pki.forms

Module for managing PKI-related forms in the Trustpoint application.

Classes

IssuingCaImportMixin

Mixin for Issuing CA import forms providing common validation and creation logic.

DevIdAddMethodSelectForm

Form for selecting the method to add an DevID Onboarding Pattern.

DevIdRegistrationForm

Form to create a new DevIdRegistration.

TruststoreAddForm

Form for adding a new truststore.

TruststoreDownloadForm

Form for downloading truststores in various formats.

CertificateDownloadForm

Form for downloading certificates in various formats.

IssuingCaAddMethodSelectForm

Form for selecting the method to add an Issuing Certificate Authority (CA).

IssuingCaFileTypeSelectForm

Form for selecting the file type when importing an Issuing CA.

IssuingCaAddFileImportPkcs12Form

Form for importing an Issuing CA using a PKCS#12 file.

IssuingCaAddFileImportSeparateFilesForm

Form for importing an Issuing CA using separate files.

OwnerCredentialFileImportForm

Form for importing an DevOwnerID using separate files.

CertProfileConfigForm

Form for creating or updating Certificate Profiles.

Functions

get_private_key_location_from_config()

Determine the appropriate PrivateKeyLocation based on KeyStorageConfig.

get_ca_type_from_config()

Determine the appropriate CA type based on KeyStorageConfig.

Module Contents

pki.forms.get_private_key_location_from_config()[source]

Determine the appropriate PrivateKeyLocation based on KeyStorageConfig.

Return type:

trustpoint_core.serializer.PrivateKeyLocation

pki.forms.get_ca_type_from_config()[source]

Determine the appropriate CA type based on KeyStorageConfig.

Return type:

pki.models.CaModel.CaTypeChoice

class pki.forms.IssuingCaImportMixin[source]

Mixin for Issuing CA import forms providing common validation and creation logic.

_raise_validation_error(message)[source]

Helper method to raise a ValidationError with a given message.

Parameters:

message (str) – The error message to be included in the ValidationError.

Raises:

ValidationError – Always raised with the provided message.

Return type:

NoReturn

_validate_ca_certificate(cert_crypto)[source]

Validates that the certificate is a CA certificate with required extensions.

Parameters:

cert_crypto (cryptography.x509.Certificate)

Return type:

None

_check_duplicate_issuing_ca(cert_crypto)[source]

Checks if the certificate is already used by an existing Issuing CA.

Parameters:

cert_crypto (cryptography.x509.Certificate)

Return type:

None

_finalize_issuing_ca_creation(unique_name, cert, credential_serializer)[source]

Finalizes the creation of the Issuing CA after validation.

Parameters:

  • unique_name (str | None)

  • cert (cryptography.x509.Certificate)

  • credential_serializer (trustpoint_core.serializer.CredentialSerializer)

Return type:

None

class pki.forms.DevIdAddMethodSelectForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: django.forms.Form

Form for selecting the method to add an DevID Onboarding Pattern.

method_select[source]

A dropdown to select the method for adding an Issuing CA. - import_truststore: Import a new truststore prior to configuring a new pattern. - configure_pattern: Use an existing truststore to define a new pattern.

Type:

ChoiceField

method_select[source]
class pki.forms.DevIdRegistrationForm[source]

Bases: django.forms.ModelForm[pki.models.DevIdRegistration]

Form to create a new DevIdRegistration.

class Meta[source]
model[source]
fields: ClassVar[list[str]] = ['unique_name', 'truststore', 'domain', 'serial_number_pattern'][source]
widgets: ClassVar[dict[str, Any]][source]
labels: ClassVar[dict[str, str]][source]
unique_name[source]
clean()[source]

Cleans and validates the form data.

Ensures the unique name is not already used if provided.

Raises:

ValidationError – If the unique name is not unique.

Return type:

None

class pki.forms.TruststoreAddForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: django.forms.Form

Form for adding a new truststore.

This form handles the creation of a truststore by validating the unique name, intended usage, and uploaded file. It ensures the unique name is not already used and validates the truststore file content before saving.

unique_name[source]

A unique name for the truststore.

Type:

CharField

intended_usage[source]

Specifies the intended usage of the truststore.

Type:

ChoiceField

trust_store_file[source]

The PEM or PKCS#7 file to be uploaded.

Type:

FileField

unique_name[source]
intended_usage[source]
trust_store_file[source]
clean_unique_name()[source]

Validates the uniqueness of the truststore name.

