Certificate

Certificate ¶

Bases: InitCryptoParser

An object describing a x509 Certificate

Attributes:

issuer (Name) –

Certificate issuer
subject (Name) –

Certificate subject
validity (Validity) –

Contains information about NotBefore and NotAfter
extensions (Optional[Extensions]) –

Certificate (v3) extensions
serial_number (Optional[int]) –

Serial number
version (Optional[int]) –

The version of the certificate
signature_algorithm (Optional[SignatureAlgorithm]) –

Describes the algorithm used to sign the certificate
subject_public_key_info (Optional[SubjectPublicKeyInfo]) –

The public key information

Examples¶

Create self signed certificate¶

import datetime

from pki_tools import Name, Certificate, Validity, RSAKeyPair, SHA512

name = Name(cn=["Cert CN"])

validity = Validity(
    not_before=datetime.datetime.today() - datetime.timedelta(days=1),
    not_after=datetime.datetime.today() + datetime.timedelta(days=1),
)

cert = Certificate(
    subject=name,
    issuer=name,
    validity=validity,
)

cert.sign(RSAKeyPair.generate(), SHA512)

print(cert)

Print output

Issuer: 'CN: Cert CN'
Serial Number: 000000000000000000000000D35C0881
Signature Algorithm: SHA512
Subject: 'CN: Cert CN'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      24651952656163458827909525106986168390362313244380531363179274081705687882652429
      42724353284369423374164958731106228192983422927322035391927312930827505751347318
      10433836284050568792288057907409152147114335732376331606070709493414131825009878
      62483806985168774106048702295276425922168970742025356609804205385245796272234488
      03262804756628532016588575221328645948176714781737845302802392421145534382840728
      88871956041487370444145888612290281581252521370439236655085304445315900515237929
      95090348261387175920426292996964832750356977399684053672351531777248194875874047
      915774180897234671145523280260573598420850325221582548203
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      24651952656163458827909525106986168390362313244380531363179274081705687882652429
      42724353284369423374164958731106228192983422927322035391927312930827505751347318
      10433836284050568792288057907409152147114335732376331606070709493414131825009878
      62483806985168774106048702295276425922168970742025356609804205385245796272234488
      03262804756628532016588575221328645948176714781737845302802392421145534382840728
      88871956041487370444145888612290281581252521370439236655085304445315900515237929
      95090348261387175920426292996964832750356977399684053672351531777248194875874047
      915774180897234671145523280260573598420850325221582548203
    public_exponent_e: '65537'
Validity:
  Not After: '2024-03-20 19:33:29.527993+00:00'
  Not Before: '2024-03-18 19:33:29.527980+00:00'

Create cross signed certificate¶

import datetime

from pki_tools import Name, Certificate, Validity, RSAKeyPair, SHA512

issuer_key = RSAKeyPair.generate()
issuer = Name(cn=["Issuer"])

cert_key = RSAKeyPair.generate()
name = Name(cn=["Cert CN"])

validity = Validity(
    not_before=datetime.datetime.today() - datetime.timedelta(days=1),
    not_after=datetime.datetime.today() + datetime.timedelta(days=1),
)

cert = Certificate(
    subject=name,
    issuer=issuer,
    validity=validity,
)

cert.sign(issuer_key, SHA512, req_key=cert_key.public_key)

print(cert)

Print output

Issuer: 'CN: Issuer'
Serial Number: 0000000000000000000000003C267E6C
Signature Algorithm: SHA512
Subject: 'CN: Cert CN'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      25550756128772931813106243067085390318652289985739266496024024493670621116213956
      90489287706264037119626214099882014292713209808252800751866447746720100929151964
      46202070799749522898986797566961784783979561943444986102369066812692738828872782
      98496590414399721427120456071151219636141450460402387454495822527621877200003696
      17645095523313981050160559586782772916770185493147504794214581759473793032497010
      11770801177016538979288420774380352730095192197516118893069722645898883305709857
      14339419027910827270754661777912597663706493126575945938217017739081211471589786
      628051978875616847991393413089023920982485319876048712079
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      25550756128772931813106243067085390318652289985739266496024024493670621116213956
      90489287706264037119626214099882014292713209808252800751866447746720100929151964
      46202070799749522898986797566961784783979561943444986102369066812692738828872782
      98496590414399721427120456071151219636141450460402387454495822527621877200003696
      17645095523313981050160559586782772916770185493147504794214581759473793032497010
      11770801177016538979288420774380352730095192197516118893069722645898883305709857
      14339419027910827270754661777912597663706493126575945938217017739081211471589786
      628051978875616847991393413089023920982485319876048712079
    public_exponent_e: '65537'
Validity:
  Not After: '2024-03-20 19:33:25.178142+00:00'
  Not Before: '2024-03-18 19:33:25.178128+00:00'

