diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-09-01 11:28:18 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-09-01 10:28:18 -0500 |
| commit | 8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f (patch) | |
| tree | 144607b65898fe3ca288e2ee53f2984db7f61a65 /src | |
| parent | 5d9c8e2559578b681f2344c8b5dd654b0f99c96a (diff) | |
| download | cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.tar.gz cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.tar.bz2 cryptography-8cf490e8ff3307a5b9ce46fc876a6ead482c1a3f.zip | |
small refactor of OCSP request parsing (#4447)
This allows us to reuse these functions in the OCSPResponse object in
the future
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ocsp.py | 92 |
1 files changed, 54 insertions, 38 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py index dd66e36d..2b07b324 100644 --- a/src/cryptography/hazmat/backends/openssl/ocsp.py +++ b/src/cryptography/hazmat/backends/openssl/ocsp.py @@ -13,6 +13,56 @@ from cryptography.hazmat.primitives import serialization from cryptography.x509.ocsp import OCSPRequest, _OIDS_TO_HASH +def _issuer_key_hash(backend, cert_id): + key_hash = backend._ffi.new("ASN1_OCTET_STRING **") + res = backend._lib.OCSP_id_get0_info( + backend._ffi.NULL, backend._ffi.NULL, + key_hash, backend._ffi.NULL, cert_id + ) + backend.openssl_assert(res == 1) + backend.openssl_assert(key_hash[0] != backend._ffi.NULL) + return _asn1_string_to_bytes(backend, key_hash[0]) + + +def _issuer_name_hash(backend, cert_id): + name_hash = backend._ffi.new("ASN1_OCTET_STRING **") + res = backend._lib.OCSP_id_get0_info( + name_hash, backend._ffi.NULL, + backend._ffi.NULL, backend._ffi.NULL, cert_id + ) + backend.openssl_assert(res == 1) + backend.openssl_assert(name_hash[0] != backend._ffi.NULL) + return _asn1_string_to_bytes(backend, name_hash[0]) + + +def _serial_number(backend, cert_id): + num = backend._ffi.new("ASN1_INTEGER **") + res = backend._lib.OCSP_id_get0_info( + backend._ffi.NULL, backend._ffi.NULL, + backend._ffi.NULL, num, cert_id + ) + backend.openssl_assert(res == 1) + backend.openssl_assert(num[0] != backend._ffi.NULL) + return _asn1_integer_to_int(backend, num[0]) + + +def _hash_algorithm(backend, cert_id): + asn1obj = backend._ffi.new("ASN1_OBJECT **") + res = backend._lib.OCSP_id_get0_info( + backend._ffi.NULL, asn1obj, + backend._ffi.NULL, backend._ffi.NULL, cert_id + ) + backend.openssl_assert(res == 1) + backend.openssl_assert(asn1obj[0] != backend._ffi.NULL) + oid = _obj2txt(backend, asn1obj[0]) + try: + return _OIDS_TO_HASH[oid] + except KeyError: + raise UnsupportedAlgorithm( + "Signature algorithm OID: {0} not recognized".format(oid) + ) + + @utils.register_interface(OCSPRequest) class _OCSPRequest(object): def __init__(self, backend, ocsp_request): @@ -31,53 +81,19 @@ class _OCSPRequest(object): @property def issuer_key_hash(self): - key_hash = self._backend._ffi.new("ASN1_OCTET_STRING **") - res = self._backend._lib.OCSP_id_get0_info( - self._backend._ffi.NULL, self._backend._ffi.NULL, - key_hash, self._backend._ffi.NULL, self._cert_id - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(key_hash[0] != self._backend._ffi.NULL) - return _asn1_string_to_bytes(self._backend, key_hash[0]) + return _issuer_key_hash(self._backend, self._cert_id) @property def issuer_name_hash(self): - name_hash = self._backend._ffi.new("ASN1_OCTET_STRING **") - res = self._backend._lib.OCSP_id_get0_info( - name_hash, self._backend._ffi.NULL, - self._backend._ffi.NULL, self._backend._ffi.NULL, self._cert_id - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(name_hash[0] != self._backend._ffi.NULL) - return _asn1_string_to_bytes(self._backend, name_hash[0]) + return _issuer_name_hash(self._backend, self._cert_id) @property def serial_number(self): - num = self._backend._ffi.new("ASN1_INTEGER **") - res = self._backend._lib.OCSP_id_get0_info( - self._backend._ffi.NULL, self._backend._ffi.NULL, - self._backend._ffi.NULL, num, self._cert_id - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(num[0] != self._backend._ffi.NULL) - return _asn1_integer_to_int(self._backend, num[0]) + return _serial_number(self._backend, self._cert_id) @property def hash_algorithm(self): - asn1obj = self._backend._ffi.new("ASN1_OBJECT **") - res = self._backend._lib.OCSP_id_get0_info( - self._backend._ffi.NULL, asn1obj, - self._backend._ffi.NULL, self._backend._ffi.NULL, self._cert_id - ) - self._backend.openssl_assert(res == 1) - self._backend.openssl_assert(asn1obj[0] != self._backend._ffi.NULL) - oid = _obj2txt(self._backend, asn1obj[0]) - try: - return _OIDS_TO_HASH[oid] - except KeyError: - raise UnsupportedAlgorithm( - "Signature algorithm OID: {0} not recognized".format(oid) - ) + return _hash_algorithm(self._backend, self._cert_id) def public_bytes(self, encoding): if encoding is not serialization.Encoding.DER: |