{"openapi": "3.1.0", "info": {"title": "django-ca API", "version": "2.2.0", "description": ""}, "paths": {"/django_ca/api/ca/": {"get": {"operationId": "django_ca_api_endpoints_list_certificate_authorities", "summary": "List available certificate authorities", "parameters": [{"in": "query", "name": "expired", "schema": {"default": false, "description": "Include expired CAs.", "title": "Expired", "type": "boolean"}, "required": false, "description": "Include expired CAs."}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/CertificateAuthoritySchema"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve a list of currently usable certificate authorities.", "tags": ["Certificate authorities"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/": {"get": {"operationId": "django_ca_api_endpoints_view_certificate_authority", "summary": "View certificate authority", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthoritySchema"}}}}}, "description": "Retrieve details of the certificate authority with the given serial.", "tags": ["Certificate authorities"], "security": [{"BasicAuth": []}]}, "put": {"operationId": "django_ca_api_endpoints_update_certificate_authority", "summary": "Update certificate authority", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthoritySchema"}}}}}, "description": "Update a certificate authority.\n\nAll request body fields are optional, so you can also update only individual fields.", "tags": ["Certificate authorities"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthorityUpdateSchema"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/sign/": {"post": {"operationId": "django_ca_api_endpoints_sign_certificate", "summary": "Sign a certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Sign a certificate.\n\nThe `extensions` value is optional and allows you to add additional extensions to the certificate. Usually\nextensions are defined either by the CA or by the named profile.", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SignCertificateMessage"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/orders/{slug}/": {"get": {"operationId": "django_ca_api_endpoints_get_certificate_order", "summary": "Retrieve certificate order", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "slug", "schema": {"title": "Slug", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Retrieve information about the certificate order identified by `slug`.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/": {"get": {"operationId": "django_ca_api_endpoints_list_certificates", "summary": "List certificates", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "query", "name": "autogenerated", "schema": {"default": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates).", "title": "Autogenerated", "type": "boolean"}, "required": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates)."}, {"in": "query", "name": "expired", "schema": {"default": false, "description": "Include expired certificates.", "title": "Expired", "type": "boolean"}, "required": false, "description": "Include expired certificates."}, {"in": "query", "name": "profile", "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Only return certificates generated with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile"}, "required": false, "description": "Only return certificates generated with the given profile."}, {"in": "query", "name": "revoked", "schema": {"default": false, "description": "Include revoked certificates.", "title": "Revoked", "type": "boolean"}, "required": false, "description": "Include revoked certificates."}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/CertificateSchema"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve certificates signed by the certificate authority named by `serial`.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/{certificate_serial}/": {"get": {"operationId": "django_ca_api_endpoints_view_certificate", "summary": "View certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateSchema"}}}}}, "description": "Retrieve details of the certificate with the given certificate serial.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/revoke/{certificate_serial}/": {"post": {"operationId": "django_ca_api_endpoints_revoke_certificate", "summary": "Revoke certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateSchema"}}}}}, "description": "Revoke a certificate with the given serial.