Utilities that assist with trust relationship checking of X.509 Certificates for various end-user devices with disparate root trust stores.
Project description
tlstrust
Utilities that assist with trust relationship checking of X.509 Certificates for various end-user devices with disparate root trust stores.
Documentation
On the command-line:
tlstrust --help
produces:
usage: tlstrust [-h] [-H HOST] [-p PORT] [-C CLIENT_PEM] [--disable-sni] [-v] [-vv] [-vvv] [-vvvv] [--version] [targets ...]
positional arguments:
targets All unnamed arguments are hosts (and ports) targets to test. ~$ tlstrust apple.com:443 github.io
localhost:3000
options:
-h, --help show this help message and exit
-H HOST, --host HOST single host to check
-p PORT, --port PORT TLS port of host
-C CLIENT_PEM, --client-pem CLIENT_PEM
path to PEM encoded client certificate, url or file path accepted
--disable-sni Do not negotiate SNI using INDA encoded host
-v, --errors-only set logging level to ERROR (default CRITICAL)
-vv, --warning set logging level to WARNING (default CRITICAL)
-vvv, --info set logging level to INFO (default CRITICAL)
-vvvv, --debug set logging level to DEBUG (default CRITICAL)
--version
In your app you can:
import os
from pathlib import Path
from OpenSSL.crypto import FILETYPE_ASN1
from tlstrust import TrustStore
der = Path(os.path.join(os.path.dirname(__file__), "cacert.der")).read_bytes()
trust_store = TrustStore(FILETYPE_ASN1, der)
print(trust_store.check_trust())
Platform specific checking
all_trusted = trust_store.check_trust()
assert all_trusted is True
assert trust_store.android
assert trust_store.linux
assert trust_store.ccadb # Windows, Mozilla, and Apple (from December 1st 2021)
assert trust_store.java
assert trust_store.certifi
Basic usage
Using CCADB for demonstration purposes (includes Apple, Microsoft, and Mozilla)
from tlstrust.context import SOURCE_CCADB
assert trust_store.exists(SOURCE_CCADB)
assert trust_store.expired_in_store(SOURCE_CCADB)
assert trust_store.get_certificate_from_store(SOURCE_CCADB)
assert trust_store.check_trust(SOURCE_CCADB)
Other Platforms
from tlstrust.context import PLATFORM_ANDROID
from tlstrust.context import PLATFORM_JAVA
from tlstrust.context import PLATFORM_LINUX
from tlstrust.context import PLATFORM_APPLE
Apple (before CCADB)
Apple (legacy) Trust Store support exists in earlier versions of tlstrust
, it was removed in version 2.0.0
so installing prior versions will allow you to access this functionality.
Android versions
from tlstrust.context import PLATFORM_ANDROID2_2
from tlstrust.context import PLATFORM_ANDROID2_3
from tlstrust.context import PLATFORM_ANDROID3
from tlstrust.context import PLATFORM_ANDROID4
from tlstrust.context import PLATFORM_ANDROID4_4
from tlstrust.context import PLATFORM_ANDROID7
from tlstrust.context import PLATFORM_ANDROID8
from tlstrust.context import PLATFORM_ANDROID9
from tlstrust.context import PLATFORM_ANDROID10
from tlstrust.context import PLATFORM_ANDROID11
from tlstrust.context import PLATFORM_ANDROID12
Browser Trust Stores
from tlstrust.context import BROWSER_AMAZON_SILK, BROWSER_SAMSUNG_INTERNET_BROWSER, BROWSER_GOOGLE_CHROME, BROWSER_CHROMIUM, BROWSER_FIREFOX, BROWSER_BRAVE, BROWSER_SAFARI, BROWSER_MICROSOFT_EDGE, BROWSER_YANDEX_BROWSER, BROWSER_OPERA, BROWSER_VIVALDI, BROWSER_TOR_BROWSER
assert trust_store.check_trust(BROWSER_AMAZON_SILK)
assert trust_store.check_trust(BROWSER_SAMSUNG_INTERNET_BROWSER)
assert trust_store.check_trust(BROWSER_GOOGLE_CHROME)
assert trust_store.check_trust(BROWSER_CHROMIUM)
assert trust_store.check_trust(BROWSER_FIREFOX)
assert trust_store.check_trust(BROWSER_BRAVE)
assert trust_store.check_trust(BROWSER_SAFARI)
assert trust_store.check_trust(BROWSER_MICROSOFT_EDGE)
assert trust_store.check_trust(BROWSER_YANDEX_BROWSER)
assert trust_store.check_trust(BROWSER_OPERA)
assert trust_store.check_trust(BROWSER_VIVALDI)
assert trust_store.check_trust(BROWSER_TOR_BROWSER)
Programming Language Trust (Microservice architecture and APIs)
Python:
from tlstrust.context import PYTHON_WINDOWS_SERVER, PYTHON_LINUX_SERVER, PYTHON_MACOS_SERVER, PYTHON_CERTIFI, PYTHON_URLLIB, PYTHON_REQUESTS, PYTHON_DJANGO
assert trust_store.check_trust(PYTHON_WINDOWS_SERVER)
assert trust_store.check_trust(PYTHON_LINUX_SERVER)
assert trust_store.check_trust(PYTHON_MACOS_SERVER)
assert trust_store.check_trust(PYTHON_CERTIFI)
assert trust_store.check_trust(PYTHON_URLLIB)
assert trust_store.check_trust(PYTHON_REQUESTS)
assert trust_store.check_trust(PYTHON_DJANGO)
Change Log
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
tlstrust-2.2.1.tar.gz
(4.5 MB
view hashes)
Built Distribution
Close
Hashes for tlstrust-2.2.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b3ddfb83f9b0abc44e5801ca31e0b77e152b7fea20a94aedd12324d8048cddf9 |
|
MD5 | b11e4e06b7b6d79c7430df3b31783763 |
|
BLAKE2b-256 | 4aeea8c5ef2b0e5b5c388b3fe732a711e3a1b9e9fd0fe6abe60565102db49308 |