{"openapi": "3.1.0", "info": {"title": "django-ca API", "version": "3.0.0", "description": ""}, "paths": {"/django_ca/api/profiles/": {"get": {"operationId": "django_ca_api_endpoints_list_profiles", "summary": "List available profiles", "parameters": [], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/Profile"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve a list of currently available profiles.", "tags": ["Profiles"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/profiles/{name}/": {"get": {"operationId": "django_ca_api_endpoints_view_profile", "summary": "List available profiles", "parameters": [{"in": "path", "name": "name", "schema": {"title": "Name", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/Profile"}}}}}, "description": "Retrieve the named profile.", "tags": ["Profiles"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/": {"get": {"operationId": "django_ca_api_endpoints_list_certificate_authorities", "summary": "List available certificate authorities", "parameters": [{"in": "query", "name": "expired", "schema": {"default": false, "description": "Include expired CAs.", "title": "Expired", "type": "boolean"}, "required": false, "description": "Include expired CAs."}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/DjangoCertificateAuthorityModel"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve a list of currently usable certificate authorities.", "tags": ["Certificate authorities"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/": {"get": {"operationId": "django_ca_api_endpoints_view_certificate_authority", "summary": "View certificate authority", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DjangoCertificateAuthorityModel"}}}}}, "description": "Retrieve details of the certificate authority with the given serial.", "tags": ["Certificate authorities"], "security": [{"BasicAuth": []}]}, "put": {"operationId": "django_ca_api_endpoints_update_certificate_authority", "summary": "Update certificate authority", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DjangoCertificateAuthorityModel"}}}}}, "description": "Update a certificate authority.\n\nAll request body fields are optional, so you can also update only individual fields.", "tags": ["Certificate authorities"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateAuthorityUpdateSchema"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/sign/": {"post": {"operationId": "django_ca_api_endpoints_sign_certificate", "summary": "Sign a certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Sign a certificate.\n\nThe `extensions` value is optional and allows you to add additional extensions to the certificate. Usually\nextensions are defined either by the CA or by the named profile.", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SignCertificateMessage"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/orders/{slug}/": {"get": {"operationId": "django_ca_api_endpoints_get_certificate_order", "summary": "Retrieve certificate order", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "slug", "schema": {"title": "Slug", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Retrieve information about the certificate order identified by `slug`.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/": {"get": {"operationId": "django_ca_api_endpoints_list_certificates", "summary": "List certificates", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "query", "name": "autogenerated", "schema": {"default": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates).", "title": "Autogenerated", "type": "boolean"}, "required": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates)."}, {"in": "query", "name": "expired", "schema": {"default": false, "description": "Include expired certificates.", "title": "Expired", "type": "boolean"}, "required": false, "description": "Include expired certificates."}, {"in": "query", "name": "profile", "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Only return certificates generated with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile"}, "required": false, "description": "Only return certificates generated with the given profile."}, {"in": "query", "name": "revoked", "schema": {"default": false, "description": "Include revoked certificates.", "title": "Revoked", "type": "boolean"}, "required": false, "description": "Include revoked certificates."}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"items": {"$ref": "#/components/schemas/DjangoCertificateModel"}, "title": "Response", "type": "array"}}}}}, "description": "Retrieve certificates signed by the certificate authority named by `serial`.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/{certificate_serial}/": {"get": {"operationId": "django_ca_api_endpoints_view_certificate", "summary": "View certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DjangoCertificateModel"}}}}}, "description": "Retrieve details of the certificate with the given certificate serial.", "tags": ["Certificates"], "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/{certificate_serial}/resign/": {"post": {"operationId": "django_ca_api_endpoints_resign_certificate", "summary": "Resign a certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CertificateOrderSchema"}}}}}, "description": "Resign the named certificate.\n\nThe certificate will be resigned using the same certificate authority and the same signing algorithm as\nthe original certificate. Extensions will be copied over to the new certificate *except* where the CA\nsets its own extensions (such as CRLDistributionPoints, AuthorityInformationAccess, ...).", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/ResignCertificateMessage"}}}, "required": true}, "security": [{"BasicAuth": []}]}}, "/django_ca/api/ca/{serial}/certs/{certificate_serial}/revoke/": {"post": {"operationId": "django_ca_api_endpoints_revoke_certificate", "summary": "Revoke certificate", "parameters": [{"in": "path", "name": "serial", "schema": {"title": "Serial", "type": "string"}, "required": true}, {"in": "path", "name": "certificate_serial", "schema": {"title": "Certificate Serial", "type": "string"}, "required": true}], "responses": {"200": {"description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DjangoCertificateModel"}}}}}, "description": "Revoke a certificate with the given serial.\n\nBoth `reason` and `compromised` fields are optional.", "tags": ["Certificates"], "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/RevokeCertificateSchema"}}}, "required": true}, "security": [{"BasicAuth": []}]}}}, "components": {"schemas": {"AccessDescriptionModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.AccessDescription`.\n\nThe `access_method` may be a dotted string OID or one of the aliases listed in\n:py:attr:`~django_ca.constants.ACCESS_METHOD_TYPES`. The `access_location` is a\n:py:class:`~django_ca.pydantic.general_name.GeneralNameModel`:\n\n.. pydantic-model:: access_description_ocsp\n\nThe syntax is identical for CA issuers:\n\n.. pydantic-model:: access_description_ca_issuers", "properties": {"access_method": {"title": "Access Method", "type": "string"}, "access_location": {"$ref": "#/components/schemas/GeneralNameModel"}}, "required": ["access_method", "access_location"], "title": "AccessDescriptionModel", "type": "object"}, "AdmissionModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.Admission`.\n\n.. versionadded:: 2.1.0", "properties": {"admission_authority": {"anyOf": [{"$ref": "#/components/schemas/GeneralNameModel"}, {"type": "null"}]}, "naming_authority": {"anyOf": [{"$ref": "#/components/schemas/NamingAuthorityModel"}, {"type": "null"}]}, "profession_infos": {"items": {"$ref": "#/components/schemas/ProfessionInfoModel"}, "minItems": 1, "title": "Profession Infos", "type": "array"}}, "required": ["profession_infos"], "title": "AdmissionModel", "type": "object"}, "AdmissionsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.Admissions` extension.