\n\nBoth `reason` and `compromised` fields are optional.", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/RevokeCertificateSchema"}}}, "required": true}, "security": [{"BasicAuth": []}]}}}, "components": {"schemas": {"CertificateAuthorityFilterSchema": {"description": "Filter-schema for listing certificate authorities.", "properties": {"expired": {"default": false, "description": "Include expired CAs.", "title": "Expired", "type": "boolean"}}, "title": "CertificateAuthorityFilterSchema", "type": "object"}, "AccessDescriptionModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.AccessDescription`.\n\nThe `access_method` may be a dotted string OID or one of the aliases listed in\n:py:attr:`~django_ca.constants.ACCESS_METHOD_TYPES`. The `access_location` is a\n:py:class:`~django_ca.pydantic.general_name.GeneralNameModel`:\n\n.. pydantic-model:: access_description_ocsp\n\nThe syntax is identical for CA issuers:\n\n.. pydantic-model:: access_description_ca_issuers", "properties": {"access_method": {"title": "Access Method", "type": "string"}, "access_location": {"$ref": "#/components/schemas/GeneralNameModel"}}, "required": ["access_method", "access_location"], "title": "AccessDescriptionModel", "type": "object"}, "AuthorityInformationAccessModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.AuthorityInformationAccess` extension.\n\nThe `value` is a list of :py:class:`~django_ca.pydantic.extension_attributes.AccessDescriptionModel`\ninstances:\n\n.. pydantic-model:: authority_information_access", "properties": {"type": {"const": "authority_information_access", "default": "authority_information_access", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/AccessDescriptionModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "AuthorityInformationAccessModel", "type": "object"}, "CRLDistributionPointsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.CRLDistributionPoints` extension.\n\nThe `value` is a list of :py:class:`~django_ca.pydantic.extension_attributes.DistributionPointModel`\ninstances:\n\n.. pydantic-model:: crl_distribution_points", "properties": {"type": {"const": "crl_distribution_points", "default": "crl_distribution_points", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/DistributionPointModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "CRLDistributionPointsModel", "type": "object"}, "CertificateAuthoritySchema": {"description": "Schema for serializing a certificate authority.", "properties": {"created": {"description": "When the certificate was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "not_after": {"description": "The certificate is not valid after this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not After", "type": "string"}, "not_before": {"description": "The certificate is not valid before this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not Before", "type": "string"}, "pem": {"description": "The public key formatted as PEM.", "example": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n", "title": "Pem", "type": "string"}, "serial": {"description": "Serial (in hex) of the certificate.", "example": "ABC...0123", "title": "Serial", "type": "string"}, "subject": {"$ref": "#/components/schemas/NameModel", "description": "The subject as list of name attributes."}, "issuer": {"$ref": "#/components/schemas/NameModel", "description": "The issuer as list of name attributes."}, "revoked": {"description": "If the certificate was revoked.", "example": false, "title": "Revoked", "type": "boolean"}, "updated": {"description": "When the certificate was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "name": {"description": "The human-readable name of the certificate authority.", "title": "Name", "type": "string"}, "sign_authority_information_access": {"anyOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"type": "null"}], "description": "The Authority Information Access extension added to newly signed certificates."}, "sign_certificate_policies": {"anyOf": [{"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"type": "null"}], "description": "The Certificate Policies extension added to newly signed certificates."}, "sign_crl_distribution_points": {"anyOf": [{"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"type": "null"}], "description": "The CRL Distribution Points extension added to newly signed certificates."}, "sign_issuer_alternative_name": {"anyOf": [{"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"type": "null"}], "description": "The Issuer Alternative Name extension added to newly signed certificates."