magnuswatn · July 7, 2021 11:02
diff --git a/create_ssn_ocspreq.py b/create_ssn_ocspreq.py
 #!/bin/env python3
 """
 Script for å lage en ocsp-forespørsel med fødselsnummer-extension.

 Brukes slik: ./create_ocspreq.py cert.pem issuer.pem ocsp_request

 Støtter dessverre ikke signering av requesten, men openssl kan ta den biten, slik:

 ./create_ocspreq.py cert.pem issuer.pem - | openssl ocsp -reqin - -signer ./signcert.pem -signkey ./signkey.pem -reqout ocsp_request

 Magnus Watn <[email protected]>
 """
 import sys
 from pathlib import Path

 from cryptography import x509
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.hashes import SHA1
 from cryptography.hazmat.backends import default_backend

 SSN_POLICY_OID = x509.ObjectIdentifier("2.16.578.1.16.3.2")


 def main():
    try:
        cert_file = Path(sys.argv[1])
        issuer_file = Path(sys.argv[2])
        out_param = sys.argv[3]
    except IndexError:
        print("Wrong number of args")
        sys.exit(1)

    cert = x509.load_pem_x509_certificate(cert_file.read_bytes(), default_backend())
    issuer = x509.load_pem_x509_certificate(issuer_file.read_bytes(), default_backend())
    ssn_ext = x509.UnrecognizedExtension(SSN_POLICY_OID, b"")

    req = (
        x509.ocsp.OCSPRequestBuilder()
        .add_certificate(cert, issuer, SHA1())
        .add_extension(ssn_ext, False)
        .build()
    ).public_bytes(serialization.Encoding.DER)

    if out_param == "-":
        sys.stdout.buffer.write(req)
    else:
        Path(out_param).write_bytes(req)


 if __name__ == "__main__":
    main()
	#!/bin/env python3
	"""
	Script for å lage en ocsp-forespørsel med fødselsnummer-extension.

	Brukes slik: ./create_ocspreq.py cert.pem issuer.pem ocsp_request

	Støtter dessverre ikke signering av requesten, men openssl kan ta den biten, slik:

	./create_ocspreq.py cert.pem issuer.pem - \| openssl ocsp -reqin - -signer ./signcert.pem -signkey ./signkey.pem -reqout ocsp_request

	Magnus Watn <[email protected]>
	"""
	import sys
	from pathlib import Path

	from cryptography import x509
	from cryptography.hazmat.primitives import serialization
	from cryptography.hazmat.primitives.hashes import SHA1
	from cryptography.hazmat.backends import default_backend

	SSN_POLICY_OID = x509.ObjectIdentifier("2.16.578.1.16.3.2")


	def main():
	try:
	cert_file = Path(sys.argv[1])
	issuer_file = Path(sys.argv[2])
	out_param = sys.argv[3]
	except IndexError:
	print("Wrong number of args")
	sys.exit(1)

	cert = x509.load_pem_x509_certificate(cert_file.read_bytes(), default_backend())
	issuer = x509.load_pem_x509_certificate(issuer_file.read_bytes(), default_backend())
	ssn_ext = x509.UnrecognizedExtension(SSN_POLICY_OID, b"")

	req = (
	x509.ocsp.OCSPRequestBuilder()
	.add_certificate(cert, issuer, SHA1())
	.add_extension(ssn_ext, False)
	.build()
	).public_bytes(serialization.Encoding.DER)

	if out_param == "-":
	sys.stdout.buffer.write(req)
	else:
	Path(out_param).write_bytes(req)


	if __name__ == "__main__":
	main()