OCSP

OCSPRequest ¶

Bases: InitCryptoParser

Represents an OCSP request.

Attributes:	`hash_algorithm` (`HashAlgorithm`) – The hash algorithm. `serial_number` (`Optional[int]`) – The serial number. `extensions` (`Optional[Extensions]`) – The extensions.

Examples¶

Create OCSP Request¶

cert

import datetime

from pki_tools import SHA512, Validity, Name, Certificate, RSAKeyPair

cert = Certificate(
    subject=Name(cn=["Cert CN"]),
    issuer=Name(cn=["Cert CN"]),
    validity=Validity(
        not_before=datetime.datetime.today() - datetime.timedelta(days=1),
        not_after=datetime.datetime.today() + datetime.timedelta(days=1),
    ),
)

cert.sign(RSAKeyPair.generate(), SHA512)

from pki_tools import OCSPRequest

req = OCSPRequest(
    hash_algorithm=SHA512.algorithm, serial_number=cert.serial_number
)

req.create(cert, cert)

print(req.pem_string)

Print output

Serial Number: '1419969360'
algorithm: SHA512

InitCryptoParser.from_file ¶

req.pem

-----BEGIN OCSP REQUEST-----
MIG1MIGyMIGvMIGsMIGpMA0GCWCGSAFlAwQCAwUABEB6/1zxTH1hbenJdMcinslv
asdow/1VPLNqVdaDuD7gesgzTv6pMU1PVc1OwtvuncM+afDNXnWEWgiAoFXSDfFQ
BEDxuEQwiwNp5nD/Qc/BXaFEWVE7EPBp9WA/65jQSZcEmCO665C+92G+BPaoI/EE
Fl+npz50sv7HrqDeJrU+WZCFAhRPA+Kc1W3fBuNfGzu5tzF2tjo7Yw==
-----END OCSP REQUEST-----

from pki_tools import OCSPRequest

req = OCSPRequest.from_file("req.pem")

print(req)

Print output

Extensions: {}
Serial Number: '451096913875044778748831451124639911061942319971'
algorithm: SHA512

InitCryptoParser.from_pem_string ¶

pem

pem = """
-----BEGIN OCSP REQUEST-----
MIG1MIGyMIGvMIGsMIGpMA0GCWCGSAFlAwQCAwUABEB6/1zxTH1hbenJdMcinslv
asdow/1VPLNqVdaDuD7gesgzTv6pMU1PVc1OwtvuncM+afDNXnWEWgiAoFXSDfFQ
BEDxuEQwiwNp5nD/Qc/BXaFEWVE7EPBp9WA/65jQSZcEmCO665C+92G+BPaoI/EE
Fl+npz50sv7HrqDeJrU+WZCFAhRPA+Kc1W3fBuNfGzu5tzF2tjo7Yw==
-----END OCSP REQUEST-----
"""

from pki_tools import OCSPRequest

req = OCSPRequest.from_pem_string(pem)

print(req)

Print output

Extensions: {}
Serial Number: '451096913875044778748831451124639911061942319971'
algorithm: SHA512

InitCryptoParser.to_file ¶

pem

pem = """
-----BEGIN OCSP REQUEST-----
MIG1MIGyMIGvMIGsMIGpMA0GCWCGSAFlAwQCAwUABEB6/1zxTH1hbenJdMcinslv
asdow/1VPLNqVdaDuD7gesgzTv6pMU1PVc1OwtvuncM+afDNXnWEWgiAoFXSDfFQ
BEDnCmRUwFymLe1CkhH/iY+y03tK/R5ACKvX2BSe/sWnXrHtW4whiQowmpxQPlvN
od+22kNsyj67c0Rb/m76j/gSAhRX1AhPCGDVeO5pEcsQ+BDt4x5LMQ==
-----END OCSP REQUEST-----
"""

from pki_tools import OCSPRequest

req = OCSPRequest.from_pem_string(pem)

req.to_file("out_req.pem")

out_req.pem

-----BEGIN OCSP REQUEST-----
MIG1MIGyMIGvMIGsMIGpMA0GCWCGSAFlAwQCAwUABEB6/1zxTH1hbenJdMcinslv
asdow/1VPLNqVdaDuD7gesgzTv6pMU1PVc1OwtvuncM+afDNXnWEWgiAoFXSDfFQ
BEDnCmRUwFymLe1CkhH/iY+y03tK/R5ACKvX2BSe/sWnXrHtW4whiQowmpxQPlvN
od+22kNsyj67c0Rb/m76j/gSAhRX1AhPCGDVeO5pEcsQ+BDt4x5LMQ==
-----END OCSP REQUEST-----

pem_bytes `property` ¶

pem_bytes: bytes

Returns the PEM bytes of the object

Returns:	`bytes` – The PEM bytes.

request_path `property` ¶

request_path: str

The request path of the OCSP Response.

