django_ca.extensions
- X509 extensions¶
-
class
django_ca.extensions.
Extension
(value)[source]¶ Convenience class to handle X509 Extensions.
The class is designed to take whatever format an extension might occur, essentially providing a convertible format for extensions that is used in many places throughout the code. It accepts
str
if e.g. the value was received from the commandline:>>> KeyUsage('keyAgreement,keyEncipherment') <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False> >>> KeyUsage('critical,keyAgreement,keyEncipherment') <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>
It also accepts a
list
/tuple
of two elements, the first being the “critical” flag, the second being a value (e.g. from a MultiValueField from a form):>>> KeyUsage((False, ['keyAgreement', 'keyEncipherment'])) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False> >>> KeyUsage((True, ['keyAgreement', 'keyEncipherment'])) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>
Or it can be a
dict
as used by the CA_PROFILES setting:>>> KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False> >>> KeyUsage({'critical': True, 'value': ['keyAgreement', 'keyEncipherment']}) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>
… and finally it can also use a subclass of
ExtensionType
fromcryptography
:>>> from cryptography import x509 >>> ExtendedKeyUsage(x509.extensions.Extension( ... oid=ExtensionOID.EXTENDED_KEY_USAGE, ... critical=False, ... value=x509.ExtendedKeyUsage([ExtendedKeyUsageOID.SERVER_AUTH]) ... )) <ExtendedKeyUsage: ['serverAuth'], critical=False>
Parameters: - value : list or tuple or dict or str or
ExtensionType
The value of the extension, the description provides further details.
Attributes: name
A human readable name of this extension.
- value
Raw value for this extension. The type various from subclass to subclass.
-
as_extension
()[source]¶ This extension as
ExtensionType
.
-
extension_type
¶ The extension_type for this value.
-
for_builder
()[source]¶ Return kwargs suitable for a
CertificateBuilder
.Example:
>>> kwargs = KeyUsage('keyAgreement,keyEncipherment').for_builder() >>> builder.add_extension(**kwargs)
-
name
¶ A human readable name of this extension.
- value : list or tuple or dict or str or
-
class
django_ca.extensions.
KeyIdExtension
(value)[source]¶ Bases:
django_ca.extensions.Extension
Base class for extensions that contain a KeyID as value.
-
class
django_ca.extensions.
MultiValueExtension
(value)[source]¶ Bases:
django_ca.extensions.Extension
A generic base class for extensions that have multiple values.
Instances of this class have a
len()
and can be used with thein
operator:>>> ku = KeyUsage((False, ['keyAgreement', 'keyEncipherment'])) >>> 'keyAgreement' in ku True >>> len(ku) 2
Known values are set in the
KNOWN_VALUES
attribute for each class. The constructor will raiseValueError
if an unknown value is passed.
Concrete extensions¶
-
class
django_ca.extensions.
AuthorityKeyIdentifier
(value)[source]¶ Bases:
django_ca.extensions.KeyIdExtension
Class representing a AuthorityKeyIdentifier extension.
-
class
django_ca.extensions.
ExtendedKeyUsage
(value)[source]¶ Bases:
django_ca.extensions.MultiValueExtension
Class representing a ExtendedKeyUsage extension.
-
KNOWN_VALUES
= {'OCSPSigning', 'clientAuth', 'codeSigning', 'emailProtection', 'msKDC', 'serverAuth', 'smartcardLogon', 'timeStamping'}¶ Known values for this extension.
-
-
class
django_ca.extensions.
KeyUsage
(*args, **kwargs)[source]¶ Bases:
django_ca.extensions.MultiValueExtension
Class representing a KeyUsage extension.
-
KNOWN_VALUES
= {'cRLSign', 'dataEncipherment', 'decipherOnly', 'digitalSignature', 'encipherOnly', 'keyAgreement', 'keyCertSign', 'keyEncipherment', 'nonRepudiation'}¶ Known values for this extension.
-
-
class
django_ca.extensions.
SubjectKeyIdentifier
(value)[source]¶ Bases:
django_ca.extensions.KeyIdExtension
Class representing a SubjectKeyIdentifier extension.
-
class
django_ca.extensions.
TLSFeature
(value)[source]¶ Bases:
django_ca.extensions.MultiValueExtension
Class representing a TLSFeature extension.
-
KNOWN_VALUES
= {'MultipleCertStatusRequest', 'OCSPMustStaple'}¶ Known values for this extension.
-