Pkix class¶
A Python interface to FirmaSAT <http://www.cryptosys.net/firmasat/>.
- class firmasat.Pkix
PKI X.509 security utilities.
- class KeyFormat
Format for saved key files.
- BINARY = 0
Binary DER-encoded
- DEFAULT = 0
Default = Binary
- PEM = 65536
PEM textual format
- class KeyOpt
Options for key output.
- DEFAULT = 0
Default (unencrypted base64 string)
- ENCRYPTED_PEM = 65536
Key as encrypted private key in PEM format
- class Query
Options for certificate query.
- KEYSIZE = 'keySize'
Get size in bits of certificate’s public key (e.g. “2048”)
- NOTAFTER = 'notAfter'
Get certificate expiry date
- NOTBEFORE = 'notBefore'
Get certificate start date
- ORGNAME = 'organizationName'
Get organization name of issuer (expecting “Servicio de Administración Tributaria”)
- RFC = 'rfc'
Get RFC of subject (expecting 12 or 13 characters)
- SERIALNUM = 'serialNumber'
Get decoded serial number (expecting 20 decimal digits)
- SIGALG = 'sigAlg'
Get algorithm used to sign certificate (e.g.
sha256WithRSAEncryption)
- static check_key_and_cert(keyFile, password, certFile)
Verify that the public key in an X.509 certificate matches the private key.
- Returns:
0 if match is OK, otherwise a nonzero error code – see
Err.error_lookup()- Return type:
int
- static get_cert_as_string(fileName)
Get the certificate data as a base64 string.
- Parameters:
fileName (str) – X.509 certificate file or XML file with
certificadonode.- Returns:
Certificate data as a string of base64 characters.
- Return type:
str
Note
Use to obtain the value for the
Certificadonode from an X.509 .CER file. If input is an XML file, this is equivalent toXmlu.get_attribute(fileName, "Certificado", "Comprobante")
- static get_key_as_string(fileName, password, keyopt=0)
Get the private key data as a base64 string suitable for a
llaveCertificadoelement in aCancelacionXML document.- Parameters:
fileName (str) – Encrypted private key file
password (str) – Password for encrypted private key
keyopt – Options – see
Pkix.KeyOpt
- Returns:
Private key data as a string of base64 characters, or an empty string on error.
- Return type:
str
Note
CAUTION: this reveals your private key in unsecured form. Use with care!
- static new_key_file(newFile, newPassword, keyFile, keyPassword, keyformat=0)
Save key file with a new password.
- Parameters:
newFile (str) – Name of output PFX file to be created
newPassword (str) – Password to open new PFX file
keyFile (str) – Name of encrypted key file
keyPassword (str) – Password for encrypted key file
keyformat (Pkix.KeyFormat) – Format to save file – see
Pkix.KeyFormat
- Returns:
0 if successful, otherwise a nonzero error code – see
Err.error_lookup().- Return type:
int
- static query_cert(filename, query)
Query an X.509 certificate file for selected information.
- Parameters:
filename (str) – X.509 file or XML file with
certificadonode or a base64 cert stringquery (str) – A valid query string – see
Pkix.Query
- Returns:
Result of query
- Return type:
str
Example:
n = Sello.query_cert('AC4_SAT.cer', 'keySize') # '4096' s = Sello.query_cert('cfdv40-ejemplo.xml', 'serialNumber') # 30001000000300023708
- static uuid()
Generate a Universally Unique IDentifier (UUID) compliant with RFC 4122.
- Returns:
A 36-character UUID string freshly generated at random.
Example:
'ea4ce835-de5d-4082-8475-47f8e531b254'
- static write_pfx_file(pfxFile, pfxPassword, keyFile, keyPassword, certFile)
Create a PFX (PKCS-12) file in base64 format suitable for a Cancelación.
- Parameters:
pfxFile (str) – Name of output PFX file to be created
pfxPassword (str) – Password to open new PFX file
keyFile (str) – Name of encrypted key file
keyPassword (str) – Password for encrypted key file
certFile (str) – Name of X.509 certificate file
- Returns:
0 if successful, otherwise a nonzero error code – see
Err.error_lookup().- Return type:
int