first commit

.gitignore

@@ -0,0 +1,165 @@
+.DS_Store
+tmp/
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
+.pdm.toml
+.pdm-python
+.pdm-build/
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Michael Mohamed
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,16 @@
+install:
+	 poetry install
+
+test:
+	poetry run pytest -s --disable-warnings
+
+build:
+	rm -rf ./dist
+	poetry export -f requirements.txt > requirements.txt
+	poetry build
+
+publish: build
+	poetry publish
+
+config:
+	poetry config virtualenvs.create false --local

README.md

@@ -0,0 +1,103 @@
+# x509-utils
+
+`x509-utils` is a Python library for parsing and normalizing X.509 certificates in Base64 DER format. It extracts key certificate details such as the serial number, subject DN, issuer DN, and validity periods while providing support for consistent DN normalization.
+
+## Features
+
+- Parse Base64-encoded X.509 certificates in DER format.
+- Extract certificate details including:
+  - Serial Number
+  - Subject Distinguished Name (DN)
+  - Issuer Distinguished Name (DN)
+  - Validity Period (Not Before and Not After)
+- Normalize Distinguished Names for consistent formatting.
+- Lightweight and easy to integrate into cryptographic and PKI workflows.
+
+## Installation
+
+Install the library via pip:
+
+```bash
+pip install x509-utils
+```
+
+## Usage
+
+Here's an example of how to use `x509-utils` to parse an X.509 certificate:
+
+```python
+from x509_utils import parse_x509_certificate
+
+# Base64-encoded DER certificate
+client_cert: str = """
+<insert your Base64-encoded certificate here>
+"""
+
+# Parse the certificate
+decoded_cert = parse_x509_certificate(client_cert)
+
+# Access certificate details
+print("Serial Number:", decoded_cert["serial"])
+print("Subject DN (raw):", decoded_cert["subject_dn"]["raw"])
+print("Subject DN (normalized):", decoded_cert["subject_dn"]["normalized"])
+print("Issuer DN (raw):", decoded_cert["issuer_dn"]["raw"])
+print("Issuer DN (normalized):", decoded_cert["issuer_dn"]["normalized"])
+print("Validity Period (Not Before):", decoded_cert["not_valid"]["before"])
+print("Validity Period (Not After):", decoded_cert["not_valid"]["after"])
+```
+
+## API Reference
+
+### `parse_x509_certificate(cert_base64: str) -> dict`
+
+Parses a Base64-encoded X.509 certificate in DER format.
+
+#### Arguments
+- `cert_base64` (str): Base64-encoded DER-formatted X.509 certificate.
+
+#### Returns
+A dictionary with the following keys:
+- `serial`: The certificate serial number.
+- `subject_dn`: A dictionary containing the raw and normalized subject DN.
+- `issuer_dn`: A dictionary containing the raw and normalized issuer DN.
+- `not_valid`: A dictionary with `before` and `after` datetime objects indicating the validity period.
+
+#### Raises
+- `ValueError`: If the certificate is invalid or parsing fails.
+
+### `safe_dn(dn: str) -> str`
+
+Normalizes a Distinguished Name (DN) string by sorting and formatting components consistently.
+
+#### Arguments
+- `dn` (str): The DN string to normalize.
+
+#### Returns
+- A normalized DN string.
+
+## License
+
+This project is licensed under the MIT License. See the `LICENSE` file for details.
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit issues or pull requests to help improve this library.
+
+
+# Generating a self-signed certificate
+```shell
+# Generate a Private Key
+openssl genrsa -out tmp/test.key 2048
+
+# Generate a Certificate Signing Request (CSR)
+openssl req -new -key tmp/test.key -out tmp/test.csr -subj "/C=US/ST=Virginia/L=McLean/O=Test Company/OU=Engineering/CN=example.com"
+
+# Generate a Self-Signed Certificate
+openssl x509 -req -days 365 -in tmp/test.csr -signkey tmp/test.key -out tmp/test.crt
+
+# Convert the Certificate to DER Format
+openssl x509 -in tmp/test.crt -outform DER -out tmp/test.der
+
+# Base64 Encode the DER File
+base64 tmp/test.der > tmp/test_cert.base64
+```

devbox.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.10.6/.schema/devbox.schema.json",
+  "packages": [
+    "poetry@latest",
+    "python310@latest"
+  ],
+  "shell": {
+    "init_hook": [
+      "typeset -g POWERLEVEL9K_INSTANT_PROMPT=off",
+      "echo 'Welcome to devbox!' > /dev/null"
+    ],
+    "scripts": {
+      "test": [
+        "echo \"Error: no test specified\" && exit 1"
+      ]
+    }
+  }
+}