@@ -870,17 +870,22 @@ def verify(self, data, require_x509=True, x509_cert=None, cert_subject_name=None
870870
871871 # If both X509Data and KeyValue are present, match one against the other and raise an error on mismatch
872872 if key_value is not None :
873- if self .check_key_value_matches_cert_public_key (key_value , signing_cert .get_pubkey (), signature_alg ) is False :
873+ if self .check_key_value_matches_cert_public_key (key_value , signing_cert .get_pubkey (),
874+ signature_alg ) is False :
874875 if ignore_ambiguous_key_info is False :
875876 raise InvalidInput ("Both X509Data and KeyValue found and they represent different public keys. "
876- "Use verify(ignore_ambiguous_key_info=True) to ignore KeyValue and validate using X509Data only." )
877+ "Use verify(ignore_ambiguous_key_info=True) to ignore KeyValue and validate "
878+ "using X509Data only." )
877879
878- # If both X509Data and DEREncodedKeyValue are present, match one against the other and raise an error on mismatch
880+ # If both X509Data and DEREncodedKeyValue are present, match one against the other and raise an error on
881+ # mismatch
879882 if der_encoded_key_value is not None :
880- if self .check_der_key_value_matches_cert_public_key (der_encoded_key_value , signing_cert .get_pubkey (), signature_alg ) is False :
883+ if self .check_der_key_value_matches_cert_public_key (der_encoded_key_value , signing_cert .get_pubkey (),
884+ signature_alg ) is False :
881885 if ignore_ambiguous_key_info is False :
882- raise InvalidInput ("Both X509Data and DEREncodedKeyValue found and they represent different public keys. "
883- "Use verify(ignore_ambiguous_key_info=True) to ignore DEREncodedKeyValue and validate using X509Data only." )
886+ raise InvalidInput ("Both X509Data and DEREncodedKeyValue found and they represent different "
887+ "public keys. Use verify(ignore_ambiguous_key_info=True) to ignore "
888+ "DEREncodedKeyValue and validate using X509Data only." )
884889
885890 # TODO: CN verification goes here
886891 # TODO: require one of the following to be set: either x509_cert or (ca_pem_file or ca_path) or common_name
@@ -932,8 +937,7 @@ def verify(self, data, require_x509=True, x509_cert=None, cert_subject_name=None
932937 return verify_results if expect_references > 1 else verify_results [0 ]
933938
934939 def check_key_value_matches_cert_public_key (self , key_value , public_key , signature_alg ):
935- if "ecdsa-" in signature_alg \
936- and isinstance (public_key .to_cryptography_key (), ec .EllipticCurvePublicKey ):
940+ if "ecdsa-" in signature_alg and isinstance (public_key .to_cryptography_key (), ec .EllipticCurvePublicKey ):
937941 ec_key_value = self ._find (key_value , "ECKeyValue" , namespace = "dsig11" )
938942 named_curve = self ._find (ec_key_value , "NamedCurve" , namespace = "dsig11" )
939943 public_key = self ._find (ec_key_value , "PublicKey" , namespace = "dsig11" )
@@ -948,8 +952,7 @@ def check_key_value_matches_cert_public_key(self, key_value, public_key, signatu
948952
949953 return curve_class == pubk_curve and x == pubk_x and y == pubk_y
950954
951- elif "dsa-" in signature_alg \
952- and isinstance (public_key .to_cryptography_key (), dsa .DSAPublicKey ):
955+ elif "dsa-" in signature_alg and isinstance (public_key .to_cryptography_key (), dsa .DSAPublicKey ):
953956 dsa_key_value = self ._find (key_value , "DSAKeyValue" )
954957 p = self ._get_long (dsa_key_value , "P" )
955958 q = self ._get_long (dsa_key_value , "Q" )
@@ -961,8 +964,7 @@ def check_key_value_matches_cert_public_key(self, key_value, public_key, signatu
961964
962965 return p == pubk_p and q == pubk_q and g == pubk_g
963966
964- elif "rsa-" in signature_alg \
965- and isinstance (public_key .to_cryptography_key (), rsa .RSAPublicKey ):
967+ elif "rsa-" in signature_alg and isinstance (public_key .to_cryptography_key (), rsa .RSAPublicKey ):
966968 rsa_key_value = self ._find (key_value , "RSAKeyValue" )
967969 n = self ._get_long (rsa_key_value , "Modulus" )
968970 e = self ._get_long (rsa_key_value , "Exponent" )
@@ -978,8 +980,8 @@ def check_der_key_value_matches_cert_public_key(self, der_encoded_key_value, pub
978980 der_public_key = load_der_public_key (b64decode (der_encoded_key_value .text ), backend = default_backend ())
979981
980982 if "ecdsa-" in signature_alg \
981- and isinstance (der_public_key , ec .EllipticCurvePublicKey ) \
982- and isinstance (public_key .to_cryptography_key (), ec .EllipticCurvePublicKey ):
983+ and isinstance (der_public_key , ec .EllipticCurvePublicKey ) \
984+ and isinstance (public_key .to_cryptography_key (), ec .EllipticCurvePublicKey ):
983985 curve_class = der_public_key .public_numbers ().curve
984986 x = der_public_key .public_numbers ().x
985987 y = der_public_key .public_numbers ().y
@@ -991,8 +993,8 @@ def check_der_key_value_matches_cert_public_key(self, der_encoded_key_value, pub
991993 return curve_class == pubk_curve and x == pubk_x and y == pubk_y
992994
993995 elif "dsa-" in signature_alg \
994- and isinstance (der_public_key , dsa .DSAPublicKey ) \
995- and isinstance (public_key .to_cryptography_key (), dsa .DSAPublicKey ):
996+ and isinstance (der_public_key , dsa .DSAPublicKey ) \
997+ and isinstance (public_key .to_cryptography_key (), dsa .DSAPublicKey ):
996998 p = der_public_key .public_numbers ().parameter_numbers ().p
997999 q = der_public_key .public_numbers ().parameter_numbers ().q
9981000 g = der_public_key .public_numbers ().parameter_numbers ().g
@@ -1004,8 +1006,8 @@ def check_der_key_value_matches_cert_public_key(self, der_encoded_key_value, pub
10041006 return p == pubk_p and q == pubk_q and g == pubk_g
10051007
10061008 elif "rsa-" in signature_alg \
1007- and isinstance (der_public_key , rsa .RSAPublicKey ) \
1008- and isinstance (public_key .to_cryptography_key (), rsa .RSAPublicKey ):
1009+ and isinstance (der_public_key , rsa .RSAPublicKey ) \
1010+ and isinstance (public_key .to_cryptography_key (), rsa .RSAPublicKey ):
10091011 n = der_public_key .public_numbers ().n
10101012 e = der_public_key .public_numbers ().e
10111013
0 commit comments