def scts_from_ocsp_resp(ocsp_resp_der):
'''Return list of SCTs of the OCSP status response.
Args:
ocsp_resp_der(bytes): DER encoded OCSP status response
Return:
[<ctutlz.rfc6962.SignedCertificateTimestamp>, ...]
'''
if ocsp_resp_der:
ocsp_resp, _ = der_decoder(
ocsp_resp_der, asn1Spec=pyasn1_modules.rfc2560.OCSPResponse())
response_bytes = ocsp_resp.getComponentByName('responseBytes')
if response_bytes is not None:
# os: octet string
response_os = response_bytes.getComponentByName('response')
der_decoder.defaultErrorState = ber.decoder.stDumpRawValue
response, _ = der_decoder(response_os, Sequence())
sctlist_os_hex = sctlist_hex_from_ocsp_pretty_print(
response.prettyPrint())
if sctlist_os_hex:
sctlist_os_der = binascii.unhexlify(sctlist_os_hex)
sctlist_os, _ = der_decoder(sctlist_os_der, OctetString())
sctlist_hex = sctlist_os.prettyPrint().split('0x')[-1]
sctlist_der = binascii.unhexlify(sctlist_hex)
sctlist = SignedCertificateTimestampList(sctlist_der)
return [SignedCertificateTimestamp(entry.sct_der)
for entry
in sctlist.sct_list]
return []
def scts_from_cert(cert_der):
'''Return list of SCTs of the SCTList SAN extension of the certificate.
Args:
cert_der(bytes): DER encoded ASN.1 Certificate
Return:
[<ctutlz.rfc6962.SignedCertificateTimestamp>, ...]
'''
cert, _ = der_decoder(
cert_der, asn1Spec=pyasn1_modules.rfc5280.Certificate())
sctlist_oid = ObjectIdentifier(value='1.3.6.1.4.1.11129.2.4.2')
exts = []
if 'extensions' in cert['tbsCertificate'].keys():
exts = [extension
for extension
in cert['tbsCertificate']['extensions']
if extension['extnID'] == sctlist_oid]
if len(exts) != 0:
extension_sctlist = exts[0]
os_inner_der = extension_sctlist['extnValue'] # type: OctetString()
os_inner, _ = der_decoder(os_inner_der, OctetString())
sctlist_hex = os_inner.prettyPrint().split('0x')[-1]
sctlist_der = binascii.unhexlify(sctlist_hex)
sctlist = SignedCertificateTimestampList(sctlist_der)
return [SignedCertificateTimestamp(entry.sct_der)
for entry
in sctlist.sct_list]
return []