Certificate

class Certificate(*args, **kwargs)

Implementations: Pkcs11Certificate, SimpleCertificate

An interface that represents an X.509 certificate.

Objects can implement this interface to make a certificate usable with the GCR library.

Various methods are available to parse out relevant bits of the certificate. However no verification of the validity of a certificate is done here. Use your favorite crypto library to do this.

You can use SimpleCertificate to simply load a certificate for which you already have the raw certificate data.

The Certificate interface has several properties that must be implemented. You can use a mixin to implement these properties if desired. See the mixin_class_init() and mixin_get_property() functions.

Methods

class Certificate

get_basic_constraints() → tuple[bool, bool, int]: Get the basic constraints for the certificate if present. If False is returned then no basic constraints are present and the is_ca and path_len arguments are not changed.

get_der_data() → bytes: Gets the raw DER data for an X.509 certificate.

get_expiry_date() → DateTime | None: Get the expiry date of this certificate.

get_fingerprint(type: ChecksumType) → bytes | None

Calculate the fingerprint for this certificate.

The caller should free the returned data using free() when it is no longer required.

Parameters:: type – the type of algorithm for the fingerprint.

get_fingerprint_hex(type: ChecksumType) → str | None

Calculate the fingerprint for this certificate, and return it as a hex string.

The caller should free the returned data using free() when it is no longer required.

Parameters:: type – the type of algorithm for the fingerprint.

get_interface_elements() → list[CertificateSection]: Get the list of sections from the certificate that can be shown to the user interface.

get_issued_date() → DateTime | None: Get the issued date of this certificate.

get_issuer_cn() → str | None

Get the common name of the issuer of this certificate.

The string returned should be freed by the caller when no longer required.

get_issuer_dn() → str | None

Get the full issuer DN of the certificate as a (mostly) readable string.

The string returned should be freed by the caller when no longer required.

get_issuer_name() → str | None

Get a name to represent the issuer of this certificate.

This will try to lookup the common name, orianizational unit, organization in that order.

get_issuer_part(part: str) → str | None

Get a part of the DN of the issuer of this certificate.

Examples of a part might be the ‘OU’ (organizational unit) or the ‘CN’ (common name). Only the value of that part of the DN is returned.

The string returned should be freed by the caller when no longer required.

Parameters:: part – a DN type string or OID.

get_issuer_raw() → bytes | None

Get the raw DER data for the issuer DN of the certificate.

The data should be freed by using free() when no longer required.

get_key_size() → int: Get the key size in bits of the public key represented by this certificate.

get_serial_number() → bytes | None

Get the raw binary serial number of the certificate.

The caller should free the returned data using free() when it is no longer required.

get_serial_number_hex() → str | None

Get the serial number of the certificate as a hex string.

The caller should free the returned data using free() when it is no longer required.

get_subject_cn() → str | None

Get the common name of the subject of this certificate.

The string returned should be freed by the caller when no longer required.

get_subject_dn() → str | None

Get the full subject DN of the certificate as a (mostly) readable string.

The string returned should be freed by the caller when no longer required.

get_subject_name() → str | None

Get a name to represent the subject of this certificate.

This will try to lookup the common name, orianizational unit, organization in that order.

get_subject_part(part: str) → str | None

Get a part of the DN of the subject of this certificate.

Examples of a part might be the ‘OU’ (organizational unit) or the ‘CN’ (common name). Only the value of that part of the DN is returned.

The string returned should be freed by the caller when no longer required.

Parameters:: part – a DN type string or OID.

get_subject_raw() → bytes | None

Get the raw DER data for the subject DN of the certificate.

The data should be freed by using free() when no longer required.

is_issuer(issuer: Certificate) → bool

Check if issuer could be the issuer of this certificate. This is done by comparing the relevant subject and issuer fields. No signature check is done. Proper verification of certificates must be done via a crypto library.

Parameters:: issuer – a possible issuer Certificate

mixin_emit_notify() → None: Implementers of the Certificate mixin should call this function to notify when the certificate has changed to emit notifications on the various properties.

Properties

class Certificate

props.description: str: A readable description for this certificate

props.expiry_date: DateTime: The expiry date of the certificate

props.issuer_name: str: Common name part of the certificate issuer

props.label: str: A readable label for this certificate.

props.subject_name: str

Virtual Methods

class Certificate

do_get_der_data() → bytes: Gets the raw DER data for an X.509 certificate.