jvgutierrez/ocsp-response-builder.py

## ocsp-response-builder.py
import datetime
import sys

from cryptography.x509 import load_pem_x509_certificate, ocsp
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization

def main(server_cert_path, issuer_cert_path, responder_cert_path, responder_key_path, output_path):
    server_cert = load_pem_x509_certificate(open(server_cert_path, 'rb').read(), default_backend())
    issuer_cert = load_pem_x509_certificate(open(issuer_cert_path, 'rb').read(), default_backend())
    responder_cert = load_pem_x509_certificate(open(responder_cert_path, 'rb').read(), default_backend())
    responder_key = serialization.load_pem_private_key(open(responder_key_path, 'rb').read(), None, default_backend())
    builder = ocsp.OCSPResponseBuilder()
    this_update = datetime.datetime.utcnow()
    next_update = this_update + datetime.timedelta(hours=262800)
    builder = builder.add_response(server_cert, issuer_cert, hashes.SHA1(),
                                   ocsp.OCSPCertStatus.GOOD, this_update, next_update,
                                   revocation_time=None, revocation_reason=None)
    builder = builder.responder_id(ocsp.OCSPResponderEncoding.HASH, responder_cert)
    builder = builder.certificates([responder_cert, issuer_cert])
    response = builder.sign(responder_key, hashes.SHA256())
    with open(output_path, 'wb') as output_file:
        output_file.write(response.public_bytes(serialization.Encoding.DER))


if __name__ == '__main__':
    if len(sys.argv) != 6:
        print("Usage: {} server_cert_path issuer_cert_path responder_cert_path responder_key_path output_path".format(sys.argv[0]))
        sys.exit(1)

    main(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5])
	import datetime
	import sys

	from cryptography.x509 import load_pem_x509_certificate, ocsp
	from cryptography.hazmat.backends import default_backend
	from cryptography.hazmat.primitives import hashes, serialization

	def main(server_cert_path, issuer_cert_path, responder_cert_path, responder_key_path, output_path):
	server_cert = load_pem_x509_certificate(open(server_cert_path, 'rb').read(), default_backend())
	issuer_cert = load_pem_x509_certificate(open(issuer_cert_path, 'rb').read(), default_backend())
	responder_cert = load_pem_x509_certificate(open(responder_cert_path, 'rb').read(), default_backend())
	responder_key = serialization.load_pem_private_key(open(responder_key_path, 'rb').read(), None, default_backend())
	builder = ocsp.OCSPResponseBuilder()
	this_update = datetime.datetime.utcnow()
	next_update = this_update + datetime.timedelta(hours=262800)
	builder = builder.add_response(server_cert, issuer_cert, hashes.SHA1(),
	ocsp.OCSPCertStatus.GOOD, this_update, next_update,
	revocation_time=None, revocation_reason=None)
	builder = builder.responder_id(ocsp.OCSPResponderEncoding.HASH, responder_cert)
	builder = builder.certificates([responder_cert, issuer_cert])
	response = builder.sign(responder_key, hashes.SHA256())
	with open(output_path, 'wb') as output_file:
	output_file.write(response.public_bytes(serialization.Encoding.DER))


	if __name__ == '__main__':
	if len(sys.argv) != 6:
	print("Usage: {} server_cert_path issuer_cert_path responder_cert_path responder_key_path output_path".format(sys.argv[0]))
	sys.exit(1)

	main(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5])