jCloud/jeb-utils
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f467a412847c4ce6b1f5f804b13e09145506821
jeb-utils/src/jeb_utils/auth_utils.py
T
jakob.scheid 2f467a4128 Fixed license error
2026-02-23 22:37:13 +01:00

88 lines
2.4 KiB
Python
Raw Blame History

# Copyright 2026 jCloud Services GbR
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography import x509
import datetime
__all__ = [
'load_cert_file',
'Identity',
'Verifier'
]
def load_cert_file(path: str) -> x509.Certificate:
'''
Loads a certificate from a file
:param path: File path
:type path: str
:return: The certificate
:rtype: cryptography.x509.Certificate
'''
with open(path, 'rb') as f:
cert_data = f.read()
return x509.load_pem_x509_certificate(cert_data)
class Identity:
def __init__(self, cert: x509.Certificate = None):
self.cert = cert
@property
def public_key(self):
return self.cert.public_key()
@property
def issuer(self):
return self.cert.issuer
@property
def subject(self):
return self.cert.subject
@property
def not_valid_before(self):
return self.cert.not_valid_before_utc
@property
def not_valid_after(self):
return self.cert.not_valid_after_utc
@property
def signature_algorithm(self):
return self.cert.signature_hash_algorithm
class Verifier:
def __init__(self, trusted_ca: Identity):
self.trusted_ca = trusted_ca
def verify(self, identity: Identity, now = datetime.datetime.now(datetime.timezone.utc), verify_issuer = True):
if not (identity.not_valid_before <= now <= identity.not_valid_after):
return False
try:
self.trusted_ca.public_key.verify(
identity.cert.signature,
identity.cert.tbs_certificate_bytes,
padding.PKCS1v15(),
identity.cert.signature_hash_algorithm
)
except:
return False
if (identity.issuer != self.trusted_ca.subject) and verify_issuer:
return False
return True
Reference in New Issue View Git Blame Copy Permalink