diff options
| -rw-r--r-- | src/cryptography/x509/__init__.py | 96 | ||||
| -rw-r--r-- | src/cryptography/x509/base.py | 34 | ||||
| -rw-r--r-- | src/cryptography/x509/oid.py | 161 |
3 files changed, 142 insertions, 149 deletions
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 04a94a37..9cc78424 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -25,29 +25,55 @@ from cryptography.x509.general_name import ( ) from cryptography.x509.name import Name, NameAttribute from cryptography.x509.oid import ( - OID_ANY_POLICY, OID_AUTHORITY_INFORMATION_ACCESS, - OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS, OID_CA_ISSUERS, - OID_CERTIFICATE_ISSUER, OID_CERTIFICATE_POLICIES, OID_CLIENT_AUTH, + ExtensionOID, OID_ANY_POLICY, + OID_CA_ISSUERS, OID_CERTIFICATE_ISSUER, OID_CLIENT_AUTH, OID_CODE_SIGNING, OID_COMMON_NAME, OID_COUNTRY_NAME, OID_CPS_QUALIFIER, - OID_CPS_USER_NOTICE, OID_CRL_DISTRIBUTION_POINTS, OID_CRL_REASON, - OID_DN_QUALIFIER, OID_DOMAIN_COMPONENT, OID_DSA_WITH_SHA1, - OID_DSA_WITH_SHA224, OID_DSA_WITH_SHA256, OID_ECDSA_WITH_SHA1, - OID_ECDSA_WITH_SHA224, OID_ECDSA_WITH_SHA256, OID_ECDSA_WITH_SHA384, - OID_ECDSA_WITH_SHA512, OID_EMAIL_ADDRESS, OID_EMAIL_PROTECTION, - OID_EXTENDED_KEY_USAGE, OID_FRESHEST_CRL, OID_GENERATION_QUALIFIER, - OID_GIVEN_NAME, OID_INHIBIT_ANY_POLICY, OID_INVALIDITY_DATE, - OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_LOCALITY_NAME, - OID_NAME_CONSTRAINTS, OID_OCSP, OID_OCSP_NO_CHECK, OID_OCSP_SIGNING, + OID_CPS_USER_NOTICE, OID_CRL_REASON, OID_DN_QUALIFIER, + OID_DOMAIN_COMPONENT, OID_EMAIL_ADDRESS, OID_EMAIL_PROTECTION, + OID_GENERATION_QUALIFIER, OID_GIVEN_NAME, OID_INVALIDITY_DATE, + OID_LOCALITY_NAME, OID_OCSP, OID_OCSP_SIGNING, OID_ORGANIZATIONAL_UNIT_NAME, OID_ORGANIZATION_NAME, - OID_POLICY_CONSTRAINTS, OID_POLICY_MAPPINGS, OID_PSEUDONYM, - OID_RSA_WITH_MD5, OID_RSA_WITH_SHA1, OID_RSA_WITH_SHA224, - OID_RSA_WITH_SHA256, OID_RSA_WITH_SHA384, OID_RSA_WITH_SHA512, - OID_SERIAL_NUMBER, OID_SERVER_AUTH, OID_STATE_OR_PROVINCE_NAME, - OID_SUBJECT_ALTERNATIVE_NAME, OID_SUBJECT_DIRECTORY_ATTRIBUTES, - OID_SUBJECT_INFORMATION_ACCESS, OID_SUBJECT_KEY_IDENTIFIER, OID_SURNAME, - OID_TIME_STAMPING, OID_TITLE, _SIG_OIDS_TO_HASH + OID_PSEUDONYM, OID_SERIAL_NUMBER, OID_SERVER_AUTH, + OID_STATE_OR_PROVINCE_NAME, OID_SURNAME, OID_TIME_STAMPING, OID_TITLE, + SignatureAlgorithmOID, _SIG_OIDS_TO_HASH ) + +OID_AUTHORITY_INFORMATION_ACCESS = ExtensionOID.AUTHORITY_INFORMATION_ACCESS +OID_AUTHORITY_KEY_IDENTIFIER = ExtensionOID.AUTHORITY_KEY_IDENTIFIER +OID_BASIC_CONSTRAINTS = ExtensionOID.BASIC_CONSTRAINTS +OID_CERTIFICATE_POLICIES = ExtensionOID.CERTIFICATE_POLICIES +OID_CRL_DISTRIBUTION_POINTS = ExtensionOID.CRL_DISTRIBUTION_POINTS +OID_EXTENDED_KEY_USAGE = ExtensionOID.EXTENDED_KEY_USAGE +OID_FRESHEST_CRL = ExtensionOID.FRESHEST_CRL +OID_INHIBIT_ANY_POLICY = ExtensionOID.INHIBIT_ANY_POLICY +OID_ISSUER_ALTERNATIVE_NAME = ExtensionOID.ISSUER_ALTERNATIVE_NAME +OID_KEY_USAGE = ExtensionOID.KEY_USAGE +OID_NAME_CONSTRAINTS = ExtensionOID.NAME_CONSTRAINTS +OID_OCSP_NO_CHECK = ExtensionOID.OCSP_NO_CHECK +OID_POLICY_CONSTRAINTS = ExtensionOID.POLICY_CONSTRAINTS +OID_POLICY_MAPPINGS = ExtensionOID.POLICY_MAPPINGS +OID_SUBJECT_ALTERNATIVE_NAME = ExtensionOID.SUBJECT_ALTERNATIVE_NAME +OID_SUBJECT_DIRECTORY_ATTRIBUTES = ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES +OID_SUBJECT_INFORMATION_ACCESS = ExtensionOID.SUBJECT_INFORMATION_ACCESS +OID_SUBJECT_KEY_IDENTIFIER = ExtensionOID.SUBJECT_KEY_IDENTIFIER + +OID_DSA_WITH_SHA1 = SignatureAlgorithmOID.DSA_WITH_SHA1 +OID_DSA_WITH_SHA224 = SignatureAlgorithmOID.DSA_WITH_SHA224 +OID_DSA_WITH_SHA256 = SignatureAlgorithmOID.DSA_WITH_SHA256 +OID_ECDSA_WITH_SHA1 = SignatureAlgorithmOID.ECDSA_WITH_SHA1 +OID_ECDSA_WITH_SHA224 = SignatureAlgorithmOID.ECDSA_WITH_SHA224 +OID_ECDSA_WITH_SHA256 = SignatureAlgorithmOID.ECDSA_WITH_SHA256 +OID_ECDSA_WITH_SHA384 = SignatureAlgorithmOID.ECDSA_WITH_SHA384 +OID_ECDSA_WITH_SHA512 = SignatureAlgorithmOID.ECDSA_WITH_SHA512 +OID_RSA_WITH_MD5 = SignatureAlgorithmOID.RSA_WITH_MD5 +OID_RSA_WITH_SHA1 = SignatureAlgorithmOID.RSA_WITH_SHA1 +OID_RSA_WITH_SHA224 = SignatureAlgorithmOID.RSA_WITH_SHA224 +OID_RSA_WITH_SHA256 = SignatureAlgorithmOID.RSA_WITH_SHA256 +OID_RSA_WITH_SHA384 = SignatureAlgorithmOID.RSA_WITH_SHA384 +OID_RSA_WITH_SHA512 = SignatureAlgorithmOID.RSA_WITH_SHA512 + + __all__ = [ "load_pem_x509_certificate", "load_der_x509_certificate", @@ -99,27 +125,9 @@ __all__ = [ "CertificateSigningRequestBuilder", "CertificateBuilder", "Version", - "OID_SUBJECT_DIRECTORY_ATTRIBUTES", - "OID_SUBJECT_KEY_IDENTIFIER", - "OID_KEY_USAGE", - "OID_SUBJECT_ALTERNATIVE_NAME", - "OID_ISSUER_ALTERNATIVE_NAME", - "OID_BASIC_CONSTRAINTS", "OID_CRL_REASON", "OID_INVALIDITY_DATE", "OID_CERTIFICATE_ISSUER", - "OID_NAME_CONSTRAINTS", - "OID_CRL_DISTRIBUTION_POINTS", - "OID_CERTIFICATE_POLICIES", - "OID_POLICY_MAPPINGS", - "OID_AUTHORITY_KEY_IDENTIFIER", - "OID_POLICY_CONSTRAINTS", - "OID_EXTENDED_KEY_USAGE", - "OID_FRESHEST_CRL", - "OID_INHIBIT_ANY_POLICY", - "OID_AUTHORITY_INFORMATION_ACCESS", - "OID_SUBJECT_INFORMATION_ACCESS", - "OID_OCSP_NO_CHECK", "OID_COMMON_NAME", "OID_COUNTRY_NAME", "OID_LOCALITY_NAME", @@ -135,20 +143,6 @@ __all__ = [ "OID_PSEUDONYM", "OID_DOMAIN_COMPONENT", "OID_EMAIL_ADDRESS", - "OID_RSA_WITH_MD5", - "OID_RSA_WITH_SHA1", - "OID_RSA_WITH_SHA224", - "OID_RSA_WITH_SHA256", - "OID_RSA_WITH_SHA384", - "OID_RSA_WITH_SHA512", - "OID_ECDSA_WITH_SHA1", - "OID_ECDSA_WITH_SHA224", - "OID_ECDSA_WITH_SHA256", - "OID_ECDSA_WITH_SHA384", - "OID_ECDSA_WITH_SHA512", - "OID_DSA_WITH_SHA1", - "OID_DSA_WITH_SHA224", - "OID_DSA_WITH_SHA256", "_SIG_OIDS_TO_HASH", "OID_CPS_QUALIFIER", "OID_CPS_USER_NOTICE", diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index a6a8be7c..8eabee88 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -21,13 +21,7 @@ from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name from cryptography.x509.oid import ( - OID_AUTHORITY_INFORMATION_ACCESS, - OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS, - OID_CA_ISSUERS, OID_CERTIFICATE_POLICIES, OID_CRL_DISTRIBUTION_POINTS, - OID_EXTENDED_KEY_USAGE, OID_INHIBIT_ANY_POLICY, - OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_NAME_CONSTRAINTS, - OID_OCSP, OID_OCSP_NO_CHECK, OID_SUBJECT_ALTERNATIVE_NAME, - OID_SUBJECT_KEY_IDENTIFIER, ObjectIdentifier + ExtensionOID, OID_CA_ISSUERS, OID_OCSP, ObjectIdentifier ) @@ -172,7 +166,7 @@ class ExtensionType(object): @utils.register_interface(ExtensionType) class ExtendedKeyUsage(object): - oid = OID_EXTENDED_KEY_USAGE + oid = ExtensionOID.EXTENDED_KEY_USAGE def __init__(self, usages): if not all(isinstance(x, ObjectIdentifier) for x in usages): @@ -203,12 +197,12 @@ class