commit 9a3ca0dc310d58cef1428d5cfaa200c3b4fd1754
parent 1e91c0f254965f0a54845d8c10378894b5ad79a5
Author: ThomasV <thomasv@gitorious>
Date: Mon, 30 Jun 2014 20:19:18 +0200
add support for RSA_SHA256
Diffstat:
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py
@@ -189,13 +189,19 @@ class PaymentRequest:
prev_x = x509_chain[i-1]
algo, sig, data = prev_x.extract_sig()
- if algo.getComponentByName('algorithm') != x509.ALGO_RSA_SHA1:
- self.error = "Algorithm not suported"
- return
-
sig = bytearray(sig[5:])
pubkey = x.publicKey
- verify = pubkey.hashAndVerify(sig, data)
+ if algo.getComponentByName('algorithm') == x509.ALGO_RSA_SHA1:
+ verify = pubkey.hashAndVerify(sig, data)
+ elif algo.getComponentByName('algorithm') == x509.ALGO_RSA_SHA256:
+ hashBytes = bytearray(hashlib.sha256(data).digest())
+ prefixBytes = bytearray([0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20])
+ verify = pubkey.verify(sig, prefixBytes + hashBytes)
+ else:
+ self.error = "Algorithm not supported"
+ util.print_error(self.error, algo.getComponentByName('algorithm'))
+ return
+
if not verify:
self.error = "Certificate not Signed by Provided CA Certificate Chain"
return
diff --git a/lib/x509.py b/lib/x509.py
@@ -51,7 +51,7 @@ from pyasn1_modules.rfc2459 import id_ce_basicConstraints, BasicConstraints
XMPP_ADDR = ObjectIdentifier('1.3.6.1.5.5.7.8.5')
SRV_NAME = ObjectIdentifier('1.3.6.1.5.5.7.8.7')
ALGO_RSA_SHA1 = ObjectIdentifier('1.2.840.113549.1.1.5')
-
+ALGO_RSA_SHA256 = ObjectIdentifier('1.2.840.113549.1.1.11')
class CertificateError(Exception):
pass
