Skip to main content

PKI tools for e.g. checking certificate CRL/OCSP revocation

Project description

Python Badge

PKI tools exposes a high level cryptography API and wrappers for e.g.:

  • Loading certificates from PEM strings/files/cryptography object into a pydantic model including all x509 v3 extensions
  • Checking revocation of certificates using OCSP with CRL fallback
  • Creating Certs, CSR, CRL easy with pure pydantic objects to e.g. get a PEM file

Docs

Documentation is available at: https://pki-tools.fulder.dev

Quickstart

Install

pip install pki-tools

Usage

Loading from PEM

from pki_tools import Certificate, Chain, CertificateSigningRequest

cert_pem = """
-----BEGIN CERTIFICATE-----
<CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""

issuer_cert_pem = """
-----BEGIN CERTIFICATE-----
<ISSUER_CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""

csr_pem= """
-----BEGIN CERTIFICATE REQUEST-----
<CSR_PEM_BYTES>
-----END CERTIFICATE REQUEST-----
"""


cert = Certificate.from_pem_string(cert_pem)
chain = Chain.from_pem_string(issuer_cert_pem)
csr = CertificateSigningRequest.from_pem_string(csr_pem)

Checking revocation using OCSP with CRL fallback

The following example uses cert and chain from the loading examples above

from pki_tools import is_revoked

if is_revoked(cert, chain):
    print("Certificate Revoked!")

Creating

Self signed certificate
import datetime
from pki_tools import (
    Certificate,
    Name,
    Validity,
    RSAKeyPair,
    SignatureAlgorithm,
    HashAlgorithm,
    HashAlgorithmName,
)

name = Name(cn=["Cert CN"])

cert = Certificate(
    subject=name,
    issuer=name,
    validity=Validity(
        not_before=datetime.datetime.today(),
        not_after=datetime.datetime.today() + datetime.timedelta(days=1),
    ),
)

sha512_alg = SignatureAlgorithm(
    algorithm=HashAlgorithm(name=HashAlgorithmName.SHA512)
)

cert.sign(RSAKeyPair.generate(), sha512_alg)

print(cert.pem_string)

Create CSR

from pki_tools import (
  Name,
  HashAlgorithm,
  HashAlgorithmName,
  CertificateSigningRequest,
  SignatureAlgorithm,
  RSAKeyPair,
)

name = Name(cn=["Cert CN"])

csr = CertificateSigningRequest(subject=name)

sha512_alg = SignatureAlgorithm(
  algorithm=HashAlgorithm(name=HashAlgorithmName.SHA512)
)

csr.sign(RSAKeyPair.generate(), sha512_alg)

print(csr.pem_string)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pki_tools-0.0.32.tar.gz (25.5 kB view hashes)

Uploaded Source

Built Distribution

pki_tools-0.0.32-py3-none-any.whl (33.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page