Skip to content

Commit

Permalink
update changelog and docs
Browse files Browse the repository at this point in the history
  • Loading branch information
mathiasertl committed Dec 26, 2024
1 parent 23e6798 commit 535072c
Show file tree
Hide file tree
Showing 8 changed files with 157 additions and 1 deletion.
10 changes: 10 additions & 0 deletions ca/django_ca/pydantic/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,23 @@

from django_ca.pydantic.extension_attributes import (
AccessDescriptionModel,
AdmissionModel,
AdmissionsValueModel,
AuthorityKeyIdentifierValueModel,
BasicConstraintsValueModel,
DistributionPointModel,
MSCertificateTemplateValueModel,
NameConstraintsValueModel,
NamingAuthorityModel,
NoticeReferenceModel,
PolicyConstraintsValueModel,
PolicyInformationModel,
ProfessionInfoModel,
UnrecognizedExtensionValueModel,
UserNoticeModel,
)
from django_ca.pydantic.extensions import (
AdmissionsModel,
AuthorityInformationAccessModel,
AuthorityKeyIdentifierModel,
BasicConstraintsModel,
Expand Down Expand Up @@ -57,6 +62,9 @@

__all__ = (
"AccessDescriptionModel",
"AdmissionModel",
"AdmissionsModel",
"AdmissionsValueModel",
"AuthorityInformationAccessModel",
"AuthorityKeyIdentifierModel",
"AuthorityKeyIdentifierValueModel",
Expand All @@ -79,6 +87,7 @@
"NameConstraintsModel",
"NameConstraintsValueModel",
"NameModel",
"NamingAuthorityModel",
"NoticeReferenceModel",
"OCSPNoCheckModel",
"OtherNameModel",
Expand All @@ -87,6 +96,7 @@
"PolicyInformationModel",
"PrecertPoisonModel",
"PrecertificateSignedCertificateTimestampsModel",
"ProfessionInfoModel",
"SignedCertificateTimestampsModel",
"SubjectAlternativeNameModel",
"SubjectInformationAccessModel",
Expand Down
12 changes: 12 additions & 0 deletions ca/django_ca/pydantic/extensions.py
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,18 @@ class AdmissionsModel(AdmissionsModelBase): # pragma: only cryptography>=44.0
.. NOTE:: This class will not be able to produce a cryptography instance when using ``cryptography<44``.
.. versionadded:: 2.1.0
The `value` is a :py:class:`~django_ca.pydantic.extension_attributes.AdmissionsValueModel`:
.. pydantic-model:: admissions_model
The model supports an arbitrary number of :py:class:`Admission
<django_ca.pydantic.extension_attributes.AdmissionModel>` and :py:class:`ProfessionInfo
<django_ca.pydantic.extension_attributes.ProfessionInfoModel>` instances:
.. pydantic-model:: admissions_model_complex
test
"""

model_config = ConfigDict(from_attributes=True)
Expand Down
13 changes: 12 additions & 1 deletion docs/source/changelog/TBR_2.1.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Docker image
************

* The main Docker image is now based off Debian instead of Alpine. The Alpine image is still provided with the
``-alpine`` suffix (e.g. ``mathiasertl/django-ca:2.1.0-alpine`).
``-alpine`` suffix (e.g. ``mathiasertl/django-ca:2.1.0-alpine``).

****************************
Certificate Revocation Lists
Expand All @@ -33,6 +33,8 @@ Key backends
* Add a :ref:`db_backend` to allow storing private keys in the database. This backend makes the private key
accessible to any frontend-facing web server and is thus less secure then other backends, but is an
option if your environment has no file system available.
* Remove the ``get_ocsp_key_size()` and ``get_ocsp_key_elliptic_curve`` from the core key backend interface,
as they are now handled by :ref:`ocsp_key_backends`.

**********************
Command-line utilities
Expand All @@ -45,6 +47,15 @@ Command-line utilities
* **BACKWARDS INCOMPATIBLE:** The ``--algorithm`` parameter to :command:`manage.py dump_crl` no longer has
any effect and will be removed in django-ca 2.3.0.

********
REST API
********

* When requesting a new certificate, validate the submitted CSR before relaying the order to the backend
(fixes `#152 <https://github.com/mathiasertl/django-ca/issues/152>`_).
* Support for the :py:class:`Admissions extension <django_ca.pydantic.extensions.AdmissionsModel>` when
``cryptography>=44`` is used.

