def _create_ocsp_request(issuer, subject): """ Create CertId and OCSPRequest """ cert_id = CertId({ 'hash_algorithm': DigestAlgorithm({ 'algorithm': u'sha1', 'parameters': None }), 'issuer_name_hash': OctetString(subject.issuer.sha1), 'issuer_key_hash': OctetString(issuer.public_key.sha1), 'serial_number': subject.serial_number, }) req = OCSPRequest({ 'tbs_request': TBSRequest({ 'version': Version(0), 'request_list': Requests([Request({ 'req_cert': cert_id, })]), }), }) return cert_id, req
def create_ocsp_request(self, issuer, subject): """Creates CertId and OCSPRequest.""" cert_id = CertId({ "hash_algorithm": DigestAlgorithm({ "algorithm": "sha1", "parameters": None }), "issuer_name_hash": OctetString(subject.issuer.sha1), "issuer_key_hash": OctetString(issuer.public_key.sha1), "serial_number": subject.serial_number, }) ocsp_request = OCSPRequest({ "tbs_request": TBSRequest({ "version": Version(0), "request_list": Requests([Request({ "req_cert": cert_id, })]), }), }) return cert_id, ocsp_request
def encode_cert_id_key(self, hkey): issuer_name_hash, issuer_key_hash, serial_number = hkey issuer_name_hash = OctetString.load(issuer_name_hash) issuer_key_hash = OctetString.load(issuer_key_hash) serial_number = Integer.load(serial_number) cert_id = CertId({ 'hash_algorithm': DigestAlgorithm({ 'algorithm': 'sha1', 'parameters': None}), 'issuer_name_hash': issuer_name_hash, 'issuer_key_hash': issuer_key_hash, 'serial_number': serial_number, }) return cert_id
def _decode_ocsp_response_cache(ocsp_response_cache_json, ocsp_response_cache): """ Decodes OCSP response cache from JSON """ current_time = int(time.time()) for cert_id_base64, (ts, ocsp_response) in ocsp_response_cache_json.items(): cert_id = CertId.load(b64decode(cert_id_base64)) hkey = _decode_cert_id_key(cert_id) if current_time - CACHE_EXPIRATION <= ts: # creation time must be new enough ocsp_response_cache[hkey] = (ts, b64decode(ocsp_response)) elif hkey in ocsp_response_cache: # invalidate the cache if exists del ocsp_response_cache[hkey] global OCSP_VALIDATION_CACHE_UPDATED OCSP_VALIDATION_CACHE_UPDATED = True
def encode_cert_id_key(self, hkey): issuer_name_hash, issuer_key_hash, serial_number = hkey issuer_name_hash = OctetString.load(issuer_name_hash) issuer_key_hash = OctetString.load(issuer_key_hash) serial_number = Integer.load(serial_number) cert_id = CertId({ "hash_algorithm": DigestAlgorithm({ "algorithm": "sha1", "parameters": None }), "issuer_name_hash": issuer_name_hash, "issuer_key_hash": issuer_key_hash, "serial_number": serial_number, }) return cert_id
def decode_cert_id_base64(self, cert_id_base64): return CertId.load(b64decode(cert_id_base64))