pki.models¶

Package that contains all models of the PKI App.

Submodules¶

Exceptions¶

CredentialAlreadyExistsError

The CredentialAlreadyExistsError is raised if a credential already exists in the database.

Classes¶

`AttributeTypeAndValue`	AttributeTypeAndValue Model.
`CertificateExtension`	Abstract Base Class of Extension Models.
`GeneralNameIpAddress`	GeneralNameIpAddress Model.
`CertificateModel`	X509 Certificate Model.
`RevokedCertificateModel`	Model to store revoked certificates.
`IssuingCaModel`	Issuing CA Model.
`CredentialModel`	The CredentialModel that holds all local credentials used by the Trustpoint.
`OwnerCredentialModel`	Device owner credential model.
`DomainModel`	Domain Model.
`DevIdRegistration`	Represents a DevID Registration, linking a Truststore, Domain, unique name, and a serial number regex pattern.
`TruststoreModel`	Represents a truststore, which is a collection of certificates used for specific purposes.
`TruststoreOrderModel`	Represents the order of certificates in a truststore.

Package Contents¶

class pki.models.AttributeTypeAndValue(*args, **kwargs)[source]¶

Bases: django.db.models.Model

AttributeTypeAndValue Model.

Used for subject entries as well as the GeneralNameDirectoryName entries within the SubjectAlternativeName and IssuerAlternativeName.

See RFC5280 for more information.

oid¶

value¶

class Meta¶

unique_together = ('oid', 'value')¶

__str__()[source]¶

Returns a string representation of the attribute type and value.

Return type:: str

property abbreviation: str¶

Returns the abbreviation of the attribute’s OID.

Return type:: str

property verbose_name: str¶

Returns the verbose name of the attribute’s OID.

Return type:: str

class pki.models.CertificateExtension(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin

Abstract Base Class of Extension Models.

Due to a Metaclass conflict, this class is not derived from abc.ABC on purpose. # TODO: check if this can be rectified

_extension_oid: str¶

property extension_oid: str¶

Returns the OID of the extension.

Return type:: str

classmethod save_from_crypto_extensions(extension)[source]¶

Abstractmethod:
Parameters:: extension (cryptography.x509.Extension[T])
Return type:: RT | None

Stores the extension in the database.

Meant to be called within an atomic transaction while storing a certificate.

Parameters:: extension (x509.Extension) – The X.509 extension object.
Returns:: The instance of the saved extension.
Return type:: CertificateExtension

classmethod delete_if_orphaned(instance)[source]¶

Removes the Extension instance if no longer referenced.

Since all extension classes are only referenced by the Certificate model with on_delete=models.PROTECT, we can rely on the database protection to remove the instance if it is no longer referenced. This saves an extra query to check if the ‘certificates’ reverse relation still exists.

Parameters:: instance (RT | None)
Return type:: None

class pki.models.GeneralNameIpAddress(*args, **kwargs)[source]¶

Bases: util.db.OrphanDeletionMixin, django.db.models.Model

GeneralNameIpAddress Model.

Entries of either SubjectAlternativeNames or IssuerAlternativeNames.

See RFC5280 for more information.

class IpType(*args, **kwds)¶

Bases: django.db.models.TextChoices

Class for creating enumerated string choices.

IPV4_ADDRESS¶

IPV6_ADDRESS¶

IPV4_NETWORK¶

IPV6_NETWORK¶

ip_type¶

value¶

check_references_on_delete = ('general_names_set',)¶

class Meta¶

unique_together = ('ip_type', 'value')¶

__str__()[source]¶

Returns a string representation of the GeneralNameIpAddress.

Return type:: str

class pki.models.CertificateModel(*args, **kwargs)[source]¶

Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel

X509 Certificate Model.

See RFC5280 for more information.

class CertificateStatus(*args, **kwds)¶

Bases: django.db.models.TextChoices

CertificateModel status.

OK¶

REVOKED¶

EXPIRED¶

NOT_YET_VALID¶

class Version(*args, **kwds)¶

Bases: django.db.models.IntegerChoices

X509 RFC 5280 - Certificate Version.

V3¶

class SignatureAlgorithmOidChoices(*args, **kwds)¶

Bases: django.db.models.TextChoices

Signature Algorithm OIDs.