}, "caa_identity": {"anyOf": [{"maxLength": 32, "type": "string"}, {"type": "null"}], "description": "CAA identity for this CA (NOTE: Not currently used!).", "title": "CAA identity"}, "website": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Website for your CA.", "title": "Website"}, "terms_of_service": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "URL to Terms of Service for this CA", "title": "Terms of Service"}, "ocsp_responder_key_validity": {"default": 3, "description": "How long <strong>(in days)</strong> OCSP responder keys may be valid.", "title": "OCSP responder key validity", "type": "integer"}, "ocsp_response_validity": {"default": 86400, "description": "How long <strong>(in seconds)</strong> OCSP responses may be considered valid by the client.", "title": "OCSP response validity", "type": "integer"}, "acme_enabled": {"default": false, "description": "Whether it is possible to use ACME for this CA.", "title": "Enable ACME", "type": "boolean"}, "acme_registration": {"default": true, "description": "Allow ACME clients to register new accounts.", "title": "ACME account registration.", "type": "boolean"}, "acme_profile": {"description": "Profile used when generating ACME certificates.", "maxLength": 32, "title": "Profile", "type": "string"}, "acme_requires_contact": {"default": true, "description": "If this CA requires a contact address during account registration.", "title": "Requires contact", "type": "boolean"}, "can_sign_certificates": {"description": "If the certificate authority can be used to sign certificates via the API.", "title": "Can Sign Certificates", "type": "boolean"}}, "required": ["created", "not_after", "not_before", "pem", "serial", "subject", "issuer", "revoked", "updated", "name", "can_sign_certificates"], "title": "CertificateAuthoritySchema", "type": "object"}, "CertificatePoliciesModel": {"description": "A CertificatePolicies extension.", "properties": {"type": {"const": "certificate_policies", "default": "certificate_policies", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"description": "The value of the CertificatePolicies extension is a list of policy information objects.", "items": {"$ref": "#/components/schemas/PolicyInformationModel"}, "minItems": 1, "title": "Value", "type": "array", "uniqueItems": true}}, "required": ["value"], "title": "CertificatePoliciesModel", "type": "object"}, "DistributionPointModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.DistributionPoint`.\n\nIn its by far most common form, this model only has a `full_name` containing a URI:\n\n>>> DistributionPointModel(\n...     full_name=[{\"type\": \"URI\", \"value\": \"https://ca.example.com/crl\"}]\n... )  # doctest: +STRIP_WHITESPACE\nDistributionPointModel(\n    full_name=[GeneralNameModel(type='URI', value='https://ca.example.com/crl')],\n    relative_name=None, crl_issuer=None, reasons=None\n)\n\nOf course, other fields are also supported:\n\n>>> DistributionPointModel(\n...     relative_name=[{\"oid\": \"2.5.4.3\", \"value\": \"example.com\"}],\n...     crl_issuer=[{\"type\": \"URI\", \"value\": \"https://ca.example.com/issuer\"}],\n...     reasons={\"key_compromise\",}\n... )  # doctest: +STRIP_WHITESPACE\nDistributionPointModel(\n    full_name=None,\n    relative_name=NameModel(root=[NameAttributeModel(oid='2.5.4.3', value='example.com')]),\n    crl_issuer=[GeneralNameModel(type='URI', value='https://ca.example.com/issuer')],\n    reasons={'key_compromise'}\n)", "properties": {"full_name": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Full Name"}, "relative_name": {"anyOf": [{"$ref": "#/components/schemas/NameModel"}, {"type": "null"}]}, "crl_issuer": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Crl Issuer"}, "reasons": {"anyOf": [{"items": {"enum": ["aa_compromise", "affiliation_changed", "ca_compromise", "certificate_hold", "cessation_of_operation", "key_compromise", "privilege_withdrawn", "superseded"], "type": "string"}, "type": "array", "uniqueItems": true}, {"type": "null"}], "title": "Reasons"}}, "title": "DistributionPointModel", "type": "object"}, "GeneralNameModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.NameAttribute`.\n\nThis model takes a `type` named in :py:attr:`~django_ca.constants.GENERAL_NAME_TYPES` and a `value` that\nis usually a ``str``:\n\n.. pydantic-model:: general_name\n\nFor directory names, you have to pass a :py:class:`~django_ca.pydantic.name.NameModel` instead:\n\n.. pydantic-model:: general_name_name\n\nFor :py:class:`~cg:cryptography.x509.OtherName` instances, pass a\n:py:class:`~django_ca.pydantic.general_name.OtherNameModel` instead:\n\n.. pydantic-model:: general_name_othername\n   :cryptography-prefix: othername", "properties": {"type": {"enum": ["email", "URI", "IP", "DNS", "RID", "dirName", "otherName"], "title": "Type", "type": "string"}, "value": {"oneOf": [{"type": "string"}, {"$ref": "#/components/schemas/NameModel"}, {"$ref": "#/components/schemas/OtherNameModel"}, {"anyOf": [{"format": "ipv4", "type": "string"}, {"format": "ipv6", "type": "string"}, {"format": "ipv4network", "type": "string"}, {"format": "ipv6network", "type": "string"}]}], "title": "Value"}}, "required": ["type", "value"], "title": "GeneralNameModel", "type": "object"}, "IssuerAlternativeNameModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.IssuerAlternativeName` extension.