synta 0.1.9

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

# OCSPResponse


`OCSPResponse` represents an RFC 6960 OCSP Response (outer envelope only).

## Construction

```python
OCSPResponse.from_der(data: bytes) -> OCSPResponse
OCSPResponse.from_pem(data: bytes) -> OCSPResponse | list[OCSPResponse]
OCSPResponse.to_pem(resp_or_list) -> bytes
```

## Properties

| Property | Type | Description |
|---|---|---|
| `status` | `str` | Response status: `"successful"`, `"malformedRequest"`, `"internalError"`, `"tryLater"`, `"sigRequired"`, `"unauthorized"` |
| `response_type_oid` | `ObjectIdentifier \| None` | OID of the responseBytes contentType, or `None` for non-successful responses |
| `response_bytes` | `bytes \| None` | Raw content of the responseBytes OCTET STRING, or `None` |

## Methods

| Method | Signature | Returns | Description |
|---|---|---|---|
| `to_der()` | `()` | `bytes` | Original DER bytes |
| `verify_signature` | `(responder: Certificate)` | `None` | Verify the `BasicOCSPResponse` signature using the responder's public key. Raises `ValueError` if no `responseBytes` is present, the response type is not `id-pkix-ocsp-basic`, or the signature is invalid. |

## Full class stub

```python
class OCSPResponse:
    @staticmethod
    def from_der(data: bytes) -> OCSPResponse: ...
    @staticmethod
    def from_pem(data: bytes) -> OCSPResponse | list[OCSPResponse]: ...
    @staticmethod
    def to_pem(resp_or_list) -> bytes: ...

    status: str
    response_type_oid: ObjectIdentifier | None
    response_bytes: bytes | None

    def to_der(self) -> bytes: ...
    def verify_signature(self, responder: Certificate) -> None: ...
```

## Usage

```python
import synta

# Parse a DER-encoded OCSP response
with open("ocsp.der", "rb") as f:
    resp = synta.OCSPResponse.from_der(f.read())

# Check the outer status
print(resp.status)              # e.g. "successful"
print(resp.response_type_oid)   # OID, typically id-pkix-ocsp-basic

# Access the raw inner bytes for further decoding
if resp.status == "successful" and resp.response_bytes:
    # resp.response_bytes is the content of the responseBytes OCTET STRING
    # Decode it as a BasicOCSPResponse using the Decoder
    dec = synta.Decoder(resp.response_bytes, synta.Encoding.DER)
    inner = dec.decode_sequence()
    # ... (decode tbsResponseData, signatureAlgorithm, signature, etc.)

# Verify the response signature
responder_cert = synta.Certificate.from_der(open("responder.der", "rb").read())
try:
    resp.verify_signature(responder_cert)
    print("OCSP signature valid")
except ValueError as e:
    print(f"OCSP verification failed: {e}")
```

See also [Certificate](certificate.md) and [CRL](crl.md).