diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-08-31 17:52:00 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-08-31 16:52:00 -0500 |
commit | c4cd5ba933d26a2602295d3de95d50585523594c (patch) | |
tree | 1e28e48b5468244106ed4f484173816aa6d868b3 /src/cryptography/x509/ocsp.py | |
parent | 0f629bbdbb7ff595bffe43209490cc2647763fd3 (diff) | |
download | cryptography-c4cd5ba933d26a2602295d3de95d50585523594c.tar.gz cryptography-c4cd5ba933d26a2602295d3de95d50585523594c.tar.bz2 cryptography-c4cd5ba933d26a2602295d3de95d50585523594c.zip |
OCSP response abstract base classes (#4431)
* ocsp response abc
* collapse SingleReponse into OCSPResponse now that we only support one
* split responder_id into two properties, add tbs_response_bytes
* typo
* rename one method and add a mapping we'll need shortly
Diffstat (limited to 'src/cryptography/x509/ocsp.py')
-rw-r--r-- | src/cryptography/x509/ocsp.py | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index c3225daa..95e7f35b 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function import abc +from enum import Enum import six @@ -21,6 +22,24 @@ _OIDS_TO_HASH = { } +class OCSPResponseStatus(Enum): + SUCCESSFUL = 0 + MALFORMED_REQUEST = 1 + INTERNAL_ERROR = 2 + TRY_LATER = 3 + SIG_REQUIRED = 5 + UNAUTHORIZED = 6 + + +_RESPONSE_STATUS_TO_ENUM = dict((x.value, x) for x in OCSPResponseStatus) + + +class OCSPCertStatus(Enum): + GOOD = 0 + REVOKED = 1 + UNKNOWN = 2 + + def load_der_ocsp_request(data): from cryptography.hazmat.backends.openssl.backend import backend return backend.load_der_ocsp_request(data) @@ -88,3 +107,114 @@ class OCSPRequest(object): """ Serializes the request to DER """ + + +@six.add_metaclass(abc.ABCMeta) +class OCSPResponse(object): + @abc.abstractproperty + def response_status(self): + """ + The status of the response. This is a value from the OCSPResponseStatus + enumeration + """ + + @abc.abstractproperty + def signature_algorithm_oid(self): + """ + The ObjectIdentifier of the signature algorithm + """ + + @abc.abstractproperty + def signature(self): + """ + The signature bytes + """ + + @abc.abstractproperty + def tbs_response_bytes(self): + """ + The tbsResponseData bytes + """ + + @abc.abstractproperty + def certificates(self): + """ + A list of certificates used to help build a chain to verify the OCSP + response. This situation occurs when the OCSP responder uses a delegate + certificate. + """ + + @abc.abstractproperty + def responder_key_hash(self): + """ + The responder's key hash or None + """ + + @abc.abstractproperty + def responder_name(self): + """ + The responder's Name or None + """ + + @abc.abstractproperty + def produced_at(self): + """ + The time the response was produced + """ + + @abc.abstractproperty + def certificate_status(self): + """ + The status of the certificate (an element from the OCSPCertStatus enum) + """ + + @abc.abstractproperty + def revocation_time(self): + """ + The date of when the certificate was revoked or None if not + revoked. + """ + + @abc.abstractproperty + def revocation_reason(self): + """ + The reason the certificate was revoked or None if not specified or + not revoked. + """ + + @abc.abstractproperty + def this_update(self): + """ + The most recent time at which the status being indicated is known by + the responder to have been correct + """ + + @abc.abstractproperty + def next_update(self): + """ + The time when newer information will be available + """ + + @abc.abstractproperty + def issuer_key_hash(self): + """ + The hash of the issuer public key + """ + + @abc.abstractproperty + def issuer_name_hash(self): + """ + The hash of the issuer name + """ + + @abc.abstractproperty + def hash_algorithm(self): + """ + The hash algorithm used in the issuer name and key hashes + """ + + @abc.abstractproperty + def serial_number(self): + """ + The serial number of the cert whose status is being checked + """ |