korylprince · January 7, 2022 09:04
diff --git a/verify.py b/verify.py
 # usage: python3 verify.py /path/to/request
 import base64, plistlib, tempfile, os, subprocess, re, sys

 request = sys.argv[1]

 # open request
 with open(request) as f:
    plist = plistlib.loads(base64.b64decode(f.read()))

 # write separate chain certificates
 certs = re.findall(r"-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----", plist["PushCertCertificateChain"], re.S)

 with tempfile.NamedTemporaryFile(delete=False) as f:
    cert = f.name
    f.write(certs[0].encode("utf-8"))
 with tempfile.NamedTemporaryFile(delete=False) as f:
    intermediate = f.name
    f.write(certs[1].encode("utf-8"))
 with tempfile.NamedTemporaryFile(delete=False) as f:
    root = f.name
    f.write(certs[2].encode("utf-8"))

 # write CSR
 with tempfile.NamedTemporaryFile(delete=False) as f:
    csr = f.name
    f.write(base64.b64decode(plist["PushCertRequestCSR"]))

 # write signature
 with tempfile.NamedTemporaryFile(delete=False) as f:
    sig = f.name
    f.write(base64.b64decode(plist["PushCertSignature"]))

 # print certificate fields
 cert_info = subprocess.check_output(f"openssl x509 -in {cert} -noout -text", shell=True).decode("utf-8")
 subject = re.search("Subject.*$", cert_info, re.M).group()
 before = re.search("Not Before.*$", cert_info, re.M).group()
 after = re.search("Not After.*$", cert_info, re.M).group()
 print("\n".join([subject, before, after]))

 # write public key of certificate chain
 pub = tempfile.mkstemp()[1]
 os.system(f"openssl x509 -pubkey -noout -in {cert} > {pub}")

 # verify certificate chain
 print("Certificate Chain: ", end="")
 sys.stdout.flush()
 os.system(f"openssl verify -CAfile {root} -untrusted {intermediate} {cert}")

 # verify signature
 print("Signature: ", end="")
 sys.stdout.flush()
 os.system(f"openssl sha256 -verify {pub} -signature {sig} {csr}")

 # clean up
 os.system(f"rm {cert} {intermediate} {root} {csr} {sig} {pub}")
	# usage: python3 verify.py /path/to/request
	import base64, plistlib, tempfile, os, subprocess, re, sys

	request = sys.argv[1]

	# open request
	with open(request) as f:
	plist = plistlib.loads(base64.b64decode(f.read()))

	# write separate chain certificates
	certs = re.findall(r"-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----", plist["PushCertCertificateChain"], re.S)

	with tempfile.NamedTemporaryFile(delete=False) as f:
	cert = f.name
	f.write(certs[0].encode("utf-8"))
	with tempfile.NamedTemporaryFile(delete=False) as f:
	intermediate = f.name
	f.write(certs[1].encode("utf-8"))
	with tempfile.NamedTemporaryFile(delete=False) as f:
	root = f.name
	f.write(certs[2].encode("utf-8"))

	# write CSR
	with tempfile.NamedTemporaryFile(delete=False) as f:
	csr = f.name
	f.write(base64.b64decode(plist["PushCertRequestCSR"]))

	# write signature
	with tempfile.NamedTemporaryFile(delete=False) as f:
	sig = f.name
	f.write(base64.b64decode(plist["PushCertSignature"]))

	# print certificate fields
	cert_info = subprocess.check_output(f"openssl x509 -in {cert} -noout -text", shell=True).decode("utf-8")
	subject = re.search("Subject.*$", cert_info, re.M).group()
	before = re.search("Not Before.*$", cert_info, re.M).group()
	after = re.search("Not After.*$", cert_info, re.M).group()
	print("\n".join([subject, before, after]))

	# write public key of certificate chain
	pub = tempfile.mkstemp()[1]
	os.system(f"openssl x509 -pubkey -noout -in {cert} > {pub}")

	# verify certificate chain
	print("Certificate Chain: ", end="")
	sys.stdout.flush()
	os.system(f"openssl verify -CAfile {root} -untrusted {intermediate} {cert}")

	# verify signature
	print("Signature: ", end="")
	sys.stdout.flush()
	os.system(f"openssl sha256 -verify {pub} -signature {sig} {csr}")

	# clean up
	os.system(f"rm {cert} {intermediate} {root} {csr} {sig} {pub}")