diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-08-30 10:41:32 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-08-30 10:41:32 -0400 |
commit | 002fa75d6c57420ed1805e088e1d6ecbce880938 (patch) | |
tree | da85fb85fd2e9ba73b180611270948c47d5696c4 /src/cryptography/x509/ocsp.py | |
parent | 2284eea98847bd42d3ddf7dead504baf3d544d98 (diff) | |
download | cryptography-002fa75d6c57420ed1805e088e1d6ecbce880938.tar.gz cryptography-002fa75d6c57420ed1805e088e1d6ecbce880938.tar.bz2 cryptography-002fa75d6c57420ed1805e088e1d6ecbce880938.zip |
make an ocsp request (#4402)
* make an ocsp request
* update test, add docs
* make it an OCSPRequestBuilder
* review feedback and more tests
* make it a class
* empty commit to retrigger
* type check
Diffstat (limited to 'src/cryptography/x509/ocsp.py')
-rw-r--r-- | src/cryptography/x509/ocsp.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index 22894dde..0567197d 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -9,6 +9,7 @@ import abc import six from cryptography.hazmat.primitives import hashes +from cryptography.x509 import Certificate _OIDS_TO_HASH = { @@ -25,6 +26,35 @@ def load_der_ocsp_request(data): return backend.load_der_ocsp_request(data) +class OCSPRequestBuilder(object): + def __init__(self, requests=[]): + self._requests = requests + + def add_request(self, cert, issuer, algorithm): + allowed_hashes = ( + hashes.SHA1, hashes.SHA224, hashes.SHA256, + hashes.SHA384, hashes.SHA512 + ) + if not isinstance(algorithm, allowed_hashes): + raise ValueError( + "Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512" + ) + if ( + not isinstance(cert, Certificate) or + not isinstance(issuer, Certificate) + ): + raise TypeError("cert and issuer must be a Certificate") + + return OCSPRequestBuilder(self._requests + [(cert, issuer, algorithm)]) + + def build(self): + from cryptography.hazmat.backends.openssl.backend import backend + if len(self._requests) == 0: + raise ValueError("You must add a request before building") + + return backend.create_ocsp_request(self) + + @six.add_metaclass(abc.ABCMeta) class OCSPRequest(object): @abc.abstractmethod |