request.authentication.est

Provides the ‘EstAuthentication’ class using the Composite pattern for modular EST authentication.

Classes

UsernamePasswordAuthentication

Handles authentication via username/password credentials.

ReenrollmentAuthentication

Handles authentication for EST reenrollment using an Application Credential.

EstAuthentication

Composite authenticator specifically for EST requests, combining various authentication methods.

Module Contents

class request.authentication.est.UsernamePasswordAuthentication[source]

Bases: request.authentication.base.AuthenticationComponent, trustpoint.logger.LoggerMixin

Handles authentication via username/password credentials.

authenticate(context)[source]

Authenticate using username and password from the context.

Parameters:

context (request.request_context.BaseRequestContext)

Return type:

None

_raise_authentication_error()[source]

Raise authentication error with standardized message.

Return type:

Never

class request.authentication.est.ReenrollmentAuthentication[source]

Bases: request.authentication.base.AuthenticationComponent, trustpoint.logger.LoggerMixin

Handles authentication for EST reenrollment using an Application Credential.

_validate_certificate_extensions(credential_cert, client_cert, csr)[source]

Validate that certificate extensions match between credential, client cert, and CSR.

Parameters:

  • credential_cert (cryptography.x509.Certificate)

  • client_cert (cryptography.x509.Certificate)

  • csr (cryptography.x509.CertificateSigningRequest)

Return type:

None

_raise_value_error(message)[source]

Raise a ValueError with the given message.

Parameters:

message (str)

Return type:

Never

authenticate(context)[source]

Authenticate the client for reenrollment.

Parameters:

context (request.request_context.BaseRequestContext)

Return type:

None

_validate_context(context)[source]

Validate the context for reenrollment.

Parameters:

context (request.request_context.EstCertificateRequestContext)

Return type:

bool

_get_issued_credential(client_cert)[source]

Retrieve the issued credential for the client certificate.

Parameters:

client_cert (cryptography.x509.Certificate)

Return type:

devices.models.IssuedCredentialModel

_validate_credential(credential_model, csr, client_cert)[source]

Validate the credential model against the CSR and client certificate.

Parameters:

  • credential_model (pki.models.CredentialModel)

  • csr (cryptography.x509.CertificateSigningRequest)

  • client_cert (cryptography.x509.Certificate)

Return type:

None

_validate_certificate_extensions_safe(credential_model, client_cert, csr)[source]

Safely validate certificate extensions.

Parameters:

  • credential_model (pki.models.CredentialModel)

  • client_cert (cryptography.x509.Certificate)

  • csr (cryptography.x509.CertificateSigningRequest)

Return type:

None

class request.authentication.est.EstAuthentication[source]

Bases: request.authentication.base.CompositeAuthentication

Composite authenticator specifically for EST requests, combining various authentication methods.