Skip to main content

X.509 certificate verification service for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_x509verify Discord

Swarmauri Certs X509 Verify

An asynchronous X.509 certificate verification and parsing service implementing CertServiceBase for the Swarmauri ecosystem. The X509VerifyService works with PEM or DER encoded certificates to surface metadata and perform lightweight trust checks suitable for development and integration testing.

Features

  • Async-first interface exposing verify_cert and parse_cert coroutines.
  • Accepts PEM or DER encoded certificates without additional tooling.
  • parse_cert extracts the serial number, issuer, subject, validity window, signature algorithm, Subject Alternative Names (SAN) and Extended Key Usage (EKU) values.
  • verify_cert performs a timestamp check and one-hop signature validation against provided trust roots or intermediates.
  • Designed for basic validation flows ? revocation checking and complex path building are intentionally out of scope and reported as revocation_checked=False in the response.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_certs_x509verify
poetry add swarmauri_certs_x509verify
uv pip install swarmauri_certs_x509verify

Quick start

The example below issues an in-memory self-signed certificate, parses its metadata and verifies the certificate against itself as a trust root. Both coroutines are executed with asyncio.run for convenience in scripts and documentation. The resulting dictionary mirrors the values returned by the service at runtime.

# README example: verify and parse a development certificate
import asyncio
from datetime import datetime, timedelta, timezone
from typing import Any

from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID

from swarmauri_certs_x509verify import X509VerifyService


def issue_dev_certificate() -> bytes:
    private_key = ec.generate_private_key(ec.SECP256R1())
    subject = issuer = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, "example.test")])
    now = datetime.now(timezone.utc)

    certificate = (
        x509.CertificateBuilder()
        .subject_name(subject)
        .issuer_name(issuer)
        .public_key(private_key.public_key())
        .serial_number(x509.random_serial_number())
        .not_valid_before(now - timedelta(minutes=1))
        .not_valid_after(now + timedelta(days=1))
        .add_extension(
            x509.SubjectAlternativeName([x509.DNSName("example.test")]),
            critical=False,
        )
        .add_extension(
            x509.ExtendedKeyUsage([ExtendedKeyUsageOID.SERVER_AUTH]),
            critical=False,
        )
        .sign(private_key=private_key, algorithm=hashes.SHA256())
    )

    return certificate.public_bytes(serialization.Encoding.PEM)


async def main() -> dict[str, dict[str, Any]]:
    certificate_pem = issue_dev_certificate()
    service = X509VerifyService()

    parsed = await service.parse_cert(certificate_pem)
    verification = await service.verify_cert(certificate_pem, trust_roots=[certificate_pem])

    return {"parsed": parsed, "verification": verification}


example_result = asyncio.run(main())
print(example_result["parsed"]["subject"])
print(example_result["verification"]["valid"])

example_result["verification"]["valid"] resolves to True when the certificate is valid for the supplied timestamp. If the time window fails or no matching trust root is provided, the service returns valid=False and the reason field is set to "invalid_chain_or_time".

Entry Point

The service registers under the swarmauri.certs entry point as X509VerifyService and under peagen.plugins.certs as x509verify.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_x509verify-0.11.0.dev2.tar.gz (9.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_certs_x509verify-0.11.0.dev2.tar.gz.

File metadata

  • Download URL: swarmauri_certs_x509verify-0.11.0.dev2.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_x509verify-0.11.0.dev2.tar.gz
Algorithm Hash digest
SHA256 283091f2438a15cb32b66c148a131ec72989c9fc88e47c28e144b4c8da49af38
MD5 36e5da27b419daedc9abb62a0d8e39cf
BLAKE2b-256 a3c3f4ec798ad490b80496d1a3acf20b3937176be4045c757771c70a4ff69429

See more details on using hashes here.

File details

Details for the file swarmauri_certs_x509verify-0.11.0.dev2-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_x509verify-0.11.0.dev2-py3-none-any.whl
  • Upload date:
  • Size: 10.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_x509verify-0.11.0.dev2-py3-none-any.whl
Algorithm Hash digest
SHA256 87bb2702be9c3ca656db5951766db55785cb030dab97bd751070bbf7775e31be
MD5 9011d81d16a60efeac7aa6bf2b18a88e
BLAKE2b-256 16fd120f53fc5b22f9bf38e2e5af547ae0a5ac06e781dd290ed4742ecb3bb9af

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page