From 554b49408ec7f1494435662cf7ed9984f1c25f2f Mon Sep 17 00:00:00 2001 From: LuNoX Date: Fri, 13 Nov 2020 12:15:09 +0100 Subject: [PATCH 1/4] Update validate.py Added support for RSASSA-PSS signature validation --- certvalidator/validate.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/certvalidator/validate.py b/certvalidator/validate.py index b0cfb05..b86fcd0 100644 --- a/certvalidator/validate.py +++ b/certvalidator/validate.py @@ -319,6 +319,8 @@ def _validate_path(validation_context, path, end_entity_name_override=None): verify_func = asymmetric.dsa_verify elif signature_algo == 'ecdsa': verify_func = asymmetric.ecdsa_verify + elif signature_algo == 'rsassa_pss': + verify_func = asymmetric.rsa_pss_verify else: raise PathValidationError(pretty_message( ''' From 8564662bd58e5003a2a3031a4308b2ddd478f364 Mon Sep 17 00:00:00 2001 From: LuNoX Date: Tue, 29 Nov 2022 14:26:54 +0100 Subject: [PATCH 2/4] Added testing cert for RSASSA-PSS --- ...ant_strom_rwest@westnetz.de_0x79D286D4.cer | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 tests/fixtures/edifact_lieferant_strom_rwest@westnetz.de_0x79D286D4.cer diff --git a/tests/fixtures/edifact_lieferant_strom_rwest@westnetz.de_0x79D286D4.cer b/tests/fixtures/edifact_lieferant_strom_rwest@westnetz.de_0x79D286D4.cer new file mode 100644 index 0000000..2fa2cb3 --- /dev/null +++ b/tests/fixtures/edifact_lieferant_strom_rwest@westnetz.de_0x79D286D4.cer @@ -0,0 +1,44 @@ +-----BEGIN CERTIFICATE----- +MIIHwDCCBXSgAwIBAgIMPpOpa8W7RcPCgWw0MEEGCSqGSIb3DQEBCjA0oA8wDQYJ +YIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBG +MSgwJgYDVQQDDB9BdG9zIENsaWVudCA0MDk2IFBTUyBHMiBDQSAyMDIyMQ0wCwYD +VQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMjEwMjEwNjU3NDBaFw0yNDEwMjAw +NjU3MzlaMHExCzAJBgNVBAYTAkRFMRYwFAYDVQQKDA1XZXN0bmV0eiBHbWJIMRAw +DgYDVQQDDAdCREVXOlBOMTgwNgYJKoZIhvcNAQkBFillZGlmYWN0X2xpZWZlcmFu +dF9zdHJvbV9yd2VzdEB3ZXN0bmV0ei5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAKy9V35gjNI9XZ4hP1O/C56+IIcdushD28Y+Q76UWcdTrGciqriF +jOWmAEy4K1xo8rn+cfpfa4wW33rFy9uISKspRwDJMSvr34Cggi54TuP3lF88p+/9 +uhL4KrYRc0rhCWEvc8y07ASUc3hDHhmprzV0Ii4p/HAxa2D7vddyjcMFfPSwM3JQ +EaSytTjNBucMucmY+qPC2Y13xq5kHE+pQZU52uLfvOzG9SB9kHzc5dJVLzGkKgVk +++Ys992COzf0URB4BOgpo84uGv7tLQ7NClXN4iP8uRm+UAm8pTxP6Op2qw65y3SO +fzf5y2fIyvRGxo5XkYr4ge5mW80qGLZaW398G7iVafg6YnWDbXWPYXW8CkkoS7EY +htbfUCci61+TMWomJ4rODw4Bh2Cte7LjnNyovMGEwUVunMUrKI47M1Iew/sEEHt7 +RdAWx2SHTzUSPU1sBiKRswVBHlHkRATszMJm1xlxfTfg95u5HwRZDSQBL1N2k+qd +ddRUwXkyVQzR6S2nWkLsZzragh9iLskVGswXh9k/TgioR7V72XANucUUriW7Qsy6 +yEPbUy+DxMTF+32mHkczasAocT4SEHx//821PGNWEiF4FH4agp3txPwLUdGMfNo1 +LOxkDwEp7ykT0gWzleTYibEyEjc/vQcd4thfN0wo+fu9rSY8TzswA0PZAgMBAAGj +ggIZMIICFTAfBgNVHSMEGDAWgBSQIJ3jvyrJ1qRYdBVvuBIQt5R8gzCBggYIKwYB +BQUHAQEEdjB0MEwGCCsGAQUFBzAChkBodHRwOi8vcGtpLWNybC5hdG9zLm5ldC9j +ZXJ0aWZpY2F0ZXMvQXRvc1Jvb3Q0MDk2UFNTRzJDQTIwMjIuY2VyMCQGCCsGAQUF +BzABhhhodHRwOi8vcGtpLW9jc3AuYXRvcy5uZXQwNAYDVR0RBC0wK4EpZWRpZmFj +dF9saWVmZXJhbnRfc3Ryb21fcndlc3RAd2VzdG5ldHouZGUwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMIHoBgNVHR8EgeAwgd0wRaBDoEGGP2h0dHA6Ly9w +a2ktY3JsLmF0b3MubmV0L2NybC9BdG9zX0NsaWVudF80MDk2X1BTU19HMl9DQV8y +MDIyLmNybDCBk6CBkKCBjYaBimxkYXA6Ly9wa2ktbGRhcC5hdG9zLm5ldC9jbj1B +dG9zJTIwQ2xpZW50JTIwNDA5NiUyMFBTUyUyMEcyJTIwQ0ElMjAyMDIyLG91PUNB +LG91PUF0b3MlMjBUQyxvPUF0b3MsZGM9YXRvcyxkYz1uZXQ/Y2VydGlmaWNhdGVS +ZXZvY2F0aW9uTGlzdDAdBgNVHQ4EFgQULLkLSPpZvcbHptcu8u6JU9KpEiQwDgYD +VR0PAQH/BAQDAgSwMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAa +BgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAgEAMzBbIJhzqDR6Sds0 +fwncuUoAbOmvoSUiSNsJ48XEHGVbjA7i/is2cnEoQqnMhdfLwYBcr11IwrPgQdZt +PdX+n1bmqoSA4euLvs6CMUJUcrwxIVZtzcBHGK3nac5uvsI/xTU3SzcSSxfGJ6kt +6usGQlOAxFhCaj0p3vmHovHhzFuNeCmwP4fz+qnqIyI2JLnGqxe50zOY8jGrfwXG +JO2/9gJ4f9lFiHvRw26iFzNraIaEuYoNaSzy+GjyBskvjuRCM02tmgDvTHa0mgJ5 +mNKovaw8jGm8xDiaNH+3UzL7/c9sa4XGaxpj+MDQHMmDFkI0sTQU8sRRd/BBp0Ec +MfSmsWqPziZ16yIJ/S28l1pTRgZZPsbGwCu+Lh2G3+aIHVNh2adboMn/jLPOx2x7 +qM1kCyyW1opME0wxcIohPdg2Jw9BILG8qZrR9ZvHNMoqdRu/IUGb2YoJhLj0mTJw +EM6Y6kHeKUIOSRiVqeebKnpYTHP+QKU5+K95GiK6IpPnJkZDKqT/uifal5OTh5nY +5WCMjt3ibgcA2MT+Erox7FxZq736HuexEDur4ZxJiREeeV10pFlWB+JdN58i6Z1H +b0XuY51AWuHT0t1t2bIlGC7IxgyGw2U/WMxon7fLuH46w/YYdcQN2nIc0bN7KEWl +vr7I2FX71Sd/MwTcV7bWsVdB1IM= +-----END CERTIFICATE----- \ No newline at end of file From ee024d0b49c3ee2c63fd8e0bddfd9729237658c3 Mon Sep 17 00:00:00 2001 From: LuNoX Date: Tue, 29 Nov 2022 14:32:02 +0100 Subject: [PATCH 3/4] Added test for RSASS-PSS --- tests/test_certificate_validator.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/test_certificate_validator.py b/tests/test_certificate_validator.py index 086a030..ce01bb2 100644 --- a/tests/test_certificate_validator.py +++ b/tests/test_certificate_validator.py @@ -100,3 +100,16 @@ def test_basic_certificate_validator_tls_whitelist(self): # If whitelist does not work, this will raise exception for key usage validator.validate_usage(set(['crl_sign'])) + + def test_basic_certificate_validator_RSASSA_PSS(self): + cert = self._load_cert_object( + 'edifact_lieferant_strom_rwest@westnetz.de_0x79D286D4.cer') + + moment = datetime(2023, 1, 1, 0, 0, 0, tzinfo=timezone.utc) + + context = ValidationContext(moment=moment) + validator = CertificateValidator(cert, context) + + # If RSASSA-PSS does not work, this will raise an exception + validator.validate() + From 03e8c506009d6ff7754c60aacdfeaae84e13587c Mon Sep 17 00:00:00 2001 From: LuNoX Date: Tue, 29 Nov 2022 14:35:19 +0100 Subject: [PATCH 4/4] Fixed wrong method call --- tests/test_certificate_validator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_certificate_validator.py b/tests/test_certificate_validator.py index ce01bb2..f0d3757 100644 --- a/tests/test_certificate_validator.py +++ b/tests/test_certificate_validator.py @@ -111,5 +111,5 @@ def test_basic_certificate_validator_RSASSA_PSS(self): validator = CertificateValidator(cert, context) # If RSASSA-PSS does not work, this will raise an exception - validator.validate() + validator._validate_path()