pki.authorization ================= .. py:module:: pki.authorization .. autoapi-nested-parse:: Security-policy authorization checks for PKI objects (CAs and certificates). Module Contents --------------- .. py:class:: HasCaModel Bases: :py:obj:`Protocol` Structural type satisfied by :class:`~pki.models.ca.CaModel`. Any object exposing ``ca_certificate_model``, ``is_self_signed_ca``, and ``crl_validity_hours`` attributes qualifies. .. py:property:: ca_certificate_model :type: pki.models.certificate.CertificateModel | None Return the :class:`~pki.models.certificate.CertificateModel` for this CA, or ``None``. .. py:property:: crl_validity_hours :type: float Return the configured CRL validity in hours. .. py:class:: PkiCheckStrategy Bases: :py:obj:`abc.ABC` Abstract base for a single PKI security-policy check. .. py:method:: check(ca, cfg) :abstractmethod: Execute the check. :param ca: The :class:`~pki.models.ca.CaModel` being evaluated. :param cfg: The active :class:`~management.models.SecurityConfig` policy. :raises ValueError: If the CA violates the policy. .. py:class:: PkiSecurityAuthorization(strategies = None) Bases: :py:obj:`trustpoint.logger.LoggerMixin` Runs all PKI security-policy checks against the active :class:`~management.models.SecurityConfig`. .. py:method:: check(ca) Run all PKI policy checks against *ca*.