\n\n.. versionadded:: 2.1.0\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.AdmissionsValueModel`:\n\n.. pydantic-model:: admissions_model\n\nThe model supports an arbitrary number of :py:class:`Admission\n<django_ca.pydantic.extension_attributes.AdmissionModel>` and :py:class:`ProfessionInfo\n<django_ca.pydantic.extension_attributes.ProfessionInfoModel>` instances:\n\n.. pydantic-model:: admissions_model_complex\n\ntest", "properties": {"type": {"const": "admissions", "default": "admissions", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/AdmissionsValueModel"}}, "required": ["value"], "title": "AdmissionsModel", "type": "object"}, "AdmissionsValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.Admissions`.\n\n.. versionadded:: 2.1.0", "properties": {"authority": {"anyOf": [{"$ref": "#/components/schemas/GeneralNameModel"}, {"type": "null"}]}, "admissions": {"items": {"$ref": "#/components/schemas/AdmissionModel"}, "title": "Admissions", "type": "array"}}, "title": "AdmissionsValueModel", "type": "object"}, "AuthorityInformationAccessModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.AuthorityInformationAccess` extension.\n\nThe `value` is a list of :py:class:`~django_ca.pydantic.extension_attributes.AccessDescriptionModel`\ninstances:\n\n.. pydantic-model:: authority_information_access", "properties": {"type": {"const": "authority_information_access", "default": "authority_information_access", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/AccessDescriptionModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "AuthorityInformationAccessModel", "type": "object"}, "CRLDistributionPointsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.CRLDistributionPoints` extension.\n\nThe `value` is a list of :py:class:`~django_ca.pydantic.extension_attributes.DistributionPointModel`\ninstances:\n\n.. pydantic-model:: crl_distribution_points", "properties": {"type": {"const": "crl_distribution_points", "default": "crl_distribution_points", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/DistributionPointModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "CRLDistributionPointsModel", "type": "object"}, "CertificatePoliciesModel": {"description": "A CertificatePolicies extension.", "properties": {"type": {"const": "certificate_policies", "default": "certificate_policies", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"description": "The value of the CertificatePolicies extension is a list of policy information objects.", "items": {"$ref": "#/components/schemas/PolicyInformationModel"}, "minItems": 1, "title": "Value", "type": "array", "uniqueItems": true}}, "required": ["value"], "title": "CertificatePoliciesModel", "type": "object"}, "DistributionPointModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.DistributionPoint`.\n\nIn its by far most common form, this model only has a `full_name` containing a URI:\n\n>>> DistributionPointModel(\n...     full_name=[{\"type\": \"URI\", \"value\": \"https://ca.example.com/crl\"}]\n... )  # doctest: +STRIP_WHITESPACE\nDistributionPointModel(\n    full_name=[GeneralNameModel(type='URI', value='https://ca.example.com/crl')],\n    relative_name=None, crl_issuer=None, reasons=None\n)\n\nOf course, other fields are also supported:\n\n>>> DistributionPointModel(\n...     relative_name=[{\"oid\": \"2.5.4.3\", \"value\": \"example.com\"}],\n...     crl_issuer=[{\"type\": \"URI\", \"value\": \"https://ca.example.com/issuer\"}],\n...     reasons={\"key_compromise\",}\n... )  # doctest: +STRIP_WHITESPACE\nDistributionPointModel(\n    full_name=None,\n    relative_name=NameModel(root=[NameAttributeModel(oid='2.5.4.3', value='example.com')]),\n    crl_issuer=[GeneralNameModel(type='URI', value='https://ca.example.com/issuer')],\n    reasons={'key_compromise'}\n)", "properties": {"full_name": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Full Name"}, "relative_name": {"anyOf": [{"$ref": "#/components/schemas/NameModel"}, {"type": "null"}]}, "crl_issuer": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Crl Issuer"}, "reasons": {"anyOf": [{"items": {"enum": ["aa_compromise", "affiliation_changed", "ca_compromise", "certificate_hold", "cessation_of_operation", "key_compromise", "privilege_withdrawn", "superseded"], "type": "string"}, "type": "array", "uniqueItems": true}, {"type": "null"}], "title": "Reasons"}}, "title": "DistributionPointModel", "type": "object"}, "ExtendedKeyUsageModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.ExtendedKeyUsage` extension.\n\nThe `value` is a list valid object identifiers as dotted strings. For convenience, any name from\n:py:attr:`~django_ca.constants.EXTENDED_KEY_USAGE_NAMES` can also be given:\n\n.. pydantic-model:: extended_key_usage", "properties": {"type": {"const": "extended_key_usage", "default": "extended_key_usage", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "ExtendedKeyUsageModel", "type": "object"}, "FreshestCRLModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.FreshestCRL` extension.\n\nThis model behaves exactly like :py:class:`~django_ca.pydantic.CRLDistributionPointsModel`.", "properties": {"type": {"const": "freshest_crl", "default": "freshest_crl", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/DistributionPointModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "FreshestCRLModel", "type": "object"}, "GeneralNameModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.NameAttribute`.\n\nThis model takes a `type` named in :py:attr:`~django_ca.constants.GENERAL_NAME_TYPES` and a `value` that\nis usually a ``str``:\n\n.. pydantic-model:: general_name\n\nFor directory names, you have to pass a :py:class:`~django_ca.pydantic.name.NameModel` instead:\n\n.. pydantic-model:: general_name_name\n\nFor :py:class:`~cg:cryptography.x509.OtherName` instances, pass a\n:py:class:`~django_ca.pydantic.general_name.OtherNameModel` instead:\n\n.. pydantic-model:: general_name_othername\n   :cryptography-prefix: othername", "properties": {"type": {"enum": ["email", "URI", "IP", "DNS", "RID", "dirName", "otherName"], "title": "Type", "type": "string"}, "value": {"oneOf": [{"type": "string"}, {"$ref": "#/components/schemas/NameModel"}, {"$ref": "#/components/schemas/OtherNameModel"}, {"anyOf": [{"format": "ipv4", "type": "string"}, {"format": "ipv6", "type": "string"}, {"format": "ipv4network", "type": "string"}, {"format": "ipv6network", "type": "string"}]}], "title": "Value"}}, "required": ["type", "value"], "title": "GeneralNameModel", "type": "object"}, "IssuerAlternativeNameModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.IssuerAlternativeName` extension.\n\nThis model behaves exactly like :py:class:`~django_ca.pydantic.SubjectAlternativeNameModel`.", "properties": {"type": {"const": "issuer_alternative_name", "default": "issuer_alternative_name", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "IssuerAlternativeNameModel", "type": "object"}, "KeyUsageModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.KeyUsage` extension.\n\nAll key usages default to ``False``, so you can skip giving any usages you don't care about. For\nconvenience, the model also accepts values as used in `RFC 5280`_ (full mapping in\n:py:attr:`~django_ca.constants.KEY_USAGE_NAMES`):\n\n.. pydantic-model:: key_usage", "properties": {"type": {"const": "key_usage", "default": "key_usage", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"items": {"enum": ["crl_sign", "data_encipherment", "decipher_only", "digital_signature", "encipher_only", "key_agreement", "key_cert_sign", "key_encipherment", "content_commitment"], "type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "KeyUsageModel", "type": "object"}, "MSCertificateTemplateModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.MSCertificateTemplate` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.MSCertificateTemplateValueModel`\ninstance, where `major_version` and `minor_version` are both optional:\n\n.. pydantic-model:: ms_certificate_template\n\nNote that this extension does not have a default defined for the `critical` parameter, so it is mandatory.", "properties": {"type": {"const": "ms_certificate_template", "default": "ms_certificate_template", "title": "Type", "type": "string"}, "critical": {"title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/MSCertificateTemplateValueModel"}}, "required": ["critical", "value"], "title": "MSCertificateTemplateModel", "type": "object"}, "MSCertificateTemplateValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.MSCertificateTemplate`.