5.2.5. xgt.PKIAuth

class xgt.PKIAuth(ssl_root_dir=None, ssl_server_cert=None, ssl_client_cert=None, ssl_client_key=None)

PKI-based authentication. Will derive user ID from information in the required x509 client certificate. Automatically enables mutual TLS for connecting to the server.

New in version 1.15.0.

Parameters:
  • ssl_root_dir (str) – Path to the root folder for ssl certificates and private keys. Defaults to the user’s home directory.

  • ssl_server_cert (str) – File containing the certificate chain that validates the server’s certificate. Defaults to ssl_root_dir + ‘/certs/ca-chain.cert.pem’.

  • ssl_client_cert (str) – File containing the client’s certificate. Defaults to ssl_root_dir + ‘/certs/client.cert.pem’

  • ssl_client_key (str) – File containing the client’s key. Defaults to ssl_root_dir + ‘/private/client.key.pem’

New in version 1.16.0.

Methods

__init__([ssl_root_dir, ssl_server_cert, ...])

Constructor for PKIAuth.

Attributes

ssl_client_cert

The location of the file with the client's certificate.

ssl_client_key

The location of the file with the client's key.

ssl_root_dir

The SSL certificate directory.

ssl_server_cert

The location of the file with the certificate chain validating the server certificate.

__init__(ssl_root_dir=None, ssl_server_cert=None, ssl_client_cert=None, ssl_client_key=None)

Constructor for PKIAuth. Called when PKIAuth is created.

property ssl_client_cert: str

The location of the file with the client’s certificate.

Type:

str

property ssl_client_key: str

The location of the file with the client’s key.

Type:

str

property ssl_root_dir: str

The SSL certificate directory.

Type:

str

property ssl_server_cert: str

The location of the file with the certificate chain validating the server certificate.

Type:

str