pki.views.owner_credentialsΒΆ

Views for Owner Credential (DevOwnerID) management.

Module ContentsΒΆ

class pki.views.owner_credentials.OwnerCredentialContextMixin[source]ΒΆ

Bases: trustpoint.views.base.ContextDataMixin

Mixin which adds context_data for the PKI -> Issuing CAs pages.

context_page_category = 'pki'[source]ΒΆ
context_page_name = 'owner_credentials'[source]ΒΆ
class pki.views.owner_credentials.OwnerCredentialTableView[source]ΒΆ

Bases: OwnerCredentialContextMixin, trustpoint.views.base.SortableTableMixin[pki.models.OwnerCredentialModel], django.views.generic.list.ListView[pki.models.OwnerCredentialModel]

Owner Credential Table View.

model[source]ΒΆ
template_name = 'pki/owner_credentials/owner_credentials.html'[source]ΒΆ
context_object_name = 'owner_credential'[source]ΒΆ
paginate_by = 50[source]ΒΆ
default_sort_param = 'unique_name'[source]ΒΆ
class pki.views.owner_credentials.OwnerCredentialDetailView[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, OwnerCredentialContextMixin, django.views.generic.detail.DetailView[pki.models.OwnerCredentialModel]

View to display the details of an Issuing CA.

http_method_names = ('get',)[source]ΒΆ
model[source]ΒΆ
success_url[source]ΒΆ
ignore_url[source]ΒΆ
template_name = 'pki/owner_credentials/details.html'[source]ΒΆ
context_object_name = 'owner_credential'[source]ΒΆ
get_context_data(**kwargs)[source]ΒΆ

Adds the IDevID reference list to the context.

Each entry in idevid_refs is an IDevIDReferenceModel instance. The dev_owner_id_certificate FK on each ref points directly to the CertificateModel of the DevOwnerID certificate whose SAN contained this reference (or None for locally uploaded credentials where the certificate was not stored separately), so no extra DB lookup is needed here.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

class pki.views.owner_credentials.OwnerCredentialAddMethodSelectView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.OwnerCredentialFileImportForm]

View to select the method for adding a new DevOwnerID.

template_name = 'pki/owner_credentials/add/method_select.html'[source]ΒΆ
form_class[source]ΒΆ
get(request, *args, **kwargs)[source]ΒΆ

Render the method selection page (no form processing needed).

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

post(request, *_args, **_kwargs)[source]ΒΆ

Redirect based on the chosen method.

Parameters:
  • request (django.http.HttpRequest)

  • _args (Any)

  • _kwargs (Any)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialFileImportView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.OwnerCredentialFileImportForm]

View to import a DevOwnerID from separate PEM files.

template_name = 'pki/owner_credentials/add/file_import.html'[source]ΒΆ
form_class[source]ΒΆ
success_url[source]ΒΆ
form_valid(form)[source]ΒΆ

Handle the case where the form is valid.

Parameters:

form (pki.forms.OwnerCredentialFileImportForm)

Return type:

django.http.HttpResponse

pki.views.owner_credentials.OwnerCredentialAddView[source]ΒΆ
class pki.views.owner_credentials.OwnerCredentialAddRequestEstMethodSelectView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.OwnerCredentialFileImportForm]

View to select between onboarding and no-onboarding for EST-based DevOwnerID enrollment.

template_name = 'pki/owner_credentials/add/est_method_select.html'[source]ΒΆ
form_class[source]ΒΆ
get(request, *args, **kwargs)[source]ΒΆ

Render the EST method selection page.

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

post(request, *_args, **_kwargs)[source]ΒΆ

Redirect based on whether onboarding or no-onboarding is chosen.

Parameters:
  • request (django.http.HttpRequest)

  • _args (Any)

  • _kwargs (Any)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialAddRequestEstNoOnboardingView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.OwnerCredentialAddRequestEstNoOnboardingForm]

View to request a DevOwnerID via EST using username/password (no IDevID onboarding).

template_name = 'pki/owner_credentials/add/est_request.html'[source]ΒΆ
form_class[source]ΒΆ
success_url[source]ΒΆ
get_context_data(**kwargs)[source]ΒΆ

Add heading context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

form_valid(form)[source]ΒΆ

Save the OwnerCredentialModel with its EST configuration.

The key pair and IssuedCredentialModel are created later when the user triggers an actual DevOwnerID issuance via the CLM page.

Parameters:

form (pki.forms.OwnerCredentialAddRequestEstNoOnboardingForm)

Return type:

django.http.HttpResponse

form_invalid(form)[source]ΒΆ

Show form-level errors as Django messages.