ExtendedKeyUsage(object): @utils.register_interface(ExtensionType) class OCSPNoCheck(object): - oid = OID_OCSP_NO_CHECK + oid = ExtensionOID.OCSP_NO_CHECK @utils.register_interface(ExtensionType) class BasicConstraints(object): - oid = OID_BASIC_CONSTRAINTS + oid = ExtensionOID.BASIC_CONSTRAINTS def __init__(self, ca, path_length): if not isinstance(ca, bool): @@ -247,7 +241,7 @@ class BasicConstraints(object): @utils.register_interface(ExtensionType) class KeyUsage(object): - oid = OID_KEY_USAGE + oid = ExtensionOID.KEY_USAGE def __init__(self, digital_signature, content_commitment, key_encipherment, data_encipherment, key_agreement, key_cert_sign, crl_sign, @@ -333,7 +327,7 @@ class KeyUsage(object): @utils.register_interface(ExtensionType) class AuthorityInformationAccess(object): - oid = OID_AUTHORITY_INFORMATION_ACCESS + oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS def __init__(self, descriptions): if not all(isinstance(x, AccessDescription) for x in descriptions): @@ -400,7 +394,7 @@ class AccessDescription(object): @utils.register_interface(ExtensionType) class CertificatePolicies(object): - oid = OID_CERTIFICATE_POLICIES + oid = ExtensionOID.CERTIFICATE_POLICIES def __init__(self, policies): if not all(isinstance(x, PolicyInformation) for x in policies): @@ -540,7 +534,7 @@ class NoticeReference(object): @utils.register_interface(ExtensionType) class SubjectKeyIdentifier(object): - oid = OID_SUBJECT_KEY_IDENTIFIER + oid = ExtensionOID.SUBJECT_KEY_IDENTIFIER def __init__(self, digest): self._digest = digest @@ -568,7 +562,7 @@ class SubjectKeyIdentifier(object): @utils.register_interface(ExtensionType) class NameConstraints(object): - oid = OID_NAME_CONSTRAINTS + oid = ExtensionOID.NAME_CONSTRAINTS def __init__(self, permitted_subtrees, excluded_subtrees): if permitted_subtrees is not None: @@ -635,7 +629,7 @@ class NameConstraints(object): @utils.register_interface(ExtensionType) class CRLDistributionPoints(object): - oid = OID_CRL_DISTRIBUTION_POINTS + oid = ExtensionOID.CRL_DISTRIBUTION_POINTS def __init__(self, distribution_points): if not all( @@ -759,7 +753,7 @@ class ReasonFlags(Enum): @utils.register_interface(ExtensionType) class InhibitAnyPolicy(object): - oid = OID_INHIBIT_ANY_POLICY + oid = ExtensionOID.INHIBIT_ANY_POLICY def __init__(self, skip_certs): if not isinstance(skip_certs, six.integer_types): @@ -825,7 +819,7 @@ class GeneralNames(object): @utils.register_interface(ExtensionType) class SubjectAlternativeName(object): - oid = OID_SUBJECT_ALTERNATIVE_NAME + oid = ExtensionOID.SUBJECT_ALTERNATIVE_NAME def __init__(self, general_names): self._general_names = GeneralNames(general_names) @@ -854,7 +848,7 @@ class SubjectAlternativeName(object): @utils.register_interface(ExtensionType) class IssuerAlternativeName(object): - oid = OID_ISSUER_ALTERNATIVE_NAME + oid = ExtensionOID.ISSUER_ALTERNATIVE_NAME def __init__(self, general_names): self._general_names = GeneralNames(general_names) @@ -883,7 +877,7 @@ class IssuerAlternativeName(object): @utils.register_interface(ExtensionType) class AuthorityKeyIdentifier(object): - oid = OID_AUTHORITY_KEY_IDENTIFIER + oid = ExtensionOID.AUTHORITY_KEY_IDENTIFIER def __init__(self, key_identifier, authority_cert_issuer, authority_cert_serial_number): diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py index a3cc065e..87601f85 100644 --- a/src/cryptography/x509/oid.py +++ b/src/cryptography/x509/oid.py @@ -33,27 +33,30 @@ class ObjectIdentifier(object): dotted_string = utils.read_only_property("_dotted_string") -OID_SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9") -OID_SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14") -OID_KEY_USAGE = ObjectIdentifier("2.5.29.15") -OID_SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17") -OID_ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18") -OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19") +class ExtensionOID(object): + SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9") + SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14") + KEY_USAGE = ObjectIdentifier("2.5.29.15") + SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17") + ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18") + BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19") + NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30") + CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31") + CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32") + POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33") + AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35") + POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36") + EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37") + FRESHEST_CRL = ObjectIdentifier("2.5.29.46") + INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54") + AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1") + SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11") + OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5") + + OID_CRL_REASON = ObjectIdentifier("2.5.29.21") OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24") OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29") -OID_NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30") -OID_CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31") -OID_CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32") -OID_POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33") -OID_AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35") -OID_POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36") -OID_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37") -OID_FRESHEST_CRL = ObjectIdentifier("2.5.29.46") -OID_INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54") -OID_AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1") -OID_SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11") -OID_OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5") OID_COMMON_NAME = ObjectIdentifier("2.5.4.3") OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6") @@ -71,36 +74,38 @@ OID_PSEUDONYM = ObjectIdentifier("2.5.4.65") OID_DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25") OID_EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1") -OID_RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4") -OID_RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5") -OID_RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14") -OID_RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11") -OID_RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12") -OID_RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13") -OID_ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1") -OID_ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1") -OID_ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2") -OID_ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3") -OID_ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4") -OID_DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3") -OID_DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1") -OID_DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2") + +class