provide-foundation 0.0.0.dev1__py3-none-any.whl → 0.0.0.dev3__py3-none-any.whl

provide/foundation/crypto/certificates/certificate.py

@@ -11,7 +11,7 @@ try:
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
     from cryptography.x509 import Certificate as X509Certificate
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -22,11 +22,17 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.certificates.base import CertificateBase, CertificateError, PublicKey
+from provide.foundation.crypto.certificates.base import (
+    CertificateBase,
+    CertificateError,
+    PublicKey,
+)
 from provide.foundation.crypto.certificates.generator import generate_certificate
 from provide.foundation.crypto.certificates.loader import load_certificate_from_pem
 from provide.foundation.crypto.certificates.operations import create_x509_certificate
-from provide.foundation.crypto.certificates.trust import verify_trust as verify_trust_impl
+from provide.foundation.crypto.certificates.trust import (
+    verify_trust as verify_trust_impl,
+)
 from provide.foundation.crypto.constants import (
     DEFAULT_CERTIFICATE_CURVE,
     DEFAULT_CERTIFICATE_KEY_TYPE,
@@ -83,13 +89,10 @@ class Certificate:
         else:
             # Load existing certificate
             if not self.cert_pem_or_uri:
-                raise CertificateError(
-                    "cert_pem_or_uri required when not generating"
-                )
-            
+                raise CertificateError("cert_pem_or_uri required when not generating")
+
             base, x509_cert, private_key, cert_pem, key_pem = load_certificate_from_pem(
-                self.cert_pem_or_uri,
-                self.key_pem_or_uri
+                self.cert_pem_or_uri, self.key_pem_or_uri
             )
             self._base = base
             self._cert = x509_cert
@@ -174,9 +177,14 @@ class Certificate:
     ) -> "Certificate":
         """Creates a new self-signed CA certificate."""
         from provide.foundation.crypto.certificates.factory import create_ca_certificate
+
         return create_ca_certificate(
-            common_name, organization_name, validity_days, 
-            key_type, key_size, ecdsa_curve
+            common_name,
+            organization_name,
+            validity_days,
+            key_type,
+            key_size,
+            ecdsa_curve,
         )
 
     @classmethod
@@ -193,10 +201,20 @@ class Certificate:
         is_client_cert: bool = False,
     ) -> "Certificate":
         """Creates a new certificate signed by the provided CA certificate."""
-        from provide.foundation.crypto.certificates.factory import create_signed_certificate
+        from provide.foundation.crypto.certificates.factory import (
+            create_signed_certificate,
+        )
+
         return create_signed_certificate(
-            ca_certificate, common_name, organization_name, validity_days,
-            alt_names, key_type, key_size, ecdsa_curve, is_client_cert
+            ca_certificate,
+            common_name,
+            organization_name,
+            validity_days,
+            alt_names,
+            key_type,
+            key_size,
+            ecdsa_curve,
+            is_client_cert,
         )
 
     @classmethod
@@ -211,10 +229,18 @@ class Certificate:
         ecdsa_curve: str = DEFAULT_CERTIFICATE_CURVE,
     ) -> "Certificate":
         """Creates a new self-signed end-entity certificate suitable for a server."""
-        from provide.foundation.crypto.certificates.factory import create_self_signed_server_cert
+        from provide.foundation.crypto.certificates.factory import (
+            create_self_signed_server_cert,
+        )
+
         return create_self_signed_server_cert(
-            common_name, organization_name, validity_days,
-            alt_names, key_type, key_size, ecdsa_curve
+            common_name,
+            organization_name,
+            validity_days,
+            alt_names,
+            key_type,
+            key_size,
+            ecdsa_curve,
         )
 
     def verify_trust(self, other_cert: Self) -> bool:
@@ -243,7 +269,10 @@ class Certificate:
         self, signed_cert: "Certificate", signing_cert: "Certificate"
     ) -> bool:
         """Internal helper: Validates signature and issuer/subject match."""
-        from provide.foundation.crypto.certificates.trust import validate_signature_wrapper
+        from provide.foundation.crypto.certificates.trust import (
+            validate_signature_wrapper,
+        )
+
         return validate_signature_wrapper(signed_cert, signing_cert)
 
     def __eq__(self, other: object) -> bool:
@@ -287,4 +316,4 @@ class Certificate:
 
 
 # Type alias for backwards compatibility
-KeyPair = rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None
+KeyPair = rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None

provide/foundation/crypto/certificates/factory.py

@@ -1,9 +1,14 @@
 """Certificate factory methods."""
 