Raises:

ValidationError – If the name is already used by an existing truststore.

Return type:

str

_raise_validation_error(message)[source]

Helper method to raise a ValidationError with a given message.

Parameters:

message (str) – The error message to be included in the ValidationError.

Raises:

ValidationError – Always raised with the provided message.

Return type:

NoReturn

clean()[source]

Cleans and validates the form data.

Ensures the uploaded file can be read and validates the unique name and intended usage fields. If validation passes, initializes and saves the truststore.

Raises:

  • ValidationError – If the truststore file cannot be read, the unique name

  • is not unique, or an unexpected error occurs during initialization.

Return type:

None

static save_trust_store(unique_name, intended_usage, certificates)[source]

Save all certificates of a truststore.

Parameters:
Return type:

pki.models.truststore.TruststoreModel

class pki.forms.TruststoreDownloadForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: django.forms.Form

Form for downloading truststores in various formats.

This form provides options to customize the download of truststores, allowing users to specify the container type, inclusion of certificate chains, and the file format. It ensures flexibility in exporting truststores for various use cases and environments.

cert_file_container[source]

Specifies the container type for the truststore. - single_file: The entire truststore in a single file. - zip: Certificates as separate files in a .zip archive. - tar_gz: Certificates as separate files in a .tar.gz archive.

Type:

ChoiceField

cert_chain_incl[source]

Specifies whether to include certificate chains. - cert_only: Only the selected certificates. - chain_incl: Include certificate chains.

Type:

ChoiceField

cert_file_format[source]

Specifies the file format for the truststore. - pem: PEM format (.pem, .crt, .ca-bundle). - der: DER format (.der, .cer). - pkcs7_pem: PKCS#7 format in PEM encoding (.p7b, .p7c, .keystore). - pkcs7_der: PKCS#7 format in DER encoding (.p7b, .p7c, .keystore).

Type:

ChoiceField

cert_file_container[source]
cert_chain_incl[source]
cert_file_format[source]
class pki.forms.CertificateDownloadForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: django.forms.Form

Form for downloading certificates in various formats.

This form allows users to customize the download options for certificates, including the container type, inclusion of certificate chains, and the file format. It provides flexibility to download certificates in the desired structure and format for different use cases.

cert_file_container[source]

Specifies the container type for the downloaded certificates. - single_file: All certificates in a single file. - zip: Certificates as separate files in a .zip archive. - tar_gz: Certificates as separate files in a .tar.gz archive.

Type:

ChoiceField

cert_chain_incl[source]

Specifies whether to include certificate chains. - cert_only: Only the selected certificates. - chain_incl: Include certificate chains.

Type:

ChoiceField

cert_file_format[source]

Specifies the file format for the certificates. - pem: PEM format (.pem, .crt, .ca-bundle). - der: DER format (.der, .cer). - pkcs7_pem: PKCS#7 format in PEM encoding (.p7b, .p7c, .keystore). - pkcs7_der: PKCS#7 format in DER encoding (.p7b, .p7c, .keystore).

Type:

ChoiceField

cert_file_container[source]
cert_chain_incl[source]
cert_file_format[source]
class pki.forms.IssuingCaAddMethodSelectForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: django.forms.Form

Form for selecting the method to add an Issuing Certificate Authority (CA).

This form provides options to choose the method for adding a new Issuing CA. Users can select between importing from a file, generating a key pair and requesting an Issuing CA certificate, or configuring a remote Issuing CA.

method_select[source]

A dropdown to select the method for adding an Issuing CA. - local_file_import: Import a new Issuing CA from a file. - local_request: Generate a key-pair and request a certificate. - remote_est: Configure a remote Issuing CA.

Type:

ChoiceField

method_select[source]
class pki.forms.IssuingCaFileTypeSelectForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: django.forms.Form

Form for selecting the file type when importing an Issuing CA.

This form allows users to choose the type of file to use for importing an Issuing Certificate Authority (CA). Supported formats include PKCS#12 and other common certificate formats such as PEM, PKCS#1, PKCS#7, and PKCS#8.

method_select[source]

A dropdown to select the file type for the Issuing CA.

Type:

ChoiceField

method_select[source]
class pki.forms.IssuingCaAddFileImportPkcs12Form(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: IssuingCaImportMixin, trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing an Issuing CA using a PKCS#12 file.

