Certificate generator for GridAppSD and IEEE 2030.5 devices
Project description
GridAPPSD Certificate Store
A flexible and secure X.509 certificate generator and store for IEEE 2030.5 smart grid devices, IoT applications, and general TLS/HTTPS requirements.
Features
- Complete Certificate Generation: Create CAs, device certificates, and self-signed certificates
- IEEE 2030.5 Support: Designed with IEEE 2030.5-2018 standard in mind for smart grid communications
- Certificate Store: Persistent storage and retrieval of certificates with lookup capabilities
- Device Identity: LFDI/SFDI calculation and extraction for IEEE 2030.5 device identification
- Access Control: Client registry with granular access control for secure device communications
- Multiple Key Types: Support for both RSA and Elliptic Curve cryptography
- Flexible Subject Alternative Names: Create certificates with URIs, DNS names, IP addresses, or email addresses
- TLS 1.2+ Compliance: Generate certificates that meet security requirements for modern TLS
- Certificate Persistence: Easily save and load certificates and private keys
- Web Server Certificates: Specialized method for generating HTTPS server certificates
Installation
# Install from PyPI
pip install gridappsd-certificate-store
# Or with Poetry
poetry add gridappsd-certificate-store
Quick Start
Certificate Generation
from gridappsd_certs import DeviceCertificateGenerator
# Initialize the generator
cert_gen = DeviceCertificateGenerator(key_type='rsa', key_size=2048)
# Create a CA certificate
ca_attrs = {
'common_name': 'GridAPPSD Root CA',
'organization': 'GridAPPSD',
'country': 'US',
'organizational_unit': 'Security'
}
ca_cert, ca_key = cert_gen.create_ca_certificate(ca_attrs, valid_days=3652)
# Create a device certificate for IEEE 2030.5
device_attrs = {
'common_name': 'Smart Meter 101',
'organization': 'GridAPPSD',
'country': 'US',
'organizational_unit': 'Smart Meters',
'serial_number': 'SM101-12345'
}
device_cert, device_key = cert_gen.create_device_certificate(
device_attrs,
ca_cert,
ca_key,
device_id="11111111-2222-3333-4444-555555555555"
)
# Save certificates and keys
cert_gen.save_certificate(ca_cert, 'ca_cert.pem')
cert_gen.save_private_key(ca_key, 'ca_key.pem', password='secure-password')
cert_gen.save_certificate(device_cert, 'device_cert.pem')
cert_gen.save_private_key(device_key, 'device_key.pem')
Certificate Store
from gridappsd_certs import (
CertificateStore,
calculate_lfdi_from_certificate,
calculate_sfdi_from_lfdi
)
# Create a certificate store with persistent storage
store = CertificateStore(storage_path="/path/to/cert/store")
# Add certificates to the store
ca_fingerprint = store.add_certificate(ca_cert, ca_key, alias="Root CA")
device_fingerprint = store.add_certificate(device_cert, device_key, alias="Device 101")
# Look up certificates by various attributes
cert_by_fingerprint = store.get_certificate_by_fingerprint(device_fingerprint)
certs_by_common_name = store.get_certificate_by_common_name("Smart Meter 101")
# Get IEEE 2030.5 identifiers
lfdi = calculate_lfdi_from_certificate(device_cert)
sfdi = calculate_sfdi_from_lfdi(lfdi)
print(f"Device LFDI: {lfdi}")
print(f"Device SFDI: {sfdi}")
# Get private key for a certificate
device_key = store.get_private_key(device_fingerprint)
Client Registry with Access Control
from gridappsd_certs import (
ClientRegistry,
ClientProfile,
AccessControl,
extract_identity_from_certificate
)
# Create a certificate store and registry
cert_store = CertificateStore(storage_path="/path/to/certs")
registry = ClientRegistry(cert_store=cert_store)
# Create access control rules
acl = AccessControl()
acl.add_rule("/dcap", "GET", allow=True) # Allow access to device capability
acl.add_rule("/edev/*", "GET", allow=True) # Allow read access to end devices
acl.add_rule("/drp/*", "*", allow=True) # Allow all methods on demand response
# Create a client profile
client_profile = ClientProfile(
client_id="device-101",
acl=acl
)
# Add client to registry with its certificate
registry.add_client("device-101", certificate=device_cert, profile=client_profile)
# Later, authenticate a client with its certificate
client = registry.get_client_by_certificate(device_cert)
if client:
# Check if client can access a resource
if client.can_access("/drp/1/dre", "GET"):
