django_ca.extensions - X509 extensions

class django_ca.extensions.Extension(value)[source]

Convenience class to handle X509 Extensions.

The class is designed to take whatever format an extension might occur, essentially providing a convertible format for extensions that is used in many places throughout the code. It accepts str if e.g. the value was received from the commandline:

>>> KeyUsage('keyAgreement,keyEncipherment')
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False>
>>> KeyUsage('critical,keyAgreement,keyEncipherment')
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>

It also accepts a list/tuple of two elements, the first being the “critical” flag, the second being a value (e.g. from a MultiValueField from a form):

>>> KeyUsage((False, ['keyAgreement', 'keyEncipherment']))
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False>
>>> KeyUsage((True, ['keyAgreement', 'keyEncipherment']))
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>

Or it can be a dict as used by the CA_PROFILES setting:

>>> KeyUsage({'value': ['keyAgreement', 'keyEncipherment']})
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False>
>>> KeyUsage({'critical': True, 'value': ['keyAgreement', 'keyEncipherment']})
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>

… and finally it can also use a subclass of ExtensionType from cryptography:

>>> from cryptography import x509
>>> ExtendedKeyUsage(x509.extensions.Extension(
...    oid=ExtensionOID.EXTENDED_KEY_USAGE,
...    critical=False,
...    value=x509.ExtendedKeyUsage([ExtendedKeyUsageOID.SERVER_AUTH])
... ))
<ExtendedKeyUsage: ['serverAuth'], critical=False>
Parameters:
value : list or tuple or dict or str or ExtensionType

The value of the extension, the description provides further details.

Attributes:
name

A human readable name of this extension.

value

Raw value for this extension. The type various from subclass to subclass.

add_colons(s)[source]

Add colons to a string.

TODO: duplicate from utils :-(

as_extension()[source]

This extension as ExtensionType.

as_text()[source]

Human-readable version of the value, not including the “critical” flag.

extension_type

The extension_type for this value.

for_builder()[source]

Return kwargs suitable for a CertificateBuilder.

Example:

>>> kwargs = KeyUsage('keyAgreement,keyEncipherment').for_builder()
>>> builder.add_extension(**kwargs)  
name

A human readable name of this extension.

class django_ca.extensions.KeyIdExtension(value)[source]

Bases: django_ca.extensions.Extension

Base class for extensions that contain a KeyID as value.

class django_ca.extensions.MultiValueExtension(value)[source]

Bases: django_ca.extensions.Extension

A generic base class for extensions that have multiple values.

Instances of this class have a len() and can be used with the in operator:

>>> ku = KeyUsage((False, ['keyAgreement', 'keyEncipherment']))
>>> 'keyAgreement' in ku
True
>>> len(ku)
2

Known values are set in the KNOWN_VALUES attribute for each class. The constructor will raise ValueError if an unknown value is passed.

Concrete extensions

class django_ca.extensions.AuthorityKeyIdentifier(value)[source]

Bases: django_ca.extensions.KeyIdExtension

Class representing a AuthorityKeyIdentifier extension.

class django_ca.extensions.ExtendedKeyUsage(value)[source]

Bases: django_ca.extensions.MultiValueExtension

Class representing a ExtendedKeyUsage extension.

KNOWN_VALUES = {'OCSPSigning', 'clientAuth', 'codeSigning', 'emailProtection', 'msKDC', 'serverAuth', 'smartcardLogon', 'timeStamping'}

Known values for this extension.

class django_ca.extensions.KeyUsage(*args, **kwargs)[source]

Bases: django_ca.extensions.MultiValueExtension

Class representing a KeyUsage extension.

KNOWN_VALUES = {'cRLSign', 'dataEncipherment', 'decipherOnly', 'digitalSignature', 'encipherOnly', 'keyAgreement', 'keyCertSign', 'keyEncipherment', 'nonRepudiation'}

Known values for this extension.

class django_ca.extensions.SubjectKeyIdentifier(value)[source]

Bases: django_ca.extensions.KeyIdExtension

Class representing a SubjectKeyIdentifier extension.

class django_ca.extensions.TLSFeature(value)[source]

Bases: django_ca.extensions.MultiValueExtension

Class representing a TLSFeature extension.

KNOWN_VALUES = {'MultipleCertStatusRequest', 'OCSPMustStaple'}

Known values for this extension.