\n\nThis model behaves exactly like :py:class:`~django_ca.pydantic.SubjectAlternativeNameModel`.", "properties": {"type": {"const": "issuer_alternative_name", "default": "issuer_alternative_name", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "IssuerAlternativeNameModel", "type": "object"}, "NameAttributeModel": {"description": "A NameAttribute is defined by an object identifier (OID) and a value.", "properties": {"oid": {"description": "A dotted string representing the OID or a known alias as described in [NAME_OID_TYPES](https://django-ca.readthedocs.io/en/latest/python/constants.html#django_ca.constants.NAME_OID_TYPES).", "example": "2.5.4.3", "title": "Object identifier", "type": "string"}, "value": {"description": "Actual value of the attribute. For x500 unique identifiers (OID 2.5.4.45) the value must be the base64 encoded.", "example": "example.com", "title": "Value", "type": "string"}}, "required": ["oid", "value"], "title": "NameAttributeModel", "type": "object"}, "NameModel": {"description": "A Name is composed of a list of name attributes.", "example": [{"oid": "2.5.4.6", "value": "AT"}, {"oid": "2.5.4.3", "value": "example.com"}], "format": "X.501 Name", "items": {"$ref": "#/components/schemas/NameAttributeModel"}, "title": "NameModel", "type": "array"}, "NoticeReferenceModel": {"description": "A NoticeReferenceModel consists of an optional *organization* and an optional list of *notice_numbers*.", "properties": {"organization": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Organization"}, "notice_numbers": {"items": {"type": "integer"}, "title": "Notice Numbers", "type": "array"}}, "required": ["notice_numbers"], "title": "NoticeReferenceModel", "type": "object"}, "OtherNameModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.OtherName`.\n\nThe `oid` argument may be any valid object identifier as dotted string (e.g. ``\"1.2.3\"``).\n\nThe `type` argument may be any type in :py:attr:`~django_ca.constants.OTHER_NAME_TYPES` or\n:py:class:`~django_ca.constants.OTHER_NAME_ALIASES`.\n\nThe type of the `value` argument depends on the `type` value. String variants (``UTFString``, etc.)\nrequire a ``str``, boolean requires a ``bool`` value and so on:\n\n.. pydantic-model:: othername\n\nFor datetime variants (``UTCTIME`` and ``GENERALIZEDTIME``), you must pass a timezone-aware object:\n\n.. pydantic-model:: othername_utctime\n\nFor ``INTEGER``, you can pass an ``int`` or a ``str`` for a base 16 integer:\n\n.. pydantic-model:: othername_integer\n\nFinally, for an ``OctetString``, pass the raw bytes or as a hex-encoded string:\n\n.. pydantic-model:: othername_octetstring\n\nAs usual, the ``cryptography`` property will return the cryptography variant of the model:\n\n>>> OtherNameModel(oid=\"1.2.3\", type=\"IA5STRING\", value=\"some string\").cryptography\n<OtherName(type_id=<ObjectIdentifier(oid=1.2.3, name=Unknown OID)>, value=b'\\x16\\x0bsome string')>", "properties": {"oid": {"title": "Oid", "type": "string"}, "type": {"enum": ["UTF8String", "UNIVERSALSTRING", "IA5STRING", "BOOLEAN", "NULL", "UTCTIME", "GENERALIZEDTIME", "INTEGER", "OctetString"], "title": "Type", "type": "string"}, "value": {"anyOf": [{"type": "string"}, {"type": "boolean"}, {"format": "date-time", "type": "string"}, {"type": "integer"}, {"type": "null"}], "title": "Value"}}, "required": ["oid", "type", "value"], "title": "OtherNameModel", "type": "object"}, "PolicyInformationModel": {"description": "A PolicyInformationModel consists of a *policy_identifier* and an optional list *policy_qualifiers*.", "properties": {"policy_identifier": {"description": "An object identifier (OID) as dotted string.", "example": "2.5.29.32.0", "title": "Policy Identifier", "type": "string"}, "policy_qualifiers": {"anyOf": [{"items": {"anyOf": [{"type": "string"}, {"$ref": "#/components/schemas/UserNoticeModel"}]}, "type": "array"}, {"type": "null"}], "description": "Optional list of policy qualifiers, a list of strings and/or UserNoticeModel objects.", "example": ["http://ca.example.com/cps", {"explicit_text": "Some text."