\n\nThe `template_id` parameter is a dotted-string object identifier, while `major_version` and\n`minor_version` are optional integers:\n\n>>> MSCertificateTemplateValueModel(template_id=\"1.2.3\", major_version=1)\nMSCertificateTemplateValueModel(template_id='1.2.3', major_version=1, minor_version=None)", "properties": {"template_id": {"title": "Template Id", "type": "string"}, "major_version": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Major Version"}, "minor_version": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Minor Version"}}, "required": ["template_id"], "title": "MSCertificateTemplateValueModel", "type": "object"}, "NameAttributeModel": {"description": "A NameAttribute is defined by an object identifier (OID) and a value.", "properties": {"oid": {"description": "A dotted string representing the OID or a known alias as described in [NAME_OID_TYPES](https://django-ca.readthedocs.io/en/latest/python/constants.html#django_ca.constants.NAME_OID_TYPES).", "example": "2.5.4.3", "title": "Object identifier", "type": "string"}, "value": {"description": "Actual value of the attribute. For x500 unique identifiers (OID 2.5.4.45) the value must be the base64 encoded.", "example": "example.com", "title": "Value", "type": "string"}}, "required": ["oid", "value"], "title": "NameAttributeModel", "type": "object"}, "NameModel": {"description": "A Name is composed of a list of name attributes.", "example": [{"oid": "2.5.4.6", "value": "AT"}, {"oid": "2.5.4.3", "value": "example.com"}], "format": "X.501 Name", "items": {"$ref": "#/components/schemas/NameAttributeModel"}, "title": "NameModel", "type": "array"}, "NamingAuthorityModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.NamingAuthority`.\n\n.. versionadded:: 2.1.0", "properties": {"id": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Id"}, "url": {"anyOf": [{"maxLength": 128, "type": "string"}, {"type": "null"}], "title": "Url"}, "text": {"anyOf": [{"maxLength": 128, "type": "string"}, {"type": "null"}], "title": "Text"}}, "title": "NamingAuthorityModel", "type": "object"}, "NoticeReferenceModel": {"description": "A NoticeReferenceModel consists of an optional *organization* and an optional list of *notice_numbers*.", "properties": {"organization": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Organization"}, "notice_numbers": {"items": {"type": "integer"}, "title": "Notice Numbers", "type": "array"}}, "required": ["notice_numbers"], "title": "NoticeReferenceModel", "type": "object"}, "OCSPNoCheckModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.OCSPNoCheck` extension.\n\nThis extension does not have a value, and thus can be instantiated without any parameters (but ``None``\nis also accepted):\n\n.. pydantic-model:: ocsp_no_check", "properties": {"type": {"const": "ocsp_no_check", "default": "ocsp_no_check", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "null"}}, "title": "OCSPNoCheckModel", "type": "object"}, "OtherNameModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.OtherName`.\n\nThe `oid` argument may be any valid object identifier as dotted string (e.g. ``\"1.2.3\"``).\n\nThe `type` argument may be any type in :py:attr:`~django_ca.constants.OTHER_NAME_TYPES` or\n:py:class:`~django_ca.constants.OTHER_NAME_ALIASES`.\n\nThe type of the `value` argument depends on the `type` value. String variants (``UTFString``, etc.)\nrequire a ``str``, boolean requires a ``bool`` value and so on:\n\n.. pydantic-model:: othername\n\nFor datetime variants (``UTCTIME`` and ``GENERALIZEDTIME``), you must pass a timezone-aware object:\n\n.. pydantic-model:: othername_utctime\n\nFor ``INTEGER``, you can pass an ``int`` or a ``str`` for a base 16 integer:\n\n.. pydantic-model:: othername_integer\n\nFinally, for an ``OctetString``, pass the raw bytes or as a hex-encoded string:\n\n.. pydantic-model:: othername_octetstring\n\nAs usual, the ``cryptography`` property will return the cryptography variant of the model:\n\n>>> OtherNameModel(oid=\"1.2.3\", type=\"IA5STRING\", value=\"some string\").cryptography\n<OtherName(type_id=<ObjectIdentifier(oid=1.2.3, name=Unknown OID)>, value=b'\\x16\\x0bsome string')>", "properties": {"oid": {"title": "Oid", "type": "string"}, "type": {"enum": ["UTF8String", "UNIVERSALSTRING", "IA5STRING", "BOOLEAN", "NULL", "UTCTIME", "GENERALIZEDTIME", "INTEGER", "OctetString"], "title": "Type", "type": "string"}, "value": {"anyOf": [{"type": "string"}, {"type": "boolean"}, {"format": "date-time", "type": "string"}, {"type": "integer"}, {"type": "null"}], "title": "Value"}}, "required": ["oid", "type", "value"], "title": "OtherNameModel", "type": "object"}, "PolicyInformationModel": {"description": "A PolicyInformationModel consists of a *policy_identifier* and an optional list *policy_qualifiers*.", "properties": {"policy_identifier": {"description": "An object identifier (OID) as dotted string.", "example": "2.5.29.32.0", "title": "Policy Identifier", "type": "string"}, "policy_qualifiers": {"anyOf": [{"items": {"anyOf": [{"type": "string"}, {"$ref": "#/components/schemas/UserNoticeModel"}]}, "type": "array"}, {"type": "null"}], "description": "Optional list of policy qualifiers, a list of strings and/or UserNoticeModel objects.", "example": ["http://ca.example.com/cps", {"explicit_text": "Some text."}], "title": "Policy Qualifiers"}}, "required": ["policy_identifier"], "title": "PolicyInformationModel", "type": "object"}, "PrecertPoisonModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.PrecertPoison` extension.\n\nThis extension does not have a value, and thus can be instantiated without any parameters (but ``None``\nis also accepted):\n\n.. pydantic-model:: precert_poison", "properties": {"type": {"const": "precert_poison", "default": "precert_poison", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "null"}}, "title": "PrecertPoisonModel", "type": "object"}, "PrivateKeyUsagePeriodModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.PrivateKeyUsagePeriod` extension.\n\n.. NOTE:: This class will not be able to produce a cryptography instance when using ``cryptography<45``.\n\n.. versionadded:: 2.3.0", "properties": {"type": {"const": "private_key_usage_period", "default": "private_key_usage_period", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/PrivateKeyUsagePeriodValueModel"}}, "required": ["value"], "title": "PrivateKeyUsagePeriodModel", "type": "object"}, "PrivateKeyUsagePeriodValueModel": {"description": "Pydantic model wrapping ``PrivateKeyUsagePeriod``.", "properties": {"not_before": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "title": "Not Before"}, "not_after": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "title": "Not After"}}, "title": "PrivateKeyUsagePeriodValueModel", "type": "object"}, "ProfessionInfoModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.ProfessionInfo`.\n\n.. versionadded:: 2.1.0", "properties": {"naming_authority": {"anyOf": [{"$ref": "#/components/schemas/NamingAuthorityModel"}, {"type": "null"}]}, "profession_items": {"items": {"maxLength": 128, "type": "string"}, "minItems": 1, "title": "Profession Items", "type": "array"}, "profession_oids": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Profession Oids"}, "registration_number": {"anyOf": [{"maxLength": 128, "type": "string"}, {"type": "null"}], "title": "Registration Number"}, "add_profession_info": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Add Profession Info"}}, "required": ["profession_items"], "title": "ProfessionInfoModel", "type": "object"}, "Profile": {"description": "A certificate profile defining properties and extensions of a certificate.