`django_ca.views` - HTTP endpoints

Views for the django-ca app.

See also

class django_ca.views.GenericCAIssuersView(**kwargs)[source]

Generic view that returns a CA public key in DER format.

This view serves the URL named in the issuers key in the AuthorityInformationAccess extension.

class django_ca.views.GenericOCSPView(**kwargs)[source]

View providing auto-configured OCSP functionality.

This view loads the responder certificate via the OCSP key backend. The serial URL keyword argument must be the serial for this CA.

get_ocsp_response(ca: CertificateAuthority, builder: OCSPResponseBuilder) → HttpResponse | OCSPResponse[source]: Sign the OCSP request using cryptography keys.

class django_ca.views.OCSPView(**kwargs)[source]

View to provide an OCSP responder.

ca: str = '': The name or serial of your Certificate Authority.

ca_ocsp = False: If set to True, validate child CAs instead.

expires: timedelta = datetime.timedelta(seconds=600): Time in seconds that the responses remain valid. The default is 600 seconds or ten minutes.

fail(status: OCSPResponseStatus = <OCSPResponseStatus.INTERNAL_ERROR: 2>) → HttpResponse[source]: Generic method to return a failure response.

get_ca() → CertificateAuthority[source]: Get the certificate authority for the request.

get_ca_and_cert(cert_serial: str) → tuple[CertificateAuthority, Certificate | CertificateAuthority][source]: Get CA and certificate for this request.

get_cert(ca: CertificateAuthority, serial: str) → Certificate | CertificateAuthority[source]: Get the certificate that was requested in the OCSP request.

get_expires(ca: CertificateAuthority, now: datetime) → datetime[source]: Get the timestamp when the OCSP response expires.

get_ocsp_response(ca: CertificateAuthority, builder: OCSPResponseBuilder) → HttpResponse | OCSPResponse[source]: Sign the OCSP request using cryptography keys.

get_responder_cert() → Certificate[source]: Get the public key used to sign OCSP responses.

get_responder_key() → Ed25519PrivateKey | Ed448PrivateKey | RSAPrivateKey | DSAPrivateKey | EllipticCurvePrivateKey[source]: Get the private key used to sign OCSP responses.

get_responder_key_data() → bytes[source]: Read the file containing the private key used to sign OCSP responses.

http_response(data: bytes, status: int = HTTPStatus.OK) → HttpResponse[source]: Get an HTTP OCSP response with given status and data.

malformed_request() → HttpResponse[source]: Get a response for a malformed request.

process_ocsp_request(data: bytes) → HttpResponse[source]: Process OCSP request data.

responder_cert: Certificate | str = ''

Public key of the responder.

This may either be:

A serial of a certificate as stored in the database
The PEM of the certificate as string
A loaded Certificate

responder_key: str = '': Private key used for signing OCSP responses. A relative path used by the storage backend configured by CA_DEFAULT_STORAGE_ALIAS.