{"openapi": "3.1.0", "info": {"title": "django-ca API", "version": "1.29.0", "description": ""}, "paths": {"/django_ca/api/ca/": {"get": {"operationId": "django_ca_api_endpoints_list_certificate_authorities", "summary": "List available certificate authorities", "parameters": [{"in": "query", "name": "expired", "schema": {"default": false, "description": "Include expired CAs.", "title": "Expired", "type": "boolean"}, "required": false, "description": "Include expired CAs."}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/CertificateAuthoritySchema"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve a list of currently usable certificate authorities.", "tags": ["Certificate authorities"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/": {"get": {"operationId": "django_ca_api_endpoints_view_certificate_authority", "summary": "View certificate authority", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthoritySchema"}}}}}, "description": "Retrieve details of the certificate authority with the given serial.", "tags": ["Certificate authorities"], "security": [{"BasicAuth": []}]}, "put": {"operationId": "django_ca_api_endpoints_update_certificate_authority", "summary": "Update certificate authority", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthoritySchema"}}}}}, "description": "Update a certificate authority.\n\nAll request body fields are optional, so you can also update only individual fields.", "tags": ["Certificate authorities"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthorityUpdateSchema"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/sign/": {"post": {"operationId": "django_ca_api_endpoints_sign_certificate", "summary": "Sign a certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Sign a certificate.\n\nThe `extensions` value is optional and allows you to add additional extensions to the certificate. Usually\nextensions are defined either by the CA or by the named profile.", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SignCertificateMessage"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/orders/{slug}/": {"get": {"operationId": "django_ca_api_endpoints_get_certificate_order", "summary": "Retrieve certificate order", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "slug", "schema": {"title": "Slug", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Retrieve information about the certificate order identified by `slug`.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/": {"get": {"operationId": "django_ca_api_endpoints_list_certificates", "summary": "List certificates", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "query", "name": "autogenerated", "schema": {"default": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates).", "title": "Autogenerated", "type": "boolean"}, "required": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates)."}, {"in": "query", "name": "expired", "schema": {"default": false, "description": "Include expired certificates.", "title": "Expired", "type": "boolean"}, "required": false, "description": "Include expired certificates."}, {"in": "query", "name": "profile", "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Only return certificates generated with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile"}, "required": false, "description": "Only return certificates generated with the given profile."}, {"in": "query", "name": "revoked", "schema": {"default": false, "description": "Include revoked certificates.", "title": "Revoked", "type": "boolean"}, "required": false, "description": "Include revoked certificates."}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/CertificateSchema"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve certificates signed by the certificate authority named by `serial`.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/{certificate_serial}/": {"get": {"operationId": "django_ca_api_endpoints_view_certificate", "summary": "View certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateSchema"}}}}}, "description": "Retrieve details of the certificate with the given certificate serial.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/revoke/{certificate_serial}/": {"post": {"operationId": "django_ca_api_endpoints_revoke_certificate", "summary": "Revoke certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateSchema"}}}}}, "description": "Revoke a certificate with the given serial.\n\nBoth `reason` and `compromised` fields are optional.", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/RevokeCertificateSchema"}}}, "required": true}, "security": [{"BasicAuth": []}]}}}, "components": {"schemas": {"CertificateAuthorityFilterSchema": {"description": "Filter-schema for listing certificate authorities.", "properties": {"expired": {"default": false, "description": "Include expired CAs.", "title": "Expired", "type": "boolean"}}, "title": "CertificateAuthorityFilterSchema", "type": "object"}, "AccessDescriptionModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.AccessDescription`.