InitCryptoParser.from_pem_string ¶

cert_pem

cert_pem = """
-----BEGIN CERTIFICATE-----
MIICsDCCAZigAwIBAgIUagjv68D6EIk/hIIA0mXliqJr/iIwDQYJKoZIhvcNAQEN
BQAwEjEQMA4GA1UEAwwHQ2VydCBDTjAeFw0yNDAzMDkxMzEwMTZaFw0yNDAzMTAx
MzEwMTZaMBIxEDAOBgNVBAMMB0NlcnQgQ04wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxw2sUZVazQcjpVN9NirPbQVLkPwIgFEQfOJwTXOhb2nofM0PA
edmVu+Kb5aw9+lZ3aJaLFOS2nFAdJ0gxINXsqdjVQ1Ok+uftWvanxql8GxDeD3sY
E92KyaRkzwyONq4dXefvRkB1j8w8gm9MbguFhZBMWlaKSqP/48mhWvJlca1zWAkY
H8moxXLcAIuvbc+qMbfNqah1LIvMkxlw1eiYogX8JPpd+OcuyPihXwIUHdl9s24S
ioqODCicBe8eegZZDfdlHQI/kyT88XqT5yHYXnhmgcjIDeCx1eAMXbVdUvzES/pi
qS7pNxvfZwLHvQsGDv7OaW+AoF7+MrunjXvtAgMBAAEwDQYJKoZIhvcNAQENBQAD
ggEBAAa6G9Xl0piwxXfVdr5gTcyHBMNfq9KzgdstTrgV38QXctiyREJW2Nu3A8mm
lsNBW+OyNOalKhYQSDrjG8D3VM6W5VfDlb2iYtBQRUfIkktSQ5/i8xifHulpHH5/
JTLMjePP+W2aOzu7o249PYnpizFsxwOWJGcF76Ouw98X/WKZMpJLSanS1hYmBrRi
vrZ+4lE8Vh4EO/pLMxktBot4cYAAYWIU6are0C4CW7LzmPRmkKcLmjxPDapEOj/d
iEEtcWJ2LNQ1UA0fzUEmrHGfasewdRpkY6K3/9psnnOOCH5T3cZfjawUq0cBpX81
C0c2MU/Ob0dcXJmIwbGA0PmIwVo=
-----END CERTIFICATE-----
"""

from pki_tools import Certificate

cert = Certificate.from_pem_string(cert_pem)

print(cert)

