Reusable django app to generate and manage x509 certificates
Project description
Simple reusable django app implementing x509 PKI certificates management.
Current features
CA generation
Import existing CAs
End entity certificate generation
Import existing certificates
Certificate revocation
CRL view (public or protected)
Possibility to specify x509 extensions on each certificate
Random serial numbers based on uuid4 integers (see why is this a good idea)
Project goals
provide a simple and reusable x509 PKI management django app
provide abstract models that can be imported and extended in larger django projects
Dependencies
Python 2.7 or Python >= 3.4
OpenSSL
Install stable version from pypi
Install from pypi:
pip install django-x509
Install development version
Install tarball:
pip install https://github.com/openwisp/django-x509/tarball/master
Alternatively you can install via pip using git:
pip install -e git+git://github.com/openwisp/django-x509#egg=django-x509
If you want to contribute, install your cloned fork:
git clone git@github.com:<your_fork>/django-x509.git
cd django-x509
python setup.py develop
Setup (integrate in an existing django project)
Add django_x509 to INSTALLED_APPS:
INSTALLED_APPS = [
# other apps
'django_x509',
]
Add the URLs to your main urls.py:
urlpatterns = [
# ... other urls in your project ...
# django-x509 urls
# keep the namespace argument unchanged
url(r'^', include('django_x509.urls', namespace='x509')),
]
Then run:
./manage.py migrate
Installing for development
Install sqlite:
sudo apt-get install sqlite3 libsqlite3-dev
Install your forked repo:
git clone git://github.com/<your_fork>/django-x509
cd django-x509/
python setup.py develop
Install test requirements:
pip install -r requirements-test.txt
Create database:
cd tests/
./manage.py migrate
./manage.py createsuperuser
Launch development server:
./manage.py runserver
You can access the admin interface at http://127.0.0.1:8000/admin/.
Run tests with:
./runtests.py
Install and run on docker
Build from docker file:
sudo docker build -t openwisp/djangox509 .
Run the docker container:
sudo docker run -it -p 8000:8000 openwisp/djangox509
Settings
DJANGO_X509_DEFAULT_CERT_VALIDITY
type: |
int |
default: |
365 |
Default validity period (in days) when creating new x509 certificates.
DJANGO_X509_DEFAULT_CA_VALIDITY
type: |
int |
default: |
3650 |
Default validity period (in days) when creating new Certification Authorities.
DJANGO_X509_DEFAULT_KEY_LENGTH
type: |
int |
default: |
2048 |
Default key length for new CAs and new certificates.
Must be one of the following values:
512
1024
2048
4096
DJANGO_X509_DEFAULT_DIGEST_ALGORITHM
type: |
str |
default: |
sha256 |
Default digest algorithm for new CAs and new certificates.
Must be one of the following values:
sha1
sha224
sha256
sha384
sha512
DJANGO_X509_CA_BASIC_CONSTRAINTS_CRITICAL
type: |
bool |
default: |
True |
Whether the basicConstraint x509 extension must be flagged as critical when creating new CAs.
DJANGO_X509_CA_BASIC_CONSTRAINTS_PATHLEN
type: |
int or None |
default: |
0 |
Value of the pathLenConstraint of basicConstraint x509 extension used when creating new CAs.
When this value is a positive int it represents the maximum number of non-self-issued intermediate certificates that may follow the generated certificate in a valid certification path.
Set this value to None to avoid imposing any limit.
DJANGO_X509_CA_KEYUSAGE_CRITICAL
type: |
bool |
default: |
True |
Whether the keyUsage x509 extension should be flagged as “critical” for new CAs.
DJANGO_X509_CA_KEYUSAGE_VALUE
type: |
str |
default: |
cRLSign, keyCertSign |
Value of the keyUsage x509 extension for new CAs.
DJANGO_X509_CERT_KEYUSAGE_CRITICAL
type: |
bool |
default: |
False |
Whether the keyUsage x509 extension should be flagged as “critical” for new end-entity certificates.
DJANGO_X509_CERT_KEYUSAGE_VALUE
type: |
str |
default: |
digitalSignature, keyEncipherment |
Value of the keyUsage x509 extension for new end-entity certificates.
DJANGO_X509_CRL_PROTECTED
type: |
bool |
default: |
False |
Whether the view for downloading Certificate Revocation Lists should be protected with authentication or not.
Extending django-x509
django-x509 provides a set of models and admin classes which can be imported, extended and reused by third party apps.
To extend django-x509, you MUST NOT add it to settings.INSTALLED_APPS, but you must create your own app (which goes into settings.INSTALLED_APPS), import the base classes from django-x509 and add your customizations.
Extending models
This example provides an example of how to extend the base models of django-x509 by adding a relation to another django model named Organization.
# models.py of your app
from django.db import models
from django_x509.base.models import AbstractCa, AbstractCert
# the model ``organizations.Organization`` is omitted for brevity
# if you are curious to see a real implementation, check out django-organizations
class OrganizationMixin(models.Model):
organization = models.ForeignKey('organizations.Organization')
class Meta:
abstract = True
class Ca(OrganizationMixin, AbstractCa):
class Meta(AbstractCa.Meta):
abstract = False
def clean(self):
# your own validation logic here...
pass
class Cert(OrganizationMixin, AbstractCert):
ca = models.ForeignKey(Ca)
class Meta(AbstractCert.Meta):
abstract = False
def clean(self):
# your own validation logic here...
pass
Extending the admin
Following the previous Organization example, you can avoid duplicating the admin code by importing the base admin classes and registering your models with.
# admin.py of your app
from django.contrib import admin
from django_x509.base.admin import CaAdmin as BaseCaAdmin
from django_x509.base.admin import CertAdmin as BaseCertAdmin
from .models import Ca, Cert
class CaAdmin(BaseCaAdmin):
# extend/modify the default behaviour here
pass
class CertAdmin(BaseCertAdmin):
# extend/modify the default behaviour here
pass
admin.site.register(Ca, CaAdmin)
admin.site.register(Cert, CertAdmin)
Contributing
Announce your intentions in the OpenWISP Mailing List
Fork this repo and install it
Write code
Write tests for your code
Ensure all tests pass
Ensure test coverage does not decrease
Document your changes
Send pull request
Changelog
See CHANGES.
License
See LICENSE.
Support
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-x509-0.3.3.tar.gz
.
File metadata
- Download URL: django-x509-0.3.3.tar.gz
- Upload date:
- Size: 31.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0e4f200eb7cb92646e3c5c3db04e414d7b9cc111c675c979d4887cb1b668f7f6 |
|
MD5 | e25834426646d5312cc07dab691ca53a |
|
BLAKE2b-256 | a3d7f277e87865005f2ffcf290af55760f8112aa8099e25b14743b6ea908ec90 |
Provenance
File details
Details for the file django_x509-0.3.3-py2.py3-none-any.whl
.
File metadata
- Download URL: django_x509-0.3.3-py2.py3-none-any.whl
- Upload date:
- Size: 36.4 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0cf3a5c10e51392122d56035170ed1b496d50ab5f5e20b68dcea08f4b2d52fd9 |
|
MD5 | 636f5933c77d35d139ded8fb4909c5c1 |
|
BLAKE2b-256 | 15dbdec9532a7ef990b0111d79547fcf6b5921ffdc805b289fc575b8154229e4 |