cnert
Class cnert.CA
CA
CA(
subject_attrs: NameAttrs | None = None,
issuer_attrs: NameAttrs | None = None,
path_length: int = 9,
not_valid_before: datetime | None = None,
not_valid_after: datetime | None = None,
serial_number: int | None = None,
parent: CA | None = None,
intermediate_num: int = 0,
)
A CA object.
Examples: >>> ca = cnert.CA() >>> ca.is_root_ca True >>> ca.is_intermediate_ca False >>> ca.parent is None True
Parameters: subject_attrs: Subject Name Attributes. subject_attrs: Issuer Name Attributes. path_length: Maximum path length certificates subordinate. not_valid_before: CA not valid before date. not_valid_after: CA not valid after date. parent: Parent of CA. intermediate_num: Number of intermediates.
Methods:
-
issue_cert–Issues a certificate
| Attributes: |
|---|
is_intermediate_ca
property
is_intermediate_ca: bool
Returns: Whether CA is a intermediate CA or not.
is_root_ca
property
is_root_ca: bool
Examples: >>> ca = CA() >>> ca.is_root_ca True >>> intermediate = ca.issue_intermediate() >>> intermediate.is_root_ca False
Returns: Whether CA is a root CA or not.
issue_cert
issue_cert(
*sans: str,
subject_attrs: NameAttrs | None = None,
not_valid_before: datetime | None = None,
not_valid_after: datetime | None = None,
serial_number: int | None = None,
csr: CSR | None = None,
) -> _Cert
Issues a certificate
Examples:
>>> ca = CA()
>>> ca.issue_cert()
Parameters: sans: Subject Alternative Names as positional arguments. subject_attrs: Subject Name Attributes. not_valid_before: Certificate not valid before date. not_valid_after: Certificate not valid after date. csr: A CSR object.
Returns: A _Cert object.
Class cnert.NameAttrs
NameAttrs
NameAttrs(**kwargs)
Bases: Freezer
An object for storing (and freezing) Name Attributes for Subject Name Attributes and Issuer Name Attributes.
Accepts any valid x509.NameAttribute as key arguments with arbitrary string values.
Has methods for returning initialized attributes in a dict and for
returning a cryptography.x509.Name
There is alse a method for showing the allowed attributes.
Examples:
>>> subject_attrs = cnert.NameAttrs(COMMON_NAME="example.com")
>>> subject_attrs.COMMON_NAME
'example.com'
>>> subject_attrs.dict_
{'COMMON_NAME': 'example.com'}
>>> subject_attrs.x509_name
Methods:
-
allowed_keys–Returns a list of allowed key arguments.
-
x509_name–Examples:
allowed_keys
Returns a list of allowed key arguments.
Examples: >>> cnert.NameAttrs().allowed_keys() ['BUSINESS_CATEGORY', 'COMMON_NAME', 'COUNTRY_NAME', 'DN_QUALIFIER', 'DOMAIN_COMPONENT', 'EMAIL_ADDRESS', 'GENERATION_QUALIFIER', 'GIVEN_NAME', 'INN', 'JURISDICTION_COUNTRY_NAME', 'JURISDICTION_LOCALITY_NAME', 'JURISDICTION_STATE_OR_PROVINCE_NAME', 'LOCALITY_NAME', 'OGRN', 'ORGANIZATIONAL_UNIT_NAME', 'ORGANIZATION_NAME', 'POSTAL_ADDRESS', 'POSTAL_CODE', 'PSEUDONYM', 'SERIAL_NUMBER', 'SNILS', 'STATE_OR_PROVINCE_NAME', 'STREET_ADDRESS', 'SURNAME', 'TITLE', 'UNSTRUCTURED_NAME', 'USER_ID', 'X500_UNIQUE_IDENTIFIER']
Returns: A list of valid key attributes.
x509_name
x509_name() -> Name
Examples:
>>> subject_attrs = cnert.NameAttrs(COMMON_NAME="example.com")
>>> subject_attrs.x509_name()
Returns:
A cryptography.x509.Name
Class cnert._CertBuilder
_CertBuilder
_CertBuilder()
Builds and signs a X509 Certificate.
Methods:
-
build–Does the Certificate building.
build
build(sans: tuple[] | tuple[str, ...], subject_attrs_X509_name: Name, issuer_attrs_X509_name: Name, serial_number: int, not_valid_before: datetime, not_valid_after: datetime, is_ca: bool, public_key: RSAPublicKey, issuer_public_key: RSAPublicKey | None = None, path_length: int | None = None) -> None
Does the Certificate building.
Parameters: sans: Subject Alternative Names as positional arguments. subject_attrs_X509_name: Subject Attributes Names. issuer_attrs_X509_name: Issuer Atributes Names. serial_number: Serial number. not_valid_before: Not valid before date. not_valid_after: Note valid after date. is_ca: Add CA extension. public_key: Public key for the certificate. issuer_public_key: Issuer public key. path_length: Max path length.
