Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 5565f0feb94f27bb67eda4a966f3b19e0875d6fb^! / . / OpenSSL
commit5565f0feb94f27bb67eda4a966f3b19e0875d6fb[log] [tgz]
authorJean-Paul Calderone <exarkun@twistedmatrix.com>Wed Mar 06 11:10:20 2013 -0800
committerJean-Paul Calderone <exarkun@twistedmatrix.com>Wed Mar 06 11:10:20 2013 -0800
tree95847589e63cc4f107f9a2bd856f5c98dbc3022f
parent173cff9ff499246703d3e1cf78ed75f5be9f51f0 [diff]
Implement X509Req.verify
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 736227b..23c533c 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py

@@ -594,6 +594,26 @@
             1/0
 
 
+    def verify(self, pkey):
+        """
+        Verifies a certificate request using the supplied public key
+
+        :param key: a public key
+        :return: True if the signature is correct.
+
+        :raise OpenSSL.crypto.Error: If the signature is invalid or there is a
+            problem verifying the signature.
+        """
+        if not isinstance(pkey, PKey):
+            raise TypeError("pkey must be a PKey instance")
+
+        result = _api.X509_REQ_verify(self._req, pkey._pkey)
+        if result <= 0:
+            _raise_current_error(Error)
+
+        return result
+
+
 X509ReqType = X509Req
 
 

diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index 2ba06a6..7fb2d25 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py

@@ -1061,6 +1061,53 @@
         self.assertRaises(TypeError, request.add_extensions, [], None)
 
 
+    def test_verify_wrong_args(self):
+        """
+        :py:obj:`X509Req.verify` raises :py:obj:`TypeError` if called with zero
+        arguments or more than one argument or if passed anything other than a
+        :py:obj:`PKey` instance as its single argument.
+        """
+        request = X509Req()
+        self.assertRaises(TypeError, request.verify)
+        self.assertRaises(TypeError, request.verify, object())
+        self.assertRaises(TypeError, request.verify, PKey(), object())
+
+
+    def test_verify_uninitialized_key(self):
+        """
+        :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called
+        with a :py:obj:`OpenSSL.crypto.PKey` which contains no key data.
+        """
+        request = X509Req()
+        pkey = PKey()
+        self.assertRaises(Error, request.verify, pkey)
+
+
+    def test_verify_wrong_key(self):
+        """
+        :py:obj:`X509Req.verify` raises :py:obj:`OpenSSL.crypto.Error` if called
+        with a :py:obj:`OpenSSL.crypto.PKey` which does not represent the public
+        part of the key which signed the request.
+        """
+        request = X509Req()
+        pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+        request.sign(pkey, b"SHA1")
+        another_pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
+        self.assertRaises(Error, request.verify, another_pkey)
+
+
+    def test_verify_success(self):
+        """
+        :py:obj:`X509Req.verify` returns :py:obj:`True` if called with a
+        :py:obj:`OpenSSL.crypto.PKey` which represents the public part ofthe key
+        which signed the request.
+        """
+        request = X509Req()
+        pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+        request.sign(pkey, b"SHA1")
+        self.assertEqual(True, request.verify(pkey))
+
+
 
 class X509Tests(TestCase, _PKeyInteractionTestsMixin):
     """