ownca package

Submodules

ownca.exceptions module

Copyright (c) 2018-2020 Kairo de Araujo

exception ownca.exceptions.OwnCAFatalError[source]

Bases: Exception

No controlled Error, fatal error

exception ownca.exceptions.OwnCAInconsistentData[source]

Bases: Exception

Certificate file is inconsistent.

exception ownca.exceptions.OwnCAIntermediate[source]

Bases: Exception

CA is a Intermediate Certificate Authority missing certificate file

exception ownca.exceptions.OwnCAInvalidCertificate[source]

Bases: Exception

The certificate is invalid or not found

exception ownca.exceptions.OwnCAInvalidDataStructure[source]

Bases: Exception

Invalid Ownca Data Structure.

exception ownca.exceptions.OwnCAInvalidFiles[source]

Bases: Exception

CA Files are inconsistent.

exception ownca.exceptions.OwnCAInvalidOID[source]

Bases: Exception

Invalid OID

ownca.ownca module

Copyright (c) 2018-2022 Kairo de Araujo

class ownca.ownca.CertificateAuthority(ca_storage=None, common_name=None, intermediate=False, maximum_days=825, **kwargs)[source]

Bases: object

The primary Python OWNCA class.

This class initializes the Certificate Authority (CA).

Parameters

  • ca_storage (str, required when there is no CA) – path where CA files and hosts files are stored. Default is the current directory (os.getcwd())

  • common_name (str, required when there is no CA) – Common Name for CA

  • dns_names (list of strings, optional) – List of DNS names

  • intermediate (bool, default False) – Intermediate Certificate Authority mode

  • oids (dict, optional, all keys are optional) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values: 'country_name': str (two letters), 'locality_name': str, 'state_or_province': str, 'street_address': str, 'organization_name': str, 'organization_unit_name': str, 'email_address': str,

  • public_exponent (int, default: 65537) – Public Exponent

  • key_size (int, default: 2048) – Key size

property cert

Get CA certificate

Returns

certificate class

Return type

class, cryptography.hazmat.backends.openssl.x509.Certificate

property cert_bytes

Get CA certificate in bytes

Returns

certificate

Return type

bytes,

property certificates

Get the CA list of issued/managed certificates

Returns

List of certificates (default is host/domain)

Return type

list

property common_name

Get CA common name

Returns

CA common name

Return type

str

property crl

Get CA certificate revocation list (crl)

Returns

certificate class

Return type

class, cryptography.hazmat.backends.openssl.x509.            _CertificateRevocationList

property crl_bytes

Get CA certificate revocation list (crl)

Returns

certificate class

Return type

bytes

property csr

Get CA Certificate Signing Request

Returns

certificate class

Return type

class, cryptography.hazmat.backends.openssl.x509.            _CertificateSigningRequest

property csr_bytes

Get CA Certificate Signing Request in bytes

Returns

certificate class

Return type

bytes

property hash_name

Get the CA hash name

Returns

CA hash name

Return type

str

initialize(common_name=None, dns_names=None, intermediate=False, maximum_days=825, public_exponent=65537, key_size=2048)[source]

Initialize the Certificate Authority (CA)

Parameters

  • common_name (str, required) – CA Common Name (CN)

  • dns_names (list of strings, optional) – List of DNS names

  • maximum_days (int, default: 825) – Certificate maximum days duration

  • public_exponent (int, default: 65537) – Public Exponent

  • intermediate (bool, default False) – Intermediate Certificate Authority mode

  • key_size (int, default: 2048) – Key size

Returns

tuple with CA certificate, CA Key and CA Public key

Return type

tuple ( cryptography.x509.Certificate, cryptography.hazmat.backends.openssl.rsa, string public key )

issue_certificate(hostname, maximum_days=825, common_name=None, dns_names=None, oids=None, public_exponent=65537, key_size=2048, ca=True)[source]

Issues a new certificate signed by the CA

Parameters

  • hostname (str, required) – Hostname

  • maximum_days (int, default: 825) – Certificate maximum days duration

  • common_name (str, optional) – Common Name (CN) when loading existent certificate

  • dns_names (list of strings, optional) – List of DNS names

  • oids (dict, optional, all keys are optional) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values: 'country_name': str (two letters), 'locality_name': str, 'state_or_province': str, 'street_address': str, 'organization_name': str, 'organization_unit_name': str, 'email_address': str,

  • public_exponent (int, default: 65537) – Public Exponent

  • key_size (int, default: 2048) – Key size

  • ca (bool, default True.) – Certificate is CA or not.