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from provide.foundation.crypto.certificates.certificate import Certificate
+
 try:
     from cryptography import x509
     from cryptography.hazmat.primitives import serialization
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -11,7 +16,10 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.certificates.base import CertificateError, _require_crypto
+from provide.foundation.crypto.certificates.base import (
+    CertificateError,
+    _require_crypto,
+)
 from provide.foundation.crypto.certificates.operations import create_x509_certificate
 from provide.foundation.crypto.constants import (
     DEFAULT_CERTIFICATE_CURVE,
@@ -32,7 +40,7 @@ def create_ca_certificate(
     """Creates a new self-signed CA certificate."""
     # Import here to avoid circular dependency
     from provide.foundation.crypto.certificates.certificate import Certificate
-    
+
     logger.info(
         f"📜🔑🏭 Creating new CA certificate: CN={common_name}, Org={organization_name}"
     )
@@ -76,7 +84,7 @@ def create_signed_certificate(
     """Creates a new certificate signed by the provided CA certificate."""
     # Import here to avoid circular dependency
     from provide.foundation.crypto.certificates.certificate import Certificate
-    
+
     logger.info(
         f"📜🔑🏭 Creating new certificate signed by CA '{ca_certificate.subject}': "
         f"CN={common_name}, Org={organization_name}, ClientCert={is_client_cert}"
@@ -91,7 +99,7 @@ def create_signed_certificate(
             f"📜🔑⚠️ Signing certificate (Subject: {ca_certificate.subject}) "
             "is not marked as a CA. This might lead to validation issues."
         )
-    
+
     new_cert_obj = Certificate(
         generate_keypair=True,
         common_name=common_name,
@@ -102,7 +110,7 @@ def create_signed_certificate(
         key_size=key_size,
         ecdsa_curve=ecdsa_curve,
     )
-    
+
     signed_x509_cert = create_x509_certificate(
         base=new_cert_obj._base,
         private_key=new_cert_obj._private_key,
@@ -112,12 +120,12 @@ def create_signed_certificate(
         is_ca=False,
         is_client_cert=is_client_cert,
     )
-    
+
     new_cert_obj._cert = signed_x509_cert
     new_cert_obj.cert = signed_x509_cert.public_bytes(
         serialization.Encoding.PEM
     ).decode("utf-8")
-    
+
     logger.info(
         f"📜🔑✅ Successfully created and signed certificate for "
         f"CN={common_name} by CA='{ca_certificate.subject}'"
@@ -137,12 +145,12 @@ def create_self_signed_server_cert(
     """Creates a new self-signed end-entity certificate suitable for a server."""
     # Import here to avoid circular dependency
     from provide.foundation.crypto.certificates.certificate import Certificate
-    
+
     logger.info(
         f"📜🔑🏭 Creating new self-signed SERVER certificate: "
         f"CN={common_name}, Org={organization_name}"
     )
-    
+
     cert_obj = Certificate(
         generate_keypair=True,
         common_name=common_name,
@@ -153,12 +161,12 @@ def create_self_signed_server_cert(
         key_size=key_size,
         ecdsa_curve=ecdsa_curve,
     )
-    
+
     if not cert_obj._private_key:
         raise CertificateError(
             "Private key not generated for self-signed server certificate"
         )
-    
+
     actual_x509_cert = create_x509_certificate(
         base=cert_obj._base,
         private_key=cert_obj._private_key,
@@ -166,12 +174,12 @@ def create_self_signed_server_cert(
         is_ca=False,
         is_client_cert=False,
     )
-    
+
     cert_obj._cert = actual_x509_cert
-    cert_obj.cert = actual_x509_cert.public_bytes(
-        serialization.Encoding.PEM
-    ).decode("utf-8")
-    
+    cert_obj.cert = actual_x509_cert.public_bytes(serialization.Encoding.PEM).decode(
+        "utf-8"
+    )
+
     logger.info(
         f"📜🔑✅ Successfully created self-signed SERVER certificate for CN={common_name}"
     )
@@ -210,4 +218,4 @@ def create_ca(
         organization_name=organization,
         validity_days=validity_days,
         key_type=key_type,
-    )
+    )

provide/foundation/crypto/certificates/generator.py

@@ -7,7 +7,7 @@ try:
     from cryptography import x509
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -28,7 +28,6 @@ from provide.foundation.crypto.certificates.operations import create_x509_certif
 from provide.foundation.crypto.constants import (
     DEFAULT_CERTIFICATE_CURVE,
     DEFAULT_CERTIFICATE_KEY_TYPE,
-    DEFAULT_CERTIFICATE_VALIDITY_DAYS,
     DEFAULT_RSA_KEY_SIZE,
 )
 
