management.forms

Forms definition.

Classes

SecurityConfigForm	Security configuration model form.
BackupOptionsForm	Form for editing BackupOptions settings.
IPv4AddressForm	A form for selecting and updating an IPv4 address.
TlsAddFileImportPkcs12Form	Form for importing an TLS-Server Credential using a PKCS#12 file.
TlsAddFileImportSeparateFilesForm	Form for importing a TLS-Server Credential using separate files.
KeyStorageConfigForm	Form for configuring cryptographic material storage options.
PKCS11ConfigForm	Form for configuring PKCS#11 settings including HSM PIN and token information.

Module Contents

class management.forms.SecurityConfigForm(*args, **kwargs)

Bases: django.forms.ModelForm[management.models.SecurityConfig]

Security configuration model form.

Parameters:

• args (Any)

• kwargs (Any)

FEATURE_TO_FIELDS: ClassVar[dict[type[management.security.features.SecurityFeature], list[str]]]

helper

security_mode

auto_gen_pki

auto_gen_pki_key_algorithm

class Meta

Meta configuration for SecurityConfigForm.

model

fields: ClassVar[list[str]] = ['security_mode', 'auto_gen_pki', 'auto_gen_pki_key_algorithm']

clean_auto_gen_pki_key_algorithm()

Keep the current value of auto_gen_pki_key_algorithm from the instance if the field was disabled.

Return type:

pki.util.keys.AutoGenPkiKeyAlgorithm

class management.forms.BackupOptionsForm

Bases: django.forms.ModelForm[management.models.BackupOptions]

Form for editing BackupOptions settings.

class Meta

ModelForm Meta configuration for BackupOptions.

model

fields: ClassVar[list[str]] = ['enable_sftp_storage', 'host', 'port', 'user', 'auth_method', 'password', 'private_key',...

widgets: ClassVar[dict[str, Any]]

clean()

Validate required fields based on selected authentication method.

Return type:

dict[str, Any]

_validate_sftp_fields(cleaned)

Validate required fields for SFTP storage.

Parameters:

cleaned (dict[str, Any])

Return type:

None

_validate_authentication_fields(cleaned, auth)

Validate fields based on the selected authentication method.

Parameters:

• cleaned (dict[str, Any])

• auth (Any)

Return type:

None

_validate_password_authentication(pwd, key, cleaned)

Validate fields for password authentication.

Parameters:

• pwd (str)

• key (str)

• cleaned (dict[str, Any])

Return type:

None

_validate_ssh_key_authentication(pwd, key)

Validate fields for SSH key authentication.

Parameters:

• pwd (str)

• key (str)

Return type:

None

class management.forms.IPv4AddressForm(*args, **kwargs)

Bases: django.forms.Form

A form for selecting and updating an IPv4 address.

This form provides an interface for selecting an IPv4 address from a list of Subject Alternative Names (SANs).

Parameters:

• args (Any)

• kwargs (Any)

ipv4_address

A choice field for selecting the IPv4 address.

ipv4_address

class management.forms.TlsAddFileImportPkcs12Form(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)

Bases: trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing an TLS-Server Credential using a PKCS#12 file.

This form allows the user to upload a PKCS#12 file containing the private key and certificate chain, along with an optional password. It validates the uploaded file and its contents.

pkcs12_file

The PKCS#12 file containing the private key and certificates.

Type:

FileField

pkcs12_password

An optional password for the PKCS#12 file.

Type:

CharField

pkcs12_file

pkcs12_password

domain_name

_raise_validation_error(message)

Raises a validation error with the given message.

Parameters:

message (str)

Return type:

None

_read_pkcs12_file(cleaned_data)

Read and extract data from PKCS#12 file.

Returns:

Tuple of (pkcs12_raw, pkcs12_password, domain_name)

Parameters:

cleaned_data (dict[str, Any])

Return type:

tuple[bytes, Any, Any]

_encode_password(pkcs12_password)

Encode PKCS#12 password if provided.

Returns:

Encoded password bytes or None if no password provided

Parameters:

pkcs12_password (Any)

Return type:

bytes | None

_parse_and_save_credential(pkcs12_raw, pkcs12_password, domain_name)

Parse PKCS#12 data and save credential.

Parameters:

• pkcs12_raw (bytes)

• pkcs12_password (bytes | None)

• domain_name (Any)

Return type:

None

clean()

Cleans and validates the entire form.

