Cnert

cnert

Class cnert.CA

A CA object.

Examples:

>>> ca = cnert.CA()
>>> ca.is_root_ca
True
>>> ca.is_intermediate_ca
False
>>> ca.parent is None
True

Parameters:

subject_attrs (NameAttrs | None, default: None ) –

Subject Name Attributes.
subject_attrs (NameAttrs | None, default: None ) –

Issuer Name Attributes.
path_length (int, default: 9 ) –

Maximum path length certificates subordinate.
not_valid_before (datetime | None, default: None ) –

CA not valid before date.
not_valid_after (datetime | None, default: None ) –

CA not valid after date.
parent (CA | None, default: None ) –

Parent of CA.
intermediate_num (int, default: 0 ) –

Number of intermediates.

`is_intermediate_ca: bool` `property`

Returns:	`bool` – Whether CA is a intermediate CA or not.

`is_root_ca: bool` `property`

Examples:

>>> ca = CA()
>>> ca.is_root_ca
True
>>> intermediate = ca.issue_intermediate()
>>> intermediate.is_root_ca
False

Returns:	`bool` – Whether CA is a root CA or not.

`issue_cert(*sans, subject_attrs=None, not_valid_before=None, not_valid_after=None, serial_number=None, csr=None)`

Issues a certificate

Examples:

>>> ca = CA()
>>> ca.issue_cert()
<cnert.Cert at 0x107f87f50>

Parameters:

sans (str, default: () ) –

Subject Alternative Names as positional arguments.
subject_attrs (NameAttrs | None, default: None ) –

Subject Name Attributes.
not_valid_before (datetime | None, default: None ) –

Certificate not valid before date.
not_valid_after (datetime | None, default: None ) –

Certificate not valid after date.
csr (CSR | None, default: None ) –

A CSR object.

Returns:	`_Cert` – A _Cert object.

Class cnert.NameAttrs

An object for storing (and freezing) Name Attributes for Subject Name Attributes and Issuer Name Attributes.

Accepts any valid x509.NameAttribute as key arguments with arbitrary string values.

Has methods for returning initialized attributes in a dict and for returning a cryptography.x509.Name

There is alse a method for showing the allowed attributes.

Examples:

>>> subject_attrs = cnert.NameAttrs(COMMON_NAME="example.com")
>>> subject_attrs.COMMON_NAME
'example.com'
>>> subject_attrs.dict_
{'COMMON_NAME': 'example.com'}
>>> subject_attrs.x509_name
<Name(CN=example.com)>

`allowed_keys()`

Returns a list of allowed key arguments.

Examples:

>>> cnert.NameAttrs().allowed_keys()
['BUSINESS_CATEGORY',
 'COMMON_NAME',
 'COUNTRY_NAME',
 'DN_QUALIFIER',
 'DOMAIN_COMPONENT',
 'EMAIL_ADDRESS',
 'GENERATION_QUALIFIER',
 'GIVEN_NAME',
 'INN',
 'JURISDICTION_COUNTRY_NAME',
 'JURISDICTION_LOCALITY_NAME',
 'JURISDICTION_STATE_OR_PROVINCE_NAME',
 'LOCALITY_NAME',
 'OGRN',
 'ORGANIZATIONAL_UNIT_NAME',
 'ORGANIZATION_NAME',
 'POSTAL_ADDRESS',
 'POSTAL_CODE',
 'PSEUDONYM',
 'SERIAL_NUMBER',
 'SNILS',
 'STATE_OR_PROVINCE_NAME',
 'STREET_ADDRESS',
 'SURNAME',
 'TITLE',
 'UNSTRUCTURED_NAME',
 'USER_ID',
 'X500_UNIQUE_IDENTIFIER']

Returns:	`list[str]` – A list of valid key attributes.

`x509_name()`

Examples:

>>> subject_attrs = cnert.NameAttrs(COMMON_NAME="example.com")
>>> subject_attrs.x509_name()
<Name(CN=example.com)>

Returns:	`Name` – A `cryptography.x509.Name`

Class cnert._CertBuilder

Builds and signs a X509 Certificate.