RSA_MD5¶

RSA_SHA1¶

RSA_SHA1_ALT¶

RSA_SHA224¶

RSA_SHA256¶

RSA_SHA384¶

RSA_SHA512¶

RSA_SHA3_224¶

RSA_SHA3_256¶

RSA_SHA3_384¶

RSA_SHA3_512¶

ECDSA_SHA1¶

ECDSA_SHA224¶

ECDSA_SHA256¶

ECDSA_SHA384¶

ECDSA_SHA512¶

ECDSA_SHA3_224¶

ECDSA_SHA3_256¶

ECDSA_SHA3_384¶

ECDSA_SHA3_512¶

PASSWORD_BASED_MAC¶

class PublicKeyAlgorithmOidChoices(*args, **kwds)¶

Bases: django.db.models.TextChoices

Public Key Algorithm OIDs.

ECC¶

RSA¶

class PublicKeyEcCurveOidChoices(*args, **kwds)¶

Bases: django.db.models.TextChoices

Public Key EC Curve OIDs.

NONE = ''¶

SECP192R1¶

SECP224R1¶

SECP256K1¶

SECP256R1¶

SECP384R1¶

SECP521R1¶

BRAINPOOLP256R1¶

BRAINPOOLP384R1¶

BRAINPOOLP512R1¶

SECT163K1¶

SECT163R2¶

SECT233K1¶

SECT233R1¶

SECT283K1¶

SECT283R1¶

SECT409K1¶

SECT409R1¶

SECT571K1¶

SECT571R1¶

is_self_signed¶

common_name¶

sha256_fingerprint¶

signature_algorithm_oid¶

signature_value¶

version¶

serial_number¶

issuer¶

issuer_public_bytes¶

not_valid_before¶

not_valid_after¶

subject¶

subject_public_bytes¶

spki_algorithm_oid¶

spki_algorithm¶

spki_key_size¶

spki_ec_curve_oid¶

spki_ec_curve¶

cert_pem¶

public_key_pem¶

created_at¶

key_usage_extension¶

subject_alternative_name_extension¶

issuer_alternative_name_extension¶

basic_constraints_extension¶

authority_key_identifier_extension¶

subject_key_identifier_extension¶

certificate_policies_extension¶

extended_key_usage_extension¶

name_constraints_extension¶

crl_distribution_points_extension¶

authority_information_access_extension¶

subject_information_access_extension¶

inhibit_any_policy_extension¶

policy_constraints_extension¶

subject_directory_attributes_extension¶

freshest_crl_extension¶

class Meta¶

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

__repr__()[source]¶

Representation of the CertificateModel instance.

Return type:: str

__str__()[source]¶

Human-readable representation of the CertificateModel instance.

Return type:: str

save(*_args, **_kwargs)[source]¶

Save method must not be called directly to protect the integrity.

This method makes sure save() is not called by mistake.

Raises:

NotImplementedError –

Parameters:

_args (Any)
_kwargs (Any)

Return type:

None

property signature_algorithm: str¶

Name of the signature algorithm.

Return type:: str

property signature_algorithm_padding_scheme: str¶

Padding scheme if RSA is used, otherwise None.

Return type:: str

property signature_suite: trustpoint_core.oid.SignatureSuite¶

Signature Suite of the certificate.

Return type:: trustpoint_core.oid.SignatureSuite

property public_key_info: trustpoint_core.oid.PublicKeyInfo¶

Public Key Info of the certificate.

Return type:: trustpoint_core.oid.PublicKeyInfo

property certificate_status: CertificateStatus¶

Status of the certificate.

Return type:: CertificateStatus

property is_ca: bool¶

Check if the certificate is a CA certificate.

Return type:: bool

property is_root_ca: bool¶

Check if the certificate is a root CA certificate.

Return type:: bool

property is_end_entity: bool¶

Check if the certificate is an end entity certificate.

Return type:: bool

classmethod get_cert_by_sha256_fingerprint(sha256_fingerprint)[source]¶

Get a CertificateModel instance by its SHA256 fingerprint.

