swarmauri_certs_azure 0.3.0.dev4__tar.gz

swarmauri_certs_azure-0.3.0.dev4/PKG-INFO

@@ -0,0 +1,39 @@
+Metadata-Version: 2.3
+Name: swarmauri_certs_azure
+Version: 0.3.0.dev4
+Summary: Azure Key Vault certificate utilities for the Swarmauri ecosystem
+License: Apache-2.0
+Author: Community
+Requires-Python: >=3.10,<3.13
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Provides-Extra: azure
+Provides-Extra: crypto
+Requires-Dist: asn1crypto
+Requires-Dist: asn1crypto ; extra == "crypto"
+Requires-Dist: azure-identity
+Requires-Dist: azure-identity ; extra == "azure"
+Requires-Dist: azure-keyvault-keys
+Requires-Dist: azure-keyvault-keys ; extra == "azure"
+Requires-Dist: cryptography
+Requires-Dist: cryptography ; extra == "crypto"
+Requires-Dist: swarmauri_base
+Requires-Dist: swarmauri_core
+Description-Content-Type: text/markdown
+
+# swarmauri_certs_azure
+
+Community-maintained utilities for working with X.509 certificates via Azure Key Vault.
+
+## Features
+- AzureKeyVaultCertService for issuing and managing certificates.
+- Helper utilities aligned with RFC 5280 and RFC 7468.
+
+## Testing
+Run tests with:
+```bash
+uv run --package swarmauri_certs_azure --directory community pytest
+```
+

swarmauri_certs_azure-0.3.0.dev4/README.md

@@ -0,0 +1,13 @@
+# swarmauri_certs_azure
+
+Community-maintained utilities for working with X.509 certificates via Azure Key Vault.
+
+## Features
+- AzureKeyVaultCertService for issuing and managing certificates.
+- Helper utilities aligned with RFC 5280 and RFC 7468.
+
+## Testing
+Run tests with:
+```bash
+uv run --package swarmauri_certs_azure --directory community pytest
+```

swarmauri_certs_azure-0.3.0.dev4/pyproject.toml

@@ -0,0 +1,68 @@
+[project]
+name = "swarmauri_certs_azure"
+version = "0.3.0.dev4"
+description = "Azure Key Vault certificate utilities for the Swarmauri ecosystem"
+license = "Apache-2.0"
+readme = "README.md"
+repository = "http://github.com/swarmauri/swarmauri-sdk"
+requires-python = ">=3.10,<3.13"
+classifiers = [
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+]
+authors = [{name = "Community"}]
+dependencies = [
+    "swarmauri_core",
+    "swarmauri_base",
+    "azure-identity",
+    "azure-keyvault-keys",
+    "cryptography",
+    "asn1crypto",
+]
+
+[project.optional-dependencies]
+azure = ["azure-identity", "azure-keyvault-keys"]
+crypto = ["cryptography", "asn1crypto"]
+
+[tool.uv.sources]
+swarmauri_core = { workspace = true }
+swarmauri_base = { workspace = true }
+
+[tool.pytest.ini_options]
+markers = [
+    "test: standard test",
+    "unit: Unit tests",
+    "i9n: Integration tests",
+    "r8n: Regression tests",
+    "timeout: mark test to timeout after X seconds",
+    "xpass: Expected passes",
+    "xfail: Expected failures",
+    "acceptance: Acceptance tests",
+    "perf: Performance tests that measure execution time and resource usage",
+]
+timeout = 300
+log_cli = true
+log_cli_level = "INFO"
+log_cli_format = "%(asctime)s [%(levelname)s] %(message)s"
+log_cli_date_format = "%Y-%m-%d %H:%M:%S"
+asyncio_default_fixture_loop_scope = "function"
+
+[dependency-groups]
+dev = [
+    "pytest>=8.0",
+    "pytest-asyncio>=0.24.0",
+    "pytest-xdist>=3.6.1",
+    "pytest-json-report>=1.5.0",
+    "python-dotenv",
+    "requests>=2.32.3",
+    "flake8>=7.0",
+    "pytest-timeout>=2.3.1",
+    "ruff>=0.9.9",
+    "pytest-benchmark>=4.0.0",
+]
+
+[build-system]
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"

swarmauri_certs_azure-0.3.0.dev4/swarmauri_certs_azure/certs/AzureKeyVaultCertService.py

