ownca package
Submodules
ownca.exceptions module
Copyright (c) 2018-2020 Kairo de Araujo
- exception ownca.exceptions.OwnCAFatalError[source]
Bases:
Exception
No controlled Error, fatal error
- exception ownca.exceptions.OwnCAInconsistentData[source]
Bases:
Exception
Certificate file is inconsistent.
- exception ownca.exceptions.OwnCAIntermediate[source]
Bases:
Exception
CA is a Intermediate Certificate Authority missing certificate file
- exception ownca.exceptions.OwnCAInvalidCertificate[source]
Bases:
Exception
The certificate is invalid or not found
ownca.ownca module
Copyright (c) 2018-2022 Kairo de Araujo
- class ownca.ownca.CertificateAuthority(ca_storage=None, common_name=None, intermediate=False, maximum_days=825, **kwargs)[source]
Bases:
object
The primary Python OWNCA class.
This class initializes the Certificate Authority (CA).
- Parameters
ca_storage (str, required when there is no CA) – path where CA files and hosts files are stored. Default is the current directory (
os.getcwd()
)common_name (str, required when there is no CA) – Common Name for CA
dns_names (list of strings, optional) – List of DNS names
intermediate (bool, default False) – Intermediate Certificate Authority mode
oids (dict, optional, all keys are optional) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values:
'country_name': str (two letters)
,'locality_name': str
,'state_or_province': str
,'street_address': str
,'organization_name': str
,'organization_unit_name': str
,'email_address': str
,public_exponent (int, default: 65537) – Public Exponent
key_size (int, default: 2048) – Key size
- property cert
Get CA certificate
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509.Certificate
- property cert_bytes
Get CA certificate in bytes
- Returns
certificate
- Return type
bytes,
- property certificates
Get the CA list of issued/managed certificates
- Returns
List of certificates (default is host/domain)
- Return type
list
- property common_name
Get CA common name
- Returns
CA common name
- Return type
str
- property crl
Get CA certificate revocation list (crl)
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509. _CertificateRevocationList
- property crl_bytes
Get CA certificate revocation list (crl)
- Returns
certificate class
- Return type
bytes
- property csr
Get CA Certificate Signing Request
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509. _CertificateSigningRequest
- property csr_bytes
Get CA Certificate Signing Request in bytes
- Returns
certificate class
- Return type
bytes
- property hash_name
Get the CA hash name
- Returns
CA hash name
- Return type
str
- initialize(common_name=None, dns_names=None, intermediate=False, maximum_days=825, public_exponent=65537, key_size=2048)[source]
Initialize the Certificate Authority (CA)
- Parameters
common_name (str, required) – CA Common Name (CN)
dns_names (list of strings, optional) – List of DNS names
maximum_days (int, default: 825) – Certificate maximum days duration
public_exponent (int, default: 65537) – Public Exponent
intermediate (bool, default False) – Intermediate Certificate Authority mode
key_size (int, default: 2048) – Key size
- Returns
tuple with CA certificate, CA Key and CA Public key
- Return type
tuple (
cryptography.x509.Certificate
,cryptography.hazmat.backends.openssl.rsa
, string public key )
- issue_certificate(hostname, maximum_days=825, common_name=None, dns_names=None, oids=None, public_exponent=65537, key_size=2048, ca=True)[source]
Issues a new certificate signed by the CA
- Parameters
hostname (str, required) – Hostname
maximum_days (int, default: 825) – Certificate maximum days duration
common_name (str, optional) – Common Name (CN) when loading existent certificate
dns_names (list of strings, optional) – List of DNS names
oids (dict, optional, all keys are optional) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values:
'country_name': str (two letters)
,'locality_name': str
,'state_or_province': str
,'street_address': str
,'organization_name': str
,'organization_unit_name': str
,'email_address': str
,public_exponent (int, default: 65537) – Public Exponent
key_size (int, default: 2048) – Key size
ca (bool, default True.) – Certificate is CA or not.
- Returns
host object
- Return type
ownca.ownca.HostCertificate
- property key
Get CA RSA Private key
- Returns
RSA Private Key class
- Return type
class,
cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
- property key_bytes
Get CA RSA Private key in bytes
- Returns
RSA Private Key
- Return type
bytes
- load_certificate(hostname)[source]
Loads an existent certificate.
- Parameters
hostname (str, required) – Hostname (common name)
- Returns
host object
- Return type
ownca.ownca.HostCertificate
- property public_key
Get CA RSA Public key
- Returns
RSA Public Key class
- Return type
class,
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
- property public_key_bytes
Get CA RSA Public key in bytes
- Returns
RSA Public Key class
- Return type
bytes
- revoke_certificate(hostname, common_name=None)[source]
Revokes an existent certificate owned by CA. It also updates the CA Certificate Revoked List.
- Parameters
hostname (str, required) – Hostname
common_name (str, optional) – Common Name (CN) when loading existent certificate
- Returns
CA object
- Return type
ownca.ownca.CertificateAuthority
- sign_csr(csr, csr_public_key, maximum_days=825)[source]
Signs an Certificate Sigining Request and generates the certificates.
- Parameters
hostname (str, required) – Hostname
csr – Certificate Signing Request Object
csr – class,
cryptography.hazmat.backends.openssl.x509. _CertificateSigningRequest
maximum_days (int, default: 825) – Certificate maximum days duration
- Return type
class,
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
- Returns
host object
- Return type
ownca.ownca.CertificateAuthority
- property status
This method give the CA storage status
- Returns
dict
ownca.utils.ownca_directory
{ "type": "Certificate Authority" or "Intermediate Certificate Authority", "certificate": bool, "crl": bool, "csr": bool, "key": bool, "public_key": bool, "ca_home": None or str, }
- property type
This method give the Certificate Authority type ‘Certificate Authority’ or ‘Intermediate Certificate Authority’
- Returns
str
- class ownca.ownca.HostCertificate(common_name, files, cert_data)[source]
Bases:
object
This class provide the host certificate methods.