Parameters:: sha256_fingerprint (str)
Return type:: None | CertificateModel

static _get_subject(cert)[source]¶

Parameters:: cert (cryptography.x509.Certificate)
Return type:: list[tuple[str, str]]

static _get_issuer(cert)[source]¶

Parameters:: cert (cryptography.x509.Certificate)
Return type:: list[tuple[str, str]]

static _get_spki_info(cert)[source]¶

Parameters:: cert (cryptography.x509.Certificate)
Return type:: tuple[trustpoint_core.oid.PublicKeyAlgorithmOid, int, trustpoint_core.oid.NamedCurve]

get_certificate_serializer()[source]¶

Get the serializer for the certificate.

Return type:: trustpoint_core.serializer.CertificateSerializer

get_public_key_serializer()[source]¶

Get the serializer for the certificate’s public key.

Return type:: trustpoint_core.serializer.PublicKeySerializer

_save(**kwargs)[source]¶

Parameters:: kwargs (Any)
Return type:: None

classmethod _save_certificate(certificate)[source]¶

Parameters:: certificate (cryptography.x509.Certificate | trustpoint_core.serializer.CertificateSerializer)
Return type:: CertificateModel

static _save_attribute_and_value_pairs(oid, value)[source]¶

Parameters:

oid (str)
value (str)

Return type:

pki.models.extension.AttributeTypeAndValue

classmethod _save_subject(cert_model, subject)[source]¶

Parameters:

cert_model (CertificateModel)
subject (list[tuple[str, str]])

Return type:

None

classmethod _save_issuer(cert_model, issuer)[source]¶

Parameters:

cert_model (CertificateModel)
issuer (list[tuple[str, str]])

Return type:

None

EXTENSION_MAP¶

static _save_extensions(cert_model, cert)[source]¶

Parameters:

cert_model (CertificateModel)
cert (cryptography.x509.Certificate)

Return type:

None

classmethod _atomic_save(cert_model, certificate, subject, issuer)[source]¶

Parameters:

cert_model (CertificateModel)
certificate (cryptography.x509.Certificate)
subject (list[tuple[str, str]])
issuer (list[tuple[str, str]])

Return type:

CertificateModel

classmethod save_certificate(certificate)[source]¶

Store the certificate in the database.

Returns:: The certificate object that has just been saved.
Return type:: trustpoint.pki.models.Certificate
Parameters:: certificate (cryptography.x509.Certificate | trustpoint_core.serializer.CertificateSerializer)

pre_delete()[source]¶

Store the related objects before deletion.

Return type:: None

post_delete()[source]¶

Clean up related orphaned extension models.

Return type:: None

subjects_match(other_subject)[source]¶

Check if the provided subject is identical to the one of this certificate.

Parameters:: other_subject (x509.Name) – The subject to compare to.
Returns:: True if the subjects match, False otherwise.
Return type:: bool

class pki.models.RevokedCertificateModel(*args, **kwargs)[source]¶

Bases: django.db.models.Model

Model to store revoked certificates.

class ReasonCode(*args, **kwds)¶

Bases: django.db.models.TextChoices

Revocation reasons per RFC 5280.

UNSPECIFIED¶

KEY_COMPROMISE¶

CA_COMPROMISE¶

AFFILIATION_CHANGED¶

SUPERSEDED¶

CESSATION¶

CERTIFICATE_HOLD¶

PRIVILEGE_WITHDRAWN¶

AA_COMPROMISE¶

REMOVE_FROM_CRL¶

certificate¶

revoked_at¶

revocation_reason¶

ca¶

class Meta¶

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

__str__()[source]¶

String representation of the RevokedCertificateModel instance.

Return type:: str

class pki.models.IssuingCaModel(*args, **kwargs)[source]¶

Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel

Issuing CA Model.

This model contains the configurations of all Issuing CAs available within the Trustpoint.

class IssuingCaTypeChoice(*args, **kwds)¶

Bases: django.db.models.IntegerChoices

The IssuingCaTypeChoice defines the type of Issuing CA.

Depending on the type other fields may be set, e.g. a credential will only be available for local Issuing CAs.

AUTOGEN_ROOT¶

AUTOGEN¶

LOCAL_UNPROTECTED¶

LOCAL_PKCS11¶

REMOTE_EST¶

REMOTE_CMP¶

unique_name¶

credential: pki.models.credential.CredentialModel¶

issuing_ca_type¶

is_active¶

created_at¶

updated_at¶

last_crl_issued_at¶

crl_pem¶

__str__()[source]¶

Returns a human-readable string that represents this IssuingCaModel entry.