Print output

Issuer: 'CN: Cert CN'
Serial Number: 6A08EFEBC0FA10893F848200D265E58AA26BFE22
Signature Algorithm: SHA512
Signature Value: |-
  06BA1BD5E5D298B0C577D576BE604DCC8704C35FABD2B381DB2D4EB815DFC41772D8B2444256D8DB
  B703C9A696C3415BE3B234E6A52A1610483AE31BC0F754CE96E557C395BDA262D0504547C8924B52
  439FE2F3189F1EE9691C7E7F2532CC8DE3CFF96D9A3B3BBBA36E3D3D89E98B316CC70396246705EF
  A3AEC3DF17FD629932924B49A9D2D6162606B462BEB67EE2513C561E043BFA4B33192D068B787180
  00616214E9AADED02E025BB2F398F46690A70B9A3C4F0DAA443A3FDD88412D7162762CD435500D1F
  CD4126AC719F6AC7B0751A6463A2B7FFDA6C9E738E087E53DDC65F8DAC14AB4701A57F350B473631
  4FCE6F475C5C9988C1B180D0F988C15A
Subject: 'CN: Cert CN'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      30519795842219718524154211452339367525522541418306388322222479091833299116991140
      09740263213211778932406753683969023225227261260389673597060169902106121179841034
      31187219419109541663272149747295496520180159087432616126691772239668099488528148
      13289122122347191908018216484406428594527992092037163959856854605762954418536599
      19979935283394834106080349369124577624086693846677247163161103215836435379325851
      79739035857994859657330621842935602784426350478700541817375449573933075543808561
      18104621405966149397007798324741701052325470419784481031726708819614894503041371
      625278920346237218103962726322958896412584334205897243629
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      30519795842219718524154211452339367525522541418306388322222479091833299116991140
      09740263213211778932406753683969023225227261260389673597060169902106121179841034
      31187219419109541663272149747295496520180159087432616126691772239668099488528148
      13289122122347191908018216484406428594527992092037163959856854605762954418536599
      19979935283394834106080349369124577624086693846677247163161103215836435379325851
      79739035857994859657330621842935602784426350478700541817375449573933075543808561
      18104621405966149397007798324741701052325470419784481031726708819614894503041371
      625278920346237218103962726322958896412584334205897243629
    public_exponent_e: '65537'
Validity:
  Not After: '2024-03-10 13:10:16+00:00'
  Not Before: '2024-03-09 13:10:16+00:00'
Version: 2

InitCryptoParser.from_file ¶

cert.pem

from pki_tools import Certificate

cert = Certificate.from_file("cert.pem")
print(cert)

Print output

Issuer: 'CN: Cert CN'
Serial Number: 243040E9C848CFB6A52091A3FFF0CD2FB3EAD07A
Signature Algorithm: SHA512
Signature Value: |-
  31DE88AF8907A676E5A7EA19549AD6820612F0A8F268B9D3FB5C4FE947D3726DE71F9B00A80F2462
  3C19EC3FD24A3B254DCEF12CB79D3AD59CB720292262A2DEADEC332158E48A4DCB894C23ACAF6583
  80942F178F7265F83E7F975F016C1792B693C2327446820737F2A9D1366F80095984A90714D9EA4F
  695AB9B8CC233785EA4FF7A3A1D909F055F377EE61BCC12BAAD08F316497104DFA69765D7D5A04C2
  9892A8DBB1F2E997B980294899E7C8F1BBAFC519387A3BC7DFAEBF73890051C01CAE94C046C738AD
  ABF114A1311E2AFB625F95854DEB44D7D104ECE8F3CBA73AAA4365C028CAE3D585EAC980D88064D9
  33CBC951F82DE45CFD7422F8E8FB6A4D
Subject: 'CN: Cert CN'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      24705275634373472397913959111842546457302915278710046458429196107971203620518900
      85889996051958213090938989691323871611516168353538245753542340318167446221548635
      67911269725300641515785009885189293940887358974053993148509318435178111484052410
      72214344364244683088793223060590713951003322044817992841479781172826156997645163
      70784993866039143556837669831378860817098024438537135253644970737965953760024566
      22324555478329594901571378606988272402814596002534123398099376285556900954144977
      87439286935923126574798824924322834080550238750285058369308645348104266890130421
      563716816499870231348689769706202508344784145130254775919
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      24705275634373472397913959111842546457302915278710046458429196107971203620518900
      85889996051958213090938989691323871611516168353538245753542340318167446221548635
      67911269725300641515785009885189293940887358974053993148509318435178111484052410
      72214344364244683088793223060590713951003322044817992841479781172826156997645163
      70784993866039143556837669831378860817098024438537135253644970737965953760024566
      22324555478329594901571378606988272402814596002534123398099376285556900954144977
      87439286935923126574798824924322834080550238750285058369308645348104266890130421
      563716816499870231348689769706202508344784145130254775919
    public_exponent_e: '65537'
Validity:
  Not After: '2024-03-17 13:43:57+00:00'
  Not Before: '2024-03-16 13:43:57+00:00'
Version: 2

