add oid attribute to all extension types
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 61971fe..29b8268 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -918,6 +918,14 @@
be used for more than one operation is to be restricted. It corresponds to
:data:`OID_KEY_USAGE`.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. attribute:: digital_signature
:type: bool
@@ -1010,6 +1018,14 @@
length restrictions may exist. It corresponds to
:data:`OID_BASIC_CONSTRAINTS`.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. attribute:: ca
:type: bool
@@ -1038,6 +1054,15 @@
purposes indicated in the key usage extension. The object is
iterable to obtain the list of :ref:`extended key usage OIDs <eku_oids>`.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
+
.. class:: OCSPNoCheck
.. versionadded:: 1.0
@@ -1051,6 +1076,14 @@
extension is only relevant when the certificate is an authorized OCSP
responder.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. class:: NameConstraints
.. versionadded:: 1.0
@@ -1060,6 +1093,14 @@
beneath the CA certificate must (or must not) be in. For specific details
on the way this extension should be processed see :rfc:`5280`.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. attribute:: permitted_subtrees
:type: list of :class:`GeneralName` objects or None
@@ -1087,6 +1128,14 @@
certificate chain. For more information about generation and use of this
extension see `RFC 5280 section 4.2.1.1`_.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. attribute:: key_identifier
:type: bytes
@@ -1113,6 +1162,14 @@
The subject key identifier extension provides a means of identifying
certificates that contain a particular public key.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. attribute:: digest
:type: bytes
@@ -1128,6 +1185,14 @@
of identities for which the certificate is valid. The object is iterable to
get every element.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. method:: get_values_for_type(type)
:param type: A :class:`GeneralName` provider. This is one of the
@@ -1158,6 +1223,14 @@
of identities for the certificate issuer. The object is iterable to
get every element.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. method:: get_values_for_type(type)
:param type: A :class:`GeneralName` provider. This is one of the
@@ -1176,6 +1249,14 @@
validation services (such as OCSP) and issuer data. It is an iterable,
containing one or more :class:`AccessDescription` instances.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. class:: AccessDescription
@@ -1206,6 +1287,14 @@
obtained. It is an iterable, containing one or more
:class:`DistributionPoint` instances.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. class:: DistributionPoint
.. versionadded:: 0.9
@@ -1304,6 +1393,14 @@
certificates issued by the subject of this certificate, but not in
additional certificates in the path.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
.. attribute:: skip_certs
:type: int
@@ -1315,6 +1412,14 @@
The certificate policies extension is an iterable, containing one or more
:class:`PolicyInformation` instances.
+ .. attribute:: oid
+
+ .. versionadded:: 1.0
+
+ :type: :class:`ObjectIdentifier`
+
+ The OID associated with this extension type.
+
Certificate Policies Classes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 0ddff72..c8380b1 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -314,6 +314,8 @@
class ExtendedKeyUsage(object):
+ oid = OID_EXTENDED_KEY_USAGE
+
def __init__(self, usages):
if not all(isinstance(x, ObjectIdentifier) for x in usages):
raise TypeError(
@@ -342,10 +344,12 @@
class OCSPNoCheck(object):
- pass
+ oid = OID_OCSP_NO_CHECK
class BasicConstraints(object):
+ oid = OID_BASIC_CONSTRAINTS
+
def __init__(self, ca, path_length):
if not isinstance(ca, bool):
raise TypeError("ca must be a boolean value")
@@ -382,6 +386,8 @@
class KeyUsage(object):
+ oid = OID_KEY_USAGE
+
def __init__(self, digital_signature, content_commitment, key_encipherment,
data_encipherment, key_agreement, key_cert_sign, crl_sign,
encipher_only, decipher_only):
@@ -465,6 +471,8 @@
class AuthorityInformationAccess(object):
+ oid = OID_AUTHORITY_INFORMATION_ACCESS
+
def __init__(self, descriptions):
if not all(isinstance(x, AccessDescription) for x in descriptions):
raise TypeError(
@@ -529,6 +537,8 @@
class CertificatePolicies(object):
+ oid = OID_CERTIFICATE_POLICIES
+
def __init__(self, policies):
if not all(isinstance(x, PolicyInformation) for x in policies):
raise TypeError(
@@ -666,6 +676,8 @@
class SubjectKeyIdentifier(object):
+ oid = OID_SUBJECT_KEY_IDENTIFIER
+
def __init__(self, digest):
self._digest = digest
@@ -687,6 +699,8 @@
class NameConstraints(object):
+ oid = OID_NAME_CONSTRAINTS
+
def __init__(self, permitted_subtrees, excluded_subtrees):
if permitted_subtrees is not None:
if not all(
@@ -751,6 +765,8 @@
class CRLDistributionPoints(object):
+ oid = OID_CRL_DISTRIBUTION_POINTS
+
def __init__(self, distribution_points):
if not all(
isinstance(x, DistributionPoint) for x in distribution_points
@@ -871,6 +887,8 @@
class InhibitAnyPolicy(object):
+ oid = OID_INHIBIT_ANY_POLICY
+
def __init__(self, skip_certs):
if not isinstance(skip_certs, six.integer_types):
raise TypeError("skip_certs must be an integer")
@@ -1161,6 +1179,8 @@
class SubjectAlternativeName(object):
+ oid = OID_SUBJECT_ALTERNATIVE_NAME
+
def __init__(self, general_names):
self._general_names = GeneralNames(general_names)
@@ -1187,6 +1207,8 @@
class IssuerAlternativeName(object):
+ oid = OID_ISSUER_ALTERNATIVE_NAME
+
def __init__(self, general_names):
self._general_names = GeneralNames(general_names)
@@ -1213,6 +1235,8 @@
class AuthorityKeyIdentifier(object):
+ oid = OID_AUTHORITY_KEY_IDENTIFIER
+
def __init__(self, key_identifier, authority_cert_issuer,
authority_cert_serial_number):
if authority_cert_issuer or authority_cert_serial_number: