Skip to main content

Local CA certificate service for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_local_ca


Swarmauri Certs Local CA

A local certificate authority implementing the ICertService interface for issuing and verifying X.509 certificates. Useful for development and testing environments where you need to bootstrap a private PKI quickly.

Features

  • Generate CSRs with optional subject alternative names and certificate extensions.
  • Create self-signed CA certificates with sensible defaults (1-year validity, CA basic constraints).
  • Sign CSRs to produce leaf certificates, returning PEM or DER output.
  • Perform basic certificate verification that ensures the certificate is currently valid and reports issuer/subject metadata.
  • Parse certificates to extract key metadata and extension object identifiers.

Note: verify_cert only evaluates validity windows; it does not build trust chains or check revocation lists.

Supported algorithms

LocalCaCertService.supports() reports the following capabilities:

  • Key algorithms: RSA-2048, RSA-3072, EC-P256, Ed25519
  • Signature algorithms: RSA-PSS-SHA256, ECDSA-P256-SHA256, Ed25519
  • Features: CSR creation, self-signed issuance, CSR signing, verification, and parsing

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_certs_local_ca
poetry add swarmauri_certs_local_ca

If you use uv, install it first (for example with pip install uv) and then add the package:

uv pip install swarmauri_certs_local_ca

Usage

Below is a minimal end‑to‑end example that issues and verifies a leaf certificate signed by a local certificate authority. The helper function _key creates the KeyRef objects required by the service.

import asyncio
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa

from swarmauri_certs_local_ca import LocalCaCertService
from swarmauri_core.crypto.types import ExportPolicy, KeyRef, KeyType, KeyUse


def _key(name: str) -> KeyRef:
    sk = rsa.generate_private_key(public_exponent=65537, key_size=2048)
    pem = sk.private_bytes(
        serialization.Encoding.PEM,
        serialization.PrivateFormat.PKCS8,
        serialization.NoEncryption(),
    )
    return KeyRef(
        kid=name,
        version=1,
        type=KeyType.RSA,
        uses=(KeyUse.SIGN,),
        export_policy=ExportPolicy.SECRET_WHEN_ALLOWED,
        material=pem,
    )


async def main() -> None:
    svc = LocalCaCertService()
    ca_key = _key("ca")
    leaf_key = _key("leaf")

    # Create a certificate signing request for the leaf key.
    csr = await svc.create_csr(leaf_key, {"CN": "leaf"})

    # Sign the CSR with the CA key to produce a leaf certificate.
    cert = await svc.sign_cert(csr, ca_key, issuer={"CN": "ca"})

    # Verify the newly issued certificate.
    result = await svc.verify_cert(cert)
    print(result["valid"], result["subject"], result["issuer"])


asyncio.run(main())

verify_cert returns a dictionary containing the validity flag plus the RFC 4514 representations of the subject and issuer. For CA bootstrapping you can call create_self_signed to generate a root certificate and use parse_cert to inspect serial numbers, validity windows, and extension object identifiers.

Entry Point

The service registers under the swarmauri.cert_services entry point as LocalCaCertService.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_local_ca-0.3.0.dev44.tar.gz (9.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_local_ca-0.3.0.dev44-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_local_ca-0.3.0.dev44.tar.gz.

File metadata

  • Download URL: swarmauri_certs_local_ca-0.3.0.dev44.tar.gz
  • Upload date:
  • Size: 9.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_local_ca-0.3.0.dev44.tar.gz
Algorithm Hash digest
SHA256 1cca4948f02561470f3ad674f0c305271117bf420bde885ed7eec54af670722c
MD5 971907fdeb83e1d8e616fb42fd93024a
BLAKE2b-256 071d92830e4844cb829ac96c7ff0c3905f18f144255189f35bbd857672c19650

See more details on using hashes here.

File details

Details for the file swarmauri_certs_local_ca-0.3.0.dev44-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_local_ca-0.3.0.dev44-py3-none-any.whl
  • Upload date:
  • Size: 10.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_local_ca-0.3.0.dev44-py3-none-any.whl
Algorithm Hash digest
SHA256 686ac3ea41fd963d1d362f9fc97535632d678db35918b518c5c7014d09c67e91
MD5 f8cda5d1ad462d2caa6515aacb95d4ba
BLAKE2b-256 8addfaa77a30758dfad7e5ee1a00fe10c3801528b116d614e4903409b042a7de

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page