@@ -43,20 +42,26 @@ def generate_certificate(
     alt_names: list[str] | None = None,
     is_ca: bool = False,
     is_client_cert: bool = False,
-) -> tuple[CertificateBase, "x509.Certificate", "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey", str, str]:
+) -> tuple[
+    CertificateBase,
+    "x509.Certificate",
+    "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey",
+    str,
+    str,
+]:
     """
     Generate a new certificate with a keypair.
-    
+
     Returns:
         Tuple of (CertificateBase, X509Certificate, private_key, cert_pem, key_pem)
     """
     try:
         logger.debug("📜🔑🚀 Generating new keypair")
-        
+
         now = datetime.now(UTC)
         not_valid_before = now - timedelta(days=1)
         not_valid_after = now + timedelta(days=validity_days)
-        
+
         # Parse key type
         normalized_key_type_str = key_type.lower()
         match normalized_key_type_str:
@@ -69,21 +74,19 @@ def generate_certificate(
                     f"Unsupported key_type string: '{key_type}'. "
                     "Must be 'rsa' or 'ecdsa'."
                 )
-        
+
         # Configure key parameters
         gen_curve: CurveType | None = None
         gen_key_size = None
-        
+
         if gen_key_type == KeyType.ECDSA:
             try:
                 gen_curve = CurveType[ecdsa_curve.upper()]
             except KeyError as e_curve:
-                raise ValueError(
-                    f"Unsupported ECDSA curve: {ecdsa_curve}"
-                ) from e_curve
+                raise ValueError(f"Unsupported ECDSA curve: {ecdsa_curve}") from e_curve
         else:  # RSA
             gen_key_size = key_size
-        
+
         # Build configuration
         conf: CertificateConfig = {
             "common_name": common_name,
@@ -98,10 +101,10 @@ def generate_certificate(
         if gen_key_size is not None:
             conf["key_size"] = gen_key_size
         logger.debug(f"📜🔑🚀 Generation config: {conf}")
-        
+
         # Generate base certificate and private key
         base, private_key = CertificateBase.create(conf)
-        
+
         # Create X.509 certificate
         x509_cert = create_x509_certificate(
             base=base,
@@ -110,12 +113,10 @@ def generate_certificate(
             is_ca=is_ca,
             is_client_cert=is_client_cert,
         )
-        
+
         if x509_cert is None:
-            raise CertificateError(
-                "Certificate object (_cert) is None after creation"
-            )
-        
+            raise CertificateError("Certificate object (_cert) is None after creation")
+
         # Convert to PEM format
         cert_pem = x509_cert.public_bytes(serialization.Encoding.PEM).decode("utf-8")
         key_pem = private_key.private_bytes(
@@ -123,11 +124,11 @@ def generate_certificate(
             format=serialization.PrivateFormat.PKCS8,
             encryption_algorithm=serialization.NoEncryption(),
         ).decode("utf-8")
-        
+
         logger.debug("📜🔑✅ Generated cert and key")
-        
+
         return base, x509_cert, private_key, cert_pem, key_pem
-        
+
     except Exception as e:
         logger.error(
             f"📜❌ Failed to generate certificate. Error: {type(e).__name__}: {e}",
@@ -135,4 +136,4 @@ def generate_certificate(
         )
         raise CertificateError(
             f"Failed to initialize certificate. Original error: {type(e).__name__}"
-        ) from e
+        ) from e

provide/foundation/crypto/certificates/loader.py

@@ -10,7 +10,7 @@ try:
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
     from cryptography.hazmat.primitives.serialization import load_pem_private_key
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -21,7 +21,10 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.certificates.base import CertificateBase, CertificateError
+from provide.foundation.crypto.certificates.base import (
+    CertificateBase,
+    CertificateError,
+)
 
 
 def load_from_uri_or_pem(data: str) -> str:
@@ -53,30 +56,35 @@ def load_from_uri_or_pem(data: str) -> str:
 
