Skip to content

KeyInfo Validator

certmonitor.validators.key_info.KeyInfoValidator

Bases: BaseCertValidator

A validator for checking the key information of an SSL certificate.

Attributes:

Name Type Description
name str

The name of the validator.

name class-attribute instance-attribute 

name: str = 'key_info'

validate 

validate(cert: Dict[str, Any], host: str, port: int) -> Dict[str, Any]

Validates the key information of the provided SSL certificate.

Parameters:

Name Type Description Default
cert dict

The SSL certificate.

 required
host str

The hostname (not used in this validator).

 required
port int

The port number (not used in this validator).

 required

Returns:

Name Type Description
dict Dict[str, Any]

A dictionary containing the validation results, including key type, key size, whether the key is considered strong enough, and curve information if applicable.

Examples:

Example output (success): This example shows a certificate with a strong RSA 2048-bit key, so validation passes and no warnings are present.

```json
{
    "key_type": "rsaEncryption",
    "key_size": 2048,
    "is_valid": true,
    "curve": null
}
```

Example output (failure): This example shows a certificate with a weak 512-bit key, so validation fails and a warning is included.

```json
{
    "key_type": "rsaEncryption",
    "key_size": 512,
    "is_valid": false,
    "curve": null,
    "warnings": [
        "Key size 512 is considered weak."
    ]
}
```
Source code in certmonitor/validators/key_info.py 
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
def validate(self, cert: Dict[str, Any], host: str, port: int) -> Dict[str, Any]:
    """
    Validates the key information of the provided SSL certificate.

    Args:
        cert (dict): The SSL certificate.
        host (str): The hostname (not used in this validator).
        port (int): The port number (not used in this validator).

    Returns:
        dict: A dictionary containing the validation results, including key type, key size,
              whether the key is considered strong enough, and curve information if applicable.

    Examples:
        Example output (success):
            This example shows a certificate with a strong RSA 2048-bit key, so validation passes and no warnings are present.

            ```json
            {
                "key_type": "rsaEncryption",
                "key_size": 2048,
                "is_valid": true,
                "curve": null
            }
            ```

        Example output (failure):
            This example shows a certificate with a weak 512-bit key, so validation fails and a warning is included.

            ```json
            {
                "key_type": "rsaEncryption",
                "key_size": 512,
                "is_valid": false,
                "curve": null,
                "warnings": [
                    "Key size 512 is considered weak."
                ]
            }
            ```
    """
    public_key_info = cert.get("public_key_info", {})
    if not public_key_info:
        return {
            "error": "Unable to extract public key information",
            "is_valid": False,
        }

    key_type = public_key_info.get("algorithm", "Unknown")
    key_size = public_key_info.get("size")
    curve = public_key_info.get("curve")

    result = {
        "key_type": key_type,
        "key_size": key_size,
        "is_valid": self._is_key_strong_enough(key_type, key_size, curve),
    }

    if curve:
        result["curve"] = curve

    return result