Returns:	`str` – The request path.

create ¶

create(cert: Certificate, issuer_cert: Certificate)

Creates an OCSP request.

Parameters:	`cert` (`Certificate`) – The certificate. `issuer_cert` (`Certificate`) – The issuer of the OCSP Response.

from_cryptography `classmethod` ¶

from_cryptography(crypto_obj: ocsp.OCSPRequest) -> OCSPRequest

Constructs an OCSPRequest object from a cryptography OCSPRequest object.

Parameters:	`crypto_obj` (`ocsp.OCSPRequest`) – The cryptography OCSPRequest object.

Returns:	`OCSPRequest` – The constructed OCSPRequest object.

Example¶

crypto_ocsp_request

from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.x509 import ocsp, load_pem_x509_certificate

pem_cert = b"""
-----BEGIN CERTIFICATE-----
MIICsDCCAZigAwIBAgIUJDBA6chIz7alIJGj//DNL7Pq0HowDQYJKoZIhvcNAQEN
BQAwEjEQMA4GA1UEAwwHQ2VydCBDTjAeFw0yNDAzMTYxMzQzNTdaFw0yNDAzMTcx
MzQzNTdaMBIxEDAOBgNVBAMMB0NlcnQgQ04wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDtBdJp6oYQSIBuefvRphiau2GFGlPNvnyAm7DcVHLREiSSPX2
Ov8Krkg9/iqoZS3lcmEgj/BQMyySpJt+5Ggo60pbJBWHR86+jLBCwu687OAsfGtz
DQPN5xSWnC4K0OaUDm2doaGMcffzLL65ry/HV1XaRxxkK6HuZDt9VtyyrvSyXvMT
N0CuenLPx2b+t3owjg9wrCZghBsIQWkhCQiCN35UbEuZ3Wv3H1ezulNe0/r782NB
TXEmL6qGe/yx+//23vbmzIDar8UYEKrFNZ1yiugNWXLJKxwmxIyNtLr29MX5jrY+
yFxup5D0JTDyKRINq+dtzzLgxzPoOzMzEDZvAgMBAAEwDQYJKoZIhvcNAQENBQAD
ggEBADHeiK+JB6Z25afqGVSa1oIGEvCo8mi50/tcT+lH03Jt5x+bAKgPJGI8Gew/
0ko7JU3O8Sy3nTrVnLcgKSJiot6t7DMhWOSKTcuJTCOsr2WDgJQvF49yZfg+f5df
AWwXkraTwjJ0RoIHN/Kp0TZvgAlZhKkHFNnqT2laubjMIzeF6k/3o6HZCfBV83fu
YbzBK6rQjzFklxBN+ml2XX1aBMKYkqjbsfLpl7mAKUiZ58jxu6/FGTh6O8ffrr9z
iQBRwByulMBGxzitq/EUoTEeKvtiX5WFTetE19EE7Ojzy6c6qkNlwCjK49WF6smA
2IBk2TPLyVH4LeRc/XQi+Oj7ak0=
-----END CERTIFICATE-----
"""
cert = load_pem_x509_certificate(pem_cert)

builder = ocsp.OCSPRequestBuilder()
builder = builder.add_certificate(cert, cert, SHA256())
crypto_ocsp_request = builder.build()

from pki_tools import OCSPRequest

ocsp_request = OCSPRequest.from_cryptography(crypto_ocsp_request)

print(ocsp_request)

Print output

Extensions: {}
Serial Number: '206599758257502475477849880650720292246800486522'
algorithm: SHA256

OCSPResponse ¶

Bases: InitCryptoParser

Represents an OCSP response.

Attributes:	`response_status` (`OcspResponseStatus`) – The OCSP response status. `certificate_status` (`Optional[OcspCertificateStatus]`) – The OCSP certificate status. `issuer_key_hash` (`Optional[str]`) – The issuer key hash. `revocation_time` (`Optional[datetime]`) – The revocation time.