 
 def load_certificate_from_pem(
-    cert_pem_or_uri: str, 
-    key_pem_or_uri: str | None = None
-) -> tuple[CertificateBase, "x509.Certificate", "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None", str, str | None]:
+    cert_pem_or_uri: str, key_pem_or_uri: str | None = None
+) -> tuple[
+    CertificateBase,
+    "x509.Certificate",
+    "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None",
+    str,
+    str | None,
+]:
     """
     Load a certificate and optionally its private key from PEM data or file URIs.
-    
+
     Returns:
         Tuple of (CertificateBase, X509Certificate, private_key, cert_pem, key_pem)
     """
     try:
         logger.debug("📜🔑🚀 Loading certificate from provided data")
         cert_data = load_from_uri_or_pem(cert_pem_or_uri)
-        
+
         logger.debug("📜🔑🔍 Loading X.509 certificate from PEM data")
         x509_cert = x509.load_pem_x509_certificate(cert_data.encode("utf-8"))
         logger.debug("📜🔑✅ X.509 certificate object loaded from PEM")
-        
+
         private_key = None
         key_data = None
-        
+
         if key_pem_or_uri:
             logger.debug("📜🔑🚀 Loading private key")
             key_data = load_from_uri_or_pem(key_pem_or_uri)
-            
+
             loaded_priv_key = load_pem_private_key(
                 key_data.encode("utf-8"), password=None
             )
@@ -90,7 +98,7 @@ def load_certificate_from_pem(
                 )
             private_key = loaded_priv_key
             logger.debug("📜🔑✅ Private key object loaded and type validated")
-        
+
         # Extract certificate details for CertificateBase
         loaded_not_valid_before = x509_cert.not_valid_before_utc
         loaded_not_valid_after = x509_cert.not_valid_after_utc
@@ -98,7 +106,7 @@ def load_certificate_from_pem(
             loaded_not_valid_before = loaded_not_valid_before.replace(tzinfo=UTC)
         if loaded_not_valid_after.tzinfo is None:
             loaded_not_valid_after = loaded_not_valid_after.replace(tzinfo=UTC)
-        
+
         cert_public_key = x509_cert.public_key()
         if not isinstance(
             cert_public_key, rsa.RSAPublicKey | ec.EllipticCurvePublicKey
@@ -107,7 +115,7 @@ def load_certificate_from_pem(
                 f"Certificate's public key is of unsupported type: {type(cert_public_key)}. "
                 "Expected RSA or ECDSA public key."
             )
-        
+
         base = CertificateBase(
             subject=x509_cert.subject,
             issuer=x509_cert.issuer,
@@ -117,9 +125,9 @@ def load_certificate_from_pem(
             serial_number=x509_cert.serial_number,
         )
         logger.debug("📜🔑✅ Reconstructed CertificateBase from loaded cert")
-        
+
         return base, x509_cert, private_key, cert_data, key_data
-        
+
     except Exception as e:
         logger.error(
             f"📜❌ Failed to load certificate. Error: {type(e).__name__}: {e}",
@@ -127,4 +135,4 @@ def load_certificate_from_pem(
         )
         raise CertificateError(
             f"Failed to initialize certificate. Original error: {type(e).__name__}"
-        ) from e
+        ) from e

provide/foundation/crypto/certificates/operations.py

@@ -24,13 +24,12 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.constants import (
-    DEFAULT_CERTIFICATE_CURVE,
-    DEFAULT_CERTIFICATE_KEY_TYPE,
-    DEFAULT_CERTIFICATE_VALIDITY_DAYS,
-    DEFAULT_RSA_KEY_SIZE,
+from provide.foundation.crypto.certificates.base import (
+    CertificateBase,
+    CertificateError,
+    KeyPair,
+    PublicKey,
 )
-from .base import CertificateBase, CertificateError, KeyPair, PublicKey
 
 
 def create_x509_certificate(
@@ -46,8 +45,12 @@ def create_x509_certificate(
     try:
         logger.debug("📜📝🚀 create_x509_certificate: Building certificate")
 
-        actual_issuer_name = issuer_name_override if issuer_name_override else base.issuer
-        actual_signing_key = signing_key_override if signing_key_override else private_key
+        actual_issuer_name = (
+            issuer_name_override if issuer_name_override else base.issuer
+        )
+        actual_signing_key = (
+            signing_key_override if signing_key_override else private_key
+        )
 
         if not actual_signing_key:
             raise CertificateError(
@@ -147,7 +150,11 @@ def create_x509_certificate(
         raise CertificateError("Failed to create X.509 certificate object") from e
 
