ContrailOnlineCAClient

Release 0.5.1

Certificate Authority web service client

Homepage PyPI Python

License
LGPL-3.0
Install
pip install ContrailOnlineCAClient==0.5.1

Documentation

Online CA Client

Provides the client interface for an online Certificate Authority web-service. This package works with the ContrailOnlineCAService the server-side implementation also available from PyPI.

Web service calls can be made to request a certificate. The web service interface is RESTful using GET and POST operations. To request a certificate, a Certificate Signing Request is sent as a field with a HTTP POST call. The service should be hosted over HTTPS. The client authenticates using HTTP Basic Auth or SSL client authentication. In the first case, username and password are sent. For the latter, at least a username should be set as this needed to configure the subject name of the certificate requested. If authentication succeeds, an X.509 certificate is returned.

As well as a Python client, an implementation is included as shell scripts. These require only openssl and wget or curl which are typically available on Linux/UNIX based systems.

The code was originally developed for the EU Framework 7 programme Contrail Project.

Prerequisites

This has been developed and tested for Python 2.7 and 3.6.

Installation

Installation can be performed using pip:

$ pip install ContrailOnlineCAClient

Configuration

Examples are contained in onlineca.client.test.

Example Clients

The is a shell script client as well as Python command line client and API.

Shell script client

Bootstrap trust saving CA trust root certificates in ./ca-trustroots directory:

$ ./onlineca-get-trustroots.sh -U https://<hostname>/onlineca/trustroots/ -c ./ca-trustroots -b
Bootstrapping Short-Lived Credential Service root of trust.
Trust roots have been installed in ./ca-trustroots.

Obtain a certificate:

$ ./onlineca-get-cert.sh -U https://<hostname>/onlineca/certificate/ -l <username> -c ./ca-trustroots
Enter Short-Lived Credential phrase:
-----BEGIN CERTIFICATE-----
...

Python command line client

Bootstrap trust saving CA trust root certificates in ./ca-trustroots directory:

$ online-ca-client get_trustroots -s https://<hostname>/onlineca/trustroots -b -c ./ca-trustroots

Obtain a certificate:

$ online-ca-client get_cert -s https://slcs.somewhere.ac.uk/onlineca/certificate/ -l <username> -c ./ca-trustroots/ -o ./credentials.pem

Python API

Initialise setting directory to store CA certificate trust roots:

>>> from contrail.security.onlineca.client import OnlineCaClient
>>> onlineca_client = OnlineCaClient()
>>> onlineca_client.ca_cert_dir = "./ca-trustroots"

Bootstrap trust saving CA trust root certificates in ./ca-trustroots directory:

>>> trustroots = onlineca_client.get_trustroots("https://slcs.somewhere.ac.uk/onlineca/trustroots/", bootstrap=True, write_to_ca_cert_dir=True)

Get certificate - key and certificate(s) may be optionally written to a file

>>> key_pair, certs = onlineca_client.get_certificate(username, password, 'https://slcs.somewhere.ac.uk/onlineca/certificate/', pem_out_filepath="./credentials.pem")

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
8
Latest release
First release
Stars
1
Forks
1
Watchers
9
Contributors
4
Repository size
117 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.5.1
0.5.0
0.4.1
0.4.0
0.3.0
0.2.1
0.2.0
0.1.0

Contributors

Philip Kershaw Richard Smith Alan Iwi watucker


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-12-02 17:38:27 UTC

Login to resync this project