- Parameters
common_name (str, required) – Host CN (Common Name), FQDN standard is required.
files (dict, required) –
files path (certificate, key and public key) from host
{ "certificate": str, "key": str, "public_key": str, }
cert_data (object, required) – certificate data
ownca.OwncaCertData
- property cert
Get certificate
- Returns
certificate object
- Return type
object,
cryptography.hazmat.backends.openssl.x509.Certificate
- property cert_bytes
Get certificate in bytes
- Returns
certificate
- Return type
bytes,
- property common_name
Get common name
- Returns
common name
- Return type
str
- property csr
Get Certificate Signing Request
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509. _CertificateSigningRequest
- property csr_bytes
Get Certificate Signing Request in bytes
- Returns
certificate class
- Return type
bytes
- property key
Get RSA Private key
- Returns
RSA Private Key class
- Return type
object,
cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
- property key_bytes
Get RSA Private key in bytes
- Returns
RSA Private Key
- Return type
bytes
- property public_key
Get RSA Public key
- Returns
RSA Public Key class
- Return type
object,
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
- property public_key_bytes
Get RSA Public key in bytes
- Returns
RSA Public Key class
- Return type
bytes
- property revoked
Get revoked state
- Returns
True when revoked and False when valid.
- Return type
str
- class ownca.ownca.OwncaCertData(data)[source]
Bases:
object
Generates Ownca Certificate Data Structure
- Parameters
data (dict) –
Certificate Data
{ "cert": cryptography.x509.Certificate, "cert_bytes": bytes, "csr": ``cryptography.x509._CertificateSigningRequest`` "csr_bytes: bytes, "key": cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey, "key_bytes": bytes, "public_key": cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey, "public_key_bytes": bytes, "crl": cryptography.hazmat.backends.openssl.rsa._RSAPublicKey, "crl_bytes": bytes }
- Returns
OwncaCertData
- Return type
ownca.ownca.OwncaCertData
- Raises
exceptions.OwnCAInvalidDataStructure
- property cert
Method to get the certificate
- Returns
certificate
- Return type
cryptography.x509.Certificate
- property cert_bytes
Method to get the certificate in
bytes
- Returns
certificate
- Return type
bytes
- property crl
Method to get the certificate revocation list (crl)
- Returns
certificate revocation list (crl)
- Return type
cryptography.hazmat.backends.openssl.x509. _CertificateRevocationList
- property crl_bytes
Method to get the certificate revocation list (crl)
- Returns
certificate revocation list (crl)
- Return type
bytes
- property csr
Method to get the certificate signing request if an Intermediate CA
- Returns
csr
- Return type
cryptography.x509._CertificateSigningRequest
- property csr_bytes
Method to get the certificate signing request in bytes
- Returns
csr
- Return type
bytes
- property key
Method to get the key
- Returns
key
- Return type
cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
- property key_bytes
Method to get the key in
bytes
- Returns
key
- Return type
bytes
- property public_key
Method to get the public key
- Returns
key
- Return type
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
- property public_key_bytes
Method to get the public key in
bytes
- Returns
public key
- Return type
bytes
- ownca.ownca.format_oids(oids_parameters)[source]
Format dictionary OIDs to
cryptography.x509.oid.NameOID
object list- Parameters
oids_parameters (dict, required) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values:
'country_name': str (two letters)
,'locality_name': str
,'state_or_province': str
,'street_address': str
,'organization_name': str
,'organization_unit_name': str
,'email_address': str
,- Returns
cryptography.x509.oid.NameOID
object list- Return type
object
cryptography.x509.oid.NameOID
object list
- ownca.ownca.load_cert_files(common_name, key_file, public_key_file, csr_file, certificate_file, crl_file)[source]
Loads the certificate, keys and revoked list files from storage
- Parameters
common_name (str, required when there is no CA) – Common Name for CA
key_file (str, required) – key file full path
public_key_file (str, required) – public key file full path
csr_file (str, required) – certificate signing request file full path
certificate_file (str, required) – certificate file full path
crl_file – certificate revocation list file full path
- Returns
OwncaCertData
- Raises
OwnCAInconsistentData
ownca.utils module
Copyright (c) 2018-2022 Kairo de Araujo
- class ownca.utils.CAStatus(ca_type_intermediate: bool = False, ca_home: str = '', certificate: bool = False, crl: bool = False, csr: bool = False, key: bool = False, public_key: bool = False)[source]
Bases:
object
- ca_home: str = ''
- ca_type_intermediate: bool = False
- certificate: bool = False
- crl: bool = False
- csr: bool = False
- key: bool = False
- public_key: bool = False
- ownca.utils.file_data_status(ca_status: CAStatus) Optional[bool] [source]
Verify the CA status based in the existent files.
- Parameters
ca_status (CAStatus, required) – current
ca_status
file dictionary:ownca.utils.ownca_directory
- Returns
True, False or None
- Return type
bool or None
- ownca.utils.ownca_directory(ca_storage: str) CAStatus [source]
Validates and manage CA storage directory and subfolders structure files.
- Parameters
ca_storage (string, required) – CA storage
- Returns
dict with state of ownca storage files
- Return type
- ownca.utils.store_file(file_data: bytes, file_path: str, force: bool, permission: Optional[int]) bool [source]
Stores (write) files in the storage
- Parameters
file_data (str, required) – the file data
file_path (str, required) – the file absolute path
permission (int, optional) – operating-system mode bitfield
- Returns
bool
- Return type
boolean
Module contents
Copyright (c) 2018, 2019, 2020 Kairo de Araujo