django_ca.views - HTTP endpoints

Views for the django-ca app.

See also

• https://docs.djangoproject.com/en/dev/topics/class-based-views/

• https://django-ca.readthedocs.io/en/latest/python/views.html

class django_ca.views.GenericCAIssuersView(**kwargs)

Generic view that returns a CA public key in DER format.

This view serves the URL named in the issuers key in the AuthorityInformationAccess extension.

class django_ca.views.GenericOCSPView(**kwargs)

View providing auto-configured OCSP functionality.

This view assumes that ocsp/$ca_serial.(key|pem) point to the private/public key of a responder certificate as created by generate_ocsp_keys. The serial URL keyword argument must be the serial for this CA.

get_ocsp_response(builder: OCSPResponseBuilder) → HttpResponse | OCSPResponse

Sign the OCSP request using cryptography keys.

class django_ca.views.OCSPView(**kwargs)

View to provide an OCSP responder.

ca: str = ''

The name or serial of your Certificate Authority.

ca_ocsp = False

If set to True, validate child CAs instead.

expires = 600

Time in seconds that the responses remain valid. The default is 600 seconds or ten minutes.

fail(status: ~cryptography.x509.ocsp.OCSPResponseStatus = <OCSPResponseStatus.INTERNAL_ERROR: 2>) → HttpResponse

Generic method to return a failure response.

get_ca() → CertificateAuthority

Get the certificate authority for the request.

get_cert(ca: CertificateAuthority, serial: str) → Certificate | CertificateAuthority

Get the certificate that was requested in the OCSP request.

get_expires(now: datetime) → datetime

Get the timestamp when the OCSP response expires.

get_ocsp_response(builder: OCSPResponseBuilder) → HttpResponse | OCSPResponse

Sign the OCSP request using cryptography keys.

get_responder_cert() → Certificate

Get the public key used to sign OCSP responses.

get_responder_key() → Ed25519PrivateKey | Ed448PrivateKey | RSAPrivateKey | DSAPrivateKey | EllipticCurvePrivateKey

Get the private key used to sign OCSP responses.

get_responder_key_data() → bytes

Read the file containing the private key used to sign OCSP responses.

http_response(data: bytes, status: int = HTTPStatus.OK) → HttpResponse

Get an HTTP OCSP response with given status and data.

malformed_request() → HttpResponse

Get a response for a malformed request.

process_ocsp_request(data: bytes) → HttpResponse

Process OCSP request data.

responder_cert: Certificate | str = ''

Public key of the responder.

This may either be:

• A relative path used by CA_FILE_STORAGE

• A serial of a certificate as stored in the database

• The PEM of the certificate as string

• A loaded Certificate

responder_key: str = ''

Private key used for signing OCSP responses. A relative path used by CA_FILE_STORAGE.