Parameters:

form (pki.forms.OwnerCredentialAddRequestEstNoOnboardingForm)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialAddRequestEstOnboardingView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.OwnerCredentialAddRequestEstOnboardingForm]

View to request a DevOwnerID via EST using IDevID-based onboarding (mTLS client certificate).

template_name = 'pki/owner_credentials/add/est_request.html'[source]ΒΆ
form_class[source]ΒΆ
success_url[source]ΒΆ
get_context_data(**kwargs)[source]ΒΆ

Add heading context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

form_valid(form)[source]ΒΆ

Save the OwnerCredentialModel with its EST onboarding configuration.

Creates the OwnerCredentialModel with all remote-endpoint fields and redirects to the truststore-association step, mirroring the no-onboarding workflow.

Parameters:

form (pki.forms.OwnerCredentialAddRequestEstOnboardingForm)

Return type:

django.http.HttpResponse

form_invalid(form)[source]ΒΆ

Show form-level errors as Django messages.

Parameters:

form (pki.forms.OwnerCredentialAddRequestEstOnboardingForm)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialTruststoreAssociationView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.OwnerCredentialTruststoreAssociationForm]

View for associating a TLS truststore with a DevOwnerID EST no-onboarding configuration.

form_class[source]ΒΆ
template_name = 'pki/owner_credentials/truststore_association.html'[source]ΒΆ
get_owner_credential()[source]ΒΆ

Get the OwnerCredentialModel from the URL pk.

Return type:

pki.models.OwnerCredentialModel

get_form_kwargs()[source]ΒΆ

Pass the OwnerCredentialModel instance to the form.

Return type:

dict[str, Any]

post(request, *args, **kwargs)[source]ΒΆ

Handle both association and truststore-import form submissions.

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

get_context_data(**kwargs)[source]ΒΆ

Add the owner credential and import form to the context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

form_valid(form)[source]ΒΆ

Associate the selected truststore and redirect to the credential list.

Parameters:

form (pki.forms.OwnerCredentialTruststoreAssociationForm)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialCLMView[source]ΒΆ

Bases: OwnerCredentialContextMixin, django.views.generic.detail.DetailView[pki.models.OwnerCredentialModel]

Certificate Lifecycle Management view for a DevOwnerID credential.

http_method_names = ('get',)[source]ΒΆ
model[source]ΒΆ
template_name = 'pki/owner_credentials/clm.html'[source]ΒΆ
context_object_name = 'owner_credential'[source]ΒΆ
get_context_data(**kwargs)[source]ΒΆ

Adds issued credentials with computed display fields to the context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

class pki.views.owner_credentials.OwnerCredentialBulkDeleteConfirmView[source]ΒΆ

Bases: OwnerCredentialContextMixin, trustpoint.views.base.BulkDeleteView

View to confirm the deletion of multiple owner credentials.

model[source]ΒΆ
success_url[source]ΒΆ
ignore_url[source]ΒΆ
template_name = 'pki/owner_credentials/confirm_delete.html'[source]ΒΆ
context_object_name = 'owner_credentials'[source]ΒΆ
get(request, *args, **kwargs)[source]ΒΆ

Handle GET requests.

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

form_valid(form)[source]ΒΆ

Delete the selected credentials on valid form.

Parameters:

form (django.forms.Form)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.IssuedCredentialDeleteView[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, OwnerCredentialContextMixin, django.views.generic.detail.DetailView[pki.models.RemoteIssuedCredentialModel]

Confirm and delete a single RemoteIssuedCredentialModel (DEV_OWNER_ID or DOMAIN_CREDENTIAL).

Only credentials owned by an OwnerCredentialModel are accessible via this view. The parent OwnerCredentialModel is resolved from the URL owner_pk parameter so the back-link can always return to the correct CLM page.

http_method_names = ('get', 'post')[source]ΒΆ
model[source]ΒΆ
template_name = 'pki/owner_credentials/confirm_delete_issued_credential.html'[source]ΒΆ
context_object_name = 'issued_credential'[source]ΒΆ
dispatch(request, *args, **kwargs)[source]ΒΆ

Verify the RemoteIssuedCredential belongs to the given OwnerCredential.

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

get_object(queryset=None)[source]ΒΆ

Return the pre-fetched issued credential.

Parameters:

queryset (Any)

Return type:

pki.models.RemoteIssuedCredentialModel

get_context_data(**kwargs)[source]ΒΆ

Add the parent OwnerCredential to the template context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

post(request, *_args, **_kwargs)[source]ΒΆ

Delete the issued credential and redirect back to the CLM page.

Parameters:
  • request (django.http.HttpRequest)

  • _args (Any)

  • _kwargs (Any)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialDefineCertContentEstView[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.CertificateIssuanceForm]

Step 1 - Define the certificate content for a new DevOwnerID EST enrollment.

On every GET/POST a fresh EC P-256 key pair is generated and a key-only IssuedCredentialModel (type DEV_OWNER_ID) is created. Its primary key is stored in the session together with the certificate content so that Step 2 can fetch exactly this credential.

