knox.certificate¶

Apache Software License 2.0

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

class knox.certificate.Cert(settings: dynaconf.base.LazySettings, common_name=None)[source]¶

Bases: knox.backend.store_object.StoreObject

Object representation of a TLS certificate

class CertTypes[source]¶

Bases: enum.Enum

An enumeration.

DER = 2¶

PEM = 1¶

PFX = 3¶

valid = <bound method Cert.CertTypes.valid of <enum 'CertTypes'>>[source]¶

DER = 2¶

PEM = 1¶

PFX = 3¶

_body = None¶: String representation of private, chain and public portions of certificate as a map/json

_common_name = None¶: Defaults to value from certificate

_data = None¶: Combined body and info map

_file = None¶: Raw file contents of certificate

_info = None¶: Certificate details

_jinja = None¶: Template engine

_mount = None¶: Based on certificate its mount is either KNOX_VAULT_MOUNT or KNOX_VAULT_MOUNT/client

_path = None¶: Objects stored using <mount><path><name><type>

_policy = None¶: Vault access policy, gen from jinja template, explicit to instance of cert

_type = None¶: Certificate type identifier

_x509 = None¶: Parsed data object from raw file

body() → str[source]¶: Content to persist, typically JSON

chain¶: Unless its a dict, its not loaded yet

data¶: Content to persist, typically JSON

generate() → None[source]¶: Generate certificate for a given common name

info() → str[source]¶: Object metadata

isValid() → bool[source]¶: Check certificate validity period

issuer() → str[source]¶: Return the certificate issuer details

key_details() → str[source]¶: Return characteristics of key used to generate the certificate

load(pub: str, key: str, certtype: enum.Enum = <CertTypes.PEM: 1>, chain: str = None) → None[source]¶

Read in components of a certificate, given filename paths for each

Parameters:	pub (str) – File name of public portion of key key (str) – File name of private portion of key chain (str) – File name of intermediate certificates. Optional as they could be in pub certtype (Enum) – Enum of certificate types [PEM=1, DER=2]

load_x509(path: str) → None[source]¶

Given path to PEM x509 read in certificate

Parameters:	path (str) – File path to x509 PEM file

static md5(obj: {}) → str¶

mount¶

name¶: Object name

path¶: Path attribute

path_name¶: Convenience method to generate path/name for store

policy() → str[source]¶

policy_mount¶

private¶: Unless its a dict, its not loaded yet

public¶: Convenience method for Jinja2 templates. Jinja2 does not process the string if it has carriage returns.

subject() → str[source]¶: Return the certificate subject details

subjectaltnames() → str[source]¶: Return Subject alternate names

static to_store_path(common_name: str) → str[source]¶

Generate a backend store path based on the certificates common name www.example.com becomes /com/example/www

return: str

type¶

classmethod valid_name(value: str) → str[source]¶: Some engines might have problems with astrix, as they are used for glob searching and or RBAC. Replace it with the key word ‘wildcard’. This does not affect the actual certificate.

validity() → str[source]¶: Return the certificates dates of validity

version¶: Object version