Returns

host object

Return type

ownca.ownca.HostCertificate

property key

Get CA RSA Private key

Returns

RSA Private Key class

Return type

class, cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey

property key_bytes

Get CA RSA Private key in bytes

Returns

RSA Private Key

Return type

bytes

load_certificate(hostname)[source]

Loads an existent certificate.

Parameters

hostname (str, required) – Hostname (common name)

Returns

host object

Return type

ownca.ownca.HostCertificate

property public_key

Get CA RSA Public key

Returns

RSA Public Key class

Return type

class, cryptography.hazmat.backends.openssl.rsa._RSAPublicKey

property public_key_bytes

Get CA RSA Public key in bytes

Returns

RSA Public Key class

Return type

bytes

revoke_certificate(hostname, common_name=None)[source]

Revokes an existent certificate owned by CA. It also updates the CA Certificate Revoked List.

Parameters

  • hostname (str, required) – Hostname

  • common_name (str, optional) – Common Name (CN) when loading existent certificate

Returns

CA object

Return type

ownca.ownca.CertificateAuthority

sign_csr(csr, csr_public_key, maximum_days=825)[source]

Signs an Certificate Sigining Request and generates the certificates.

Parameters

  • hostname (str, required) – Hostname

  • csr – Certificate Signing Request Object

  • csr – class, cryptography.hazmat.backends.openssl.x509.        _CertificateSigningRequest

  • maximum_days (int, default: 825) – Certificate maximum days duration

Return type

class, cryptography.hazmat.backends.openssl.rsa._RSAPublicKey

Returns

host object

Return type

ownca.ownca.CertificateAuthority

property status

This method give the CA storage status

Returns

dict ownca.utils.ownca_directory

{
    "type": "Certificate Authority" or
        "Intermediate Certificate Authority",
    "certificate": bool,
    "crl": bool,
    "csr": bool,
    "key": bool,
    "public_key": bool,
    "ca_home": None or str,
}
property type

This method give the Certificate Authority type ‘Certificate Authority’ or ‘Intermediate Certificate Authority’

Returns

str

class ownca.ownca.HostCertificate(common_name, files, cert_data)[source]

Bases: object

This class provide the host certificate methods.

Parameters

  • common_name (str, required) – Host CN (Common Name), FQDN standard is required.

  • files (dict, required) –

    files path (certificate, key and public key) from host

    {
    "certificate": str,
    "key": str,
    "public_key": str,
}

  • cert_data (object, required) – certificate data ownca.OwncaCertData

property cert

Get certificate

Returns

certificate object

Return type

object, cryptography.hazmat.backends.openssl.x509.Certificate

property cert_bytes

Get certificate in bytes

Returns

certificate

Return type

bytes,

property common_name

Get common name

Returns

common name

Return type

str

property csr

Get Certificate Signing Request

Returns

certificate class

Return type

class, cryptography.hazmat.backends.openssl.x509.            _CertificateSigningRequest

property csr_bytes

Get Certificate Signing Request in bytes

Returns

certificate class

Return type

bytes

property key

Get RSA Private key

Returns

RSA Private Key class

Return type

object, cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey

property key_bytes

Get RSA Private key in bytes

Returns

RSA Private Key

Return type

bytes

property public_key

Get RSA Public key

Returns

RSA Public Key class

Return type

object, cryptography.hazmat.backends.openssl.rsa._RSAPublicKey

property public_key_bytes

Get RSA Public key in bytes

Returns

RSA Public Key class

Return type

bytes

property revoked

Get revoked state

Returns

True when revoked and False when valid.

