Skip to main content

Local CA certificate service for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_local_ca Discord

Swarmauri Certs Local CA

A local certificate authority implementing the ICertService interface for issuing and verifying X.509 certificates. Useful for development and testing environments where you need to bootstrap a private PKI quickly.

Features

  • Generate CSRs with optional subject alternative names and certificate extensions.
  • Create self-signed CA certificates with sensible defaults (1-year validity, CA basic constraints).
  • Sign CSRs to produce leaf certificates, returning PEM or DER output.
  • Perform basic certificate verification that ensures the certificate is currently valid and reports issuer/subject metadata.
  • Parse certificates to extract key metadata and extension object identifiers.

Note: verify_cert only evaluates validity windows; it does not build trust chains or check revocation lists.

Supported algorithms

LocalCaCertService.supports() reports the following capabilities:

  • Key algorithms: RSA-2048, RSA-3072, EC-P256, Ed25519
  • Signature algorithms: RSA-PSS-SHA256, ECDSA-P256-SHA256, Ed25519
  • Features: CSR creation, self-signed issuance, CSR signing, verification, and parsing

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_certs_local_ca
poetry add swarmauri_certs_local_ca

If you use uv, install it first (for example with pip install uv) and then add the package:

uv pip install swarmauri_certs_local_ca

Usage

Below is a minimal end-to-end example that issues and verifies a leaf certificate signed by a local certificate authority. The helper function _key creates the KeyRef objects required by the service.

import asyncio
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa

from swarmauri_certs_local_ca import LocalCaCertService
from swarmauri_core.crypto.types import ExportPolicy, KeyRef, KeyType, KeyUse


def _key(name: str) -> KeyRef:
    sk = rsa.generate_private_key(public_exponent=65537, key_size=2048)
    pem = sk.private_bytes(
        serialization.Encoding.PEM,
        serialization.PrivateFormat.PKCS8,
        serialization.NoEncryption(),
    )
    return KeyRef(
        kid=name,
        version=1,
        type=KeyType.RSA,
        uses=(KeyUse.SIGN,),
        export_policy=ExportPolicy.SECRET_WHEN_ALLOWED,
        material=pem,
    )


async def main() -> None:
    svc = LocalCaCertService()
    ca_key = _key("ca")
    leaf_key = _key("leaf")

    # Create a certificate signing request for the leaf key.
    csr = await svc.create_csr(leaf_key, {"CN": "leaf"})

    # Sign the CSR with the CA key to produce a leaf certificate.
    cert = await svc.sign_cert(csr, ca_key, issuer={"CN": "ca"})

    # Verify the newly issued certificate.
    result = await svc.verify_cert(cert)
    print(result["valid"], result["subject"], result["issuer"])


asyncio.run(main())

verify_cert returns a dictionary containing the validity flag plus the RFC 4514 representations of the subject and issuer. For CA bootstrapping you can call create_self_signed to generate a root certificate and use parse_cert to inspect serial numbers, validity windows, and extension object identifiers.

Entry Point

The service registers under the swarmauri.cert_services entry point as LocalCaCertService.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_local_ca-0.11.0.dev1.tar.gz (9.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_local_ca-0.11.0.dev1-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_local_ca-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_certs_local_ca-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 9.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_local_ca-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 6bc8edeff75c298a4ce1c566785ddf86f343e78f3cf51999a55fae4df511998d
MD5 16b5939b3aee8c844d7ff6f496466793
BLAKE2b-256 c6dc494f45391dc2b7ab62060ed3c52159d7cf99c74816116cae7e16a427c812

See more details on using hashes here.

File details

Details for the file swarmauri_certs_local_ca-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_local_ca-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 10.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_local_ca-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 61a446933fccdf842b1803ca3c8e7a95ac515213f1c4c20289287a22c3b9dbe1
MD5 4491359b5b86b4b284d9d9f7f438c433
BLAKE2b-256 2f28dc9675ee92fd640e4b3973eab1f50b865d478bedb73fd63f4a326b3c3dce

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page