From 788b859efd679b5df90475b32eeccf593d7eb38e Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 7 Oct 2018 11:07:14 +0800
Subject: OCSP response serialization (#4482)

* support OCSP response serialization

* empty commit, good times
---
 docs/x509/ocsp.rst                               |  8 ++++++++
 src/cryptography/hazmat/backends/openssl/ocsp.py | 13 +++++++++++++
 tests/x509/test_ocsp.py                          | 19 +++++++++++++++++++
 3 files changed, 40 insertions(+)

diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst
index 528502a7..499e7a91 100644
--- a/docs/x509/ocsp.rst
+++ b/docs/x509/ocsp.rst
@@ -411,6 +411,14 @@ Interfaces
 
         The extensions encoded in the response.
 
+    .. method:: public_bytes(encoding)
+
+        :param encoding: The encoding to use. Only
+            :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
+            is supported.
+
+        :return bytes: The serialized OCSP response.
+
 .. class:: OCSPResponseStatus
 
     .. versionadded:: 2.4
diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py
index 413214e7..cd3650ae 100644
--- a/src/cryptography/hazmat/backends/openssl/ocsp.py
+++ b/src/cryptography/hazmat/backends/openssl/ocsp.py
@@ -306,6 +306,19 @@ class _OCSPResponse(object):
     def extensions(self):
         return _OCSP_BASICRESP_EXT_PARSER.parse(self._backend, self._basic)
 
+    def public_bytes(self, encoding):
+        if encoding is not serialization.Encoding.DER:
+            raise ValueError(
+                "The only allowed encoding value is Encoding.DER"
+            )
+
+        bio = self._backend._create_mem_bio_gc()
+        res = self._backend._lib.i2d_OCSP_RESPONSE_bio(
+            bio, self._ocsp_response
+        )
+        self._backend.openssl_assert(res > 0)
+        return self._backend._read_mem_bio(bio)
+
 
 @utils.register_interface(OCSPRequest)
 class _OCSPRequest(object):
diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py
index d680e07f..0d44b6da 100644
--- a/tests/x509/test_ocsp.py
+++ b/tests/x509/test_ocsp.py
@@ -330,3 +330,22 @@ class TestOCSPResponse(object):
         assert ext.value == x509.OCSPNonce(
             b'\x04\x105\x957\x9fa\x03\x83\x87\x89rW\x8f\xae\x99\xf7"'
         )
+
+    def test_serialize_reponse(self):
+        resp_bytes = load_vectors_from_file(
+            filename=os.path.join("x509", "ocsp", "resp-revoked.der"),
+            loader=lambda data: data.read(),
+            mode="rb"
+        )
+        resp = ocsp.load_der_ocsp_response(resp_bytes)
+        assert resp.public_bytes(serialization.Encoding.DER) == resp_bytes
+
+    def test_invalid_serialize_encoding(self):
+        resp = _load_data(
+            os.path.join("x509", "ocsp", "resp-revoked.der"),
+            ocsp.load_der_ocsp_response,
+        )
+        with pytest.raises(ValueError):
+            resp.public_bytes("invalid")
+        with pytest.raises(ValueError):
+            resp.public_bytes(serialization.Encoding.PEM)
-- 
cgit v1.2.3