Navigation

API

xmppwebid_utils

Python functions for generate a X509 client certificate for XMPP or HTTP WebID authentication (including WebId and XMPP id at SubjectAltName).

author:Julia Anaya
organization:xmppwebid community
copyright:author
license:GNU GPL version 3 or any later version (details at http://www.gnu.org)
contact:julia dot anaya at gmail dot com
dependencies:python (>= version 2.6), m2crypto (>= version 0.20), pyopenssl (>= version 0.12)
change log:

Todo

xmppwebid.xmppwebid.get_serial_from_file(serial_path='/tmp/xmppwebid_cert_serial.txt')[source]

Get serial number from file

Parameters:serial_path (string) – serial file path
Returns:serial number
Return type:int
xmppwebid.xmppwebid.set_serial(cert, serial_number=0)[source]

Set certificate serial number

Parameters:
  • cert (X509.X509) – certificate
  • serial_number (string) – certificate serial number
xmppwebid.xmppwebid.set_valtime(cert, years=1)[source]

Set certificate valid time

Parameters:
  • cert (X509.X509) – certificate
  • years (int) – number of years the certificate is going to be valid
xmppwebid.xmppwebid.gen_keypair(bits=1024)[source]

Create RSA key pair Equivalent to: openssl genrsa -des3 -out client.key 1024

Parameters:bits (int) – key bits length
Returns:key
Return type:EVP.PKey
xmppwebid.xmppwebid.gen_csr(pkey)[source]

Create an x509 CSR (Certificate Signing Request) Equivalent to: openssl req -new -key client.key -out client.csr

Parameters:pkey (EVP.PKey) – key
Returns:x509 request
Return type:X509.Request
xmppwebid.xmppwebid.set_csr_subject(csr, CN=None, C=None, O=None, OU=None, Email=None)[source]

Set the CSR Subject data

Parameters:
  • CN (string) – certificate commonName
  • C (string) – certificate countryName
  • O (string) – certificate organizationName
  • OU (string) – certificate organizationalUnitName
  • Email (string) – certificate emailAddress
Returns:

x509 request
Return type:

X509.Request
xmppwebid.xmppwebid.set_csr_xmppwebid(csr, id_xmpp, webid)[source]

Set the CSR SubjectAltName and Subject

Parameters:
  • csr (X509.Request) – x509 request
  • id_xmpp (string) – xmpp id
  • webid (string) – FOAF WebId
Returns:

x509 request
Return type:

X509.Request
xmppwebid.xmppwebid.sign_csr(pkey, csr)[source]

Sign the CSR

Parameters:
  • pkey (EVP.PKey) – key
  • csr (X509.Request) – x509 request
Returns:

x509 request, key
Return type:

X509.Request, EVP.PKey
xmppwebid.xmppwebid.gen_cert_from_csr(csr, serial_number=0, years=1)[source]

Create an x509 certificate from CSR with default values

Parameters:
  • csr (X509.Request) – x509 certificate request
  • serial_number (string) – certificate serial number
  • years (int) – number of years the certificate is going to be valid
Returns:

x509 certificate
Return type:

X509.X509
xmppwebid.xmppwebid.set_cert_xmppwebid(cert, id_xmpp, webid)[source]

Set the SubjectAltName, Issuer and Subject

Parameters:
  • cert (X509.X509) – x509 certificate
  • id_xmpp (string) – xmpp id
  • webid (string) – FOAF WebId
Returns:

x509 certificate
Return type:

X509.X509
xmppwebid.xmppwebid.sign_cert(pkey, cert)[source]

Sign the cert

Parameters:
  • pkey (EVP.PKey) – key
  • cert (X509.X509) – x509 certificate
Returns:

x509 certificate, key
Return type:

X509.X509, EVP.PKey
xmppwebid.xmppwebid.save_pkey_cert_to_pemfile(cert, pkey, cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key')[source]

Save cert and pkey to files

Parameters:
  • pkey (EVP.PKey) – key
  • cert (X509.X509) – x509 certificate
  • cert_path (string) – certificate path
  • key_path (string) – key path
Returns:

x509 certificate path, key path
Return type:

tuple (string, string)
xmppwebid.xmppwebid.gen_xmppwebid_selfsigned_cert(id_xmpp, webid, serial_number=0, years=1)[source]

Create an x509 self-signed certificate

Equivalent to: openssl x509 -req -days 365 -in client.csr -signkey client.key -out client.crt