\n\nInstances of this class usually represent profiles defined in :ref:`CA_PROFILES <settings-ca-profiles>`,\nbut you can also create your own profile to create a different type of certificate. An instance of this\nclass can be used to create a signed certificate based on the given CA::\n\n    >>> from cryptography import x509\n    >>> from cryptography.x509.oid import NameOID\n    >>> Profile(  # doctest: +ELLIPSIS\n    ...     name=\"example\",\n    ...     subject=x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, \"AT\")]),\n    ...     extensions={\"ocsp_no_check\": {}}\n    ... )\n    Profile(...)", "properties": {"description": {"default": "", "title": "Description", "type": "string"}, "subject": {"anyOf": [{"$ref": "#/components/schemas/NameModel"}, {"type": "null"}]}, "algorithm": {"anyOf": [{"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "type": "string"}, {"type": "null"}], "title": "Algorithm"}, "extensions": {"additionalProperties": {"anyOf": [{"discriminator": {"mapping": {"admissions": "#/components/schemas/AdmissionsModel", "authority_information_access": "#/components/schemas/AuthorityInformationAccessModel", "certificate_policies": "#/components/schemas/CertificatePoliciesModel", "crl_distribution_points": "#/components/schemas/CRLDistributionPointsModel", "extended_key_usage": "#/components/schemas/ExtendedKeyUsageModel", "freshest_crl": "#/components/schemas/FreshestCRLModel", "issuer_alternative_name": "#/components/schemas/IssuerAlternativeNameModel", "key_usage": "#/components/schemas/KeyUsageModel", "ms_certificate_template": "#/components/schemas/MSCertificateTemplateModel", "ocsp_no_check": "#/components/schemas/OCSPNoCheckModel", "precert_poison": "#/components/schemas/PrecertPoisonModel", "private_key_usage_period": "#/components/schemas/PrivateKeyUsagePeriodModel", "subject_alternative_name": "#/components/schemas/SubjectAlternativeNameModel", "tls_feature": "#/components/schemas/TLSFeatureModel"}, "propertyName": "type"}, "oneOf": [{"$ref": "#/components/schemas/AdmissionsModel"}, {"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"$ref": "#/components/schemas/ExtendedKeyUsageModel"}, {"$ref": "#/components/schemas/FreshestCRLModel"}, {"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"$ref": "#/components/schemas/KeyUsageModel"}, {"$ref": "#/components/schemas/MSCertificateTemplateModel"}, {"$ref": "#/components/schemas/OCSPNoCheckModel"}, {"$ref": "#/components/schemas/PrecertPoisonModel"}, {"$ref": "#/components/schemas/PrivateKeyUsagePeriodModel"}, {"$ref": "#/components/schemas/SubjectAlternativeNameModel"}, {"$ref": "#/components/schemas/TLSFeatureModel"}]}, {"type": "null"}]}, "propertyNames": {"enum": ["admissions", "authority_information_access", "certificate_policies", "crl_distribution_points", "extended_key_usage", "freshest_crl", "issuer_alternative_name", "key_usage", "ms_certificate_template", "ocsp_no_check", "precert_poison", "private_key_usage_period", "subject_alternative_name", "tls_feature"]}, "title": "Extensions", "type": "object"}, "expires": {"format": "duration", "title": "Expires", "type": "string"}, "autogenerated": {"default": false, "title": "Autogenerated", "type": "boolean"}, "add_crl_url": {"default": true, "title": "Add Crl Url", "type": "boolean"}, "add_ocsp_url": {"default": true, "title": "Add Ocsp Url", "type": "boolean"}, "add_issuer_url": {"default": true, "title": "Add Issuer Url", "type": "boolean"}, "add_issuer_alternative_name": {"default": true, "title": "Add Issuer Alternative Name", "type": "boolean"}, "name": {"title": "Name", "type": "string"}}, "required": ["name"], "title": "Profile", "type": "object"}, "SubjectAlternativeNameModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.SubjectAlternativeName` extension.\n\nThe `general_names` attribute is a list of :py:class:`~django_ca.pydantic.general_name.GeneralNameModel`\ninstances:\n\n.. pydantic-model:: subject_alternative_name", "properties": {"type": {"const": "subject_alternative_name", "default": "subject_alternative_name", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "SubjectAlternativeNameModel", "type": "object"}, "TLSFeatureModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.TLSFeature` extension.\n\nThe `value` is a list of one or both of ``\"status_request\"`` and ``\"status_request_v2\"``.\n\n.. pydantic-model:: tls_feature\n\nFor convenience, the model also accepts keys named in :py:attr:`~django_ca.constants.TLS_FEATURE_NAMES`:\n\n.. pydantic-model:: tls_feature_names\n   :cryptography-prefix: tls_feature", "properties": {"type": {"const": "tls_feature", "default": "tls_feature", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"enum": ["status_request", "status_request_v2"], "type": "string"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "TLSFeatureModel", "type": "object"}, "UserNoticeModel": {"description": "A UserNoticeModel consists of an *explicit_text* and an optional *notice_reference*.", "properties": {"notice_reference": {"anyOf": [{"$ref": "#/components/schemas/NoticeReferenceModel"}, {"type": "null"}]}, "explicit_text": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Explicit Text"}}, "required": ["explicit_text"], "title": "UserNoticeModel", "type": "object"}, "CertificateAuthorityFilterSchema": {"description": "Filter-schema for listing certificate authorities.", "properties": {"expired": {"default": false, "description": "Include expired CAs.", "title": "Expired", "type": "boolean"}}, "title": "CertificateAuthorityFilterSchema", "type": "object"}, "AuthorityKeyIdentifierModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.AuthorityKeyIdentifier` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.AuthorityKeyIdentifierValueModel`\ninstance:\n\n.. pydantic-model:: authority_key_identifier\n\nA version with an authority certificate would look like this:\n\n.. pydantic-model:: authority_key_identifier_auth_certificate", "properties": {"type": {"const": "authority_key_identifier", "default": "authority_key_identifier", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/AuthorityKeyIdentifierValueModel"}}, "required": ["value"], "title": "AuthorityKeyIdentifierModel", "type": "object"}, "AuthorityKeyIdentifierValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.AuthorityKeyIdentifier`.\n\nIn its by far most common form, this model will just set the `key_identifier` attribute, with a value\nbased on the certificate authority. This is a base64-encoded string:\n\n>>> AuthorityKeyIdentifierValueModel(key_identifier=\"MTIz\")  # doctest: +STRIP_WHITESPACE\nAuthorityKeyIdentifierValueModel(\n    key_identifier='MTIz', authority_cert_issuer=None, authority_cert_serial_number=None\n)\n\nYou may also pass bytes instead, in which case the value will be base64 encoded:\n\n>>> AuthorityKeyIdentifierValueModel(key_identifier=b\"123\")  # doctest: +STRIP_WHITESPACE\nAuthorityKeyIdentifierValueModel(\n    key_identifier='MTIz', authority_cert_issuer=None, authority_cert_serial_number=None\n)\n\nYou can also give a `authority_cert_issuer` (a list of\n:py:class:`~django_ca.pydantic.general_name.GeneralNameModel`) and an `authority_cert_serial_number`:\n\n>>> AuthorityKeyIdentifierValueModel(\n...     key_identifier=None,\n...     authority_cert_issuer=[{'type': 'URI', 'value': 'http://example.com'}],\n...     authority_cert_serial_number=123\n... )  # doctest: +STRIP_WHITESPACE\nAuthorityKeyIdentifierValueModel(\n    key_identifier=None,\n    authority_cert_issuer=[GeneralNameModel(type='URI', value='http://example.com')],\n    authority_cert_serial_number=123\n)\n\nThe restrictions defined in RFC 5280 apply, so `authority_cert_issuer` and `authority_cert_serial_number`\nmust either be both present or ``None``, and either `key_identifier` and/or `authority_cert_issuer` must\nbe