small refactor of OCSP request parsing (#4447)

This allows us to reuse these functions in the OCSPResponse object in the future
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2018-09-01 11:28:18 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2018-09-01 10:28:18 -0500
commit: 8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f (patch)
tree: 144607b65898fe3ca288e2ee53f2984db7f61a65
parent: 5d9c8e2559578b681f2344c8b5dd654b0f99c96a (diff)
download: cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.tar.gz
cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.tar.bz2
cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.zip
1 files changed, 54 insertions, 38 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py
index dd66e36d..2b07b324 100644
--- a/src/cryptography/hazmat/backends/openssl/ocsp.py
+++ b/src/cryptography/hazmat/backends/openssl/ocsp.py
@@ -13,6 +13,56 @@ from cryptography.hazmat.primitives import serialization
 from cryptography.x509.ocsp import OCSPRequest, _OIDS_TO_HASH
 
 
+def _issuer_key_hash(backend, cert_id):
+    key_hash = backend._ffi.new("ASN1_OCTET_STRING **")
+    res = backend._lib.OCSP_id_get0_info(
+        backend._ffi.NULL, backend._ffi.NULL,
+        key_hash, backend._ffi.NULL, cert_id
+    )
+    backend.openssl_assert(res == 1)
+    backend.openssl_assert(key_hash[0] != backend._ffi.NULL)
+    return _asn1_string_to_bytes(backend, key_hash[0])
+
+
+def _issuer_name_hash(backend, cert_id):
+    name_hash = backend._ffi.new("ASN1_OCTET_STRING **")
+    res = backend._lib.OCSP_id_get0_info(
+        name_hash, backend._ffi.NULL,
+        backend._ffi.NULL, backend._ffi.NULL, cert_id
+    )
+    backend.openssl_assert(res == 1)
+    backend.openssl_assert(name_hash[0] != backend._ffi.NULL)
+    return _asn1_string_to_bytes(backend, name_hash[0])
+
+
+def _serial_number(backend, cert_id):
+    num = backend._ffi.new("ASN1_INTEGER **")
+    res = backend._lib.OCSP_id_get0_info(
+        backend._ffi.NULL, backend._ffi.NULL,
+        backend._ffi.NULL, num, cert_id
+    )
+    backend.openssl_assert(res == 1)
+    backend.openssl_assert(num[0] != backend._ffi.NULL)
+    return _asn1_integer_to_int(backend, num[0])
+
+
+def _hash_algorithm(backend, cert_id):
+    asn1obj = backend._ffi.new("ASN1_OBJECT **")
+    res = backend._lib.OCSP_id_get0_info(
+        backend._ffi.NULL, asn1obj,
+        backend._ffi.NULL, backend._ffi.NULL, cert_id
+    )
+    backend.openssl_assert(res == 1)
+    backend.openssl_assert(asn1obj[0] != backend._ffi.NULL)
+    oid = _obj2txt(backend, asn1obj[0])
+    try:
+        return _OIDS_TO_HASH[oid]
+    except KeyError:
+        raise UnsupportedAlgorithm(
+            "Signature algorithm OID: {0} not recognized".format(oid)
+        )
+
+
 @utils.register_interface(OCSPRequest)
 class _OCSPRequest(object):
     def __init__(self, backend, ocsp_request):
@@ -31,53 +81,19 @@ class _OCSPRequest(object):
 
     @property
     def issuer_key_hash(self):
-        key_hash = self._backend._ffi.new("ASN1_OCTET_STRING **")
-        res = self._backend._lib.OCSP_id_get0_info(
-            self._backend._ffi.NULL, self._backend._ffi.NULL,
-            key_hash, self._backend._ffi.NULL, self._cert_id
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(key_hash[0] != self._backend._ffi.NULL)
-        return _asn1_string_to_bytes(self._backend, key_hash[0])
+        return _issuer_key_hash(self._backend, self._cert_id)
 
     @property
     def issuer_name_hash(self):
-        name_hash = self._backend._ffi.new("ASN1_OCTET_STRING **")
-        res = self._backend._lib.OCSP_id_get0_info(
-            name_hash, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, self._backend._ffi.NULL, self._cert_id
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(name_hash[0] != self._backend._ffi.NULL)
-        return _asn1_string_to_bytes(self._backend, name_hash[0])
+        return _issuer_name_hash(self._backend, self._cert_id)
 
     @property
     def serial_number(self):
-        num = self._backend._ffi.new("ASN1_INTEGER **")
-        res = self._backend._lib.OCSP_id_get0_info(
-            self._backend._ffi.NULL, self._backend._ffi.NULL,
-            self._backend._ffi.NULL, num, self._cert_id
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(num[0] != self._backend._ffi.NULL)
-        return _asn1_integer_to_int(self._backend, num[0])
+        return _serial_number(self._backend, self._cert_id)
 
     @property
     def hash_algorithm(self):
-        asn1obj = self._backend._ffi.new("ASN1_OBJECT **")
-        res = self._backend._lib.OCSP_id_get0_info(
-            self._backend._ffi.NULL, asn1obj,
-            self._backend._ffi.NULL, self._backend._ffi.NULL, self._cert_id
-        )
-        self._backend.openssl_assert(res == 1)
-        self._backend.openssl_assert(asn1obj[0] != self._backend._ffi.NULL)
-        oid = _obj2txt(self._backend, asn1obj[0])
-        try:
-            return _OIDS_TO_HASH[oid]
-        except KeyError:
-            raise UnsupportedAlgorithm(
-                "Signature algorithm OID: {0} not recognized".format(oid)
-            )
+        return _hash_algorithm(self._backend, self._cert_id)
 
     def public_bytes(self, encoding):
         if encoding is not serialization.Encoding.DER:
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2018-09-01 11:28:18 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2018-09-01 10:28:18 -0500
commit	8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f (patch)
tree	144607b65898fe3ca288e2ee53f2984db7f61a65
parent	5d9c8e2559578b681f2344c8b5dd654b0f99c96a (diff)
download	cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.tar.gz cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.tar.bz2 cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.zip