from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.backends import default_backend


def verify_signature(parent, child):
    with open(parent, 'rb') as f:
        batch = x509.load_pem_x509_certificate(f.read(), default_backend())

    with open(child, 'rb') as f:
        cert = x509.load_pem_x509_certificate(f.read(), default_backend())

    batch.public_key().verify(
        cert.signature,
        cert.tbs_certificate_bytes,
        padding.PKCS1v15(),
        cert.signature_hash_algorithm
    )


attest_file = input('PIV Attestation Certificate Path: ')
intermediate_file = input('PIV Intermediate Attestation Certificate Path: ')
ca_file = input('PIV Root Attestation Certificate Path: ')

try:
    verify_signature(ca_file, intermediate_file)
    verify_signature(intermediate_file, attest_file)
    print('Signature validation succeeded.')
except FileNotFoundError:
    print('One or more of the supplied certificates was not found.')
except:
    print('Signature validation failed.')