}], "title": "Policy Qualifiers"}}, "required": ["policy_identifier"], "title": "PolicyInformationModel", "type": "object"}, "UserNoticeModel": {"description": "A UserNoticeModel consists of an *explicit_text* and an optional *notice_reference*.", "properties": {"notice_reference": {"anyOf": [{"$ref": "#/components/schemas/NoticeReferenceModel"}, {"type": "null"}]}, "explicit_text": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Explicit Text"}}, "required": ["explicit_text"], "title": "UserNoticeModel", "type": "object"}, "CertificateAuthorityUpdateSchema": {"description": "Schema for updating certificate authorities.", "properties": {"name": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The human-readable name of the certificate authority.", "required": false, "title": "Name"}, "sign_authority_information_access": {"anyOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"type": "null"}], "description": "The Authority Information Access extension added to newly signed certificates."}, "sign_certificate_policies": {"anyOf": [{"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"type": "null"}], "description": "The Certificate Policies extension added to newly signed certificates."}, "sign_crl_distribution_points": {"anyOf": [{"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"type": "null"}], "description": "The CRL Distribution Points extension added to newly signed certificates."}, "sign_issuer_alternative_name": {"anyOf": [{"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"type": "null"}], "description": "The Issuer Alternative Name extension added to newly signed certificates."}, "caa_identity": {"anyOf": [{"maxLength": 32, "type": "string"}, {"type": "null"}], "description": "CAA identity for this CA (NOTE: Not currently used!).", "title": "CAA identity"}, "website": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Website for your CA.", "title": "Website"}, "terms_of_service": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "URL to Terms of Service for this CA", "title": "Terms of Service"}, "ocsp_responder_key_validity": {"default": 3, "description": "How long <strong>(in days)</strong> OCSP responder keys may be valid.", "title": "OCSP responder key validity", "type": "integer"}, "ocsp_response_validity": {"default": 86400, "description": "How long <strong>(in seconds)</strong> OCSP responses may be considered valid by the client.", "title": "OCSP response validity", "type": "integer"}, "acme_enabled": {"default": false, "description": "Whether it is possible to use ACME for this CA.", "title": "Enable ACME", "type": "boolean"}, "acme_registration": {"default": true, "description": "Allow ACME clients to register new accounts.", "title": "ACME account registration.", "type": "boolean"}, "acme_profile": {"description": "Profile used when generating ACME certificates.", "maxLength": 32, "title": "Profile", "type": "string"}, "acme_requires_contact": {"default": true, "description": "If this CA requires a contact address during account registration.", "title": "Requires contact", "type": "boolean"}}, "title": "CertificateAuthorityUpdateSchema", "type": "object"}, "CertificateOrderSchema": {"description": "Schema for certificate orders.", "properties": {"user": {"description": "Username of the user.", "title": "User", "type": "string"}, "serial": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Serial"}, "created": {"description": "When the order was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "updated": {"description": "When the order was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "slug": {"description": "Slug identifying the order.", "title": "Slug", "type": "string"}, "status": {"default": "pending", "description": "Current status of the order.", "maxLength": 8, "title": "Status", "type": "string"}}, "required": ["user", "created", "updated"], "title": "CertificateOrderSchema", "type": "object"}, "AdmissionModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.Admission`.\n\n.. versionadded:: 2.1.0", "properties": {"admission_authority": {"anyOf": [{"$ref": "#/components/schemas/GeneralNameModel"}, {"type": "null"}]}, "naming_authority": {"anyOf": [{"$ref": "#/components/schemas/NamingAuthorityModel"}, {"type": "null"}]}, "profession_infos": {"items": {"$ref": "#/components/schemas/ProfessionInfoModel"}, "minItems": 1, "title": "Profession Infos", "type": "array"}}, "required": ["profession_infos"], "title": "AdmissionModel", "type": "object"}, "AdmissionsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.Admissions` extension.\n\n.. versionadded:: 2.1.0\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.AdmissionsValueModel`:\n\n.. pydantic-model:: admissions_model\n\nThe model supports an arbitrary number of :py:class:`Admission\n<django_ca.pydantic.extension_attributes.AdmissionModel>` and :py:class:`ProfessionInfo\n<django_ca.pydantic.extension_attributes.ProfessionInfoModel>` instances:\n\n.. pydantic-model:: admissions_model_complex\n\ntest", "properties": {"type": {"const": "admissions", "default": "admissions", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/AdmissionsValueModel"}}, "required": ["value"], "title": "AdmissionsModel", "type": "object"}, "AdmissionsValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.Admissions`.