OCSP response abstract base classes (#4431)

* ocsp response abc

* collapse SingleReponse into OCSPResponse now that we only support one

* split responder_id into two properties, add tbs_response_bytes

* typo

* rename one method and add a mapping we'll need shortly

1 files changed, 130 insertions, 0 deletions

diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py
index c3225daa..95e7f35b 100644
--- a/src/cryptography/x509/ocsp.py
+++ b/src/cryptography/x509/ocsp.py
@@ -5,6 +5,7 @@
 from __future__ import absolute_import, division, print_function
 
 import abc
+from enum import Enum
 
 import six
 
@@ -21,6 +22,24 @@ _OIDS_TO_HASH = {
 }
 
 
+class OCSPResponseStatus(Enum):
+    SUCCESSFUL = 0
+    MALFORMED_REQUEST = 1
+    INTERNAL_ERROR = 2
+    TRY_LATER = 3
+    SIG_REQUIRED = 5
+    UNAUTHORIZED = 6
+
+
+_RESPONSE_STATUS_TO_ENUM = dict((x.value, x) for x in OCSPResponseStatus)
+
+
+class OCSPCertStatus(Enum):
+    GOOD = 0
+    REVOKED = 1
+    UNKNOWN = 2
+
+
 def load_der_ocsp_request(data):
     from cryptography.hazmat.backends.openssl.backend import backend
     return backend.load_der_ocsp_request(data)
@@ -88,3 +107,114 @@ class OCSPRequest(object):
         """
         Serializes the request to DER
         """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class OCSPResponse(object):
+    @abc.abstractproperty
+    def response_status(self):
+        """
+        The status of the response. This is a value from the OCSPResponseStatus
+        enumeration
+        """
+
+    @abc.abstractproperty
+    def signature_algorithm_oid(self):
+        """
+        The ObjectIdentifier of the signature algorithm
+        """
+
+    @abc.abstractproperty
+    def signature(self):
+        """
+        The signature bytes
+        """
+
+    @abc.abstractproperty
+    def tbs_response_bytes(self):
+        """
+        The tbsResponseData bytes
+        """
+
+    @abc.abstractproperty
+    def certificates(self):
+        """
+        A list of certificates used to help build a chain to verify the OCSP
+        response. This situation occurs when the OCSP responder uses a delegate
+        certificate.
+        """
+
+    @abc.abstractproperty
+    def responder_key_hash(self):
+        """
+        The responder's key hash or None
+        """
+
+    @abc.abstractproperty
+    def responder_name(self):
+        """
+        The responder's Name or None
+        """
+
+    @abc.abstractproperty
+    def produced_at(self):
+        """
+        The time the response was produced
+        """
+
+    @abc.abstractproperty
+    def certificate_status(self):
+        """
+        The status of the certificate (an element from the OCSPCertStatus enum)
+        """
+
+    @abc.abstractproperty
+    def revocation_time(self):
+        """
+        The date of when the certificate was revoked or None if not
+        revoked.
+        """
+
+    @abc.abstractproperty
+    def revocation_reason(self):
+        """
+        The reason the certificate was revoked or None if not specified or
+        not revoked.
+        """
+
+    @abc.abstractproperty
+    def this_update(self):
+        """
+        The most recent time at which the status being indicated is known by
+        the responder to have been correct
+        """
+
+    @abc.abstractproperty
+    def next_update(self):
+        """
+        The time when newer information will be available
+        """
+
+    @abc.abstractproperty
+    def issuer_key_hash(self):
+        """
+        The hash of the issuer public key
+        """
+
+    @abc.abstractproperty
+    def issuer_name_hash(self):
+        """
+        The hash of the issuer name
+        """
+
+    @abc.abstractproperty
+    def hash_algorithm(self):
+        """
+        The hash algorithm used in the issuer name and key hashes
+        """
+
+    @abc.abstractproperty
+    def serial_number(self):
+        """
+        The serial number of the cert whose status is being checked
+        """