scream78 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

rsa signature verification missing a stringToBytes(decoded_sig) step #75

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
the problem is reproducible by using the rsa.py on both ends of the
conversation

rsa.py 
line 54
produces decoded_sig, which is a string

in line 67 it is passed to hashAndVerify which actually expects a byte array

so line 54 could be replaced with

decoded_sig = cryptomath.stringToBytes(base64.b64decode(signature));

also even the test certificate parsing does not work : the format is not
valid for keyfactory.parsePEMKey(cert, public=True) 

public key can be accessed this way :

x5 = X509.X509()
x5.parse(cert)        
publickey = x5.publicKey

yuriy@metaweb.com

Original issue reported on code.google.com by quazimai...@yahoo.com on 25 Jan 2009 at 7:30

GoogleCodeExporter commented 9 years ago

Original comment by leah.culver on 25 Jan 2009 at 4:40