def _create_ocsp_request(issuer, subject): """ Create CertId and OCSPRequest """ cert_id = CertId({ 'hash_algorithm': DigestAlgorithm({ 'algorithm': u'sha1', 'parameters': None }), 'issuer_name_hash': OctetString(subject.issuer.sha1), 'issuer_key_hash': OctetString(issuer.public_key.sha1), 'serial_number': subject.serial_number, }) req = OCSPRequest({ 'tbs_request': TBSRequest({ 'version': Version(0), 'request_list': Requests([Request({ 'req_cert': cert_id, })]), }), }) return cert_id, req
def create_ocsp_request(self, issuer, subject): """Creates CertId and OCSPRequest.""" cert_id = CertId({ "hash_algorithm": DigestAlgorithm({ "algorithm": "sha1", "parameters": None }), "issuer_name_hash": OctetString(subject.issuer.sha1), "issuer_key_hash": OctetString(issuer.public_key.sha1), "serial_number": subject.serial_number, }) ocsp_request = OCSPRequest({ "tbs_request": TBSRequest({ "version": Version(0), "request_list": Requests([Request({ "req_cert": cert_id, })]), }), }) return cert_id, ocsp_request
def parse_ocsp_request( request_der: bytes) -> (Optional[OCSPRequest], Optional[OCSPResponse]): """ Parse the request bytes, return an ``OCSPRequest`` instance. """ try: return (OCSPRequest.load(request_der), None) except Exception as e: logger.exception('Could not load/parse OCSPRequest: %s', e) return (None, _fail(ResponseStatus.malformed_request))
def handle_ocsp_requests(caid): # Import section (specifically for OCSP) from asn1crypto.util import timezone from asn1crypto.ocsp import OCSPRequest from oscrypto import asymmetric from ocspbuilder import OCSPResponseBuilder # Getting CA information key = Key.query.filter_by(ca=caid).first() if not key: abort(config.http_notfound, {"message": config.error_pkey_notfound}) private, public = key.dump(config.path_keys) with open(private, "rb") as f: issuer_key = asymmetric.load_private_key(f.read(), "testtest") with open(public, "rb") as f: issuer_cert = asymmetric.load_certificate(f.read()) # Parsing the OCSP request ocsp = OCSPRequest.load(request.get_data()) tbs_request = ocsp['tbs_request'] request_list = tbs_request['request_list'] if len(request_list) != 1: abort(config.http_notimplemented, {"message": config.error_multiple_requests}) single_request = request_list[0] # TODO: Support more than one request req_cert = single_request['req_cert'] serial = hex(req_cert['serial_number'].native)[2:] # Getting certificate cert = Certificate.query.filter_by(serial=serial).first() if not cert: abort(config.http_notfound, {"message": config.error_cert_notfound}) cert_path = cert.dump(config.path_keys) with open(cert_path, "rb") as f: subject_cert = asymmetric.load_certificate(f.read()) # A response for a certificate in good standing builder = OCSPResponseBuilder(u'successful', subject_cert, u'good') ocsp_response = builder.build(issuer_key, issuer_cert) return ocsp_response.dump()
def parse_ocsp_request(self, request_der: bytes) -> OCSPRequest: """ Parse the request bytes, return an ``OCSPRequest`` instance. """ return OCSPRequest.load(request_der)
def _parse_ocsp_request(self, request_der: bytes) -> OCSPRequest: """ Parse the request bytes, return an ``OCSPRequest`` instance. """ return OCSPRequest.load(request_der)