\n\nThe `access_method` may be a dotted string OID or one of the aliases listed in\n:py:attr:`~django_ca.constants.ACCESS_METHOD_TYPES`. The `access_location` is a\n:py:class:`~django_ca.pydantic.general_name.GeneralNameModel`:\n\n.. pydantic-model:: access_description_ocsp\n\nThe syntax is identical for CA issuers:\n\n.. pydantic-model:: access_description_ca_issuers", "properties": {"access_method": {"title": "Access Method", "type": "string"}, "access_location": {"$ref": "#/components/schemas/GeneralNameModel"}}, "required": ["access_method", "access_location"], "title": "AccessDescriptionModel", "type": "object"}, "AuthorityInformationAccessModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.AuthorityInformationAccess` extension.\n\nThe `value` is a list of :py:class:`~django_ca.pydantic.extension_attributes.AccessDescriptionModel`\ninstances:\n\n.. pydantic-model:: authority_information_access", "properties": {"type": {"const": "authority_information_access", "default": "authority_information_access", "enum": ["authority_information_access"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/AccessDescriptionModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "AuthorityInformationAccessModel", "type": "object"}, "CRLDistributionPointsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.CRLDistributionPoints` extension.\n\nThe `value` is a list of :py:class:`~django_ca.pydantic.extension_attributes.DistributionPointModel`\ninstances:\n\n.. pydantic-model:: crl_distribution_points", "properties": {"type": {"const": "crl_distribution_points", "default": "crl_distribution_points", "enum": ["crl_distribution_points"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/DistributionPointModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "CRLDistributionPointsModel", "type": "object"}, "CertificateAuthoritySchema": {"description": "Schema for serializing a certificate authority.", "properties": {"created": {"description": "When the certificate was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "not_after": {"description": "The certificate is not valid after this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not After", "type": "string"}, "not_before": {"description": "The certificate is not valid before this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not Before", "type": "string"}, "pem": {"description": "The public key formatted as PEM.", "example": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n", "title": "Pem", "type": "string"}, "serial": {"description": "Serial (in hex) of the certificate.", "example": "ABC...0123", "title": "Serial", "type": "string"}, "subject": {"allOf": [{"$ref": "#/components/schemas/NameModel"}], "description": "The subject as list of name attributes."}, "issuer": {"allOf": [{"$ref": "#/components/schemas/NameModel"}], "description": "The issuer as list of name attributes."}, "revoked": {"description": "If the certificate was revoked.", "example": false, "title": "Revoked", "type": "boolean"}, "updated": {"description": "When the certificate was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "name": {"description": "The human-readable name of the certificate authority.", "title": "Name", "type": "string"}, "sign_authority_information_access": {"anyOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"type": "null"}], "description": "The Authority Information Access extension added to newly signed certificates."}, "sign_certificate_policies": {"anyOf": [{"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"type": "null"}], "description": "The Certificate Policies extension added to newly signed certificates."}, "sign_crl_distribution_points": {"anyOf": [{"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"type": "null"}], "description": "The CRL Distribution Points extension added to newly signed certificates."}, "sign_issuer_alternative_name": {"anyOf": [{"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"type": "null"}], "description": "The Issuer Alternative Name extension added to newly signed certificates."}, "caa_identity": {"anyOf": [{"maxLength": 32, "type": "string"}, {"type": "null"}], "description": "CAA identity for this CA (NOTE: Not currently used!).", "title": "CAA identity"}, "website": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Website for your CA.", "title": "Website"}, "terms_of_service": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "URL to Terms of Service for this CA", "title": "Terms of Service"}, "ocsp_responder_key_validity": {"default": 3, "description": "How long <strong>(in days)</strong> OCSP responder keys may be valid.", "title": "OCSP responder key validity", "type": "integer"}, "ocsp_response_validity": {"default": 86400, "description": "How long <strong>(in seconds)</strong> OCSP responses may