OCSP certificate verification service for Swarmauri.
Project description
swarmauri_certs_ocspverify
OCSP-based certificate verification service for the Swarmauri SDK.
This package provides an implementation of an ICertService that checks
certificate revocation status using the Online Certificate Status Protocol
(OCSP) defined in RFC 6960 while
remaining compatible with X.509 certificate guidelines from
RFC 5280.
Features
- Parse PEM certificates to extract subject, issuer and OCSP responder URLs.
- Verify certificate status via OCSP responders advertised in the certificate's Authority Information Access extension.
Prerequisites
- Python 3.10 or newer.
- Leaf certificate PEM to inspect and validate.
- Issuer (intermediate) certificate PEM required to build the OCSP request.
- Network access to the OCSP responder URLs exposed in the certificate's Authority Information Access extension.
- Optional: trust root bundle if performing additional validation on issuer metadata alongside OCSP results.
Installation
# pip
pip install swarmauri_certs_ocspverify
# poetry
poetry add swarmauri_certs_ocspverify
# uv (pyproject-based projects)
uv add swarmauri_certs_ocspverify
Usage
Perform an OCSP status check for a leaf certificate using its issuer certificate:
import asyncio
from pathlib import Path
from swarmauri_certs_ocspverify import OcspVerifyService
async def main() -> None:
service = OcspVerifyService()
leaf_cert = Path("leaf.pem").read_bytes()
issuer_cert = Path("issuer.pem").read_bytes()
verification = await service.verify_cert(
cert=leaf_cert,
intermediates=[issuer_cert],
check_revocation=True,
)
if verification["valid"]:
print("Certificate status: GOOD")
else:
print("Certificate status:", verification["reason"])
print("Next update:", verification.get("next_update"))
if __name__ == "__main__":
asyncio.run(main())
Parsing OCSP Metadata
Use parse_cert to confirm which OCSP responder URLs are embedded and to inspect the validity window:
import asyncio
from pathlib import Path
from swarmauri_certs_ocspverify import OcspVerifyService
async def describe() -> None:
service = OcspVerifyService()
leaf_cert = Path("leaf.pem").read_bytes()
metadata = await service.parse_cert(leaf_cert)
print("Subject:", metadata["subject"])
print("Issuer:", metadata["issuer"])
print("OCSP URLs:", metadata.get("ocsp_urls", []))
if __name__ == "__main__":
asyncio.run(describe())
Best Practices
- Cache issuer certificates alongside leaf certificates so OCSP requests can be constructed quickly.
- Respect OCSP responder rate limits; consider backoff and caching GOOD responses until
next_update. - Combine OCSP checks with CRL fallbacks for authorities that support multiple revocation mechanisms.
- Log
reasonand timestamp fields from the verification output to aid in incident response and compliance reporting.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_certs_ocspverify-0.9.3.dev19.tar.gz.
File metadata
- Download URL: swarmauri_certs_ocspverify-0.9.3.dev19.tar.gz
- Upload date:
- Size: 8.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f2ba893c1649f77b9b15144a81f33331a41d660792492046c7dd8778347aa8d
|
|
| MD5 |
b75989913fe8014af4a1de13d6ba4a0f
|
|
| BLAKE2b-256 |
681f2c23e805a1161ffd4703413373f8e9c94673f1dc7fcde67fcc7df1db6c39
|
File details
Details for the file swarmauri_certs_ocspverify-0.9.3.dev19-py3-none-any.whl.
File metadata
- Download URL: swarmauri_certs_ocspverify-0.9.3.dev19-py3-none-any.whl
- Upload date:
- Size: 9.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
36be71ad5460eada4b674138c5f9015a43f81c444b974d35961fb3479953152a
|
|
| MD5 |
725bb974f46c5b6684a9dd9129fb4d58
|
|
| BLAKE2b-256 |
20ff486fca7de8c6eef24a1d2f305efe2f6d4cd158bd003ef903f9496d95d97a
|