aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/x509/ocsp.py
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-08-30 10:41:32 -0400
committerAlex Gaynor <alex.gaynor@gmail.com>2018-08-30 10:41:32 -0400
commit002fa75d6c57420ed1805e088e1d6ecbce880938 (patch)
treeda85fb85fd2e9ba73b180611270948c47d5696c4 /src/cryptography/x509/ocsp.py
parent2284eea98847bd42d3ddf7dead504baf3d544d98 (diff)
downloadcryptography-002fa75d6c57420ed1805e088e1d6ecbce880938.tar.gz
cryptography-002fa75d6c57420ed1805e088e1d6ecbce880938.tar.bz2
cryptography-002fa75d6c57420ed1805e088e1d6ecbce880938.zip
make an ocsp request (#4402)
* make an ocsp request * update test, add docs * make it an OCSPRequestBuilder * review feedback and more tests * make it a class * empty commit to retrigger * type check
Diffstat (limited to 'src/cryptography/x509/ocsp.py')
-rw-r--r--src/cryptography/x509/ocsp.py30
1 files changed, 30 insertions, 0 deletions
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py
index 22894dde..0567197d 100644
--- a/src/cryptography/x509/ocsp.py
+++ b/src/cryptography/x509/ocsp.py
@@ -9,6 +9,7 @@ import abc
import six
from cryptography.hazmat.primitives import hashes
+from cryptography.x509 import Certificate
_OIDS_TO_HASH = {
@@ -25,6 +26,35 @@ def load_der_ocsp_request(data):
return backend.load_der_ocsp_request(data)
+class OCSPRequestBuilder(object):
+ def __init__(self, requests=[]):
+ self._requests = requests
+
+ def add_request(self, cert, issuer, algorithm):
+ allowed_hashes = (
+ hashes.SHA1, hashes.SHA224, hashes.SHA256,
+ hashes.SHA384, hashes.SHA512
+ )
+ if not isinstance(algorithm, allowed_hashes):
+ raise ValueError(
+ "Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512"
+ )
+ if (
+ not isinstance(cert, Certificate) or
+ not isinstance(issuer, Certificate)
+ ):
+ raise TypeError("cert and issuer must be a Certificate")
+
+ return OCSPRequestBuilder(self._requests + [(cert, issuer, algorithm)])
+
+ def build(self):
+ from cryptography.hazmat.backends.openssl.backend import backend
+ if len(self._requests) == 0:
+ raise ValueError("You must add a request before building")
+
+ return backend.create_ocsp_request(self)
+
+
@six.add_metaclass(abc.ABCMeta)
class OCSPRequest(object):
@abc.abstractmethod