Skip to content

Commit

Permalink
Update example generator to add OCSP nocheck ext
Browse files Browse the repository at this point in the history
  • Loading branch information
@CBonnell
CBonnell committed Apr 2, 2024
1 parent 5957842 commit 5d40959
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions example_generator/rfc5019bis_example_builder.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@
key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False
), True)
.add_extension(x509.ExtendedKeyUsage([x509.ExtendedKeyUsageOID.OCSP_SIGNING]), False)
.add_extension(x509.OCSPNoCheck(), False)
.sign(_CA_KEY, hashes.SHA512())
)

Expand All @@ -128,21 +129,28 @@
def _dumpasn1(doc):
octets = doc.public_bytes(serialization.Encoding.DER)

print('\n~~~')

if isinstance(doc, x509.Certificate):
print(doc.public_bytes(serialization.Encoding.PEM).decode())
print(doc.public_bytes(serialization.Encoding.PEM).decode().strip())
else:
b64 = base64.b64encode(octets).decode()
b64 = base64.b64encode(octets).decode().strip()

print('\n'.join((b64[p:p + 64] for p in range(0, len(b64), 64))))

print('~~~\n')

print('~~~')

with tempfile.NamedTemporaryFile() as f:
f.write(octets)
f.flush()

output = subprocess.check_output(['dumpasn1', '-z', '-w72', f.name], stderr=subprocess.DEVNULL).decode()

print(output)
print(output.strip())

print('~~~\n')

_dumpasn1(ca_cert)
_dumpasn1(ee_cert)
Expand Down

0 comments on commit 5d40959

Please sign in to comment.