pki.models.certificate

Module that contains the CertificateModel.

Classes

CertificateModel	X509 Certificate Model.
RevokedCertificateModel	Model to store revoked certificates.

Module Contents

class pki.models.certificate.CertificateModel(*args, **kwargs)

Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel

X509 Certificate Model.

See RFC5280 for more information.

class CertificateStatus(*args, **kwds)

Bases: django.db.models.TextChoices

CertificateModel status.

OK

REVOKED

EXPIRED

NOT_YET_VALID

class Version(*args, **kwds)

Bases: django.db.models.IntegerChoices

X509 RFC 5280 - Certificate Version.

V3

class SignatureAlgorithmOidChoices(*args, **kwds)

Bases: django.db.models.TextChoices

Signature Algorithm OIDs.

RSA_MD5

RSA_SHA1

RSA_SHA1_ALT

RSA_SHA224

RSA_SHA256

RSA_SHA384

RSA_SHA512

RSA_SHA3_224

RSA_SHA3_256

RSA_SHA3_384

RSA_SHA3_512

ECDSA_SHA1

ECDSA_SHA224

ECDSA_SHA256

ECDSA_SHA384

ECDSA_SHA512

ECDSA_SHA3_224

ECDSA_SHA3_256

ECDSA_SHA3_384

ECDSA_SHA3_512

PASSWORD_BASED_MAC

class PublicKeyAlgorithmOidChoices(*args, **kwds)

Bases: django.db.models.TextChoices

Public Key Algorithm OIDs.

ECC

RSA

class PublicKeyEcCurveOidChoices(*args, **kwds)

Bases: django.db.models.TextChoices

Public Key EC Curve OIDs.

NONE = ''

SECP192R1

SECP224R1

SECP256K1

SECP256R1

SECP384R1

SECP521R1

BRAINPOOLP256R1

BRAINPOOLP384R1

BRAINPOOLP512R1

SECT163K1

SECT163R2

SECT233K1

SECT233R1

SECT283K1

SECT283R1

SECT409K1

SECT409R1

SECT571K1

SECT571R1

is_self_signed

common_name

sha256_fingerprint

signature_algorithm_oid

signature_value

version

serial_number

issuer

issuer_public_bytes

issuer_id

not_valid_before

not_valid_after

subject

subject_public_bytes

spki_algorithm_oid

spki_algorithm

spki_key_size

spki_ec_curve_oid

spki_ec_curve

cert_pem

public_key_pem

created_at

key_usage_extension

subject_alternative_name_extension

issuer_alternative_name_extension

basic_constraints_extension

authority_key_identifier_extension

subject_key_identifier_extension

certificate_policies_extension

extended_key_usage_extension

name_constraints_extension

crl_distribution_points_extension

authority_information_access_extension

subject_information_access_extension

inhibit_any_policy_extension

policy_constraints_extension

subject_directory_attributes_extension

freshest_crl_extension

class Meta

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

__repr__()

Representation of the CertificateModel instance.

Return type:

str

__str__()

Human-readable representation of the CertificateModel instance.

Return type:

str

save(*_args, **_kwargs)

Save method must not be called directly to protect the integrity.

This method makes sure save() is not called by mistake.

Raises:

NotImplementedError –

Parameters:

• _args (Any)

• _kwargs (Any)

Return type:

None

property signature_algorithm: str

Name of the signature algorithm.

Return type:

str

property signature_algorithm_padding_scheme: str

Padding scheme if RSA is used, otherwise None.

Return type:

str

property signature_suite: trustpoint_core.oid.SignatureSuite

Signature Suite of the certificate.

Return type:

trustpoint_core.oid.SignatureSuite

property public_key_info: trustpoint_core.oid.PublicKeyInfo

Public Key Info of the certificate.

Return type:

trustpoint_core.oid.PublicKeyInfo

property certificate_status: CertificateStatus

Status of the certificate.

Return type:

CertificateStatus

property days_left: int

Returns number of days from now until not_valid_after. If expired, returns 0.

