytes)
|
||||||
|
else:
|
||||||
|
self.error = "Algorithm not supported"
|
||||||
|
util.print_error(self.error, algo.getComponentByName('algorithm'))
|
||||||
|
return
|
||||||
|
|
||||||
if not verify:
|
if not verify:
|
||||||
self.error = "Certificate not Signed by Provided CA Certificate Chain"
|
self.error = "Certificate not Signed by Provided CA Certificate Chain"
|
||||||
return
|
return
|
||||||
|
|
|
@ -51,7 +51,7 @@ from pyasn1_modules.rfc2459 import id_ce_basicConstraints, BasicConstraints
|
||||||
XMPP_ADDR = ObjectIdentifier('1.3.6.1.5.5.7.8.5')
|
XMPP_ADDR = ObjectIdentifier('1.3.6.1.5.5.7.8.5')
|
||||||
SRV_NAME = ObjectIdentifier('1.3.6.1.5.5.7.8.7')
|
SRV_NAME = ObjectIdentifier('1.3.6.1.5.5.7.8.7')
|
||||||
ALGO_RSA_SHA1 = ObjectIdentifier('1.2.840.113549.1.1.5')
|
ALGO_RSA_SHA1 = ObjectIdentifier('1.2.840.113549.1.1.5')
|
||||||
|
ALGO_RSA_SHA256 = ObjectIdentifier('1.2.840.113549.1.1.11')
|
||||||
|
|
||||||
class CertificateError(Exception):
|
class CertificateError(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
Loading…
Reference in New Issue