ownca package¶
Submodules¶
ownca.exceptions module¶
Copyright (c) 2018-2020 Kairo de Araujo
-
exception
ownca.exceptions.
OnwCAInvalidDataStructure
[source]¶ Bases:
Exception
Invalid Ownca Data Structure.
-
exception
ownca.exceptions.
OwnCAFatalError
[source]¶ Bases:
Exception
No controlled Error, fatal error
-
exception
ownca.exceptions.
OwnCAInconsistentData
[source]¶ Bases:
Exception
Certificate file is inconsistent.
-
exception
ownca.exceptions.
OwnCAIntermediate
[source]¶ Bases:
Exception
CA is a Intermediate Certificate Authority missing certificate file
ownca.ownca module¶
Copyright (c) 2018-2020 Kairo de Araujo
-
class
ownca.ownca.
CertificateAuthority
(ca_storage=None, common_name=None, intermediate=False, maximum_days=825, **kwargs)[source]¶ Bases:
object
The primary Python OWNCA class.
This class initializes the Certificate Authority (CA).
- Parameters
ca_storage (str, required when there is no CA) – path where CA files and hosts files are stored. Default is the current directory (
os.getcwd()
)common_name (str, required when there is no CA) – Common Name for CA
dns_names (list of strings, optional) – List of DNS names
intermediate (bool, default False) – Intermediate Certificate Authority mode
oids (dict, optional, all keys are optional) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values:
'country_name': str (two letters)
,'locality_name': str
,'state_or_province': str
,'street_address': str
,'organization_name': str
,'organization_unit_name': str
,'email_address': str
,public_exponent (int, default: 65537) – Public Exponent
key_size (int, default: 2048) – Key size
-
property
cert
¶ Get CA certificate
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509.Certificate
-
property
cert_bytes
¶ Get CA certificate in bytes
- Returns
certificate
- Return type
bytes,
-
property
certificates
¶ Get the CA list of issued/managed certificates
- Returns
List of certificates (default is host/domain)
- Return type
list
-
property
common_name
¶ Get CA common name
- Returns
CA common name
- Return type
str
-
property
crl
¶ Get CA certificate revocation list (crl)
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509. _CertificateRevocationList
-
property
crl_bytes
¶ Get CA certificate revocation list (crl)
- Returns
certificate class
- Return type
bytes
-
property
csr
¶ Get CA Certificate Signing Request
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509. _CertificateSigningRequest
-
property
csr_bytes
¶ Get CA Certificate Signing Request in bytes
- Returns
certificate class
- Return type
bytes
-
property
hash_name
¶ Get the CA hash name
- Returns
CA hash name
- Return type
str
-
initialize
(common_name=None, dns_names=None, intermediate=False, maximum_days=825, public_exponent=65537, key_size=2048)[source]¶ Initialize the Certificate Authority (CA)
- Parameters
common_name (str, required) – CA Common Name (CN)
dns_names (list of strings, optional) – List of DNS names
maximum_days (int, default: 825) – Certificate maximum days duration
public_exponent (int, default: 65537) – Public Exponent
intermediate (bool, default False) – Intermediate Certificate Authority mode
key_size (int, default: 2048) – Key size
- Returns
tuple with CA certificate, CA Key and CA Public key
- Return type
tuple (
cryptography.x509.Certificate
,cryptography.hazmat.backends.openssl.rsa
, string public key )
-
issue_certificate
(hostname, maximum_days=825, common_name=None, dns_names=None, oids=None, public_exponent=65537, key_size=2048)[source]¶ Issues a new certificate signed by the CA
- Parameters
hostname (str, required) – Hostname
maximum_days (int, default: 825) – Certificate maximum days duration
common_name (str, optional) – Common Name (CN) when loading existent certificate
dns_names (list of strings, optional) – List of DNS names
oids (dict, optional, all keys are optional) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values:
'country_name': str (two letters)
,'locality_name': str
,'state_or_province': str
,'street_address': str
,'organization_name': str
,'organization_unit_name': str
,'email_address': str
,public_exponent (int, default: 65537) – Public Exponent
key_size (int, default: 2048) – Key size
hostname –
- Returns
host object
- Return type
ownca.ownca.HostCertificate
-
property
key
¶ Get CA RSA Private key
- Returns
RSA Private Key class
- Return type
class,
cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
-
property
key_bytes
¶ Get CA RSA Private key in bytes
- Returns
RSA Private Key
- Return type
bytes
-
load_certificate
(hostname)[source]¶ Loads an existent certificate.