\n\n.. versionadded:: 2.1.0", "properties": {"authority": {"anyOf": [{"$ref": "#/components/schemas/GeneralNameModel"}, {"type": "null"}]}, "admissions": {"items": {"$ref": "#/components/schemas/AdmissionModel"}, "title": "Admissions", "type": "array"}}, "title": "AdmissionsValueModel", "type": "object"}, "ExtendedKeyUsageModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.ExtendedKeyUsage` extension.\n\nThe `value` is a list valid object identifiers as dotted strings. For convenience, any name from\n:py:attr:`~django_ca.constants.EXTENDED_KEY_USAGE_NAMES` can also be given:\n\n.. pydantic-model:: extended_key_usage", "properties": {"type": {"const": "extended_key_usage", "default": "extended_key_usage", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "ExtendedKeyUsageModel", "type": "object"}, "FreshestCRLModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.FreshestCRL` extension.\n\nThis model behaves exactly like :py:class:`~django_ca.pydantic.CRLDistributionPointsModel`.", "properties": {"type": {"const": "freshest_crl", "default": "freshest_crl", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/DistributionPointModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "FreshestCRLModel", "type": "object"}, "JSON": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/JSON"}, "type": "object"}, {"items": {"$ref": "#/components/schemas/JSON"}, "type": "array"}, {"type": "string"}, {"type": "integer"}, {"type": "number"}, {"type": "boolean"}, {"type": "null"}]}, "KeyUsageModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.KeyUsage` extension.\n\nAll key usages default to ``False``, so you can skip giving any usages you don't care about. For\nconvenience, the model also accepts values as used in `RFC 5280`_ (full mapping in\n:py:attr:`~django_ca.constants.KEY_USAGE_NAMES`):\n\n.. pydantic-model:: key_usage", "properties": {"type": {"const": "key_usage", "default": "key_usage", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"items": {"enum": ["crl_sign", "data_encipherment", "decipher_only", "digital_signature", "encipher_only", "key_agreement", "key_cert_sign", "key_encipherment", "content_commitment"], "type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "KeyUsageModel", "type": "object"}, "MSCertificateTemplateModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.MSCertificateTemplate` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.MSCertificateTemplateValueModel`\ninstance, where `major_version` and `minor_version` are both optional:\n\n.. pydantic-model:: ms_certificate_template\n\nNote that this extension does not have a default defined for the `critical` parameter, so it is mandatory.", "properties": {"type": {"const": "ms_certificate_template", "default": "ms_certificate_template", "title": "Type", "type": "string"}, "critical": {"title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/MSCertificateTemplateValueModel"}}, "required": ["critical", "value"], "title": "MSCertificateTemplateModel", "type": "object"}, "MSCertificateTemplateValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.MSCertificateTemplate`.\n\nThe `template_id` parameter is a dotted-string object identifier, while `major_version` and\n`minor_version` are optional integers:\n\n>>> MSCertificateTemplateValueModel(template_id=\"1.2.3\", major_version=1)\nMSCertificateTemplateValueModel(template_id='1.2.3', major_version=1, minor_version=None)", "properties": {"template_id": {"title": "Template Id", "type": "string"}, "major_version": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Major Version"}, "minor_version": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Minor Version"}}, "required": ["template_id"], "title": "MSCertificateTemplateValueModel", "type": "object"}, "NamingAuthorityModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.NamingAuthority`.\n\n.. versionadded:: 2.1.0", "properties": {"id": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Id"}, "url": {"anyOf": [{"maxLength": 128, "type": "string"}, {"type": "null"}], "title": "Url"}, "text": {"anyOf": [{"maxLength": 128, "type": "string"}, {"type": "null"}], "title": "Text"}}, "title": "NamingAuthorityModel", "type": "object"}, "OCSPNoCheckModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.OCSPNoCheck` extension.