tiny_ca.models package

class tiny_ca.models.CAConfig(**data)

Bases: BaseCertificateConfig, BaseCertificateDataModel

Complete configuration for bootstrapping a self-signed root CA certificate.

Combines all Subject identity fields (BaseCertificateDataModel) with the cryptographic validity parameters (BaseCertificateConfig). Passed directly to CertificateFactory.build_self_signed_ca via config.model_dump().

Inherited attributes

common_namestr

CN for the CA. Default: "Internal CA".

organizationstr

O field. Default: "My Company".

countrystr

C field (ISO 3166-1 alpha-2). Default: "UA".

key_sizeint

RSA key size in bits. Default: 2048.

days_validint

Validity in days. Default: 3650.

valid_fromdatetime | None

Explicit validity start; None uses current UTC. Default: None.

Create a new model by parsing and validating input data from keyword arguments.

Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.

self is explicitly positional-only to allow self as a field name.

model_config: ClassVar[ConfigDict] = {'arbitrary_types_allowed': True}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

Parameters:

• common_name (str)

• organization (str)

• country (str)

• key_size (int)

• days_valid (int)

• valid_from (datetime | None)

class tiny_ca.models.ClientConfig(**data)

Bases: CommonNameCertificate, BaseCertificateConfig

Configuration for issuing an end-entity (client or server) certificate.

Passed to CertificateFactory.issue_certificate via config.model_dump(exclude={"name"}).

Parameters:

• key_size (int)

• days_valid (int)

• valid_from (datetime | None)

• common_name (str)

• serial_type (CertType)

• is_client_cert (bool)

• is_server_cert (bool)

• san_dns (list[str] | None)

• san_ip (list[IPvAnyAddress] | None)

• email (EmailStr | None)

• name (str | None)

common_name

CN for the certificate Subject. Inherited from CommonNameCertificate. Default: "Internal CA".

Type:

str

key_size

RSA key size in bits. Inherited from BaseCertificateConfig. Default: 2048.

Type:

int

days_valid

Validity period in calendar days. Default: 3650.

Type:

int

valid_from

Explicit validity start. Default: None.

Type:

datetime | None

serial_type

Certificate category used when encoding the serial number. Default: CertType.SERVICE.

Type:

CertType

is_client_cert

When True, ClientAuth is added to the Extended Key Usage extension. Default: False.

Type:

bool

is_server_cert

When True, ServerAuth is added to the Extended Key Usage extension and the CN is included as a DNS Subject Alternative Name (RFC 2818 compliance). Default: True.

Type:

bool

san_dns

Additional DNS names for the Subject Alternative Name extension. Default: None.

Type:

list[str] | None

san_ip

IP addresses for the Subject Alternative Name extension. Accepts both IPv4 and IPv6. Default: None.

Type:

list[IPvAnyAddress] | None

email

Optional email address added as an emailAddress Subject attribute. Must be a valid RFC 5322 address if provided. Default: None.

Type:

EmailStr | None

name

Override for the output file basename used by BaseStorage. When None, the storage layer derives the name from common_name. This field is excluded from model_dump calls to the factory. Default: None.

Type:

str | None

Create a new model by parsing and validating input data from keyword arguments.

Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.

self is explicitly positional-only to allow self as a field name.

email: EmailStr | None

is_client_cert: bool

is_server_cert: bool

model_config: ClassVar[ConfigDict] = {'arbitrary_types_allowed': True}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

name: str | None

san_dns: list[str] | None

san_ip: list[IPvAnyAddress] | None

serial_type: CertType

Submodules

• tiny_ca.models.certificate module
  • Class hierarchy
  • BaseCertificateConfig
    • BaseCertificateConfig.key_size
    • BaseCertificateConfig.days_valid
    • BaseCertificateConfig.valid_from
    • BaseCertificateConfig.days_valid
    • BaseCertificateConfig.key_size
    • BaseCertificateConfig.model_config
    • BaseCertificateConfig.valid_from
  • BaseCertificateDataModel
    • BaseCertificateDataModel.common_name
    • BaseCertificateDataModel.organization
    • BaseCertificateDataModel.country
    • BaseCertificateDataModel.country
    • BaseCertificateDataModel.model_config
    • BaseCertificateDataModel.organization
  • CAConfig
    • CAConfig.model_config
  • CertificateDetails
    • CertificateDetails.common_name
    • CertificateDetails.country
    • CertificateDetails.extended_key_usage
    • CertificateDetails.fingerprint_sha256
    • CertificateDetails.is_ca
    • CertificateDetails.issuer_cn
    • CertificateDetails.key_usage
    • CertificateDetails.model_config
    • CertificateDetails.not_valid_after
    • CertificateDetails.not_valid_before
    • CertificateDetails.organization
    • CertificateDetails.public_key_size
    • CertificateDetails.san_dns
    • CertificateDetails.san_ip
    • CertificateDetails.serial_number
    • CertificateDetails.subject_key_identifier
  • CertificateInfo
    • CertificateInfo.organization
    • CertificateInfo.organizational_unit
    • CertificateInfo.country
    • CertificateInfo.state
    • CertificateInfo.locality
    • CertificateInfo.country
    • CertificateInfo.locality
    • CertificateInfo.model_config
    • CertificateInfo.organization
    • CertificateInfo.organizational_unit
    • CertificateInfo.state
  • ClientConfig
    • ClientConfig.common_name
    • ClientConfig.key_size
    • ClientConfig.days_valid
    • ClientConfig.valid_from
    • ClientConfig.serial_type
    • ClientConfig.is_client_cert
    • ClientConfig.is_server_cert
    • ClientConfig.san_dns
    • ClientConfig.san_ip
    • ClientConfig.email
    • ClientConfig.name
    • ClientConfig.email
    • ClientConfig.is_client_cert
    • ClientConfig.is_server_cert
    • ClientConfig.model_config
    • ClientConfig.name
    • ClientConfig.san_dns
    • ClientConfig.san_ip
    • ClientConfig.serial_type
  • CommonNameCertificate
    • CommonNameCertificate.common_name
    • CommonNameCertificate.common_name
    • CommonNameCertificate.model_config