Skip to content

Base

πŸ€– AI-Generated Content

This documentation was generated with AI assistance and is still being audited. Some, or potentially a lot, of this information may be inaccurate. Learn more.

provide.foundation.crypto.certificates.base

Classes

CertificateBase

Immutable base certificate data.

Functions
create classmethod 
create(config: CertificateConfig) -> tuple[Self, KeyPair]

Create a new certificate base and private key.

Source code in provide/foundation/crypto/certificates/base.py 
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
@classmethod
def create(cls, config: CertificateConfig) -> tuple[Self, KeyPair]:
    """Create a new certificate base and private key."""
    _require_crypto()
    try:
        logger.debug("πŸ“œπŸ“πŸš€ CertificateBase.create: Starting base creation")
        not_valid_before = config["not_valid_before"]
        not_valid_after = config["not_valid_after"]

        if not_valid_before.tzinfo is None:
            not_valid_before = not_valid_before.replace(tzinfo=UTC)
        if not_valid_after.tzinfo is None:
            not_valid_after = not_valid_after.replace(tzinfo=UTC)

        logger.debug(
            "πŸ“œπŸ“… Certificate validity dates configured",
            not_valid_before=not_valid_before.isoformat(),
            not_valid_after=not_valid_after.isoformat(),
        )

        private_key: KeyPair
        match config["key_type"]:
            case KeyType.RSA:
                key_size = config.get("key_size", DEFAULT_RSA_KEY_SIZE)
                logger.debug(f"πŸ“œπŸ”‘πŸš€ Generating RSA key (size: {key_size})")
                private_key = rsa.generate_private_key(public_exponent=65537, key_size=key_size)
            case KeyType.ECDSA:
                curve_choice = config.get("curve", CurveType.SECP384R1)
                logger.debug(f"πŸ“œπŸ”‘πŸš€ Generating ECDSA key (curve: {curve_choice})")
                curve = getattr(ec, curve_choice.name)()
                private_key = ec.generate_private_key(curve)
            case _:
                raise ValueError(f"Internal Error: Unsupported key type: {config['key_type']}")

        subject = cls._create_name(config["common_name"], config["organization"])
        issuer = cls._create_name(config["common_name"], config["organization"])

        serial_number = x509.random_serial_number()

        base = cls(
            subject=subject,
            issuer=issuer,
            public_key=private_key.public_key(),
            not_valid_before=not_valid_before,
            not_valid_after=not_valid_after,
            serial_number=serial_number,
        )
        return base, private_key

    except Exception as e:
        logger.error(
            f"πŸ“œβŒ CertificateBase.create: Failed: {e}",
            extra={"error": str(e), "trace": traceback.format_exc()},
        )
        raise CertificateError(f"Failed to generate certificate base: {e}") from e

CertificateError 

CertificateError(message: str, hint: str | None = None)

Bases: ValidationError

Certificate-related errors.

Source code in provide/foundation/crypto/certificates/base.py 
51
52
53
54
55
56
57
def __init__(self, message: str, hint: str | None = None) -> None:
    super().__init__(
        message=message,
        field="certificate",
        value=None,
        rule=hint or "Certificate operation failed",
    )