django_ca.extensions - X509 extensions

This module provides some small helper functions for handling extensions.

django_ca.extensions.parse_extension(key: str, value: Extension[ExtensionType] | ExtensionType | ParsableExtension) → Extension[ExtensionType]

Parse a serialized extension into a cryptography object.

This function is used by django_ca.profiles - Certificate profiles to parse configured extensions into standard cryptography extensions. If you need to parse a similar object, use this function.

The value is usually a dict as described in profiles but for convenience, may also be a Extension, in which case the extension is returned unchanged. If you pass a ExtensionType, an extension with the default critical value is returned.

>>> parse_extension("key_usage", {'critical': True, 'value': ['keyCertSign']})  
<Extension(..., critical=True, value=<KeyUsage(... key_cert_sign=True, ...)>)>

Parameters:

keystr

The key is the extension key used in the dictionary to name the extension, it must match one of the keys in EXTENSION_KEYS.

valuedict, ExtensionType or Extension

The value that describes the extension. See Profiles for more information.

django_ca.extensions.get_extension_name(oid: ObjectIdentifier) → str

Function to get the name of an extension from the extensions OID.

>>> from cryptography.x509.oid import ExtensionOID
>>> get_extension_name(ExtensionOID.BASIC_CONSTRAINTS)
'Basic Constraints'
>>> get_extension_name(x509.ObjectIdentifier("1.2.3"))
'Unknown extension (1.2.3)'