be considered valid by the client.", "title": "OCSP response validity", "type": "integer"}, "acme_enabled": {"default": false, "description": "Whether it is possible to use ACME for this CA.", "title": "Enable ACME", "type": "boolean"}, "acme_registration": {"default": true, "description": "Allow ACME clients to register new accounts.", "title": "ACME account registration.", "type": "boolean"}, "acme_profile": {"description": "Profile used when generating ACME certificates.", "maxLength": 32, "title": "Profile", "type": "string"}, "acme_requires_contact": {"default": true, "description": "If this CA requires a contact address during account registration.", "title": "Requires contact", "type": "boolean"}, "can_sign_certificates": {"description": "If the certificate authority can be used to sign certificates via the API.", "title": "Can Sign Certificates", "type": "boolean"}}, "required": ["created", "not_after", "not_before", "pem", "serial", "subject", "issuer", "revoked", "updated", "name", "can_sign_certificates"], "title": "CertificateAuthoritySchema", "type": "object"}, "CertificatePoliciesModel": {"description": "A CertificatePolicies extension.", "properties": {"type": {"const": "certificate_policies", "default": "certificate_policies", "enum": ["certificate_policies"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"description": "The value of the CertificatePolicies extension is a list of policy information objects.", "items": {"$ref": "#/components/schemas/PolicyInformationModel"}, "minItems": 1, "title": "Value", "type": "array", "uniqueItems": true}}, "required": ["value"], "title": "CertificatePoliciesModel", "type": "object"}, "DistributionPointModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.DistributionPoint`.\n\nIn its by far most common form, this model only has a `full_name` containing a URI:\n\n>>> DistributionPointModel(\n...     full_name=[{\"type\": \"URI\", \"value\": \"https://ca.example.com/crl\"}]\n... )  # doctest: +STRIP_WHITESPACE\nDistributionPointModel(\n    full_name=[GeneralNameModel(type='URI', value='https://ca.example.com/crl')],\n    relative_name=None, crl_issuer=None, reasons=None\n)\n\nOf course, other fields are also supported:\n\n>>> DistributionPointModel(\n...     relative_name=[{\"oid\": \"2.5.4.3\", \"value\": \"example.com\"}],\n...     crl_issuer=[{\"type\": \"URI\", \"value\": \"https://ca.example.com/issuer\"}],\n...     reasons={\"key_compromise\",}\n... )  # doctest: +STRIP_WHITESPACE\nDistributionPointModel(\n    full_name=None,\n    relative_name=NameModel(root=[NameAttributeModel(oid='2.5.4.3', value='example.com')]),\n    crl_issuer=[GeneralNameModel(type='URI', value='https://ca.example.com/issuer')],\n    reasons={'key_compromise'}\n)", "properties": {"full_name": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Full Name"}, "relative_name": {"anyOf": [{"$ref": "#/components/schemas/NameModel"}, {"type": "null"}]}, "crl_issuer": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Crl Issuer"}, "reasons": {"anyOf": [{"items": {"enum": ["aa_compromise", "affiliation_changed", "ca_compromise", "certificate_hold", "cessation_of_operation", "key_compromise", "privilege_withdrawn", "superseded"], "type": "string"}, "type": "array", "uniqueItems": true}, {"type": "null"}], "title": "Reasons"}}, "title": "DistributionPointModel", "type": "object"}, "GeneralNameModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.NameAttribute`.\n\nThis model takes a `type` named in :py:attr:`~django_ca.constants.GENERAL_NAME_TYPES` and a `value` that\nis usually a ``str``:\n\n.. pydantic-model:: general_name\n\nFor directory names, you have to pass a :py:class:`~django_ca.pydantic.name.NameModel` instead:\n\n.. pydantic-model:: general_name_name\n\nFor :py:class:`~cg:cryptography.x509.OtherName` instances, pass a\n:py:class:`~django_ca.pydantic.general_name.OtherNameModel` instead:\n\n.. pydantic-model:: general_name_othername\n   :cryptography-prefix: othername", "properties": {"type": {"enum": ["email", "URI", "IP", "DNS", "RID", "dirName", "otherName"], "title": "Type", "type": "string"}, "value": {"oneOf": [{"type": "string"}, {"$ref": "#/components/schemas/NameModel"}, {"$ref": "#/components/schemas/OtherNameModel"}, {"anyOf": [{"format": "ipv4", "type": "string"}, {"format": "ipv6", "type": "string"}, {"format": "ipv4network", "type": "string"}, {"format": "ipv6network", "type": "string"}]}], "title": "Value"}}, "required": ["type", "value"], "title": "GeneralNameModel", "type": "object"}, "IssuerAlternativeNameModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.IssuerAlternativeName` extension.