Return type

str

class ownca.ownca.OwncaCertData(data)[source]

Bases: object

Generates Ownca Certificate Data Structure

Parameters

data (dict) –

Certificate Data

{
   "cert": cryptography.x509.Certificate,
   "cert_bytes": bytes,
   "csr": ``cryptography.x509._CertificateSigningRequest``
   "csr_bytes: bytes,
   "key": cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey,
   "key_bytes": bytes,
   "public_key":
    cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey,
   "public_key_bytes": bytes,
   "crl":
    cryptography.hazmat.backends.openssl.rsa._RSAPublicKey,
    "crl_bytes": bytes
}

Returns

OwncaCertData

Return type

ownca.ownca.OwncaCertData

Raises

exceptions.OwnCAInvalidDataStructure

property cert

Method to get the certificate

Returns

certificate

Return type

cryptography.x509.Certificate

property cert_bytes

Method to get the certificate in bytes

Returns

certificate

Return type

bytes

property crl

Method to get the certificate revocation list (crl)

Returns

certificate revocation list (crl)

Return type

cryptography.hazmat.backends.openssl.x509.        _CertificateRevocationList

property crl_bytes

Method to get the certificate revocation list (crl)

Returns

certificate revocation list (crl)

Return type

bytes

property csr

Method to get the certificate signing request if an Intermediate CA

Returns

csr

Return type

cryptography.x509._CertificateSigningRequest

property csr_bytes

Method to get the certificate signing request in bytes

Returns

csr

Return type

bytes

property key

Method to get the key

Returns

key

Return type

cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey

property key_bytes

Method to get the key in bytes

Returns

key

Return type

bytes

property public_key

Method to get the public key

Returns

key

Return type

cryptography.hazmat.backends.openssl.rsa._RSAPublicKey

property public_key_bytes

Method to get the public key in bytes

Returns

public key

Return type

bytes

ownca.ownca.format_oids(oids_parameters)[source]

Format dictionary OIDs to cryptography.x509.oid.NameOID object list

Parameters

oids_parameters (dict, required) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values: 'country_name': str (two letters), 'locality_name': str, 'state_or_province': str, 'street_address': str, 'organization_name': str, 'organization_unit_name': str, 'email_address': str,

Returns

cryptography.x509.oid.NameOID object list

Return type

object cryptography.x509.oid.NameOID object list

ownca.ownca.load_cert_files(common_name, key_file, public_key_file, csr_file, certificate_file, crl_file)[source]

Loads the certificate, keys and revoked list files from storage

Parameters

  • common_name (str, required when there is no CA) – Common Name for CA

  • key_file (str, required) – key file full path

  • public_key_file (str, required) – public key file full path

  • csr_file (str, required) – certificate signing request file full path

  • certificate_file (str, required) – certificate file full path

  • crl_file – certificate revocation list file full path

Returns

OwncaCertData

Raises

OwnCAInconsistentData

ownca.utils module

Copyright (c) 2018-2022 Kairo de Araujo

class ownca.utils.CAStatus(ca_type_intermediate: bool = False, ca_home: str = '', certificate: bool = False, crl: bool = False, csr: bool = False, key: bool = False, public_key: bool = False)[source]

Bases: object

ca_home: str = ''
ca_type_intermediate: bool = False
certificate: bool = False
crl: bool = False
csr: bool = False
key: bool = False
public_key: bool = False
ownca.utils.file_data_status(ca_status: CAStatus) Optional[bool][source]

Verify the CA status based in the existent files.

Parameters

ca_status (CAStatus, required) – current ca_status file dictionary: ownca.utils.ownca_directory

Returns

True, False or None

Return type

bool or None

ownca.utils.ownca_directory(ca_storage: str) CAStatus[source]

Validates and manage CA storage directory and subfolders structure files.

Parameters

ca_storage (string, required) – CA storage

Returns

dict with state of ownca storage files

Return type

CAStatus

ownca.utils.store_file(file_data: bytes, file_path: str, force: bool, permission: Optional[int]) bool[source]

Stores (write) files in the storage

Parameters

  • file_data (str, required) – the file data

  • file_path (str, required) – the file absolute path

  • permission (int, optional) – operating-system mode bitfield

Returns

bool

Return type

boolean

ownca.utils.validate_hostname(hostname: str) bool[source]

Validates if the hostname follows the common Internet rules for FQDN

Parameters

hostname (sting, required) – string hostname

Returns

bool

Return type

bool

Module contents

Copyright (c) 2018, 2019, 2020 Kairo de Araujo