Whenever you need to communicate with a server that is not trusted by your system's certificate store or need an additional level of assurance against MitM attacks, you should Dataview's certificate pinning mechanism. This will ensure that Dataview only communicates with the server you intend it to.

If a user needs to provide a certificate, they should be asked for a PEM file. The PEM file can be converted into a string with all newlines encoded for storage within a JSON document.

The code for the storing pinned certificates is located in dataview/models.py (X509Certificate). The functions create_from_str() and get_file_from_str() can be used to store certificates and look them up based on their SHA256 thumbprint. This can be helpful when dealing with a library that only supports passing the certificate in as a file name.

The following is an example from Dataview's JSON RPC transport. Note that by handing this at a transport level it is not necessary to perform certificate pinning when adding additional automators or implementing extensions on top of Dataview

if self.certificate is not None:
    try:
        cert_file = X509Certificate.get_file_from_str(self.certificate)
    except ObjectDoesNotExist:
        cert_file = X509Certificate.create_from_str(self.certificate).file_name
    r = requests.post(self.target, data = json.dumps(req),
                      headers = { 'Authorization': 'Token ' + self.apikey },
                      verify=cert_file)