\n\nThis model behaves exactly like :py:class:`~django_ca.pydantic.SubjectAlternativeNameModel`.", "properties": {"type": {"const": "issuer_alternative_name", "default": "issuer_alternative_name", "enum": ["issuer_alternative_name"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "IssuerAlternativeNameModel", "type": "object"}, "NameAttributeModel": {"description": "A NameAttribute is defined by an object identifier (OID) and a value.", "properties": {"oid": {"description": "A dotted string representing the OID or a known alias as described in [NAME_OID_TYPES](https://django-ca.readthedocs.io/en/latest/python/constants.html#django_ca.constants.NAME_OID_TYPES).", "example": "2.5.4.3", "title": "Object identifier", "type": "string"}, "value": {"description": "Actual value of the attribute. For x500 unique identifiers (OID 2.5.4.45) the value must be the base64 encoded.", "example": "example.com", "title": "Value", "type": "string"}}, "required": ["oid", "value"], "title": "NameAttributeModel", "type": "object"}, "NameModel": {"description": "A Name is composed of a list of name attributes.", "example": [{"oid": "2.5.4.6", "value": "AT"}, {"oid": "2.5.4.3", "value": "example.com"}], "format": "X.501 Name", "items": {"$ref": "#/components/schemas/NameAttributeModel"}, "title": "NameModel", "type": "array"}, "NoticeReferenceModel": {"description": "A NoticeReferenceModel consists of an optional *organization* and an optional list of *notice_numbers*.", "properties": {"organization": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Organization"}, "notice_numbers": {"items": {"type": "integer"}, "title": "Notice Numbers", "type": "array"}}, "required": ["notice_numbers"], "title": "NoticeReferenceModel", "type": "object"}, "OtherNameModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.OtherName`.\n\nThe `oid` argument may be any valid object identifier as dotted string (e.g. ``\"1.2.3\"``).\n\nThe `type` argument may be any type in :py:attr:`~django_ca.constants.OTHER_NAME_TYPES` or\n:py:class:`~django_ca.constants.OTHER_NAME_ALIASES`.\n\nThe type of the `value` argument depends on the `type` value. String variants (``UTFString``, etc.)\nrequire a ``str``, boolean requires a ``bool`` value and so on:\n\n.. pydantic-model:: othername\n\nFor datetime variants (``UTCTIME`` and ``GENERALIZEDTIME``), you must pass a timezone-aware object:\n\n.. pydantic-model:: othername_utctime\n\nFor ``INTEGER``, you can pass an ``int`` or a ``str`` for a base 16 integer:\n\n.. pydantic-model:: othername_integer\n\nFinally, for an ``OctetString``, pass the raw bytes or as a hex-encoded string:\n\n.. pydantic-model:: othername_octetstring\n\nAs usual, the ``cryptography`` property will return the cryptography variant of the model:\n\n>>> OtherNameModel(oid=\"1.2.3\", type=\"IA5STRING\", value=\"some string\").cryptography\n<OtherName(type_id=<ObjectIdentifier(oid=1.2.3, name=Unknown OID)>, value=b'\\x16\\x0bsome string')>", "properties": {"oid": {"title": "Oid", "type": "string"}, "type": {"enum": ["UTF8String", "UNIVERSALSTRING", "IA5STRING", "BOOLEAN", "NULL", "UTCTIME", "GENERALIZEDTIME", "INTEGER", "OctetString"], "title": "Type", "type": "string"}, "value": {"anyOf": [{"type": "string"}, {"type": "boolean"}, {"format": "date-time", "type": "string"}, {"type": "integer"}, {"type": "null"}], "title": "Value"}}, "required": ["oid", "type", "value"], "title": "OtherNameModel", "type": "object"}, "PolicyInformationModel": {"description": "A PolicyInformationModel consists of a *policy_identifier* and an optional list *policy_qualifiers*.", "properties": {"policy_identifier": {"description": "An object identifier (OID) as dotted string.", "example": "2.5.29.32.0", "title": "Policy Identifier", "type": "string"}, "policy_qualifiers": {"anyOf": [{"items": {"anyOf": [{"type": "string"}, {"$ref": "#/components/schemas/UserNoticeModel"}]}, "type": "array"}, {"type": "null"}], "description": "Optional list of policy qualifiers, a list of strings and/or UserNoticeModel objects.", "example": ["http://ca.example.com/cps", {"explicit_text": "Some text."}], "title": "Policy Qualifiers"}}, "required": ["policy_identifier"], "title": "PolicyInformationModel", "type": "object"}, "UserNoticeModel": {"description": "A UserNoticeModel consists of an *explicit_text* and an optional *notice_reference*.", "properties": {"notice_reference": {"anyOf": [{"$ref": "#/components/schemas/NoticeReferenceModel"}, {"type": "null"}]}, "explicit_text": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Explicit Text"}}, "required": ["explicit_text"], "title": "UserNoticeModel", "type": "object"}, "CertificateAuthorityUpdateSchema": {"description": "Schema for updating certificate authorities.", "properties": {"name": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The human-readable name of the certificate authority.", "required": false, "title": "Name"}, "sign_authority_information_access": {"anyOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"type": "null"}], "description": "The Authority Information Access extension added to newly signed certificates."