 
-def validate_signature(signed_cert_obj: "X509Certificate", signing_cert_obj: "X509Certificate", signing_public_key: "PublicKey") -> bool:
+def validate_signature(
+    signed_cert_obj: "X509Certificate",
+    signing_cert_obj: "X509Certificate",
+    signing_public_key: "PublicKey",
+) -> bool:
     """Internal helper: Validates signature and issuer/subject match."""
     if signed_cert_obj.issuer != signing_cert_obj.subject:
         logger.debug(
@@ -195,4 +202,4 @@ def validate_signature(signed_cert_obj: "X509Certificate", signing_cert_obj: "X5
 
     except Exception as e:
         logger.debug(f"📜🔍❌ Signature validation failed: {type(e).__name__}: {e}")
-        return False
+        return False

provide/foundation/crypto/certificates/trust.py

@@ -1,9 +1,14 @@
 """Certificate trust chain and verification utilities."""
 
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from provide.foundation.crypto.certificates.certificate import Certificate
+
 try:
     from cryptography import x509
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -23,45 +28,41 @@ def verify_trust(
 ) -> bool:
     """
     Verifies if the other_cert is trusted based on this certificate's trust chain.
-    
+
     Args:
         cert: The certificate doing the verification
         other_cert: The certificate to verify
         trust_chain: List of trusted certificates
-        
+
     Returns:
         True if the certificate is trusted, False otherwise
     """
     if other_cert is None:
         raise CertificateError("Cannot verify trust: other_cert is None")
-    
+
     logger.debug(
         f"📜🔍🚀 Verifying trust for cert S/N {other_cert.serial_number} "
         f"against chain of S/N {cert.serial_number}"
     )
-    
+
     if not other_cert.is_valid:
-        logger.debug(
-            "📜🔍⚠️ Trust verification failed: Other certificate is not valid"
-        )
+        logger.debug("📜🔍⚠️ Trust verification failed: Other certificate is not valid")
         return False
     if not other_cert.public_key:
         raise CertificateError(
             "Cannot verify trust: Other certificate has no public key"
         )
-    
+
     if cert == other_cert:
         logger.debug(
             "📜🔍✅ Trust verified: Certificates are identical (based on subject/serial)"
         )
         return True
-    
+
     if other_cert in trust_chain:
-        logger.debug(
-            "📜🔍✅ Trust verified: Other certificate found in trust chain"
-        )
+        logger.debug("📜🔍✅ Trust verified: Other certificate found in trust chain")
         return True
-    
+
     for trusted_cert in trust_chain:
         logger.debug(
             f"📜🔍🔁 Checking signature against trusted cert S/N {trusted_cert.serial_number}"
@@ -74,7 +75,7 @@ def verify_trust(
                 f"{trusted_cert.serial_number}"
             )
             return True
-    
+
     logger.debug(
         "📜🔍❌ Trust verification failed: Other certificate not identical, "
         "not in chain, and not signed by any cert in chain"
@@ -83,16 +84,15 @@ def verify_trust(
 
 
 def validate_signature_wrapper(
-    signed_cert: "Certificate", 
-    signing_cert: "Certificate"
+    signed_cert: "Certificate", signing_cert: "Certificate"
 ) -> bool:
     """
     Internal helper: Validates signature and issuer/subject match.
-    
+
     Args:
         signed_cert: The certificate that was signed
         signing_cert: The certificate that did the signing
-        
+
     Returns:
         True if signature is valid, False otherwise
     """
@@ -101,7 +101,7 @@ def validate_signature_wrapper(
             "📜🔍❌ Cannot validate signature: Certificate object(s) not initialized"
         )
         return False
-    
+
     return validate_signature(
         signed_cert._cert, signing_cert._cert, signing_cert.public_key
-    )
+    )

provide/foundation/env/__init__.py

@@ -0,0 +1,28 @@
+"""
+Environment variable access utilities for Foundation.
+
+Provides consistent environment variable handling with validation,
+testing support, and integration with Foundation's configuration system.
+"""
+
+from provide.foundation.env.core import (
+    get_env,
+    get_env_bool,
+    get_env_float,
+    get_env_int,
+    get_env_list,
+    has_env,
+    set_env,
+    unset_env,
+)
+
+__all__ = [
+    "get_env",
+    "get_env_bool",
+    "get_env_float",
+    "get_env_int",
+    "get_env_list",
+    "has_env",
+    "set_env",
+    "unset_env",
+]