django_ca.extensions - X509 extensions
This module provides some small helper functions for handling extensions.
- django_ca.extensions.parse_extension(key: str, value: Extension[Admissions] | Extension[AuthorityInformationAccess] | Extension[CertificatePolicies] | Extension[CRLDistributionPoints] | Extension[ExtendedKeyUsage] | Extension[FreshestCRL] | Extension[IssuerAlternativeName] | Extension[KeyUsage] | Extension[MSCertificateTemplate] | Extension[OCSPNoCheck] | Extension[PrecertPoison] | Extension[SubjectAlternativeName] | Extension[TLSFeature] | Extension[AuthorityKeyIdentifier] | Extension[BasicConstraints] | Extension[PrecertificateSignedCertificateTimestamps] | Extension[SignedCertificateTimestamps] | Extension[SubjectInformationAccess] | Extension[SubjectKeyIdentifier] | Extension[InhibitAnyPolicy] | Extension[NameConstraints] | Extension[PolicyConstraints] | Extension[UnrecognizedExtension] | Admissions | AuthorityInformationAccess | CertificatePolicies | CRLDistributionPoints | ExtendedKeyUsage | FreshestCRL | IssuerAlternativeName | KeyUsage | MSCertificateTemplate | OCSPNoCheck | PrecertPoison | SubjectAlternativeName | TLSFeature | AuthorityKeyIdentifier | BasicConstraints | PrecertificateSignedCertificateTimestamps | SignedCertificateTimestamps | SubjectInformationAccess | SubjectKeyIdentifier | InhibitAnyPolicy | NameConstraints | PolicyConstraints | UnrecognizedExtension | ParsableExtension) Extension[Admissions] | Extension[AuthorityInformationAccess] | Extension[CertificatePolicies] | Extension[CRLDistributionPoints] | Extension[ExtendedKeyUsage] | Extension[FreshestCRL] | Extension[IssuerAlternativeName] | Extension[KeyUsage] | Extension[MSCertificateTemplate] | Extension[OCSPNoCheck] | Extension[PrecertPoison] | Extension[SubjectAlternativeName] | Extension[TLSFeature] | Extension[AuthorityKeyIdentifier] | Extension[BasicConstraints] | Extension[PrecertificateSignedCertificateTimestamps] | Extension[SignedCertificateTimestamps] | Extension[SubjectInformationAccess] | Extension[SubjectKeyIdentifier] | Extension[InhibitAnyPolicy] | Extension[NameConstraints] | Extension[PolicyConstraints] | Extension[UnrecognizedExtension][source]
Parse a serialized extension into a cryptography object.
This function is used by django_ca.profiles - Certificate profiles to parse configured extensions into standard cryptography extensions. If you need to parse a similar object, use this function.
The value is usually a
dictas described in profiles but for convenience, may also be aExtension, in which case the extension is returned unchanged. If you pass aExtensionType, an extension with the default critical value is returned.>>> parse_extension("key_usage", {'critical': True, 'value': ['keyCertSign']}) <Extension(..., critical=True, value=<KeyUsage(... key_cert_sign=True, ...)>)>
- Parameters:
- keystr
The key is the extension key used in the dictionary to name the extension, it must match one of the keys in
EXTENSION_KEYS.- valuedict,
ExtensionTypeorExtension The value that describes the extension. See Profiles for more information.
- django_ca.extensions.get_extension_name(oid: ObjectIdentifier) str[source]
Function to get the name of an extension from the extensions OID.
>>> from cryptography.x509.oid import ExtensionOID >>> get_extension_name(ExtensionOID.BASIC_CONSTRAINTS) 'Basic Constraints' >>> get_extension_name(x509.ObjectIdentifier("1.2.3")) 'Unknown extension (1.2.3)'