Metadata-Version: 2.4
Name: cert-piper
Version: 0.1.0
Summary: Display X.509 certificate information from piped input
Author: tkdpython
License: MIT License
        
        Copyright (c) 2026 tkdpython
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/tkdpython/cert-piper
Project-URL: Repository, https://github.com/tkdpython/cert-piper
Project-URL: Issues, https://github.com/tkdpython/cert-piper/issues
Keywords: certificates,tls,x509,pem,security,pipe,cli
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Utilities
Requires-Python: >=3.7
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography>=2.8
Requires-Dist: rich>=10.0
Provides-Extra: dev
Requires-Dist: pytest>=6.0; extra == "dev"
Requires-Dist: pytest-cov>=2.0; extra == "dev"
Dynamic: license-file

# cert-piper

A command-line tool for displaying X.509 certificate information from piped input.

Pipe any PEM certificate file (or a base64-encoded certificate) into `cert-piper` and get a rich, colour-coded summary of every certificate in the stream — including validity, key details, SANs, fingerprints, and more.

---

## Features

- **Pipe-friendly** — reads from stdin, works naturally with `cat`, `curl`, `openssl`, etc.
- **Batch support** — handles PEM bundles with multiple certificates in a single stream
- **Base64 detection** — automatically detects and decodes base64-encoded PEM or DER input
- **Rich output** — colour-coded expiry status, structured sections, emojis
- **`--paging` option** — scroll through long output with a built-in pager
- **Semver versioning** — published to PyPI from git tags via GitHub Actions

---

## Installation

```bash
pip install cert-piper
```

Or install from source:

```bash
git clone https://github.com/tkdpython/cert-piper.git
cd cert-piper
pip install -e .
```

---

## Usage

```bash
# Single certificate
cat mycert.pem | cert-piper

# Run as a Python module
cat mycert.pem | python3 -m cert_piper

# PEM bundle (multiple certificates in one file)
cat bundle.pem | cert-piper

# Base64-encoded certificate (auto-detected and decoded)
cat encoded.b64 | cert-piper

# Paged output for large bundles
cat bundle.pem | cert-piper --paging

# Fetch a remote certificate via openssl
openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | cert-piper

# Show version
cert-piper --version
```

---

## What It Shows

For each certificate in the stream:

| Section | Details |
|---|---|
| **Subject** | Common Name, Organisation, Country, etc. |
| **Issuer** | Same fields as Subject |
| **Validity** | Not Before / Not After, days remaining, expiry status (🟢 valid / 🟡 expiring / 🔴 expired) |
| **Public Key** | Algorithm (RSA / EC / Ed25519 / …), key size, signature algorithm |
| **SANs** | DNS names, IP addresses, email addresses, URIs |
| **Key Usage** | Key Usage and Extended Key Usage flags |
| **OCSP / Revocation** | OCSP URLs, CA Issuers URLs, CRL Distribution Points, OCSP Must-Staple |
| **Fingerprints** | SHA-256 and SHA-1 |
| **Additional Details** | Serial number, self-signed status, CA flag, path length, Subject/Authority Key IDs |

---

## Base64 Detection

If no PEM `-----BEGIN CERTIFICATE-----` headers are found in the input, `cert-piper` will automatically attempt to base64-decode the input and retry. This handles:

- PEM data that has been base64-encoded (e.g. copied from a Kubernetes secret)
- Raw DER certificate bytes that have been base64-encoded

When base64 decoding is applied a notice is printed:

```
(base64-encoded input detected and decoded)
```

---

## Publishing

Releases are published to [PyPI](https://pypi.org/project/cert-piper/) automatically when a semver git tag is pushed:

```bash
git tag v1.0.0
git push origin v1.0.0
```

The version is derived from the git tag via `setuptools-scm`.
