pki.forms.issuing_casΒΆ

Django forms for issuing CA configuration and management.

Module ContentsΒΆ

pki.forms.issuing_cas.get_private_key_location_from_config()[source]ΒΆ

Determine the appropriate PrivateKeyLocation based on KeyStorageConfig.

Return type:

trustpoint_core.serializer.PrivateKeyLocation

pki.forms.issuing_cas.get_ca_type_from_config()[source]ΒΆ

Determine the appropriate CA type based on KeyStorageConfig.

Return type:

pki.models.CaModel.CaTypeChoice

class pki.forms.issuing_cas.IssuingCaImportMixin[source]ΒΆ

Mixin for Issuing CA import forms providing common validation and creation logic.

class pki.forms.issuing_cas.IssuingCaAddMethodSelectForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]ΒΆ

Bases: django.forms.Form

Form for selecting the method to add an Issuing Certificate Authority (CA).

This form provides options to choose the method for adding a new Issuing CA. Users can select between importing from a file, generating a key pair and requesting an Issuing CA certificate, or configuring a remote Issuing CA.

method_select[source]ΒΆ

A dropdown to select the method for adding an Issuing CA. - local_file_import: Import a new Issuing CA from a file. - local_request: Generate a key-pair and request a certificate. - remote_est: Configure a remote Issuing CA.

Type:

ChoiceField

method_select[source]ΒΆ
class pki.forms.issuing_cas.IssuingCaFileTypeSelectForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]ΒΆ

Bases: django.forms.Form

Form for selecting the file type when importing an Issuing CA.

This form allows users to choose the type of file to use for importing an Issuing Certificate Authority (CA). Supported formats include PKCS#12 and other common certificate formats such as PEM, PKCS#1, PKCS#7, and PKCS#8.

method_select[source]ΒΆ

A dropdown to select the file type for the Issuing CA.

Type:

ChoiceField

method_select[source]ΒΆ
class pki.forms.issuing_cas.IssuingCaAddFileImportPkcs12Form(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]ΒΆ

Bases: IssuingCaImportMixin, trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing an Issuing CA using a PKCS#12 file.

This form allows the user to upload a PKCS#12 file containing the private key and certificate chain, along with an optional password. It validates the uploaded file and its contents and ensures the unique name is not already used by another Issuing CA.

unique_name[source]ΒΆ

A unique name for the Issuing CA.

Type:

CharField

pkcs12_file[source]ΒΆ

The PKCS#12 file containing the private key and certificates.

Type:

FileField

pkcs12_password[source]ΒΆ

An optional password for the PKCS#12 file.

Type:

CharField

unique_name[source]ΒΆ
pkcs12_file[source]ΒΆ
pkcs12_password[source]ΒΆ
clean()[source]ΒΆ

Cleans and validates the entire form.

This method performs additional validation on the cleaned data to ensure all required fields are valid and consistent. It checks the uploaded PKCS#12 file and its password (if provided) and validates that the unique name does not conflict with existing entries. Any issues during validation raise appropriate errors.

Raises:
  • ValidationError – If the data is invalid, such as when the unique name

  • is already taken or the PKCS#12 file cannot be read or parsed. –

Return type:

None

class pki.forms.issuing_cas.IssuingCaAddFileImportSeparateFilesForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=ErrorList, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)[source]ΒΆ

Bases: IssuingCaImportMixin, trustpoint.logger.LoggerMixin, django.forms.Form

Form for importing an Issuing CA using separate files.

This form allows the user to upload a private key file, its password (optional), an Issuing CA certificate file, and an optional certificate chain. The form validates the uploaded files, ensuring they are correctly formatted, within size limits, and not already associated with an existing Issuing CA.

unique_name[source]ΒΆ

A unique name for the Issuing CA.

Type:

CharField

private_key_file[source]ΒΆ

The private key file (.key, .pem).

Type:

FileField

private_key_file_password[source]ΒΆ

An optional password for the private key.

Type:

CharField

ca_certificate[source]ΒΆ

The Issuing CA certificate file (.cer, .der, .pem, .p7b, .p7c).

Type:

FileField

ca_certificate_chain[source]ΒΆ

An optional certificate chain file.

Type:

FileField

unique_name[source]ΒΆ
ca_certificate[source]ΒΆ
ca_certificate_chain[source]ΒΆ
private_key_file[source]ΒΆ
private_key_file_password[source]ΒΆ
clean_private_key_file()[source]ΒΆ

Validates and parses the uploaded private key file.

This method checks if the private key file is provided, ensures it meets size constraints, and validates its contents. If a password is provided, it is used to decrypt the private key. Raises validation errors for missing, oversized, or corrupted private key files.

Returns:

A serializer containing the parsed private key.

Return type:

PrivateKeySerializer

Raises:
  • ValidationError – If the private key file is missing, too large, or

  • corrupted, or if the password is invalid or incompatible. –

clean_ca_certificate()[source]ΒΆ

Validates and parses the uploaded Issuing CA certificate file.

This method ensures the provided Issuing CA certificate file is valid and not already associated with an existing Issuing CA in the database. If the file is too large, corrupted, or already in use, a validation error is raised.

Returns:

A serializer containing the parsed certificate.

