def parse_ocsp_request( request_der: bytes) -> (Optional[OCSPRequest], Optional[OCSPResponse]): """ Parse the request bytes, return an ``OCSPRequest`` instance. """ try: return (OCSPRequest.load(request_der), None) except Exception as e: logger.exception('Could not load/parse OCSPRequest: %s', e) return (None, _fail(ResponseStatus.malformed_request))
def handle_ocsp_requests(caid): # Import section (specifically for OCSP) from asn1crypto.util import timezone from asn1crypto.ocsp import OCSPRequest from oscrypto import asymmetric from ocspbuilder import OCSPResponseBuilder # Getting CA information key = Key.query.filter_by(ca=caid).first() if not key: abort(config.http_notfound, {"message": config.error_pkey_notfound}) private, public = key.dump(config.path_keys) with open(private, "rb") as f: issuer_key = asymmetric.load_private_key(f.read(), "testtest") with open(public, "rb") as f: issuer_cert = asymmetric.load_certificate(f.read()) # Parsing the OCSP request ocsp = OCSPRequest.load(request.get_data()) tbs_request = ocsp['tbs_request'] request_list = tbs_request['request_list'] if len(request_list) != 1: abort(config.http_notimplemented, {"message": config.error_multiple_requests}) single_request = request_list[0] # TODO: Support more than one request req_cert = single_request['req_cert'] serial = hex(req_cert['serial_number'].native)[2:] # Getting certificate cert = Certificate.query.filter_by(serial=serial).first() if not cert: abort(config.http_notfound, {"message": config.error_cert_notfound}) cert_path = cert.dump(config.path_keys) with open(cert_path, "rb") as f: subject_cert = asymmetric.load_certificate(f.read()) # A response for a certificate in good standing builder = OCSPResponseBuilder(u'successful', subject_cert, u'good') ocsp_response = builder.build(issuer_key, issuer_cert) return ocsp_response.dump()
def parse_ocsp_request(self, request_der: bytes) -> OCSPRequest: """ Parse the request bytes, return an ``OCSPRequest`` instance. """ return OCSPRequest.load(request_der)
def _parse_ocsp_request(self, request_der: bytes) -> OCSPRequest: """ Parse the request bytes, return an ``OCSPRequest`` instance. """ return OCSPRequest.load(request_der)