neue Datei: .gitignore

neue Datei: README.md neue Datei: pyproject.toml neue Datei: src/jeb_utils/__init__.py neue Datei: src/jeb_utils/auth_utils.py neue Datei: src/jeb_utils/crypto_utils.py neue Datei: src/jeb_utils/exceptions.py neue Datei: src/jeb_utils/jeb_utils.py neue Datei: src/jeb_utils/jebp_utils.py neue Datei: src/jeb_utils/utils.py
2026-02-19 17:03:49 +01:00
commit a0036b6767
10 changed files with 1174 additions and 0 deletions
@@ -0,0 +1,74 @@
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography import x509
+import datetime
+
+__all__ = [
+    'load_cert_file',
+    'Identity',
+    'Verifier'
+]
+
+def load_cert_file(path: str) -> x509.Certificate:
+    '''
+    Loads a certificate from a file
+    
+    :param path: File path
+    :type path: str
+    :return: The certificate
+    :rtype: cryptography.x509.Certificate
+    '''
+    with open(path, 'rb') as f:
+        cert_data = f.read()
+    return x509.load_pem_x509_certificate(cert_data)
+
+class Identity:
+    def __init__(self, cert: x509.Certificate = None):
+        self.cert = cert
+
+    @property
+    def public_key(self):
+        return self.cert.public_key()
+
+    @property
+    def issuer(self):
+        return self.cert.issuer
+
+    @property
+    def subject(self):
+        return self.cert.subject
+
+    @property
+    def not_valid_before(self):
+        return self.cert.not_valid_before_utc
+
+    @property
+    def not_valid_after(self):
+        return self.cert.not_valid_after_utc
+    
+    @property
+    def signature_algorithm(self):
+        return self.cert.signature_hash_algorithm
+
+class Verifier:
+    def __init__(self, trusted_ca: Identity):
+        self.trusted_ca = trusted_ca
+
+    def verify(self, identity: Identity, now = datetime.datetime.now(datetime.timezone.utc), verify_issuer = True):
+        if not (identity.not_valid_before <= now <= identity.not_valid_after):
+            return False
+
+
+        try:
+            self.trusted_ca.public_key.verify(
+                identity.cert.signature,
+                identity.cert.tbs_certificate_bytes,
+                padding.PKCS1v15(),
+                identity.cert.signature_hash_algorithm
+            )
+        except:
+            return False
+        
+        if (identity.issuer != self.trusted_ca.subject) and verify_issuer:
+            return False
+        
+        return True