{ "info": { "author": "Threema GmbH", "author_email": "github@threema.ch", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Framework :: Bottle", "Intended Audience :: Developers", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Operating System :: POSIX", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3 :: Only", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "OCSP Responder\n==============\n\n.. image:: https://img.shields.io/travis/threema-ch/ocspresponder/master.svg?maxAge=2592000\n :target: https://travis-ci.org/threema-ch/ocspresponder\n :alt: Build status\n\n.. image:: https://img.shields.io/pypi/v/nine.svg?maxAge=2592000\n :target: https://pypi.python.org/pypi/ocspresponder\n :alt: PyPI Version\n\n.. image:: https://img.shields.io/pypi/dm/ocspresponder.svg?maxAge=2592000\n :target: https://pypi.python.org/pypi/ocspresponder\n :alt: PyPI Downloads\n\n.. image:: https://img.shields.io/pypi/l/ocspresponder.svg?maxAge=2592000\n :target: https://pypi.python.org/pypi/ocspresponder\n :alt: License\n\n.. image:: https://img.shields.io/pypi/pyversions/ocspresponder.svg?maxAge=2592000\n :target: https://pypi.python.org/pypi/ocspresponder\n :alt: Python Versions\n\n.. image:: https://img.shields.io/pypi/status/ocspresponder.svg?maxAge=2592000\n :target: https://pypi.python.org/pypi/ocspresponder\n :alt: Stability Status\n\nRFC 6960 compliant OCSP Responder framework written in Python 3.5+.\n\nIt is based on the ocspbuilder_ and asn1crypto_ libraries. The HTTP\nserver is implemented using Bottle_.\n\nCurrent status: Alpha. Don't use for production yet.\n\n\nFeatures\n--------\n\n**Goals**\n\n- Simple: Don't overwhelm the user with a gazillion options.\n- Flexible: Configurable using Python code.\n\n**Supported extensions**\n\n- Nonce (RFC 6960 Section 4.4.1)\n\n**Not (yet) implemented**\n\n- Multiple certificates per request / response\n\n\nUsage\n-----\n\nRight now, ``ocspresponder`` assumes the usage of a custom keypair just for\nsigning OCSP responses.\n\nTo be able to instantiate the ``OCSPResponder`` server, you need to provide\nthis keypair as well as the certificate of the issueing CA.\n\n.. code-block:: python\n\n ISSUER_CERT = 'path/to/issuer_cert.pem'\n OCSP_CERT = 'path/to/responder_cert.pem'\n OCSP_KEY = 'path/to/responder_key.pem'\n\nFurthermore you need to provide two custom functions:\n\n- A function that \u2013 given a certificate serial \u2013 will return the appropriate\n ``CertificateStatus`` and - depending on the status - a revocation\n datetime.\n- A function that \u2013 given a certificate serial \u2013 will return the corresponding\n certificate as a string.\n\nYou're expected to implement these functions yourself. In the future, drop-in\nlibraries for typical use cases could be provided.\n\nExample implementations:\n\n.. code-block:: python\n\n from ocspresponder import OCSPResponder, CertificateStatus\n \n def validate(serial: int) -> (CertificateStatus, Optional[datetime]):\n if certificate_is_valid(serial):\n return (CertificateStatus.good, None)\n elif certificate_is_expired(serial):\n expired_at = get_expiration_date(serial)\n return (CertificateStatus.revoked, expired_at)\n elif certificate_is_revoked(serial):\n revoked_at = get_revocation_date(serial)\n return (CertificateStatus.revoked, revoked_at)\n else:\n return (CertificateStatus.unknown, None)\n \n def get_cert(serial: int) -> str:\n \"\"\"\n Assume the certificates are stored in the ``certs`` directory with the\n serial as base filename.\n \"\"\"\n with open('certs/%s.cert.pem' % serial, 'r') as f:\n return f.read().strip()\n\nIf an exception occurs in either of the two functions, an OCSP response with\nthe ``response_status`` set to ``internal_error`` will be returned.\n\nNow you can instantiate the ``OCSPResponder`` and launch the development server:\n\n.. code-block:: python\n\n print('Initializing OCSP responder')\n app = OCSPResponder(\n ISSUER_CERT, OCSP_CERT, OCSP_KEY,\n validate_func=validate,\n cert_retrieve_func=get_cert,\n )\n print('Starting OCSP responder')\n app.serve(port=8080, debug=True)\n\n\nType hints\n----------\n\nThis library uses the optional type hints as defined in PEP484_. The ``typing``\nmodule is only provided in Python 3.5+, but older versions of Python could run\nthe code as well if the ``typing`` module is installed from PyPI.