diff options
| -rw-r--r-- | docs/x509/ocsp.rst | 8 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ocsp.py | 13 | ||||
| -rw-r--r-- | tests/x509/test_ocsp.py | 19 |
3 files changed, 40 insertions, 0 deletions
diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst index 528502a7..499e7a91 100644 --- a/docs/x509/ocsp.rst +++ b/docs/x509/ocsp.rst @@ -411,6 +411,14 @@ Interfaces The extensions encoded in the response. + .. method:: public_bytes(encoding) + + :param encoding: The encoding to use. Only + :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` + is supported. + + :return bytes: The serialized OCSP response. + .. class:: OCSPResponseStatus .. versionadded:: 2.4 diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py index 413214e7..cd3650ae 100644 --- a/src/cryptography/hazmat/backends/openssl/ocsp.py +++ b/src/cryptography/hazmat/backends/openssl/ocsp.py @@ -306,6 +306,19 @@ class _OCSPResponse(object): def extensions(self): return _OCSP_BASICRESP_EXT_PARSER.parse(self._backend, self._basic) + def public_bytes(self, encoding): + if encoding is not serialization.Encoding.DER: + raise ValueError( + "The only allowed encoding value is Encoding.DER" + ) + + bio = self._backend._create_mem_bio_gc() + res = self._backend._lib.i2d_OCSP_RESPONSE_bio( + bio, self._ocsp_response + ) + self._backend.openssl_assert(res > 0) + return self._backend._read_mem_bio(bio) + @utils.register_interface(OCSPRequest) class _OCSPRequest(object): diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py index d680e07f..0d44b6da 100644 --- a/tests/x509/test_ocsp.py +++ b/tests/x509/test_ocsp.py @@ -330,3 +330,22 @@ class TestOCSPResponse(object): assert ext.value == x509.OCSPNonce( b'\x04\x105\x957\x9fa\x03\x83\x87\x89rW\x8f\xae\x99\xf7"' ) + + def test_serialize_reponse(self): + resp_bytes = load_vectors_from_file( + filename=os.path.join("x509", "ocsp", "resp-revoked.der"), + loader=lambda data: data.read(), + mode="rb" + ) + resp = ocsp.load_der_ocsp_response(resp_bytes) + assert resp.public_bytes(serialization.Encoding.DER) == resp_bytes + + def test_invalid_serialize_encoding(self): + resp = _load_data( + os.path.join("x509", "ocsp", "resp-revoked.der"), + ocsp.load_der_ocsp_response, + ) + with pytest.raises(ValueError): + resp.public_bytes("invalid") + with pytest.raises(ValueError): + resp.public_bytes(serialization.Encoding.PEM) |