cert_chain_resolver package

Submodules

cert_chain_resolver.resolver module

cert_chain_resolver.resolver.resolve(bytes_cert: bytes, _chain: CertificateChain | None = None, root_ca_store: CAStore | None = None) → CertificateChain[source]

A recursive function that follows the CA issuer chain

Parameters:

bytes_cert – A DER/PKCS7/PEM certificate
_chain – Chain to complete. Defaults to None.
root_ca_store – A CAStore to use for completing the chain with a root certificate in case the intermediates do not provide a location

Returns:

All resolved certificates in chain

cert_chain_resolver.models module

class cert_chain_resolver.models.Cert(x509_obj: Certificate)[source]

Bases: object

The Cert object, which is a convenience wrapper for interacting with the underlying cryptography.x509.Certificate object

Parameters:: x509_obj – An instance of cryptography.x509.Certificate
Raises:: TypeError – given type is not an instance of cryptography.x509.Certificate

property ca_issuer_access_location: str | None: URL that contains the CA issuer certificate

property common_name: str: Extracted common name from the underlying cryptography.x509.Certificate object

export(encoding: ~cryptography.hazmat.primitives._serialization.Encoding = <Encoding.PEM: 'PEM'>) → str[source]

Export the cryptography.x509.Certificate object” as text

Parameters:: encoding (cryptography.hazmat.primitives.serialization.Encoding, optional) – The output format. Defaults to Encoding.PEM.
Returns:: ascii formatted

property fingerprint: str: ascii encoded sha256 fingerprint by calling get_fingerprint()

get_fingerprint(_hash: ~typing.Type[~cryptography.hazmat.primitives.hashes.HashAlgorithm] = <class 'cryptography.hazmat.primitives.hashes.SHA256'>) → str[source]

Get fingerprint of the certificate

Parameters:: _hash (cryptography.hazmat.primitives.hashes, optional) – Hasher to use. Defaults to hashes.SHA256.
Returns:: hex representation of the fingerprint

property is_ca: bool: Checks whether the Certificate Authority bit has been set

is_issued_by(other: Cert) → bool[source]: Verify if certificate is issued by the passed CA cert

property is_root: bool: Checks whether the certificate is a root

property issuer: str: RFC4515 formatted string of the issuer field from the underlying cryptography.x509.Certificate object

classmethod load(bytes_input: bytes) → Cert[source]

Create a Cert object

:param bytes_input bytes PEM or DER:

Raises:: ImproperlyFormattedCert <ImproperlyFormattedCert> –

property not_valid_after: datetime.datetime: Date from the underlying cryptography.x509.Certificate object

property not_valid_before: datetime.datetime: Date from the underlying cryptography.x509.Certificate object

property serial: int: gets the serial from the underlying cryptography.x509.Certificate object

property signature_hash_algorithm: str: gets the signature hashing algorithm name from the underlying cryptography.x509.Certificate object

property subject: str: RFC4515 formatted string of the subject field from the underlying cryptography.x509.Certificate object

property subject_alternative_names: List[str]

Extracted x509 Extensions from the cryptography.x509.Certificate object

Type:: list(str)

class cert_chain_resolver.models.CertificateChain(chain: CertificateChain | None | List[Cert] = None)[source]

Bases: object

Creates an iterable that contains a list of Cert objects.

Parameters:: chain – Create a new CertificateChain based on this chain. Defaults to None.

property intermediates: CertificateChain: A new CertificateChain object with only intermediate certificates

property leaf: Cert

in the chain. Also known as the ‘leaf’

Type:: First Cert

classmethod load_from_pem(input_bytes: bytes) → CertificateChain[source]: Create a CertificateChain object from a PEM formatted file

property root: Cert | None

in the chain that can be identified as root or None if no root is present

Type:: Last Cert

cert_chain_resolver.utils module

cert_chain_resolver.utils.load_ascii_to_x509(bytes_input: bytes) → Certificate[source]: Converts ASCII PKCS7 or Certificate to a cryptography.x509.Certificate object

cert_chain_resolver.utils.load_bytes_to_x509(bytes_input: bytes) → Certificate[source]: Converts Certificate / PKCS7 in ASCII or DER to cryptography.x509.Certificate object

cert_chain_resolver.utils.load_der_to_x509(bytes_input: bytes) → Certificate[source]: Converts bytes formatted DER (PKCS7 or Cert) to cryptography.x509.Certificate object

cert_chain_resolver.cli module

cert_chain_resolver.cli.cli(file_bytes: bytes, show_details: bool = False, include_root: bool = False, root_ca_store: CAStore | None = None) → None[source]

cert_chain_resolver.cli.main()[source]

cert_chain_resolver.cli.parse_args()[source]

cert_chain_resolver.exceptions module

exception cert_chain_resolver.exceptions.CertificateChainResolverError[source]: Bases: Exception

exception cert_chain_resolver.exceptions.ImproperlyFormattedCert[source]: Bases: CertificateChainResolverError

exception cert_chain_resolver.exceptions.MissingCertProperty[source]: Bases: CertificateChainResolverError

exception cert_chain_resolver.exceptions.Python2IncompatibleFeature[source]: Bases: CertificateChainResolverError

exception cert_chain_resolver.exceptions.RootCertificateNotFound[source]: Bases: CertificateChainResolverError