Examples¶

Create OCSP Response¶

cert

import datetime

from pki_tools import SHA512, Validity, Name, Certificate, RSAKeyPair

cert_key_pair = RSAKeyPair.generate()
cert = Certificate(
    subject=Name(cn=["Cert CN"]),
    issuer=Name(cn=["Cert CN"]),
    validity=Validity(
        not_before=datetime.datetime.today() - datetime.timedelta(days=1),
        not_after=datetime.datetime.today() + datetime.timedelta(days=1),
    ),
)

cert.sign(cert_key_pair, SHA512)

from pki_tools import OCSPResponse, OcspResponseStatus, OcspCertificateStatus

res = OCSPResponse(
    response_status=OcspResponseStatus.SUCCESSFUL,
    certificate_status=OcspCertificateStatus.REVOKED,
    issuer_key_hash="ISSUER_HASH",
    revocation_time=datetime.datetime.now(),
)

res.sign(cert, cert, SHA512, cert_key_pair.private_key, SHA512)

print(res)

Print output

Certificate Status: REVOKED
Issuer Key Hash: ISSUER_HASH
Response Status: SUCCESSFUL
Revocation Time: 2024-03-20 23:44:07.812235

InitCryptoParser.from_file ¶

res.pem

-----BEGIN OCSP RESPONSE-----
MIICSAoBAKCCAkEwggI9BgkrBgEFBQcwAQEEggIuMIICKjCCARKiFgQU6+kUZ57c
x5S+dU8cqKswIZDbKxEYDzIwMjQwMzIwMjI1MTM4WjCB5jCB4zCBqTANBglghkgB
ZQMEAgMFAARAev9c8Ux9YW3pyXTHIp7Jb2rHaMP9VTyzalXWg7g+4HrIM07+qTFN
T1XNTsLb7p3DPmnwzV51hFoIgKBV0g3xUARA2cPkzXTAr1F/PS0zGg7IN962VaJn
IdqD9S4BzGCqMXqUwRC3ze8G/KMIpUHsx7r93vxS2GIJA7bisc/jdZ+LJwIUUYcX
KtFyhNcL/COZA2Hu+ur4u/ChERgPMjAyNDAzMjAyMzUxMzhaGA8yMDI0MDMyMDIz
NTEzOFqgERgPMjAyNDAzMjAyMzUxMzhaMA0GCSqGSIb3DQEBDQUAA4IBAQAoNRSK
vPnJEB8++zC1FsfMByUAUUVDKjLjkH2ObhPtcgtd4kBVtRYhpQnLu4vS/lImhRdh
99N13uoKgfdOs7GPQjkuWLiCwirmYeHjYJ4TNzQ3wkVdpLtCQPfkx5WtU5IcD8lM
aOOi+PN/rXuFo/sM0E3RV0PWu+X0zL6x1jYnVfXwc0HFHjmcALM498v2Qoet4On5
kW/Lh6+i6EUTzNWiVZ2evN7XSExqsvaXNxShAkGN1AH6M3a6DTVhDoF/948C3B/G
j40SrfyIpgfKiShWP5jUS9o5U1Vk54R6PJ22mmI1ZJZGfEj9pqbcfNgUnlC7UdML
1X93HfFsCrnOMcAh
-----END OCSP RESPONSE-----

from pki_tools import OCSPResponse

req = OCSPResponse.from_file("res.pem")

print(req)

Print output

Certificate Status: REVOKED
Issuer Key Hash: |-
  D9C3E4CD74C0AF517F3D2D331A0EC837DEB655A26721DA83F52E01CC60AA317A94C110B7CDEF06FC
  A308A541ECC7BAFDDEFC52D8620903B6E2B1CFE3759F8B27
Response Status: SUCCESSFUL
Revocation Time: 2024-03-20 23:51:38+00:00

