-
Notifications
You must be signed in to change notification settings - Fork 0
/
signature_methods.py
72 lines (52 loc) · 2.01 KB
/
signature_methods.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import datetime
from binascii import hexlify, unhexlify
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography.exceptions import InvalidSignature
def generate_signature(clear_text):
with open("private_key.pem", "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
)
digest = hashes.Hash(hashes.SHA256())
digest.update(clear_text.encode())
hashed_text = digest.finalize()
# Sign the data
signature = private_key.sign(
clear_text.encode(),
ec.ECDSA(hashes.SHA256())
)
hex_signature = hexlify(signature).decode().upper()
return hex_signature
def validate_signature(clear_text, signature):
with open("public_key.pem", "r") as key_file:
key_data = key_file.read()
if not "BEGIN PUBLIC KEY" in key_data:
key_data = f'-----BEGIN PUBLIC KEY-----\n{key_data}\n-----END PUBLIC KEY-----'
public_key = serialization.load_pem_public_key(key_data.encode())
try:
int(signature, 16)
except ValueError:
raise ValueError('Signature is not hexadecimal')
clear_values = clear_text.split(';')
if len(clear_values) != 8:
raise ValueError('Clear text string does not contain 8 values')
try:
datetime.datetime.strptime(clear_values[2], '%Y%m%d%H%M%S')
except:
raise ValueError('Invalid date/time')
if len(clear_values[7]) != 8:
raise ValueError('Terminal ID is not 8 characters')
for value in clear_values[3:7]:
try:
int(value)
except:
raise ValueError(f'Cleartext value {value} is not integer')
decoded_signature = unhexlify(signature)
try:
public_key.verify(decoded_signature, clear_text.encode(), ec.ECDSA(hashes.SHA256()))
return True
except InvalidSignature:
return False