From 60f264b0f293bfded7a0b4395715669d355a6185 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 10 Jan 2019 15:37:03 -0800
Subject: add signature_hash_algorithm to OCSPResponse (#4681)

* add signature_hash_algorithm to OCSPResponse

* fix pointless asserts
---
 src/cryptography/hazmat/backends/openssl/ocsp.py | 11 +++++++++++
 src/cryptography/x509/ocsp.py                    |  6 ++++++
 2 files changed, 17 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py
index 32e26a0a..16dbbc2a 100644
--- a/src/cryptography/hazmat/backends/openssl/ocsp.py
+++ b/src/cryptography/hazmat/backends/openssl/ocsp.py
@@ -126,6 +126,17 @@ class _OCSPResponse(object):
         oid = _obj2txt(self._backend, alg.algorithm)
         return x509.ObjectIdentifier(oid)
 
+    @property
+    @_requires_successful_response
+    def signature_hash_algorithm(self):
+        oid = self.signature_algorithm_oid
+        try:
+            return x509._SIG_OIDS_TO_HASH[oid]
+        except KeyError:
+            raise UnsupportedAlgorithm(
+                "Signature algorithm OID:{0} not recognized".format(oid)
+            )
+
     @property
     @_requires_successful_response
     def signature(self):
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py
index 2b0b1dc3..97933b1f 100644
--- a/src/cryptography/x509/ocsp.py
+++ b/src/cryptography/x509/ocsp.py
@@ -314,6 +314,12 @@ class OCSPResponse(object):
         The ObjectIdentifier of the signature algorithm
         """
 
+    @abc.abstractproperty
+    def signature_hash_algorithm(self):
+        """
+        Returns a HashAlgorithm corresponding to the type of the digest signed
+        """
+
     @abc.abstractproperty
     def signature(self):
         """
-- 
cgit v1.2.3