InitCryptoParser.to_file ¶

cert_pem

cert_pem = """
-----BEGIN CERTIFICATE-----
MIICsDCCAZigAwIBAgIUagjv68D6EIk/hIIA0mXliqJr/iIwDQYJKoZIhvcNAQEN
BQAwEjEQMA4GA1UEAwwHQ2VydCBDTjAeFw0yNDAzMDkxMzEwMTZaFw0yNDAzMTAx
MzEwMTZaMBIxEDAOBgNVBAMMB0NlcnQgQ04wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxw2sUZVazQcjpVN9NirPbQVLkPwIgFEQfOJwTXOhb2nofM0PA
edmVu+Kb5aw9+lZ3aJaLFOS2nFAdJ0gxINXsqdjVQ1Ok+uftWvanxql8GxDeD3sY
E92KyaRkzwyONq4dXefvRkB1j8w8gm9MbguFhZBMWlaKSqP/48mhWvJlca1zWAkY
H8moxXLcAIuvbc+qMbfNqah1LIvMkxlw1eiYogX8JPpd+OcuyPihXwIUHdl9s24S
ioqODCicBe8eegZZDfdlHQI/kyT88XqT5yHYXnhmgcjIDeCx1eAMXbVdUvzES/pi
qS7pNxvfZwLHvQsGDv7OaW+AoF7+MrunjXvtAgMBAAEwDQYJKoZIhvcNAQENBQAD
ggEBAAa6G9Xl0piwxXfVdr5gTcyHBMNfq9KzgdstTrgV38QXctiyREJW2Nu3A8mm
lsNBW+OyNOalKhYQSDrjG8D3VM6W5VfDlb2iYtBQRUfIkktSQ5/i8xifHulpHH5/
JTLMjePP+W2aOzu7o249PYnpizFsxwOWJGcF76Ouw98X/WKZMpJLSanS1hYmBrRi
vrZ+4lE8Vh4EO/pLMxktBot4cYAAYWIU6are0C4CW7LzmPRmkKcLmjxPDapEOj/d
iEEtcWJ2LNQ1UA0fzUEmrHGfasewdRpkY6K3/9psnnOOCH5T3cZfjawUq0cBpX81
C0c2MU/Ob0dcXJmIwbGA0PmIwVo=
-----END CERTIFICATE-----
"""

from pki_tools import Certificate

cert = Certificate.from_pem_string(cert_pem)

cert.to_file("out_cert.pem")

out_cert.pem

hex_serial `property` ¶

hex_serial: str

Parses the certificate serial into hex format

Returns:	`str` – String representing the hex value of the certificate serial number

public_key `property` ¶

public_key: bytes

Returns:	`bytes` – The bytes of the public key in PEM format

sign_alg_oid_name `property` ¶

sign_alg_oid_name: str

Returns:	`str` – The name of the signature algorithm such as: `SHA512WITHRSA`

tbs_bytes `property` ¶

tbs_bytes: bytes

Returns:	`bytes` – The to be signed bytes of this certificate

digest ¶

digest(algorithm: HashAlgorithm = HashAlgorithm(name=HashAlgorithmName.SHA512)) -> str

Gets the base64 encoded fingerprint of the certificate

Parameters:	`algorithm` (`HashAlgorithm`, default: `HashAlgorithm(name=HashAlgorithmName.SHA512)` ) – The algorithm to use to hash the fingerprint with

Returns:	`str` – Hashed and base64 encoded certificate fingerprint

from_cryptography `classmethod` ¶

from_cryptography(cert: x509.Certificate) -> Certificate

Create a Certificate object from a cryptography.x509.Certificate object.

Parameters:	`cert` (`x509.Certificate`) – The cryptography.x509.Certificate object.

Returns:	`Certificate`( `Certificate` ) – The created Certificate object.

