Local CA certificate service for Swarmauri
Project description
Swarmauri Certs Local CA
A local certificate authority implementing the ICertService interface for issuing and verifying X.509 certificates. Useful for development and testing environments where you need to bootstrap a private PKI quickly.
Features
- Generate CSRs with optional subject alternative names and certificate extensions.
- Create self-signed CA certificates with sensible defaults (1-year validity, CA basic constraints).
- Sign CSRs to produce leaf certificates, returning PEM or DER output.
- Perform basic certificate verification that ensures the certificate is currently valid and reports issuer/subject metadata.
- Parse certificates to extract key metadata and extension object identifiers.
Note:
verify_certonly evaluates validity windows; it does not build trust chains or check revocation lists.
Supported algorithms
LocalCaCertService.supports() reports the following capabilities:
- Key algorithms:
RSA-2048,RSA-3072,EC-P256,Ed25519 - Signature algorithms:
RSA-PSS-SHA256,ECDSA-P256-SHA256,Ed25519 - Features: CSR creation, self-signed issuance, CSR signing, verification, and parsing
Installation
Install the package with your preferred Python packaging tool:
pip install swarmauri_certs_local_ca
poetry add swarmauri_certs_local_ca
If you use uv, install it first (for example with pip install uv) and then add the package:
uv pip install swarmauri_certs_local_ca
Usage
Below is a minimal end‑to‑end example that issues and verifies a leaf
certificate signed by a local certificate authority. The helper function
_key creates the KeyRef objects required by the service.
import asyncio
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from swarmauri_certs_local_ca import LocalCaCertService
from swarmauri_core.crypto.types import ExportPolicy, KeyRef, KeyType, KeyUse
def _key(name: str) -> KeyRef:
sk = rsa.generate_private_key(public_exponent=65537, key_size=2048)
pem = sk.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.PKCS8,
serialization.NoEncryption(),
)
return KeyRef(
kid=name,
version=1,
type=KeyType.RSA,
uses=(KeyUse.SIGN,),
export_policy=ExportPolicy.SECRET_WHEN_ALLOWED,
material=pem,
)
async def main() -> None:
svc = LocalCaCertService()
ca_key = _key("ca")
leaf_key = _key("leaf")
# Create a certificate signing request for the leaf key.
csr = await svc.create_csr(leaf_key, {"CN": "leaf"})
# Sign the CSR with the CA key to produce a leaf certificate.
cert = await svc.sign_cert(csr, ca_key, issuer={"CN": "ca"})
# Verify the newly issued certificate.
result = await svc.verify_cert(cert)
print(result["valid"], result["subject"], result["issuer"])
asyncio.run(main())
verify_cert returns a dictionary containing the validity flag plus the RFC 4514
representations of the subject and issuer. For CA bootstrapping you can call
create_self_signed to generate a root certificate and use parse_cert to
inspect serial numbers, validity windows, and extension object identifiers.
Entry Point
The service registers under the swarmauri.cert_services entry point as LocalCaCertService.
Want to help?
If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_certs_local_ca-0.3.0.dev44.tar.gz.
File metadata
- Download URL: swarmauri_certs_local_ca-0.3.0.dev44.tar.gz
- Upload date:
- Size: 9.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1cca4948f02561470f3ad674f0c305271117bf420bde885ed7eec54af670722c
|
|
| MD5 |
971907fdeb83e1d8e616fb42fd93024a
|
|
| BLAKE2b-256 |
071d92830e4844cb829ac96c7ff0c3905f18f144255189f35bbd857672c19650
|
File details
Details for the file swarmauri_certs_local_ca-0.3.0.dev44-py3-none-any.whl.
File metadata
- Download URL: swarmauri_certs_local_ca-0.3.0.dev44-py3-none-any.whl
- Upload date:
- Size: 10.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
686ac3ea41fd963d1d362f9fc97535632d678db35918b518c5c7014d09c67e91
|
|
| MD5 |
f8cda5d1ad462d2caa6515aacb95d4ba
|
|
| BLAKE2b-256 |
8addfaa77a30758dfad7e5ee1a00fe10c3801528b116d614e4903409b042a7de
|