Merge pull request #2244 from reaperhulk/x509-gn-split
split general names
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index 04a94a3..9cc7842 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -25,29 +25,55 @@
)
from cryptography.x509.name import Name, NameAttribute
from cryptography.x509.oid import (
- OID_ANY_POLICY, OID_AUTHORITY_INFORMATION_ACCESS,
- OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS, OID_CA_ISSUERS,
- OID_CERTIFICATE_ISSUER, OID_CERTIFICATE_POLICIES, OID_CLIENT_AUTH,
+ ExtensionOID, OID_ANY_POLICY,
+ OID_CA_ISSUERS, OID_CERTIFICATE_ISSUER, OID_CLIENT_AUTH,
OID_CODE_SIGNING, OID_COMMON_NAME, OID_COUNTRY_NAME, OID_CPS_QUALIFIER,
- OID_CPS_USER_NOTICE, OID_CRL_DISTRIBUTION_POINTS, OID_CRL_REASON,
- OID_DN_QUALIFIER, OID_DOMAIN_COMPONENT, OID_DSA_WITH_SHA1,
- OID_DSA_WITH_SHA224, OID_DSA_WITH_SHA256, OID_ECDSA_WITH_SHA1,
- OID_ECDSA_WITH_SHA224, OID_ECDSA_WITH_SHA256, OID_ECDSA_WITH_SHA384,
- OID_ECDSA_WITH_SHA512, OID_EMAIL_ADDRESS, OID_EMAIL_PROTECTION,
- OID_EXTENDED_KEY_USAGE, OID_FRESHEST_CRL, OID_GENERATION_QUALIFIER,
- OID_GIVEN_NAME, OID_INHIBIT_ANY_POLICY, OID_INVALIDITY_DATE,
- OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_LOCALITY_NAME,
- OID_NAME_CONSTRAINTS, OID_OCSP, OID_OCSP_NO_CHECK, OID_OCSP_SIGNING,
+ OID_CPS_USER_NOTICE, OID_CRL_REASON, OID_DN_QUALIFIER,
+ OID_DOMAIN_COMPONENT, OID_EMAIL_ADDRESS, OID_EMAIL_PROTECTION,
+ OID_GENERATION_QUALIFIER, OID_GIVEN_NAME, OID_INVALIDITY_DATE,
+ OID_LOCALITY_NAME, OID_OCSP, OID_OCSP_SIGNING,
OID_ORGANIZATIONAL_UNIT_NAME, OID_ORGANIZATION_NAME,
- OID_POLICY_CONSTRAINTS, OID_POLICY_MAPPINGS, OID_PSEUDONYM,
- OID_RSA_WITH_MD5, OID_RSA_WITH_SHA1, OID_RSA_WITH_SHA224,
- OID_RSA_WITH_SHA256, OID_RSA_WITH_SHA384, OID_RSA_WITH_SHA512,
- OID_SERIAL_NUMBER, OID_SERVER_AUTH, OID_STATE_OR_PROVINCE_NAME,
- OID_SUBJECT_ALTERNATIVE_NAME, OID_SUBJECT_DIRECTORY_ATTRIBUTES,
- OID_SUBJECT_INFORMATION_ACCESS, OID_SUBJECT_KEY_IDENTIFIER, OID_SURNAME,
- OID_TIME_STAMPING, OID_TITLE, _SIG_OIDS_TO_HASH
+ OID_PSEUDONYM, OID_SERIAL_NUMBER, OID_SERVER_AUTH,
+ OID_STATE_OR_PROVINCE_NAME, OID_SURNAME, OID_TIME_STAMPING, OID_TITLE,
+ SignatureAlgorithmOID, _SIG_OIDS_TO_HASH
)
+
+OID_AUTHORITY_INFORMATION_ACCESS = ExtensionOID.AUTHORITY_INFORMATION_ACCESS
+OID_AUTHORITY_KEY_IDENTIFIER = ExtensionOID.AUTHORITY_KEY_IDENTIFIER
+OID_BASIC_CONSTRAINTS = ExtensionOID.BASIC_CONSTRAINTS
+OID_CERTIFICATE_POLICIES = ExtensionOID.CERTIFICATE_POLICIES
+OID_CRL_DISTRIBUTION_POINTS = ExtensionOID.CRL_DISTRIBUTION_POINTS
+OID_EXTENDED_KEY_USAGE = ExtensionOID.EXTENDED_KEY_USAGE
+OID_FRESHEST_CRL = ExtensionOID.FRESHEST_CRL
+OID_INHIBIT_ANY_POLICY = ExtensionOID.INHIBIT_ANY_POLICY
+OID_ISSUER_ALTERNATIVE_NAME = ExtensionOID.ISSUER_ALTERNATIVE_NAME
+OID_KEY_USAGE = ExtensionOID.KEY_USAGE
+OID_NAME_CONSTRAINTS = ExtensionOID.NAME_CONSTRAINTS
+OID_OCSP_NO_CHECK = ExtensionOID.OCSP_NO_CHECK
+OID_POLICY_CONSTRAINTS = ExtensionOID.POLICY_CONSTRAINTS
+OID_POLICY_MAPPINGS = ExtensionOID.POLICY_MAPPINGS
+OID_SUBJECT_ALTERNATIVE_NAME = ExtensionOID.SUBJECT_ALTERNATIVE_NAME
+OID_SUBJECT_DIRECTORY_ATTRIBUTES = ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES
+OID_SUBJECT_INFORMATION_ACCESS = ExtensionOID.SUBJECT_INFORMATION_ACCESS
+OID_SUBJECT_KEY_IDENTIFIER = ExtensionOID.SUBJECT_KEY_IDENTIFIER
+
+OID_DSA_WITH_SHA1 = SignatureAlgorithmOID.DSA_WITH_SHA1
+OID_DSA_WITH_SHA224 = SignatureAlgorithmOID.DSA_WITH_SHA224
+OID_DSA_WITH_SHA256 = SignatureAlgorithmOID.DSA_WITH_SHA256
+OID_ECDSA_WITH_SHA1 = SignatureAlgorithmOID.ECDSA_WITH_SHA1
+OID_ECDSA_WITH_SHA224 = SignatureAlgorithmOID.ECDSA_WITH_SHA224
+OID_ECDSA_WITH_SHA256 = SignatureAlgorithmOID.ECDSA_WITH_SHA256
+OID_ECDSA_WITH_SHA384 = SignatureAlgorithmOID.ECDSA_WITH_SHA384
+OID_ECDSA_WITH_SHA512 = SignatureAlgorithmOID.ECDSA_WITH_SHA512
+OID_RSA_WITH_MD5 = SignatureAlgorithmOID.RSA_WITH_MD5
+OID_RSA_WITH_SHA1 = SignatureAlgorithmOID.RSA_WITH_SHA1
+OID_RSA_WITH_SHA224 = SignatureAlgorithmOID.RSA_WITH_SHA224
+OID_RSA_WITH_SHA256 = SignatureAlgorithmOID.RSA_WITH_SHA256
+OID_RSA_WITH_SHA384 = SignatureAlgorithmOID.RSA_WITH_SHA384
+OID_RSA_WITH_SHA512 = SignatureAlgorithmOID.RSA_WITH_SHA512
+
+
__all__ = [
"load_pem_x509_certificate",
"load_der_x509_certificate",
@@ -99,27 +125,9 @@
"CertificateSigningRequestBuilder",
"CertificateBuilder",
"Version",
- "OID_SUBJECT_DIRECTORY_ATTRIBUTES",
- "OID_SUBJECT_KEY_IDENTIFIER",
- "OID_KEY_USAGE",
- "OID_SUBJECT_ALTERNATIVE_NAME",
- "OID_ISSUER_ALTERNATIVE_NAME",
- "OID_BASIC_CONSTRAINTS",
"OID_CRL_REASON",
"OID_INVALIDITY_DATE",
"OID_CERTIFICATE_ISSUER",
- "OID_NAME_CONSTRAINTS",
- "OID_CRL_DISTRIBUTION_POINTS",
- "OID_CERTIFICATE_POLICIES",
- "OID_POLICY_MAPPINGS",
- "OID_AUTHORITY_KEY_IDENTIFIER",
- "OID_POLICY_CONSTRAINTS",
- "OID_EXTENDED_KEY_USAGE",
- "OID_FRESHEST_CRL",
- "OID_INHIBIT_ANY_POLICY",
- "OID_AUTHORITY_INFORMATION_ACCESS",
- "OID_SUBJECT_INFORMATION_ACCESS",
- "OID_OCSP_NO_CHECK",
"OID_COMMON_NAME",
"OID_COUNTRY_NAME",
"OID_LOCALITY_NAME",
@@ -135,20 +143,6 @@
"OID_PSEUDONYM",
"OID_DOMAIN_COMPONENT",
"OID_EMAIL_ADDRESS",
- "OID_RSA_WITH_MD5",
- "OID_RSA_WITH_SHA1",
- "OID_RSA_WITH_SHA224",
- "OID_RSA_WITH_SHA256",
- "OID_RSA_WITH_SHA384",
- "OID_RSA_WITH_SHA512",
- "OID_ECDSA_WITH_SHA1",
- "OID_ECDSA_WITH_SHA224",
- "OID_ECDSA_WITH_SHA256",
- "OID_ECDSA_WITH_SHA384",
- "OID_ECDSA_WITH_SHA512",
- "OID_DSA_WITH_SHA1",
- "OID_DSA_WITH_SHA224",
- "OID_DSA_WITH_SHA256",
"_SIG_OIDS_TO_HASH",
"OID_CPS_QUALIFIER",
"OID_CPS_USER_NOTICE",
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index a6a8be7..8eabee8 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -21,13 +21,7 @@
from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
from cryptography.x509.name import Name
from cryptography.x509.oid import (
- OID_AUTHORITY_INFORMATION_ACCESS,
- OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS,
- OID_CA_ISSUERS, OID_CERTIFICATE_POLICIES, OID_CRL_DISTRIBUTION_POINTS,
- OID_EXTENDED_KEY_USAGE, OID_INHIBIT_ANY_POLICY,
- OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_NAME_CONSTRAINTS,
- OID_OCSP, OID_OCSP_NO_CHECK, OID_SUBJECT_ALTERNATIVE_NAME,
- OID_SUBJECT_KEY_IDENTIFIER, ObjectIdentifier
+ ExtensionOID, OID_CA_ISSUERS, OID_OCSP, ObjectIdentifier
)
@@ -172,7 +166,7 @@
@utils.register_interface(ExtensionType)
class ExtendedKeyUsage(object):
- oid = OID_EXTENDED_KEY_USAGE
+ oid = ExtensionOID.EXTENDED_KEY_USAGE
def __init__(self, usages):
if not all(isinstance(x, ObjectIdentifier) for x in usages):
@@ -203,12 +197,12 @@
@utils.register_interface(ExtensionType)
class OCSPNoCheck(object):
- oid = OID_OCSP_NO_CHECK
+ oid = ExtensionOID.OCSP_NO_CHECK
@utils.register_interface(ExtensionType)
class BasicConstraints(object):
- oid = OID_BASIC_CONSTRAINTS
+ oid = ExtensionOID.BASIC_CONSTRAINTS
def __init__(self, ca, path_length):
if not isinstance(ca, bool):
@@ -247,7 +241,7 @@
@utils.register_interface(ExtensionType)
class KeyUsage(object):
- oid = OID_KEY_USAGE
+ oid = ExtensionOID.KEY_USAGE
def __init__(self, digital_signature, content_commitment, key_encipherment,
data_encipherment, key_agreement, key_cert_sign, crl_sign,
@@ -333,7 +327,7 @@
@utils.register_interface(ExtensionType)
class AuthorityInformationAccess(object):
- oid = OID_AUTHORITY_INFORMATION_ACCESS
+ oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS
def __init__(self, descriptions):
if not all(isinstance(x, AccessDescription) for x in descriptions):
@@ -400,7 +394,7 @@
@utils.register_interface(ExtensionType)
class CertificatePolicies(object):
- oid = OID_CERTIFICATE_POLICIES
+ oid = ExtensionOID.CERTIFICATE_POLICIES
def __init__(self, policies):
if not all(isinstance(x, PolicyInformation) for x in policies):
@@ -540,7 +534,7 @@
@utils.register_interface(ExtensionType)
class SubjectKeyIdentifier(object):
- oid = OID_SUBJECT_KEY_IDENTIFIER
+ oid = ExtensionOID.SUBJECT_KEY_IDENTIFIER
def __init__(self, digest):
self._digest = digest
@@ -568,7 +562,7 @@
@utils.register_interface(ExtensionType)
class NameConstraints(object):
- oid = OID_NAME_CONSTRAINTS
+ oid = ExtensionOID.NAME_CONSTRAINTS
def __init__(self, permitted_subtrees, excluded_subtrees):
if permitted_subtrees is not None:
@@ -635,7 +629,7 @@
@utils.register_interface(ExtensionType)
class CRLDistributionPoints(object):
- oid = OID_CRL_DISTRIBUTION_POINTS
+ oid = ExtensionOID.CRL_DISTRIBUTION_POINTS
def __init__(self, distribution_points):
if not all(
@@ -759,7 +753,7 @@
@utils.register_interface(ExtensionType)
class InhibitAnyPolicy(object):
- oid = OID_INHIBIT_ANY_POLICY
+ oid = ExtensionOID.INHIBIT_ANY_POLICY
def __init__(self, skip_certs):
if not isinstance(skip_certs, six.integer_types):
@@ -825,7 +819,7 @@
@utils.register_interface(ExtensionType)
class SubjectAlternativeName(object):
- oid = OID_SUBJECT_ALTERNATIVE_NAME
+ oid = ExtensionOID.SUBJECT_ALTERNATIVE_NAME
def __init__(self, general_names):
self._general_names = GeneralNames(general_names)
@@ -854,7 +848,7 @@
@utils.register_interface(ExtensionType)
class IssuerAlternativeName(object):
- oid = OID_ISSUER_ALTERNATIVE_NAME
+ oid = ExtensionOID.ISSUER_ALTERNATIVE_NAME
def __init__(self, general_names):
self._general_names = GeneralNames(general_names)
@@ -883,7 +877,7 @@
@utils.register_interface(ExtensionType)
class AuthorityKeyIdentifier(object):
- oid = OID_AUTHORITY_KEY_IDENTIFIER
+ oid = ExtensionOID.AUTHORITY_KEY_IDENTIFIER
def __init__(self, key_identifier, authority_cert_issuer,
authority_cert_serial_number):
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index a3cc065..87601f8 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -33,27 +33,30 @@
dotted_string = utils.read_only_property("_dotted_string")
-OID_SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
-OID_SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
