pyeudiw.x509 package

Submodules

pyeudiw.x509.chain_builder module

class pyeudiw.x509.chain_builder.ChainBuilder[source]

Bases: object

gen_certificate(cn: str, organization_name: str, country_name: str, email_address: str, dns: str, uri: str, ca: bool, path_length: int | None, serial_number: int | None = None, private_key: EllipticCurvePrivateKey | RSAPrivateKey | None = None, crl_distr_point: str | None = None, not_valid_before: datetime = datetime.datetime(2025, 11, 27, 12, 39, 44, 536020), not_valid_after: datetime = datetime.datetime(2026, 11, 28, 12, 39, 44, 536028), excluded_subtrees: list[DNSName | UniformResourceIdentifier] | None = None, permitted_subtrees: list[DNSName | UniformResourceIdentifier] | None = None, key_usage: KeyUsage | None = None, organization_identifier: str | None = None) → None[source]

Generate a certificate and add it to the chain.

Parameters:

cn (str) – Common Name
organization_name (str | None) – Organization name for the certificate
country_name (str) – Country Name
dns (str) – DNS Name
private_key (ec.EllipticCurvePrivateKey | rsa.RSAPrivateKey | None) – Private key to use for signing the certificate
ca (bool) – Whether the certificate is a CA certificate
path_length (int | None) – Path length for the CA certificate, None if not a CA
serial_number (int | None) – Serial number of the certificate, random if None
crl_distr_point (str | None) – CRL Distribution Point URI, None if not set
not_valid_before (datetime) – Start date of the certificate validity
not_valid_after (datetime) – End date of the certificate validity
excluded_subtrees (list[x509.DNSName | x509.UniformResourceIdentifier]) – List of DNS names to exclude from the certificate
permitted_subtrees (list[x509.DNSName | x509.UniformResourceIdentifier]) – List of DNS names to permit in the certificate
key_usage (x509.KeyUsage | None) – Key usage for the certificate
organization_identifier (str | None) – Organization identifier for the certificate

Returns:

None

get_ca(encoding: Literal['DER', 'PEM'] = 'DER') → bytes | str[source]

Get the CA certificate.

Returns:: The CA certificate
Return type:: bytes | str

get_chain(encoding: Literal['DER', 'PEM'] = 'DER') → list[bytes] | list[str][source]

Get the certificate chain.

Returns:: The certificate chain
Return type:: list[bytes] | list[str]

pyeudiw.x509.crl_builder module

class pyeudiw.x509.crl_builder.CRLBuilder(issuer: str, private_key: RSAPrivateKey | EllipticCurvePrivateKey, next_update: int = 30)[source]

Bases: object

Class to build a Certificate Revocation List (CRL).

add_revoked_certificate(serial_number: int, revocation_date: datetime)[source]

Add a revoked certificate to the CRL.

Parameters:

serial_number (int) – The serial number of the revoked certificate.
revocation_date (datetime) – The date when the certificate was revoked.

sign() → CertificateRevocationList[source]

Sign the CRL with the issuer’s private key.

Returns:: The signed CRL.
Return type:: x509.CertificateRevocationList

to_der() → bytes[source]

Convert the CRL to DER format.

Returns:: The CRL in DER format.
Return type:: bytes

to_pem() → bytes[source]

Convert the CRL to PEM format.

Returns:: The CRL in PEM format.
Return type:: bytes

pyeudiw.x509.crl_helper module

class pyeudiw.x509.crl_helper.CRLHelper(crl: CertificateRevocationList, uri: str)[source]

Bases: object

Helper class to handle CRL (Certificate Revocation List) operations.

static from_certificate(cert: str | bytes) → list[CRLHelper][source]

Load CRL distribution points from a given certificate. This method extracts the CRL distribution points from the certificate and loads them into CRLHelper instances.

Parameters:: cert (str | bytes) – The certificate in PEM or DER format.
Raises:: CRLReadError – If the certificate does not contain CRL distribution points or if loading fails.
Returns:: A list of CRLHelper instances containing the loaded CRLs.
Return type:: list[CRLHelper]

static from_crl(crl: str | bytes, uri: str) → CRLHelper[source]

Load a CRL from a given PEM or DER formatted string or bytes.

Parameters:: crl (str | bytes) – The CRL in PEM or DER format.
Raises:: CRLParseError – If the CRL file is not in the expected format.
Returns:: An instance of CRLHelper containing the loaded CRL.
Return type:: CRLHelper

static from_url(crl_url: str, httpc_params: dict = {'connection': {'ssl': True}, 'session': {'timeout': 4}}) → CRLHelper[source]

Load a CRL from a given URL. This method fetches the CRL file from the specified URL and loads it into a CRL object.

Parameters:

crl_url (str) – URL of the CRL file.
httpc_params (dict | None) – Optional HTTP client parameters.

Raises:

CRLHTTPError – If the HTTP request fails or the response is not valid.
CRLParseError – If the CRL file is not in the expected format.

Returns:

An instance of CRLHelper containing the loaded CRL.

Return type:

CRLHelper

get_revocation_date(serial_number: str | int) → datetime | None[source]

Get the revocation date of a certificate with the given serial number.

Parameters:: serial_number (str | int) – The serial number of the certificate to check. Can be in hex format (string) or integer.
Raises:: CRLReadError – If the serial number is invalid or if the revocation list is not loaded.
Returns:: The revocation date if revoked, None otherwise.
Return type:: str | None

is_crl_expired() → bool[source]

Check if the CRL is valid (not expired).

Raises:: CRLReadError – If the CRL is not loaded or if the expiration date cannot be determined.
Returns:: True if the CRL is valid, False otherwise.
Return type:: bool

is_revoked(serial_number: str | int) → bool[source]

Check if a certificate with the given serial number is revoked.

Parameters:: serial_number (str | int) – The serial number of the certificate to check. Can be in hex format (string) or integer.
Raises:: CRLReadError – If the serial number is invalid or if the revocation list is not loaded.
Returns:: True if the certificate is revoked, False otherwise.
Return type:: bool

serialize() → dict[str, str][source]

Serialize the CRL to a specified encoding format.

Parameters:: encoding (str) – The encoding format. Can be “pem” or “der”. Defaults to “pem”.
Returns:: The serialized CRL with the uri.
Return type:: dict[str, str]

update(httpc_params: dict = {'connection': {'ssl': True}, 'session': {'timeout': 4}}) → None[source]

Update the CRL by fetching it from the URI. This method fetches the CRL file from the specified URI and loads it into the CRL object.

Parameters:

httpc_params (dict | None) – Optional HTTP client parameters.

Raises:

CRLHTTPError – If the HTTP request fails or the response is not valid.
CRLParseError – If the CRL file is not in the expected format.

pyeudiw.x509.exceptions module

exception pyeudiw.x509.exceptions.CRLHTTPError[source]

Bases: Exception

Exception raised for errors in the CRL HTTP request.

exception pyeudiw.x509.exceptions.CRLParseError[source]

Bases: Exception

Exception raised for errors in parsing the CRL.

exception pyeudiw.x509.exceptions.CRLReadError[source]

Bases: Exception

Exception raised for errors in reading the CRL.

pyeudiw.x509 package

Submodules

pyeudiw.x509.chain_builder module

pyeudiw.x509.crl_builder module

pyeudiw.x509.crl_helper module

pyeudiw.x509.exceptions module

pyeudiw.x509.verify module

Module contents