This method performs additional validation on the cleaned data to ensure all required fields are valid and consistent. It checks the uploaded PKCS#12 file and its password (if provided). Any issues during validation raise appropriate errors.

Raises:

• ValidationError – If the data is invalid, such as when the unique name

• is already taken or the PKCS#12 file cannot be read or parsed. –

Return type:

None

get_saved_credential()

Return the saved credential.

Return type:

pki.models.CredentialModel

class management.forms.TlsAddFileImportSeparateFilesForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)

Bases: trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing a TLS-Server Credential using separate files.

This form allows the user to upload a private key file, its password (optional), an TLS certificate file, and an optional certificate chain. The form validates the uploaded files, ensuring they are correctly formatted, within size limits, and not already associated with an existing Issuing CA.

private_key_file

The private key file (.key, .pem).

Type:

FileField

private_key_file_password

An optional password for the private key.

Type:

CharField

tls_certificate

The Issuing CA certificate file (.cer, .der, .pem, .p7b, .p7c).

Type:

FileField

tls_certificate_chain

An optional certificate chain file.

Type:

FileField

tls_certificate

tls_certificate_chain

private_key_file

private_key_file_password

domain_name

clean_private_key_file()

Validates the uploaded private key file.

This method checks if the private key file is provided and ensures it meets size constraints. The actual parsing happens in clean() where the password is available.

Returns:

The raw bytes of the private key file.

Return type:

bytes

Raises:

ValidationError – If the private key file is missing or too large.

clean_tls_certificate()

Validates and parses the uploaded TLS certificate file.

This method ensures the provided TLS certificate file is valid and not already associated with an existing TLS in the database. If the file is too large, corrupted, or already in use, a validation error is raised.

Returns:

A serializer containing the parsed certificate.

Return type:

CertificateSerializer

Raises:

• ValidationError – If the file is missing, too large, corrupted, or already

• associated with an existing TLS. –

clean_tls_certificate_chain()

Validates and parses the uploaded TLS certificate chain file.

Return type:

None | trustpoint_core.serializer.CertificateCollectionSerializer

_raise_validation_error(message)

Raises a validation error with the given message.

Parameters:

message (str)

Return type:

None

_encode_private_key_password(private_key_password)

Encode private key password if provided.

Parameters:

private_key_password (Any)

Return type:

bytes | None

_parse_private_key(private_key_bytes, private_key_password_bytes)

Parse private key with optional password.

Parameters:

• private_key_bytes (bytes)

• private_key_password_bytes (bytes | None)

Return type:

Any

_create_and_save_credential(private_key_serializer, tls_certificate_serializer, tls_certificate_chain_serializer, domain_name)

Create credential from serializers, verify, and save.

Parameters:

• private_key_serializer (Any)

• tls_certificate_serializer (Any)

• tls_certificate_chain_serializer (Any)

• domain_name (str)

Return type:

None

clean()

Cleans and validates the form data.

This method performs additional validation on the provided data, such as ensuring the private key file, and certificates are valid. It also activates and saves the TLS certificate if all checks pass.

Raises:

ValidationError – If the form data is invalid or there is an error during processing.

Return type:

dict[str, Any] | None

get_saved_credential()

Return the saved credential.

Return type:

pki.models.CredentialModel

class management.forms.KeyStorageConfigForm(*args, **kwargs)

Bases: django.forms.ModelForm[management.models.KeyStorageConfig]

Form for configuring cryptographic material storage options.

Parameters:

• args (Any)

• kwargs (Any)

storage_type

class Meta

ModelForm Meta configuration for KeyStorageConfig.

model

fields: ClassVar[list[str]] = ['storage_type']

clean()

Custom validation for the form.

Return type:

dict[str, Any]

save_with_commit()

Save the form with commit, ensuring singleton behavior.

Return type:

management.models.KeyStorageConfig

save_without_commit()

Save the form without commit, ensuring singleton behavior.

Return type:

management.models.KeyStorageConfig

class management.forms.PKCS11ConfigForm(*args, **kwargs)

Bases: django.forms.Form

Form for configuring PKCS#11 settings including HSM PIN and token information.

Parameters:

• args (Any)

• kwargs (Any)

HSM_TYPE_CHOICES: ClassVar[list[tuple[str, Any]]]

hsm_type

label

slot

module_path

clean()

Custom validation for the form.

Return type:

dict[str, Any]

clean_label()

Validate that label is unique, excluding current token if updating.

Return type:

str

save_token_config()

Save or update token configuration.

Return type:

management.models.PKCS11Token