- Parameters
hostname (str, required) – Hostname (common name)
- Returns
host object
- Return type
ownca.ownca.HostCertificate
-
property
public_key
¶ Get CA RSA Public key
- Returns
RSA Public Key class
- Return type
class,
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
-
property
public_key_bytes
¶ Get CA RSA Public key in bytes
- Returns
RSA Public Key class
- Return type
bytes
-
revoke_certificate
(hostname, common_name=None)[source]¶ Revokes an existent certificate owned by CA. It also updates the CA Certificate Revoked List.
- Parameters
hostname (str, required) – Hostname
common_name (str, optional) – Common Name (CN) when loading existent certificate
- Returns
CA object
- Return type
ownca.ownca.CertificateAuthority
-
sign_csr
(csr, csr_public_key, maximum_days=825)[source]¶ Signs an Certificate Sigining Request and generates the certificates.
- Parameters
hostname (str, required) – Hostname
csr – Certificate Signing Request Object
csr – class,
cryptography.hazmat.backends.openssl.x509. _CertificateSigningRequest
maximum_days (int, default: 825) – Certificate maximum days duration
- Return type
class,
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
- Returns
host object
- Return type
ownca.ownca.CertificateAuthority
-
property
status
¶ This method give the CA storage status
- Returns
dict
ownca.utils.ownca_directory
{ "type": "Certificate Authority" or "Intermediate Certificate Authority", "certificate": bool, "crl": bool, "csr": bool, "key": bool, "public_key": bool, "ca_home": None or str, }
-
property
type
¶ This method give the Certificate Authority type ‘Certificate Authority’ or ‘Intermediate Certificate Authority’
- Returns
str
-
class
ownca.ownca.
HostCertificate
(common_name, files, cert_data)[source]¶ Bases:
object
This class provide the host certificate methods.
- Parameters
common_name (str, required) – Host CN (Common Name), FQDN standard is required.
files (dict, required) –
files path (certificate, key and public key) from host
{ "certificate": str, "key": str, "public_key": str, }
cert_data (object, required) – certificate data
ownca.OwncaCertData
-
property
cert
¶ Get certificate
- Returns
certificate object
- Return type
object,
cryptography.hazmat.backends.openssl.x509.Certificate
-
property
cert_bytes
¶ Get certificate in bytes
- Returns
certificate
- Return type
bytes,
-
property
common_name
¶ Get common name
- Returns
common name
- Return type
str
-
property
csr
¶ Get Certificate Signing Request
- Returns
certificate class
- Return type
class,
cryptography.hazmat.backends.openssl.x509. _CertificateSigningRequest
-
property
csr_bytes
¶ Get Certificate Signing Request in bytes
- Returns
certificate class
- Return type
bytes
-
property
key
¶ Get RSA Private key
- Returns
RSA Private Key class
- Return type
object,
cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
-
property
key_bytes
¶ Get RSA Private key in bytes
- Returns
RSA Private Key
- Return type
bytes
-
property
public_key
¶ Get RSA Public key
- Returns
RSA Public Key class
- Return type
object,
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
-
property
public_key_bytes
¶ Get RSA Public key in bytes
- Returns
RSA Public Key class
- Return type
bytes
-
property
revoked
¶ Get revoked state
- Returns
True when revoked and False when valid.
- Return type
str
-
class
ownca.ownca.
