Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
from GlobalVariables import certificat_dict
import datetime
import hashlib
from RSA import decode_public
from Errors import *
def check_valeur_signature(signature, certificat=None):
print("Vérification de signature")
# 0) récupérer le certificat
if not certificat:
certificat_ID = signature.get_certificat_ID()
if certificat_ID not in certificat_dict:
raise CertificateError("Certificat non existant")
certificat = certificat_dict[certificat_ID]
cle_publique = certificat.get_cle_publique()
# 1) calculer l'empreinte sur l'information
result = hashlib.sha256(signature.get_information().encode())
hash_value = result.digest()
# 3) récupérer l'empreinte via la signature
empreinte = decode_public(cle_publique, signature.get_valeur_signature())
# 4) vérifier la correspondance
valid = str(hash_value) == str(empreinte)
if not valid:
print("Erreur signature invalide")
return valid
def check_valeur_horo(horodatage, certificat=None):
sign_horo = horodatage.get_signature_horo()
valid_sign_horo = check_valeur_signature(sign_horo, certificat=certificat)
heure_date = horodatage.get_heure_date()
info = horodatage.get_info()
return valid_sign_horo, heure_date, info
def check_certificat(certificat, time_validation=None, time_horodatage=None, CRL=None):
print("Vérification du certificat" + str(certificat.get_ID()) + " de " + certificat.get_identite())
prestataire = certificat.get_prestataire()
if not time_validation:
time_validation = datetime.datetime.now()
if certificat.get_date_fin_validite() < time_validation:
print("Erreur : certificat " + str(certificat.get_ID()) + " expiré au moment indiqué par la validation")
return False
if not CRL:
CRL = prestataire.get_liste_revocation()
if certificat.get_ID() in CRL:
timing_revoked = CRL[certificat.get_ID()]
if not time_horodatage:
time_horodatage = datetime.datetime.now()
if timing_revoked < time_horodatage:
print("Erreur : certificat revoqué", timing_revoked)
return False
valid = check_valeur_signature(certificat.get_signature_certif())
return valid
def check_signature(signature):
type_signature = signature.get_type()
if type_signature == "signature basique":
certificat_ID = signature.get_certificat_ID()
if certificat_ID not in certificat_dict:
raise CertificateError("Certificat non existant")
certificat = certificat_dict[certificat_ID]
valid = check_certificat(certificat)
valid = valid and check_valeur_signature(signature, certificat)
return valid, "signature basique"
elif type_signature == "signature horodatee":
horodatage = signature.get_horodatage()
valid_horo, date_heure_horo, _ = check_valeur_horo(horodatage)
certificat_horo = horodatage.get_certificat_horo()
valid_horo = valid_horo and check_certificat(certificat_horo)
if not valid_horo:
return False, "signature horodatee"
signatureBasique = signature.get_signatureBasique()
certificat_ID = signatureBasique.get_certificat_ID()
if certificat_ID not in certificat_dict:
raise CertificateError("Certificat non existant")
certificat = certificat_dict[certificat_ID]
valid = check_certificat(certificat, time_horodatage=date_heure_horo)
valid = valid and check_valeur_signature(signatureBasique, certificat)
return valid, "signature horodatee"
elif type_signature == "signature LT":
signatureHorodatee = signature.get_signatureHorodatee()
horodatage = signatureHorodatee.get_horodatage()
certificat_horo = signature.get_certif_horodatage()
CRL_sign = signature.get_CRL_sign()
CRL_horo = signature.get_CRL_horo()
certificat_horo_ID = certificat_horo.get_ID()
if certificat_horo_ID in certificat_dict:
CRL_horo_fresh = certificat_dict[certificat_horo_ID].get_prestataire().get_liste_revocation()
if not certificat_horo_ID in CRL_horo and certificat_horo_ID in CRL_horo_fresh:
raise FreshnessError("Informations CRL par rapport au certificat concerné"
" présentes dans la signature ne sont pas à jour")
valid_horo, date_heure_horo, _ = check_valeur_horo(horodatage, certificat=certificat_horo)
valid_horo = valid_horo and check_certificat(certificat_horo, CRL=CRL_horo)
if not valid_horo:
return False, "signature LT"
signatureBasique = signatureHorodatee.get_signatureBasique()
certificat = signature.get_certif_signature()
valid = check_certificat(certificat, time_horodatage=date_heure_horo, CRL=CRL_sign)
valid = valid and check_valeur_signature(signatureBasique, certificat)
return valid, "signature LT"
elif type_signature == "signature LTA":
horodatage = signature.get_horodatage()
certificat_horo = horodatage.get_certificat_horo() # en ligne
valid_horo, date_heure_horo, _ = check_valeur_horo(horodatage, certificat=certificat_horo)
valid_horo = valid_horo and check_certificat(certificat_horo)
if not valid_horo:
return False, "signature LTA"
actual_signature = signature
previous_signatureLT_A = signature.get_signatureLT_A()
time_valid = date_heure_horo
while (previous_signatureLT_A.get_type() == "signature LTA"): # TODO verif dates
horodatage = previous_signatureLT_A.get_horodatage()
certificat_horo = actual_signature.get_certif_previous_horo()
valid_horo, date_heure_horo, _ = check_valeur_horo(horodatage, certificat=certificat_horo)
CRL_horo = actual_signature.get_CRL_horo()
valid_horo = valid_horo and check_certificat(certificat_horo, CRL=CRL_horo, time_validation=time_valid,
time_horodatage=time_valid)
if not valid_horo:
return False, "signature LTA"
actual_signature = previous_signatureLT_A
previous_signatureLT_A = previous_signatureLT_A.get_signatureLT_A()
time_valid = date_heure_horo
signatureHorodatee = previous_signatureLT_A.get_signatureHorodatee()
horodatage = signatureHorodatee.get_horodatage()
certificat_horo = previous_signatureLT_A.get_certif_horodatage()
CRL_sign = previous_signatureLT_A.get_CRL_sign()
CRL_horo = previous_signatureLT_A.get_CRL_horo()
valid_horo, date_heure_horo, _ = check_valeur_horo(horodatage, certificat=certificat_horo)
valid_horo = valid_horo and check_certificat(certificat_horo, CRL=CRL_horo, time_validation=time_valid,
time_horodatage=time_valid)
if not valid_horo:
return False, "signature LTA"
signatureBasique = signatureHorodatee.get_signatureBasique()
certificat = previous_signatureLT_A.get_certif_signature()
valid = check_certificat(certificat, time_validation=date_heure_horo, time_horodatage=date_heure_horo,
CRL=CRL_sign)
valid = valid and check_valeur_signature(signatureBasique, certificat)
return valid, "signature LTA"
else:
return False, "pas de type de signature"