TLSStore¶
TLSStore(ca_key, ca_cert)
¶
A simple in-memory TLS store that signs certificates for domains on the fly using a provided CA.
Use TLSStore.generate_ca() to create a new CA, or TLSStore.load_ca_from_disk() to load an existing one.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
ca_key
|
EllipticCurvePrivateKey
|
The CA private key (must be EllipticCurve) |
required |
ca_cert
|
Certificate
|
The CA certificate |
required |
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
ca_key
|
EllipticCurvePrivateKey
|
The CA private key (must be EllipticCurve) |
required |
ca_cert
|
Certificate
|
The CA certificate |
required |
generate_ca(country, state, locality, organization, common_name)
classmethod
¶
Generate a new CA and create a TLSStore instance with it.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
country
|
str
|
Two-letter country code (e.g., "FR", "US") |
required |
state
|
str
|
State or province name (e.g., "Ile-de-France", "California") |
required |
locality
|
str
|
City or locality name (e.g., "Paris", "San Francisco") |
required |
organization
|
str
|
Organization name (e.g., "My Company") |
required |
common_name
|
str
|
Common name for the CA (e.g., "My Company CA") |
required |
Returns:
| Type | Description |
|---|---|
TLSStore
|
TLSStore instance with the generated CA |
get_ca_pem()
¶
Get the CA PEM certificate.
Returns:
| Type | Description |
|---|---|
bytes
|
The CA certificate in PEM format. |
get_ssl_context(domain)
¶
Get a new SSL context for a given domain. If no certificate is found, generate a new one.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
domain
|
str
|
The domain to get the certificate for. |
required |
save_ca_to_disk(key_file, cert_file)
¶
Save the CA private key and certificate to disk files.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
key_file
|
Union[str, Path]
|
Path where to save the CA private key (PEM format) |
required |
cert_file
|
Union[str, Path]
|
Path where to save the CA certificate (PEM format) |
required |
load_ca_from_disk(key_file, cert_file)
classmethod
¶
Load CA private key and certificate from disk and create a TLSStore instance.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
key_file
|
Union[str, Path]
|
Path to the CA private key file (PEM format) |
required |
cert_file
|
Union[str, Path]
|
Path to the CA certificate file (PEM format) |
required |
Returns:
| Type | Description |
|---|---|
TLSStore
|
TLSStore instance using the loaded CA |
Raises:
| Type | Description |
|---|---|
ValueError
|
If the key file doesn't contain an EllipticCurve private key |
FileNotFoundError
|
If either file doesn't exist |
ValueError
|
If the files cannot be parsed |