OwncaCertData
(data)[source]¶ Bases:
object
Generates Ownca Certificate Data Structure
- Parameters
data (dict) –
Certificate Data
{ "cert": cryptography.x509.Certificate, "cert_bytes": bytes, "csr": ``cryptography.x509._CertificateSigningRequest`` "csr_bytes: bytes, "key": cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey, "key_bytes": bytes, "public_key": cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey, "public_key_bytes": bytes, "crl": cryptography.hazmat.backends.openssl.rsa._RSAPublicKey, "crl_bytes": bytes }
- Returns
OwncaCertData
- Return type
ownca.ownca.OwncaCertData
- Raises
exceptions.OnwCAInvalidDataStructure
-
property
cert
¶ Method to get the certificate
- Returns
certificate
- Return type
cryptography.x509.Certificate
-
property
cert_bytes
¶ Method to get the certificate in
bytes
- Returns
certificate
- Return type
bytes
-
property
crl
¶ Method to get the certificate revocation list (crl)
- Returns
certificate revocation list (crl)
- Return type
cryptography.hazmat.backends.openssl.x509. _CertificateRevocationList
-
property
crl_bytes
¶ Method to get the certificate revocation list (crl)
- Returns
certificate revocation list (crl)
- Return type
bytes
-
property
csr
¶ Method to get the certificate signing request if an Intermediate CA
- Returns
csr
- Return type
cryptography.x509._CertificateSigningRequest
-
property
csr_bytes
¶ Method to get the certificate signing request in bytes
- Returns
csr
- Return type
bytes
-
property
key
¶ Method to get the key
- Returns
key
- Return type
cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
-
property
key_bytes
¶ Method to get the key in
bytes
- Returns
key
- Return type
bytes
-
property
public_key
¶ Method to get the public key
- Returns
key
- Return type
cryptography.hazmat.backends.openssl.rsa._RSAPublicKey
-
property
public_key_bytes
¶ Method to get the public key in
bytes
- Returns
public key
- Return type
bytes
-
ownca.ownca.
format_oids
(oids_parameters)[source]¶ Format dictionary OIDs to
cryptography.x509.oid.NameOID
object list- Parameters
oids_parameters (dict, required) – CA Object Identifiers (OIDs). The are typically seen in X.509 names. Allowed keys/values:
'country_name': str (two letters)
,'locality_name': str
,'state_or_province': str
,'street_address': str
,'organization_name': str
,'organization_unit_name': str
,'email_address': str
,- Returns
cryptography.x509.oid.NameOID
object list- Return type
object
cryptography.x509.oid.NameOID
object list
-
ownca.ownca.
load_cert_files
(common_name, key_file, public_key_file, csr_file, certificate_file, crl_file)[source]¶ Loads the certificate, keys and revoked list files from storage
- Parameters
common_name (str, required when there is no CA) – Common Name for CA
key_file (str, required) – key file full path
public_key_file (str, required) – public key file full path
csr_file (str, required) – certificate signing request file full path
certificate_file (str, required) – certificate file full path
crl_file – certificate revocation list file full path
- Returns
OwncaCertData
- Raises
OwnCAInconsistentData
ownca.utils module¶
Copyright (c) 2018-2020 Kairo de Araujo
-
ownca.utils.
file_data_status
(ca_status)[source]¶ Verify the CA status based in the existent files.
- Parameters
ca_status (dict, required) – current
ca_status
file dictionary:ownca.utils.ownca_directory
- Returns
True, False or None
- Return type
bool/None
-
ownca.utils.
ownca_directory
(ca_storage)[source]¶ Validates and manage CA storage directory and subfolders structure files.
- Parameters
ca_storage (string, required) – CA storage
- Returns
dict with state of ownca storage files
- Return type
dict
{ "certificate": bool, "crl": bool, "key": bool, "public_key": bool, "ca_home": None or str, }
-
ownca.utils.
store_file
(file_data, file_path, permission=None, force=False)[source]¶ Stores (write) files in the storage
- Parameters
file_data (str, required) – the file data
file_path (str, required) – the file absolute path
permission (int, optional) – operating-system mode bitfield
- Returns
bool
- Return type
boolean
Module contents¶
Copyright (c) 2018, 2019, 2020 Kairo de Araujo