Skip to content

README.md

Latest commit

 

History

History
102 lines (66 loc) · 4.24 KB

README.md

File metadata and controls

102 lines (66 loc) · 4.24 KB

Python certificate chain resolver

Licence CI Docs codecov Downloads Python) PyPI - Wheel PyPI Code style: black

Resolve and obtain the complete certificate chain from the leaf, intermediate(s) to the root of a x509 certificate using the CLI or the python API.

The library provides an easy to use API to access each property of a certificate chain and the important metadata of a certificate. The library also exposes a CLI for resolving and inspecting certificate chains from the command line.

Support

  • PKCS7, PEM and DER formats
  • LetsEncrypt certificates
  • Including the root certificate using the system CA bundle or custom bundle
  • Python2 (but not for much longer..)

Installation

Pypi package

$ pip install cert-chain-resolver

CLI Usage

For more options and examples see the read the docs or pass the --help flag.

The bundle gets written to stdout and the chain information to stderr.

from source:

$ python -m cert_chain_resolver.cli --include-root certificate.crt > bundle.crt
$ cat certificate.crt | python -m cert_chain_resolver.cli --include-root > bundle.crt

from PIP

 $ cert_chain_resolver --include-root certificate.crt > bundle.crt
 1. <Cert common_name="github.com" subject="CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US" issuer="CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US">
 2. <Cert common_name="DigiCert SHA2 High Assurance Server CA" subject="CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" issuer="CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US">
 3. <Cert common_name="DigiCert High Assurance EV Root CA" subject="CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" issuer="CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US">

Python API

Make sure to read the documentation for more examples and options.

from cert_chain_resolver.api import resolve

with open('cert.pem', 'rb') as f:
   fb = f.read()
   chain = resolve(fb)
>>>
for cert in chain:
  print(cert)
  print(cert.export())  # Export the certificate in PEM format

<Cert common_name="cert-chain-resolver.remcokoopmans.com" subject="CN=cert-chain-resolver.remcokoopmans.com" issuer="CN=R3,O=Let's Encrypt,C=US">
"-----BEGIN CERTIFICATE-----...."
<Cert common_name="R3" subject="CN=R3,O=Let's Encrypt,C=US" issuer="CN=DST Root CA X3,O=Digital Signature Trust Co.">
"-----BEGIN CERTIFICATE-----...."
<Cert common_name="DST Root CA X3" subject="CN=DST Root CA X3,O=Digital Signature Trust Co." issuer="CN=DST Root CA X3,O=Digital Signature Trust Co.">
"-----BEGIN CERTIFICATE-----...."

Dependencies

  • cryptography

After cloning the repository

Install dependencies

$ make

Development

bootstrap

$ make

Testing

Unit testing

$ make tests

Re-run tests on file changes:

$ make tests TEST_ARGS="-- -f"

Formatting

$ make format