provide-foundation 0.0.0.dev2__py3-none-any.whl → 0.0.0.dev3__py3-none-any.whl

provide/foundation/context/core.py

@@ -2,17 +2,15 @@
 
 import copy
 import json
-import os
 from pathlib import Path
 from typing import Any
 
 from attrs import define, field, fields, validators
 
-from provide.foundation.config.env import RuntimeConfig
-from provide.foundation.config.base import field as config_field, ConfigSource
+from provide.foundation.config.base import ConfigSource, field as config_field
 from provide.foundation.config.converters import parse_bool_strict
+from provide.foundation.config.env import RuntimeConfig
 from provide.foundation.logger import get_logger
-from provide.foundation.logger.config import TelemetryConfig
 
 try:
     import tomli as tomllib
@@ -46,53 +44,53 @@ class CLIContext(RuntimeConfig):
         env_var="PROVIDE_LOG_LEVEL",
         converter=str.upper,
         validator=validators.in_(VALID_LOG_LEVELS),
-        description="Logging level for CLI output"
+        description="Logging level for CLI output",
     )
     profile: str = config_field(
         default="default",
         env_var="PROVIDE_PROFILE",
-        description="Configuration profile to use"
+        description="Configuration profile to use",
     )
     debug: bool = config_field(
         default=False,
         env_var="PROVIDE_DEBUG",
         converter=parse_bool_strict,
-        description="Enable debug mode"
+        description="Enable debug mode",
     )
     json_output: bool = config_field(
         default=False,
         env_var="PROVIDE_JSON_OUTPUT",
         converter=parse_bool_strict,
-        description="Output in JSON format"
+        description="Output in JSON format",
     )
     config_file: Path | None = config_field(
         default=None,
         env_var="PROVIDE_CONFIG_FILE",
         converter=lambda x: Path(x) if x else None,
-        description="Path to configuration file"
+        description="Path to configuration file",
     )
     log_file: Path | None = config_field(
         default=None,
         env_var="PROVIDE_LOG_FILE",
         converter=lambda x: Path(x) if x else None,
-        description="Path to log file"
+        description="Path to log file",
     )
     log_format: str = config_field(
         default="key_value",
         env_var="PROVIDE_LOG_FORMAT",
-        description="Log output format (key_value or json)"
+        description="Log output format (key_value or json)",
     )
     no_color: bool = config_field(
         default=False,
         env_var="NO_COLOR",
         converter=parse_bool_strict,
-        description="Disable colored output"
+        description="Disable colored output",
     )
     no_emoji: bool = config_field(
         default=False,
         env_var="PROVIDE_NO_EMOJI",
         converter=parse_bool_strict,
-        description="Disable emoji in output"
+        description="Disable emoji in output",
     )
 
     # Private fields - using Factory for mutable defaults
@@ -116,13 +114,13 @@ class CLIContext(RuntimeConfig):
         # Create default instance and environment instance
         default_ctx = self.__class__()  # All defaults
         env_ctx = self.from_env(prefix=prefix)  # Environment + defaults
-        
+
         # Only update fields where environment differs from default
         for attr in fields(self.__class__):
             if not attr.name.startswith("_"):  # Skip private fields
                 default_value = getattr(default_ctx, attr.name)
                 env_value = getattr(env_ctx, attr.name)
-                
+
                 # If environment value differs from default, it came from env
                 if env_value != default_value:
                     setattr(self, attr.name, env_value)
@@ -142,7 +140,9 @@ class CLIContext(RuntimeConfig):
         }
 
     @classmethod
-    def from_dict(cls, data: dict[str, Any], source: ConfigSource = ConfigSource.RUNTIME) -> "CLIContext":
+    def from_dict(
+        cls, data: dict[str, Any], source: ConfigSource = ConfigSource.RUNTIME
+    ) -> "CLIContext":
         """
         Create context from dictionary.
 
@@ -265,7 +265,9 @@ class CLIContext(RuntimeConfig):
 
         path.write_text(content)
 
-    def merge(self, other: "CLIContext", override_defaults: bool = False) -> "CLIContext":
+    def merge(
+        self, other: "CLIContext", override_defaults: bool = False
+    ) -> "CLIContext":
         """
         Merge with another context, with other taking precedence.
 

provide/foundation/crypto/certificates/__init__.py

@@ -2,6 +2,7 @@
 
 # Import from submodules using absolute imports
 from provide.foundation.crypto.certificates.base import (
+    _HAS_CRYPTO,
     CertificateBase,
     CertificateConfig,
     CertificateError,
@@ -9,7 +10,6 @@ from provide.foundation.crypto.certificates.base import (
     KeyPair,
     KeyType,
     PublicKey,
-    _HAS_CRYPTO,
     _require_crypto,
 )
 from provide.foundation.crypto.certificates.certificate import Certificate
@@ -21,14 +21,18 @@ from provide.foundation.crypto.certificates.operations import (
 
 # Re-export public types - maintaining exact same API
 __all__ = [
+    "_HAS_CRYPTO",  # For testing
     "Certificate",
     "CertificateBase",
     "CertificateConfig",
     "CertificateError",
     "CurveType",
+    "KeyPair",
     "KeyType",
-    "create_self_signed",
-    "create_ca",
-    "_HAS_CRYPTO",  # For testing
+    "PublicKey",
     "_require_crypto",  # For testing
-]
+    "create_ca",
+    "create_self_signed",
+    "create_x509_certificate",
+    "validate_signature",
+]

provide/foundation/crypto/certificates/base.py

@@ -5,7 +5,7 @@ from enum import StrEnum, auto
 import traceback
 from typing import NotRequired, Self, TypeAlias, TypedDict
 
-from attrs import define, field
+from attrs import define
 
 try:
     from cryptography import x509
@@ -170,4 +170,4 @@ class CertificateBase:
                 x509.NameAttribute(NameOID.COMMON_NAME, common_name),
                 x509.NameAttribute(NameOID.ORGANIZATION_NAME, org),
             ]
-        )
+        )

provide/foundation/crypto/certificates/certificate.py

@@ -11,7 +11,7 @@ try:
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
     from cryptography.x509 import Certificate as X509Certificate
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -22,11 +22,17 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.certificates.base import CertificateBase, CertificateError, PublicKey
+from provide.foundation.crypto.certificates.base import (
+    CertificateBase,
+    CertificateError,
+    PublicKey,
+)
 from provide.foundation.crypto.certificates.generator import generate_certificate
 from provide.foundation.crypto.certificates.loader import load_certificate_from_pem
 from provide.foundation.crypto.certificates.operations import create_x509_certificate
-from provide.foundation.crypto.certificates.trust import verify_trust as verify_trust_impl
+from provide.foundation.crypto.certificates.trust import (
+    verify_trust as verify_trust_impl,
+)
 from provide.foundation.crypto.constants import (
     DEFAULT_CERTIFICATE_CURVE,
     DEFAULT_CERTIFICATE_KEY_TYPE,
@@ -83,13 +89,10 @@ class Certificate:
         else:
             # Load existing certificate
             if not self.cert_pem_or_uri:
-                raise CertificateError(
-                    "cert_pem_or_uri required when not generating"
-                )
-            
+                raise CertificateError("cert_pem_or_uri required when not generating")
+
             base, x509_cert, private_key, cert_pem, key_pem = load_certificate_from_pem(
-                self.cert_pem_or_uri,
-                self.key_pem_or_uri
+                self.cert_pem_or_uri, self.key_pem_or_uri
             )
             self._base = base
             self._cert = x509_cert
@@ -174,9 +177,14 @@ class Certificate:
     ) -> "Certificate":
         """Creates a new self-signed CA certificate."""
         from provide.foundation.crypto.certificates.factory import create_ca_certificate
+
         return create_ca_certificate(
-            common_name, organization_name, validity_days, 
-            key_type, key_size, ecdsa_curve
+            common_name,
+            organization_name,
+            validity_days,
+            key_type,
+            key_size,
+            ecdsa_curve,
         )
 
     @classmethod
@@ -193,10 +201,20 @@ class Certificate:
         is_client_cert: bool = False,
     ) -> "Certificate":
         """Creates a new certificate signed by the provided CA certificate."""
-        from provide.foundation.crypto.certificates.factory import create_signed_certificate
+        from provide.foundation.crypto.certificates.factory import (
+            create_signed_certificate,
+        )
+
         return create_signed_certificate(
-            ca_certificate, common_name, organization_name, validity_days,
-            alt_names, key_type, key_size, ecdsa_curve, is_client_cert
+            ca_certificate,
+            common_name,
+            organization_name,
+            validity_days,
+            alt_names,
+            key_type,
+            key_size,
+            ecdsa_curve,
+            is_client_cert,
         )
 
     @classmethod
@@ -211,10 +229,18 @@ class Certificate:
         ecdsa_curve: str = DEFAULT_CERTIFICATE_CURVE,
     ) -> "Certificate":
         """Creates a new self-signed end-entity certificate suitable for a server."""
-        from provide.foundation.crypto.certificates.factory import create_self_signed_server_cert
+        from provide.foundation.crypto.certificates.factory import (
+            create_self_signed_server_cert,
+        )
+
         return create_self_signed_server_cert(
-            common_name, organization_name, validity_days,
-            alt_names, key_type, key_size, ecdsa_curve
+            common_name,
+            organization_name,
+            validity_days,
+            alt_names,
+            key_type,
+            key_size,
+            ecdsa_curve,
         )
 
     def verify_trust(self, other_cert: Self) -> bool:
@@ -243,7 +269,10 @@ class Certificate:
         self, signed_cert: "Certificate", signing_cert: "Certificate"
     ) -> bool:
         """Internal helper: Validates signature and issuer/subject match."""
-        from provide.foundation.crypto.certificates.trust import validate_signature_wrapper
+        from provide.foundation.crypto.certificates.trust import (
+            validate_signature_wrapper,
+        )
+
         return validate_signature_wrapper(signed_cert, signing_cert)
 
     def __eq__(self, other: object) -> bool:
@@ -287,4 +316,4 @@ class Certificate:
 
 
 # Type alias for backwards compatibility
-KeyPair = rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None
+KeyPair = rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None

provide/foundation/crypto/certificates/factory.py

@@ -1,9 +1,14 @@
 """Certificate factory methods."""
 
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from provide.foundation.crypto.certificates.certificate import Certificate
+
 try:
     from cryptography import x509
     from cryptography.hazmat.primitives import serialization
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -11,7 +16,10 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.certificates.base import CertificateError, _require_crypto
+from provide.foundation.crypto.certificates.base import (
+    CertificateError,
+    _require_crypto,
+)
 from provide.foundation.crypto.certificates.operations import create_x509_certificate
 from provide.foundation.crypto.constants import (
     DEFAULT_CERTIFICATE_CURVE,
@@ -32,7 +40,7 @@ def create_ca_certificate(
     """Creates a new self-signed CA certificate."""
     # Import here to avoid circular dependency
     from provide.foundation.crypto.certificates.certificate import Certificate
-    
+
     logger.info(
         f"📜🔑🏭 Creating new CA certificate: CN={common_name}, Org={organization_name}"
     )
@@ -76,7 +84,7 @@ def create_signed_certificate(
     """Creates a new certificate signed by the provided CA certificate."""
     # Import here to avoid circular dependency
     from provide.foundation.crypto.certificates.certificate import Certificate
-    
+
     logger.info(
         f"📜🔑🏭 Creating new certificate signed by CA '{ca_certificate.subject}': "
         f"CN={common_name}, Org={organization_name}, ClientCert={is_client_cert}"
@@ -91,7 +99,7 @@ def create_signed_certificate(
             f"📜🔑⚠️ Signing certificate (Subject: {ca_certificate.subject}) "
             "is not marked as a CA. This might lead to validation issues."
         )
-    
+
     new_cert_obj = Certificate(
         generate_keypair=True,
         common_name=common_name,
@@ -102,7 +110,7 @@ def create_signed_certificate(
         key_size=key_size,
         ecdsa_curve=ecdsa_curve,
     )
-    
+
     signed_x509_cert = create_x509_certificate(
         base=new_cert_obj._base,
         private_key=new_cert_obj._private_key,
@@ -112,12 +120,12 @@ def create_signed_certificate(
         is_ca=False,
         is_client_cert=is_client_cert,
     )
-    
+
     new_cert_obj._cert = signed_x509_cert
     new_cert_obj.cert = signed_x509_cert.public_bytes(
         serialization.Encoding.PEM
     ).decode("utf-8")
-    
+
     logger.info(
         f"📜🔑✅ Successfully created and signed certificate for "
         f"CN={common_name} by CA='{ca_certificate.subject}'"
@@ -137,12 +145,12 @@ def create_self_signed_server_cert(
     """Creates a new self-signed end-entity certificate suitable for a server."""
     # Import here to avoid circular dependency
     from provide.foundation.crypto.certificates.certificate import Certificate
-    
+
     logger.info(
         f"📜🔑🏭 Creating new self-signed SERVER certificate: "
         f"CN={common_name}, Org={organization_name}"
     )
-    
+
     cert_obj = Certificate(
         generate_keypair=True,
         common_name=common_name,
@@ -153,12 +161,12 @@ def create_self_signed_server_cert(
         key_size=key_size,
         ecdsa_curve=ecdsa_curve,
     )
-    
+
     if not cert_obj._private_key:
         raise CertificateError(
             "Private key not generated for self-signed server certificate"
         )
-    
+
     actual_x509_cert = create_x509_certificate(
         base=cert_obj._base,
         private_key=cert_obj._private_key,
@@ -166,12 +174,12 @@ def create_self_signed_server_cert(
         is_ca=False,
         is_client_cert=False,
     )
-    
+
     cert_obj._cert = actual_x509_cert
-    cert_obj.cert = actual_x509_cert.public_bytes(
-        serialization.Encoding.PEM
-    ).decode("utf-8")
-    
+    cert_obj.cert = actual_x509_cert.public_bytes(serialization.Encoding.PEM).decode(
+        "utf-8"
+    )
+
     logger.info(
         f"📜🔑✅ Successfully created self-signed SERVER certificate for CN={common_name}"
     )
@@ -210,4 +218,4 @@ def create_ca(
         organization_name=organization,
         validity_days=validity_days,
         key_type=key_type,
-    )
+    )

provide/foundation/crypto/certificates/generator.py

@@ -7,7 +7,7 @@ try:
     from cryptography import x509
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -28,7 +28,6 @@ from provide.foundation.crypto.certificates.operations import create_x509_certif
 from provide.foundation.crypto.constants import (
     DEFAULT_CERTIFICATE_CURVE,
     DEFAULT_CERTIFICATE_KEY_TYPE,
-    DEFAULT_CERTIFICATE_VALIDITY_DAYS,
     DEFAULT_RSA_KEY_SIZE,
 )
 
@@ -43,20 +42,26 @@ def generate_certificate(
     alt_names: list[str] | None = None,
     is_ca: bool = False,
     is_client_cert: bool = False,
-) -> tuple[CertificateBase, "x509.Certificate", "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey", str, str]:
+) -> tuple[
+    CertificateBase,
+    "x509.Certificate",
+    "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey",
+    str,
+    str,
+]:
     """
     Generate a new certificate with a keypair.
-    
+
     Returns:
         Tuple of (CertificateBase, X509Certificate, private_key, cert_pem, key_pem)
     """
     try:
         logger.debug("📜🔑🚀 Generating new keypair")
-        
+
         now = datetime.now(UTC)
         not_valid_before = now - timedelta(days=1)
         not_valid_after = now + timedelta(days=validity_days)
-        
+
         # Parse key type
         normalized_key_type_str = key_type.lower()
         match normalized_key_type_str:
@@ -69,21 +74,19 @@ def generate_certificate(
                     f"Unsupported key_type string: '{key_type}'. "
                     "Must be 'rsa' or 'ecdsa'."
                 )
-        
+
         # Configure key parameters
         gen_curve: CurveType | None = None
         gen_key_size = None
-        
+
         if gen_key_type == KeyType.ECDSA:
             try:
                 gen_curve = CurveType[ecdsa_curve.upper()]
             except KeyError as e_curve:
-                raise ValueError(
-                    f"Unsupported ECDSA curve: {ecdsa_curve}"
-                ) from e_curve
+                raise ValueError(f"Unsupported ECDSA curve: {ecdsa_curve}") from e_curve
         else:  # RSA
             gen_key_size = key_size
-        
+
         # Build configuration
         conf: CertificateConfig = {
             "common_name": common_name,
@@ -98,10 +101,10 @@ def generate_certificate(
         if gen_key_size is not None:
             conf["key_size"] = gen_key_size
         logger.debug(f"📜🔑🚀 Generation config: {conf}")
-        
+
         # Generate base certificate and private key
         base, private_key = CertificateBase.create(conf)
-        
+
         # Create X.509 certificate
         x509_cert = create_x509_certificate(
             base=base,
@@ -110,12 +113,10 @@ def generate_certificate(
             is_ca=is_ca,
             is_client_cert=is_client_cert,
         )
-        
+
         if x509_cert is None:
-            raise CertificateError(
-                "Certificate object (_cert) is None after creation"
-            )
-        
+            raise CertificateError("Certificate object (_cert) is None after creation")
+
         # Convert to PEM format
         cert_pem = x509_cert.public_bytes(serialization.Encoding.PEM).decode("utf-8")
         key_pem = private_key.private_bytes(
@@ -123,11 +124,11 @@ def generate_certificate(
             format=serialization.PrivateFormat.PKCS8,
             encryption_algorithm=serialization.NoEncryption(),
         ).decode("utf-8")
-        
+
         logger.debug("📜🔑✅ Generated cert and key")
-        
+
         return base, x509_cert, private_key, cert_pem, key_pem
-        
+
     except Exception as e:
         logger.error(
             f"📜❌ Failed to generate certificate. Error: {type(e).__name__}: {e}",
@@ -135,4 +136,4 @@ def generate_certificate(
         )
         raise CertificateError(
             f"Failed to initialize certificate. Original error: {type(e).__name__}"
-        ) from e
+        ) from e