InitCryptoParser.from_pem_string ¶

pem

pem = """
-----BEGIN OCSP RESPONSE-----
MIICSAoBAKCCAkEwggI9BgkrBgEFBQcwAQEEggIuMIICKjCCARKiFgQU6+kUZ57c
x5S+dU8cqKswIZDbKxEYDzIwMjQwMzIwMjI1MTM4WjCB5jCB4zCBqTANBglghkgB
ZQMEAgMFAARAev9c8Ux9YW3pyXTHIp7Jb2rHaMP9VTyzalXWg7g+4HrIM07+qTFN
T1XNTsLb7p3DPmnwzV51hFoIgKBV0g3xUARA2cPkzXTAr1F/PS0zGg7IN962VaJn
IdqD9S4BzGCqMXqUwRC3ze8G/KMIpUHsx7r93vxS2GIJA7bisc/jdZ+LJwIUUYcX
KtFyhNcL/COZA2Hu+ur4u/ChERgPMjAyNDAzMjAyMzUxMzhaGA8yMDI0MDMyMDIz
NTEzOFqgERgPMjAyNDAzMjAyMzUxMzhaMA0GCSqGSIb3DQEBDQUAA4IBAQAoNRSK
vPnJEB8++zC1FsfMByUAUUVDKjLjkH2ObhPtcgtd4kBVtRYhpQnLu4vS/lImhRdh
99N13uoKgfdOs7GPQjkuWLiCwirmYeHjYJ4TNzQ3wkVdpLtCQPfkx5WtU5IcD8lM
aOOi+PN/rXuFo/sM0E3RV0PWu+X0zL6x1jYnVfXwc0HFHjmcALM498v2Qoet4On5
kW/Lh6+i6EUTzNWiVZ2evN7XSExqsvaXNxShAkGN1AH6M3a6DTVhDoF/948C3B/G
j40SrfyIpgfKiShWP5jUS9o5U1Vk54R6PJ22mmI1ZJZGfEj9pqbcfNgUnlC7UdML
1X93HfFsCrnOMcAh
-----END OCSP RESPONSE-----
"""

from pki_tools import OCSPResponse

req = OCSPResponse.from_pem_string(pem)

print(req)

Print output

Certificate Status: REVOKED
Issuer Key Hash: |-
  D9C3E4CD74C0AF517F3D2D331A0EC837DEB655A26721DA83F52E01CC60AA317A94C110B7CDEF06FC
  A308A541ECC7BAFDDEFC52D8620903B6E2B1CFE3759F8B27
Response Status: SUCCESSFUL
Revocation Time: 2024-03-20 23:51:38+00:00

InitCryptoParser.to_file ¶

pem

pem = """
-----BEGIN OCSP RESPONSE-----
MIICSAoBAKCCAkEwggI9BgkrBgEFBQcwAQEEggIuMIICKjCCARKiFgQU6+kUZ57c
x5S+dU8cqKswIZDbKxEYDzIwMjQwMzIwMjI1MTM4WjCB5jCB4zCBqTANBglghkgB
ZQMEAgMFAARAev9c8Ux9YW3pyXTHIp7Jb2rHaMP9VTyzalXWg7g+4HrIM07+qTFN
T1XNTsLb7p3DPmnwzV51hFoIgKBV0g3xUARA2cPkzXTAr1F/PS0zGg7IN962VaJn
IdqD9S4BzGCqMXqUwRC3ze8G/KMIpUHsx7r93vxS2GIJA7bisc/jdZ+LJwIUUYcX
KtFyhNcL/COZA2Hu+ur4u/ChERgPMjAyNDAzMjAyMzUxMzhaGA8yMDI0MDMyMDIz
NTEzOFqgERgPMjAyNDAzMjAyMzUxMzhaMA0GCSqGSIb3DQEBDQUAA4IBAQAoNRSK
vPnJEB8++zC1FsfMByUAUUVDKjLjkH2ObhPtcgtd4kBVtRYhpQnLu4vS/lImhRdh
99N13uoKgfdOs7GPQjkuWLiCwirmYeHjYJ4TNzQ3wkVdpLtCQPfkx5WtU5IcD8lM
aOOi+PN/rXuFo/sM0E3RV0PWu+X0zL6x1jYnVfXwc0HFHjmcALM498v2Qoet4On5
kW/Lh6+i6EUTzNWiVZ2evN7XSExqsvaXNxShAkGN1AH6M3a6DTVhDoF/948C3B/G
j40SrfyIpgfKiShWP5jUS9o5U1Vk54R6PJ22mmI1ZJZGfEj9pqbcfNgUnlC7UdML
1X93HfFsCrnOMcAh
-----END OCSP RESPONSE-----
"""