Example¶

crypto_cert

from cryptography import x509

cert_pem = """
-----BEGIN CERTIFICATE-----
MIICsDCCAZigAwIBAgIUagjv68D6EIk/hIIA0mXliqJr/iIwDQYJKoZIhvcNAQEN
BQAwEjEQMA4GA1UEAwwHQ2VydCBDTjAeFw0yNDAzMDkxMzEwMTZaFw0yNDAzMTAx
MzEwMTZaMBIxEDAOBgNVBAMMB0NlcnQgQ04wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxw2sUZVazQcjpVN9NirPbQVLkPwIgFEQfOJwTXOhb2nofM0PA
edmVu+Kb5aw9+lZ3aJaLFOS2nFAdJ0gxINXsqdjVQ1Ok+uftWvanxql8GxDeD3sY
E92KyaRkzwyONq4dXefvRkB1j8w8gm9MbguFhZBMWlaKSqP/48mhWvJlca1zWAkY
H8moxXLcAIuvbc+qMbfNqah1LIvMkxlw1eiYogX8JPpd+OcuyPihXwIUHdl9s24S
ioqODCicBe8eegZZDfdlHQI/kyT88XqT5yHYXnhmgcjIDeCx1eAMXbVdUvzES/pi
qS7pNxvfZwLHvQsGDv7OaW+AoF7+MrunjXvtAgMBAAEwDQYJKoZIhvcNAQENBQAD
ggEBAAa6G9Xl0piwxXfVdr5gTcyHBMNfq9KzgdstTrgV38QXctiyREJW2Nu3A8mm
lsNBW+OyNOalKhYQSDrjG8D3VM6W5VfDlb2iYtBQRUfIkktSQ5/i8xifHulpHH5/
JTLMjePP+W2aOzu7o249PYnpizFsxwOWJGcF76Ouw98X/WKZMpJLSanS1hYmBrRi
vrZ+4lE8Vh4EO/pLMxktBot4cYAAYWIU6are0C4CW7LzmPRmkKcLmjxPDapEOj/d
iEEtcWJ2LNQ1UA0fzUEmrHGfasewdRpkY6K3/9psnnOOCH5T3cZfjawUq0cBpX81
C0c2MU/Ob0dcXJmIwbGA0PmIwVo=
-----END CERTIFICATE-----
"""

crypto_cert = x509.load_pem_x509_certificate(cert_pem.encode())

from pki_tools import Certificate

cert = Certificate.from_cryptography(crypto_cert)

print(cert)

Print output

Issuer: 'CN: Cert CN'
Serial Number: 6A08EFEBC0FA10893F848200D265E58AA26BFE22
Signature Algorithm: SHA512
Signature Value: |-
  06BA1BD5E5D298B0C577D576BE604DCC8704C35FABD2B381DB2D4EB815DFC41772D8B2444256D8DB
  B703C9A696C3415BE3B234E6A52A1610483AE31BC0F754CE96E557C395BDA262D0504547C8924B52
  439FE2F3189F1EE9691C7E7F2532CC8DE3CFF96D9A3B3BBBA36E3D3D89E98B316CC70396246705EF
  A3AEC3DF17FD629932924B49A9D2D6162606B462BEB67EE2513C561E043BFA4B33192D068B787180
  00616214E9AADED02E025BB2F398F46690A70B9A3C4F0DAA443A3FDD88412D7162762CD435500D1F
  CD4126AC719F6AC7B0751A6463A2B7FFDA6C9E738E087E53DDC65F8DAC14AB4701A57F350B473631
  4FCE6F475C5C9988C1B180D0F988C15A
Subject: 'CN: Cert CN'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      30519795842219718524154211452339367525522541418306388322222479091833299116991140
      09740263213211778932406753683969023225227261260389673597060169902106121179841034
      31187219419109541663272149747295496520180159087432616126691772239668099488528148
      13289122122347191908018216484406428594527992092037163959856854605762954418536599
      19979935283394834106080349369124577624086693846677247163161103215836435379325851
      79739035857994859657330621842935602784426350478700541817375449573933075543808561
      18104621405966149397007798324741701052325470419784481031726708819614894503041371
      625278920346237218103962726322958896412584334205897243629
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      30519795842219718524154211452339367525522541418306388322222479091833299116991140
      09740263213211778932406753683969023225227261260389673597060169902106121179841034
      31187219419109541663272149747295496520180159087432616126691772239668099488528148
      13289122122347191908018216484406428594527992092037163959856854605762954418536599
      19979935283394834106080349369124577624086693846677247163161103215836435379325851
      79739035857994859657330621842935602784426350478700541817375449573933075543808561
      18104621405966149397007798324741701052325470419784481031726708819614894503041371
      625278920346237218103962726322958896412584334205897243629
    public_exponent_e: '65537'
Validity:
  Not After: '2024-03-10 13:10:16+00:00'
  Not Before: '2024-03-09 13:10:16+00:00'
Version: 2