print("Access granted to demand response events")
else:
print("Access denied")
# Save registry for persistence
registry.save("/path/to/registry.json")
IEEE 2030.5 Integration
The library is designed with IEEE 2030.5-2018 standard in mind, which requires:
- TLS 1.2 with AES-CCM mode of operation
- X.509 certificates for mutual authentication
- Device identification via LFDI/SFDI and UUID in Subject Alternative Name
# Extract IEEE 2030.5 device information from certificate
from gridappsd_certs import extract_device_information_from_certificate
device_info = extract_device_information_from_certificate(device_cert)
print(f"LFDI: {device_info['lfdi']}")
print(f"SFDI: {device_info['sfdi']}")
print(f"Device ID: {device_info['device_id']}")
Certificate Validation
from gridappsd_certs import CertificateValidator
# Create validator with trusted CA certificates
validator = CertificateValidator(trust_store=[ca_cert])
# Validate a device certificate
result = validator.validate(device_cert)
if result.valid:
print("Certificate is valid")
else:
print(f"Certificate validation failed: {', '.join(result.errors)}")
Certificate Attributes
The following attributes can be included in certificate subject information:
| Dictionary Key | Description |
|---|---|
common_name |
The common name (CN) for the certificate |
country |
Two-letter country code (e.g., 'US') |
state |
State or province name |
locality |
City or locality name |
organization |
Organization name |
organizational_unit |
Department or unit within organization |
email |
Email address |
serial_number |
Serial number (useful for device identification) |
Development
# Clone the repository
git clone https://github.com/GRIDAPPSD/gridappsd-certificate-store.git
cd gridappsd-certificate-store
# Install dependencies with Poetry
poetry install
# Run tests
poetry run pytest
# Run tests with coverage
poetry run pytest --cov=gridappsd_certs
# Format code
poetry run black gridappsd_certs
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gridappsd_certificate_store-0.3.0.tar.gz.
File metadata
- Download URL: gridappsd_certificate_store-0.3.0.tar.gz
- Upload date:
- Size: 18.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb616c55c8be9a2b600a9e6e8ab15003a6105fbd5c3c9431b73af061f51c23a6
|
|
| MD5 |
3282945070a6b625f8263576d33e3346
|
|
| BLAKE2b-256 |
2e712fe25c5dd2d17d484e7d1b91ef6c6373f9e5021a91cb7896e1af19e5356f
|
Provenance
The following attestation bundles were made for gridappsd_certificate_store-0.3.0.tar.gz:
Publisher:
publish-to-pypi.yml on GRIDAPPSD/gridappsd-certificate-store
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gridappsd_certificate_store-0.3.0.tar.gz -
Subject digest:
eb616c55c8be9a2b600a9e6e8ab15003a6105fbd5c3c9431b73af061f51c23a6 - Sigstore transparency entry: 214287240
- Sigstore integration time:
-
Permalink:
GRIDAPPSD/gridappsd-certificate-store@5700bdaa89af0db9fa842affcc01529c60415aea -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/GRIDAPPSD
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-to-pypi.yml@5700bdaa89af0db9fa842affcc01529c60415aea -
Trigger Event:
release
-
Statement type:
File details
Details for the file gridappsd_certificate_store-0.3.0-py3-none-any.whl.
File metadata
- Download URL: gridappsd_certificate_store-0.3.0-py3-none-any.whl
- Upload date:
- Size: 21.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b56a2453606bba8876dff94791085286e103153bff5a13857ab5e349bcb3c578
|
|
| MD5 |
9f1e246a093414417b96a893a6a4f7f2
|
|
| BLAKE2b-256 |
06806f52d0cc1fc1233fcb1da517a4696d0dd0ce91deec37fe44f93f92ee4960
|
Provenance
The following attestation bundles were made for gridappsd_certificate_store-0.3.0-py3-none-any.whl:
Publisher:
publish-to-pypi.yml on GRIDAPPSD/gridappsd-certificate-store
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gridappsd_certificate_store-0.3.0-py3-none-any.whl -
Subject digest:
b56a2453606bba8876dff94791085286e103153bff5a13857ab5e349bcb3c578 - Sigstore transparency entry: 214287245
- Sigstore integration time:
-
Permalink:
GRIDAPPSD/gridappsd-certificate-store@5700bdaa89af0db9fa842affcc01529c60415aea -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/GRIDAPPSD
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-to-pypi.yml@5700bdaa89af0db9fa842affcc01529c60415aea -
Trigger Event:
release
-
Statement type:
