MatthiasValvekens / certomancer

Quickly construct, mock & deploy PKI test configurations using simple declarative configuration.
MIT License
27 stars 4 forks source link

Certomancer

logo

status PyPI version Python versions Code style: black

Quickly construct, mock & deploy PKI test configurations using simple declarative configuration. Includes CRL, OCSP and time stamping service provisioning.

Requires Python 3.7 or later.

Quick start

Certomancer is available on PyPI. See example.yml for an example config file.

$ pip install 'certomancer[web-api]'
$ certomancer --config example.yml animate

This will run the Certomancer Animator WSGI app on your local machine, behind a development web server. Point your browser to http://localhost:9000 and take a look around. For more information, see the documentation below.

Installing the development version

To build and install an (unreleased) development version, you can proceed as follows.

$ git clone https://github.com/MatthiasValvekens/certomancer
$ cd certomancer
$ python -m build
$ pip install dist/certomancer*.whl

Demo

There's a demo on asciinema.org, demonstrating some of the core features of Certomancer. See link below.

asciicast

FOSDEM '22 talk

I gave a lightning talk on testing & mocking PKI services in the Testing & Automation devroom at FOSDEM 2022. Certomancer was (of course) featured in the presentation. If you want to learn more, or watch the recording, have a look at the talk page for further info. Slides are included as well.

Features

Non-features

Certomancer is a testing tool for developers that write software to interface with public-key infrastructure. It is NOT intended to be used to manage production PKI deployments. Certomancer is very much garbage-in garbage-out, and happily ignores validation & security best practices in favour of allowing you to abuse your codebase in the worst possible ways. Consider yourself warned.

Documentation