from_server `classmethod` ¶

from_server(uri: str, cache_time_seconds: int = CACHE_TIME_SECONDS) -> Certificate

Loads a server certificate from a URI

Parameters:	`uri` (`str`) – The https URI of the server containing the certificate `cache_time_seconds` (`int`, default: `CACHE_TIME_SECONDS` ) – How long the request should be cached in memory

Returns:	`Certificate` – The loaded Certificate object

Example¶

from pki_tools import Certificate

cert = Certificate.from_server("https://revoked-isrgrootx1.letsencrypt.org")

print(cert)

Print output

Extensions:
  Authority Information Access:
    Access Description:
    - Access Location:
        name: UniformResourceIdentifier
        value: http://r3.o.lencr.org
      Access Method: OCSP
    - Access Location:
        name: UniformResourceIdentifier
        value: http://r3.i.lencr.org/
      Access Method: CA_ISSUERS
  Authority Key Identifier:
    Key Identifier: 142EB317B75856CBAE500940E61FAF9D8B14C2C6
  Basic Constraints (critical):
    CA: false
  Certificate Policies:
  - Policy 2.23.140.1.2.1: []
  Extended Key Usage:
  - Server Authentication
  - Client Authentication
  Key Usage (critical): Digital Signature, Key Encipherment
  Subject Alternative Name:
  - name: DNSName
    value: revoked-isrgrootx1.letsencrypt.org
  Subject Key Identifier:
    Subject Key Identifier: 17580EEBFC5C74F8FCA9E7D26B7B46C2CAA4CB65
Issuer: 'C: US, CN: R3, O: Let''s Encrypt'
Serial Number: 3AB360B2E141EE0A0A5D7E07405B788D012
Signature Algorithm: SHA256
Signature Value: |-
  6524BFAA0418AC033CA8AE9B7D26270A0FD01D19C0D9C24DF62443049F751DAACC38DCD0F8D1B073
  BA69A597430D81417621A83B1AFBF1DA8BB89A8A9A66C1872214219F1AF0F538E3492935FBED9B07
  2753E1979754ADA825AE779F25A60E6168FE8B5A349A645CF53E8B92C4C89E48A10644B886DC5C45
  F1BA190FA21F5D9D3797EEF438BB43A0C7F3AD24DC5A362573B93807C63E967C34412AF06484192E
  EABBE0F36E586457631452550F57EECCC70CA2D18033219970CA585B7F9E048D079267419A5853B0
  91EC434E7486F0F2CEBB25A83E67906B25253D151C4648623AF65085D29CDA54A35AB69CF46FE5C5
  233B8883E07F8084D1E4BD044D3AFA4F
Subject: 'CN: revoked-isrgrootx1.letsencrypt.org'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      23839174628835585737865497707674190474897415317191932275801797752886922576439929
      23606111892535056472919273444108077458185259724177705966095207382680958653002768
      64978318542280697487184872371692210563784780155639469440229752176892536277475999
      75217593328595981266268943720688057618917965143208585315841050460997668640937715
      31151802418019082127796674420946429622942844685649712201709165874476137292993834
      39085956973880263992601153582729559608082829217959931969536985959906468775946948
      85364834380352119964620287584172658764708891053901110224014921892529600757418230
      858898666651845148139212940504939021007318913142493572379
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      23839174628835585737865497707674190474897415317191932275801797752886922576439929
      23606111892535056472919273444108077458185259724177705966095207382680958653002768
      64978318542280697487184872371692210563784780155639469440229752176892536277475999
      75217593328595981266268943720688057618917965143208585315841050460997668640937715
      31151802418019082127796674420946429622942844685649712201709165874476137292993834
      39085956973880263992601153582729559608082829217959931969536985959906468775946948
      85364834380352119964620287584172658764708891053901110224014921892529600757418230
      858898666651845148139212940504939021007318913142493572379
    public_exponent_e: '65537'
Validity:
  Not After: '2024-06-18 15:00:15+00:00'
  Not Before: '2024-03-20 15:00:16+00:00'
Version: 2

from_uri `classmethod` ¶

from_uri(uri: str, cache_time_seconds: int = CACHE_TIME_SECONDS) -> Certificate

Loads Certificates from a URI.