`build(sans, subject_attrs_X509_name, issuer_attrs_X509_name, serial_number, not_valid_before, not_valid_after, is_ca, public_key, issuer_public_key=None, path_length=None)`

Does the Certificate building.

Parameters:

sans (tuple[] | tuple[str, ...]) –

Subject Alternative Names as positional arguments.
subject_attrs_X509_name (Name) –

Subject Attributes Names.
issuer_attrs_X509_name (Name) –

Issuer Atributes Names.
serial_number (int) –

Serial number.
not_valid_before (datetime) –

Not valid before date.
not_valid_after (datetime) –

Note valid after date.
is_ca (bool) –

Add CA extension.
public_key (RSAPublicKey) –

Public key for the certificate.
issuer_public_key (RSAPublicKey | None, default: None ) –

Issuer public key.
path_length (int | None, default: None ) –

Max path length.

Class cnert._Cert

A _Cert object.

This object is returned by cnert.CA().issue_cert()

Examples:

>>> ca = CA()
>>> cert = ca.issue_cert()
>>> cert.subject_attrs
NameAttrs(COMMON_NAME="example.com")
>>> cert.issuer_attrs
NameAttrs(ORGANIZATION_NAME="Root CA")
>>> cert.not_valid_before
datetime.datetime(2023, 3, 24, 23, 56, 55, 901545)
>>> cert.not_valid_after
datetime.datetime(2023, 6, 23, 23, 56, 55, 901545)

`MD5: str` `property`

Examples:

>>> cert = cnert.CA().issue_cert()
>>> cert.MD5
'A03D37486DD47BE3E9C7EC1624073856'

Returns:	`str` – MD5 Fingerprint string in hexadecimal and upper case.

`SHA1: str` `property`

Examples:

>>> cert = cnert.CA().issue_cert()
>>> cert.SHA1
'9E0A06CFB37B352FDA5B2226E6D631CF07D5D185'

Returns:	`str` – SHA1 Fingerprint string in hexadecimal and upper case.

`SHA256: str` `property`

Examples:

>>> cert = cnert.CA().issue_cert()
>>> cert.SHA256
'68307A6CBE2804038DF85FB53AEE96AB47EA81439AB2E059DDDEA9F901097D84'

Returns:	`str` – SHA256 Fingerprint string in hexadecimal and upper case.

`authority_key_identifier_digest: str | None` `property`

Examples:

>>> cert = cnert.CA().issue_cert()
>>> cert.authority_key_identifier_digest
'8F85C564F62E39D5A5CA346CA26AAE67029B671E'

Returns:	`str \| None` – The binary value of the authority key identifier in hexadecimal `str \| None` – and upper case or None when certificate has no `str \| None` – subject key identifier extension.

`private_key_pem_PKCS1: bytes` `property`

Examples:

>>> cert = CA().issue_cert()
>>> cert.private_key_pem_PKCS1
b'-----begin rsa private key-----
...

Returns:	`bytes` – PEM encoded serialized key in TraditionalOpenSSL format.

`private_key_pem_PKCS8: bytes` `property`

Examples:

>>> cert = CA().issue_cert()
>>> cert.private_key_pem_PKCS8
b'-----BEGIN PRIVATE KEY-----
...

Returns:	`bytes` – PEM encoded serialized key in PKCS8 format.

`public_key: rsa.RSAPublicKey` `property`

Examples:

>>> cert = cnert.CA().issue_cert()
>>> cert.private_key
<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object
at 0x1014e4e10>

Returns:	`RSAPublicKey` – An RSA private key.

`public_key_pem: bytes` `property`

Examples:

>>> cert = CA().issue_cert()
>>> cert.public_key_pem
b'-----BEGIN PUBLIC KEY-----
...

Returns:	`bytes` – PEM encoded serialized key in RSAPublicKey format.