@@ -0,0 +1,101 @@
+from __future__ import annotations
+
+import base64
+import datetime as dt
+import random
+from typing import Any, Dict, Iterable, Literal, Mapping, Optional
+
+from azure.identity import DefaultAzureCredential
+from azure.keyvault.keys import KeyClient
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.x509.oid import NameOID
+
+from swarmauri_base.certs.CertServiceBase import CertServiceBase
+from swarmauri_core.certs.ICertService import AltNameSpec, SubjectSpec
+from swarmauri_core.crypto.types import KeyRef
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+
+def _now_utc() -> dt.datetime:
+    """Return current UTC time."""
+    return dt.datetime.utcnow().replace(tzinfo=dt.timezone.utc)
+
+
+def _serial_or_random(serial: Optional[int]) -> int:
+    """Return provided serial number or a random 128-bit value per RFC 5280."""
+    if serial is not None:
+        return int(serial)
+    return random.SystemRandom().getrandbits(128)
+
+
+def _pem_cert(der_bytes: bytes) -> bytes:
+    """Encode DER certificate bytes into PEM as described in RFC 7468."""
+    b64 = base64.encodebytes(der_bytes).decode("ascii").replace("\n", "")
+    lines = [b64[i : i + 64] for i in range(0, len(b64), 64)]
+    return (
+        "-----BEGIN CERTIFICATE-----\n"
+        + "\n".join(lines)
+        + "\n-----END CERTIFICATE-----\n"
+    ).encode("ascii")
+
+
+def _to_x509_name(spec: SubjectSpec) -> x509.Name:
+    rdns = []
+    if cn := spec.get("CN"):
+        rdns.append(x509.NameAttribute(NameOID.COMMON_NAME, cn))
+    return x509.Name(rdns)
+
+
+# ---------------------------------------------------------------------------
+# Service
+# ---------------------------------------------------------------------------
+
+
+class AzureKeyVaultCertService(CertServiceBase):
+    """Minimal Azure Key Vault backed certificate service."""
+
+    type: Literal["AzureKeyVaultCertService"] = "AzureKeyVaultCertService"
+
+    def __init__(self, vault_url: str, *, credential: Optional[Any] = None) -> None:
+        super().__init__()
+        self._cred = credential or DefaultAzureCredential()
+        self._keys = KeyClient(vault_url=vault_url, credential=self._cred)
+
+    def supports(self) -> Mapping[str, Iterable[str]]:
+        return {
+            "key_algs": ("RSA-2048",),
+            "sig_algs": ("RSA-SHA256",),
+            "features": ("csr",),
+        }
+
+    async def create_csr(
+        self,
+        key: KeyRef,
+        subject: SubjectSpec,
+        *,
+        san: Optional[AltNameSpec] = None,
+        extensions: Optional[Dict[str, Any]] = None,
+        sig_alg: Optional[str] = None,
+        challenge_password: Optional[str] = None,
+        output_der: bool = False,
+        opts: Optional[Dict[str, Any]] = None,
+    ) -> bytes:
+        """Create a PKCS#10 CSR using the supplied key material."""
+        pem_priv = key.material
+        if not pem_priv:
+            raise NotImplementedError(
+                "Non-exportable keys are not supported in this simplified service."
+            )
+        subject_name = _to_x509_name(subject)
+        builder = x509.CertificateSigningRequestBuilder().subject_name(subject_name)
+        priv = serialization.load_pem_private_key(pem_priv, password=None)
+        csr = builder.sign(priv, hashes.SHA256())
+        encoding = (
+            serialization.Encoding.DER if output_der else serialization.Encoding.PEM
+        )
+        return csr.public_bytes(encoding)