Parameters:
  • id_xmpp (string) – xmpp id
  • webid (string) – FOAF WebId
  • serial_number (string) – certificate serial number
  • years (int) – number of years the certificate is going to be valid
Returns:

x509 self-signed certificate, key
Return type:

tuple (X509.X509, EVP.PKey)
xmppwebid.xmppwebid.gen_xmppwebid_selfsigned_cert_pemfile(id_xmpp, webid, cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key', serial_path='/tmp/xmppwebid_cert_serial.txt', years=1)[source]

Create an x509 self-signed certificate and save it as PEM file

Parameters:
  • serial_path (string) – serial file path
  • id_xmpp (string) – xmpp id
  • webid (string) – FOAF WebId
  • years (int) – number of years the certificate is going to be valid
  • cert_path (string) – certificate path
  • key_path (string) – key path
Returns:

x509 certificate path, key path
Return type:

tuple (string, string)
xmppwebid.xmppwebid.set_cacert(cert, CN=None, C=None, O=None, OU=None, Email=None)[source]

Set the SubjectAltName, Issuer and Subject

Parameters:
  • CN (string) – certificate commonName
  • C (string) – certificate countryName
  • O (string) – certificate organizationName
  • OU (string) – certificate organizationalUnitName
  • Email (string) – certificate emailAddress
  • cert (X509.X509) – x509 certificate
Returns:

x509 certificate
Return type:

X509.X509
xmppwebid.xmppwebid.set_casigned_cert(id_xmpp, webid, cacert, cert)[source]

Set the CA contraint to true

Parameters:cert (X509.X509) – x509 certificate
Returns:x509 certificate
Return type:X509.X509
xmppwebid.xmppwebid.gen_cacert(CN=None, C=None, O=None, OU=None, Email=None, serial_number=0, years=1)[source]

Create an x509 CA certificate

Parameters:
  • serial_number (string) – certificate serial number
  • years (int) – number of years the certificate is going to be valid
  • CN (string) – certificate commonName
  • C (string) – certificate countryName
  • O (string) – certificate organizationName
  • OU (string) – certificate organizationalUnitName
  • Email (string) – certificate emailAddress
Returns:

x509 self-signed certificate, key
Return type:

tuple (X509.X509, EVP.PKey)
xmppwebid.xmppwebid.gen_cacert_pemfile(CN=None, C=None, O=None, OU=None, Email=None, cacert_path='/tmp/xmppwebid_cacert.pem', cakey_path='/tmp/xmppwebid_cakey.key', serial_path='/tmp/xmppwebid_cert_serial.txt', years=1)[source]

Create an x509 CA certificate and save it as PEM file

Parameters:
  • CN (string) – certificate commonName
  • C (string) – certificate countryName
  • O (string) – certificate organizationName
  • OU (string) – certificate organizationalUnitName
  • Email (string) – certificate emailAddress
  • serial_path (string) – serial file path
  • years (int) – number of years the certificate is going to be valid
  • cacert_path (string) – certificate path
  • cakey_path (string) – key path
Returns:

x509 certificate path, key path
Return type:

tuple (string, string)
xmppwebid.xmppwebid.gen_xmppwebid_casigned_cert(cacert, capkey, id_xmpp, webid, serial_number=0, years=1)

Create an x509 CA-signed certificate

Parameters:
  • id_xmpp (string) – xmpp id
  • webid (string) – FOAF WebId
  • serial_number (string) – certificate serial number
  • years (int) – number of years the certificate is going to be valid
Returns:

x509 self-signed certificate, private key
Return type:

tuple (X509.X509, EVP.PKey)
xmppwebid.xmppwebid.gen_xmppwebid_casigned_cert_pemfile(id_xmpp, webid, cacert_path='/tmp/xmppwebid_cacert.pem', cakey_path='/tmp/xmppwebid_cakey.key', cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key', serial_path='/tmp/xmppwebid_cert_serial.txt', years=1)

Create an x509 CA-signed certificate and save it as PEM file

Parameters:
  • id_xmpp (string) – xmpp id
  • webid (string) – FOAF WebId
  • serial_path (string) – serial file path
  • years (int) – number of years the certificate is going to be valid
  • cert_path (string) – certificate path
  • key_path (string) – key path
  • cacert_path (string) – certificate path
  • cakey_path (string) – key path
Returns:

x509 certificate path, key path
Return type:

tuple (string, string)
xmppwebid.xmppwebid.pkey_cert_2_pkcs12cert(cert, pkey)[source]