Parameters:	`uri` (`str`) – URI where the certificate can be downloaded. `cache_time_seconds` (`int`, default: `CACHE_TIME_SECONDS` ) – Specifies how long the certificate should be cached, default is 1 month.

Returns:	`Certificate` – Instance of Certificate containing the certificates `Certificate` – fetched from the URI.

Example¶

from pki_tools import Certificate

cert = Certificate.from_uri(
    "https://letsencrypt.org/certs/lets-encrypt-r3.pem"
)

print(cert)

Print output

Extensions:
  Authority Information Access:
    Access Description:
    - Access Location:
        name: UniformResourceIdentifier
        value: http://x1.i.lencr.org/
      Access Method: CA_ISSUERS
  Authority Key Identifier:
    Key Identifier: 79B459E67BB6E5E40173800888C81A58F6E99B6E
  Basic Constraints (critical):
    CA: true
  Certificate Policies:
  - Policy 2.23.140.1.2.1: []
  - Policy 1.3.6.1.4.1.44947.1.1.1: []
  Crl Distribution Points:
  - Full Name:
    - name: UniformResourceIdentifier
      value: http://x1.c.lencr.org/
  Extended Key Usage:
  - Client Authentication
  - Server Authentication
  Key Usage (critical): Digital Signature, Key Cert Sign, Crl Sign
  Path Lenght: 0
  Subject Key Identifier:
    Subject Key Identifier: 142EB317B75856CBAE500940E61FAF9D8B14C2C6
Issuer: 'C: US, CN: ISRG Root X1, O: Internet Security Research Group'
Serial Number: 912B084ACF0C18A753F6D62E25A75F5A
Signature Algorithm: SHA256
Signature Value: |-
  85CA4E473EA3F7854485BCD56778B29863AD754D1E963D336572542D81A0EAC3EDF820BF5FCCB770
  00B76E3BF65E94DEE4209FA6EF8BB203E7A2B5163C91CEB4ED3902E77C258A47E6656E3F46F4D9F0
  CE942BEE54CE12BC8C274BB8C1982FA2AFCD71914A08B7C8B8237B042D08F908573E83D904330A47
  2178098227C32AC89BB9CE5CF264C8C0BE79C04F8E6D440C5E92BB2EF78B10E1E81D4429DB5920ED
  63B921F81226949357A01D6504C10A22AE100D4397A1181F7EE0E08637B55AB1BD30BF876E2B2AFF
  214E1B05C3F51897F05EACC3A5B86AF02EBC3B33B9EE4BDECCFCE4AF840B863FC0554336F668E136
  176A8E99D1FFA540A734B7C0D063393539756EF2BA76C89302E9A94B6C17CE0C02D9BD81FB9FB768
  D40665B3823D7753F88E7903AD0A3107752A43D8559772C4290EF7C45D4EC8AE468430D7F2855F18
  A179BBE75E708B07E18693C3B98FDC6171252AAFDFED255052688B92DCE5D6B5E3DA7DD0876C8421
  31AE82F5FBB9ABC889173DE14CE5380EF6BD2BBD968114EBD5DB3D20A77E59D3E2F858F95BB848CD
  FE5C4F1629FE1E5523AFC811B08DEA7C9390172FFDACA20947463FF0E9B0B7FF284D6832D6675E1E
  69A393B8F59D8B2F0BD25243A66F3257654D3281DF3853855D7E5D6629EAB8DDE495B5CDB5561242
  CDC44EC6253844506DECCE005518FEE94964D44ECA979CB45BC073A8ABB847C2
Subject: 'C: US, CN: R3, O: Let''s Encrypt'
Subject Public Key Info:
  Parameters:
    Key Size: '2048'
    Modulus N: |-
      23607590023527405233483514815960094733025362836439268915823566209453533788829410
      72961269318866403396560128488938220067229162371221935157944246629213402577917087
      19030296756413322277205133704994143921747776293784333332814927820066440035084066
      69842374574620445942041275265465205367002253387972103578862358103547035353751037
      98689289193893953701371227696203175830312817811815601999781845906479379770505161
      19310429773226949916112639110772354331197195042061738975342154862253911562311683
      13218127765624386188467360149426877213161912342004781300247624712380387337803861
      727744706241919394251136381590874774264144198228326996757
    Public Exponent E: '65537'
  Public Key Algorithm:
    key_size: '2048'
    modulus_n: |-
      23607590023527405233483514815960094733025362836439268915823566209453533788829410
      72961269318866403396560128488938220067229162371221935157944246629213402577917087
      19030296756413322277205133704994143921747776293784333332814927820066440035084066
      69842374574620445942041275265465205367002253387972103578862358103547035353751037
      98689289193893953701371227696203175830312817811815601999781845906479379770505161
      19310429773226949916112639110772354331197195042061738975342154862253911562311683
      13218127765624386188467360149426877213161912342004781300247624712380387337803861
      727744706241919394251136381590874774264144198228326996757
    public_exponent_e: '65537'
Validity:
  Not After: '2025-09-15 16:00:00+00:00'
  Not Before: '2020-09-04 00:00:00+00:00'
Version: 2