}, "sign_certificate_policies": {"anyOf": [{"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"type": "null"}], "description": "The Certificate Policies extension added to newly signed certificates."}, "sign_crl_distribution_points": {"anyOf": [{"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"type": "null"}], "description": "The CRL Distribution Points extension added to newly signed certificates."}, "sign_issuer_alternative_name": {"anyOf": [{"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"type": "null"}], "description": "The Issuer Alternative Name extension added to newly signed certificates."}, "caa_identity": {"anyOf": [{"maxLength": 32, "type": "string"}, {"type": "null"}], "description": "CAA identity for this CA (NOTE: Not currently used!).", "title": "CAA identity"}, "website": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Website for your CA.", "title": "Website"}, "terms_of_service": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "URL to Terms of Service for this CA", "title": "Terms of Service"}, "ocsp_responder_key_validity": {"default": 3, "description": "How long <strong>(in days)</strong> OCSP responder keys may be valid.", "title": "OCSP responder key validity", "type": "integer"}, "ocsp_response_validity": {"default": 86400, "description": "How long <strong>(in seconds)</strong> OCSP responses may be considered valid by the client.", "title": "OCSP response validity", "type": "integer"}, "acme_enabled": {"default": false, "description": "Whether it is possible to use ACME for this CA.", "title": "Enable ACME", "type": "boolean"}, "acme_registration": {"default": true, "description": "Allow ACME clients to register new accounts.", "title": "ACME account registration.", "type": "boolean"}, "acme_profile": {"description": "Profile used when generating ACME certificates.", "maxLength": 32, "title": "Profile", "type": "string"}, "acme_requires_contact": {"default": true, "description": "If this CA requires a contact address during account registration.", "title": "Requires contact", "type": "boolean"}}, "title": "CertificateAuthorityUpdateSchema", "type": "object"}, "CertificateOrderSchema": {"description": "Schema for certificate orders.", "properties": {"user": {"description": "Username of the user.", "title": "User", "type": "string"}, "serial": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Serial"}, "created": {"description": "When the order was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "updated": {"description": "When the order was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "slug": {"description": "Slug identifying the order.", "title": "Slug", "type": "string"}, "status": {"default": "pending", "description": "Current status of the order.", "maxLength": 8, "title": "Status", "type": "string"}}, "required": ["user", "created", "updated"], "title": "CertificateOrderSchema", "type": "object"}, "ExtendedKeyUsageModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.ExtendedKeyUsage` extension.\n\nThe `value` is a list valid object identifiers as dotted strings. For convenience, any name from\n:py:attr:`~django_ca.constants.EXTENDED_KEY_USAGE_NAMES` can also be given:\n\n.. pydantic-model:: extended_key_usage", "properties": {"type": {"const": "extended_key_usage", "default": "extended_key_usage", "enum": ["extended_key_usage"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "ExtendedKeyUsageModel", "type": "object"}, "FreshestCRLModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.FreshestCRL` extension.\n\nThis model behaves exactly like :py:class:`~django_ca.pydantic.CRLDistributionPointsModel`.", "properties": {"type": {"const": "freshest_crl", "default": "freshest_crl", "enum": ["freshest_crl"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/DistributionPointModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "FreshestCRLModel", "type": "object"}, "KeyUsageModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.KeyUsage` extension.\n\nAll key usages default to ``False``, so you can skip giving any usages you don't care about. For\nconvenience, the model also accepts values as used in `RFC 5280`_ (full mapping in\n:py:attr:`~django_ca.constants.KEY_USAGE_NAMES`):\n\n.. pydantic-model:: key_usage", "properties": {"type": {"const": "key_usage", "default": "key_usage", "enum": ["key_usage"], "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"items": {"enum": ["crl_sign", "data_encipherment", "decipher_only", "digital_signature", "encipher_only", "key_agreement", "key_cert_sign", "key_encipherment", "content_commitment"], "type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "KeyUsageModel", "type": "object"}, "MSCertificateTemplateModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.MSCertificateTemplate` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.MSCertificateTemplateValueModel`\ninstance, where `major_version` and `minor_version` are both optional:\n\n.. pydantic-model:: ms_certificate_template\n\nNote that this extension does not have a default defined for the `critical` parameter, so it is mandatory.", "properties": {"type": {"const": "ms_certificate_template", "default": "ms_certificate_template", "enum": ["ms_certificate_template"], "title": "Type", "type": "string"}, "critical": {"title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/MSCertificateTemplateValueModel"}}, "required": ["critical", "value"], "title": "MSCertificateTemplateModel", "type": "object"}, "MSCertificateTemplateValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.MSCertificateTemplate`.