Metadata-Version: 2.1
Name: pki-tools
Version: 0.0.24
Summary: PKI tools for e.g. checking certificate CRL/OCSP revocation
Home-page: https://github.com/fulder/pki-tools
License: MIT
Author: Michal Sadowski
Author-email: misad90@gmail.com
Requires-Python: >=3.8,<4.0
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security :: Cryptography
Requires-Dist: cryptography (>=39.0.1,<42.0.0)
Requires-Dist: httpx (>=0.25.1,<0.26.0)
Requires-Dist: loguru (>=0.7.2,<0.8.0)
Requires-Dist: pydantic (>=2.4.2,<3.0.0)
Project-URL: Bug Tracker, https://github.com/fulder/pki-tools/issues
Project-URL: Repository, https://github.com/fulder/pki-tools
Description-Content-Type: text/markdown

![Python Badge](https://img.shields.io/badge/python-3.8%2B-blue.svg?style=for-the-badge&logo=python)

PKI tools exposes a high level `cryptography` API for e.g.:

* Loading certificates from PEM strings/files/cryptography object into
  a [pydantic][pydantic-docs] model including all 
  [x509 v3 extensions][ext-draft]
* Checking revocation of certificates using [OCSP][ocsp-draft] with 
  [CRL][crl-draft] fallback

## Docs

Documentation is available
at: [https://pki-tools.fulder.dev](https://pki-tools.fulder.dev)

## Quickstart

### Install

`pip install pki-tools`

### Usage

#### Loading certificate

```python
from pki_tools import Certificate

cert_pem = """
-----BEGIN CERTIFICATE-----
<CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""

cert = Certificate.from_pem_string(cert_pem)
```

#### Loading chain
```python
from pki_tools import Chain

issuer_cert_pem = """
-----BEGIN CERTIFICATE-----
<ISSUER_CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""

chain = Chain.from_pem_string(issuer_cert_pem)
```

#### Checking revocation using OCSP with CRL fallback

The following example is using the `cert` and `chain` from the examples above

```python
from pki_tools import is_revoked

if is_revoked(cert, chain):
    print("Certificate Revoked!")
```

[pydantic-docs]: https://docs.pydantic.dev/latest/

[ocsp-draft]: https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.2.1

[crl-draft]: https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.1.13

[ext-draft]: https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2