\n\nThis extension does not have a value, and thus can be instantiated without any parameters (but ``None``\nis also accepted):\n\n.. pydantic-model:: ocsp_no_check", "properties": {"type": {"const": "ocsp_no_check", "default": "ocsp_no_check", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "null"}}, "title": "OCSPNoCheckModel", "type": "object"}, "PrecertPoisonModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.PrecertPoison` extension.\n\nThis extension does not have a value, and thus can be instantiated without any parameters (but ``None``\nis also accepted):\n\n.. pydantic-model:: precert_poison", "properties": {"type": {"const": "precert_poison", "default": "precert_poison", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "null"}}, "title": "PrecertPoisonModel", "type": "object"}, "ProfessionInfoModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.ProfessionInfo`.\n\n.. versionadded:: 2.1.0", "properties": {"naming_authority": {"anyOf": [{"$ref": "#/components/schemas/NamingAuthorityModel"}, {"type": "null"}]}, "profession_items": {"items": {"maxLength": 128, "type": "string"}, "minItems": 1, "title": "Profession Items", "type": "array"}, "profession_oids": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Profession Oids"}, "registration_number": {"anyOf": [{"maxLength": 128, "type": "string"}, {"type": "null"}], "title": "Registration Number"}, "add_profession_info": {"anyOf": [{"format": "binary", "type": "string"}, {"type": "null"}], "title": "Add Profession Info"}}, "required": ["profession_items"], "title": "ProfessionInfoModel", "type": "object"}, "SignCertificateMessage": {"description": "Schema for signing certificates.", "properties": {"key_backend_options": {"additionalProperties": {"$ref": "#/components/schemas/JSON"}, "description": "Options for the key backend. Valid values depend on the key backend of the certificate authority. If not passed, the key backend must be configured for automatic signing in the backend.", "title": "Key Backend Options", "type": "object"}, "algorithm": {"anyOf": [{"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "type": "string"}, {"type": "null"}], "description": "Hash algorithm used for signing (default: same as in the certificate authority).", "title": "Algorithm"}, "autogenerated": {"default": false, "description": "If the certificate should be marked as auto-generated.", "title": "Autogenerated", "type": "boolean"}, "csr": {"description": "The certificate signing request (CSR) in PEM format", "example": "-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----\n", "format": "binary", "title": "CSR", "type": "string"}, "not_after": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate is due to expire, defaults to the CA_DEFAULT_EXPIRES setting.", "example": "2023-07-30T10:06:35Z", "title": "Not After"}, "extensions": {"anyOf": [{"items": {"discriminator": {"mapping": {"admissions": "#/components/schemas/AdmissionsModel", "authority_information_access": "#/components/schemas/AuthorityInformationAccessModel", "certificate_policies": "#/components/schemas/CertificatePoliciesModel", "crl_distribution_points": "#/components/schemas/CRLDistributionPointsModel", "extended_key_usage": "#/components/schemas/ExtendedKeyUsageModel", "freshest_crl": "#/components/schemas/FreshestCRLModel", "issuer_alternative_name": "#/components/schemas/IssuerAlternativeNameModel", "key_usage": "#/components/schemas/KeyUsageModel", "ms_certificate_template": "#/components/schemas/MSCertificateTemplateModel", "ocsp_no_check": "#/components/schemas/OCSPNoCheckModel", "precert_poison": "#/components/schemas/PrecertPoisonModel", "subject_alternative_name": "#/components/schemas/SubjectAlternativeNameModel", "tls_feature": "#/components/schemas/TLSFeatureModel"}, "propertyName": "type"}, "oneOf": [{"$ref": "#/components/schemas/AdmissionsModel"}, {"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"$ref": "#/components/schemas/ExtendedKeyUsageModel"}, {"$ref": "#/components/schemas/FreshestCRLModel"}, {"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"$ref": "#/components/schemas/KeyUsageModel"}, {"$ref": "#/components/schemas/MSCertificateTemplateModel"}, {"$ref": "#/components/schemas/OCSPNoCheckModel"}, {"$ref": "#/components/schemas/PrecertPoisonModel"}, {"$ref": "#/components/schemas/SubjectAlternativeNameModel"}, {"$ref": "#/components/schemas/TLSFeatureModel"}]}, "type": "array"}, {"type": "null"}], "description": "**Optional** additional extensions to add to the certificate.", "title": "Extensions"}, "profile": {"default": "webserver", "description": "Issue the certificate with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile", "type": "string"}, "subject": {"$ref": "#/components/schemas/NameModel", "description": "The subject as list of name attributes."}}, "required": ["csr", "subject"], "title": "SignCertificateMessage", "type": "object"}, "SubjectAlternativeNameModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.SubjectAlternativeName` extension.