from pki_tools import OCSPResponse

req = OCSPResponse.from_pem_string(pem)

req.to_file("out_res.pem")

out_res.pem

-----BEGIN OCSP RESPONSE-----
MIICSAoBAKCCAkEwggI9BgkrBgEFBQcwAQEEggIuMIICKjCCARKiFgQU6+kUZ57c
x5S+dU8cqKswIZDbKxEYDzIwMjQwMzIwMjI1MTM4WjCB5jCB4zCBqTANBglghkgB
ZQMEAgMFAARAev9c8Ux9YW3pyXTHIp7Jb2rHaMP9VTyzalXWg7g+4HrIM07+qTFN
T1XNTsLb7p3DPmnwzV51hFoIgKBV0g3xUARA2cPkzXTAr1F/PS0zGg7IN962VaJn
IdqD9S4BzGCqMXqUwRC3ze8G/KMIpUHsx7r93vxS2GIJA7bisc/jdZ+LJwIUUYcX
KtFyhNcL/COZA2Hu+ur4u/ChERgPMjAyNDAzMjAyMzUxMzhaGA8yMDI0MDMyMDIz
NTEzOFqgERgPMjAyNDAzMjAyMzUxMzhaMA0GCSqGSIb3DQEBDQUAA4IBAQAoNRSK
vPnJEB8++zC1FsfMByUAUUVDKjLjkH2ObhPtcgtd4kBVtRYhpQnLu4vS/lImhRdh
99N13uoKgfdOs7GPQjkuWLiCwirmYeHjYJ4TNzQ3wkVdpLtCQPfkx5WtU5IcD8lM
aOOi+PN/rXuFo/sM0E3RV0PWu+X0zL6x1jYnVfXwc0HFHjmcALM498v2Qoet4On5
kW/Lh6+i6EUTzNWiVZ2evN7XSExqsvaXNxShAkGN1AH6M3a6DTVhDoF/948C3B/G
j40SrfyIpgfKiShWP5jUS9o5U1Vk54R6PJ22mmI1ZJZGfEj9pqbcfNgUnlC7UdML
1X93HfFsCrnOMcAh
-----END OCSP RESPONSE-----

is_revoked `property` ¶

is_revoked: bool

Checks if the certificate is revoked.

Returns:	`bool` – True if the certificate is revoked, False otherwise.

is_successful `property` ¶

is_successful: bool

Checks if the OCSP response is successful.

Returns:	`bool` – True if the response is successful, False otherwise.

pem_bytes `property` ¶

pem_bytes: bytes

Returns the PEM bytes of the object

Returns:	`bytes` – The PEM bytes.

tbs_bytes `property` ¶

tbs_bytes: bytes

Returns the bytes to be singed of the OCSP response.

Returns:	`bytes`( `bytes` ) – The TBS bytes.

from_cryptography `classmethod` ¶

from_cryptography(crypto_ocsp_response: ocsp.OCSPResponse) -> OCSPResponse

Constructs an OCSPResponse object from a cryptography OCSPResponse object.

Parameters:	`crypto_ocsp_response` (`ocsp.OCSPResponse`) – The cryptography OCSPResponse object.

Returns:	`OCSPResponse`( `OCSPResponse` ) – The constructed OCSPResponse object.

Example¶

crypto_res

import datetime

from cryptography.hazmat.primitives import hashes, serialization
from cryptography.x509 import ocsp, load_pem_x509_certificate

