Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RSASSA-PSS support #30

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

RSASSA-PSS support #30

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
554b494
Update validate.py
LuNoX Nov 13, 2020
8564662
Added testing cert for RSASSA-PSS
LuNoX Nov 29, 2022
ee024d0
Added test for RSASS-PSS
LuNoX Nov 29, 2022
03e8c50
Fixed wrong method call
LuNoX Nov 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions certvalidator/validate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,8 @@ def _validate_path(validation_context, path, end_entity_name_override=None):
verify_func = asymmetric.dsa_verify
elif signature_algo == 'ecdsa':
verify_func = asymmetric.ecdsa_verify
elif signature_algo == 'rsassa_pss':
verify_func = asymmetric.rsa_pss_verify
else:
raise PathValidationError(pretty_message(
'''
Expand Down
44 changes: 44 additions & 0 deletions tests/fixtures/[email protected]_0x79D286D4.cer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
-----BEGIN CERTIFICATE-----
MIIHwDCCBXSgAwIBAgIMPpOpa8W7RcPCgWw0MEEGCSqGSIb3DQEBCjA0oA8wDQYJ
YIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBG
MSgwJgYDVQQDDB9BdG9zIENsaWVudCA0MDk2IFBTUyBHMiBDQSAyMDIyMQ0wCwYD
VQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMjEwMjEwNjU3NDBaFw0yNDEwMjAw
NjU3MzlaMHExCzAJBgNVBAYTAkRFMRYwFAYDVQQKDA1XZXN0bmV0eiBHbWJIMRAw
DgYDVQQDDAdCREVXOlBOMTgwNgYJKoZIhvcNAQkBFillZGlmYWN0X2xpZWZlcmFu
dF9zdHJvbV9yd2VzdEB3ZXN0bmV0ei5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBAKy9V35gjNI9XZ4hP1O/C56+IIcdushD28Y+Q76UWcdTrGciqriF
jOWmAEy4K1xo8rn+cfpfa4wW33rFy9uISKspRwDJMSvr34Cggi54TuP3lF88p+/9
uhL4KrYRc0rhCWEvc8y07ASUc3hDHhmprzV0Ii4p/HAxa2D7vddyjcMFfPSwM3JQ
EaSytTjNBucMucmY+qPC2Y13xq5kHE+pQZU52uLfvOzG9SB9kHzc5dJVLzGkKgVk
++Ys992COzf0URB4BOgpo84uGv7tLQ7NClXN4iP8uRm+UAm8pTxP6Op2qw65y3SO
fzf5y2fIyvRGxo5XkYr4ge5mW80qGLZaW398G7iVafg6YnWDbXWPYXW8CkkoS7EY
htbfUCci61+TMWomJ4rODw4Bh2Cte7LjnNyovMGEwUVunMUrKI47M1Iew/sEEHt7
RdAWx2SHTzUSPU1sBiKRswVBHlHkRATszMJm1xlxfTfg95u5HwRZDSQBL1N2k+qd
ddRUwXkyVQzR6S2nWkLsZzragh9iLskVGswXh9k/TgioR7V72XANucUUriW7Qsy6
yEPbUy+DxMTF+32mHkczasAocT4SEHx//821PGNWEiF4FH4agp3txPwLUdGMfNo1
LOxkDwEp7ykT0gWzleTYibEyEjc/vQcd4thfN0wo+fu9rSY8TzswA0PZAgMBAAGj
ggIZMIICFTAfBgNVHSMEGDAWgBSQIJ3jvyrJ1qRYdBVvuBIQt5R8gzCBggYIKwYB
BQUHAQEEdjB0MEwGCCsGAQUFBzAChkBodHRwOi8vcGtpLWNybC5hdG9zLm5ldC9j
ZXJ0aWZpY2F0ZXMvQXRvc1Jvb3Q0MDk2UFNTRzJDQTIwMjIuY2VyMCQGCCsGAQUF
BzABhhhodHRwOi8vcGtpLW9jc3AuYXRvcy5uZXQwNAYDVR0RBC0wK4EpZWRpZmFj
dF9saWVmZXJhbnRfc3Ryb21fcndlc3RAd2VzdG5ldHouZGUwHQYDVR0lBBYwFAYI
KwYBBQUHAwIGCCsGAQUFBwMEMIHoBgNVHR8EgeAwgd0wRaBDoEGGP2h0dHA6Ly9w
a2ktY3JsLmF0b3MubmV0L2NybC9BdG9zX0NsaWVudF80MDk2X1BTU19HMl9DQV8y
MDIyLmNybDCBk6CBkKCBjYaBimxkYXA6Ly9wa2ktbGRhcC5hdG9zLm5ldC9jbj1B
dG9zJTIwQ2xpZW50JTIwNDA5NiUyMFBTUyUyMEcyJTIwQ0ElMjAyMDIyLG91PUNB
LG91PUF0b3MlMjBUQyxvPUF0b3MsZGM9YXRvcyxkYz1uZXQ/Y2VydGlmaWNhdGVS
ZXZvY2F0aW9uTGlzdDAdBgNVHQ4EFgQULLkLSPpZvcbHptcu8u6JU9KpEiQwDgYD
VR0PAQH/BAQDAgSwMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAa
BgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAgEAMzBbIJhzqDR6Sds0
fwncuUoAbOmvoSUiSNsJ48XEHGVbjA7i/is2cnEoQqnMhdfLwYBcr11IwrPgQdZt
PdX+n1bmqoSA4euLvs6CMUJUcrwxIVZtzcBHGK3nac5uvsI/xTU3SzcSSxfGJ6kt
6usGQlOAxFhCaj0p3vmHovHhzFuNeCmwP4fz+qnqIyI2JLnGqxe50zOY8jGrfwXG
JO2/9gJ4f9lFiHvRw26iFzNraIaEuYoNaSzy+GjyBskvjuRCM02tmgDvTHa0mgJ5
mNKovaw8jGm8xDiaNH+3UzL7/c9sa4XGaxpj+MDQHMmDFkI0sTQU8sRRd/BBp0Ec
MfSmsWqPziZ16yIJ/S28l1pTRgZZPsbGwCu+Lh2G3+aIHVNh2adboMn/jLPOx2x7
qM1kCyyW1opME0wxcIohPdg2Jw9BILG8qZrR9ZvHNMoqdRu/IUGb2YoJhLj0mTJw
EM6Y6kHeKUIOSRiVqeebKnpYTHP+QKU5+K95GiK6IpPnJkZDKqT/uifal5OTh5nY
5WCMjt3ibgcA2MT+Erox7FxZq736HuexEDur4ZxJiREeeV10pFlWB+JdN58i6Z1H
b0XuY51AWuHT0t1t2bIlGC7IxgyGw2U/WMxon7fLuH46w/YYdcQN2nIc0bN7KEWl
vr7I2FX71Sd/MwTcV7bWsVdB1IM=
-----END CERTIFICATE-----
13 changes: 13 additions & 0 deletions tests/test_certificate_validator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,3 +100,16 @@ def test_basic_certificate_validator_tls_whitelist(self):

# If whitelist does not work, this will raise exception for key usage
validator.validate_usage(set(['crl_sign']))

def test_basic_certificate_validator_RSASSA_PSS(self):
cert = self._load_cert_object(
'[email protected]_0x79D286D4.cer')

moment = datetime(2023, 1, 1, 0, 0, 0, tzinfo=timezone.utc)

context = ValidationContext(moment=moment)
validator = CertificateValidator(cert, context)

# If RSASSA-PSS does not work, this will raise an exception
validator._validate_path()