certomancer-csc-dummy


Namecertomancer-csc-dummy JSON
Version 0.3.0 PyPI version JSON
download
home_pagehttps://github.com/MatthiasValvekens/certomancer-csc-dummy
SummaryA Certomancer-based demo CSC server for integration tests
upload_time2024-03-18 21:43:20
maintainer
docs_urlNone
authorMatthias Valvekens
requires_python
licenseMIT
keywords pki testing csc signature
VCS
bugtrack_url
requirements asn1crypto cryptography certomancer aiohttp python-pae
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Certomancer-based dummy CSC server implementation

## Overview

This package contains a minimal implementation of the Cloud Signature
Consortium (CSC) API for remote signing. It's intended for use in
integration tests and demonstrations.
Most of the heavy lifting is actually done by
[Certomancer](https://github.com/MatthiasValvekens/certomancer). This package
merely wraps calls to Certomancer in an `aiohttp`-based web interface that
exposes (a subset of) the CSC API.

This is a **testing tool**, and it omits all sorts of essential security features:

 - Requests are not authenticated
 - No SAD replay prevention of any sort, other than the standard hash pinning
   supported by the CSC protocol
 - All keys in the Certomancer config can be used to sign hashes in CSC calls

**It goes without saying that you should _never_ use this implementation, or any
derivative thereof, with production keys.**


## Missing features

Besides most authentication-related endpoints, the
`credentials/extendTransaction` endpoint is currently also unavailable. Support
for this endpoint may be implemented in the future.

The other obvious missing feature is "anything resembling a decent user interface".
This code was essentially isolated from
[pyHanko's](https://github.com/MatthiasValvekens/pyHanko) integration tests in the hope that
it might be useful for others to play around with, and the primitive CLI reflects that.


## Invocation

The package is on [PyPI](https://pypi.org/project/certomancer-csc-dummy/0.1.0/)
and can be installed via `pip`:

```bash
pip install certomancer-csc-dummy
```

This is the command syntax. All parameters are required.

```bash
certomancer-csc CERTOMANCER_CONFIG PORT SCAL
```

The meaning of the parameters is as follows:

 - `CERTOMANCER_CONFIG` is the path to your Certomancer config file, usually called
   `certomancer.yml`
 - `PORT` is the port on which you want the dummy server to listen
 - `SCAL` indicates whether SAD data is required to be bound to hashes
   (`1`=no, `2`=yes) — see the CSC specification for details.
 
The credentials exposed in the CSC API are in one-to-one correspondence with
certificates in Certomancer (assuming Certomancer has access to all the private keys).
The naming convention for credentials is `<arch>/<cert-label>`, where `<arch>` is the
name of the Certomancer PKI architecture you're trying to access, and `<cert-label>`
is the label of the certificate that will be treated as the signer's certificate.
Example: `testing-ca/signer1` would access the certificate `signer1` in the
architecture labelled `testing-ca`. Signatures will be produced by the corresponding
private key.

Again, note that all credentials are always available without any form of authentication,
although the caller is still required to go through the motions of requesting a SAD token
before any signatures will be returned.

**Note:** The CSC dummy server currently does _not_ launch Certomancer Animator or otherwise
expose access to trust services managed by Certomancer. For now, you need to launch
Certomancer Animator in a separate process if you need those.

(The reason is that Certomancer doesn't (yet) natively integrate with `aiohttp`, it
currently only does WSGI. That may change in the future.)

## Example usage

See here:

 - [the workflow code](https://github.com/MatthiasValvekens/pyHanko/blob/master/.github/workflows/live-integration-tests.yml)
   for pyHanko's "live" integration test setup
 - [the dummy client implementation](https://github.com/MatthiasValvekens/pyHanko/blob/master/pyhanko_tests/csc_utils/csc_dummy_client.py)
   used in pyHanko's tests