given.", "properties": {"key_identifier": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Key Identifier"}, "authority_cert_issuer": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Authority Cert Issuer"}, "authority_cert_serial_number": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Authority Cert Serial Number"}}, "required": ["key_identifier"], "title": "AuthorityKeyIdentifierValueModel", "type": "object"}, "BasicConstraintsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.BasicConstraints` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.BasicConstraintsValueModel`\ninstance. For example, for end-entity certificates, `ca` is ``False`` and `path_length` is ``None``:\n\n.. pydantic-model:: basic_constraints\n\nFor certificate authorities, `ca` is ``True``, and `path_length` may be a positive integer:\n\n.. pydantic-model:: basic_constraints_ca", "properties": {"type": {"const": "basic_constraints", "default": "basic_constraints", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/BasicConstraintsValueModel"}}, "required": ["value"], "title": "BasicConstraintsModel", "type": "object"}, "BasicConstraintsValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.BasicConstraints`.\n\nFor a certificate representing a certificate authority, this extension sets `ca` to ``True`` and a path\nlength, which may be None:\n\n>>> BasicConstraintsValueModel(ca=True, path_length=0)\nBasicConstraintsValueModel(ca=True, path_length=0)\n\nFor end-entity certificates, this extension sets `ca` to ``False`` and must set `path_length` to\n``None``:\n\n>>> BasicConstraintsValueModel(ca=False, path_length=None)\nBasicConstraintsValueModel(ca=False, path_length=None)", "properties": {"ca": {"title": "Ca", "type": "boolean"}, "path_length": {"anyOf": [{"minimum": 0, "type": "integer"}, {"type": "null"}], "title": "Path Length"}}, "required": ["ca", "path_length"], "title": "BasicConstraintsValueModel", "type": "object"}, "CertificateModel": {"description": "Model for :class:`cg:~cryptography.x509.Certificate`.", "properties": {"serial": {"pattern": "^[A-F0-9]+$", "title": "Serial", "type": "string"}, "version": {"enum": [0, 2], "title": "Version", "type": "integer"}, "not_valid_before": {"format": "date-time", "title": "Not Valid Before", "type": "string"}, "not_valid_after": {"format": "date-time", "title": "Not Valid After", "type": "string"}, "issuer": {"$ref": "#/components/schemas/NameModel"}, "subject": {"$ref": "#/components/schemas/NameModel"}, "signature_hash_algorithm": {"anyOf": [{"enum": ["MD5", "SHA1"], "type": "string"}, {"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "type": "string"}, {"type": "null"}], "title": "Signature Hash Algorithm"}, "signature_algorithm_oid": {"title": "Signature Algorithm Oid", "type": "string"}, "public_key_algorithm_oid": {"title": "Public Key Algorithm Oid", "type": "string"}, "signature_algorithm_parameters": {"anyOf": [{"discriminator": {"mapping": {"EMSA-PKCS1-v1_5": "#/components/schemas/PKCS1v15Model", "EMSA-PSS": "#/components/schemas/PSSModel"}, "propertyName": "name"}, "oneOf": [{"$ref": "#/components/schemas/PKCS1v15Model"}, {"$ref": "#/components/schemas/PSSModel"}]}, {"$ref": "#/components/schemas/ECDSAModel"}, {"type": "null"}], "title": "Signature Algorithm Parameters"}, "extensions": {"items": {"discriminator": {"mapping": {"admissions": "#/components/schemas/AdmissionsModel", "authority_information_access": "#/components/schemas/AuthorityInformationAccessModel", "authority_key_identifier": "#/components/schemas/AuthorityKeyIdentifierModel", "basic_constraints": "#/components/schemas/BasicConstraintsModel", "certificate_policies": "#/components/schemas/CertificatePoliciesModel", "crl_distribution_points": "#/components/schemas/CRLDistributionPointsModel", "extended_key_usage": "#/components/schemas/ExtendedKeyUsageModel", "freshest_crl": "#/components/schemas/FreshestCRLModel", "inhibit_any_policy": "#/components/schemas/InhibitAnyPolicyModel", "issuer_alternative_name": "#/components/schemas/IssuerAlternativeNameModel", "key_usage": "#/components/schemas/KeyUsageModel", "ms_certificate_template": "#/components/schemas/MSCertificateTemplateModel", "name_constraints": "#/components/schemas/NameConstraintsModel", "ocsp_no_check": "#/components/schemas/OCSPNoCheckModel", "policy_constraints": "#/components/schemas/PolicyConstraintsModel", "precert_poison": "#/components/schemas/PrecertPoisonModel", "precertificate_signed_certificate_timestamps": "#/components/schemas/PrecertificateSignedCertificateTimestampsModel", "private_key_usage_period": "#/components/schemas/PrivateKeyUsagePeriodModel", "signed_certificate_timestamps": "#/components/schemas/SignedCertificateTimestampsModel", "subject_alternative_name": "#/components/schemas/SubjectAlternativeNameModel", "subject_information_access": "#/components/schemas/SubjectInformationAccessModel", "subject_key_identifier": "#/components/schemas/SubjectKeyIdentifierModel", "tls_feature": "#/components/schemas/TLSFeatureModel", "unknown": "#/components/schemas/UnrecognizedExtensionModel"}, "propertyName": "type"}, "oneOf": [{"$ref": "#/components/schemas/AdmissionsModel"}, {"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"$ref": "#/components/schemas/AuthorityKeyIdentifierModel"}, {"$ref": "#/components/schemas/BasicConstraintsModel"}, {"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"$ref": "#/components/schemas/ExtendedKeyUsageModel"}, {"$ref": "#/components/schemas/FreshestCRLModel"}, {"$ref": "#/components/schemas/InhibitAnyPolicyModel"}, {"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"$ref": "#/components/schemas/KeyUsageModel"}, {"$ref": "#/components/schemas/MSCertificateTemplateModel"}, {"$ref": "#/components/schemas/NameConstraintsModel"}, {"$ref": "#/components/schemas/OCSPNoCheckModel"}, {"$ref": "#/components/schemas/PolicyConstraintsModel"}, {"$ref": "#/components/schemas/PrecertPoisonModel"}, {"$ref": "#/components/schemas/PrecertificateSignedCertificateTimestampsModel"}, {"$ref": "#/components/schemas/PrivateKeyUsagePeriodModel"}, {"$ref": "#/components/schemas/SignedCertificateTimestampsModel"}, {"$ref": "#/components/schemas/SubjectAlternativeNameModel"}, {"$ref": "#/components/schemas/SubjectInformationAccessModel"}, {"$ref": "#/components/schemas/SubjectKeyIdentifierModel"}, {"$ref": "#/components/schemas/TLSFeatureModel"}, {"$ref": "#/components/schemas/UnrecognizedExtensionModel"}]}, "title": "Extensions", "type": "array"}, "pem": {"title": "Pem", "type": "string"}}, "required": ["serial", "version", "not_valid_before", "not_valid_after", "issuer", "subject", "signature_hash_algorithm", "signature_algorithm_oid", "public_key_algorithm_oid", "signature_algorithm_parameters", "extensions", "pem"], "title": "CertificateModel", "type": "object"}, "DjangoCertificateAuthorityModel": {"description": "Model for a Certificate Authority as stored in the database.", "properties": {"id": {"title": "Id"}, "created": {"format": "date-time", "title": "Created", "type": "string"}, "updated": {"format": "date-time", "title": "Updated", "type": "string"}, "revoked": {"default": false, "title": "Revoked", "type": "boolean"}, "revoked_date": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "title": "Revoked Date"}, "revoked_reason": {"title": "Revoked Reason", "type": "string"}, "compromised": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "title": "Compromised"}, "certificate": {"$ref": "#/components/schemas/CertificateModel"}, "fingerprints": {"additionalProperties": {"type": "string"}, "propertyNames": {"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"]}, "title": "Fingerprints", "type": "object"}, "name": {"title": "Name", "type": "string"}, "enabled": {"title": "Enabled", "type": "boolean"}, "parent": {"title": "Parent"}, "key_backend_alias": {"title": "Key Backend