cert_private_key = b"""
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAqrALl8McEXwwKIgIo9sHhGht+VCVExRnBmkEmAKTnRc9iZVV
Q+slFnobc2y5p3TlBtLEfXed5yzak1NhnzLkfDQYrtUk6X5RREcsOohHT7AxuW/i
K3FyZo5PXM5asFf/DQSH6lp/XJPq0g/seUAvDNxbhLbjx5wjGe+6sCsLB/OSbBRz
Vmflb8p1XwmYr4LthhPE3kkLfCENVQPLoJOdwMw2qlqG63Qdwvj+wq+smIAauZDO
DtxfzWZ82ftH3+qMseiveMPR2Szxz9qi2kSnsHTjdHRlEe5WzHOwa6U/HlPBOVHt
IANxm0PHo8Np47ajTG3BUif6C/XUE5Co/Dz5awIDAQABAoIBADYVKN8x2atqo6G8
FKzCglvAcRQdpdaRUOGVlfiKXHZafkuhTw6Bq9M25orIqPy3y7fBQbQVmik9K5ah
xV1ZlU8LfMSs0ZDQTvSo7okvVBUaWW8N1eZ5AEwhjGD2G4MjprNbu6sUeKV/Utiz
ZfS3UxEqoy7mej7tqKuXq5oVUV33mUwXiT+gx+X688iIlnSMt0XvwrVGfpDnGPqJ
DUnNOli6dUDhvmfvs7KH8H8MLPHu9hK1Uq8zm7sMGS3WHb4E0krjNFZtkByy5cvk
M4k1QpCl7Q4ym3lpOBoyXkFF/Mdi56Ufvo+75FwGqGamREoZect6TaMRvoDmpVcS
I9EemdECgYEA269jlNFz/0fBgZX0mPgaJS7KTiUsTQ/HBMEW7lYLEwCPgQBATR2M
mJAJtCdwWvyVu79cRu9ShqoK83tUVzsXYFu1lWE0m/r6qao7p9Pam9jLr6qmLngK
wsAX44LatM6duNg6BSD2EteTWArJYOOeRrZnkeb8KKjDelqKcYxHAFsCgYEAxucw
JAeQFxCoD+sgtfSapVulASyATTvTfFM6DyqcBMTsm5YU4lik2RuKV5T7hsRCsJGu
rSYnstOVkx9B1gHaLYrUF6MYwUcKfJTFhOwutrYqXi1Vsoq3gUrDleGFT5s3+iPR
VnHCjkJz/fDOdLgaCiLRBMoclFY1B2SLwzRWODECgYA9f0mXHVMlgUbQKdRBBiL7
ia+kVI+kOuhxkkQDEB8lgKCrchCOBdmX06qDvg6byd14o0cHrHMjs3JBWqLvkGEo
3kNkv8NkbsvAtyDgCFRIEFZkpJbEp2ILxo5pZ/YlazmHxy/mw6Ve/O4IVWyuLMnf
7avskgbAsw2VsMbUpnoxxQKBgHdhdTR60ZH2bli3kDeFq3gKLFwrAIramJGrRlKq
CWCXbUfo6Xn9KFwiuoLcqab2jux5U/UazIL5mXHnNdWj4Paqt6fEPWxsHjAt/utL
8rG5Xm6OGTyDI6bXX9LKu//OsudQrimLN/G4kvPcn53Qjdh9kySjxkmGAGgCghxU
gldRAoGAWqY4tm8+HjtU0iSnVm+SetjSPxeTeGe9HUU6oM8kalshKLHjs2SdLJAB
1Zc4hUoZuvfIfX63XdshcGZe8wD2P2+ZFxNwnS0XxpwfQto3sTZZWiy8VezPy+js
o4E3mb1jZDQvmXey9tE73hGG4RrBNeHsjywfUs5pKHEOOEqKgEQ=
-----END RSA PRIVATE KEY-----
"""
crypto_private_key = serialization.load_pem_private_key(
    cert_private_key, password=None
)

pem_cert = b"""
-----BEGIN CERTIFICATE-----
MIICsDCCAZigAwIBAgIUL/5wxBEYcnkrAfHje6sDrdv9knMwDQYJKoZIhvcNAQEN
BQAwEjEQMA4GA1UEAwwHQ2VydCBDTjAeFw0yNDAzMTkyMzQ1MzlaFw0yNDAzMjEy
MzQ1MzlaMBIxEDAOBgNVBAMMB0NlcnQgQ04wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqsAuXwxwRfDAoiAij2weEaG35UJUTFGcGaQSYApOdFz2JlVVD
6yUWehtzbLmndOUG0sR9d53nLNqTU2GfMuR8NBiu1STpflFERyw6iEdPsDG5b+Ir
cXJmjk9czlqwV/8NBIfqWn9ck+rSD+x5QC8M3FuEtuPHnCMZ77qwKwsH85JsFHNW
Z+VvynVfCZivgu2GE8TeSQt8IQ1VA8ugk53AzDaqWobrdB3C+P7Cr6yYgBq5kM4O
3F/NZnzZ+0ff6oyx6K94w9HZLPHP2qLaRKewdON0dGUR7lbMc7BrpT8eU8E5Ue0g
A3GbQ8ejw2njtqNMbcFSJ/oL9dQTkKj8PPlrAgMBAAEwDQYJKoZIhvcNAQENBQAD
ggEBAKcfkel3elnmZN9vblXfc3nf6AkEpaRhAtjIkPLA9EY6vJCGm6ysjQinHlb+
oOsC+S+1c22Bc8z+b1K8GHkV8EZf9c70WmFTKwSB0JkyQ1xyx9jcPm0al0zxaXQX
XertQuzhObayPy8hMbV6Kwmihf0BrR4kwUQFWMAzZ98J5c/jY5UTvEhLN8ntt5k5
IwJofRuEMBmEtRkFR2Qt1K3GJv4Aid94hD+bBOBKZV8MTvRjrU64HOKA25/TEmyf
hIRtzvQkCh9z3S2/+zfYKsmDtENWD7dJLw2Ss9cqrJObeYcjjVvDgSQyt1csMtPr
6Y5Qqajflelt51pd55TqVc8d1Js=
-----END CERTIFICATE-----
"""
cert = load_pem_x509_certificate(pem_cert)

