A Python library for parsing and normalizing X.509 certificates in Base64 DER format. It extracts key details like serial number, subject DN, issuer DN, and validity periods, with support for consistent DN normalization.
x509-utils is a Python library for parsing and normalizing X.509 certificates in Base64 DER format. It extracts key certificate details such as the serial number, subject DN, issuer DN, and validity periods while providing support for consistent DN normalization.
Install the library via pip:
pip install x509-utils
Here's an example of how to use x509-utils to parse an X.509 certificate:
from x509_utils import parse_x509_certificate
# Base64-encoded DER certificate
client_cert: str = """
<insert your Base64-encoded certificate here>
"""
# Parse the certificate
decoded_cert = parse_x509_certificate(client_cert)
# Access certificate details
print("Serial Number:", decoded_cert["serial"])
print("Subject DN (raw):", decoded_cert["subject_dn"]["raw"])
print("Subject DN (normalized):", decoded_cert["subject_dn"]["normalized"])
print("Issuer DN (raw):", decoded_cert["issuer_dn"]["raw"])
print("Issuer DN (normalized):", decoded_cert["issuer_dn"]["normalized"])
print("Validity Period (Not Before):", decoded_cert["not_valid"]["before"])
print("Validity Period (Not After):", decoded_cert["not_valid"]["after"])
parse_x509_certificate(cert_base64: str) -> dictParses a Base64-encoded X.509 certificate in DER format.
cert_base64 (str): Base64-encoded DER-formatted X.509 certificate.A dictionary with the following keys:
serial: The certificate serial number.subject_dn: A dictionary containing the raw and normalized subject DN.issuer_dn: A dictionary containing the raw and normalized issuer DN.not_valid: A dictionary with before and after datetime objects indicating the validity period.ValueError: If the certificate is invalid or parsing fails.safe_dn(dn: str) -> strNormalizes a Distinguished Name (DN) string by sorting and formatting components consistently.
dn (str): The DN string to normalize.This project is licensed under the MIT License. See the LICENSE file for details.
Contributions are welcome! Please feel free to submit issues or pull requests to help improve this library.
# Generate a Private Key
openssl genrsa -out tmp/test.key 2048
# Generate a Certificate Signing Request (CSR)
openssl req -new -key tmp/test.key -out tmp/test.csr -subj "/C=US/ST=Virginia/L=McLean/O=Test Company/OU=Engineering/CN=example.com"
# Generate a Self-Signed Certificate
openssl x509 -req -days 365 -in tmp/test.csr -signkey tmp/test.key -out tmp/test.crt
# Convert the Certificate to DER Format
openssl x509 -in tmp/test.crt -outform DER -out tmp/test.der
# Base64 Encode the DER File
base64 tmp/test.der > tmp/test_cert.base64
FAQs
A Python library for parsing and normalizing X.509 certificates in Base64 DER format. It extracts key details like serial number, subject DN, issuer DN, and validity periods, with support for consistent DN normalization.
We found that x509-toolkit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
Security News
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.