pki.views.owner_credentials =========================== .. py:module:: pki.views.owner_credentials .. autoapi-nested-parse:: Views for Owner Credential (DevOwnerID) management. Module Contents --------------- .. py:class:: OwnerCredentialContextMixin Bases: :py:obj:`trustpoint.views.base.ContextDataMixin` Mixin which adds context_data for the PKI -> Issuing CAs pages. .. py:attribute:: context_page_category :value: 'pki' .. py:attribute:: context_page_name :value: 'owner_credentials' .. py:class:: OwnerCredentialTableView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`trustpoint.views.base.SortableTableMixin`\ [\ :py:obj:`pki.models.OwnerCredentialModel`\ ], :py:obj:`django.views.generic.list.ListView`\ [\ :py:obj:`pki.models.OwnerCredentialModel`\ ] Owner Credential Table View. .. py:attribute:: model .. py:attribute:: template_name :value: 'pki/owner_credentials/owner_credentials.html' .. py:attribute:: context_object_name :value: 'owner_credential' .. py:attribute:: paginate_by :value: 50 .. py:attribute:: default_sort_param :value: 'unique_name' .. py:class:: OwnerCredentialDetailView Bases: :py:obj:`trustpoint.logger.LoggerMixin`, :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.detail.DetailView`\ [\ :py:obj:`pki.models.OwnerCredentialModel`\ ] View to display the details of an Issuing CA. .. py:attribute:: http_method_names :value: ('get',) .. py:attribute:: model .. py:attribute:: success_url .. py:attribute:: ignore_url .. py:attribute:: template_name :value: 'pki/owner_credentials/details.html' .. py:attribute:: context_object_name :value: 'owner_credential' .. py:method:: get_context_data(**kwargs) Adds the IDevID reference list to the context. Each entry in ``idevid_refs`` is an :class:`~pki.models.credential.IDevIDReferenceModel` instance. The ``dev_owner_id_certificate`` FK on each ref points directly to the :class:`~pki.models.certificate.CertificateModel` of the DevOwnerID certificate whose SAN contained this reference (or ``None`` for locally uploaded credentials where the certificate was not stored separately), so no extra DB lookup is needed here. .. py:class:: OwnerCredentialAddMethodSelectView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.OwnerCredentialFileImportForm`\ ] View to select the method for adding a new DevOwnerID. .. py:attribute:: template_name :value: 'pki/owner_credentials/add/method_select.html' .. py:attribute:: form_class .. py:method:: get(request, *args, **kwargs) Render the method selection page (no form processing needed). .. py:method:: post(request, *_args, **_kwargs) Redirect based on the chosen method. .. py:class:: OwnerCredentialFileImportView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.OwnerCredentialFileImportForm`\ ] View to import a DevOwnerID from separate PEM files. .. py:attribute:: template_name :value: 'pki/owner_credentials/add/file_import.html' .. py:attribute:: form_class .. py:attribute:: success_url .. py:method:: form_valid(form) Handle the case where the form is valid. .. py:data:: OwnerCredentialAddView .. py:class:: OwnerCredentialAddRequestEstMethodSelectView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.OwnerCredentialFileImportForm`\ ] View to select between onboarding and no-onboarding for EST-based DevOwnerID enrollment. .. py:attribute:: template_name :value: 'pki/owner_credentials/add/est_method_select.html' .. py:attribute:: form_class .. py:method:: get(request, *args, **kwargs) Render the EST method selection page. .. py:method:: post(request, *_args, **_kwargs) Redirect based on whether onboarding or no-onboarding is chosen. .. py:class:: OwnerCredentialAddRequestEstNoOnboardingView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.OwnerCredentialAddRequestEstNoOnboardingForm`\ ] View to request a DevOwnerID via EST using username/password (no IDevID onboarding). .. py:attribute:: template_name :value: 'pki/owner_credentials/add/est_request.html' .. py:attribute:: form_class .. py:attribute:: success_url .. py:method:: get_context_data(**kwargs) Add heading context. .. py:method:: form_valid(form) Save the OwnerCredentialModel with its EST configuration. The key pair and IssuedCredentialModel are created later when the user triggers an actual DevOwnerID issuance via the CLM page. .. py:method:: form_invalid(form) Show form-level errors as Django messages. .. py:class:: OwnerCredentialAddRequestEstOnboardingView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.OwnerCredentialAddRequestEstOnboardingForm`\ ] View to request a DevOwnerID via EST using IDevID-based onboarding (mTLS client certificate). .. py:attribute:: template_name :value: 'pki/owner_credentials/add/est_request.html' .. py:attribute:: form_class .. py:attribute:: success_url .. py:method:: get_context_data(**kwargs) Add heading context. .. py:method:: form_valid(form) Save the OwnerCredentialModel with its EST onboarding configuration. Creates the ``OwnerCredentialModel`` with all remote-endpoint fields and redirects to the truststore-association step, mirroring the no-onboarding workflow. .. py:method:: form_invalid(form) Show form-level errors as Django messages. .. py:class:: OwnerCredentialTruststoreAssociationView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.OwnerCredentialTruststoreAssociationForm`\ ] View for associating a TLS truststore with a DevOwnerID EST no-onboarding configuration. .. py:attribute:: form_class .. py:attribute:: template_name :value: 'pki/owner_credentials/truststore_association.html' .. py:method:: get_owner_credential() Get the OwnerCredentialModel from the URL pk. .. py:method:: get_form_kwargs() Pass the OwnerCredentialModel instance to the form. .. py:method:: post(request, *args, **kwargs) Handle both association and truststore-import form submissions. .. py:method:: get_context_data(**kwargs) Add the owner credential and import form to the context. .. py:method:: form_valid(form) Associate the selected truststore and redirect to the credential list. .. py:class:: OwnerCredentialCLMView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.detail.DetailView`\ [\ :py:obj:`pki.models.OwnerCredentialModel`\ ] Certificate Lifecycle Management view for a DevOwnerID credential. .. py:attribute:: http_method_names :value: ('get',) .. py:attribute:: model .. py:attribute:: template_name :value: 'pki/owner_credentials/clm.html' .. py:attribute:: context_object_name :value: 'owner_credential' .. py:method:: get_context_data(**kwargs) Adds issued credentials with computed display fields to the context. .. py:class:: OwnerCredentialBulkDeleteConfirmView Bases: :py:obj:`OwnerCredentialContextMixin`, :py:obj:`trustpoint.views.base.BulkDeleteView` View to confirm the deletion of multiple owner credentials. .. py:attribute:: model .. py:attribute:: success_url .. py:attribute:: ignore_url .. py:attribute:: template_name :value: 'pki/owner_credentials/confirm_delete.html' .. py:attribute:: context_object_name :value: 'owner_credentials' .. py:method:: get(request, *args, **kwargs) Handle GET requests. .. py:method:: form_valid(form) Delete the selected credentials on valid form. .. py:class:: IssuedCredentialDeleteView Bases: :py:obj:`trustpoint.logger.LoggerMixin`, :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.detail.DetailView`\ [\ :py:obj:`pki.models.RemoteIssuedCredentialModel`\ ] Confirm and delete a single RemoteIssuedCredentialModel (DEV_OWNER_ID or DOMAIN_CREDENTIAL). Only credentials owned by an ``OwnerCredentialModel`` are accessible via this view. The parent ``OwnerCredentialModel`` is resolved from the URL ``owner_pk`` parameter so the back-link can always return to the correct CLM page. .. py:attribute:: http_method_names :value: ('get', 'post') .. py:attribute:: model .. py:attribute:: template_name :value: 'pki/owner_credentials/confirm_delete_issued_credential.html' .. py:attribute:: context_object_name :value: 'issued_credential' .. py:method:: dispatch(request, *args, **kwargs) Verify the RemoteIssuedCredential belongs to the given OwnerCredential. .. py:method:: get_object(queryset = None) Return the pre-fetched issued credential. .. py:method:: get_context_data(**kwargs) Add the parent OwnerCredential to the template context. .. py:method:: post(request, *_args, **_kwargs) Delete the issued credential and redirect back to the CLM page. .. py:class:: OwnerCredentialDefineCertContentEstView Bases: :py:obj:`trustpoint.logger.LoggerMixin`, :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.CertificateIssuanceForm`\ ] Step 1 - Define the certificate content for a new DevOwnerID EST enrollment. On every GET/POST a fresh EC P-256 key pair is generated and a key-only :class:`~devices.models.IssuedCredentialModel` (type ``DEV_OWNER_ID``) is created. Its primary key is stored in the session together with the certificate content so that Step 2 can fetch exactly this credential. Loads the selected certificate profile (defaulting to ``dev_owner_id``), renders the :class:`~pki.forms.CertificateIssuanceForm`, and stores the validated field values in the session under ``dev_owner_id_cert_content_``. .. py:attribute:: form_class .. py:attribute:: template_name :value: 'pki/owner_credentials/define_cert_content_est.html' .. py:attribute:: available_profiles :type: list[pki.models.cert_profile.CertificateProfileModel] .. py:method:: dispatch(request, *args, **kwargs) Resolve the OwnerCredentialModel and the selected certificate profile. On each visit a fresh key-only RemoteIssuedCredentialModel is created. If there is already a pending (certificate-less) credential from a previous visit its pk is reused so we do not accumulate orphan credentials. .. py:method:: get_form_kwargs() Inject the profile into the form. .. py:method:: get_context_data(**kwargs) Add owner credential, profile and profile list to template context. .. py:method:: form_invalid(form) Show field errors as Django messages. .. py:method:: form_valid(form) Store certificate content and pending credential pk in session, then proceed to Step 2. .. py:class:: OwnerCredentialRequestCertEstView Bases: :py:obj:`trustpoint.logger.LoggerMixin`, :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.detail.DetailView`\ [\ :py:obj:`pki.models.OwnerCredentialModel`\ ] Step 2 - Review and trigger the EST enrollment for a new DevOwnerID certificate. Reads the certificate content stored by :class:`OwnerCredentialDefineCertContentEstView`, builds a CSR using the ``dev_owner_id`` profile, signs it with the existing DevOwnerID key, sends it to the configured EST server and stores the issued certificate back in the :class:`~devices.models.IssuedCredentialModel`. .. py:attribute:: http_method_names :value: ('get', 'post') .. py:attribute:: model .. py:attribute:: template_name :value: 'pki/owner_credentials/request_cert_est.html' .. py:attribute:: context_object_name :value: 'owner_credential' .. py:method:: get_context_data(**kwargs) Add cert-content summary and profile to the template context. .. py:method:: post(request, *_args, **_kwargs) Perform the EST enrollment and redirect to the CLM view. .. py:class:: OwnerCredentialDefineCertContentDomainCredentialEstView Bases: :py:obj:`trustpoint.logger.LoggerMixin`, :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.edit.FormView`\ [\ :py:obj:`pki.forms.CertificateIssuanceForm`\ ] Step 1 - Define the certificate content for a new Domain Credential EST enrollment. Only available for REMOTE_EST_ONBOARDING owner credentials. The user can select any available certificate profile via a dropdown. Defaults to ``devownerid_domain_credential`` when present. .. py:attribute:: form_class .. py:attribute:: template_name :value: 'pki/owner_credentials/define_cert_content_domain_credential_est.html' .. py:attribute:: available_profiles :type: list[pki.models.cert_profile.CertificateProfileModel] .. py:method:: dispatch(request, *args, **kwargs) Resolve the OwnerCredentialModel and the selected certificate profile. .. py:method:: get_form_kwargs() Inject the profile into the form. .. py:method:: get_context_data(**kwargs) Add owner credential, profile and profile list to template context. .. py:method:: form_invalid(form) Show field errors as Django messages. .. py:method:: form_valid(form) Store certificate content, selected profile and pending credential pk in session. .. py:class:: OwnerCredentialRequestDomainCredentialEstView Bases: :py:obj:`trustpoint.logger.LoggerMixin`, :py:obj:`OwnerCredentialContextMixin`, :py:obj:`django.views.generic.detail.DetailView`\ [\ :py:obj:`pki.models.OwnerCredentialModel`\ ] Step 2 - Review and trigger the EST enrollment for a new Domain Credential. Uses ``remote_path_domain_credential`` from OwnerCredentialModel, ``trust_store`` from OnboardingConfigModel, ``est_username`` from OwnerCredentialModel, ``est_password`` from OnboardingConfigModel. .. py:attribute:: http_method_names :value: ('get', 'post') .. py:attribute:: model .. py:attribute:: template_name :value: 'pki/owner_credentials/request_domain_credential_est.html' .. py:attribute:: context_object_name :value: 'owner_credential' .. py:method:: get_context_data(**kwargs) Add cert-content summary and profile to the template context. .. py:method:: post(request, *_args, **_kwargs) Perform the EST enrollment and redirect to the CLM view.