Returns:: Human-readable string that represents this IssuingCaModel entry.
Return type:: str

__repr__()[source]¶

Returns a string representation of the IssuingCaModel instance.

Return type:: str

property common_name: str¶

Returns common name.

Return type:: str

classmethod create_new_issuing_ca(unique_name, credential_serializer, issuing_ca_type)[source]¶

Creates a new Issuing CA model and returns it.

Parameters:

unique_name (str) – The unique name that will be used to identify the Issuing CA.
credential_serializer (trustpoint_core.serializer.CredentialSerializer) – The credential as CredentialSerializer instance. It will be normalized and validated, if it is a valid credential to be used as an Issuing CA.
issuing_ca_type (IssuingCaModel) – The Issuing CA type.

Returns:

The newly created Issuing CA model.

Return type:

IssuingCaModel

issue_crl()[source]¶

Issues a CRL with revoked certificates issued by this CA.

Return type:: bool

property signature_suite: trustpoint_core.oid.SignatureSuite¶

The signature suite for the CA public key certificate.

Return type:: trustpoint_core.oid.SignatureSuite

property public_key_info: trustpoint_core.oid.PublicKeyInfo¶

The public key info for the CA certificate’s public key.

Return type:: trustpoint_core.oid.PublicKeyInfo

get_issued_certificates()[source]¶

Returns certificates issued by this CA, except its own in case of a self-signed CA.

This goes through all active certificates and checks issuance by this CA based on cert.issuer_public_bytes == ca.subject_public_bytes WARNING: This means that it may inadvertently return certificates that were issued by a different CA with the same subject name

Return type:: django.db.models.query.QuerySet[pki.models.certificate.CertificateModel, pki.models.certificate.CertificateModel]

revoke_all_issued_certificates(reason=RevokedCertificateModel.ReasonCode.UNSPECIFIED)[source]¶

Revokes all certificates issued by this CA.

Parameters:: reason (str)
Return type:: None

pre_delete()[source]¶

Check for unexpired certificates issued by this CA before deleting it.

Return type:: None

post_delete()[source]¶

Deletes the credential of this CA after deleting it.

Return type:: None

exception pki.models.CredentialAlreadyExistsError(*args, **kwargs)[source]¶

Bases: django.core.exceptions.ValidationError

The CredentialAlreadyExistsError is raised if a credential already exists in the database.

Parameters:

args (Any)
kwargs (Any)

class pki.models.CredentialModel(*args, **kwargs)[source]¶

Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel

The CredentialModel that holds all local credentials used by the Trustpoint.

This model holds both local unprotected credentials, for which the keys and certificates are stored in the DB, but also credentials that are stored within an HSM or TPM utilizing PKCS#11.

PKCS#11 credentials are not yet supported.

class CredentialTypeChoice(*args, **kwds)¶

Bases: django.db.models.IntegerChoices

The CredentialTypeChoice defines the type of the credential and thus implicitly restricts its usage.

It is intended to limit the credential usage to specific cases, e.g. usage as Issuing CA. The abstractions using the CredentialModel are responsible to check that the credential has the correct and expected CredentialTypeChoice.

TRUSTPOINT_TLS_SERVER¶

ROOT_CA¶

ISSUING_CA¶

ISSUED_CREDENTIAL¶

DEV_OWNER_ID¶

credential_type¶

private_key¶

certificate¶

certificates¶

certificate_chain¶

created_at¶

__repr__()[source]¶

Returns a string representation of this CredentialModel entry.

Return type:: str

__str__()[source]¶

Returns a human-readable string that represents this CredentialModel entry.

Returns:: Human-readable string that represents this CredentialModel entry.
Return type:: str

clean()[source]¶

Validates the CredentialModel instance.

Return type:: None

classmethod save_credential_serializer(credential_serializer, credential_type)[source]¶

This method will try to normalize the credential_serializer and then save it to the database.

Parameters:

credential_serializer (trustpoint_core.serializer.CredentialSerializer) – The credential serializer to store in the database.
credential_type (CredentialModel) – The credential type to set.

Returns:

The stored credential model.

Return type:

CredentialModel

property ordered_certificate_chain_queryset: django.db.models.QuerySet[CertificateChainOrderModel]¶

Gets the ordered certificate chain queryset.