This form allows the user to upload a PKCS#12 file containing the private key and certificate chain, along with an optional password. It validates the uploaded file and its contents and ensures the unique name is not already used by another Issuing CA.

unique_name[source]

A unique name for the Issuing CA.

Type:

CharField

pkcs12_file[source]

The PKCS#12 file containing the private key and certificates.

Type:

FileField

pkcs12_password[source]

An optional password for the PKCS#12 file.

Type:

CharField

unique_name[source]
pkcs12_file[source]
pkcs12_password[source]
_read_and_encode_pkcs12_file(cleaned_data)[source]

Reads the PKCS#12 file and encodes the password if provided.

Parameters:

cleaned_data (dict[str, Any])

Return type:

tuple[bytes, bytes | None]

_parse_and_prepare_credential(pkcs12_raw, pkcs12_password, unique_name)[source]

Parses the PKCS#12 file and prepares the credential serializer.

Parameters:

  • pkcs12_raw (bytes)

  • pkcs12_password (bytes | None)

  • unique_name (str | None)

Return type:

trustpoint_core.serializer.CredentialSerializer

_validate_ca_certificate_from_serializer(credential_serializer)[source]

Validates that the certificate is a CA certificate.

Parameters:

credential_serializer (trustpoint_core.serializer.CredentialSerializer)

Return type:

cryptography.x509.Certificate

clean()[source]

Cleans and validates the entire form.

This method performs additional validation on the cleaned data to ensure all required fields are valid and consistent. It checks the uploaded PKCS#12 file and its password (if provided) and validates that the unique name does not conflict with existing entries. Any issues during validation raise appropriate errors.

Raises:

  • ValidationError – If the data is invalid, such as when the unique name

  • is already taken or the PKCS#12 file cannot be read or parsed.

Return type:

None

class pki.forms.IssuingCaAddFileImportSeparateFilesForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: IssuingCaImportMixin, trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing an Issuing CA using separate files.

This form allows the user to upload a private key file, its password (optional), an Issuing CA certificate file, and an optional certificate chain. The form validates the uploaded files, ensuring they are correctly formatted, within size limits, and not already associated with an existing Issuing CA.

unique_name[source]

A unique name for the Issuing CA.

Type:

CharField

private_key_file[source]

The private key file (.key, .pem).

Type:

FileField

private_key_file_password[source]

An optional password for the private key.

Type:

CharField

ca_certificate[source]

The Issuing CA certificate file (.cer, .der, .pem, .p7b, .p7c).

Type:

FileField

ca_certificate_chain[source]

An optional certificate chain file.

Type:

FileField

unique_name[source]
ca_certificate[source]
ca_certificate_chain[source]
private_key_file[source]
private_key_file_password[source]
clean_private_key_file()[source]

Validates and parses the uploaded private key file.

This method checks if the private key file is provided, ensures it meets size constraints, and validates its contents. If a password is provided, it is used to decrypt the private key. Raises validation errors for missing, oversized, or corrupted private key files.

Returns:

A serializer containing the parsed private key.

Return type:

PrivateKeySerializer

Raises:

  • ValidationError – If the private key file is missing, too large, or

  • corrupted, or if the password is invalid or incompatible.

clean_ca_certificate()[source]

Validates and parses the uploaded Issuing CA certificate file.

This method ensures the provided Issuing CA certificate file is valid and not already associated with an existing Issuing CA in the database. If the file is too large, corrupted, or already in use, a validation error is raised.

Returns:

A serializer containing the parsed certificate.

Return type:

CertificateSerializer

Raises:

  • ValidationError – If the file is missing, too large, corrupted, or already

  • associated with an existing Issuing CA.

clean_ca_certificate_chain()[source]

Validates and parses the uploaded Issuing CA certificate chain file.

This method checks if the optional certificate chain file is provided. If present, it validates and attempts to parse the file into a collection of certificates. Raises a validation error if parsing fails or the file appears corrupted.

Returns:

A serializer containing the parsed certificate chain if provided.

Return type:

CertificateCollectionSerializer

Raises:

ValidationError – If the certificate chain cannot be parsed.

_validate_credential_components(credential_serializer)[source]

Validates the private key and certificate from the credential serializer.

Parameters:

credential_serializer (trustpoint_core.serializer.CredentialSerializer) – The credential serializer containing the private key and certificate.

Returns:

A tuple containing the certificate and private key.

Raises:

ValidationError – If the certificate or private key is missing or they don’t match.

