cnert

Class cnert.CA

CA

CA(
    subject_attrs: NameAttrs | None = None,
    issuer_attrs: NameAttrs | None = None,
    path_length: int = 9,
    not_valid_before: datetime | None = None,
    not_valid_after: datetime | None = None,
    serial_number: int | None = None,
    parent: CA | None = None,
    intermediate_num: int = 0,
)

A CA object.

Examples: >>> ca = cnert.CA() >>> ca.is_root_ca True >>> ca.is_intermediate_ca False >>> ca.parent is None True

Parameters: subject_attrs: Subject Name Attributes. subject_attrs: Issuer Name Attributes. path_length: Maximum path length certificates subordinate. not_valid_before: CA not valid before date. not_valid_after: CA not valid after date. parent: Parent of CA. intermediate_num: Number of intermediates.

Methods:

Attributes:
  • is_intermediate_ca (bool) –

    Returns:

  • is_root_ca (bool) –

    Examples:

is_intermediate_ca property
is_intermediate_ca: bool

Returns: Whether CA is a intermediate CA or not.

is_root_ca property
is_root_ca: bool

Examples: >>> ca = CA() >>> ca.is_root_ca True >>> intermediate = ca.issue_intermediate() >>> intermediate.is_root_ca False

Returns: Whether CA is a root CA or not.

issue_cert
issue_cert(
    *sans: str,
    subject_attrs: NameAttrs | None = None,
    not_valid_before: datetime | None = None,
    not_valid_after: datetime | None = None,
    serial_number: int | None = None,
    csr: CSR | None = None,
) -> _Cert

Issues a certificate

Examples: >>> ca = CA() >>> ca.issue_cert()

Parameters: sans: Subject Alternative Names as positional arguments. subject_attrs: Subject Name Attributes. not_valid_before: Certificate not valid before date. not_valid_after: Certificate not valid after date. csr: A CSR object.

Returns: A _Cert object.

Class cnert.NameAttrs

NameAttrs

NameAttrs(**kwargs)

Bases: Freezer

An object for storing (and freezing) Name Attributes for Subject Name Attributes and Issuer Name Attributes.

Accepts any valid x509.NameAttribute as key arguments with arbitrary string values.

Has methods for returning initialized attributes in a dict and for returning a cryptography.x509.Name

There is alse a method for showing the allowed attributes.

Examples: >>> subject_attrs = cnert.NameAttrs(COMMON_NAME="example.com") >>> subject_attrs.COMMON_NAME 'example.com' >>> subject_attrs.dict_ {'COMMON_NAME': 'example.com'} >>> subject_attrs.x509_name

Methods:

allowed_keys
allowed_keys() -> list[str]

Returns a list of allowed key arguments.

Examples: >>> cnert.NameAttrs().allowed_keys() ['BUSINESS_CATEGORY', 'COMMON_NAME', 'COUNTRY_NAME', 'DN_QUALIFIER', 'DOMAIN_COMPONENT', 'EMAIL_ADDRESS', 'GENERATION_QUALIFIER', 'GIVEN_NAME', 'INN', 'JURISDICTION_COUNTRY_NAME', 'JURISDICTION_LOCALITY_NAME', 'JURISDICTION_STATE_OR_PROVINCE_NAME', 'LOCALITY_NAME', 'OGRN', 'ORGANIZATIONAL_UNIT_NAME', 'ORGANIZATION_NAME', 'POSTAL_ADDRESS', 'POSTAL_CODE', 'PSEUDONYM', 'SERIAL_NUMBER', 'SNILS', 'STATE_OR_PROVINCE_NAME', 'STREET_ADDRESS', 'SURNAME', 'TITLE', 'UNSTRUCTURED_NAME', 'USER_ID', 'X500_UNIQUE_IDENTIFIER']

Returns: A list of valid key attributes.

x509_name
x509_name() -> Name

Examples: >>> subject_attrs = cnert.NameAttrs(COMMON_NAME="example.com") >>> subject_attrs.x509_name()

Returns: A cryptography.x509.Name

Class cnert._CertBuilder

_CertBuilder

_CertBuilder()

Builds and signs a X509 Certificate.

Methods:

  • build

    Does the Certificate building.

build
build(sans: tuple[] | tuple[str, ...], subject_attrs_X509_name: Name, issuer_attrs_X509_name: Name, serial_number: int, not_valid_before: datetime, not_valid_after: datetime, is_ca: bool, public_key: RSAPublicKey, issuer_public_key: RSAPublicKey | None = None, path_length: int | None = None) -> None

Does the Certificate building.

Parameters: sans: Subject Alternative Names as positional arguments. subject_attrs_X509_name: Subject Attributes Names. issuer_attrs_X509_name: Issuer Atributes Names. serial_number: Serial number. not_valid_before: Not valid before date. not_valid_after: Note valid after date. is_ca: Add CA extension. public_key: Public key for the certificate. issuer_public_key: Issuer public key. path_length: Max path length.

