(headDict, paylDict, sig, pubKey)
| 936 | return valid |
| 937 | |
| 938 | def verifyTokenEC(headDict, paylDict, sig, pubKey): |
| 939 | newContents = genContents(headDict, paylDict) |
| 940 | message = newContents.encode('UTF-8') |
| 941 | if "-" in str(sig): |
| 942 | try: |
| 943 | signature = base64.urlsafe_b64decode(sig) |
| 944 | except: |
| 945 | pass |
| 946 | try: |
| 947 | signature = base64.urlsafe_b64decode(sig+"=") |
| 948 | except: |
| 949 | pass |
| 950 | try: |
| 951 | signature = base64.urlsafe_b64decode(sig+"==") |
| 952 | except: |
| 953 | pass |
| 954 | elif "+" in str(sig): |
| 955 | try: |
| 956 | signature = base64.b64decode(sig) |
| 957 | except: |
| 958 | pass |
| 959 | try: |
| 960 | signature = base64.b64decode(sig+"=") |
| 961 | except: |
| 962 | pass |
| 963 | try: |
| 964 | signature = base64.b64decode(sig+"==") |
| 965 | except: |
| 966 | pass |
| 967 | else: |
| 968 | cprintc("Signature not Base64 encoded HEX", "red") |
| 969 | if headDict['alg'] == "ES256": |
| 970 | h = SHA256.new(message) |
| 971 | elif headDict['alg'] == "ES384": |
| 972 | h = SHA384.new(message) |
| 973 | elif headDict['alg'] == "ES512": |
| 974 | h = SHA512.new(message) |
| 975 | else: |
| 976 | cprintc("Invalid ECDSA algorithm", "red") |
| 977 | pubkey = open(pubKey, "r") |
| 978 | pub_key = ECC.import_key(pubkey.read()) |
| 979 | verifier = DSS.new(pub_key, 'fips-186-3') |
| 980 | try: |
| 981 | verifier.verify(h, signature) |
| 982 | cprintc("ECC Signature is VALID", "green") |
| 983 | valid = True |
| 984 | except: |
| 985 | cprintc("ECC Signature is INVALID", "red") |
| 986 | valid = False |
| 987 | return valid |
| 988 | |
| 989 | def verifyTokenPSS(headDict, paylDict, sig, pubKey): |
| 990 | key = RSA.importKey(open(pubKey).read()) |
no test coverage detected