pki.models.certificate
Module that contains the CertificateModel.
Module Contents
-
class pki.models.certificate.CertificateModel(*args, **kwargs)[source]
Bases: trustpoint.logger.LoggerMixin, util.db.CustomDeleteActionModel
X509 Certificate Model.
See RFC5280 for more information.
-
class CertificateStatus(*args, **kwds)[source]
Bases: django.db.models.TextChoices
CertificateModel status.
-
OK[source]
-
REVOKED[source]
-
EXPIRED[source]
-
NOT_YET_VALID[source]
-
class Version(*args, **kwds)[source]
Bases: django.db.models.IntegerChoices
X509 RFC 5280 - Certificate Version.
-
V3[source]
-
class SignatureAlgorithmOidChoices(*args, **kwds)[source]
Bases: django.db.models.TextChoices
Signature Algorithm OIDs.
-
RSA_MD5[source]
-
RSA_SHA1[source]
-
RSA_SHA1_ALT[source]
-
RSA_SHA224[source]
-
RSA_SHA256[source]
-
RSA_SHA384[source]
-
RSA_SHA512[source]
-
RSA_SHA3_224[source]
-
RSA_SHA3_256[source]
-
RSA_SHA3_384[source]
-
RSA_SHA3_512[source]
-
ECDSA_SHA1[source]
-
ECDSA_SHA224[source]
-
ECDSA_SHA256[source]
-
ECDSA_SHA384[source]
-
ECDSA_SHA512[source]
-
ECDSA_SHA3_224[source]
-
ECDSA_SHA3_256[source]
-
ECDSA_SHA3_384[source]
-
ECDSA_SHA3_512[source]
-
PASSWORD_BASED_MAC[source]
-
class PublicKeyAlgorithmOidChoices(*args, **kwds)[source]
Bases: django.db.models.TextChoices
Public Key Algorithm OIDs.
-
ECC[source]
-
RSA[source]
-
class PublicKeyEcCurveOidChoices(*args, **kwds)[source]
Bases: django.db.models.TextChoices
Public Key EC Curve OIDs.
-
NONE = ''[source]
-
SECP192R1[source]
-
SECP224R1[source]
-
SECP256K1[source]
-
SECP256R1[source]
-
SECP384R1[source]
-
SECP521R1[source]
-
BRAINPOOLP256R1[source]
-
BRAINPOOLP384R1[source]
-
BRAINPOOLP512R1[source]
-
is_self_signed[source]
-
common_name[source]
-
sha256_fingerprint[source]
-
signature_algorithm_oid[source]
-
signature_value[source]
-
version[source]
-
serial_number[source]
-
issuer[source]
-
issuer_public_bytes[source]
-
issuer_id[source]
-
not_valid_before[source]
-
not_valid_after[source]
-
subject[source]
-
subject_public_bytes[source]
-
spki_algorithm_oid[source]
-
spki_algorithm[source]
-
spki_key_size[source]
-
spki_ec_curve_oid[source]
-
spki_ec_curve[source]
-
cert_pem[source]
-
public_key_pem[source]
-
created_at[source]
-
key_usage_extension[source]
-
subject_alternative_name_extension[source]
-
issuer_alternative_name_extension[source]
-
basic_constraints_extension[source]
-
authority_key_identifier_extension[source]
-
subject_key_identifier_extension[source]
-
certificate_policies_extension[source]
-
extended_key_usage_extension[source]
-
name_constraints_extension[source]
-
crl_distribution_points_extension[source]
-
authority_information_access_extension[source]
-
subject_information_access_extension[source]
-
inhibit_any_policy_extension[source]
-
policy_constraints_extension[source]
-
subject_directory_attributes_extension[source]
-
freshest_crl_extension[source]
-
class Meta[source]
Bases: django_stubs_ext.db.models.TypedModelMeta
Meta class configuration.
-
save(*_args, **_kwargs)[source]
Save method must not be called directly to protect the integrity.
This method makes sure save() is not called by mistake.
- Raises:
NotImplementedError β
- Parameters:
_args (Any)
_kwargs (Any)
- Return type:
None
-
property signature_algorithm: str[source]
Name of the signature algorithm.
- Return type:
str
-
property signature_algorithm_padding_scheme: str[source]
Padding scheme if RSA is used, otherwise None.
- Return type:
str
-
property signature_suite: trustpoint_core.oid.SignatureSuite[source]
Signature Suite of the certificate.
- Return type:
trustpoint_core.oid.SignatureSuite
-
property public_key_info: trustpoint_core.oid.PublicKeyInfo[source]
Public Key Info of the certificate.
- Return type:
trustpoint_core.oid.PublicKeyInfo
-
property certificate_status: CertificateStatus[source]
Status of the certificate.
- Return type:
CertificateStatus
-
property days_left: int[source]
Returns number of days from now until not_valid_after. If expired, returns 0.
- Return type:
int
-
property is_ca: bool[source]
Check if the certificate is a CA certificate.
- Return type:
bool
-
property is_root_ca: bool[source]
Check if the certificate is a root CA certificate.
- Return type:
bool
-
property is_end_entity: bool[source]
Check if the certificate is an end entity certificate.
- Return type:
bool
-
classmethod get_cert_by_sha256_fingerprint(sha256_fingerprint)[source]
Get a CertificateModel instance by its SHA256 fingerprint.
- Parameters:
sha256_fingerprint (str)
- Return type:
None | CertificateModel
-
get_certificate_serializer()[source]
Get the serializer for the certificate.
- Return type:
trustpoint_core.serializer.CertificateSerializer
-
get_public_key_serializer()[source]
Get the serializer for the certificateβs public key.
- Return type:
trustpoint_core.serializer.PublicKeySerializer
-
get_certificate_chain()[source]
Get the certificate chain from this certificate up to the root CA.
- Return type:
list[CertificateModel]
-
EXTENSION_MAP[source]
-
classmethod save_certificate(certificate)[source]
Store the certificate in the database.
- Returns:
The certificate object that has just been saved.
- Return type:
trustpoint.pki.models.Certificate
- Parameters:
certificate (cryptography.x509.Certificate | trustpoint_core.serializer.CertificateSerializer)
-
pre_delete()[source]
Store the related objects before deletion.
- Return type:
None
-
post_delete()[source]
Clean up related orphaned extension models.
- Return type:
None
-
subjects_match(other_subject)[source]
Check if the provided subject is identical to the one of this certificate.
- Parameters:
other_subject (x509.Name) β The subject to compare to.
- Returns:
True if the subjects match, False otherwise.
- Return type:
bool
-
class pki.models.certificate.RevokedCertificateModel(*args, **kwargs)[source]
Bases: django.db.models.Model
Model to store revoked certificates.
-
class ReasonCode(*args, **kwds)[source]
Bases: django.db.models.TextChoices
Revocation reasons per RFC 5280.
-
UNSPECIFIED[source]
-
KEY_COMPROMISE[source]
-
CA_COMPROMISE[source]
-
AFFILIATION_CHANGED[source]
-
SUPERSEDED[source]
-
CESSATION[source]
-
CERTIFICATE_HOLD[source]
-
PRIVILEGE_WITHDRAWN[source]
-
AA_COMPROMISE[source]
-
REMOVE_FROM_CRL[source]
-
certificate[source]
-
revoked_at[source]
-
revocation_reason[source]
-
ca[source]
-
class Meta[source]
Bases: django_stubs_ext.db.models.TypedModelMeta
Meta class configuration.