OCSPResponse
OCSPResponse represents an RFC 6960 OCSP Response (outer envelope only).
Construction
OCSPResponse.from_der(data: bytes) -> OCSPResponse
OCSPResponse.from_pem(data: bytes) -> OCSPResponse | list[OCSPResponse]
OCSPResponse.to_pem(resp_or_list) -> bytes
Properties
| Property | Type | Description |
|---|---|---|
status | str | Response status: "successful", "malformedRequest", "internalError", "tryLater", "sigRequired", "unauthorized" |
response_type_oid | ObjectIdentifier | None | OID of the responseBytes contentType, or None for non-successful responses |
response_bytes | bytes | None | Raw content of the responseBytes OCTET STRING, or None |
Methods
| Method | Signature | Returns | Description |
|---|---|---|---|
to_der() | () | bytes | Original DER bytes |
verify_signature | (responder: Certificate) | None | Verify the BasicOCSPResponse signature using the responder’s public key. Raises ValueError if no responseBytes is present, the response type is not id-pkix-ocsp-basic, or the signature is invalid. |
Full class stub
class OCSPResponse:
@staticmethod
def from_der(data: bytes) -> OCSPResponse: ...
@staticmethod
def from_pem(data: bytes) -> OCSPResponse | list[OCSPResponse]: ...
@staticmethod
def to_pem(resp_or_list) -> bytes: ...
status: str
response_type_oid: ObjectIdentifier | None
response_bytes: bytes | None
def to_der(self) -> bytes: ...
def verify_signature(self, responder: Certificate) -> None: ...
Usage
import synta
# Parse a DER-encoded OCSP response
with open("ocsp.der", "rb") as f:
resp = synta.OCSPResponse.from_der(f.read())
# Check the outer status
print(resp.status) # e.g. "successful"
print(resp.response_type_oid) # OID, typically id-pkix-ocsp-basic
# Access the raw inner bytes for further decoding
if resp.status == "successful" and resp.response_bytes:
# resp.response_bytes is the content of the responseBytes OCTET STRING
# Decode it as a BasicOCSPResponse using the Decoder
dec = synta.Decoder(resp.response_bytes, synta.Encoding.DER)
inner = dec.decode_sequence()
# ... (decode tbsResponseData, signatureAlgorithm, signature, etc.)
# Verify the response signature
responder_cert = synta.Certificate.from_der(open("responder.der", "rb").read())
try:
resp.verify_signature(responder_cert)
print("OCSP signature valid")
except ValueError as e:
print(f"OCSP verification failed: {e}")
See also Certificate and CRL.