diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-10-07 03:44:30 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-10-06 15:44:30 -0400 |
| commit | b8db66811158ea2222c866173dd6c772f93c74f1 (patch) | |
| tree | daf72b3ebe0731179e7de8d57ab3dc7be2a591f5 /src | |
| parent | 55c33109b92b0e8ec38e4d19f3f2c6c203a0694e (diff) | |
| download | cryptography-b8db66811158ea2222c866173dd6c772f93c74f1.tar.gz cryptography-b8db66811158ea2222c866173dd6c772f93c74f1.tar.bz2 cryptography-b8db66811158ea2222c866173dd6c772f93c74f1.zip | |
add OCSP basic response extension parsing (#4479)
* add OCSP basic response extension parsing
Just nonce for now. This does not support SINGLERESP extension parsing.
* also raises on extensions for non-successful
* empty commit
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 10 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ocsp.py | 8 | ||||
| -rw-r--r-- | src/cryptography/x509/ocsp.py | 6 |
3 files changed, 23 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 80309980..b13fa056 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -817,6 +817,10 @@ _OCSP_REQ_EXTENSION_HANDLERS = { OCSPExtensionOID.NONCE: _decode_nonce, } +_OCSP_BASICRESP_EXTENSION_HANDLERS = { + OCSPExtensionOID.NONCE: _decode_nonce, +} + _CERTIFICATE_EXTENSION_PARSER_NO_SCT = _X509ExtensionParser( ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x), get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i), @@ -852,3 +856,9 @@ _OCSP_REQ_EXT_PARSER = _X509ExtensionParser( get_ext=lambda backend, x, i: backend._lib.OCSP_REQUEST_get_ext(x, i), handlers=_OCSP_REQ_EXTENSION_HANDLERS, ) + +_OCSP_BASICRESP_EXT_PARSER = _X509ExtensionParser( + ext_count=lambda backend, x: backend._lib.OCSP_BASICRESP_get_ext_count(x), + get_ext=lambda backend, x, i: backend._lib.OCSP_BASICRESP_get_ext(x, i), + handlers=_OCSP_BASICRESP_EXTENSION_HANDLERS, +) diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py index f3f18cb0..413214e7 100644 --- a/src/cryptography/hazmat/backends/openssl/ocsp.py +++ b/src/cryptography/hazmat/backends/openssl/ocsp.py @@ -9,7 +9,8 @@ import functools from cryptography import utils, x509 from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.backends.openssl.decode_asn1 import ( - _CRL_ENTRY_REASON_CODE_TO_ENUM, _OCSP_REQ_EXT_PARSER, _asn1_integer_to_int, + _CRL_ENTRY_REASON_CODE_TO_ENUM, _OCSP_BASICRESP_EXT_PARSER, + _OCSP_REQ_EXT_PARSER, _asn1_integer_to_int, _asn1_string_to_bytes, _decode_x509_name, _obj2txt, _parse_asn1_generalized_time, ) @@ -300,6 +301,11 @@ class _OCSPResponse(object): def serial_number(self): return _serial_number(self._backend, self._cert_id) + @utils.cached_property + @_requires_successful_response + def extensions(self): + return _OCSP_BASICRESP_EXT_PARSER.parse(self._backend, self._basic) + @utils.register_interface(OCSPRequest) class _OCSPRequest(object): diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index 7907bcae..fbf11336 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -232,3 +232,9 @@ class OCSPResponse(object): """ The serial number of the cert whose status is being checked """ + + @abc.abstractproperty + def extensions(self): + """ + The list of response extensions. Not single response extensions. + """ |