\n\nThe `general_names` attribute is a list of :py:class:`~django_ca.pydantic.general_name.GeneralNameModel`\ninstances:\n\n.. pydantic-model:: subject_alternative_name", "properties": {"type": {"const": "subject_alternative_name", "default": "subject_alternative_name", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "SubjectAlternativeNameModel", "type": "object"}, "TLSFeatureModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.TLSFeature` extension.\n\nThe `value` is a list of one or both of ``\"status_request\"`` and ``\"status_request_v2\"``.\n\n.. pydantic-model:: tls_feature\n\nFor convenience, the model also accepts keys named in :py:attr:`~django_ca.constants.TLS_FEATURE_NAMES`:\n\n.. pydantic-model:: tls_feature_names\n   :cryptography-prefix: tls_feature", "properties": {"type": {"const": "tls_feature", "default": "tls_feature", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"enum": ["status_request", "status_request_v2"], "type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "TLSFeatureModel", "type": "object"}, "CertificateFilterSchema": {"description": "Filter schema for certificates.", "properties": {"autogenerated": {"default": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates).", "title": "Autogenerated", "type": "boolean"}, "expired": {"default": false, "description": "Include expired certificates.", "title": "Expired", "type": "boolean"}, "profile": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Only return certificates generated with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile"}, "revoked": {"default": false, "description": "Include revoked certificates.", "title": "Revoked", "type": "boolean"}}, "title": "CertificateFilterSchema", "type": "object"}, "CertificateSchema": {"description": "Schema for serializing a certificate.", "properties": {"created": {"description": "When the certificate was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "not_after": {"description": "The certificate is not valid after this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not After", "type": "string"}, "not_before": {"description": "The certificate is not valid before this date.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Not Before", "type": "string"}, "pem": {"description": "The public key formatted as PEM.", "example": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n", "title": "Pem", "type": "string"}, "serial": {"description": "Serial (in hex) of the certificate.", "example": "ABC...0123", "title": "Serial", "type": "string"}, "subject": {"$ref": "#/components/schemas/NameModel", "description": "The subject as list of name attributes."}, "issuer": {"$ref": "#/components/schemas/NameModel", "description": "The issuer as list of name attributes."}, "revoked": {"description": "If the certificate was revoked.", "example": false, "title": "Revoked", "type": "boolean"}, "updated": {"description": "When the certificate was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "autogenerated": {"description": "If the field was automatically generated (e.g. for an OCSP responder).", "title": "Autogenerated", "type": "boolean"}, "profile": {"description": "The profile that the certificate was generated with.", "title": "Profile", "type": "string"}}, "required": ["created", "not_after", "not_before", "pem", "serial", "subject", "issuer", "revoked", "updated", "autogenerated", "profile"], "title": "CertificateSchema", "type": "object"}, "ReasonFlags": {"description": "An enumeration for CRL reasons.\n\nThis enumeration is a copy of ``cryptography.x509.ReasonFlags``. We create a copy because any change\nin the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems\nwith your Django project.", "enum": ["unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "privilegeWithdrawn", "aACompromise", "removeFromCRL"], "title": "ReasonFlags", "type": "string"}, "RevokeCertificateSchema": {"description": "Schema for revoking certificates.", "properties": {"compromised": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate was compromised.", "title": "Compromised"}, "reason": {"allOf": [{"$ref": "#/components/schemas/ReasonFlags"}], "default": "unspecified", "description": "The reason why the certificate was revoked. Valid values are `unspecified`,\n        `keyCompromise`, `cACompromise`, `affiliationChanged`, `superseeded`, `cessationOfOperation`, \n        `certificateHold`, `privilegeWithdrawn`, `aACompromise` and `removeFromCRL`."}}, "title": "RevokeCertificateSchema", "type": "object"}}, "securitySchemes": {"BasicAuth": {"type": "http", "scheme": "basic"}}}, "servers": []}