Loads the selected certificate profile (defaulting to dev_owner_id), renders the CertificateIssuanceForm, and stores the validated field values in the session under dev_owner_id_cert_content_<pk>.

form_class[source]ΒΆ
template_name = 'pki/owner_credentials/define_cert_content_est.html'[source]ΒΆ
available_profiles: list[pki.models.cert_profile.CertificateProfileModel][source]ΒΆ
dispatch(request, *args, **kwargs)[source]ΒΆ

Resolve the OwnerCredentialModel and the selected certificate profile.

On each visit a fresh key-only RemoteIssuedCredentialModel is created. If there is already a pending (certificate-less) credential from a previous visit its pk is reused so we do not accumulate orphan credentials.

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

get_form_kwargs()[source]ΒΆ

Inject the profile into the form.

Return type:

dict[str, Any]

get_context_data(**kwargs)[source]ΒΆ

Add owner credential, profile and profile list to template context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

form_invalid(form)[source]ΒΆ

Show field errors as Django messages.

Parameters:

form (pki.forms.CertificateIssuanceForm)

Return type:

django.http.HttpResponse

form_valid(form)[source]ΒΆ

Store certificate content and pending credential pk in session, then proceed to Step 2.

Parameters:

form (pki.forms.CertificateIssuanceForm)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialRequestCertEstView[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, OwnerCredentialContextMixin, django.views.generic.detail.DetailView[pki.models.OwnerCredentialModel]

Step 2 - Review and trigger the EST enrollment for a new DevOwnerID certificate.

Reads the certificate content stored by OwnerCredentialDefineCertContentEstView, builds a CSR using the dev_owner_id profile, signs it with the existing DevOwnerID key, sends it to the configured EST server and stores the issued certificate back in the IssuedCredentialModel.

http_method_names = ('get', 'post')[source]ΒΆ
model[source]ΒΆ
template_name = 'pki/owner_credentials/request_cert_est.html'[source]ΒΆ
context_object_name = 'owner_credential'[source]ΒΆ
get_context_data(**kwargs)[source]ΒΆ

Add cert-content summary and profile to the template context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

post(request, *_args, **_kwargs)[source]ΒΆ

Perform the EST enrollment and redirect to the CLM view.

Parameters:
  • request (django.http.HttpRequest)

  • _args (Any)

  • _kwargs (Any)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialDefineCertContentDomainCredentialEstView[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, OwnerCredentialContextMixin, django.views.generic.edit.FormView[pki.forms.CertificateIssuanceForm]

Step 1 - Define the certificate content for a new Domain Credential EST enrollment.

Only available for REMOTE_EST_ONBOARDING owner credentials. The user can select any available certificate profile via a dropdown. Defaults to devownerid_domain_credential when present.

form_class[source]ΒΆ
template_name = 'pki/owner_credentials/define_cert_content_domain_credential_est.html'[source]ΒΆ
available_profiles: list[pki.models.cert_profile.CertificateProfileModel][source]ΒΆ
dispatch(request, *args, **kwargs)[source]ΒΆ

Resolve the OwnerCredentialModel and the selected certificate profile.

Parameters:
  • request (django.http.HttpRequest)

  • args (Any)

  • kwargs (Any)

Return type:

django.http.HttpResponse

get_form_kwargs()[source]ΒΆ

Inject the profile into the form.

Return type:

dict[str, Any]

get_context_data(**kwargs)[source]ΒΆ

Add owner credential, profile and profile list to template context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

form_invalid(form)[source]ΒΆ

Show field errors as Django messages.

Parameters:

form (pki.forms.CertificateIssuanceForm)

Return type:

django.http.HttpResponse

form_valid(form)[source]ΒΆ

Store certificate content, selected profile and pending credential pk in session.

Parameters:

form (pki.forms.CertificateIssuanceForm)

Return type:

django.http.HttpResponse

class pki.views.owner_credentials.OwnerCredentialRequestDomainCredentialEstView[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin, OwnerCredentialContextMixin, django.views.generic.detail.DetailView[pki.models.OwnerCredentialModel]

Step 2 - Review and trigger the EST enrollment for a new Domain Credential.

Uses remote_path_domain_credential from OwnerCredentialModel, trust_store from OnboardingConfigModel, est_username from OwnerCredentialModel, est_password from OnboardingConfigModel.

http_method_names = ('get', 'post')[source]ΒΆ
model[source]ΒΆ
template_name = 'pki/owner_credentials/request_domain_credential_est.html'[source]ΒΆ
context_object_name = 'owner_credential'[source]ΒΆ
get_context_data(**kwargs)[source]ΒΆ

Add cert-content summary and profile to the template context.

Parameters:

kwargs (Any)

Return type:

dict[str, Any]

post(request, *_args, **_kwargs)[source]ΒΆ

Perform the EST enrollment and redirect to the CLM view.

Parameters:
  • request (django.http.HttpRequest)

  • _args (Any)

  • _kwargs (Any)

Return type:

django.http.HttpResponse