Skip to main content

OCSP certificate verification service for Swarmauri.

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_ocspverify


swarmauri_certs_ocspverify

OCSP-based certificate verification service for the Swarmauri SDK.

This package provides an implementation of an ICertService that checks certificate revocation status using the Online Certificate Status Protocol (OCSP) defined in RFC 6960 while remaining compatible with X.509 certificate guidelines from RFC 5280.

Features

  • Parse PEM certificates to extract subject, issuer and OCSP responder URLs.
  • Verify certificate status via OCSP responders advertised in the certificate's Authority Information Access extension.

Prerequisites

  • Python 3.10 or newer.
  • Leaf certificate PEM to inspect and validate.
  • Issuer (intermediate) certificate PEM required to build the OCSP request.
  • Network access to the OCSP responder URLs exposed in the certificate's Authority Information Access extension.
  • Optional: trust root bundle if performing additional validation on issuer metadata alongside OCSP results.

Installation

# pip
pip install swarmauri_certs_ocspverify

# poetry
poetry add swarmauri_certs_ocspverify

# uv (pyproject-based projects)
uv add swarmauri_certs_ocspverify

Usage

Perform an OCSP status check for a leaf certificate using its issuer certificate:

import asyncio
from pathlib import Path

from swarmauri_certs_ocspverify import OcspVerifyService


async def main() -> None:
    service = OcspVerifyService()

    leaf_cert = Path("leaf.pem").read_bytes()
    issuer_cert = Path("issuer.pem").read_bytes()

    verification = await service.verify_cert(
        cert=leaf_cert,
        intermediates=[issuer_cert],
        check_revocation=True,
    )

    if verification["valid"]:
        print("Certificate status: GOOD")
    else:
        print("Certificate status:", verification["reason"])
    print("Next update:", verification.get("next_update"))


if __name__ == "__main__":
    asyncio.run(main())

Parsing OCSP Metadata

Use parse_cert to confirm which OCSP responder URLs are embedded and to inspect the validity window:

import asyncio
from pathlib import Path

from swarmauri_certs_ocspverify import OcspVerifyService


async def describe() -> None:
    service = OcspVerifyService()
    leaf_cert = Path("leaf.pem").read_bytes()

    metadata = await service.parse_cert(leaf_cert)
    print("Subject:", metadata["subject"])
    print("Issuer:", metadata["issuer"])
    print("OCSP URLs:", metadata.get("ocsp_urls", []))


if __name__ == "__main__":
    asyncio.run(describe())

Best Practices

  • Cache issuer certificates alongside leaf certificates so OCSP requests can be constructed quickly.
  • Respect OCSP responder rate limits; consider backoff and caching GOOD responses until next_update.
  • Combine OCSP checks with CRL fallbacks for authorities that support multiple revocation mechanisms.
  • Log reason and timestamp fields from the verification output to aid in incident response and compliance reporting.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_ocspverify-0.9.2.tar.gz (8.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_ocspverify-0.9.2-py3-none-any.whl (9.3 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_ocspverify-0.9.2.tar.gz.

File metadata

  • Download URL: swarmauri_certs_ocspverify-0.9.2.tar.gz
  • Upload date:
  • Size: 8.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.3 {"installer":{"name":"uv","version":"0.10.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_ocspverify-0.9.2.tar.gz
Algorithm Hash digest
SHA256 67e7e5d7dbd42aa9e78f47ddf5410b4be949271cd0a80545b4ec56dd03e11102
MD5 b4c6e2f14557d191b180029ba3c18a49
BLAKE2b-256 64669c5edf1e1540696d6005f2c4fa6a831f6c833571efee673125e199357353

See more details on using hashes here.

File details

Details for the file swarmauri_certs_ocspverify-0.9.2-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_ocspverify-0.9.2-py3-none-any.whl
  • Upload date:
  • Size: 9.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.3 {"installer":{"name":"uv","version":"0.10.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_ocspverify-0.9.2-py3-none-any.whl
Algorithm Hash digest
SHA256 2cd4bd6d6c23f2cf9935e94226b39140714506f2d6bb1711e248cdd8f2ea84b3
MD5 c47b3b09a5cf8f8737adb6a5d55d13fe
BLAKE2b-256 bbec5403ba9ea9874bdc812729b94c4c9b9be54307f45986227b9b5e15a6d0be

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page