builder = ocsp.OCSPResponseBuilder()
builder = builder.add_response(
    cert=cert,
    issuer=cert,
    algorithm=hashes.SHA256(),
    cert_status=ocsp.OCSPCertStatus.GOOD,
    this_update=datetime.datetime.now(),
    next_update=datetime.datetime.now(),
    revocation_time=None,
    revocation_reason=None,
).responder_id(ocsp.OCSPResponderEncoding.HASH, cert)
crypto_res = builder.sign(crypto_private_key, hashes.SHA256())

from pki_tools import OCSPResponse

res = OCSPResponse.from_cryptography(crypto_res)

print(res)

Print output

Certificate Status: GOOD
Issuer Key Hash: 975ECC737818C143DD1110ED04BFD8FB76AF836F360D8F776FF44C19AF4C56FC
Response Status: SUCCESSFUL

hash_with_alg ¶

hash_with_alg(der_key: bytes) -> str

Hashes a DER key bytes with the algorithm of the OCSP response.

Parameters:	`der_key` (`bytes`) – The DER key.

Returns:	`str`( `str` ) – The hashed key.

sign ¶

sign(cert: Certificate, issuer: Certificate, response_algorithm: SignatureAlgorithm, private_key: CryptoPrivateKey, signature_algorithm: Optional[SignatureAlgorithm] = None)

Signs the OCSP response.

Parameters:	`cert` (`Certificate`) – The certificate. `issuer` (`Certificate`) – The issuer certificate. `response_algorithm` (`SignatureAlgorithm`) – The signature algorithm for the response. `private_key` (`CryptoPrivateKey`) – The private key to sign the response. `signature_algorithm` (`Optional[SignatureAlgorithm]`, default: `None` ) – The signature algorithm.

OcspCertificateStatus ¶

Bases: Enum

Enumeration of OCSP certificate statuses.

OcspResponseStatus ¶

Bases: Enum

Enumeration of OCSP response statuses.

OCSPRequest ¶

Examples¶

Create OCSP Request¶

InitCryptoParser.from_file¶

InitCryptoParser.from_pem_string¶

InitCryptoParser.to_file¶

pem_bytes property ¶

request_path property ¶

create ¶

from_cryptography classmethod ¶

Example¶

OCSPResponse ¶

Examples¶

Create OCSP Response¶

InitCryptoParser.from_file¶

InitCryptoParser.from_pem_string¶

InitCryptoParser.to_file¶

is_revoked property ¶

is_successful property ¶

pem_bytes property ¶

tbs_bytes property ¶

from_cryptography classmethod ¶

Example¶

hash_with_alg ¶

sign ¶

OcspCertificateStatus ¶

OcspResponseStatus ¶

InitCryptoParser.from_file ¶

InitCryptoParser.from_pem_string ¶

InitCryptoParser.to_file ¶

pem_bytes `property` ¶

request_path `property` ¶

from_cryptography `classmethod` ¶

InitCryptoParser.from_file ¶

InitCryptoParser.from_pem_string ¶

InitCryptoParser.to_file ¶

is_revoked `property` ¶

is_successful `property` ¶

pem_bytes `property` ¶

tbs_bytes `property` ¶

from_cryptography `classmethod` ¶