certomancer 0.3.0

PKI testing tool

Certomancer

Quickly construct, mock & deploy PKI test configurations using simple declarative configuration. Includes CRL, OCSP and time stamping service provisioning.

Install with python setup.py install, and see example.yml for an example config file. The CLI comes with a built-in help function (although it isn't very helpful at this stage).

Quick start

$ pip install 'certomancer[web-api,pkcs12]' 
$ certomancer --config example.yml animate

This will run the Certomancer Animator WSGI app on your local machine, behind a development web server. Point your browser to http://localhost:9000 and take a look around.

Features

• Declarative, YAML-based configuration.
• Minimal input validation, so you can generate deliberately broken certificates if you need to.
• requests-mock integration.
• Ultra-lightweight WSGI application to serve CRLs, OCSP responses, timestamps and more. This component requires Werkzeug, and optionally Jinja2 for the index view. There are no external dependencies.
• Plugin framework to support arbitrary certificate / CRL extensions and additional services. These plugins are compatible with the WSGI and requests-mock integrations without additional configuration.
• For particularly complicated scenarios where the plugin API or existing integrations aren't sufficient, it is very easy to use Certomancer as a library, or wrap it as a component of some other WSGI application.
• With pyca/cryptography installed, Certomancer can also output PKCS#12 files if your tests require those.

Non-features

This is a testing tool for developers that write software to interface with public-key infrastructure. It is NOT intended to be used to manage production PKI deployments. Certomancer is very much garbage-in garbage-out, and happily ignores validation & security best practices in favour of allowing you to abuse your codebase in the worst possible ways. Consider yourself warned.

Documentation

• Configuration
• CLI commands
• Plugin API