Skip to main content

PKI testing tool

Project description

Certomancer

logo

status PyPI version Python versions Code style: black

Quickly construct, mock & deploy PKI test configurations using simple declarative configuration. Includes CRL, OCSP and time stamping service provisioning.

Requires Python 3.9 or later.

Quick start

Certomancer is available on PyPI. See example.yml for an example config file.

$ pip install 'certomancer[web-api]'
$ certomancer --config example.yml animate

This will run the Certomancer Animator WSGI app on your local machine, behind a development web server. Point your browser to http://localhost:9000 and take a look around. For more information, see the documentation below.

Installing the development version

To build and install an (unreleased) development version, you can proceed as follows.

$ git clone https://github.com/MatthiasValvekens/certomancer
$ cd certomancer
$ python -m build
$ pip install dist/certomancer*.whl

Demo

There's a demo on asciinema.org, demonstrating some of the core features of Certomancer. See link below.

asciicast

FOSDEM '22 talk

I gave a lightning talk on testing & mocking PKI services in the Testing & Automation devroom at FOSDEM 2022. Certomancer was (of course) featured in the presentation. If you want to learn more, or watch the recording, have a look at the talk page for further info. Slides are included as well.

Features

  • Certomancer's core APIs are stateless: the same request should always return the same result. This property makes it very useful for automated testing.
    • Note that "the same result" does not necessarily mean "byte-for-byte equal". This is because some signing schemes (like ECDSA) involve random nonces. In addition to that, time is also a factor in certain cases (but Certomancer does permit time manipulation).
  • Declarative, YAML-based configuration.
  • Minimal input validation, so you can generate deliberately broken certificates if you need to.
  • requests-mock integration.
  • Attribute certificate support (0.7.0 and up)
  • Ultra-lightweight WSGI application: the Certomancer Animator serves CRLs, OCSP responses, timestamps and more. This component requires Werkzeug, and optionally Jinja2 for the index view. Other than a web server and WSGI application server, there are no application dependencies.
  • Plugin framework to support arbitrary certificate / CRL extensions and additional services. These plugins are compatible with the WSGI and requests-mock integrations without additional configuration.
  • Certomancer is composable: since the Certomancer Animator is a bare-bones WSGI application, you can plug it into whatever web application framework you want with minimal overhead. Hence, for particularly complicated scenarios where the plugin API or existing integrations aren't sufficient, it is very easy to use Certomancer as a library, or wrap it as a component of some other WSGI application.
  • With pyca/cryptography installed, Certomancer can also output PKCS#12 files if your tests require those.
  • With python-pkcs11 installed, Certomancer can write keys and certificates to PKCS#11 tokens as well.

Non-features

Certomancer is a testing tool for developers that write software to interface with public-key infrastructure. It is NOT intended to be used to manage production PKI deployments. Certomancer is very much garbage-in garbage-out, and happily ignores validation & security best practices in favour of allowing you to abuse your codebase in the worst possible ways. Consider yourself warned.

Documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certomancer-0.15.1.tar.gz (293.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

certomancer-0.15.1-py3-none-any.whl (80.7 kB view details)

Uploaded Python 3

File details

Details for the file certomancer-0.15.1.tar.gz.

File metadata

  • Download URL: certomancer-0.15.1.tar.gz
  • Upload date:
  • Size: 293.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for certomancer-0.15.1.tar.gz
Algorithm Hash digest
SHA256 0871b08f21037523bd7fc0f8f8723d2a69fe876b7f70816c1851be7832da38be
MD5 083f416ffa3813ee5f0f157232688b8c
BLAKE2b-256 f08ed2fe034a0dd0acb5b03fc96a4b318074212dd97e67bd1ece33756cbc07fe

See more details on using hashes here.

Provenance

The following attestation bundles were made for certomancer-0.15.1.tar.gz:

Publisher: release.yml on MatthiasValvekens/certomancer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file certomancer-0.15.1-py3-none-any.whl.

File metadata

  • Download URL: certomancer-0.15.1-py3-none-any.whl
  • Upload date:
  • Size: 80.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for certomancer-0.15.1-py3-none-any.whl
Algorithm Hash digest
SHA256 a4c013d4545f752f4314fcd5eb1bd13d4919e919db54473f88a06abfe746b632
MD5 4d4d189bf9e11be94d800842f9fa599e
BLAKE2b-256 40d52f9c278b472a0e10479487800bb13bd316f031798e6f22bcaa28429baec8

See more details on using hashes here.

Provenance

The following attestation bundles were made for certomancer-0.15.1-py3-none-any.whl:

Publisher: release.yml on MatthiasValvekens/certomancer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page