diff options
| author | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2013-03-06 11:10:20 -0800 |
|---|---|---|
| committer | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2013-03-06 11:10:20 -0800 |
| commit | 5565f0feb94f27bb67eda4a966f3b19e0875d6fb (patch) | |
| tree | 95847589e63cc4f107f9a2bd856f5c98dbc3022f | |
| parent | 173cff9ff499246703d3e1cf78ed75f5be9f51f0 (diff) | |
| download | pyopenssl-5565f0feb94f27bb67eda4a966f3b19e0875d6fb.tar.gz | |
Implement X509Req.verify
| -rw-r--r-- | OpenSSL/crypto.py | 20 | ||||
| -rw-r--r-- | OpenSSL/test/test_crypto.py | 47 |
2 files changed, 67 insertions, 0 deletions
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py index 736227b..23c533c 100644 --- a/OpenSSL/crypto.py +++ b/OpenSSL/crypto.py @@ -594,6 +594,26 @@ class X509Req(object): 1/0 + def verify(self, pkey): + """ + Verifies a certificate request using the supplied public key + + :param key: a public key + :return: True if the signature is correct. + + :raise OpenSSL.crypto.Error: If the signature is invalid or there is a + problem verifying the signature. + """ + if not isinstance(pkey, PKey): + raise TypeError("pkey must be a PKey instance") + + result = _api.X509_REQ_verify(self._req, pkey._pkey) + if result <= 0: + _raise_current_error(Error) + + return result + + X509ReqType = X509Req diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py index 2ba06a6..7fb2d25 100644 --- a/OpenSSL/test/test_crypto.py +++ b/OpenSSL/test/test_crypto.py @@ -1061,6 +1061,53 @@ class X509ReqTests(TestCase, _PKeyInteractionTestsMixin): self.assertRaises(TypeError, request.add_extensions, [], None) + def test_verify_wrong_args(self): + """ + :py:obj:`X509Req.verify` raises :py:obj:`TypeError` if called with zero + arguments or more than one argument or if passed anything other than a + :py:obj:`PKey` instance as its single argument. + """ + request = X509Req() + self.assertRaises(TypeError, request.verify) + self.assertRaises(TypeError, request.verify, object()) + self.assertRaises(TypeError, request.verify, PKey(), object()) + + + def test_verify_uninitialized_key(self): + """ + :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called + with a :py:obj:`OpenSSL.crypto.PKey` which contains no key data. + """ + request = X509Req() + pkey = PKey() + self.assertRaises(Error, request.verify, pkey) + + + def test_verify_wrong_key(self): + """ + :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called + with a :py:obj:`OpenSSL.crypto.PKey` which does not represent the public + part of the key which signed the request. + """ + request = X509Req() + pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) + request.sign(pkey, b"SHA1") + another_pkey = load_privatekey(FILETYPE_PEM, client_key_pem) + self.assertRaises(Error, request.verify, another_pkey) + + + def test_verify_success(self): + """ + :py:obj:`X509Req.verify` returns :py:obj:`True` if called with a + :py:obj:`OpenSSL.crypto.PKey` which represents the public part ofthe key + which signed the request. + """ + request = X509Req() + pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) + request.sign(pkey, b"SHA1") + self.assertEqual(True, request.verify(pkey)) + + class X509Tests(TestCase, _PKeyInteractionTestsMixin): """ |