namespace the rest of the oids
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index 82e8361..3e6420e 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -25,12 +25,9 @@
)
from cryptography.x509.name import Name, NameAttribute
from cryptography.x509.oid import (
- ExtensionOID, NameOID, OID_ANY_POLICY,
- OID_CA_ISSUERS, OID_CERTIFICATE_ISSUER, OID_CLIENT_AUTH,
- OID_CODE_SIGNING, OID_CPS_QUALIFIER, OID_CPS_USER_NOTICE, OID_CRL_REASON,
- OID_EMAIL_PROTECTION, OID_INVALIDITY_DATE, OID_OCSP, OID_OCSP_SIGNING,
- OID_SERVER_AUTH, OID_TIME_STAMPING,
- SignatureAlgorithmOID, _SIG_OIDS_TO_HASH
+ AuthorityInformationAccessOID, CRLExtensionOID, CertificatePoliciesOID,
+ ExtendedKeyUsageOID, ExtensionOID, NameOID, SignatureAlgorithmOID,
+ _SIG_OIDS_TO_HASH
)
@@ -84,6 +81,24 @@
OID_SURNAME = NameOID.SURNAME
OID_TITLE = NameOID.TITLE
+OID_CLIENT_AUTH = ExtendedKeyUsageOID.CLIENT_AUTH
+OID_CODE_SIGNING = ExtendedKeyUsageOID.CODE_SIGNING
+OID_EMAIL_PROTECTION = ExtendedKeyUsageOID.EMAIL_PROTECTION
+OID_OCSP_SIGNING = ExtendedKeyUsageOID.OCSP_SIGNING
+OID_SERVER_AUTH = ExtendedKeyUsageOID.SERVER_AUTH
+OID_TIME_STAMPING = ExtendedKeyUsageOID.TIME_STAMPING
+
+OID_ANY_POLICY = CertificatePoliciesOID.ANY_POLICY
+OID_CPS_QUALIFIER = CertificatePoliciesOID.CPS_QUALIFIER
+OID_CPS_USER_NOTICE = CertificatePoliciesOID.CPS_USER_NOTICE
+
+OID_CERTIFICATE_ISSUER = CRLExtensionOID.CERTIFICATE_ISSUER
+OID_CRL_REASON = CRLExtensionOID.CRL_REASON
+OID_INVALIDITY_DATE = CRLExtensionOID.INVALIDITY_DATE
+
+OID_CA_ISSUERS = AuthorityInformationAccessOID.CA_ISSUERS
+OID_OCSP = AuthorityInformationAccessOID.OCSP
+
__all__ = [
"load_pem_x509_certificate",
@@ -136,20 +151,8 @@
"CertificateSigningRequestBuilder",
"CertificateBuilder",
"Version",
- "OID_CRL_REASON",
- "OID_INVALIDITY_DATE",
- "OID_CERTIFICATE_ISSUER",
"_SIG_OIDS_TO_HASH",
- "OID_CPS_QUALIFIER",
- "OID_CPS_USER_NOTICE",
- "OID_ANY_POLICY",
"OID_CA_ISSUERS",
"OID_OCSP",
- "OID_SERVER_AUTH",
- "OID_CLIENT_AUTH",
- "OID_CODE_SIGNING",
- "OID_EMAIL_PROTECTION",
- "OID_TIME_STAMPING",
- "OID_OCSP_SIGNING",
"_GENERAL_NAMES",
]
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 8eabee8..4f0d11e 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -21,7 +21,7 @@
from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
from cryptography.x509.name import Name
from cryptography.x509.oid import (
- ExtensionOID, OID_CA_ISSUERS, OID_OCSP, ObjectIdentifier
+ AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier
)
@@ -359,7 +359,8 @@
class AccessDescription(object):
def __init__(self, access_method, access_location):
- if not (access_method == OID_OCSP or access_method == OID_CA_ISSUERS):
+ if not (access_method == AuthorityInformationAccessOID.OCSP or
+ access_method == AuthorityInformationAccessOID.CA_ISSUERS):
raise ValueError(
"access_method must be OID_OCSP or OID_CA_ISSUERS"
)
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index 911343e..9fabab7 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -54,9 +54,10 @@
OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
-OID_CRL_REASON = ObjectIdentifier("2.5.29.21")
-OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
-OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
+class CRLExtensionOID(object):
+ CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
+ CRL_REASON = ObjectIdentifier("2.5.29.21")
+ INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
class NameOID(object):
@@ -110,19 +111,25 @@
SignatureAlgorithmOID.DSA_WITH_SHA256.dotted_string: hashes.SHA256()
}
-OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
-OID_CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
-OID_CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
-OID_EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
-OID_TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
-OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
-OID_CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
-OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
+class ExtendedKeyUsageOID(object):
+ SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
+ CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
+ CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
+ EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
+ TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
+ OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
-OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
-OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
-OID_ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
+
+class AuthorityInformationAccessOID(object):
+ CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
+ OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
+
+
+class CertificatePoliciesOID(object):
+ CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
+ CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
+ ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
_OID_NAMES = {
NameOID.COMMON_NAME: "commonName",
@@ -154,21 +161,21 @@
SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
- OID_SERVER_AUTH: "serverAuth",
- OID_CLIENT_AUTH: "clientAuth",
- OID_CODE_SIGNING: "codeSigning",
- OID_EMAIL_PROTECTION: "emailProtection",
- OID_TIME_STAMPING: "timeStamping",
- OID_OCSP_SIGNING: "OCSPSigning",
+ ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth",
+ ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth",
+ ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning",
+ ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection",
+ ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping",
+ ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning",
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
ExtensionOID.KEY_USAGE: "keyUsage",
ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
- OID_CRL_REASON: "cRLReason",
- OID_INVALIDITY_DATE: "invalidityDate",
- OID_CERTIFICATE_ISSUER: "certificateIssuer",
+ CRLExtensionOID.CRL_REASON: "cRLReason",
+ CRLExtensionOID.INVALIDITY_DATE: "invalidityDate",
+ CRLExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer",
ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
@@ -181,8 +188,8 @@
ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
- OID_OCSP: "OCSP",
- OID_CA_ISSUERS: "caIssuers",
- OID_CPS_QUALIFIER: "id-qt-cps",
- OID_CPS_USER_NOTICE: "id-qt-unotice",
+ AuthorityInformationAccessOID.OCSP: "OCSP",
+ AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
+ CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",
+ CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice",
}