wasat.trust

Trust models and certificate verification for Gemini connections.

FileTrustStore

FileTrustStore(filepath: str | Path)

Bases: TrustStore

A standard file-based TOFU (Trust On First Use) store.

Stores fingerprints in a simple text file format similar to known_hosts.

Parameters:

Name	Type	Description	Default
`filepath`	`str \| Path`	The path to the file storing fingerprints.	required

get_fingerprint `async`

get_fingerprint(host: str, port: int) -> str | None

Retrieve the stored fingerprint for a host/port.

Parameters:

Name	Type	Description	Default
`host`	`str`	The remote hostname.	required
`port`	`int`	The remote port.	required

Returns:

Type	Description
`str \| None`	The SHA-256 fingerprint string (hex) or None.

save `async`

save(host: str, port: int, cert_der: bytes) -> None

Save the peer certificate fingerprint to the store.

Parameters:

Name	Type	Description	Default
`host`	`str`	The remote hostname.	required
`port`	`int`	The remote port.	required
`cert_der`	`bytes`	The DER-encoded certificate.	required

verify `async`

verify(host: str, port: int, cert_der: bytes) -> bool

Verify the peer certificate against the stored fingerprint.

Parameters:

Name	Type	Description	Default
`host`	`str`	The remote hostname.	required
`port`	`int`	The remote port.	required
`cert_der`	`bytes`	The DER-encoded certificate.	required

Returns:

Type	Description
`bool`	True if the fingerprint matches the stored one, False otherwise.

TrustStore

Bases: Protocol

Protocol defining the interface for certificate fingerprint stores.

get_fingerprint `async`

get_fingerprint(host: str, port: int) -> str | None

Retrieve the stored fingerprint for a host/port, if any.

Parameters:

Name	Type	Description	Default
`host`	`str`	The remote hostname.	required
`port`	`int`	The remote port.	required

Returns:

Type	Description
`str \| None`	The SHA-256 fingerprint string (hex) or None.

save `async`

save(host: str, port: int, cert_der: bytes) -> None

Save a peer certificate fingerprint to the trust store.

Parameters:

Name	Type	Description	Default
`host`	`str`	The remote hostname.	required
`port`	`int`	The remote port.	required
`cert_der`	`bytes`	The DER-encoded certificate.	required

verify `async`

verify(host: str, port: int, cert_der: bytes) -> bool

Verify the peer certificate against the stored fingerprint.

Parameters:

Name	Type	Description	Default
`host`	`str`	The remote hostname.	required
`port`	`int`	The remote port.	required
`cert_der`	`bytes`	The DER-encoded certificate.	required

Returns:

Type	Description
`bool`	True if the certificate is trusted, False otherwise.

get_cert_fingerprint

get_cert_fingerprint(cert_der: bytes) -> str

Calculate the SHA-256 fingerprint of a DER-encoded certificate.

Parameters:

Name	Type	Description	Default
`cert_der`	`bytes`	The raw DER-encoded certificate bytes.	required

Returns:

Type	Description
`str`	The hex-encoded SHA-256 fingerprint.

wasat.trust

FileTrustStore

`filepath`

get_fingerprint `async`

`host`

`port`

save `async`

`host`

`port`

`cert_der`

verify `async`

`host`

`port`

`cert_der`

TrustStore

get_fingerprint `async`

`host`

`port`

save `async`

`host`

`port`

`cert_der`

verify `async`

`host`

`port`

`cert_der`

get_cert_fingerprint

`cert_der`

wasat.trust

FileTrustStore

filepath

get_fingerprint async

host

port

save async

host

port

cert_der

verify async

host

port

cert_der

TrustStore

get_fingerprint async

host

port

save async

host

port

cert_der

verify async

host

port

cert_der

get_cert_fingerprint

cert_der

`filepath`

get_fingerprint `async`

`host`

`port`

save `async`

`host`

`port`

`cert_der`

verify `async`

`host`

`port`

`cert_der`

get_fingerprint `async`

`host`

`port`

save `async`

`host`

`port`

`cert_der`

verify `async`

`host`

`port`

`cert_der`

`cert_der`