pki.models.extension¶

Module that contains X.509 Extension Models.

Classes¶

`AttributeTypeAndValue`	AttributeTypeAndValue Model.
`GeneralNameRFC822Name`	GeneralNameRFC822Name Model.
`GeneralNameDNSName`	GeneralNameDNSName Model.
`GeneralNameDirectoryName`	GeneralNameDirectoryName Model.
`GeneralNameUniformResourceIdentifier`	GeneralNameUniformResourceIdentifier Model.
`GeneralNameIpAddress`	GeneralNameIpAddress Model.
`GeneralNameRegisteredId`	GeneralNameRegisteredId Model.
`GeneralNameOtherName`	GeneralNameOtherName Model.
`CertificateExtension`	Abstract Base Class of Extension Models.
`BasicConstraintsExtension`	Represents the BasicConstraints extension in X.509 certificates.
`KeyUsageExtension`	Represents the KeyUsage extension in X.509 certificates.
`GeneralNamesModel`	Represents a collection of general names as per RFC5280.
`IssuerAlternativeNameExtension`	IssuerAlternativeNameExtension Model.
`SubjectAlternativeNameExtension`	Represents the SubjectAlternativeName extension in X.509 certificates.
`PolicyConstraintsExtension`	Represents the PolicyConstraints extension in X.509 certificates.

Module Contents¶

class pki.models.extension.AttributeTypeAndValue(*args, **kwargs)[source]¶

Bases: django.db.models.Model

AttributeTypeAndValue Model.

Used for subject entries as well as the GeneralNameDirectoryName entries within the SubjectAlternativeName and IssuerAlternativeName.

See RFC5280 for more information.

oid[source]¶

value[source]¶

class Meta[source]¶

unique_together = ('oid', 'value')[source]¶

__str__()[source]¶

Returns a string representation of the attribute type and value.

Return type:: str

property abbreviation: str | None[source]¶

Returns the abbreviation of the attribute’s OID.

Return type:: str | None

property verbose_name: str[source]¶

Returns the verbose name of the attribute’s OID.

Return type:: str

class pki.models.extension.GeneralNameRFC822Name(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameRFC822Name Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

value[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameRFC822Name.

Return type:: str

class pki.models.extension.GeneralNameDNSName(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameDNSName Model.

See RFC5280 for more information.

value[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameDNSName.

Return type:: str

class pki.models.extension.GeneralNameDirectoryName(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameDirectoryName Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

names[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameDirectoryName.

Return type:: str

class pki.models.extension.GeneralNameUniformResourceIdentifier(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameUniformResourceIdentifier Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

value[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameUniformResourceIdentifier.

Return type:: str

class pki.models.extension.GeneralNameIpAddress(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameIpAddress Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

class IpType(*args, **kwds)[source]¶

Bases: django.db.models.TextChoices

Class for creating enumerated string choices.

IPV4_ADDRESS[source]¶

IPV6_ADDRESS[source]¶

IPV4_NETWORK[source]¶

IPV6_NETWORK[source]¶

ip_type[source]¶

value[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

class Meta[source]¶

unique_together = ('ip_type', 'value')[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameIpAddress.

Return type:: str

class pki.models.extension.GeneralNameRegisteredId(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameRegisteredId Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

value[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameRegisteredId.

Return type:: str

class pki.models.extension.GeneralNameOtherName(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameOtherName Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

type_id[source]¶

value[source]¶

check_references_on_delete = ('general_names_set',)[source]¶

class Meta[source]¶

unique_together = ('type_id', 'value')[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNameOtherName.

Return type:: str

class pki.models.extension.CertificateExtension(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin

Abstract Base Class of Extension Models.

Due to a Metaclass conflict, this class is not derived from abc.ABC on purpose. # TODO: check if this can be rectified

_extension_oid: str[source]¶

property extension_oid: str[source]¶

Returns the OID of the extension.

Return type:: str

classmethod save_from_crypto_extensions(extension)[source]¶

Abstractmethod:
Parameters:: extension (cryptography.x509.Extension[T])
Return type:: CertificateExtension | None

Stores the extension in the database.

Meant to be called within an atomic transaction while storing a certificate.

Parameters:: extension (x509.Extension) – The X.509 extension object.
Returns:: The instance of the saved extension.
Return type:: CertificateExtension

classmethod delete_if_orphaned(instance)[source]¶

Removes the Extension instance if no longer referenced.

Since all extension classes are only referenced by the Certificate model with on_delete=models.PROTECT, we can rely on the database protection to remove the instance if it is no longer referenced. This saves an extra query to check if the ‘certificates’ reverse relation still exists.

Parameters:: instance (util.db.OrphanDeletionMixin | None)
Return type:: None

class pki.models.extension.BasicConstraintsExtension(*args, **kwargs)[source]¶

Bases: CertificateExtension, django.db.models.Model

Represents the BasicConstraints extension in X.509 certificates.

This extension indicates whether a certificate is a CA and its path length.

critical[source]¶

ca[source]¶

path_length_constraint[source]¶

class Meta[source]¶

unique_together = ('critical', 'ca', 'path_length_constraint')[source]¶

__str__()[source]¶

Returns a string representation of the extension.

Return type:: str

_extension_oid[source]¶

classmethod save_from_crypto_extensions(crypto_basic_constraints_extension)[source]¶

Stores the BasicConstraintsExtension in the database.