Class cnert._Cert
_Cert
_Cert(
*sans: str,
subject_attrs: NameAttrs,
issuer_attrs: NameAttrs,
not_valid_before: datetime | None = None,
not_valid_after: datetime | None = None,
serial_number: int | None = None,
parent: _Cert | None = None,
private_key: RSAPrivateKey | None = None,
path_length: int = 0,
is_ca: bool = False,
)
A _Cert object.
This object is returned by cnert.CA().issue_cert()
Examples:
>>> ca = CA()
>>> cert = ca.issue_cert()
>>> cert.subject_attrs
NameAttrs(COMMON_NAME="example.com")
>>> cert.issuer_attrs
NameAttrs(ORGANIZATION_NAME="Root CA")
>>> cert.not_valid_before
datetime.datetime(2023, 3, 24, 23, 56, 55, 901545)
>>> cert.not_valid_after
datetime.datetime(2023, 6, 23, 23, 56, 55, 901545)
Parameters: sans: Subject Alternative Names as positional arguments subject_attrs: Subject Name Attributes issuer_attrs: Issure Name Attributes not_valid_before: CA not valid before date not_valid_after: CA not valid after date serial_number: Serial number parent: Certificate of CA. private_key: RSA private key path_length: Path length is_ca: if CA
| Attributes: |
|
|---|
MD5
property
MD5: str
Examples: >>> cert = cnert.CA().issue_cert() >>> cert.MD5 'A03D37486DD47BE3E9C7EC1624073856'
Returns: MD5 Fingerprint string in hexadecimal and upper case.
SHA1
property
SHA1: str
Examples: >>> cert = cnert.CA().issue_cert() >>> cert.SHA1 '9E0A06CFB37B352FDA5B2226E6D631CF07D5D185'
Returns: SHA1 Fingerprint string in hexadecimal and upper case.
SHA256
property
SHA256: str
Examples: >>> cert = cnert.CA().issue_cert() >>> cert.SHA256 '68307A6CBE2804038DF85FB53AEE96AB47EA81439AB2E059DDDEA9F901097D84'
Returns: SHA256 Fingerprint string in hexadecimal and upper case.
authority_key_identifier_digest
property
authority_key_identifier_digest: str | None
Examples: >>> cert = cnert.CA().issue_cert() >>> cert.authority_key_identifier_digest '8F85C564F62E39D5A5CA346CA26AAE67029B671E'
Returns: The binary value of the authority key identifier in hexadecimal and upper case or None when certificate has no subject key identifier extension.
private_key_pem_PKCS1
property
private_key_pem_PKCS1: bytes
Examples: >>> cert = CA().issue_cert() >>> cert.private_key_pem_PKCS1 b'-----begin rsa private key----- ...
Returns: PEM encoded serialized key in TraditionalOpenSSL format.
private_key_pem_PKCS8
property
private_key_pem_PKCS8: bytes
Examples: >>> cert = CA().issue_cert() >>> cert.private_key_pem_PKCS8 b'-----BEGIN PRIVATE KEY----- ...
Returns: PEM encoded serialized key in PKCS8 format.
public_key
property
public_key: RSAPublicKey
Examples:
>>> cert = cnert.CA().issue_cert()
>>> cert.private_key
Returns: An RSA private key.
public_key_pem
property
public_key_pem: bytes
Examples: >>> cert = CA().issue_cert() >>> cert.public_key_pem b'-----BEGIN PUBLIC KEY----- ...
Returns: PEM encoded serialized key in RSAPublicKey format.
subject_key_identifier_digest
property
subject_key_identifier_digest: str
Examples: >>> cert = cnert.CA().issue_cert() >>> cert.subject_key_identifier_digest '8F85C564F62E39D5A5CA346CA26AAE67029B671E'
Returns: The binary value of the subject key identifier in hexadecimal and upper case.
Class cnert.CSR
CSR
CSR(
*sans: str,
subject_attrs: NameAttrs | None = None,
private_key: RSAPrivateKey | None = None,
)
A CSR object.
Examples: >>> csr = cnert.CSR()
Parameters: sans: Subject Alternative Names as positional arguments subject_attrs: Subject Name Attributes private_key: RSA private key
Function build_private_key
build_private_key
Creates a private key.
Parameters: key_size: Key size public_exponent: public exponenent
Function idna_encode
idna_encode
Creates a valid internationalized domain name
Parameters: _string: Internationalized domain name
Function identity_string_to_x509
identity_string_to_x509
identity_string_to_x509(identity: str) -> GeneralName
Creates a x509.GeneralName from a string.
Parameters: identity: IP Address, DNS name or email address.