\n\n\nTesting\n-------\n\nTo run the test, install ``requirements-dev.txt`` using pip and run pytest::\n\n py.test -v\n\n\nRelease process\n---------------\n\nUpdate version number in ``setup.py`` and ``CHANGELOG.md``::\n\n vim -p setup.py CHANGELOG.md\n\nDo a commit and signed tag of the release::\n\n export VERSION={VERSION}\n git add setup.py CHANGELOG.md\n git commit -m \"Release v${VERSION}\"\n git tag -u C75D77C8 -m \"Release v${VERSION}\" v${VERSION}\n\nBuild source and binary distributions::\n\n python3 setup.py sdist\n python3 setup.py bdist_wheel\n\nSign files::\n\n gpg --detach-sign -u C75D77C8 -a dist/ocspresponder-${VERSION}.tar.gz\n gpg --detach-sign -u C75D77C8 -a dist/ocspresponder-${VERSION}-py3-none-any.whl\n\nRegister package on PyPI::\n\n twine3 register -r pypi-threema dist/ocspresponder-${VERSION}.tar.gz\n\nUpload package::\n\n twine3 upload -r pypi-threema dist/ocspresponder-${VERSION}*\n git push\n git push --tags\n\n\nLicense\n-------\n\n::\n\n Copyright 2016 Threema GmbH\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n\n.. _ocspbuilder: https://github.com/wbond/ocspbuilder\n.. _asn1crypto: https://github.com/wbond/asn1crypto\n.. _Bottle: http://bottlepy.org/docs/dev/index.html\n.. _PEP484: https://www.python.org/dev/peps/pep-0484/", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/threema-ch/ocspresponder/", "keywords": "ocsp responder server ssl tls pki", "license": "Apache Software License", "maintainer": "", "maintainer_email": "", "name": "ocspresponder", "package_url": "https://pypi.org/project/ocspresponder/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/ocspresponder/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/threema-ch/ocspresponder/" }, "release_url": "https://pypi.org/project/ocspresponder/0.5.0/", "requires_dist": null, "requires_python": "", "summary": "RFC 6960 compliant OCSP Responder framework written in Python 3.5+.", "version": "0.5.0" }, "last_serial": 2094507, "releases": { "0.5.0": [ { "comment_text": "", "digests": { "md5": "edd085f37b0b4d8ca6f88f83d621693c", "sha256": "689950b51b771af968f9e9bab7301eab93227d01f43c6284643363980cebc8c0" }, "downloads": -1, "filename": "ocspresponder-0.5.0-py3-none-any.whl", "has_sig": true, "md5_digest": "edd085f37b0b4d8ca6f88f83d621693c", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9310, "upload_time": "2016-05-02T09:15:44", "url": "https://files.pythonhosted.org/packages/d1/e8/5b029b94d7e9674e102d7b526ab1ea0d36e10fd1308af4091431bc4e65b0/ocspresponder-0.5.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7caf9ce92a8eb249fb167ed3ed537a1a", "sha256": "b913e0a832368c26c3c5f292d673b9bca798f247a0a8ecbfe4dc8cfb78c492da" }, "downloads": -1, "filename": "ocspresponder-0.5.0.tar.gz", "has_sig": true, "md5_digest": "7caf9ce92a8eb249fb167ed3ed537a1a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5753, "upload_time": "2016-05-02T09:15:52", "url": "https://files.pythonhosted.org/packages/65/47/208f5e94a36a15400b39728636b38e9296868e89b25e30758e3c19f30adc/ocspresponder-0.5.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "edd085f37b0b4d8ca6f88f83d621693c", "sha256": "689950b51b771af968f9e9bab7301eab93227d01f43c6284643363980cebc8c0" }, "downloads": -1, "filename": "ocspresponder-0.5.0-py3-none-any.whl", "has_sig": true, "md5_digest": "edd085f37b0b4d8ca6f88f83d621693c", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9310, "upload_time": "2016-05-02T09:15:44", "url": "https://files.pythonhosted.org/packages/d1/e8/5b029b94d7e9674e102d7b526ab1ea0d36e10fd1308af4091431bc4e65b0/ocspresponder-0.5.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7caf9ce92a8eb249fb167ed3ed537a1a", "sha256": "b913e0a832368c26c3c5f292d673b9bca798f247a0a8ecbfe4dc8cfb78c492da" }, "downloads": -1, "filename": "ocspresponder-0.5.0.tar.gz", "has_sig": true, "md5_digest": "7caf9ce92a8eb249fb167ed3ed537a1a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5753, "upload_time": "2016-05-02T09:15:52", "url": "https://files.pythonhosted.org/packages/65/47/208f5e94a36a15400b39728636b38e9296868e89b25e30758e3c19f30adc/ocspresponder-0.5.0.tar.gz" } ] }