Alias", "type": "string"}, "sign_authority_information_access": {"anyOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"type": "null"}]}, "sign_certificate_policies": {"anyOf": [{"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"type": "null"}]}, "sign_crl_distribution_points": {"anyOf": [{"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"type": "null"}]}, "sign_issuer_alternative_name": {"anyOf": [{"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"type": "null"}]}, "caa_identity": {"title": "Caa Identity", "type": "string"}, "website": {"title": "Website", "type": "string"}, "terms_of_service": {"title": "Terms Of Service", "type": "string"}, "ocsp_key_backend_alias": {"title": "Ocsp Key Backend Alias", "type": "string"}, "ocsp_responder_key_validity": {"title": "Ocsp Responder Key Validity", "type": "integer"}, "ocsp_response_validity": {"title": "Ocsp Response Validity", "type": "integer"}, "acme_enabled": {"title": "Acme Enabled", "type": "boolean"}, "acme_registration": {"title": "Acme Registration", "type": "boolean"}, "acme_profile": {"title": "Acme Profile", "type": "string"}, "acme_requires_contact": {"title": "Acme Requires Contact", "type": "boolean"}, "api_enabled": {"title": "Api Enabled", "type": "boolean"}}, "required": ["id", "created", "updated", "revoked_date", "revoked_reason", "compromised", "certificate", "fingerprints", "name", "enabled", "parent", "key_backend_alias", "sign_authority_information_access", "sign_certificate_policies", "sign_crl_distribution_points", "sign_issuer_alternative_name", "caa_identity", "website", "terms_of_service", "ocsp_key_backend_alias", "ocsp_responder_key_validity", "ocsp_response_validity", "acme_enabled", "acme_registration", "acme_profile", "acme_requires_contact", "api_enabled"], "title": "DjangoCertificateAuthorityModel", "type": "object"}, "ECDSAModel": {"description": "Model for :class:`cg:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`.", "properties": {"algorithm": {"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "title": "Algorithm", "type": "string"}, "deterministic_signing": {"title": "Deterministic Signing", "type": "boolean"}}, "required": ["algorithm", "deterministic_signing"], "title": "ECDSAModel", "type": "object"}, "InhibitAnyPolicyModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.InhibitAnyPolicy` extension.\n\nThe `value` attribute is an integer:\n\n.. pydantic-model:: inhibit_any_policy", "properties": {"type": {"const": "inhibit_any_policy", "default": "inhibit_any_policy", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"minimum": 0, "title": "Value", "type": "integer"}}, "required": ["value"], "title": "InhibitAnyPolicyModel", "type": "object"}, "MGF1Model": {"description": "Model for :class:`cg:~cryptography.hazmat.primitives.asymmetric.padding.MGF1`.", "properties": {"algorithm": {"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "title": "Algorithm", "type": "string"}}, "required": ["algorithm"], "title": "MGF1Model", "type": "object"}, "NameConstraintsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.NameConstraints` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.NameConstraintsValueModel` instance,\nwhere at least one of `permitted_subtrees` and `excluded_subtrees` must be given. For example, a\ncertificate authority that can only sign certificates under ``.com`` would look like this:\n\n.. pydantic-model:: name_constraints\n\nIn this example, the certificate authority can sign certificates for ``.com``, except for\n``one.example.com`` and ``two.example.com``:\n\n.. pydantic-model:: name_constraints_both", "properties": {"type": {"const": "name_constraints", "default": "name_constraints", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/NameConstraintsValueModel"}}, "required": ["value"], "title": "NameConstraintsModel", "type": "object"}, "NameConstraintsValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.NameConstraints`.\n\nBoth `permitted_subtrees` and `excluded_subtrees` are optional, but at least one of them must be given.\nThey are a list of :py:class:`~django_ca.pydantic.general_name.GeneralNameModel` instances:\n\n>>> NameConstraintsValueModel(\n...     permitted_subtrees=[{\"type\": \"DNS\", \"value\": \".com\"}]\n... )  # doctest: +STRIP_WHITESPACE\nNameConstraintsValueModel(\n    permitted_subtrees=[GeneralNameModel(type='DNS', value='.com')], excluded_subtrees=None\n)", "properties": {"permitted_subtrees": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Permitted Subtrees"}, "excluded_subtrees": {"anyOf": [{"items": {"$ref": "#/components/schemas/GeneralNameModel"}, "type": "array"}, {"type": "null"}], "title": "Excluded Subtrees"}}, "title": "NameConstraintsValueModel", "type": "object"}, "PKCS1v15Model": {"description": "Model for :class:`cg:~cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15`.", "properties": {"name": {"const": "EMSA-PKCS1-v1_5", "default": "EMSA-PKCS1-v1_5", "title": "Name", "type": "string"}}, "title": "PKCS1v15Model", "type": "object"}, "PSSModel": {"description": "Model for :class:`cg:~cryptography.hazmat.primitives.asymmetric.padding.PSS`.", "properties": {"name": {"const": "EMSA-PSS", "default": "EMSA-PSS", "title": "Name", "type": "string"}, "salt_length": {"anyOf": [{"type": "integer"}, {"enum": ["MAX_LENGTH", "DIGEST_LENGTH", "AUTO"], "type": "string"}], "title": "Salt Length"}, "mgf": {"$ref": "#/components/schemas/MGF1Model"}}, "required": ["salt_length", "mgf"], "title": "PSSModel", "type": "object"}, "PolicyConstraintsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.PolicyConstraints` extension.\n\nThe `value` is a :py:class:`~django_ca.pydantic.extension_attributes.PolicyConstraintsValueModel`\ninstance. Both `require_explicit_policy` and `inhibit_policy_mapping` are optional integers >= 0, but at\nleast one of them must be set:\n\n.. pydantic-model:: policy_constraints", "properties": {"type": {"const": "policy_constraints", "default": "policy_constraints", "title": "Type", "type": "string"}, "critical": {"default": true, "title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/PolicyConstraintsValueModel"}}, "required": ["value"], "title": "PolicyConstraintsModel", "type": "object"}, "PolicyConstraintsValueModel": {"description": "Pydantic model wrapping :py:class:`~cg:cryptography.x509.PolicyConstraints`.\n\nThe `require_explicit_policy` and `inhibit_policy_mapping` are both optional and must be integers if set.\nAt least one value must be given.\n\n>>> PolicyConstraintsValueModel(require_explicit_policy=0, inhibit_policy_mapping=1)\nPolicyConstraintsValueModel(require_explicit_policy=0, inhibit_policy_mapping=1)", "properties": {"require_explicit_policy": {"anyOf": [{"minimum": 0, "type": "integer"}, {"type": "null"}], "title": "Require Explicit Policy"}, "inhibit_policy_mapping": {"anyOf": [{"minimum": 0, "type": "integer"}, {"type": "null"}], "title": "Inhibit Policy Mapping"}}, "required": ["require_explicit_policy", "inhibit_policy_mapping"], "title": "PolicyConstraintsValueModel", "type": "object"}, "PrecertificateSignedCertificateTimestampsModel": {"description": "Model for a :py:class:`~cg:cryptography.x509.PrecertificateSignedCertificateTimestamps` extension.\n\n.. NOTE::\n\n   Due to library limitations, this model cannot be converted to a cryptography class.\n\nThe `value` is a list of\n:py:class:`~django_ca.pydantic.extension_attributes.SignedCertificateTimestampModel` instances:\n\n>>> from datetime import datetime\n>>> sct = SignedCertificateTimestampModel(\n...     log_id=\"MTIz\", timestamp=datetime(2023, 12, 10), entry_type=\"precertificate\"\n... )\n>>> PrecertificateSignedCertificateTimestampsModel(value=[sct])  # doctest: +STRIP_WHITESPACE\nPrecertificateSignedCertificateTimestampsModel(\n    critical=False,\n    value=[\n        SignedCertificateTimestampModel(\n            version='v1',\n            log_id='MTIz',\n            timestamp=datetime.datetime(2023, 12, 10, 0, 0),\n            entry_type='precertificate'\n        )\n    ]\n)", "properties": {"type": {"const": "precertificate_signed_certificate_timestamps", "default": "precertificate_signed_certificate_timestamps", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/SignedCertificateTimestampModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "PrecertificateSignedCertificateTimestampsModel", "type": "object"}, "SignedCertificateTimestampModel": {"description": "Pydantic model wrapping ``SignedCertificateTimestamp``.