Remove signature verification on CertificateRequest deserialization.

2026-01-23 07:20:55 +03:00 · 2015-03-18 22:00:56 +00:00
parent d74ca1bbaa
commit ef72b147ae
2 changed files with 1 additions and 22 deletions
--- a/letsencrypt/acme/messages.py
+++ b/letsencrypt/acme/messages.py
@@ -221,21 +221,7 @@ class CertificateRequest(Message):

    csr = jose.Field("csr", encoder=jose.encode_csr,
                     decoder=jose.decode_csr)
-    signature = jose.Field("signature")
-
-    @classmethod
-    def fields_from_json(cls, jobj):
-        cls._check_required(jobj)
-
-        sig = other.Signature.from_json(
-            jobj[cls._fields['signature'].json_name])
-        if not sig.verify(json_util.decode_b64jose(jobj["csr"])):
-            raise jose_errors.DeserializationError(
-                'Signature could not be verified')
-        # verify signature before decoding principle!
-        csr = jose.decode_csr(jobj[cls._fields['csr'].json_name])
-
-        return {'signature': sig, 'csr': csr}
+    signature = jose.Field("signature", decoder=other.Signature.from_json)

    @classmethod
    def create(cls, key, sig_nonce=None, **kwargs):
--- a/letsencrypt/acme/messages_test.py
+++ b/letsencrypt/acme/messages_test.py
@@ -343,13 +343,6 @@ class CertificateRequestTest(unittest.TestCase):
        from letsencrypt.acme.messages import CertificateRequest
        self.assertEqual(self.msg, CertificateRequest.from_json(self.jmsg_from))

-    def test_from_json_wrong_signature_raises_error(self):
-        from letsencrypt.acme.messages import CertificateRequest
-        self.jmsg_from['csr'] = jose.b64encode(CSR2.as_der())
-        self.assertRaises(
-            jose_errors.DeserializationError, CertificateRequest.from_json,
-            self.jmsg_from)
-

 class DeferTest(unittest.TestCase):