Return type:: django.db.models.QuerySet[CertificateChainOrderModel]

classmethod _save_normalized_credential_serializer(normalized_credential_serializer, credential_type)[source]¶

This method will store a credential that is expected to be normalized..

Parameters:

normalized_credential_serializer (trustpoint_core.serializer.CredentialSerializer) – The normalized credential serializer to store in the database.
credential_type (CredentialModel) – The credential type to set.

Returns:

The stored credential model.

Return type:

CredentialModel

classmethod save_keyless_credential(certificate, certificate_chain, credential_type)[source]¶

Stores a credential without a private key.

Parameters:

certificate (cryptography.x509.Certificate)
certificate_chain (list[cryptography.x509.Certificate])
credential_type (CredentialModel)

Return type:

CredentialModel

update_keyless_credential(certificate, certificate_chain)[source]¶

Updates the primary certificate and certificate chain of the credential.

Previous certificates are kept as part of the credential.

Parameters:

certificate (cryptography.x509.Certificate)
certificate_chain (list[cryptography.x509.Certificate])

Return type:

None

pre_delete()[source]¶

Deletes related models, only allow deletion if there are no more active certificates.

Return type:: None

get_private_key()[source]¶

Gets an abstraction of the credential private key.

Note, in the case of keys stored in an HSM or TPM using PKCS#11, it will only be possible to use the key abstraction to sign and verify, but not to export the key in any way.

Returns:: The credential private key abstraction.
Return type:: PrivateKey

get_private_key_serializer()[source]¶

Gets a serializer of the credential private key.

Returns:: The credential private key abstraction.
Return type:: PrivateKey

get_certificate()[source]¶

Gets the credential certificate as x509.Certificate instance.

Returns:: The credential certificate.
Return type:: x509.Certificate

get_certificate_chain()[source]¶

Gets the credential certificate chain as a list of x509.Certificate instances.

Returns:: The credential certificate chain as list of x509.Certificate instances.
Return type:: list[x509.Certificate]

get_certificate_serializer()[source]¶

Gets the credential certificate as a CertificateSerializer instance.

Returns:: The credential certificate.
Return type:: CertificateSerializer

get_certificate_chain_serializer()[source]¶

Gets the credential certificate chain as a CertificateCollectionSerializer instance.

Returns:: The credential certificate chain.
Return type:: CertificateCollectionSerializer

get_last_in_chain()[source]¶

Gets the root ca certificate model, if any.

Return type:: None | pki.models.CertificateModel

get_root_ca_certificate()[source]¶

Gets the root CA certificate of the credential certificate chain.

Return type:: None | cryptography.x509.Certificate

get_root_ca_certificate_serializer()[source]¶

Gets the root CA certificate serializer.

Return type:: None | trustpoint_core.serializer.CertificateSerializer

get_credential_serializer()[source]¶

Gets the serializer for this credential.

Return type:: trustpoint_core.serializer.CredentialSerializer

property signature_suite: trustpoint_core.oid.SignatureSuite¶

Returns the signature suite used by the current credential primary certificate.

Return type:: trustpoint_core.oid.SignatureSuite

property public_key_info: trustpoint_core.oid.PublicKeyInfo¶

Returns the PublicKeyInfo the current credential primary certificate.

Return type:: trustpoint_core.oid.PublicKeyInfo

property hash_algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm | None¶

Returns the hash algorithm used by the current credential.

Return type:: cryptography.hazmat.primitives.hashes.HashAlgorithm | None

is_valid_issued_credential()[source]¶

Determines if this issued credential is valid.

This method performs the following checks:

The credential must be of type ISSUED_CREDENTIAL.
A primary certificate must exist.
The certificate’s status must be ‘OK’.

Returns:

A tuple where:

The first value is True if the credential meets all criteria, False otherwise.
The second value is a reason string explaining why the credential is invalid.

Return type:

tuple[bool, str]

class pki.models.OwnerCredentialModel(*args, **kwargs)[source]¶

Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel

Device owner credential model.

This model is a wrapper to store a DevOwnerID Credential for use by devices to trust the Trustpoint.

unique_name¶

credential: CredentialModel¶

created_at¶

__str__()[source]¶

Returns a human-readable string that represents this OwnerCredentialModel entry.