Return type:

CertificateSerializer

Raises:
  • ValidationError – If the file is missing, too large, corrupted, or already

  • associated with an existing Issuing CA. –

clean_ca_certificate_chain()[source]ΒΆ

Validates and parses the uploaded Issuing CA certificate chain file.

This method checks if the optional certificate chain file is provided. If present, it validates and attempts to parse the file into a collection of certificates. Raises a validation error if parsing fails or the file appears corrupted.

Returns:

A serializer containing the parsed certificate chain if provided.

Return type:

CertificateCollectionSerializer

Raises:

ValidationError – If the certificate chain cannot be parsed.

clean()[source]ΒΆ

Cleans and validates the form data.

This method performs additional validation on the provided data, such as ensuring the unique name, private key file, and certificates are valid. It also initializes and saves the issuing CA configuration if all checks pass.

Raises:

ValidationError – If the form data is invalid or there is an error during processing.

Return type:

None

class pki.forms.issuing_cas.IssuingCaAddRequestMixin[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, django.forms.ModelForm[pki.models.CaModel]

Mixin for forms requesting an Issuing CA certificate from remote servers.

class Meta[source]ΒΆ

Meta class for IssuingCaAddRequestMixin.

model[source]ΒΆ
fields: ClassVar[list[str]] = ['unique_name', 'remote_host', 'remote_port', 'remote_path', 'est_username', 'ca_type'][source]ΒΆ
key_type[source]ΒΆ
clean()[source]ΒΆ

Validate the form data.

Return type:

dict[str, Any]

save(*, commit=True)[source]ΒΆ

Save the form and create the CA model with configuration.

Parameters:

commit (bool)

Return type:

pki.models.CaModel

class pki.forms.issuing_cas.IssuingCaAddRequestEstForm(*args, **kwargs)[source]ΒΆ

Bases: IssuingCaAddRequestMixin

Form for requesting an Issuing CA certificate using EST.

Parameters:
  • args (Any)

  • kwargs (Any)

class Meta[source]ΒΆ

Meta class for IssuingCaAddRequestEstForm.

model[source]ΒΆ
fields: ClassVar[list[str]] = ['unique_name', 'remote_host', 'remote_port', 'remote_path', 'est_username', 'est_password', 'ca_type'][source]ΒΆ
est_username[source]ΒΆ
est_password[source]ΒΆ
save(*, is_ra_mode=False)[source]ΒΆ

Save the form and create the CA model with configuration.

If is_ra_mode is True, create a REMOTE_EST_RA (Registration Authority) instead of REMOTE_ISSUING_EST.

Parameters:

is_ra_mode (bool)

Return type:

pki.models.CaModel

class pki.forms.issuing_cas.IssuingCaAddRequestCmpForm(*args, **kwargs)[source]ΒΆ

Bases: IssuingCaAddRequestMixin

Generic form for configuring a remote CMP endpoint (CA or RA).

This form is used for both requesting an Issuing CA certificate via CMP and for setting up a remote CMP RA (Registration Authority) configuration.

Fields include remote host, port, path, and the shared secret for CMP authentication. The form can be extended or reused for both CA and RA scenarios.

Parameters:
  • args (Any)

  • kwargs (Any)

class Meta[source]ΒΆ

Meta class for IssuingCaAddRequestCmpForm.

model[source]ΒΆ
fields: ClassVar[list[str]] = ['unique_name', 'remote_host', 'remote_port', 'remote_path', 'ca_type'][source]ΒΆ
cmp_shared_secret[source]ΒΆ
save(*, is_ra_mode=False)[source]ΒΆ

Save the form and create the CA model with configuration.

If is_ra_mode is True, create a REMOTE_CMP_RA (Registration Authority) instead of REMOTE_ISSUING_CMP.

Parameters:

is_ra_mode (bool)

Return type:

pki.models.CaModel

class pki.forms.issuing_cas.IssuingCaTruststoreAssociationForm(*args, **kwargs)[source]ΒΆ

Bases: django.forms.Form

Form for associating a truststore with an Issuing CA.

Parameters:
  • args (Any)

  • kwargs (Any)

trust_store[source]ΒΆ
instance: pki.models.CaModel[source]ΒΆ
save()[source]ΒΆ

Save the truststore association to the CA’s onboarding config.

Return type:

None

class pki.forms.issuing_cas.IssuingCaCrlCycleForm[source]ΒΆ

Bases: django.forms.ModelForm[pki.models.CaModel]

Form for configuring CRL cycle settings for an Issuing CA.

class Meta[source]ΒΆ

Meta class for IssuingCaCrlCycleForm.

model[source]ΒΆ
fields: ClassVar[list[str]] = ['crl_cycle_enabled', 'crl_cycle_interval_hours', 'crl_validity_hours', 'auto_crl_on_revocation_enabled'][source]ΒΆ
crl_cycle_enabled[source]ΒΆ
crl_cycle_interval_hours[source]ΒΆ
crl_validity_hours[source]ΒΆ
auto_crl_on_revocation_enabled[source]ΒΆ
clean_crl_cycle_interval_hours()[source]ΒΆ

Validate the CRL cycle interval.

Return type:

float

clean_crl_validity_hours()[source]ΒΆ

Validate the CRL validity against the active security policy maximum.

Return type:

float

save(*, commit=True)[source]ΒΆ

Save the form and schedule the next CRL generation if enabled.

Parameters:

commit (bool)

Return type:

pki.models.CaModel