Utilities

`aia_chaser.utils.cert_utils` ¶

`AiaInformation` ¶

Bases: NamedTuple

Authority Information Access (AIA) values.

`build_certificate_chain(leaf_cert, certs_map)` ¶

Builds a certificate chain from the leaf_cert to the root CA.

PARAMETER	DESCRIPTION
`leaf_cert`	Leaf certificate of the chain. TYPE: `Certificate`
`certs_map`	Mapping from `x509.Certificate.subject` to `x509.Certificate`. TYPE: `Mapping[Name, Certificate]`

RETURNS	DESCRIPTION
`list[Certificate]`	A certificate chain starting at `leaf_cert` and ending in root CA.

RAISES	DESCRIPTION
`KeyError`	An issuer is not found in `certs_map`.

`build_certificate_chains(certificates)` ¶

Builds all certificate chains found in certificates.

First it looks for all leaf certificates using find_leaf_certificates and then builds the chains starting at each leaf using build_certificate_chain.

RETURNS	DESCRIPTION
`list[list[Certificate]]`	All certificate chains found in `certificates` each starting at its corresponding leaf certificate.

`certificates_to_der(certificates)` ¶

DER representation of the given certificates.

RETURNS	DESCRIPTION
`bytes`	A bytes object with the DER content of `certificates`.

`certificates_to_pem(certificates)` ¶

PEM representation of the given certificates.

RETURNS	DESCRIPTION
`str`	A string with the PEM content of `certificates`.

`extract_aia_information(certificate)` ¶

Extract authority information access (AIA) from a certificate.

PARAMETER	DESCRIPTION
`certificate`	Certificate from which extract AIA information. TYPE: `Certificate`

RETURNS	DESCRIPTION
`AiaInformation`	The extracted CA issues and OCSP servers.

Note

If the certificate does not have the AIA extension this function does not fail, it fallbacks to returning empty sequences of data.

`extract_crl_urls(certificate)` ¶

Extract CRL distribution points from a certificate.

`find_leaf_certificates(certificates)` ¶

Finds leaf certificates.

A certificate is considered a leaf certificate if its subject is not found as the issuer of another certificate from the list.

RETURNS	DESCRIPTION
`list[Certificate]`	List with the certificates that are not issuers of any of the other provided certificates.

`force_load_default_verify_certificates(context)` ¶

Forcefully load default verify certificates into the SSL context.

Certificates in CA path directory are not loaded unless they have been used at leas one by the SSL context.

This function loads all files located in CA path, except those that are considered hidden files (start with a ‘.’).

PARAMETER	DESCRIPTION
`context`	The SSL context to load the verify certificates into. TYPE: `SSLContext`

`load_ssl_ca_certificates(context=None, *, force_load=True)` ¶

Load CA certificates available to Python’s ssl.

PARAMETER	DESCRIPTION
`context`	The SSL context used to get the default certificates. If not provided a default context is created with `ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)`. TYPE: `SSLContext \| None` DEFAULT: `None`
`force_load`	Forcefully load default certificates into the SSL context. Certificates in CA path directory are not loaded unless they have been used at leas one by the SSL context. For more information see `force_load_default_verify_certificates`. TYPE: `bool` DEFAULT: `True`

RETURNS	DESCRIPTION
`list[Certificate]`	A list with the CA certificates from `context`.

`select_rsa_padding_for_signature_algorithm_oid(signature_alg_oid, signature_hash_alg)` ¶

Select padding for a given signature algorithm OID.

`temp_pem_file(certificates)` ¶

Context manager that writes certificates to a temporary PEM file.

Creates a temporary directory containing a PEM file with the provided certificates. The file path is yielded for use with libraries that require a file path (e.g., pycurl).

Note

This uses a TemporaryDirectory instead of NamedTemporaryFile because on Windows, a file opened by one process cannot be accessed by another process. By writing to a file in a temp directory and closing it before yielding, we ensure cross-platform compatibility.

PARAMETER	DESCRIPTION
`certificates`	Sequence of certificates to write to the PEM file. TYPE: `Sequence[Certificate]`

YIELDS	DESCRIPTION
`Path`	Path to the temporary PEM file.

Example

chaser = AiaChaser()
ca_chain = chaser.fetch_ca_chain_for_url(url)
with temp_pem_file(ca_chain) as pem_path:
    response = requests.get(url, verify=str(pem_path))

`aia_chaser.utils.url` ¶

`extract_host_port_from_url(url_string)` ¶

Extract host and port from a URL string.

If the port is not explicitly specified it will be inferred from the scheme.

PARAMETER	DESCRIPTION
`url_string`	URL from which to extract the host. TYPE: `str`

RETURNS	DESCRIPTION
`tuple[str, int]`	The host (netloc) of `url_string` and, if present, the port.

RAISES	DESCRIPTION
`ValueError`	If the host or port cannot be extracted from the given URL. It may happen with a seemingly correct URL if it is missing the scheme component.

Utilities

aia_chaser.utils.cert_utils ¶

AiaInformation ¶

build_certificate_chain(leaf_cert, certs_map) ¶

build_certificate_chains(certificates) ¶

certificates_to_der(certificates) ¶

certificates_to_pem(certificates) ¶

extract_aia_information(certificate) ¶

extract_crl_urls(certificate) ¶

find_leaf_certificates(certificates) ¶

force_load_default_verify_certificates(context) ¶

load_ssl_ca_certificates(context=None, *, force_load=True) ¶

select_rsa_padding_for_signature_algorithm_oid(signature_alg_oid, signature_hash_alg) ¶

temp_pem_file(certificates) ¶

aia_chaser.utils.url ¶

extract_host_port_from_url(url_string) ¶