## License

MIT license.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/MatthiasValvekens/certomancer-csc-dummy",
    "name": "certomancer-csc-dummy",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "pki testing csc signature",
    "author": "Matthias Valvekens",
    "author_email": "dev@mvalvekens.be",
    "download_url": "https://files.pythonhosted.org/packages/1d/25/c8afb607be8f604492dfd08a75b8abfdb3714dc64da1ca9ba9004a70bac6/certomancer-csc-dummy-0.3.0.tar.gz",
    "platform": null,
    "description": "# Certomancer-based dummy CSC server implementation\n\n## Overview\n\nThis package contains a minimal implementation of the Cloud Signature\nConsortium (CSC) API for remote signing. It's intended for use in\nintegration tests and demonstrations.\nMost of the heavy lifting is actually done by\n[Certomancer](https://github.com/MatthiasValvekens/certomancer). This package\nmerely wraps calls to Certomancer in an `aiohttp`-based web interface that\nexposes (a subset of) the CSC API.\n\nThis is a **testing tool**, and it omits all sorts of essential security features:\n\n - Requests are not authenticated\n - No SAD replay prevention of any sort, other than the standard hash pinning\n   supported by the CSC protocol\n - All keys in the Certomancer config can be used to sign hashes in CSC calls\n\n**It goes without saying that you should _never_ use this implementation, or any\nderivative thereof, with production keys.**\n\n\n## Missing features\n\nBesides most authentication-related endpoints, the\n`credentials/extendTransaction` endpoint is currently also unavailable. Support\nfor this endpoint may be implemented in the future.\n\nThe other obvious missing feature is \"anything resembling a decent user interface\".\nThis code was essentially isolated from\n[pyHanko's](https://github.com/MatthiasValvekens/pyHanko) integration tests in the hope that\nit might be useful for others to play around with, and the primitive CLI reflects that.\n\n\n## Invocation\n\nThe package is on [PyPI](https://pypi.org/project/certomancer-csc-dummy/0.1.0/)\nand can be installed via `pip`:\n\n```bash\npip install certomancer-csc-dummy\n```\n\nThis is the command syntax. All parameters are required.\n\n```bash\ncertomancer-csc CERTOMANCER_CONFIG PORT SCAL\n```\n\nThe meaning of the parameters is as follows:\n\n - `CERTOMANCER_CONFIG` is the path to your Certomancer config file, usually called\n   `certomancer.yml`\n - `PORT` is the port on which you want the dummy server to listen\n - `SCAL` indicates whether SAD data is required to be bound to hashes\n   (`1`=no, `2`=yes) &mdash; see the CSC specification for details.\n \nThe credentials exposed in the CSC API are in one-to-one correspondence with\ncertificates in Certomancer (assuming Certomancer has access to all the private keys).\nThe naming convention for credentials is `<arch>/<cert-label>`, where `<arch>` is the\nname of the Certomancer PKI architecture you're trying to access, and `<cert-label>`\nis the label of the certificate that will be treated as the signer's certificate.\nExample: `testing-ca/signer1` would access the certificate `signer1` in the\narchitecture labelled `testing-ca`. Signatures will be produced by the corresponding\nprivate key.\n\nAgain, note that all credentials are always available without any form of authentication,\nalthough the caller is still required to go through the motions of requesting a SAD token\nbefore any signatures will be returned.\n\n**Note:** The CSC dummy server currently does _not_ launch Certomancer Animator or otherwise\nexpose access to trust services managed by Certomancer. For now, you need to launch\nCertomancer Animator in a separate process if you need those.\n\n(The reason is that Certomancer doesn't (yet) natively integrate with `aiohttp`, it\ncurrently only does WSGI. That may change in the future.)\n\n## Example usage\n\nSee here:\n\n - [the workflow code](https://github.com/MatthiasValvekens/pyHanko/blob/master/.github/workflows/live-integration-tests.yml)\n   for pyHanko's \"live\" integration test setup\n - [the dummy client implementation](https://github.com/MatthiasValvekens/pyHanko/blob/master/pyhanko_tests/csc_utils/csc_dummy_client.py)\n   used in pyHanko's tests\n\n## License\n\nMIT license.\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "A Certomancer-based demo CSC server for integration tests",
    "version": "0.3.0",
    "project_urls": {
        "Homepage": "https://github.com/MatthiasValvekens/certomancer-csc-dummy"
    },
    "split_keywords": [
        "pki",
        "testing",
        "csc",
        "signature"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "4c775e50f337f9136e131f69506c9cc6c2459d98ecdc88ff01322dfe6421a58e",
                "md5": "98d6aa5d8518c6f37cc738eee7ceb7ad",
                "sha256": "f18785354c0e4f4e0faed7d498523a8795c5cc907754fc31378c9906c12b74b9"
            },
            "downloads": -1,
            "filename": "certomancer_csc_dummy-0.3.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "98d6aa5d8518c6f37cc738eee7ceb7ad",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 11432,
            "upload_time": "2024-03-18T21:43:18",
            "upload_time_iso_8601": "2024-03-18T21:43:18.660260Z",
            "url": "https://files.pythonhosted.org/packages/4c/77/5e50f337f9136e131f69506c9cc6c2459d98ecdc88ff01322dfe6421a58e/certomancer_csc_dummy-0.3.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "1d25c8afb607be8f604492dfd08a75b8abfdb3714dc64da1ca9ba9004a70bac6",
                "md5": "301d51c562c256e191f151b86032b140",
                "sha256": "fb3f8f25f23b6134b0070d635bfad6f1c499814794c85019dc0acc20cdd17548"
            },
            "downloads": -1,
            "filename": "certomancer-csc-dummy-0.3.0.tar.gz",
            "has_sig": false,
            "md5_digest": "301d51c562c256e191f151b86032b140",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 10598,
            "upload_time": "2024-03-18T21:43:20",
            "upload_time_iso_8601": "2024-03-18T21:43:20.445599Z",
            "url": "https://files.pythonhosted.org/packages/1d/25/c8afb607be8f604492dfd08a75b8abfdb3714dc64da1ca9ba9004a70bac6/certomancer-csc-dummy-0.3.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-03-18 21:43:20",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "MatthiasValvekens",
    "github_project": "certomancer-csc-dummy",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [
        {
            "name": "asn1crypto",
            "specs": [
                [
                    ">=",
                    "1.5.1"
                ]
            ]
        },
        {
            "name": "cryptography",
            "specs": [
                [
                    ">=",
                    "3.3.1"
                ]
            ]
        },
        {
            "name": "certomancer",
            "specs": [
                [
                    ">=",
                    "0.11.0"
                ],
                [
                    "<",
                    "0.12.0"
                ]
            ]
        },
        {
            "name": "aiohttp",
            "specs": [
                [
                    "~=",
                    "3.9.0"
                ]
            ]
        },
        {
            "name": "python-pae",
            "specs": [
                [
                    "==",
                    "0.1.0"
                ]
            ]
        }
    ],
    "lcname": "certomancer-csc-dummy"
}
        
Elapsed time: 0.22225s