pythonPackages.certvalidator: init at 0.11.1

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>

pkgs/development/python-modules/certvalidator/default.nix

@@ -0,0 +1,34 @@
+{ lib, buildPythonPackage, fetchFromGitHub
+, asn1crypto, oscrypto
+, cacert
+}:
+
+buildPythonPackage rec {
+  pname = "certvalidator";
+  version = "0.11.1";
+
+  src = fetchFromGitHub {
+    owner = "wbond";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-yVF7t4FuU3C9fDg67JeM7LWZZh/mv5F4EKmjlO4AuBY=";
+  };
+
+  propagatedBuildInputs = [ asn1crypto oscrypto ];
+
+  checkInputs = [ cacert ];
+  checkPhase = ''
+    # Tests are run with a custom executor/loader
+    # The regex to skip specific tests relies on negative lookahead of regular expressions
+    # We're skipping the few tests that rely on the network, fetching CRLs, OCSP or remote certificates
+    python -c 'import dev.tests; dev.tests.run("^(?!.*test_(basic_certificate_validator_tls|fetch|revocation|build_path)).*$")'
+  '';
+  pythonImportsCheck = [ "certvalidator" ];
+
+  meta = with lib; {
+    homepage = "https://github.com/wbond/certvalidator";
+    description = "Validates X.509 certificates and paths";
+    license = licenses.mit;
+    maintainers = with maintainers; [ baloo ];
+  };
+}

pkgs/top-level/python-packages.nix

@@ -1244,6 +1244,8 @@ in {
 
   certipy = callPackage ../development/python-modules/certipy { };
 
+  certvalidator = callPackage ../development/python-modules/certvalidator { };
+
   cffi = callPackage ../development/python-modules/cffi { };
 
   cfgv = callPackage ../development/python-modules/cfgv { };