diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-09-09 21:57:21 -0500 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-09-09 22:57:21 -0400 |
commit | 09403100de2f6f1cdd0d484dcb8e620f1c335c8f (patch) | |
tree | f128b1a1c5ad82e4c372091758fa65b6d6f1ed3b /src/cryptography/x509 | |
parent | 15827f1fcb7459aac7dbe43c373a826f69a09c0c (diff) | |
download | cryptography-09403100de2f6f1cdd0d484dcb8e620f1c335c8f.tar.gz cryptography-09403100de2f6f1cdd0d484dcb8e620f1c335c8f.tar.bz2 cryptography-09403100de2f6f1cdd0d484dcb8e620f1c335c8f.zip |
OCSP request extension parsing (#4464)
* add OCSP request parsing support with OCSPNonce
* add docs
* reprs man
* make extensions a cached property
Diffstat (limited to 'src/cryptography/x509')
-rw-r--r-- | src/cryptography/x509/__init__.py | 5 | ||||
-rw-r--r-- | src/cryptography/x509/extensions.py | 30 | ||||
-rw-r--r-- | src/cryptography/x509/ocsp.py | 6 | ||||
-rw-r--r-- | src/cryptography/x509/oid.py | 5 |
4 files changed, 43 insertions, 3 deletions
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 15459a12..fd019455 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -21,8 +21,8 @@ from cryptography.x509.extensions import ( DeltaCRLIndicator, DistributionPoint, DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound, ExtensionType, Extensions, FreshestCRL, GeneralNames, InhibitAnyPolicy, InvalidityDate, IssuerAlternativeName, - KeyUsage, NameConstraints, NoticeReference, OCSPNoCheck, PolicyConstraints, - PolicyInformation, PrecertPoison, + KeyUsage, NameConstraints, NoticeReference, OCSPNoCheck, OCSPNonce, + PolicyConstraints, PolicyInformation, PrecertPoison, PrecertificateSignedCertificateTimestamps, ReasonFlags, SubjectAlternativeName, SubjectKeyIdentifier, TLSFeature, TLSFeatureType, UnrecognizedExtension, UserNotice @@ -184,4 +184,5 @@ __all__ = [ "PolicyConstraints", "PrecertificateSignedCertificateTimestamps", "PrecertPoison", + "OCSPNonce", ] diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 08af03c8..b2d9908e 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -24,7 +24,7 @@ from cryptography.x509.certificate_transparency import ( from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import RelativeDistinguishedName from cryptography.x509.oid import ( - CRLEntryExtensionOID, ExtensionOID, ObjectIdentifier + CRLEntryExtensionOID, ExtensionOID, OCSPExtensionOID, ObjectIdentifier, ) @@ -1404,6 +1404,34 @@ class PrecertificateSignedCertificateTimestamps(object): @utils.register_interface(ExtensionType) +class OCSPNonce(object): + oid = OCSPExtensionOID.NONCE + + def __init__(self, nonce): + if not isinstance(nonce, bytes): + raise TypeError("nonce must be bytes") + + self._nonce = nonce + + def __eq__(self, other): + if not isinstance(other, OCSPNonce): + return NotImplemented + + return self.nonce == other.nonce + + def __ne__(self, other): + return not self == other + + def __hash__(self): + return hash(self.nonce) + + def __repr__(self): + return "<OCSPNonce(nonce={0.nonce!r})>".format(self) + + nonce = utils.read_only_property("_nonce") + + +@utils.register_interface(ExtensionType) class UnrecognizedExtension(object): def __init__(self, oid, value): if not isinstance(oid, ObjectIdentifier): diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index 95e7f35b..7535a0b3 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -108,6 +108,12 @@ class OCSPRequest(object): Serializes the request to DER """ + @abc.abstractproperty + def extensions(self): + """ + The list of request extensions. Not single request extensions. + """ + @six.add_metaclass(abc.ABCMeta) class OCSPResponse(object): diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py index 77e3fa63..bc654640 100644 --- a/src/cryptography/x509/oid.py +++ b/src/cryptography/x509/oid.py @@ -96,6 +96,10 @@ class ExtensionOID(object): ) +class OCSPExtensionOID(object): + NONCE = ObjectIdentifier("1.3.6.1.5.5.7.48.1.2") + + class CRLEntryExtensionOID(object): CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29") CRL_REASON = ObjectIdentifier("2.5.29.21") @@ -271,4 +275,5 @@ _OID_NAMES = { AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers", CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps", CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice", + OCSPExtensionOID.NONCE: "OCSPNonce", } |