Skip to content

Trust

πŸ€– AI-Generated Content

This documentation was generated with AI assistance and is still being audited. Some, or potentially a lot, of this information may be inaccurate. Learn more.

provide.foundation.crypto.certificates.trust

Classes

Functions

validate_signature_wrapper 

validate_signature_wrapper(
    signed_cert: Certificate, signing_cert: Certificate
) -> bool

Internal helper: Validates signature and issuer/subject match.

Parameters:

Name Type Description Default
signed_cert Certificate

The certificate that was signed

 required
signing_cert Certificate

The certificate that did the signing

 required

Returns:

Type Description
bool

True if signature is valid, False otherwise
Source code in provide/foundation/crypto/certificates/trust.py 
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
def validate_signature_wrapper(signed_cert: Certificate, signing_cert: Certificate) -> bool:
    """Internal helper: Validates signature and issuer/subject match.

    Args:
        signed_cert: The certificate that was signed
        signing_cert: The certificate that did the signing

    Returns:
        True if signature is valid, False otherwise

    """
    if not hasattr(signed_cert, "_cert") or not hasattr(signing_cert, "_cert"):
        logger.error("πŸ“œπŸ”βŒ Cannot validate signature: Certificate object(s) not initialized")
        return False

    return validate_signature(signed_cert._cert, signing_cert._cert, signing_cert.public_key)

verify_trust 

verify_trust(
    cert: Certificate,
    other_cert: Certificate,
    trust_chain: list[Certificate],
) -> bool

Verifies if the other_cert is trusted based on this certificate's trust chain.

Parameters:

Name Type Description Default
cert Certificate

The certificate doing the verification

 required
other_cert Certificate

The certificate to verify

 required
trust_chain list[Certificate]

List of trusted certificates

 required

Returns:

Type Description
bool

True if the certificate is trusted, False otherwise
Source code in provide/foundation/crypto/certificates/trust.py 
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
def verify_trust(
    cert: Certificate,
    other_cert: Certificate,
    trust_chain: list[Certificate],
) -> bool:
    """Verifies if the other_cert is trusted based on this certificate's trust chain.

    Args:
        cert: The certificate doing the verification
        other_cert: The certificate to verify
        trust_chain: List of trusted certificates

    Returns:
        True if the certificate is trusted, False otherwise

    """
    if other_cert is None:
        raise CertificateError("Cannot verify trust: other_cert is None")

    logger.debug(
        f"πŸ“œπŸ”πŸš€ Verifying trust for cert S/N {other_cert.serial_number} "
        f"against chain of S/N {cert.serial_number}",
    )

    if not other_cert.is_valid:
        logger.debug("πŸ“œπŸ”βš οΈ Trust verification failed: Other certificate is not valid")
        return False
    if not other_cert.public_key:
        raise CertificateError("Cannot verify trust: Other certificate has no public key")

    if cert == other_cert:
        return True

    if other_cert in trust_chain:
        return True

    for trusted_cert in trust_chain:
        logger.debug(f"πŸ“œπŸ”πŸ” Checking signature against trusted cert S/N {trusted_cert.serial_number}")
        if validate_signature_wrapper(signed_cert=other_cert, signing_cert=trusted_cert):
            logger.debug(
                "πŸ“œπŸ”βœ… Trust verification succeeded: Signature validated against trusted cert",
                trusted_cert_serial=trusted_cert.serial_number,
            )
            return True

    logger.debug(
        "πŸ“œπŸ”βŒ Trust verification failed: Other certificate not identical, "
        "not in chain, and not signed by any cert in chain",
    )
    return False