obfusk · November 4, 2022 01:19
diff --git a/verify-jar-sf-with-sbf.py b/verify-jar-sf-with-sbf.py
 #!/usr/bin/python3

 import sys

 from asn1crypto.x509 import Certificate as X509Cert
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
 from cryptography.hazmat.primitives.hashes import SHA1, SHA224, SHA256, SHA384, SHA512
 from cryptography.hazmat.primitives.serialization import Encoding
 from cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates
 from pyasn1.codec.der.decoder import decode as pyasn1_decode
 from pyasn1_modules import rfc5480

 HASHERS = {
    rfc5480.id_sha1: SHA1,
    rfc5480.id_sha224: SHA224,
    rfc5480.id_sha256: SHA256,
    rfc5480.id_sha384: SHA384,
    rfc5480.id_sha512: SHA512,
 }

 for key in sys.argv[1:]:
    print(key)
    with open(key.rsplit(".", 1)[0] + ".SF", "rb") as fh:
        sf = fh.read()
    with open(key, "rb") as fh:
        sbf = fh.read()
    asn = pyasn1_decode(sbf)
    sig = asn[0][-1][-1][-1][-1].asOctets()
    hsh = asn[0][-1][-1][-1][-3][0]
    alg = HASHERS[hsh]
    if alg is SHA1:
        print("WARNING: SHA1")
    for cert in load_der_pkcs7_certificates(sbf):
        c = X509Cert.load(cert.public_bytes(Encoding.DER))
        print(c.subject.human_friendly)
        pk = cert.public_key()
        try:
            if key.endswith("RSA"):
                pk.verify(sig, sf, PKCS1v15(), alg())
            elif key.endswith("EC"):
                pk.verify(sig, sf, ECDSA(alg()))
            else:
                pk.verify(sig, sf, alg())
        except InvalidSignature:
            print("FAILED")
        else:
            print("OK")
        print()
	#!/usr/bin/python3

	import sys

	from asn1crypto.x509 import Certificate as X509Cert
	from cryptography.exceptions import InvalidSignature
	from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
	from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
	from cryptography.hazmat.primitives.hashes import SHA1, SHA224, SHA256, SHA384, SHA512
	from cryptography.hazmat.primitives.serialization import Encoding
	from cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates
	from pyasn1.codec.der.decoder import decode as pyasn1_decode
	from pyasn1_modules import rfc5480

	HASHERS = {
	rfc5480.id_sha1: SHA1,
	rfc5480.id_sha224: SHA224,
	rfc5480.id_sha256: SHA256,
	rfc5480.id_sha384: SHA384,
	rfc5480.id_sha512: SHA512,
	}

	for key in sys.argv[1:]:
	print(key)
	with open(key.rsplit(".", 1)[0] + ".SF", "rb") as fh:
	sf = fh.read()
	with open(key, "rb") as fh:
	sbf = fh.read()
	asn = pyasn1_decode(sbf)
	sig = asn[0][-1][-1][-1][-1].asOctets()
	hsh = asn[0][-1][-1][-1][-3][0]
	alg = HASHERS[hsh]
	if alg is SHA1:
	print("WARNING: SHA1")
	for cert in load_der_pkcs7_certificates(sbf):
	c = X509Cert.load(cert.public_bytes(Encoding.DER))
	print(c.subject.human_friendly)
	pk = cert.public_key()
	try:
	if key.endswith("RSA"):
	pk.verify(sig, sf, PKCS1v15(), alg())
	elif key.endswith("EC"):
	pk.verify(sig, sf, ECDSA(alg()))
	else:
	pk.verify(sig, sf, alg())
	except InvalidSignature:
	print("FAILED")
	else:
	print("OK")
	print()
No results found