Certificate chain resolver¶
Resolve / obtain the certificate intermediates of a x509 certificate.
Installation¶
Pypi package:
$ pip install cert-chain-resolver
From source:
$ git clone git@github.com:rkoopmans/python-certificate-chain-resolver.git
$ pip install python-certificate-chain-resolver
CLI Usage¶
$ cert_chain_resolver certificate.crt > bundle.crt
Or read from stdin
$ cat certificate.crt | cert_chain_resolver > bundle.crt
API¶
Resolve a certificate chain
>>> from cert_chain_resolver.api import resolve
>>> with open('cert.pem', 'rb') as f:
>>> fb = f.read()
>>> chain = resolve(fb)
>>>
>>> for cert in chain:
>>> print(cert)
<Cert common_name="cert-chain-resolver.remcokoopmans.com" subject="CN=cert-chain-resolver.remcokoopmans.com" issuer="CN=R3,O=Let's Encrypt,C=US">
<Cert common_name="R3" subject="CN=R3,O=Let's Encrypt,C=US" issuer="CN=DST Root CA X3,O=Digital Signature Trust Co.">
<Cert common_name="DST Root CA X3" subject="CN=DST Root CA X3,O=Digital Signature Trust Co." issuer="CN=DST Root CA X3,O=Digital Signature Trust Co.">
cert_chain_resolver¶
cert_chain_resolver package¶
Submodules¶
cert_chain_resolver.cli module¶
cert_chain_resolver.exceptions module¶
cert_chain_resolver.models module¶
-
class
cert_chain_resolver.models.Cert(x509_obj)[source]¶ Bases:
objectThe
Certobject, which is a convenience wrapper for interacting with the underlyingcryptography.x509.Certificateobject- Parameters
x509_obj (
cryptography.x509.Certificate) – An instance ofcryptography.x509.Certificate- Raises
ValueError – given type is not an instance of
cryptography.x509.Certificate
-
property
common_name¶ Extracted common name from the underlying
cryptography.x509.Certificateobject- Type
-
export(encoding=<Encoding.PEM: 'PEM'>)[source]¶ Export the
cryptography.x509.Certificateobject”- Parameters
encoding (
cryptography.hazmat.primitives.serialization.Encoding, optional) – The output format. Defaults to Encoding.PEM.- Returns
ascii formatted
- Return type
-
property
fingerprint¶ ascii encoded sha256 fingerprint by calling
get_fingerprint()- Type
-
get_fingerprint(_hash=<class 'cryptography.hazmat.primitives.hashes.SHA256'>)[source]¶ Get fingerprint of the certificate
- Parameters
_hash (
cryptography.hazmat.primitives.hashes, optional) – Hasher to use. Defaults to hashes.SHA256.- Returns
ascii formatted fingerprint
- Return type
-
property
issuer¶ RFC4515 formatted string of the issuer field from the underlying
cryptography.x509.Certificateobject- Type
-
property
not_valid_after¶ from the underlying
cryptography.x509.Certificateobject- Type
-
property
not_valid_before¶ from the underlying
cryptography.x509.Certificateobject- Type
-
property
serial¶ gets the serial from the underlying
cryptography.x509.Certificateobject- Type
-
property
signature_hash_algorithm¶ gets the signature hashing algorithm name from the underlying
cryptography.x509.Certificateobject- Type
-
property
subject¶ RFC4515 formatted string of the subject field from the underlying
cryptography.x509.Certificateobject- Type
-
property
subject_alternative_names¶ Extracted x509 Extensions from the
cryptography.x509.Certificateobject
-
class
cert_chain_resolver.models.CertificateChain(chain=None)[source]¶ Bases:
objectCreates an iterable that contains a list of
Certobjects.- Parameters
chain (
CertificateChain, optional) – Create a new CertificateChain based on this chain. Defaults to None.
-
property
intermediates¶ A new
CertificateChainobject with only intermediate certificates
cert_chain_resolver.resolver module¶
-
cert_chain_resolver.resolver.resolve(bytes_cert, _chain=None)[source]¶ A recursive function that follows the CA issuer chain
- Parameters
bytes_cert (bytes) – A DER/PKCS7/PEM certificate
_chain (
CertificateChain, optional) – Chain to complete. Defaults to None.
- Returns
All resolved certificates in chain
- Return type
CertificateChain