`subject_key_identifier_digest: str` `property`

Examples:

>>> cert = cnert.CA().issue_cert()
>>> cert.subject_key_identifier_digest
'8F85C564F62E39D5A5CA346CA26AAE67029B671E'

Returns:	`str` – The binary value of the subject key identifier in hexadecimal `str` – and upper case.

`init(*sans, subject_attrs, issuer_attrs, not_valid_before=None, not_valid_after=None, serial_number=None, parent=None, private_key=None, path_length=0, is_ca=False)`

Initialize a _Cert object.

Parameters:

sans (str, default: () ) –

Subject Alternative Names as positional arguments
subject_attrs (NameAttrs) –

Subject Name Attributes
issuer_attrs (NameAttrs) –

Issure Name Attributes
not_valid_before (datetime | None, default: None ) –

CA not valid before date
not_valid_after (datetime | None, default: None ) –

CA not valid after date
serial_number (int | None, default: None ) –

Serial number
parent (_Cert | None, default: None ) –

Certificate of CA.
private_key (RSAPrivateKey | None, default: None ) –

RSA private key
path_length (int, default: 0 ) –

Path length
is_ca (bool, default: False ) –

if CA

Class cnert.CSR

A CSR object.

Examples:

>>> csr = cnert.CSR()

Parameters:	`sans` (`str`, default: `()` ) – Subject Alternative Names as positional arguments `subject_attrs` (`NameAttrs \| None`, default: `None` ) – Subject Name Attributes `private_key` (`RSAPrivateKey \| None`, default: `None` ) – RSA private key

Function build_private_key

Creates a private key.

Parameters:	`key_size` (`int`, default: `2048` ) – Key size `public_exponent` (`int`, default: `65537` ) – public exponenent

Function idna_encode

Creates a valid internationalized domain name

Parameters:	`_string` (`str`) – Internationalized domain name

Function identity_string_to_x509

Creates a x509.GeneralName from a string.

Parameters:	`identity` (`str`) – IP Address, DNS name or email address.

cnert

Class cnert.CA

is_intermediate_ca: bool property

is_root_ca: bool property

issue_cert(*sans, subject_attrs=None, not_valid_before=None, not_valid_after=None, serial_number=None, csr=None)

Class cnert.NameAttrs

allowed_keys()

x509_name()

Class cnert._CertBuilder

build(sans, subject_attrs_X509_name, issuer_attrs_X509_name, serial_number, not_valid_before, not_valid_after, is_ca, public_key, issuer_public_key=None, path_length=None)

Class cnert._Cert

MD5: str property

SHA1: str property

SHA256: str property

authority_key_identifier_digest: str | None property

private_key_pem_PKCS1: bytes property

private_key_pem_PKCS8: bytes property

public_key: rsa.RSAPublicKey property

public_key_pem: bytes property

subject_key_identifier_digest: str property

__init__(*sans, subject_attrs, issuer_attrs, not_valid_before=None, not_valid_after=None, serial_number=None, parent=None, private_key=None, path_length=0, is_ca=False)

Class cnert.CSR

Function build_private_key

Function idna_encode

Function identity_string_to_x509

`is_intermediate_ca: bool` `property`

`is_root_ca: bool` `property`

`issue_cert(*sans, subject_attrs=None, not_valid_before=None, not_valid_after=None, serial_number=None, csr=None)`

`allowed_keys()`

`x509_name()`

`build(sans, subject_attrs_X509_name, issuer_attrs_X509_name, serial_number, not_valid_before, not_valid_after, is_ca, public_key, issuer_public_key=None, path_length=None)`

`MD5: str` `property`

`SHA1: str` `property`

`SHA256: str` `property`

`authority_key_identifier_digest: str | None` `property`

`private_key_pem_PKCS1: bytes` `property`

`private_key_pem_PKCS8: bytes` `property`

`public_key: rsa.RSAPublicKey` `property`

`public_key_pem: bytes` `property`

`subject_key_identifier_digest: str` `property`

`init(*sans, subject_attrs, issuer_attrs, not_valid_before=None, not_valid_after=None, serial_number=None, parent=None, private_key=None, path_length=0, is_ca=False)`