Class cnert._Cert

_Cert

_Cert(
    *sans: str,
    subject_attrs: NameAttrs,
    issuer_attrs: NameAttrs,
    not_valid_before: datetime | None = None,
    not_valid_after: datetime | None = None,
    serial_number: int | None = None,
    parent: _Cert | None = None,
    private_key: RSAPrivateKey | None = None,
    path_length: int = 0,
    is_ca: bool = False,
)

A _Cert object.

This object is returned by cnert.CA().issue_cert()

Examples:

>>> ca = CA()
>>> cert = ca.issue_cert()
>>> cert.subject_attrs
NameAttrs(COMMON_NAME="example.com")
>>> cert.issuer_attrs
NameAttrs(ORGANIZATION_NAME="Root CA")
>>> cert.not_valid_before
datetime.datetime(2023, 3, 24, 23, 56, 55, 901545)
>>> cert.not_valid_after
datetime.datetime(2023, 6, 23, 23, 56, 55, 901545)

Parameters: sans: Subject Alternative Names as positional arguments subject_attrs: Subject Name Attributes issuer_attrs: Issure Name Attributes not_valid_before: CA not valid before date not_valid_after: CA not valid after date serial_number: Serial number parent: Certificate of CA. private_key: RSA private key path_length: Path length is_ca: if CA

Attributes:
  • MD5 (str) –

    Examples:

  • SHA1 (str) –

    Examples:

  • SHA256 (str) –

    Examples:

  • authority_key_identifier_digest (str | None) –

    Examples:

  • private_key_pem_PKCS1 (bytes) –

    Examples:

  • private_key_pem_PKCS8 (bytes) –

    Examples:

  • public_key (RSAPublicKey) –

    Examples:

  • public_key_pem (bytes) –

    Examples:

  • subject_key_identifier_digest (str) –

    Examples:

MD5 property
MD5: str

Examples: >>> cert = cnert.CA().issue_cert() >>> cert.MD5 'A03D37486DD47BE3E9C7EC1624073856'

Returns: MD5 Fingerprint string in hexadecimal and upper case.

SHA1 property
SHA1: str

Examples: >>> cert = cnert.CA().issue_cert() >>> cert.SHA1 '9E0A06CFB37B352FDA5B2226E6D631CF07D5D185'

Returns: SHA1 Fingerprint string in hexadecimal and upper case.

SHA256 property
SHA256: str

Examples: >>> cert = cnert.CA().issue_cert() >>> cert.SHA256 '68307A6CBE2804038DF85FB53AEE96AB47EA81439AB2E059DDDEA9F901097D84'

Returns: SHA256 Fingerprint string in hexadecimal and upper case.

authority_key_identifier_digest property
authority_key_identifier_digest: str | None

Examples: >>> cert = cnert.CA().issue_cert() >>> cert.authority_key_identifier_digest '8F85C564F62E39D5A5CA346CA26AAE67029B671E'

Returns: The binary value of the authority key identifier in hexadecimal and upper case or None when certificate has no subject key identifier extension.

private_key_pem_PKCS1 property
private_key_pem_PKCS1: bytes

Examples: >>> cert = CA().issue_cert() >>> cert.private_key_pem_PKCS1 b'-----begin rsa private key----- ...

Returns: PEM encoded serialized key in TraditionalOpenSSL format.

private_key_pem_PKCS8 property
private_key_pem_PKCS8: bytes

Examples: >>> cert = CA().issue_cert() >>> cert.private_key_pem_PKCS8 b'-----BEGIN PRIVATE KEY----- ...

Returns: PEM encoded serialized key in PKCS8 format.

public_key property
public_key: RSAPublicKey

Examples: >>> cert = cnert.CA().issue_cert() >>> cert.private_key

Returns: An RSA private key.

public_key_pem property
public_key_pem: bytes

Examples: >>> cert = CA().issue_cert() >>> cert.public_key_pem b'-----BEGIN PUBLIC KEY----- ...

Returns: PEM encoded serialized key in RSAPublicKey format.

subject_key_identifier_digest property
subject_key_identifier_digest: str

Examples: >>> cert = cnert.CA().issue_cert() >>> cert.subject_key_identifier_digest '8F85C564F62E39D5A5CA346CA26AAE67029B671E'

Returns: The binary value of the subject key identifier in hexadecimal and upper case.

Class cnert.CSR

CSR

CSR(
    *sans: str,
    subject_attrs: NameAttrs | None = None,
    private_key: RSAPrivateKey | None = None,
)

A CSR object.

Examples: >>> csr = cnert.CSR()

Parameters: sans: Subject Alternative Names as positional arguments subject_attrs: Subject Name Attributes private_key: RSA private key

Function build_private_key

build_private_key

build_private_key(
    key_size: int = 2048, public_exponent: int = 65537
) -> RSAPrivateKey

Creates a private key.

Parameters: key_size: Key size public_exponent: public exponenent

Function idna_encode

idna_encode

idna_encode(_string: str) -> str

Creates a valid internationalized domain name

Parameters: _string: Internationalized domain name

Function identity_string_to_x509

identity_string_to_x509

identity_string_to_x509(identity: str) -> GeneralName

Creates a x509.GeneralName from a string.

Parameters: identity: IP Address, DNS name or email address.