sign ¶

sign(key_pair: CryptoKeyPair, signature_algorithm: Optional[SignatureAlgorithm] = None, req_key: Optional[CryptoPublicKey] = None) -> None

Signs a created Certificate object with a given CryptoKeyPair

Parameters:	`key_pair` (`CryptoKeyPair`) – Keypair containing the private key to sing the certificate with `signature_algorithm` (`Optional[SignatureAlgorithm]`, default: `None` ) – Algorithm to use for the signature `req_key` (`Optional[CryptoPublicKey]`, default: `None` ) – Can be used to sign another public key, defaults to the public key part in `key_pair`

verify_signature ¶

verify_signature(signed: InitCryptoParser) -> None

Verifies a signature of a signed entity against this issuer certificate

Parameters:	`signed` (`InitCryptoParser`) – The signed entity can either be a Certificate, CertificateRevocationList or a OCSPResponse

Raises:	`InvalidSignedType` – When the issuer has a non-supported type `SignatureVerificationFailed` – When the signature verification fails

SubjectPublicKeyInfo ¶

Bases: CryptoParser

Represents a certificate SubjectPublicKeyInfo.

Attributes:	`algorithm` (`CryptoPublicKey`) – The key algorithm in string format `parameters` (`Optional[Dict[str, str]]`) – The dict representation of the key

Validity ¶

Bases: BaseModel

Describes the validity of a certificate

Attributes:	`not_before` (`datetime.datetime`) – The start date of when the certificate will be valid `not_after` (`datetime.datetime`) – The date of when the certificate expires

Certificate ¶

Examples¶

Create self signed certificate¶

Create cross signed certificate¶

InitCryptoParser.from_pem_string¶

InitCryptoParser.from_file¶

InitCryptoParser.to_file¶

hex_serial property ¶

public_key property ¶

sign_alg_oid_name property ¶

tbs_bytes property ¶

digest ¶

from_cryptography classmethod ¶

Example¶

from_server classmethod ¶

Example¶

from_uri classmethod ¶

Example¶

sign ¶

verify_signature ¶

SubjectPublicKeyInfo ¶

Validity ¶

InitCryptoParser.from_pem_string ¶

InitCryptoParser.from_file ¶

InitCryptoParser.to_file ¶

hex_serial `property` ¶

public_key `property` ¶

sign_alg_oid_name `property` ¶

tbs_bytes `property` ¶

from_cryptography `classmethod` ¶

from_server `classmethod` ¶

from_uri `classmethod` ¶