\n\nThe `template_id` parameter is a dotted-string object identifier, while `major_version` and\n`minor_version` are optional integers:\n\n>>> MSCertificateTemplateValueModel(template_id=\"1.2.3\", major_version=1)\nMSCertificateTemplateValueModel(template_id='1.2.3', major_version=1, minor_version=None)", "properties": {"template_id": {"title": "Template Id", "type": "string"}, "major_version": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Major Version"}, "minor_version": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Minor Version"}}, "required": ["template_id"], "title": "MSCertificateTemplateValueModel", "type": "object"}, "OCSPNoCheckModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.OCSPNoCheck` extension.\n\nThis extension does not have a value, and thus can be instantiated without any parameters (but ``None``\nis also accepted):\n\n.. pydantic-model:: ocsp_no_check", "properties": {"type": {"const": "ocsp_no_check", "default": "ocsp_no_check", "enum": ["ocsp_no_check"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "null"}}, "title": "OCSPNoCheckModel", "type": "object"}, "PrecertPoisonModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.PrecertPoison` extension.\n\nThis extension does not have a value, and thus can be instantiated without any parameters (but ``None``\nis also accepted):\n\n.. pydantic-model:: precert_poison", "properties": {"type": {"const": "precert_poison", "default": "precert_poison", "enum": ["precert_poison"], "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "null"}}, "title": "PrecertPoisonModel", "type": "object"}, "SignCertificateMessage": {"description": "Schema for signing certificates.", "properties": {"algorithm": {"anyOf": [{"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "type": "string"}, {"type": "null"}], "description": "Hash algorithm used for signing (default: same as in the certificate authority).", "title": "Algorithm"}, "autogenerated": {"default": false, "description": "If the certificate should be marked as auto-generated.", "title": "Autogenerated", "type": "boolean"}, "csr": {"description": "The certificate signing request (CSR) in PEM format", "example": "-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----\n", "format": "binary", "title": "CSR", "type": "string"}, "expires": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate is due to expire, defaults to the CA_DEFAULT_EXPIRES setting.", "example": "2023-07-30T10:06:35Z", "title": "Expires"}, "extensions": {"anyOf": [{"items": {"discriminator": {"mapping": {"authority_information_access": "#/components/schemas/AuthorityInformationAccessModel", "certificate_policies": "#/components/schemas/CertificatePoliciesModel", "crl_distribution_points": "#/components/schemas/CRLDistributionPointsModel", "extended_key_usage": "#/components/schemas/ExtendedKeyUsageModel", "freshest_crl": "#/components/schemas/FreshestCRLModel", "issuer_alternative_name": "#/components/schemas/IssuerAlternativeNameModel", "key_usage": "#/components/schemas/KeyUsageModel", "ms_certificate_template": "#/components/schemas/MSCertificateTemplateModel", "ocsp_no_check": "#/components/schemas/OCSPNoCheckModel", "precert_poison": "#/components/schemas/PrecertPoisonModel", "subject_alternative_name": "#/components/schemas/SubjectAlternativeNameModel", "tls_feature": "#/components/schemas/TLSFeatureModel"}, "propertyName": "type"}, "oneOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"$ref": "#/components/schemas/ExtendedKeyUsageModel"}, {"$ref": "#/components/schemas/FreshestCRLModel"}, {"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"$ref": "#/components/schemas/KeyUsageModel"}, {"$ref": "#/components/schemas/MSCertificateTemplateModel"}, {"$ref": "#/components/schemas/OCSPNoCheckModel"}, {"$ref": "#/components/schemas/PrecertPoisonModel"}, {"$ref": "#/components/schemas/SubjectAlternativeNameModel"}, {"$ref": "#/components/schemas/TLSFeatureModel"}]}, "type": "array"}, {"type": "null"}], "description": "**Optional** additional extensions to add to the certificate.", "title": "Extensions"}, "profile": {"default": "webserver", "description": "Issue the certificate with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile", "type": "string"}, "subject": {"allOf": [{"$ref": "#/components/schemas/NameModel"}], "description": "The subject as list of name attributes."