-OID_KEY_USAGE = ObjectIdentifier("2.5.29.15")
-OID_SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
-OID_ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
-OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
+class ExtensionOID(object):
+ SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
+ SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
+ KEY_USAGE = ObjectIdentifier("2.5.29.15")
+ SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
+ ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
+ BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
+ NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
+ CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
+ CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
+ POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
+ AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
+ POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
+ EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
+ FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
+ INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
+ AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
+ SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
+ OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
+
+
OID_CRL_REASON = ObjectIdentifier("2.5.29.21")
OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
-OID_NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
-OID_CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
-OID_CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
-OID_POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
-OID_AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
-OID_POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
-OID_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
-OID_FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
-OID_INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
-OID_AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
-OID_SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
-OID_OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
OID_COMMON_NAME = ObjectIdentifier("2.5.4.3")
OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
@@ -71,36 +74,38 @@
OID_DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
OID_EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
-OID_RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
-OID_RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
-OID_RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
-OID_RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
-OID_RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
-OID_RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
-OID_ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
-OID_ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
-OID_ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
-OID_ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
-OID_ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
-OID_DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
-OID_DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
-OID_DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
+
+class SignatureAlgorithmOID(object):
+ RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
+ RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
+ RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
+ RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
+ RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
+ RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
+ ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
+ ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
+ ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
+ ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
+ ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
+ DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
+ DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
+ DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
_SIG_OIDS_TO_HASH = {
- OID_RSA_WITH_MD5.dotted_string: hashes.MD5(),
- OID_RSA_WITH_SHA1.dotted_string: hashes.SHA1(),
- OID_RSA_WITH_SHA224.dotted_string: hashes.SHA224(),
- OID_RSA_WITH_SHA256.dotted_string: hashes.SHA256(),
- OID_RSA_WITH_SHA384.dotted_string: hashes.SHA384(),
- OID_RSA_WITH_SHA512.dotted_string: hashes.SHA512(),
- OID_ECDSA_WITH_SHA1.dotted_string: hashes.SHA1(),
- OID_ECDSA_WITH_SHA224.dotted_string: hashes.SHA224(),
- OID_ECDSA_WITH_SHA256.dotted_string: hashes.SHA256(),
- OID_ECDSA_WITH_SHA384.dotted_string: hashes.SHA384(),
- OID_ECDSA_WITH_SHA512.dotted_string: hashes.SHA512(),
- OID_DSA_WITH_SHA1.dotted_string: hashes.SHA1(),
- OID_DSA_WITH_SHA224.dotted_string: hashes.SHA224(),
- OID_DSA_WITH_SHA256.dotted_string: hashes.SHA256()
+ SignatureAlgorithmOID.RSA_WITH_MD5.dotted_string: hashes.MD5(),
+ SignatureAlgorithmOID.RSA_WITH_SHA1.dotted_string: hashes.SHA1(),
+ SignatureAlgorithmOID.RSA_WITH_SHA224.dotted_string: hashes.SHA224(),
+ SignatureAlgorithmOID.RSA_WITH_SHA256.dotted_string: hashes.SHA256(),
+ SignatureAlgorithmOID.RSA_WITH_SHA384.dotted_string: hashes.SHA384(),
+ SignatureAlgorithmOID.RSA_WITH_SHA512.dotted_string: hashes.SHA512(),
+ SignatureAlgorithmOID.ECDSA_WITH_SHA1.dotted_string: hashes.SHA1(),
+ SignatureAlgorithmOID.ECDSA_WITH_SHA224.dotted_string: hashes.SHA224(),
+ SignatureAlgorithmOID.ECDSA_WITH_SHA256.dotted_string: hashes.SHA256(),
+ SignatureAlgorithmOID.ECDSA_WITH_SHA384.dotted_string: hashes.SHA384(),
+ SignatureAlgorithmOID.ECDSA_WITH_SHA512.dotted_string: hashes.SHA512(),
+ SignatureAlgorithmOID.DSA_WITH_SHA1.dotted_string: hashes.SHA1(),
+ SignatureAlgorithmOID.DSA_WITH_SHA224.dotted_string: hashes.SHA224(),
+ SignatureAlgorithmOID.DSA_WITH_SHA256.dotted_string: hashes.SHA256()
}
OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
@@ -133,47 +138,47 @@
OID_PSEUDONYM: "pseudonym",
OID_DOMAIN_COMPONENT: "domainComponent",
OID_EMAIL_ADDRESS: "emailAddress",
- OID_RSA_WITH_MD5: "md5WithRSAEncryption",
- OID_RSA_WITH_SHA1: "sha1WithRSAEncryption",
- OID_RSA_WITH_SHA224: "sha224WithRSAEncryption",
- OID_RSA_WITH_SHA256: "sha256WithRSAEncryption",
- OID_RSA_WITH_SHA384: "sha384WithRSAEncryption",
- OID_RSA_WITH_SHA512: "sha512WithRSAEncryption",
- OID_ECDSA_WITH_SHA1: "ecdsa-with-SHA1",
- OID_ECDSA_WITH_SHA224: "ecdsa-with-SHA224",
- OID_ECDSA_WITH_SHA256: "ecdsa-with-SHA256",
- OID_ECDSA_WITH_SHA384: "ecdsa-with-SHA384",
- OID_ECDSA_WITH_SHA512: "ecdsa-with-SHA512",
- OID_DSA_WITH_SHA1: "dsa-with-sha1",
