def scts_from_ocsp_resp(ocsp_resp_der):
'''Return list of SCTs of the OCSP status response.
Args:
ocsp_resp_der(bytes): DER encoded OCSP status response
Return:
[<ctutlz.rfc6962.SignedCertificateTimestamp>, ...]
'''
if ocsp_resp_der:
ocsp_resp, _ = der_decoder(
ocsp_resp_der, asn1Spec=pyasn1_modules.rfc2560.OCSPResponse())
response_bytes = ocsp_resp.getComponentByName('responseBytes')
if response_bytes is not None:
# os: octet string
response_os = response_bytes.getComponentByName('response')
der_decoder.defaultErrorState = ber.decoder.stDumpRawValue
response, _ = der_decoder(response_os, Sequence())
sctlist_os_hex = sctlist_hex_from_ocsp_pretty_print(
response.prettyPrint())
if sctlist_os_hex:
sctlist_os_der = binascii.unhexlify(sctlist_os_hex)
sctlist_os, _ = der_decoder(sctlist_os_der, OctetString())
sctlist_hex = sctlist_os.prettyPrint().split('0x')[-1]
sctlist_der = binascii.unhexlify(sctlist_hex)
sctlist = SignedCertificateTimestampList(sctlist_der)
return [SignedCertificateTimestamp(entry.sct_der)
for entry
in sctlist.sct_list]
return []
评论列表
文章目录
