Utilities that assist with trust relationship checking of X.509 Certificates for various end-user devices with disparate root trust stores.
Project description
tlstrust
Utilities that assist with trust relationship checking of X.509 Certificates for various end-user devices with disparate root trust stores.
Documentation
On the command-line:
tlstrust --help
produces:
usage: tlstrust [-h] [-C CLIENT_PEM] [--disable-sni] [-v] [-vv] [-vvv] [-vvvv] [--version] [targets ...]
positional arguments:
targets All unnamed arguments are hosts (and ports) targets to test. ~$ tlstrust apple.com:443 github.io
localhost:3000
options:
-h, --help show this help message and exit
-C CLIENT_PEM, --client-pem CLIENT_PEM
path to PEM encoded client certificate, url or file path accepted
--disable-sni Do not negotiate SNI using INDA encoded host
-v, --errors-only set logging level to ERROR (default CRITICAL)
-vv, --warning set logging level to WARNING (default CRITICAL)
-vvv, --info set logging level to INFO (default CRITICAL)
-vvvv, --debug set logging level to DEBUG (default CRITICAL)
--version
In your app you can:
import os
from pathlib import Path
from OpenSSL.crypto import FILETYPE_ASN1
from tlstrust import TrustStore
der = Path(os.path.join(os.path.dirname(__file__), "cacert.der")).read_bytes()
trust_store = TrustStore(FILETYPE_ASN1, der)
print(trust_store.check_trust())
Platform specific checking
all_trusted = trust_store.check_trust()
assert all_trusted is True
assert trust_store.android
assert trust_store.linux
assert trust_store.ccadb # Windows, Mozilla, and Apple (from December 1st 2021)
assert trust_store.java
assert trust_store.certifi
Basic usage
Using CCADB for demonstration purposes (includes Apple, Microsoft, and Mozilla)
from tlstrust.context import SOURCE_CCADB
assert trust_store.exists(SOURCE_CCADB)
assert trust_store.expired_in_store(SOURCE_CCADB)
assert trust_store.get_certificate_from_store(SOURCE_CCADB)
assert trust_store.check_trust(SOURCE_CCADB)
Other Platforms
from tlstrust.context import PLATFORM_ANDROID
from tlstrust.context import PLATFORM_JAVA
from tlstrust.context import PLATFORM_LINUX
from tlstrust.context import PLATFORM_APPLE
Apple (before CCADB)
Apple (legacy) Trust Store support exists in earlier versions of tlstrust, it was removed in version 2.0.0 so installing prior versions will allow you to access this functionality.
Android versions
from tlstrust.context import PLATFORM_ANDROID2_2
from tlstrust.context import PLATFORM_ANDROID2_3
from tlstrust.context import PLATFORM_ANDROID3
from tlstrust.context import PLATFORM_ANDROID4
from tlstrust.context import PLATFORM_ANDROID4_4
from tlstrust.context import PLATFORM_ANDROID7
from tlstrust.context import PLATFORM_ANDROID8
from tlstrust.context import PLATFORM_ANDROID9
from tlstrust.context import PLATFORM_ANDROID10
from tlstrust.context import PLATFORM_ANDROID11
from tlstrust.context import PLATFORM_ANDROID12
Browser Trust Stores
from tlstrust.context import BROWSER_AMAZON_SILK, BROWSER_SAMSUNG_INTERNET_BROWSER, BROWSER_GOOGLE_CHROME, BROWSER_CHROMIUM, BROWSER_FIREFOX, BROWSER_BRAVE, BROWSER_SAFARI, BROWSER_MICROSOFT_EDGE, BROWSER_YANDEX_BROWSER, BROWSER_OPERA, BROWSER_VIVALDI, BROWSER_TOR_BROWSER
assert trust_store.check_trust(BROWSER_AMAZON_SILK)
assert trust_store.check_trust(BROWSER_SAMSUNG_INTERNET_BROWSER)
assert trust_store.check_trust(BROWSER_GOOGLE_CHROME)
assert trust_store.check_trust(BROWSER_CHROMIUM)
assert trust_store.check_trust(BROWSER_FIREFOX)
assert trust_store.check_trust(BROWSER_BRAVE)
assert trust_store.check_trust(BROWSER_SAFARI)
assert trust_store.check_trust(BROWSER_MICROSOFT_EDGE)
assert trust_store.check_trust(BROWSER_YANDEX_BROWSER)
assert trust_store.check_trust(BROWSER_OPERA)
assert trust_store.check_trust(BROWSER_VIVALDI)
assert trust_store.check_trust(BROWSER_TOR_BROWSER)
Programming Language Trust (Microservice architecture and APIs)
Python:
from tlstrust.context import LANGUAGE_PYTHON_WINDOWS_SERVER, LANGUAGE_PYTHON_LINUX_SERVER, LANGUAGE_PYTHON_MACOS_SERVER, LANGUAGE_PYTHON_CERTIFI, LANGUAGE_PYTHON_URLLIB, LANGUAGE_PYTHON_REQUESTS, LANGUAGE_PYTHON_DJANGO
assert trust_store.check_trust(LANGUAGE_PYTHON_WINDOWS_SERVER)
assert trust_store.check_trust(LANGUAGE_PYTHON_LINUX_SERVER)
assert trust_store.check_trust(LANGUAGE_PYTHON_MACOS_SERVER)
assert trust_store.check_trust(LANGUAGE_PYTHON_CERTIFI)
assert trust_store.check_trust(LANGUAGE_PYTHON_URLLIB)
assert trust_store.check_trust(LANGUAGE_PYTHON_REQUESTS)
assert trust_store.check_trust(LANGUAGE_PYTHON_DJANGO)
Change Log
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
tlstrust-2.5.0.tar.gz
(5.1 MB
view hashes)
Built Distribution
Close
Hashes for tlstrust-2.5.0-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9f88e38be825fc071d287d5cd205051a353dec53ae62e3369fb370740d938943 |
|
| MD5 | eacc86f23b0d47cab1ef20dad74f4e55 |
|
| BLAKE2b-256 | 765ec069e1f4dd4001d7137418a7bc9fc5c6ea2a405545aaa999d6bc92606429 |
