pki.models.crl

Module that contains the CrlModel.

Classes

CrlModel

Certificate Revocation List Model.

Module Contents

class pki.models.crl.CrlModel(*args, **kwargs)[source]

Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel

Certificate Revocation List Model.

This model stores CRLs for CAs (both issuing and non-issuing). Multiple CRLs can exist for a single CA to track CRL history.

ca[source]
crl_pem[source]
crl_number[source]
this_update[source]
next_update[source]
is_active[source]
created_at[source]
updated_at[source]
class Meta[source]

Meta options for CrlModel.

verbose_name[source]
verbose_name_plural[source]
ordering: ClassVar[list[str]] = ['-this_update'][source]
unique_together: ClassVar[list[list[str]]] = [['ca', 'crl_number']][source]
indexes: ClassVar[list[django.db.models.Index]][source]
__str__()[source]

Returns a human-readable string representation.

Returns:

Human-readable string representation.

Return type:

str

__repr__()[source]

Returns a string representation of the instance.

Return type:

str

raise_invalid_signature_error()[source]

Raises a ValidationError indicating an invalid CRL signature.

Return type:

Never

classmethod create_from_pem(ca, crl_pem, *, set_active=True, next_update_delta=None)[source]

Creates a new CRL from PEM data.

Parameters:

  • ca (pki.models.CaModel | None) – The CA that issued this CRL. Can be None for CRLs not associated with a CA.

  • crl_pem (str) – The CRL in PEM format.

  • set_active (bool) – If True and ca is provided, deactivates other CRLs for this CA and sets this as active.

  • next_update_delta (datetime.timedelta | None) – Optional timedelta to override the CRL’s nextUpdate field. If provided, sets nextUpdate to thisUpdate + delta.

Returns:

The newly created CRL model.

Return type:

CrlModel

Raises:

ValidationError – If the CRL is invalid or doesn’t match the CA.

get_crl_as_crypto()[source]

Returns the CRL as a cryptography CertificateRevocationList object.

Returns:

The CRL.

Return type:

x509.CertificateRevocationList

Raises:

ValidationError – If the CRL cannot be parsed.

get_revoked_serial_numbers()[source]

Returns a set of revoked certificate serial numbers.

Returns:

Set of revoked serial numbers.

Return type:

set[int]

is_certificate_revoked(serial_number)[source]

Checks if a certificate with the given serial number is revoked.

Parameters:

serial_number (int) – The certificate serial number to check.

Returns:

True if the certificate is revoked, False otherwise.

Return type:

bool

is_expired()[source]

Checks if this CRL has expired based on nextUpdate.

Returns:

True if the CRL has expired, False otherwise.

Return type:

bool

property days_left: int[source]

Returns number of days from now until next_update. If expired or no next_update, returns 0.

Return type:

int

get_validity_hours()[source]

Returns the validity period in hours.

Returns:

The validity period in hours, or None if not set.

Return type:

float | None

save(*args, **kwargs)[source]

Override save to validate before saving.

Parameters:

  • args (Any)

  • kwargs (Any)

Return type:

None

pre_delete()[source]

Called before deleting the model.

Return type:

None