pki.authorization¶
Security-policy authorization checks for PKI objects (CAs and certificates).
Module Contents¶
- class pki.authorization.HasCaModel[source]¶
Bases:
ProtocolStructural type satisfied by
CaModel.Any object exposing
ca_certificate_model,is_self_signed_ca, andcrl_validity_hoursattributes qualifies.- property ca_certificate_model: pki.models.certificate.CertificateModel | None[source]¶
Return the
CertificateModelfor this CA, orNone.- Return type:
- class pki.authorization.PkiCheckStrategy[source]¶
Bases:
abc.ABCAbstract base for a single PKI security-policy check.
- abstractmethod check(ca, cfg)[source]¶
Execute the check.
- Parameters:
ca (pki.models.ca.CaModel) – The
CaModelbeing evaluated.cfg (management.models.SecurityConfig) – The active
SecurityConfigpolicy.
- Raises:
ValueError – If the CA violates the policy.
- Return type:
None
- class pki.authorization.PkiSecurityAuthorization(strategies=None)[source]¶
Bases:
trustpoint.logger.LoggerMixinRuns all PKI security-policy checks against the active
SecurityConfig.- Parameters:
strategies (list[PkiCheckStrategy] | None)