diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index fc8a031..24cb8ec 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,14 +1,9 @@
#! /usr/bin/env python3
-#import OpenSSL
-#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
-#from OpenSSL.crypto import verify as OpenSSL_verify
import base64, os
-#from hashlib import sha512
-from Crypto.PublicKey import ECC
-from Crypto.Signature import DSS
-import Crypto.Hash.SHA512 as SHA512
-#from hashlib import sha512 as SHA512
+from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
+import OpenSSL
+
PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
@@ -21,30 +16,35 @@ class AuthVerifyer ():
for line in pk.readlines():
pk_content += line
print(pk_content)
- self.pubkey = ECC.import_key(pk_content)
- #self.pubkey.set_pubkey(
- # load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
- #)
+ pkey = load_publickey(FILETYPE_PEM, pk_content)
+ self.x509 = X509()
+ self.x509.set_pubkey(pkey)
- print(self.pubkey)
+ print(self.x509)
def verify(self, params, signature):
- # sig = base64.b64decode(signature)
# print(type(sig))
#OpenSSL_verify(self.pubkey, sig
#, base64.b64decode(params), "sha512")
- h = SHA512.new()
- h.update(base64.b64decode(params))
+ sig = base64.b64decode(signature)
+ print(f"sig: {sig}")
+ print(f"params: {params}")
+ try:
+ verify(self.x509, sig, params, 'sha512')
+ except OpenSSL.crypto.Error:
+ return False, "Signature Failed"
+ #h = SHA512.new()
+ #h.update(base64.b64decode(params))
#print(h.hexdigest())
- verifier = DSS.new(self.pubkey, 'fips-186-3')
- valid = verifier.verify(h, signature)
- return valid
+ #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
+ #valid = verifier.verify(h, base64.b64decode(signature))
+ return True, ""
if __name__ == "__main__":
example_com_verifier = AuthVerifyer("example.com")
- example_com_verifier.verify(
- params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
- signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
- )
+ print (example_com_verifier.verify(
+ params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
+ signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
+ ) )
#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'