Parameters:: crypto_basic_constraints_extension (x509.Extension) – The X.509 extension containing BasicConstraints.
Returns:: The instance of the saved extension.
Return type:: BasicConstraintsExtension

class pki.models.extension.KeyUsageExtension(*args, **kwargs)[source]¶

Bases: CertificateExtension, django.db.models.Model

Represents the KeyUsage extension in X.509 certificates.

Specifies the permitted usage of the certificate’s public key.

critical[source]¶

digital_signature[source]¶

content_commitment[source]¶

key_encipherment[source]¶

data_encipherment[source]¶

key_agreement[source]¶

key_cert_sign[source]¶

crl_sign[source]¶

encipher_only[source]¶

decipher_only[source]¶

class Meta[source]¶

unique_together = ('digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment',...[source]¶

__str__()[source]¶

Returns a string representation of the extension.

Return type:: str

_extension_oid[source]¶

classmethod save_from_crypto_extensions(crypto_basic_constraints_extension)[source]¶

Stores the KeyUsage extension in the database.

Parameters:: crypto_basic_constraints_extension (x509.Extension) – The X.509 extension containing KeyUsage.
Returns:: The instance of the saved extension.
Return type:: KeyUsageExtension

class pki.models.extension.GeneralNamesModel(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, util.db.CustomDeleteActionModel

Represents a collection of general names as per RFC5280.

Used for both SubjectAlternativeName and IssuerAlternativeName extensions.

_alternative_name_extension_type: str[source]¶

rfc822_names[source]¶

dns_names[source]¶

directory_names[source]¶

uniform_resource_identifiers[source]¶

ip_addresses[source]¶

registered_ids[source]¶

other_names[source]¶

__str__()[source]¶

Returns a string representation of the GeneralNamesModel.

Return type:: str

_save_rfc822_name(entry)[source]¶

Parameters:: entry (cryptography.x509.RFC822Name)
Return type:: None

_save_dns_name(entry)[source]¶

Parameters:: entry (cryptography.x509.DNSName)
Return type:: None

_save_ip_address(entry)[source]¶

Parameters:: entry (cryptography.x509.IPAddress)
Return type:: None

_save_uri(entry)[source]¶

Parameters:: entry (cryptography.x509.UniformResourceIdentifier)
Return type:: None

_save_registered_id(entry)[source]¶

Parameters:: entry (cryptography.x509.RegisteredID)
Return type:: None

_save_other_name(entry)[source]¶

Parameters:: entry (cryptography.x509.OtherName)
Return type:: None

_save_directory_name(entry)[source]¶

Parameters:: entry (cryptography.x509.DirectoryName)
Return type:: None

save_general_names(general_names)[source]¶

Stores general names in the database.

Parameters:: general_names (x509.Extension | list[x509.GeneralName]) – The X.509 general names extension or a list of general names.
Returns:: The instance of the saved general names.
Return type:: GeneralNamesModel

class pki.models.extension.IssuerAlternativeNameExtension(*args, **kwargs)[source]¶

Bases: CertificateExtension, util.db.CustomDeleteActionModel

IssuerAlternativeNameExtension Model.

See RFC5280 for more information.

critical[source]¶

issuer_alt_name[source]¶

__str__()[source]¶

Returns a string representation of the IssuerAlternativeName extension.

Return type:: str

_extension_oid[source]¶

post_delete()[source]¶

Clean up related orphaned extension field models.

Return type:: None

classmethod save_from_crypto_extensions(extension)[source]¶

Stores the IssuerAlternativeNameExtension in the database.

Meant to be called within an atomic transaction while storing a certificate.

Parameters:: extension (x509.Extension) – The x509.Extension object that contains all extensions of the certificate.
Returns:: The instance of the saved IssuerAlternativeNameExtension.
Return type:: trustpoint.pki.models.IssuerAlternativeNameExtension

class pki.models.extension.SubjectAlternativeNameExtension(*args, **kwargs)[source]¶

Bases: CertificateExtension, util.db.CustomDeleteActionModel

Represents the SubjectAlternativeName extension in X.509 certificates.

Stores alternative names for the certificate’s subject.

critical[source]¶

subject_alt_name[source]¶

__str__()[source]¶

Returns a string representation of the SubjectAlternativeName extension.

Return type:: str

_extension_oid[source]¶

post_delete()[source]¶

Clean up related orphaned extension field models.

Return type:: None

classmethod save_from_crypto_extensions(extension)[source]¶

Stores the SubjectAlternativeName extension in the database.

Parameters:: extension (x509.Extension) – The X.509 extension containing SubjectAlternativeName.
Returns:: The instance of the saved extension.
Return type:: SubjectAlternativeNameExtension

class pki.models.extension.PolicyConstraintsExtension(*args, **kwargs)[source]¶

Bases: CertificateExtension, django.db.models.Model

Represents the PolicyConstraints extension in X.509 certificates.

This extension specifies whether an explicit policy is required and whether policy mapping is inhibited.

critical[source]¶

require_explicit_policy[source]¶

inhibit_policy_mapping[source]¶

objects: django.db.models.Manager[PolicyConstraintsExtension][source]¶

__str__()[source]¶

Returns a string representation of the PolicyConstraintsExtension.

Return type:: str

_extension_oid[source]¶

classmethod save_from_crypto_extensions(extension)[source]¶

Stores the PolicyMappingsExtension in the database.

Parameters:: extension (x509.Extension) – The x509.Extension object containing PolicyConstraints.
Returns:: The saved instance of PolicyConstraintsExtension or None.
Return type:: PolicyConstraintsExtension