Simple reusable django app implementing x509 PKI certificates management.
Want to help OpenWISP? Find out how to help us grow here.
Table of Contents:
- Current features
- Project goals
- Dependencies
- Install stable version from pypi
- Install development version
- Setup (integrate in an existing django project)
- Installing for development
- Install and run on docker
- Settings
DJANGO_X509_DEFAULT_CERT_VALIDITYDJANGO_X509_DEFAULT_CA_VALIDITYDJANGO_X509_DEFAULT_KEY_LENGTHDJANGO_X509_DEFAULT_DIGEST_ALGORITHMDJANGO_X509_CA_BASIC_CONSTRAINTS_CRITICALDJANGO_X509_CA_BASIC_CONSTRAINTS_PATHLENDJANGO_X509_CA_KEYUSAGE_CRITICALDJANGO_X509_CA_KEYUSAGE_VALUEDJANGO_X509_CERT_KEYUSAGE_CRITICALDJANGO_X509_CERT_KEYUSAGE_VALUEDJANGO_X509_CRL_PROTECTED
- Extending django-x509
- Contributing
- Changelog
- License
- Support
- CA generation
- Import existing CAs
- End entity certificate generation
- Import existing certificates
- Certificate revocation
- CRL view (public or protected)
- Possibility to specify x509 extensions on each certificate
- Random serial numbers based on uuid4 integers (see why is this a good idea)
- Possibility to generate and import passphrase protected x509 certificates/CAs
- Passphrase protected x509 content will be shown encrypted in the web UI
- provide a simple and reusable x509 PKI management django app
- provide abstract models that can be imported and extended in larger django projects
- Python 2.7 or Python >= 3.4
- OpenSSL
Install from pypi:
pip install django-x509Install tarball:
pip install https://github.com/openwisp/django-x509/tarball/masterAlternatively you can install via pip using git:
pip install -e git+git://github.com/openwisp/django-x509#egg=django-x509If you want to contribute, install your cloned fork:
git clone git@github.com:<your_fork>/django-x509.git
cd django-x509
python setup.py developAdd django_x509 to INSTALLED_APPS:
INSTALLED_APPS = [
# other apps
'django_x509',
]Add the URLs to your main urls.py:
from django.contrib import admin
urlpatterns = [
# ... other urls in your project ...
url(r'admin/', admin.site.urls),
]Then run:
./manage.py migrateInstall sqlite:
sudo apt-get install sqlite3 libsqlite3-devInstall your forked repo:
git clone git://github.com/<your_fork>/django-x509
cd django-x509/
python setup.py developInstall test requirements:
pip install -r requirements-test.txtCreate database:
cd tests/
./manage.py migrate
./manage.py createsuperuserLaunch development server:
./manage.py runserverYou can access the admin interface at http://127.0.0.1:8000/admin/.
Run tests with:
./runtests.pyBuild from docker file:
sudo docker build -t openwisp/djangox509 .Run the docker container:
sudo docker run -it -p 8000:8000 openwisp/djangox509| type: | int |
| default: | 365 |
Default validity period (in days) when creating new x509 certificates.
| type: | int |
| default: | 3650 |
Default validity period (in days) when creating new Certification Authorities.
| type: | int |
| default: | 2048 |
Default key length for new CAs and new certificates.
Must be one of the following values:
512102420484096
| type: | str |
| default: | sha256 |
Default digest algorithm for new CAs and new certificates.
Must be one of the following values:
sha1sha224sha256sha384sha512
| type: | bool |
| default: | True |
Whether the basicConstraint x509 extension must be flagged as critical when creating new CAs.
| type: | int or None |
| default: | 0 |
Value of the pathLenConstraint of basicConstraint x509 extension used when creating new CAs.
When this value is a positive int it represents the maximum number of non-self-issued
intermediate certificates that may follow the generated certificate in a valid certification path.
Set this value to None to avoid imposing any limit.
| type: | bool |
| default: | True |
Whether the keyUsage x509 extension should be flagged as "critical" for new CAs.
| type: | str |
| default: | cRLSign, keyCertSign |
Value of the keyUsage x509 extension for new CAs.
| type: | bool |
| default: | False |
Whether the keyUsage x509 extension should be flagged as "critical" for new
end-entity certificates.
| type: | str |
| default: | digitalSignature, keyEncipherment |
Value of the keyUsage x509 extension for new end-entity certificates.
| type: | bool |
| default: | False |
Whether the view for downloading Certificate Revocation Lists should be protected with authentication or not.
django-x509 provides a set of models and admin classes which can be imported, extended and reused by third party apps.
To extend django-x509, you MUST NOT add it to settings.INSTALLED_APPS,
but you must create your own app (which goes into settings.INSTALLED_APPS), import the
base classes from django-x509 and add your customizations.
In order to help django find the static files and templates of django-x509, you need to perform the steps described below.
Install (and add to the requirement of your project) openwisp-utils:
pip install openwisp-utils
Add the following to your settings.py:
EXTENDED_APPS = ('django_x509',)Add openwisp_utils.staticfiles.DependencyFinder to
STATICFILES_FINDERS in your settings.py:
STATICFILES_FINDERS = [
'django.contrib.staticfiles.finders.FileSystemFinder',
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
'openwisp_utils.staticfiles.DependencyFinder',
]Add openwisp_utils.loaders.DependencyLoader to TEMPLATES in your settings.py:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'OPTIONS': {
'loaders': [
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
'openwisp_utils.loaders.DependencyLoader',
],
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
}
]This example provides an example of how to extend the base models of django-x509 by adding a relation to another django model named Organization.
# models.py of your app
from django.db import models
from django_x509.base.models import AbstractCa, AbstractCert
# the model ``organizations.Organization`` is omitted for brevity
# if you are curious to see a real implementation, check out django-organizations
class OrganizationMixin(models.Model):
organization = models.ForeignKey('organizations.Organization')
class Meta:
abstract = True
class Ca(OrganizationMixin, AbstractCa):
class Meta(AbstractCa.Meta):
abstract = False
def clean(self):
# your own validation logic here...
pass
class Cert(OrganizationMixin, AbstractCert):
ca = models.ForeignKey(Ca)
class Meta(AbstractCert.Meta):
abstract = False
def clean(self):
# your own validation logic here...
passFollowing the previous Organization example, you can avoid duplicating the admin code by importing the base admin classes and registering your models with.
# admin.py of your app
from django.contrib import admin
from django_x509.base.admin import CaAdmin as BaseCaAdmin
from django_x509.base.admin import CertAdmin as BaseCertAdmin
from .models import Ca, Cert
class CaAdmin(BaseCaAdmin):
# extend/modify the default behaviour here
pass
class CertAdmin(BaseCertAdmin):
# extend/modify the default behaviour here
pass
admin.site.register(Ca, CaAdmin)
admin.site.register(Cert, CertAdmin)Please read the OpenWISP contributing guidelines and also keep in mind the following:
- Announce your intentions in the OpenWISP Mailing List
- Fork this repo and install it
- Follow PEP8, Style Guide for Python Code
- Write code
- Write tests for your code
- Ensure all tests pass
- Ensure test coverage does not decrease
- Document your changes
- Send pull request
See CHANGES.
See LICENSE.