pki.models.issued_credentialΒΆ

A model for issued credentials.

Module ContentsΒΆ

class pki.models.issued_credential.IssuedCredentialModel(*args, **kwargs)[source]ΒΆ

Bases: util.db.CustomDeleteActionModel

Model for credentials and certificates issued to a device by the Trustpoint.

Each instance must have a device FK set. For credentials owned by a CA or an OwnerCredential, use RemoteIssuedCredentialModel instead.

class IssuedCredentialType(*args, **kwds)[source]ΒΆ

Bases: django.db.models.IntegerChoices

The type of the credential.

DOMAIN_CREDENTIAL[source]ΒΆ
APPLICATION_CREDENTIAL[source]ΒΆ
id[source]ΒΆ
common_name[source]ΒΆ
issued_credential_type[source]ΒΆ
issued_using_cert_profile[source]ΒΆ
credential[source]ΒΆ
device[source]ΒΆ
domain[source]ΒΆ
created_at[source]ΒΆ
class Meta[source]ΒΆ

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

clean()[source]ΒΆ

Validate that the device FK is set.

Return type:

None

revoke()[source]ΒΆ

Revokes all active certificates associated with this credential.

Return type:

None

pre_delete()[source]ΒΆ

Revoke all active certificates and delete the credential.

Return type:

None

is_valid_domain_credential()[source]ΒΆ

Determines if this issued credential is valid for enrolling new application credentials.

This method performs the following checks:
  1. The IssuedCredentialModel type must be of type DOMAIN_CREDENTIAL.

  2. The credential must be of type ISSUED_CREDENTIAL.

  3. A primary certificate must exist.

  4. The certificate’s status must be β€˜OK’.

Returns:

A tuple where:
  • The first value is True if the credential meets all criteria, False otherwise.

  • The second value is a reason string explaining why the credential is invalid.

Return type:

tuple[bool, str]

static get_credential_for_certificate(cert)[source]ΒΆ

Retrieve an IssuedCredentialModel instance for the given certificate.

Parameters:

cert (cryptography.x509.Certificate) – x509.Certificate to search for.

Returns:

The corresponding IssuedCredentialModel instance.

Raises:

DoesNotExist – if no matching issued credential is found.

Return type:

IssuedCredentialModel

static get_credential_for_serial_number(domain, device, serial_number)[source]ΒΆ

Retrieve an IssuedCredentialModel instance for the given X.509 serial number within the specified domain.

Raises: DoesNotExist if no matching issued credential is found.

Parameters:
Return type:

IssuedCredentialModel

class pki.models.issued_credential.RemoteIssuedCredentialModel(*args, **kwargs)[source]ΒΆ

Bases: util.db.CustomDeleteActionModel

Model for credentials issued to a CA, a DevOwnerID, or a device via a remote/RA CA.

class RemoteIssuedCredentialType(*args, **kwds)[source]ΒΆ

Bases: django.db.models.IntegerChoices

The type of the credential.

DOMAIN_CREDENTIAL[source]ΒΆ
DEV_OWNER_ID[source]ΒΆ
LOCAL_CA[source]ΒΆ
RA_DEVICE[source]ΒΆ
id[source]ΒΆ
common_name[source]ΒΆ
issued_credential_type[source]ΒΆ
issued_using_cert_profile[source]ΒΆ
credential[source]ΒΆ
ca[source]ΒΆ
owner_credential[source]ΒΆ
device[source]ΒΆ
domain[source]ΒΆ
created_at[source]ΒΆ
class Meta[source]ΒΆ

Bases: django_stubs_ext.db.models.TypedModelMeta

Meta class configuration.

clean()[source]ΒΆ

Validate that exactly one owner (ca, owner_credential, or device) is set.

Return type:

None

pre_delete()[source]ΒΆ

Delete the underlying credential (cascades back to this model).

Return type:

None