Merge pull request #647 from FestiveKyle/handle-ocsp-json-validation

Handle errors in OCSPResponse json validation

sslyze/plugins/certificate_info/json_output.py

@@ -9,7 +9,7 @@
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
 from cryptography.hazmat.primitives.serialization import Encoding
-from cryptography.x509 import NameAttribute, ObjectIdentifier, Name, Certificate
+from cryptography.x509 import NameAttribute, ObjectIdentifier, Name, Certificate, ocsp
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
 
 from sslyze import (
@@ -213,6 +213,30 @@ class _OcspResponseAsJson(BaseModelWithOrmMode):
 
     serial_number: Optional[int]
 
+    @model_validator(mode="before")
+    @classmethod
+    def _handle_object(cls, ocsp_response: ocsp.OCSPResponse) -> Any:
+        response_status = ocsp_response.response_status.name
+        if ocsp_response.response_status != ocsp.OCSPResponseStatus.SUCCESSFUL:
+            return dict(
+                response_status=response_status,
+                certificate_status=None,
+                revocation_time=None,
+                produced_at=None,
+                this_update=None,
+                next_update=None,
+                serial_number=None,
+            )
+        return dict(
+            response_status=ocsp_response.response_status,
+            certificate_status=ocsp_response.certificate_status,
+            revocation_time=ocsp_response.revocation_time,
+            produced_at=ocsp_response.produced_at,
+            this_update=ocsp_response.this_update,
+            next_update=ocsp_response.next_update,
+            serial_number=ocsp_response.serial_number,
+        )
+
 
 class _TrustStoreAsJson(BaseModelWithOrmMode):
     path: Path