OCSP response serialization (#4482)

* support OCSP response serialization * empty commit, good times
2026-05-14 20:37:55 +00:00 · 2018-10-07 11:07:14 +08:00 · 2018-10-07 11:07:14 +08:00 · 788b859efd
commit 788b859efd
parent 0c07580a21
3 changed files with 40 additions and 0 deletions
--- a/docs/x509/ocsp.rst
+++ b/docs/x509/ocsp.rst
@ -411,6 +411,14 @@ Interfaces

        The extensions encoded in the response.

+    .. method:: public_bytes(encoding)
+
+        :param encoding: The encoding to use. Only
+            :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
+            is supported.
+
+        :return bytes: The serialized OCSP response.
+
 .. class:: OCSPResponseStatus

    .. versionadded:: 2.4
--- a/src/cryptography/hazmat/backends/openssl/ocsp.py
+++ b/src/cryptography/hazmat/backends/openssl/ocsp.py
@ -306,6 +306,19 @@ class _OCSPResponse(object):
    def extensions(self):
        return _OCSP_BASICRESP_EXT_PARSER.parse(self._backend, self._basic)

+    def public_bytes(self, encoding):
+        if encoding is not serialization.Encoding.DER:
+            raise ValueError(
+                "The only allowed encoding value is Encoding.DER"
+            )
+
+        bio = self._backend._create_mem_bio_gc()
+        res = self._backend._lib.i2d_OCSP_RESPONSE_bio(
+            bio, self._ocsp_response
+        )
+        self._backend.openssl_assert(res > 0)
+        return self._backend._read_mem_bio(bio)
+

@utils.register_interface(OCSPRequest)
 class _OCSPRequest(object):
--- a/tests/x509/test_ocsp.py
+++ b/tests/x509/test_ocsp.py
@ -330,3 +330,22 @@ class TestOCSPResponse(object):
        assert ext.value == x509.OCSPNonce(
            b'\x04\x105\x957\x9fa\x03\x83\x87\x89rW\x8f\xae\x99\xf7"'
        )
+
+    def test_serialize_reponse(self):
+        resp_bytes = load_vectors_from_file(
+            filename=os.path.join("x509", "ocsp", "resp-revoked.der"),
+            loader=lambda data: data.read(),
+            mode="rb"
+        )
+        resp = ocsp.load_der_ocsp_response(resp_bytes)
+        assert resp.public_bytes(serialization.Encoding.DER) == resp_bytes
+
+    def test_invalid_serialize_encoding(self):
+        resp = _load_data(
+            os.path.join("x509", "ocsp", "resp-revoked.der"),
+            ocsp.load_der_ocsp_response,
+        )
+        with pytest.raises(ValueError):
+            resp.public_bytes("invalid")
+        with pytest.raises(ValueError):
+            resp.public_bytes(serialization.Encoding.PEM)