\n\n.. NOTE::\n\n   Due to library limitations, this model cannot be converted to a cryptography class.\n\n>>> SignedCertificateTimestampModel(\n...     log_id=\"MTIz\", timestamp=datetime(2023, 12, 10), entry_type=\"precertificate\"\n... )  # doctest: +STRIP_WHITESPACE\nSignedCertificateTimestampModel(\n    version='v1',\n    log_id='MTIz',\n    timestamp=datetime.datetime(2023, 12, 10, 0, 0),\n    entry_type='precertificate'\n)", "properties": {"version": {"const": "v1", "default": "v1", "title": "Version", "type": "string"}, "log_id": {"title": "Log Id", "type": "string"}, "timestamp": {"format": "date-time", "title": "Timestamp", "type": "string"}, "entry_type": {"enum": ["precertificate", "x509_certificate"], "title": "Entry Type", "type": "string"}}, "required": ["log_id", "timestamp", "entry_type"], "title": "SignedCertificateTimestampModel", "type": "object"}, "SignedCertificateTimestampsModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.SignedCertificateTimestamps` extension.\n\nThis model behaves exactly like\n:py:class:`~django_ca.pydantic.PrecertificateSignedCertificateTimestampsModel`.", "properties": {"type": {"const": "signed_certificate_timestamps", "default": "signed_certificate_timestamps", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/SignedCertificateTimestampModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "SignedCertificateTimestampsModel", "type": "object"}, "SubjectInformationAccessModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.SubjectInformationAccess` extension.\n\nThis model behaves like the :py:class:`~django_ca.pydantic.AuthorityInformationAccessModel`, except that\nthe access methods have to be `ca_repository`.", "properties": {"type": {"const": "subject_information_access", "default": "subject_information_access", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"items": {"$ref": "#/components/schemas/AccessDescriptionModel"}, "title": "Value", "type": "array"}}, "required": ["value"], "title": "SubjectInformationAccessModel", "type": "object"}, "SubjectKeyIdentifierModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.SubjectKeyIdentifier` extension.\n\nThe `value` is a base64-encoded for the model:\n\n.. pydantic-model:: subject_key_identifier", "properties": {"type": {"const": "subject_key_identifier", "default": "subject_key_identifier", "title": "Type", "type": "string"}, "critical": {"default": false, "title": "Critical", "type": "boolean"}, "value": {"title": "Value", "type": "string"}}, "required": ["value"], "title": "SubjectKeyIdentifierModel", "type": "object"}, "UnrecognizedExtensionModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.UnrecognizedExtension` extension.\n\nThe `value` a :py:class:`~django_ca.pydantic.extension_attributes.UnrecognizedExtensionValueModel` value,\nthe `value` is thus base64 encoded for the model:\n\n.. pydantic-model:: unrecognized_extension", "properties": {"type": {"const": "unknown", "default": "unknown", "title": "Type", "type": "string"}, "critical": {"title": "Critical", "type": "boolean"}, "value": {"$ref": "#/components/schemas/UnrecognizedExtensionValueModel"}}, "required": ["critical", "value"], "title": "UnrecognizedExtensionModel", "type": "object"}, "UnrecognizedExtensionValueModel": {"description": "Pydantic model for a :py:class:`~cg:cryptography.x509.UnrecognizedExtension` extension.\n\nThe `value` a base64 encoded string, and the `oid` is any dotted string:\n\n>>> UnrecognizedExtensionValueModel(value=\"MTIz\", oid=\"1.2.3\")\nUnrecognizedExtensionValueModel(oid='1.2.3', value='MTIz')\n\nYou can also pass bytes to `value`, in which case it will base base64 encoded:\n\n>>> UnrecognizedExtensionValueModel(value=b\"123\", oid=\"1.2.3\")\nUnrecognizedExtensionValueModel(oid='1.2.3', value='MTIz')", "properties": {"oid": {"title": "Oid", "type": "string"}, "value": {"title": "Value", "type": "string"}}, "required": ["oid", "value"], "title": "UnrecognizedExtensionValueModel", "type": "object"}, "CertificateAuthorityUpdateSchema": {"description": "Schema for updating certificate authorities.", "properties": {"name": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The human-readable name of the certificate authority.", "required": false, "title": "Name"}, "sign_authority_information_access": {"anyOf": [{"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"type": "null"}], "description": "The Authority Information Access extension added to newly signed certificates."}, "sign_certificate_policies": {"anyOf": [{"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"type": "null"}], "description": "The Certificate Policies extension added to newly signed certificates."}, "sign_crl_distribution_points": {"anyOf": [{"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"type": "null"}], "description": "The CRL Distribution Points extension added to newly signed certificates."}, "sign_issuer_alternative_name": {"anyOf": [{"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"type": "null"}], "description": "The Issuer Alternative Name extension added to newly signed certificates."}, "caa_identity": {"anyOf": [{"maxLength": 32, "type": "string"}, {"type": "null"}], "description": "CAA identity for this CA (NOTE: Not currently used!).", "title": "CAA identity"}, "website": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Website for your CA.", "title": "Website"}, "terms_of_service": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "URL to Terms of Service for this CA", "title": "Terms of Service"}, "ocsp_responder_key_validity": {"anyOf": [{"type": "integer"}, {"type": "null"}], "default": 3, "description": "How long <strong>(in days)</strong> OCSP responder keys may be valid.", "title": "OCSP responder key validity"}, "ocsp_response_validity": {"anyOf": [{"type": "integer"}, {"type": "null"}], "default": 86400, "description": "How long <strong>(in seconds)</strong> OCSP responses may be considered valid by the client.", "title": "OCSP response validity"}, "acme_enabled": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "default": false, "description": "Whether it is possible to use ACME for this CA.", "title": "Enable ACME"}, "acme_registration": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "default": true, "description": "Allow ACME clients to register new accounts.", "title": "ACME account registration."}, "acme_profile": {"anyOf": [{"maxLength": 32, "type": "string"}, {"type": "null"}], "description": "Profile used when generating ACME certificates.", "title": "Profile"}, "acme_requires_contact": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "default": true, "description": "If this CA requires a contact address during account registration.", "title": "Requires contact"}}, "title": "CertificateAuthorityUpdateSchema", "type": "object"}, "CertificateOrderSchema": {"description": "Schema for certificate orders.", "properties": {"serial": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Serial"}, "created": {"description": "When the order was created.