pki.models.issued_credential ============================ .. py:module:: pki.models.issued_credential .. autoapi-nested-parse:: A model for issued credentials. Module Contents --------------- .. py:class:: IssuedCredentialModel(*args, **kwargs) Bases: :py:obj:`util.db.CustomDeleteActionModel` Model for credentials and certificates issued to a device by the Trustpoint. Each instance must have a ``device`` FK set. For credentials owned by a CA or an OwnerCredential, use :class:`RemoteIssuedCredentialModel` instead. .. py:class:: IssuedCredentialType(*args, **kwds) Bases: :py:obj:`django.db.models.IntegerChoices` The type of the credential. .. py:attribute:: DOMAIN_CREDENTIAL .. py:attribute:: APPLICATION_CREDENTIAL .. py:attribute:: id .. py:attribute:: common_name .. py:attribute:: issued_credential_type .. py:attribute:: issued_using_cert_profile .. py:attribute:: credential .. py:attribute:: device .. py:attribute:: domain .. py:attribute:: created_at .. py:class:: Meta Bases: :py:obj:`django_stubs_ext.db.models.TypedModelMeta` Meta class configuration. .. py:method:: clean() Validate that the device FK is set. .. py:method:: revoke() Revokes all active certificates associated with this credential. .. py:method:: pre_delete() Revoke all active certificates and delete the credential. .. py:method:: is_valid_domain_credential() Determines if this issued credential is valid for enrolling new application credentials. This method performs the following checks: 1. The IssuedCredentialModel type must be of type DOMAIN_CREDENTIAL. 2. The credential must be of type ISSUED_CREDENTIAL. 3. A primary certificate must exist. 4. The certificate's status must be 'OK'. :returns: A tuple where: - The first value is True if the credential meets all criteria, False otherwise. - The second value is a reason string explaining why the credential is invalid. :rtype: tuple[bool, str] .. py:method:: get_credential_for_certificate(cert) :staticmethod: Retrieve an IssuedCredentialModel instance for the given certificate. :param cert: x509.Certificate to search for. :return: The corresponding IssuedCredentialModel instance. :raises DoesNotExist: if no matching issued credential is found. .. py:method:: get_credential_for_serial_number(domain, device, serial_number) :staticmethod: Retrieve an IssuedCredentialModel instance for the given X.509 serial number within the specified domain. Raises: DoesNotExist if no matching issued credential is found. .. py:class:: RemoteIssuedCredentialModel(*args, **kwargs) Bases: :py:obj:`util.db.CustomDeleteActionModel` Model for credentials issued to a CA, a DevOwnerID, or a device via a remote/RA CA. .. py:class:: RemoteIssuedCredentialType(*args, **kwds) Bases: :py:obj:`django.db.models.IntegerChoices` The type of the credential. .. py:attribute:: DOMAIN_CREDENTIAL .. py:attribute:: DEV_OWNER_ID .. py:attribute:: LOCAL_CA .. py:attribute:: RA_DEVICE .. py:attribute:: id .. py:attribute:: common_name .. py:attribute:: issued_credential_type .. py:attribute:: issued_using_cert_profile .. py:attribute:: credential .. py:attribute:: ca .. py:attribute:: owner_credential .. py:attribute:: device .. py:attribute:: domain .. py:attribute:: created_at .. py:class:: Meta Bases: :py:obj:`django_stubs_ext.db.models.TypedModelMeta` Meta class configuration. .. py:method:: clean() Validate that exactly one owner (ca, owner_credential, or device) is set. .. py:method:: pre_delete() Delete the underlying credential (cascades back to this model).