- OID_DSA_WITH_SHA224: "dsa-with-sha224",
- OID_DSA_WITH_SHA256: "dsa-with-sha256",
+ SignatureAlgorithmOID.RSA_WITH_MD5: "md5WithRSAEncryption",
+ SignatureAlgorithmOID.RSA_WITH_SHA1: "sha1WithRSAEncryption",
+ SignatureAlgorithmOID.RSA_WITH_SHA224: "sha224WithRSAEncryption",
+ SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption",
+ SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption",
+ SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption",
+ SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1",
+ SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224",
+ SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256",
+ SignatureAlgorithmOID.ECDSA_WITH_SHA384: "ecdsa-with-SHA384",
+ SignatureAlgorithmOID.ECDSA_WITH_SHA512: "ecdsa-with-SHA512",
+ SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
+ SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
+ SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
OID_SERVER_AUTH: "serverAuth",
OID_CLIENT_AUTH: "clientAuth",
OID_CODE_SIGNING: "codeSigning",
OID_EMAIL_PROTECTION: "emailProtection",
OID_TIME_STAMPING: "timeStamping",
OID_OCSP_SIGNING: "OCSPSigning",
- OID_SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
- OID_SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
- OID_KEY_USAGE: "keyUsage",
- OID_SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
- OID_ISSUER_ALTERNATIVE_NAME: "issuerAltName",
- OID_BASIC_CONSTRAINTS: "basicConstraints",
+ ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
+ ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
+ ExtensionOID.KEY_USAGE: "keyUsage",
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
+ ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
+ ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
OID_CRL_REASON: "cRLReason",
OID_INVALIDITY_DATE: "invalidityDate",
OID_CERTIFICATE_ISSUER: "certificateIssuer",
- OID_NAME_CONSTRAINTS: "nameConstraints",
- OID_CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
- OID_CERTIFICATE_POLICIES: "certificatePolicies",
- OID_POLICY_MAPPINGS: "policyMappings",
- OID_AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier",
- OID_POLICY_CONSTRAINTS: "policyConstraints",
- OID_EXTENDED_KEY_USAGE: "extendedKeyUsage",
- OID_FRESHEST_CRL: "freshestCRL",
- OID_INHIBIT_ANY_POLICY: "inhibitAnyPolicy",
- OID_AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
- OID_SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
- OID_OCSP_NO_CHECK: "OCSPNoCheck",
+ ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
+ ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
+ ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
+ ExtensionOID.POLICY_MAPPINGS: "policyMappings",
+ ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier",
+ ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints",
+ ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage",
+ ExtensionOID.FRESHEST_CRL: "freshestCRL",
+ ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy",
+ ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
+ ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
+ ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
OID_OCSP: "OCSP",
OID_CA_ISSUERS: "caIssuers",
OID_CPS_QUALIFIER: "id-qt-cps",