Skip to content

AIA Chaser

aia_chaser.chaser

AiaChaser

Authority Information Access (AIA) Chaser.

AIA is part of the X509 standard in RFC 5280. It’s objective is pointing the client towards an endpoint from which the signing certificate can be obtained even if the server does not provide the intermediate certificates as part of the TLS handshake.

The chaser object can be later used to generate SSL context to access specific hosts after all the intermediate certificates have been resolved.

PARAMETER DESCRIPTION
context

Context used internally to request the host’s certificate during AIA chasing operations. Its loaded CA certificates at the time of crating the AiaChaser are considered the trusted root CAs. If not given a new SSLContext is created with the default certificates.

TYPE: SSLContext | None DEFAULT: None

trusted_ca

Additional trusted CA certificates.

add_host_ca_chain_to_context(context, host, port=443, verify_config=None, *, verify=True)

Add host CA chain to SSL context.

See Also

fetch_ca_chain_for_host: Method used to retrieve and optionally verify the CA chain to add to the SSL context.

add_trusted_cert(cert)

Trust the provided certificate.

If the certificate subject already exists in the trusted mapping it will not be overwritten.

PARAMETER DESCRIPTION
cert

Certificate to trust.

TYPE: Certificate

add_url_ca_chain_to_context(context, url_string, verify_config=None, *, verify=True)

Add CA chain to URL’s host to SSL context.

See Also

fetch_ca_chain_for_host: Method used to retrieve and optionally verify the CA chain to add to the SSL context.

aia_chase(host, port=443)

Chase AIA CA information starting from the host’s certificate.

PARAMETER DESCRIPTION
host

Host to get the initial certificate.

TYPE: str

port

Port on host to connect and retrieve the initial certificate.

TYPE: int DEFAULT: 443

YIELDS DESCRIPTION
Certificate

The certificates from the certificate chain of the host’s certificate. The first is the host’s certificate and the last is the root or a trusted CA.

aia_chase_cert(certificate)

Chase AIA CA information from the provided certificate.

PARAMETER DESCRIPTION
certificate

Start AIA chasing from this certificate.

TYPE: Certificate

YIELDS DESCRIPTION
Certificate

The certificates from the certificate chain of certificate. The first is the provided certificate and the last is the root or a trusted CA.

fetch_ca_chain_for_host(host, port=443, verify_config=None, *, verify=True)

Fetch the CA certificate chain for a given host.

Same as [fetch_cert_chain_for_host][aia_chaser.AiaChaser.fetch_cert_chain_for_host] excluding the host’s certificate.

PARAMETER DESCRIPTION
host

The hostname to fetch the CA certificate chain for.

TYPE: str

port

The port to connect to. Defaults to 443.

TYPE: int DEFAULT: 443

verify_config

Configuration for verifying the certificate chain. If None, a default configuration is used.

TYPE: VerifyCertificatesConfig | None DEFAULT: None

verify

Whether to verify the CA certificate chain. Defaults to True.

TYPE: bool DEFAULT: True

RETURNS DESCRIPTION
list[Certificate]

The fetched CA certificate chain (host excluded), optionally verified.
RAISES DESCRIPTION
CertificateChainError

If the certificate chain fails verification.
MissingPeerCertificateError

If it is not possible to retrieve the certificate of the host.

fetch_ca_chain_for_url(url_string, verify_config=None, *, verify=True)

Fetch the CA certificate chain for a given host.

Same as fetch_cert_chain_for_url excluding the host’s certificate.

PARAMETER DESCRIPTION
url_string

URL to fetch the CA certificate chain for.

TYPE: str

verify_config

Configuration for verifying the certificate chain. If None, a default configuration is used.

TYPE: VerifyCertificatesConfig | None DEFAULT: None

verify

Whether to verify the CA certificate chain. Defaults to True.

TYPE: bool DEFAULT: True

RETURNS DESCRIPTION
list[Certificate]

The fetched CA certificate chain, optionally verified.
RAISES DESCRIPTION
CertificateChainError

If the certificate chain fails verification.
MissingPeerCertificateError

If it is not possible to retrieve the certificate of the host.

fetch_cert_chain_for_host(host, port=443, verify_config=None, *, verify=True)

Fetch the certificate chain for a given host.

Retrieves the certificate chain for a specified host and port. Optionally verifies the chain against a trusted certificate store.

PARAMETER DESCRIPTION
host

The hostname to fetch the certificate chain for.

TYPE: str

port

The port to connect to. Defaults to 443.

TYPE: int DEFAULT: 443

verify_config

Configuration for verifying the certificate chain. If None, a default configuration is used.

TYPE: VerifyCertificatesConfig | None DEFAULT: None

verify

Whether to verify the certificate chain. Defaults to True.

TYPE: bool DEFAULT: True

RETURNS DESCRIPTION
list[Certificate]

The fetched certificate chain, optionally verified.
RAISES DESCRIPTION
CertificateChainError

If the certificate chain fails verification.
MissingPeerCertificateError

If it is not possible to retrieve the certificate of the host.

fetch_cert_chain_for_url(url_string, verify_config=None, *, verify=True)

Fetch the certificate chain for a given host.

Same as fetch_cert_chain_for_host but the host name and port are obtained from the url_string

PARAMETER DESCRIPTION
url_string

URL to fetch the certificate chain for.

TYPE: str

verify_config

Configuration for verifying the certificate chain. If None, a default configuration is used.

TYPE: VerifyCertificatesConfig | None DEFAULT: None

verify

Whether to verify the certificate chain. Defaults to True.

TYPE: bool DEFAULT: True

RETURNS DESCRIPTION
list[Certificate]

The fetched certificate chain, optionally verified.
RAISES DESCRIPTION
CertificateChainError

If the certificate chain fails verification.
MissingPeerCertificateError

If it is not possible to retrieve the certificate of the host.

fetch_host_cert(host, port=443)

Get the host, port pair certificate.

PARAMETER DESCRIPTION
host

Host to retrieve the certificate for.

TYPE: str

port

Port on host to connect and retrieve the certificate.

TYPE: int DEFAULT: 443

RETURNS DESCRIPTION
Certificate

The certificate of the (host, port) pair.
RAISES DESCRIPTION
MissingPeerCertificateError

If it is not possible to retrieve the certificate of the host.

make_ssl_context_for_host(host, port=443, purpose=ssl.Purpose.SERVER_AUTH, verify_config=None, *, verify=True)

Create a new SSL context and add certificate chain for host.

See Also

fetch_ca_chain_for_host: Method used to retrieve and optionally verify the CA chain to add to the SSL context.

make_ssl_context_for_url(url_string, purpose=ssl.Purpose.SERVER_AUTH, verify_config=None, *, verify=True)

Create a new SSL context and add certificate chain for URL.

See Also

fetch_ca_chain_for_url: Method used to retrieve and optionally verify the CA chain to add to the SSL context.