Return type:

int

property is_ca: bool

Check if the certificate is a CA certificate.

Return type:

bool

property is_root_ca: bool

Check if the certificate is a root CA certificate.

Return type:

bool

property is_end_entity: bool

Check if the certificate is an end entity certificate.

Return type:

bool

classmethod get_cert_by_sha256_fingerprint(sha256_fingerprint)

Get a CertificateModel instance by its SHA256 fingerprint.

Parameters:

sha256_fingerprint (str)

Return type:

None | CertificateModel

static _get_subject(cert)

Parameters:

cert (cryptography.x509.Certificate)

Return type:

list[tuple[str, str]]

static _get_issuer_name(cert)

Parameters:

cert (cryptography.x509.Certificate)

Return type:

list[tuple[str, str]]

static _get_spki_info(cert)

Parameters:

cert (cryptography.x509.Certificate)

Return type:

tuple[trustpoint_core.oid.PublicKeyAlgorithmOid, int, trustpoint_core.oid.NamedCurve]

get_certificate_serializer()

Get the serializer for the certificate.

Return type:

trustpoint_core.serializer.CertificateSerializer

get_public_key_serializer()

Get the serializer for the certificate’s public key.

Return type:

trustpoint_core.serializer.PublicKeySerializer

get_certificate_chain()

Get the certificate chain from this certificate up to the root CA.

Return type:

list[CertificateModel]

_save(**kwargs)

Parameters:

kwargs (Any)

Return type:

None

classmethod _save_certificate(certificate)

Parameters:

certificate (cryptography.x509.Certificate | trustpoint_core.serializer.CertificateSerializer)

Return type:

CertificateModel

static _save_attribute_and_value_pairs(oid, value)

Parameters:

• oid (str)

• value (str)

Return type:

pki.models.extension.AttributeTypeAndValue

classmethod _save_subject(cert_model, subject)

Parameters:

• cert_model (CertificateModel)

• subject (list[tuple[str, str]])

Return type:

None

classmethod _save_issuer(cert_model, issuer)

Parameters:

• cert_model (CertificateModel)

• issuer (list[tuple[str, str]])

Return type:

None

EXTENSION_MAP

static _save_extensions(cert_model, cert)

Parameters:

• cert_model (CertificateModel)

• cert (cryptography.x509.Certificate)

Return type:

None

classmethod _atomic_save(cert_model, certificate, subject, issuer)

Parameters:

• cert_model (CertificateModel)

• certificate (cryptography.x509.Certificate)

• subject (list[tuple[str, str]])

• issuer (list[tuple[str, str]])

Return type:

CertificateModel

classmethod save_certificate(certificate)

Store the certificate in the database.

Returns:

The certificate object that has just been saved.

Return type:

trustpoint.pki.models.Certificate

Parameters:

certificate (cryptography.x509.Certificate | trustpoint_core.serializer.CertificateSerializer)

pre_delete()

Store the related objects before deletion.

Return type:

None

post_delete()

Clean up related orphaned extension models.

Return type:

None

subjects_match(other_subject)

Check if the provided subject is identical to the one of this certificate.

Parameters:

other_subject (x509.Name) – The subject to compare to.

Returns:

True if the subjects match, False otherwise.

Return type:

bool

class pki.models.certificate.RevokedCertificateModel(*args, **kwargs)

Bases: django.db.models.Model

Model to store revoked certificates.

class ReasonCode(*args, **kwds)

Bases: django.db.models.TextChoices

Revocation reasons per RFC 5280.

UNSPECIFIED

KEY_COMPROMISE

CA_COMPROMISE

AFFILIATION_CHANGED

SUPERSEDED

CESSATION

CERTIFICATE_HOLD

PRIVILEGE_WITHDRAWN

AA_COMPROMISE

REMOVE_FROM_CRL

certificate

revoked_at

revocation_reason

ca

class Meta

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

__str__()

String representation of the RevokedCertificateModel instance.

Return type:

str