provide/foundation/crypto/certificates/loader.py

@@ -10,7 +10,7 @@ try:
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import ec, rsa
     from cryptography.hazmat.primitives.serialization import load_pem_private_key
-    
+
     _HAS_CRYPTO = True
 except ImportError:
     x509 = None
@@ -21,7 +21,10 @@ except ImportError:
     _HAS_CRYPTO = False
 
 from provide.foundation import logger
-from provide.foundation.crypto.certificates.base import CertificateBase, CertificateError
+from provide.foundation.crypto.certificates.base import (
+    CertificateBase,
+    CertificateError,
+)
 
 
 def load_from_uri_or_pem(data: str) -> str:
@@ -53,30 +56,35 @@ def load_from_uri_or_pem(data: str) -> str:
 
 
 def load_certificate_from_pem(
-    cert_pem_or_uri: str, 
-    key_pem_or_uri: str | None = None
-) -> tuple[CertificateBase, "x509.Certificate", "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None", str, str | None]:
+    cert_pem_or_uri: str, key_pem_or_uri: str | None = None
+) -> tuple[
+    CertificateBase,
+    "x509.Certificate",
+    "rsa.RSAPrivateKey | ec.EllipticCurvePrivateKey | None",
+    str,
+    str | None,
+]:
     """
     Load a certificate and optionally its private key from PEM data or file URIs.
-    
+
     Returns:
         Tuple of (CertificateBase, X509Certificate, private_key, cert_pem, key_pem)
     """
     try:
         logger.debug("📜🔑🚀 Loading certificate from provided data")
         cert_data = load_from_uri_or_pem(cert_pem_or_uri)
-        
+
         logger.debug("📜🔑🔍 Loading X.509 certificate from PEM data")
         x509_cert = x509.load_pem_x509_certificate(cert_data.encode("utf-8"))
         logger.debug("📜🔑✅ X.509 certificate object loaded from PEM")
-        
+
         private_key = None
         key_data = None
-        
+
         if key_pem_or_uri:
             logger.debug("📜🔑🚀 Loading private key")
             key_data = load_from_uri_or_pem(key_pem_or_uri)
-            
+
             loaded_priv_key = load_pem_private_key(
                 key_data.encode("utf-8"), password=None
             )
@@ -90,7 +98,7 @@ def load_certificate_from_pem(
                 )
             private_key = loaded_priv_key
             logger.debug("📜🔑✅ Private key object loaded and type validated")
-        
+
         # Extract certificate details for CertificateBase
         loaded_not_valid_before = x509_cert.not_valid_before_utc
         loaded_not_valid_after = x509_cert.not_valid_after_utc
@@ -98,7 +106,7 @@ def load_certificate_from_pem(
             loaded_not_valid_before = loaded_not_valid_before.replace(tzinfo=UTC)
         if loaded_not_valid_after.tzinfo is None:
             loaded_not_valid_after = loaded_not_valid_after.replace(tzinfo=UTC)
-        
+
         cert_public_key = x509_cert.public_key()
         if not isinstance(
             cert_public_key, rsa.RSAPublicKey | ec.EllipticCurvePublicKey
@@ -107,7 +115,7 @@ def load_certificate_from_pem(
                 f"Certificate's public key is of unsupported type: {type(cert_public_key)}. "
                 "Expected RSA or ECDSA public key."
             )
-        
+
         base = CertificateBase(
             subject=x509_cert.subject,
             issuer=x509_cert.issuer,
@@ -117,9 +125,9 @@ def load_certificate_from_pem(
             serial_number=x509_cert.serial_number,
         )
         logger.debug("📜🔑✅ Reconstructed CertificateBase from loaded cert")
-        
+
         return base, x509_cert, private_key, cert_data, key_data
-        
+
     except Exception as e:
         logger.error(
             f"📜❌ Failed to load certificate. Error: {type(e).__name__}: {e}",
@@ -127,4 +135,4 @@ def load_certificate_from_pem(
         )
         raise CertificateError(
             f"Failed to initialize certificate. Original error: {type(e).__name__}"
-        ) from e
+        ) from e