add signature_hash_algorithm to OCSPResponse (#4681)

* add signature_hash_algorithm to OCSPResponse

* fix pointless asserts

2 files changed, 17 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py
index 32e26a0a..16dbbc2a 100644
--- a/src/cryptography/hazmat/backends/openssl/ocsp.py
+++ b/src/cryptography/hazmat/backends/openssl/ocsp.py
@@ -128,6 +128,17 @@ class _OCSPResponse(object):
 
     @property
     @_requires_successful_response
+    def signature_hash_algorithm(self):
+        oid = self.signature_algorithm_oid
+        try:
+            return x509._SIG_OIDS_TO_HASH[oid]
+        except KeyError:
+            raise UnsupportedAlgorithm(
+                "Signature algorithm OID:{0} not recognized".format(oid)
+            )
+
+    @property
+    @_requires_successful_response
     def signature(self):
         sig = self._backend._lib.OCSP_resp_get0_signature(self._basic)
         self._backend.openssl_assert(sig != self._backend._ffi.NULL)
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py
index 2b0b1dc3..97933b1f 100644
--- a/src/cryptography/x509/ocsp.py
+++ b/src/cryptography/x509/ocsp.py
@@ -315,6 +315,12 @@ class OCSPResponse(object):
         """
 
     @abc.abstractproperty
+    def signature_hash_algorithm(self):
+        """
+        Returns a HashAlgorithm corresponding to the type of the digest signed
+        """
+
+    @abc.abstractproperty
     def signature(self):
         """
         The signature bytes