Return type:

tuple[cryptography.x509.Certificate, Any]

_prepare_credential_serializer(credential_serializer, unique_name, pk)[source]

Prepares the credential serializer with private key reference.

Parameters:

  • credential_serializer (trustpoint_core.serializer.CredentialSerializer)

  • unique_name (str | None)

  • pk (Any)

Return type:

None

clean()[source]

Cleans and validates the form data.

This method performs additional validation on the provided data, such as ensuring the unique name, private key file, and certificates are valid. It also initializes and saves the issuing CA configuration if all checks pass.

Raises:

ValidationError – If the form data is invalid or there is an error during processing.

Return type:

None

class pki.forms.OwnerCredentialFileImportForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]

Bases: trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing an DevOwnerID using separate files.

This form allows the user to upload a private key file, its password (optional), an DevOwnerID certificate file, and an optional certificate chain. The form validates the uploaded files, ensuring they are correctly formatted and within size limits.

unique_name[source]

A unique name for the Owner Credential.

Type:

CharField

private_key_file[source]

The private key file (.key, .pem).

Type:

FileField

private_key_file_password[source]

An optional password for the private key.

Type:

CharField

owner_certificate

The DevOwnerID certificate file (.cer, .der, .pem, .p7b, .p7c).

Type:

FileField

owner_certificate_chain

An optional certificate chain file.

Type:

FileField

unique_name[source]
certificate[source]
certificate_chain[source]
private_key_file[source]
private_key_file_password[source]
clean_private_key_file()[source]

Validates and parses the uploaded private key file.

This method checks if the private key file is provided, ensures it meets size constraints, and validates its contents. If a password is provided, it is used to decrypt the private key. Raises validation errors for missing, oversized, or corrupted private key files.

Returns:

A serializer containing the parsed private key.

Return type:

PrivateKeySerializer

Raises:

  • ValidationError – If the private key file is missing, too large, or

  • corrupted, or if the password is invalid or incompatible.

clean_certificate()[source]

Validates and parses the uploaded certificate file.

This method ensures the provided certificate file is valid and not already associated with an existing DevOwnerID in the database. If the file is too large, corrupted, or already in use, a validation error is raised.

Returns:

A serializer containing the parsed certificate.

Return type:

CertificateSerializer

Raises:

  • ValidationError – If the file is missing, too large, corrupted, or already

  • associated with an existing Issuing CA.

clean_certificate_chain()[source]

Validates and parses the uploaded certificate chain file.

This method checks if the optional certificate chain file is provided. If present, it validates and attempts to parse the file into a collection of certificates. Raises a validation error if parsing fails or the file appears corrupted.

Returns:

A serializer containing the parsed certificate chain if provided.

Return type:

CertificateCollectionSerializer

Raises:

ValidationError – If the certificate chain cannot be parsed.

_raise_validation_error(message)[source]

Helper method to raise a ValidationError with a given message.

Parameters:

message (str) – The error message to be included in the ValidationError.

Raises:

ValidationError – Always raised with the provided message.

Return type:

NoReturn

clean()[source]

Cleans and validates the form data.

This method performs additional validation on the provided data, such as ensuring the unique name, private key file, and certificates are valid. It also initializes and saves the OwnerCredential configuration if all checks pass.

Raises:

ValidationError – If the form data is invalid or there is an error during processing.

Return type:

None

class pki.forms.CertProfileConfigForm[source]

Bases: trustpoint.logger.LoggerMixin, django.forms.ModelForm[pki.models.cert_profile.CertificateProfileModel]

Form for creating or updating Certificate Profiles.

This form is based on the CertificateProfileModel and allows users to create or update certificate profiles by specifying a unique name and profile JSON configuration.

unique_name

A unique name for the certificate profile.

Type:

CharField

profile_json

The JSON configuration for the certificate profile.

Type:

JSONField

class Meta[source]

Meta information for the CertProfileConfigForm.

model[source]
fields: ClassVar[list[str]] = ['unique_name', 'profile_json', 'is_default'][source]
clean_unique_name()[source]

Validates the unique name to ensure it is not already in use.

Raises:

ValidationError – If the unique name is already associated with an existing certificate profile.

Return type:

str

clean_profile_json()[source]

Validates the profile JSON to ensure it is a valid certificate profile.

Raises:

ValidationError – If the profile JSON is not a valid certificate profile.

Return type:

str