aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/x509/ocsp.py
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-08-31 17:52:00 -0400
committerAlex Gaynor <alex.gaynor@gmail.com>2018-08-31 16:52:00 -0500
commitc4cd5ba933d26a2602295d3de95d50585523594c (patch)
tree1e28e48b5468244106ed4f484173816aa6d868b3 /src/cryptography/x509/ocsp.py
parent0f629bbdbb7ff595bffe43209490cc2647763fd3 (diff)
downloadcryptography-c4cd5ba933d26a2602295d3de95d50585523594c.tar.gz
cryptography-c4cd5ba933d26a2602295d3de95d50585523594c.tar.bz2
cryptography-c4cd5ba933d26a2602295d3de95d50585523594c.zip
OCSP response abstract base classes (#4431)
* ocsp response abc * collapse SingleReponse into OCSPResponse now that we only support one * split responder_id into two properties, add tbs_response_bytes * typo * rename one method and add a mapping we'll need shortly
Diffstat (limited to 'src/cryptography/x509/ocsp.py')
-rw-r--r--src/cryptography/x509/ocsp.py130
1 files changed, 130 insertions, 0 deletions
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py
index c3225daa..95e7f35b 100644
--- a/src/cryptography/x509/ocsp.py
+++ b/src/cryptography/x509/ocsp.py
@@ -5,6 +5,7 @@
from __future__ import absolute_import, division, print_function
import abc
+from enum import Enum
import six
@@ -21,6 +22,24 @@ _OIDS_TO_HASH = {
}
+class OCSPResponseStatus(Enum):
+ SUCCESSFUL = 0
+ MALFORMED_REQUEST = 1
+ INTERNAL_ERROR = 2
+ TRY_LATER = 3
+ SIG_REQUIRED = 5
+ UNAUTHORIZED = 6
+
+
+_RESPONSE_STATUS_TO_ENUM = dict((x.value, x) for x in OCSPResponseStatus)
+
+
+class OCSPCertStatus(Enum):
+ GOOD = 0
+ REVOKED = 1
+ UNKNOWN = 2
+
+
def load_der_ocsp_request(data):
from cryptography.hazmat.backends.openssl.backend import backend
return backend.load_der_ocsp_request(data)
@@ -88,3 +107,114 @@ class OCSPRequest(object):
"""
Serializes the request to DER
"""
+
+
+@six.add_metaclass(abc.ABCMeta)
+class OCSPResponse(object):
+ @abc.abstractproperty
+ def response_status(self):
+ """
+ The status of the response. This is a value from the OCSPResponseStatus
+ enumeration
+ """
+
+ @abc.abstractproperty
+ def signature_algorithm_oid(self):
+ """
+ The ObjectIdentifier of the signature algorithm
+ """
+
+ @abc.abstractproperty
+ def signature(self):
+ """
+ The signature bytes
+ """
+
+ @abc.abstractproperty
+ def tbs_response_bytes(self):
+ """
+ The tbsResponseData bytes
+ """
+
+ @abc.abstractproperty
+ def certificates(self):
+ """
+ A list of certificates used to help build a chain to verify the OCSP
+ response. This situation occurs when the OCSP responder uses a delegate
+ certificate.
+ """
+
+ @abc.abstractproperty
+ def responder_key_hash(self):
+ """
+ The responder's key hash or None
+ """
+
+ @abc.abstractproperty
+ def responder_name(self):
+ """
+ The responder's Name or None
+ """
+
+ @abc.abstractproperty
+ def produced_at(self):
+ """
+ The time the response was produced
+ """
+
+ @abc.abstractproperty
+ def certificate_status(self):
+ """
+ The status of the certificate (an element from the OCSPCertStatus enum)
+ """
+
+ @abc.abstractproperty
+ def revocation_time(self):
+ """
+ The date of when the certificate was revoked or None if not
+ revoked.
+ """
+
+ @abc.abstractproperty
+ def revocation_reason(self):
+ """
+ The reason the certificate was revoked or None if not specified or
+ not revoked.
+ """
+
+ @abc.abstractproperty
+ def this_update(self):
+ """
+ The most recent time at which the status being indicated is known by
+ the responder to have been correct
+ """
+
+ @abc.abstractproperty
+ def next_update(self):
+ """
+ The time when newer information will be available
+ """
+
+ @abc.abstractproperty
+ def issuer_key_hash(self):
+ """
+ The hash of the issuer public key
+ """
+
+ @abc.abstractproperty
+ def issuer_name_hash(self):
+ """
+ The hash of the issuer name
+ """
+
+ @abc.abstractproperty
+ def hash_algorithm(self):
+ """
+ The hash algorithm used in the issuer name and key hashes
+ """
+
+ @abc.abstractproperty
+ def serial_number(self):
+ """
+ The serial number of the cert whose status is being checked
+ """