Create a PKCS12 certificate from x509 certificate and key

Parameters:
  • pkey (OpenSSL.crypto.PKey) – key
  • cert (OpenSSL.crypto.X509) – x509 certificate
Returns:

PKCS12 certificate
Return type:

OpenSSL.crypto.PKCS12

Todo

create pkcs12 m2crypto function (http://osdir.com/ml/python.cryptography/2004-05/msg00001.html)

Todo

create pkcs12 with password interactively

xmppwebid.xmppwebid.save_pkcs12cert_to_pkcs12file(p12, p12cert_path='/tmp/xmppwebid_cert.p12')[source]

Save PKCS12 certificate to file

Parameters:
  • p12 (OpenSSL.crypto.PKCS12) – PKCS12 certificate
  • p12cert_path (string) – PKCS12 certificate path
Returns:

PKCS12 certificate path
Return type:

string
xmppwebid.xmppwebid.pemfile_2_pkcs12file(cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key', p12cert_path='/tmp/xmppwebid_cert.p12')[source]

Create a PKCS12 certificate and save it from x509 certificate and key files as PEM

Parameters:
  • cert_path (string) – certificate path
  • key_path (string) – key path
  • p12cert_path (string) – key path
Returns:

PKCS12 certificate path
Return type:

string
xmppwebid.xmppwebid.get_pkcs12cert_from_pkcs12file(p12cert_path='/tmp/xmppwebid_cert.p12')[source]

Get PKCS12 from file

Parameters:p12cert_path (string) – key path
Returns:PKCS12 certificate
Return type:OpenSSL.crypto.PKCS12
xmppwebid.xmppwebid.get_cert_pkey_from_pkcs12cert(p12)[source]

Get X509 certificate and key from PKCS12

Parameters:p12 (OpenSSL.crypto.PKCS12) – PKCS12 certificate
Returns:x509 self-signed certificate, key
Return type:tuple (OpenSSL.crypto.X509, OpenSSL.crypto.PKey)
xmppwebid.xmppwebid.pkcs12file_2_pemfile(cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key', p12cert_path='/tmp/xmppwebid_cert.p12')[source]

Get X509 certificate and key from PKCS12 file and save them as PEM key files as PEM

Parameters:
  • cert_path (string) – certificate path
  • key_path (string) – key path
  • p12cert_path (string) – key path
xmppwebid.xmppwebid.get_cert_from_certpemfile(cert_path='/tmp/xmppwebid_cert.pem')[source]

Get certificate from file

Parameters:cert_path (string) – certificate path
Returns:x509 certificate
Return type:X509.X509
xmppwebid.xmppwebid.get_pkey_from_pkeypemfile(key_path='/tmp/xmppwebid_key.key')[source]

Get key from file

Parameters:key_path (string) – key path
Returns:key
Return type:EVP.PKey
xmppwebid.xmppwebid.certpemfile_pkeypemfile_2_certpemfile(cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key', certkey_path='/tmp/xmppwebid_cert_key.pem')[source]

Create a PEM file with X509 certificate and key from PEM files

Parameters:
  • cert_path (string) – certificate path
  • key_path (string) – key path
  • certkey_path (string) – key path
Returns:

PEM file with X509 certificate and key path
Return type:

string
xmppwebid.xmppwebid.get_modulus_exponent_from_cert_and_pkey_pemfile(cert_path='/tmp/xmppwebid_cert.pem', key_path='/tmp/xmppwebid_key.key')[source]

Get the modulus and exponent of RSA key from a PEM Certificate and key files m2.rsa_get_e(rsa.rsa) return something like ‘’ so to get the decimal value (65537), two crufty methods

Parameters:
  • cert_path (string) – certificate path
  • key_path (string) – key path
Returns:

tuple(modulus, exponent)
Return type:

tuple (hex, int)

Todo

replace the exponent method with something cleaner

xmppwebid.xmppwebid.get_modulus_exponent_from_certpemfile(cert_path='/tmp/xmppwebid_cert.pem')[source]

Get the modulus and exponent of RSA key from a PEM Certificate file

m2.rsa_get_e(rsa.rsa) return something like ‘’ so to get the decimal value (65537), two crufty methods

Parameters:cert_path (string) – certificate path
Returns:tuple(modulus, exponent)
Return type:tuple (hex, int)

Todo

replace the exponent method with something cleaner

Table Of Contents

Previous topic

Welcome to xmppwebid_certs’s documentation!

This Page

Navigation

© Copyright 2011, Julia Anaya. Created using Sphinx 1.0.7.