ocsp_base = os.path.join(args.dest, 'ocsp')
if not os.path.exists(ocsp_base):
os.makedirs(ocsp_base)
ocsp_builder = ocsp.OCSPRequestBuilder()
ocsp_builder = ocsp_builder.add_certificate(
data['child-cert']['parsed_cert'].x509,
CertificateAuthority.objects.get(
name=data['child-cert']['ca']).x509, hashes.SHA1())
no_nonce_req = ocsp_builder.build().public_bytes(Encoding.DER)
with open(os.path.join(ocsp_base, ocsp_data['no-nonce']['filename']),
'wb') as stream:
stream.write(no_nonce_req)
ocsp_builder = ocsp_builder.add_extension(x509.OCSPNonce(
hex_to_bytes(ocsp_data['nonce']['nonce'])),
critical=False)
nonce_req = ocsp_builder.build().public_bytes(Encoding.DER)
with open(os.path.join(ocsp_base, ocsp_data['nonce']['filename']),
'wb') as stream:
stream.write(nonce_req)
else:
# updating only contrib, so remove existing data
data = {}
# Load data from Sphinx files
if args.generate_contrib:
for filename in os.listdir(os.path.join(_sphinx_dir, 'ca')):
name, _ext = os.path.splitext(filename)
with open(os.path.join(_sphinx_dir, 'ca', filename), 'rb') as stream:
os.makedirs(ocsp_base)
ocsp_builder = ocsp.OCSPRequestBuilder()
ocsp_builder = ocsp_builder.add_certificate(
data["child-cert"]["parsed_cert"].pub.loaded,
CertificateAuthority.objects.get(
name=data["child-cert"]["ca"]).pub.loaded,
hashes.SHA1(),
)
no_nonce_req = ocsp_builder.build().public_bytes(Encoding.DER)
with open(os.path.join(ocsp_base, ocsp_data["no-nonce"]["filename"]),
"wb") as stream:
stream.write(no_nonce_req)
ocsp_builder = ocsp_builder.add_extension(x509.OCSPNonce(
hex_to_bytes(ocsp_data["nonce"]["nonce"])),
critical=False)
nonce_req = ocsp_builder.build().public_bytes(Encoding.DER)
with open(os.path.join(ocsp_base, ocsp_data["nonce"]["filename"]),
"wb") as stream:
stream.write(nonce_req)
else:
# updating only contrib, so remove existing data
data = {}
# Load data from Sphinx files
if args.generate_contrib:
for filename in os.listdir(os.path.join(_sphinx_dir, "ca")):
name, _ext = os.path.splitext(filename)
with open(os.path.join(_sphinx_dir, "ca", filename), "rb") as stream:
ocsp_base = os.path.join(args.dest, 'ocsp')
if not os.path.exists(ocsp_base):
os.makedirs(ocsp_base)
ocsp_builder = ocsp.OCSPRequestBuilder()
ocsp_builder = ocsp_builder.add_certificate(
data['child-cert']['parsed_cert'].x509,
CertificateAuthority.objects.get(name=data['child-cert']['ca']).x509,
hashes.SHA1()
)
no_nonce_req = ocsp_builder.build().public_bytes(Encoding.DER)
with open(os.path.join(ocsp_base, ocsp_data['no-nonce']['filename']), 'wb') as stream:
stream.write(no_nonce_req)
ocsp_builder = ocsp_builder.add_extension(
x509.OCSPNonce(hex_to_bytes(ocsp_data['nonce']['nonce'])), critical=False
)
nonce_req = ocsp_builder.build().public_bytes(Encoding.DER)
with open(os.path.join(ocsp_base, ocsp_data['nonce']['filename']), 'wb') as stream:
stream.write(nonce_req)
else:
# updating only contrib, so remove existing data
data = {}
# Load data from Sphinx files
if args.generate_contrib:
for filename in os.listdir(os.path.join(_sphinx_dir, 'ca')):
name, _ext = os.path.splitext(filename)
with open(os.path.join(_sphinx_dir, 'ca', filename), 'rb') as stream:
pem = stream.read()