********
Settings
********
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
from cryptography import x509
from cryptography.x509.oid import ExtensionOID

profession_info_one = x509.ProfessionInfo(
naming_authority=None,
profession_items=["info"],
profession_oids=None,
registration_number=None,
add_profession_info=None,
)
profession_info_two = x509.ProfessionInfo(
naming_authority=x509.NamingAuthority(
id=x509.ObjectIdentifier("1.2.3"),
url="https://sub.naming.example.com",
text="naming authority for second info model",
),
profession_items=["info one", "info two"],
profession_oids=[x509.ObjectIdentifier("1.2.4"), x509.ObjectIdentifier("1.2.5")],
registration_number="abc",
add_profession_info=b"\x90",
)
admission_one = x509.Admission(
admission_authority=None,
naming_authority=None,
profession_infos=[profession_info_one],
)
admission_two = x509.Admission(
admission_authority=x509.UniformResourceIdentifier("https://example.com"),
naming_authority=x509.NamingAuthority(
id=x509.ObjectIdentifier("1.2.3"),
url="https://naming.example.com",
text="some text",
),
profession_infos=[profession_info_one, profession_info_two],
)
x509.Extension(
critical=False,
oid=ExtensionOID.ADMISSIONS,
value=x509.Admissions(
authority=x509.UniformResourceIdentifier("https://example.com"),
admissions=[admission_one, admission_two],
),
)
41 changes: 41 additions & 0 deletions docs/source/include/pydantic/admissions_model_complex_model.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
from django_ca.pydantic import (
AdmissionModel,
AdmissionsModel,
AdmissionsValueModel,
GeneralNameModel,
NamingAuthorityModel,
ProfessionInfoModel,
)

AdmissionsModel(
value=AdmissionsValueModel(
authority=GeneralNameModel(type="URI", value="https://example.com"),
admissions=[
AdmissionModel(
profession_infos=[ProfessionInfoModel(profession_items=["info"])]
),
AdmissionModel(
admission_authority=GeneralNameModel(
type="URI", value="https://example.com"
),
naming_authority=NamingAuthorityModel(
id="1.2.3", url="https://naming.example.com", text="some text"
),
profession_infos=[
ProfessionInfoModel(profession_items=["info"]),
ProfessionInfoModel(
naming_authority=NamingAuthorityModel(
id="1.2.3",
url="https://sub.naming.example.com",
text="naming authority for second info model",
),
profession_items=["info one", "info two"],
profession_oids=["1.2.4", "1.2.5"],
registration_number="abc",
add_profession_info="kA==",
),
],
),
],
)
)
20 changes: 20 additions & 0 deletions docs/source/include/pydantic/admissions_model_cryptography.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
from cryptography import x509
from cryptography.x509.oid import ExtensionOID

profession_info = x509.ProfessionInfo(
naming_authority=None,
profession_items=["info"],
profession_oids=None,
registration_number=None,
add_profession_info=None,
)
admission = x509.Admission(
admission_authority=None,
naming_authority=None,
profession_infos=[profession_info],
)
x509.Extension(
critical=False,
oid=ExtensionOID.ADMISSIONS,
value=x509.Admissions(authority=None, admissions=[admission]),
)
17 changes: 17 additions & 0 deletions docs/source/include/pydantic/admissions_model_model.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
from django_ca.pydantic import (
AdmissionModel,
AdmissionsModel,
AdmissionsValueModel,
GeneralNameModel,
ProfessionInfoModel,
)

AdmissionsModel(
value=AdmissionsValueModel(
admissions=[
AdmissionModel(
profession_infos=[ProfessionInfoModel(profession_items=["info"])]
)
],
)
)
2 changes: 2 additions & 0 deletions docs/source/python/pydantic.rst
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ Extensions

.. automodule:: django_ca.pydantic.extensions

.. autoclass:: django_ca.pydantic.AdmissionsModel

.. autoclass:: django_ca.pydantic.AuthorityInformationAccessModel

.. autoclass:: django_ca.pydantic.AuthorityKeyIdentifierModel
Expand Down

0 comments on commit 535072c

Please sign in to comment.