Change method to property
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 568eb40..3b14567 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -761,14 +761,11 @@
key embedded in the CSR). This data may be used to validate the CSR
signature.
- .. method:: verify()
+ .. attribute:: is_signature_valid
.. versionadded:: 1.3
- :raises cryptography.exceptions.InvalidSignature: If the signature does
- not validate.
-
- Verifies the CSR signature.
+ Returns True if the CSR signature is correct, False otherwise.
X.509 Certificate Revocation List Builder
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 18274aa..c71f8d9 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -7,7 +7,7 @@
import operator
from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.openssl.decode_asn1 import (
_CERTIFICATE_EXTENSION_PARSER, _CRL_EXTENSION_PARSER,
_CSR_EXTENSION_PARSER, _REVOKED_CERTIFICATE_EXTENSION_PARSER,
@@ -363,7 +363,8 @@
def signature(self):
return _asn1_string_to_bytes(self._backend, self._x509_req.signature)
- def verify(self):
+ @property
+ def is_signature_valid(self):
pkey = self._backend._lib.X509_REQ_get_pubkey(self._x509_req)
self._backend.openssl_assert(pkey != self._backend._ffi.NULL)
pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free)
@@ -371,4 +372,6 @@
if res != 1:
self._backend._consume_errors()
- raise InvalidSignature
+ return False
+
+ return True
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index d24070d..4a22ed0 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -288,8 +288,8 @@
2986.
"""
- @abc.abstractmethod
- def verify(self):
+ @abc.abstractproperty
+ def is_signature_valid(self):
"""
Verifies signature of signing request.
"""
diff --git a/tests/test_x509.py b/tests/test_x509.py
index fde0755..0eef0bc 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -18,7 +18,7 @@
import six
from cryptography import utils, x509
-from cryptography.exceptions import UnsupportedAlgorithm, InvalidSignature
+from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import (
DSABackend, EllipticCurveBackend, RSABackend, X509Backend
)
@@ -1241,23 +1241,21 @@
with pytest.raises(TypeError):
request.public_bytes('NotAnEncoding')
- def test_verify_bad(self, backend):
+ def test_signature_invalid(self, backend):
request = _load_cert(
os.path.join("x509", "requests", "invalid_signature.pem"),
x509.load_pem_x509_csr,
backend
)
+ assert not request.is_signature_valid
- with pytest.raises(InvalidSignature):
- request.verify()
-
- def test_verify_good(self, backend):
+ def test_signature_valid(self, backend):
request = _load_cert(
os.path.join("x509", "requests", "rsa_sha256.pem"),
x509.load_pem_x509_csr,
backend
)
- request.verify()
+ assert request.is_signature_valid
@pytest.mark.parametrize(
("request_path", "loader_func", "encoding"),