}}, "required": ["csr", "subject"], "title": "SignCertificateMessage", "type": "object"}, "SubjectAlternativeNameModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.SubjectAlternativeName` extension.\n\nThe `general_names` attribute is a list of :py:class:`~django_ca.pydantic.general_name.GeneralNameModel`\ninstances:\n\n.. pydantic-model:: subject_alternative_name", "properties": {"type": {"const": "subject_alternative_name", "default": "subject_alternative_name", "enum": ["subject_alternative_name"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "SubjectAlternativeNameModel", "type": "object"}, "TLSFeatureModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.TLSFeature` extension.\n\nThe `value` is a list of one or both of ``\"status_request\"`` and ``\"status_request_v2\"``.\n\n.. pydantic-model:: tls_feature\n\nFor convenience, the model also accepts keys named in :py:attr:`~django_ca.constants.TLS_FEATURE_NAMES`:\n\n.. pydantic-model:: tls_feature_names\n   :cryptography-prefix: tls_feature", "properties": {"type": {"const": "tls_feature", "default": "tls_feature", "enum": ["tls_feature"], "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"enum": ["status_request", "status_request_v2"], "type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "TLSFeatureModel", "type": "object"}, "CertificateFilterSchema": {"description": "Filter schema for certificates.", "properties": {"autogenerated": {"default": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates).", "title": "Autogenerated", "type": "boolean"}, "expired": {"default": false, "description": "Include expired certificates.", "title": "Expired", "type": "boolean"}, "profile": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Only return certificates generated with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile"}, "revoked": {"default": false, "description": "Include revoked certificates.", "title": "Revoked", "type": "boolean"}}, "title": "CertificateFilterSchema", "type": "object"}, "CertificateSchema": {"description": "Schema for serializing a certificate.", "properties": {"created": {"description": "When the certificate was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "not_after": {"description": "The certificate is not valid after this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not After", "type": "string"}, "not_before": {"description": "The certificate is not valid before this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not Before", "type": "string"}, "pem": {"description": "The public key formatted as PEM.", "example": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n", "title": "Pem", "type": "string"}, "serial": {"description": "Serial (in hex) of the certificate.", "example": "ABC...0123", "title": "Serial", "type": "string"}, "subject": {"allOf": [{"$ref": "#/components/schemas/NameModel"}], "description": "The subject as list of name attributes."}, "issuer": {"allOf": [{"$ref": "#/components/schemas/NameModel"}], "description": "The issuer as list of name attributes."}, "revoked": {"description": "If the certificate was revoked.", "example": false, "title": "Revoked", "type": "boolean"}, "updated": {"description": "When the certificate was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "autogenerated": {"description": "If the field was automatically generated (e.g. for an OCSP responder).", "title": "Autogenerated", "type": "boolean"}, "profile": {"description": "The profile that the certificate was generated with.", "title": "Profile", "type": "string"}}, "required": ["created", "not_after", "not_before", "pem", "serial", "subject", "issuer", "revoked", "updated", "autogenerated", "profile"], "title": "CertificateSchema", "type": "object"}, "ReasonFlags": {"description": "An enumeration for CRL reasons.\n\nThis enumeration is a copy of ``cryptography.x509.ReasonFlags``. We create a copy because any change\nin the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems\nwith your Django project.", "enum": ["unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "privilegeWithdrawn", "aACompromise", "removeFromCRL"], "title": "ReasonFlags", "type": "string"}, "RevokeCertificateSchema": {"description": "Schema for revoking certificates.", "properties": {"compromised": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate was compromised.", "title": "Compromised"}, "reason": {"allOf": [{"$ref": "#/components/schemas/ReasonFlags"}], "default": "unspecified", "description": "The reason why the certificate was revoked. Valid values are `unspecified`,\n        `keyCompromise`, `cACompromise`, `affiliationChanged`, `superseeded`, `cessationOfOperation`, \n        `certificateHold`, `privilegeWithdrawn`, `aACompromise` and `removeFromCRL`."}}, "title": "RevokeCertificateSchema", "type": "object"}}, "securitySchemes": {"BasicAuth": {"type": "http", "scheme": "basic"}}}, "servers": []}