django_ca.extensions.base - Extension base classes¶
Base classes for x509 extensions.
- class django_ca.extensions.base.AlternativeNameExtension(value=None)[source]¶
Base class for extensions that contain a list of general names.
This class also allows you to pass
GeneralNameinstances:>>> san = SubjectAlternativeName({'value': [x509.DNSName('example.com'), 'example.net']}) >>> san <SubjectAlternativeName: ['DNS:example.com', 'DNS:example.net'], critical=False> >>> 'example.com' in san, 'DNS:example.com' in san, x509.DNSName('example.com') in san (True, True, True)
- class django_ca.extensions.base.CRLDistributionPointsBase(value=None)[source]¶
Base class for
CRLDistributionPointsandFreshestCRL.
- class django_ca.extensions.base.Extension(value=None)[source]¶
Convenience class to handle X509 Extensions.
The value is a
dictas used by the CA_PROFILES setting:>>> KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True> >>> KeyUsage({'critical': False, 'value': ['key_agreement', 'key_encipherment']}) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False>
… but can also use a subclass of
ExtensionTypefromcryptography:>>> from cryptography import x509 >>> cg_ext = x509.extensions.Extension( ... oid=ExtensionOID.EXTENDED_KEY_USAGE, ... critical=False, ... value=x509.ExtendedKeyUsage([ExtendedKeyUsageOID.SERVER_AUTH]) ... ) >>> ExtendedKeyUsage(cg_ext) <ExtendedKeyUsage: ['serverAuth'], critical=False> >>> ExtendedKeyUsage({'value': ['serverAuth']}) <ExtendedKeyUsage: ['serverAuth'], critical=False>
Changed in version 1.18.0: This class is now an abstract base class.
- Parameters
- valuelist or tuple or dict or str or
ExtensionType The value of the extension, the description provides further details.
- valuelist or tuple or dict or str or
- Attributes
- name
A human readable name of this extension
- value
Raw value for this extension. The type various from subclass to subclass.
- criticalbool
If this extension is marked as critical
- oid
The OID for this extension.
- keystr
The key is a reusable ID used in various parts of the application.
- default_criticalbool
The default critical value if you pass a dict without the
"critical"key.
- abstract property extension_type¶
The
ExtensionTypeinstance of this extension.Implementing classes are expected to implement this function.
- for_builder()[source]¶
Return a tuple suitable for a
CertificateBuilder.Example:
>>> ext = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}) >>> builder = x509.CertificateBuilder() >>> builder.add_extension(*ext.for_builder()) <cryptography.x509.base.CertificateBuilder object at ...>
- abstract from_dict(value)[source]¶
Load class from a dictionary.
Implementing classes are expected to implement this function.
- abstract from_extension(value)[source]¶
Load a wrapper class from a cryptography extension instance.
Implementing classes are expected to implement this function.
- from_other(value)[source]¶
Load class from any other value type.
This class can be overwritten to allow loading classes from different types.
- hash_value()[source]¶
Return the current extension value in hashable form.
This function is used for the default implementations for
hash()and the==equality operator.
- abstract repr_value()[source]¶
String representation of the current value for this extension.
Implementing classes are expected to implement this function.
- class django_ca.extensions.base.IterableExtension(value=None)[source]¶
Base class for iterable extensions.
Extensions of this class can be used just like any other iterable, e.g.:
>>> e = KeyUsage({'value': ['cRLSign'], 'critical': True}) >>> 'cRLSign' in e True >>> len(e) 1 >>> for val in e: ... print(val) cRLSign
- class django_ca.extensions.base.ListExtension(value=None)[source]¶
Base class for extensions with multiple ordered values.
Changed in version 1.18.0: This class is now an abstract base class.
- class django_ca.extensions.base.NullExtension(value=None)[source]¶
Base class for extensions that do not have a value.
Changed in version 1.18.0: This class is now an abstract base class.
Some extensions, like
OCSPNoCheckorPrecertPoisondo not encode any information, but the presence of the extension itself carries meaning.Extensions using this base class will ignore any
"value"key in their dict, only the"critical"key is relevant:>>> OCSPNoCheck() <OCSPNoCheck: critical=False> >>> OCSPNoCheck({'critical': True}) <OCSPNoCheck: critical=True> >>> OCSPNoCheck({'critical': True}) <OCSPNoCheck: critical=True> >>> OCSPNoCheck(x509.extensions.Extension(oid=ExtensionOID.OCSP_NO_CHECK, critical=True, value=None)) <OCSPNoCheck: critical=True>
- class django_ca.extensions.base.OrderedSetExtension(value=None)[source]¶
Base class for extensions that contain a set of values.
Changed in version 1.18.0: This class is now an abstract base class.
For reproducibility, any serialization will always sort the values contained in this extension.
Extensions derived from this class can be used like a normal set, for example:
>>> e = KeyUsage({'value': {'cRLSign', }}) >>> e.add('keyAgreement') >>> e <KeyUsage: ['cRLSign', 'keyAgreement'], critical=True> >>> e -= {'keyAgreement', } >>> e <KeyUsage: ['cRLSign'], critical=True>
- class django_ca.extensions.base.SignedCertificateTimestampsBase(value=None)[source]¶
Base class for extensions containing signed certificate timestamps.
Derived classes cannot be instantiated by any custom value, only the matching subclass of
ExtensionTypeis supported. Unfortunately cryptography currently does not support creating instances ofSignedCertificateTimestamp(see issue #4820). This extension thus also has no way of adding/removing any elements. Any attempt of updating an instance will raiseNotImplementedError.