Returns:: Human-readable string that represents this OwnerCredentialModel entry.
Return type:: str

__repr__()[source]¶

Returns a string representation of the OwnerCredentialModel instance.

Return type:: str

classmethod create_new_owner_credential(unique_name, credential_serializer)[source]¶

Creates a new owner credential model and returns it.

Parameters:

unique_name (str) – The unique name that will be used to identify the Owner Credential.
credential_serializer (trustpoint_core.serializer.CredentialSerializer) – The credential as CredentialSerializer instance.

Returns:

The newly created owner credential model.

Return type:

OwnerCredentialModel

post_delete()[source]¶

Deletes the credential of this owner credential after deleting it.

Return type:: None

class pki.models.DomainModel(*args, **kwargs)[source]¶

Bases: django.db.models.Model

Domain Model.

unique_name¶

issuing_ca¶

is_active¶

created_at¶

updated_at¶

__repr__()[source]¶

Machine-readable representation of the Domain model instance.

Returns:: Machine-readable representation of the Domain model model instance.
Return type:: str

__str__()[source]¶

Human-readable representation of the Domain model instance.

Returns:: Human-readable representation of the Domain model model instance.
Return type:: str

save(**kwargs)[source]¶

Save the Domain model instance.

Parameters:: kwargs (Any)
Return type:: None

property signature_suite: trustpoint_core.oid.SignatureSuite¶

Get the signature suite for the domain (based on its Issuing CA).

Return type:: trustpoint_core.oid.SignatureSuite

property public_key_info: trustpoint_core.oid.PublicKeyInfo¶

Get the public key info for the domain (based on its Issuing CA).

Return type:: trustpoint_core.oid.PublicKeyInfo

clean()[source]¶

Validate that the issuing CA is not an auto-generated root CA.

Return type:: None

get_issuing_ca_or_value_error()[source]¶

Gets the corresponding Issuing CA.

Returns:: The corresponding Issuing CA.
Raises:: ValueError – If no Issuing CA is set.
Return type:: pki.models.IssuingCaModel

class pki.models.DevIdRegistration(*args, **kwargs)[source]¶

Bases: django.db.models.Model

Represents a DevID Registration, linking a Truststore, Domain, unique name, and a serial number regex pattern.

unique_name¶

truststore¶

domain¶

serial_number_pattern¶

__str__()[source]¶

Returns a human-readable string representation of the DevIdRegistration instance.

Return type:: str

save(**kwargs)[source]¶

Ensures the model is valid and enforces validations before saving.

Parameters:: kwargs (Any)
Return type:: None

class pki.models.TruststoreModel(*args, **kwargs)[source]¶

Bases: django.db.models.Model

Represents a truststore, which is a collection of certificates used for specific purposes.

This model allows organizing certificates into a logical grouping for specific intended usages such as IDevID, TLS, or Generic. Each truststore is identified by a unique name and supports operations like retrieving the number of certificates or serializing its content.

class IntendedUsage(*args, **kwds)¶

Bases: django.db.models.IntegerChoices

Intended Usage of the Truststore.

IDEVID¶

TLS¶

GENERIC¶

DEVICE_OWNER_ID¶

unique_name¶

certificates¶

intended_usage¶

created_at¶

class Meta¶

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

__str__()[source]¶

Returns a human-readable string representation of the TruststoreModel.

Return type:: str

save(**kwargs)[source]¶

Ensures the model is valid before saving.

Parameters:: kwargs (Any)
Return type:: None

property number_of_certificates: int¶

Returns the number of certificates in the truststore.

Return type:: int

get_certificate_collection_serializer()[source]¶

Returns a serializer for all certificates in the truststore.

This method gathers all the certificates associated with the truststore, serializes them using CertificateCollectionSerializer, and returns the serialized result.

Returns:: The serialized representation of the certificates.
Return type:: trustpoint_core.serializer.CertificateCollectionSerializer

class pki.models.TruststoreOrderModel(*args, **kwargs)[source]¶

Bases: django.db.models.Model

Represents the order of certificates in a truststore.

order¶

certificate¶

trust_store¶

class Meta¶

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

unique_together = ('order', 'trust_store')¶

__str__()[source]¶

Returns a human-readable string representation of the TruststoreOrderModel.

Return type:: str