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Created", "type": "string"}, "updated": {"description": "When the order was last updated.", "example": "2023-07-30T10:06:35Z", "format": "date-time", "title": "Updated", "type": "string"}, "slug": {"description": "Slug identifying the order.", "title": "Slug", "type": "string"}, "status": {"default": "pending", "description": "Current status of the order.", "maxLength": 8, "title": "Status", "type": "string"}}, "required": ["created", "updated"], "title": "CertificateOrderSchema", "type": "object"}, "JsonValue": {}, "SignCertificateMessage": {"description": "Schema for signing certificates.", "properties": {"key_backend_options": {"additionalProperties": {"$ref": "#/components/schemas/JsonValue"}, "description": "Options for the key backend. Valid values depend on the key backend of the certificate authority. If not passed, the key backend must be configured for automatic signing in the backend.", "title": "Key Backend Options", "type": "object"}, "not_after": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate is due to expire, defaults to the CA_DEFAULT_EXPIRES setting.", "example": "2023-07-30T10:06:35Z", "title": "Not After"}, "algorithm": {"anyOf": [{"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"], "type": "string"}, {"type": "null"}], "description": "Hash algorithm used for signing (default: same as in the certificate authority).", "title": "Algorithm"}, "autogenerated": {"default": false, "description": "If the certificate should be marked as auto-generated.", "title": "Autogenerated", "type": "boolean"}, "csr": {"description": "The certificate signing request (CSR) in PEM format", "example": "-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----\n", "format": "binary", "title": "CSR", "type": "string"}, "extensions": {"anyOf": [{"items": {"discriminator": {"mapping": {"admissions": "#/components/schemas/AdmissionsModel", "authority_information_access": "#/components/schemas/AuthorityInformationAccessModel", "certificate_policies": "#/components/schemas/CertificatePoliciesModel", "crl_distribution_points": "#/components/schemas/CRLDistributionPointsModel", "extended_key_usage": "#/components/schemas/ExtendedKeyUsageModel", "freshest_crl": "#/components/schemas/FreshestCRLModel", "issuer_alternative_name": "#/components/schemas/IssuerAlternativeNameModel", "key_usage": "#/components/schemas/KeyUsageModel", "ms_certificate_template": "#/components/schemas/MSCertificateTemplateModel", "ocsp_no_check": "#/components/schemas/OCSPNoCheckModel", "precert_poison": "#/components/schemas/PrecertPoisonModel", "private_key_usage_period": "#/components/schemas/PrivateKeyUsagePeriodModel", "subject_alternative_name": "#/components/schemas/SubjectAlternativeNameModel", "tls_feature": "#/components/schemas/TLSFeatureModel"}, "propertyName": "type"}, "oneOf": [{"$ref": "#/components/schemas/AdmissionsModel"}, {"$ref": "#/components/schemas/AuthorityInformationAccessModel"}, {"$ref": "#/components/schemas/CertificatePoliciesModel"}, {"$ref": "#/components/schemas/CRLDistributionPointsModel"}, {"$ref": "#/components/schemas/ExtendedKeyUsageModel"}, {"$ref": "#/components/schemas/FreshestCRLModel"}, {"$ref": "#/components/schemas/IssuerAlternativeNameModel"}, {"$ref": "#/components/schemas/KeyUsageModel"}, {"$ref": "#/components/schemas/MSCertificateTemplateModel"}, {"$ref": "#/components/schemas/OCSPNoCheckModel"}, {"$ref": "#/components/schemas/PrecertPoisonModel"}, {"$ref": "#/components/schemas/PrivateKeyUsagePeriodModel"}, {"$ref": "#/components/schemas/SubjectAlternativeNameModel"}, {"$ref": "#/components/schemas/TLSFeatureModel"}]}, "type": "array"}, {"type": "null"}], "description": "**Optional** additional extensions to add to the certificate.", "title": "Extensions"}, "profile": {"default": "webserver", "description": "Issue the certificate with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile", "type": "string"}, "subject": {"$ref": "#/components/schemas/NameModel", "description": "The subject as list of name attributes."}}, "required": ["csr", "subject"], "title": "SignCertificateMessage", "type": "object"}, "CertificateFilterSchema": {"description": "Filter schema for certificates.", "properties": {"autogenerated": {"default": false, "description": "Include auto-generated certificates (e.g. OCSP responder certificates).", "title": "Autogenerated", "type": "boolean"}, "expired": {"default": false, "description": "Include expired certificates.", "title": "Expired", "type": "boolean"}, "profile": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Only return certificates generated with the given profile.", "enum": ["client", "enduser", "ocsp", "server", "webserver"], "title": "Profile"}, "revoked": {"default": false, "description": "Include revoked certificates.", "title": "Revoked", "type": "boolean"}}, "title": "CertificateFilterSchema", "type": "object"}, "DjangoCertificateModel": {"description": "Model for a Certificate as stored in the database.", "properties": {"id": {"title": "Id"}, "created": {"format": "date-time", "title": "Created", "type": "string"}, "updated": {"format": "date-time", "title": "Updated", "type": "string"}, "revoked": {"default": false, "title": "Revoked", "type": "boolean"}, "revoked_date": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "title": "Revoked Date"}, "revoked_reason": {"title": "Revoked Reason", "type": "string"}, "compromised": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "title": "Compromised"}, "certificate": {"$ref": "#/components/schemas/CertificateModel"}, "fingerprints": {"additionalProperties": {"type": "string"}, "propertyNames": {"enum": ["SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3/224", "SHA3/256", "SHA3/384", "SHA3/512"]}, "title": "Fingerprints", "type": "object"}, "watchers": {"items": {"$ref": "#/components/schemas/WatcherModel"}, "title": "Watchers", "type": "array"}, "ca": {"title": "Ca"}, "csr": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Csr"}, "profile": {"title": "Profile", "type": "string"}, "autogenerated": {"title": "Autogenerated", "type": "boolean"}}, "required": ["id", "created", "updated", "revoked_date", "revoked_reason", "compromised", "certificate", "fingerprints", "watchers", "ca", "csr", "profile", "autogenerated"], "title": "DjangoCertificateModel", "type": "object"}, "WatcherModel": {"description": "Model for a Watcher as stored in the database.", "properties": {"id": {"title": "Id"}, "name": {"title": "Name", "type": "string"}, "mail": {"title": "Mail", "type": "string"}}, "required": ["id", "name", "mail"], "title": "WatcherModel", "type": "object"}, "ResignCertificateMessage": {"description": "Schema for resigning an existing certificate.", "properties": {"key_backend_options": {"additionalProperties": {"$ref": "#/components/schemas/JsonValue"}, "description": "Options for the key backend. Valid values depend on the key backend of the certificate authority. If not passed, the key backend must be configured for automatic signing in the backend.", "title": "Key Backend Options", "type": "object"}, "not_after": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate is due to expire, defaults to the CA_DEFAULT_EXPIRES setting.", "example": "2023-07-30T10:06:35Z", "title": "Not After"}}, "title": "ResignCertificateMessage", "type": "object"}, "ReasonFlags": {"description": "An enumeration for CRL reasons.\n\nThis enumeration is a copy of ``cryptography.x509.ReasonFlags``. We create a copy because any change\nin the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems\nwith your Django project.", "enum": ["unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "privilegeWithdrawn", "aACompromise", "removeFromCRL"], "title": "ReasonFlags", "type": "string"}, "RevokeCertificateSchema": {"description": "Schema for revoking certificates.", "properties": {"compromised": {"anyOf": [{"format": "date-time", "type": "string"}, {"type": "null"}], "description": "When the certificate was compromised.", "title": "Compromised"}, "reason": {"allOf": [{"$ref": "#/components/schemas/ReasonFlags"}], "default": "unspecified", "description": "The reason why the certificate was revoked. Valid values are `unspecified`,\n        `keyCompromise`, `cACompromise`, `affiliationChanged`, `superseeded`, `cessationOfOperation`, \n        `certificateHold`, `privilegeWithdrawn`, `aACompromise` and `removeFromCRL`."}}, "title": "RevokeCertificateSchema", "type": "object"}}, "securitySchemes": {"BasicAuth": {"type": "http", "scheme": "basic"}}}, "servers": []}