Certificate#
- class Certificate(*args, **kwargs)#
Implementations: Pkcs11Certificate
, SimpleCertificate
An interface that represents an X.509 certificate.
Objects can implement this interface to make a certificate usable with the GCR library.
Various methods are available to parse out relevant bits of the certificate. However no verification of the validity of a certificate is done here. Use your favorite crypto library to do this.
You can use SimpleCertificate
to simply load a certificate for which
you already have the raw certificate data.
The Certificate
interface has several properties that must be implemented.
You can use a mixin to implement these properties if desired. See the
mixin_class_init()
and mixin_get_property()
functions.
Methods#
- class Certificate
- get_basic_constraints() tuple[bool, bool, int] #
Get the basic constraints for the certificate if present. If
False
is returned then no basic constraints are present and theis_ca
andpath_len
arguments are not changed.
- get_fingerprint(type: ChecksumType) bytes | None #
Calculate the fingerprint for this certificate.
The caller should free the returned data using
free()
when it is no longer required.- Parameters:
type – the type of algorithm for the fingerprint.
- get_fingerprint_hex(type: ChecksumType) str | None #
Calculate the fingerprint for this certificate, and return it as a hex string.
The caller should free the returned data using
free()
when it is no longer required.- Parameters:
type – the type of algorithm for the fingerprint.
- get_interface_elements() list[CertificateSection] #
Get the list of sections from the certificate that can be shown to the user interface.
- get_issuer_cn() str | None #
Get the common name of the issuer of this certificate.
The string returned should be freed by the caller when no longer required.
- get_issuer_dn() str | None #
Get the full issuer DN of the certificate as a (mostly) readable string.
The string returned should be freed by the caller when no longer required.
- get_issuer_name() str | None #
Get a name to represent the issuer of this certificate.
This will try to lookup the common name, orianizational unit, organization in that order.
- get_issuer_part(part: str) str | None #
Get a part of the DN of the issuer of this certificate.
Examples of a
part
might be the ‘OU’ (organizational unit) or the ‘CN’ (common name). Only the value of that part of the DN is returned.The string returned should be freed by the caller when no longer required.
- Parameters:
part – a DN type string or OID.
- get_issuer_raw() bytes | None #
Get the raw DER data for the issuer DN of the certificate.
The data should be freed by using
free()
when no longer required.
- get_serial_number() bytes | None #
Get the raw binary serial number of the certificate.
The caller should free the returned data using
free()
when it is no longer required.
- get_serial_number_hex() str | None #
Get the serial number of the certificate as a hex string.
The caller should free the returned data using
free()
when it is no longer required.
- get_subject_cn() str | None #
Get the common name of the subject of this certificate.
The string returned should be freed by the caller when no longer required.
- get_subject_dn() str | None #
Get the full subject DN of the certificate as a (mostly) readable string.
The string returned should be freed by the caller when no longer required.
- get_subject_name() str | None #
Get a name to represent the subject of this certificate.
This will try to lookup the common name, orianizational unit, organization in that order.
- get_subject_part(part: str) str | None #
Get a part of the DN of the subject of this certificate.
Examples of a
part
might be the ‘OU’ (organizational unit) or the ‘CN’ (common name). Only the value of that part of the DN is returned.The string returned should be freed by the caller when no longer required.
- Parameters:
part – a DN type string or OID.
- get_subject_raw() bytes | None #
Get the raw DER data for the subject DN of the certificate.
The data should be freed by using
free()
when no longer required.
- is_issuer(issuer: Certificate) bool #
Check if
issuer
could be the issuer of this certificate. This is done by comparing the relevant subject and issuer fields. No signature check is done. Proper verification of certificates must be done via a crypto library.- Parameters:
issuer – a possible issuer
Certificate
- mixin_emit_notify() None #
Implementers of the
Certificate
mixin should call this function to notify when the certificate has changed to emit notifications on the various properties.