Pkix class¶
A Python interface to FirmaSAT <https://cryptosys.net/firmasat/>.
- class firmasat.Pkix
- PKI X.509 security utilities. - class KeyFormat
- Format for saved key files. - BINARY = 0
- Binary DER-encoded 
 - DEFAULT = 0
- Default = Binary 
 - PEM = 65536
- PEM textual format 
 
 - class KeyOpt
- Options for key output. - DEFAULT = 0
- Default (unencrypted base64 string) 
 - ENCRYPTED_PEM = 65536
- Key as encrypted private key in PEM format 
 
 - class Query
- Options for certificate query. - KEYSIZE = 'keySize'
- Get size in bits of certificate’s public key (e.g. “2048”) 
 - NOTAFTER = 'notAfter'
- Get certificate expiry date 
 - NOTBEFORE = 'notBefore'
- Get certificate start date 
 - ORGNAME = 'organizationName'
- Get organization name of issuer (expecting “Servicio de Administración Tributaria”) 
 - RFC = 'rfc'
- Get RFC of subject (expecting 12 or 13 characters) 
 - SERIALNUM = 'serialNumber'
- Get decoded serial number (expecting 20 decimal digits) 
 - SIGALG = 'sigAlg'
- Get algorithm used to sign certificate (e.g. - sha256WithRSAEncryption)
 
 - static check_key_and_cert(keyFile, password, certFile)
- Verify that the public key in an X.509 certificate matches the private key. - Returns:
- 0 if match is OK, otherwise a nonzero error code – see - Err.error_lookup()
- Return type:
- int 
 
 - static get_cert_as_string(fileName)
- Get the certificate data as a base64 string. - Parameters:
- fileName (str) – X.509 certificate file or XML file with - certificadonode.
- Returns:
- Certificate data as a string of base64 characters. 
- Return type:
- str 
 - Note - Use to obtain the value for the - Certificadonode from an X.509 .CER file. If input is an XML file, this is equivalent to- Xmlu.get_attribute(fileName, "Certificado", "Comprobante")
 - static get_key_as_string(fileName, password, keyopt=0)
- Get the private key data as a base64 string suitable for a - llaveCertificadoelement in a- CancelacionXML document.- Parameters:
- fileName (str) – Encrypted private key file 
- password (str) – Password for encrypted private key 
- keyopt – Options – see - Pkix.KeyOpt
 
- Returns:
- Private key data as a string of base64 characters, or an empty string on error. 
- Return type:
- str 
 - Note - CAUTION: this reveals your private key in unsecured form. Use with care! 
 - static new_key_file(newFile, newPassword, keyFile, keyPassword, keyformat=0)
- Save key file with a new password. - Parameters:
- newFile (str) – Name of output PFX file to be created 
- newPassword (str) – Password to open new PFX file 
- keyFile (str) – Name of encrypted key file 
- keyPassword (str) – Password for encrypted key file 
- keyformat (Pkix.KeyFormat) – Format to save file – see - Pkix.KeyFormat
 
- Returns:
- 0 if successful, otherwise a nonzero error code – see - Err.error_lookup().
- Return type:
- int 
 
 - static query_cert(filename, query)
- Query an X.509 certificate file for selected information. - Parameters:
- filename (str) – X.509 file or XML file with - certificadonode or a base64 cert string
- query (str) – A valid query string – see - Pkix.Query
 
- Returns:
- Result of query 
- Return type:
- str 
 - Example: - n = Sello.query_cert('AC4_SAT.cer', 'keySize') # '4096' s = Sello.query_cert('cfdv40-ejemplo.xml', 'serialNumber') # 30001000000300023708 
 - static uuid()
- Generate a Universally Unique IDentifier (UUID) compliant with RFC 4122. - Returns:
- A 36-character UUID string freshly generated at random. 
 - Example: - 'ea4ce835-de5d-4082-8475-47f8e531b254'
 - static write_pfx_file(pfxFile, pfxPassword, keyFile, keyPassword, certFile)
- Create a PFX (PKCS-12) file in base64 format suitable for a Cancelación. - Parameters:
- pfxFile (str) – Name of output PFX file to be created 
- pfxPassword (str) – Password to open new PFX file 
- keyFile (str) – Name of encrypted key file 
- keyPassword (str) – Password for encrypted key file 
- certFile (str) – Name of X.509 certificate file 
 
- Returns:
- 0 if successful, otherwise a nonzero error code – see - Err.error_lookup().
- Return type:
- int