SignatureAlgorithmOID(object): + RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4") + RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5") + RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14") + RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11") + RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12") + RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13") + ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1") + ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1") + ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2") + ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3") + ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4") + DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3") + DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1") + DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2") _SIG_OIDS_TO_HASH = { - OID_RSA_WITH_MD5.dotted_string: hashes.MD5(), - OID_RSA_WITH_SHA1.dotted_string: hashes.SHA1(), - OID_RSA_WITH_SHA224.dotted_string: hashes.SHA224(), - OID_RSA_WITH_SHA256.dotted_string: hashes.SHA256(), - OID_RSA_WITH_SHA384.dotted_string: hashes.SHA384(), - OID_RSA_WITH_SHA512.dotted_string: hashes.SHA512(), - OID_ECDSA_WITH_SHA1.dotted_string: hashes.SHA1(), - OID_ECDSA_WITH_SHA224.dotted_string: hashes.SHA224(), - OID_ECDSA_WITH_SHA256.dotted_string: hashes.SHA256(), - OID_ECDSA_WITH_SHA384.dotted_string: hashes.SHA384(), - OID_ECDSA_WITH_SHA512.dotted_string: hashes.SHA512(), - OID_DSA_WITH_SHA1.dotted_string: hashes.SHA1(), - OID_DSA_WITH_SHA224.dotted_string: hashes.SHA224(), - OID_DSA_WITH_SHA256.dotted_string: hashes.SHA256() + SignatureAlgorithmOID.RSA_WITH_MD5.dotted_string: hashes.MD5(), + SignatureAlgorithmOID.RSA_WITH_SHA1.dotted_string: hashes.SHA1(), + SignatureAlgorithmOID.RSA_WITH_SHA224.dotted_string: hashes.SHA224(), + SignatureAlgorithmOID.RSA_WITH_SHA256.dotted_string: hashes.SHA256(), + SignatureAlgorithmOID.RSA_WITH_SHA384.dotted_string: hashes.SHA384(), + SignatureAlgorithmOID.RSA_WITH_SHA512.dotted_string: hashes.SHA512(), + SignatureAlgorithmOID.ECDSA_WITH_SHA1.dotted_string: hashes.SHA1(), + SignatureAlgorithmOID.ECDSA_WITH_SHA224.dotted_string: hashes.SHA224(), + SignatureAlgorithmOID.ECDSA_WITH_SHA256.dotted_string: hashes.SHA256(), + SignatureAlgorithmOID.ECDSA_WITH_SHA384.dotted_string: hashes.SHA384(), + SignatureAlgorithmOID.ECDSA_WITH_SHA512.dotted_string: hashes.SHA512(), + SignatureAlgorithmOID.DSA_WITH_SHA1.dotted_string: hashes.SHA1(), + SignatureAlgorithmOID.DSA_WITH_SHA224.dotted_string: hashes.SHA224(), + SignatureAlgorithmOID.DSA_WITH_SHA256.dotted_string: hashes.SHA256() } OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1") @@ -133,47 +138,47 @@ _OID_NAMES = { OID_PSEUDONYM: "pseudonym", OID_DOMAIN_COMPONENT: "domainComponent", OID_EMAIL_ADDRESS: "emailAddress", - OID_RSA_WITH_MD5: "md5WithRSAEncryption", - OID_RSA_WITH_SHA1: "sha1WithRSAEncryption", - OID_RSA_WITH_SHA224: "sha224WithRSAEncryption", - OID_RSA_WITH_SHA256: "sha256WithRSAEncryption", - OID_RSA_WITH_SHA384: "sha384WithRSAEncryption", - OID_RSA_WITH_SHA512: "sha512WithRSAEncryption", - OID_ECDSA_WITH_SHA1: "ecdsa-with-SHA1", - OID_ECDSA_WITH_SHA224: "ecdsa-with-SHA224", - OID_ECDSA_WITH_SHA256: "ecdsa-with-SHA256", - OID_ECDSA_WITH_SHA384: "ecdsa-with-SHA384", - OID_ECDSA_WITH_SHA512: "ecdsa-with-SHA512", - OID_DSA_WITH_SHA1: "dsa-with-sha1", - OID_DSA_WITH_SHA224: "dsa-with-sha224", - OID_DSA_WITH_SHA256: "dsa-with-sha256", + SignatureAlgorithmOID.RSA_WITH_MD5: "md5WithRSAEncryption", + SignatureAlgorithmOID.RSA_WITH_SHA1: "sha1WithRSAEncryption", + SignatureAlgorithmOID.RSA_WITH_SHA224: "sha224WithRSAEncryption", + SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption", + SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption", + SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption", + SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1", + SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224", + SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256", + SignatureAlgorithmOID.ECDSA_WITH_SHA384: "ecdsa-with-SHA384", + SignatureAlgorithmOID.ECDSA_WITH_SHA512: "ecdsa-with-SHA512", + SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1", + SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224", + SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256", OID_SERVER_AUTH: "serverAuth", OID_CLIENT_AUTH: "clientAuth", OID_CODE_SIGNING: "codeSigning", OID_EMAIL_PROTECTION: "emailProtection", OID_TIME_STAMPING: "timeStamping", OID_OCSP_SIGNING: "OCSPSigning", - OID_SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes", - OID_SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier", - OID_KEY_USAGE: "keyUsage", - OID_SUBJECT_ALTERNATIVE_NAME: "subjectAltName", - OID_ISSUER_ALTERNATIVE_NAME: "issuerAltName", - OID_BASIC_CONSTRAINTS: "basicConstraints", + ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes", + ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier", + ExtensionOID.KEY_USAGE: "keyUsage", + ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName", + ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName", + ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints", OID_CRL_REASON: "cRLReason", OID_INVALIDITY_DATE: "invalidityDate", OID_CERTIFICATE_ISSUER: "certificateIssuer", - OID_NAME_CONSTRAINTS: "nameConstraints", - OID_CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints", - OID_CERTIFICATE_POLICIES: "certificatePolicies", - OID_POLICY_MAPPINGS: "policyMappings", - OID_AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier", - OID_POLICY_CONSTRAINTS: "policyConstraints", - OID_EXTENDED_KEY_USAGE: "extendedKeyUsage", - OID_FRESHEST_CRL: "freshestCRL", - OID_INHIBIT_ANY_POLICY: "inhibitAnyPolicy", - OID_AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess", - OID_SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess", - OID_OCSP_NO_CHECK: "OCSPNoCheck", + ExtensionOID.NAME_CONSTRAINTS: "nameConstraints", + ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints", + ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies", + ExtensionOID.POLICY_MAPPINGS: "policyMappings", + ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier", + ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints", + ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage", + ExtensionOID.FRESHEST_CRL: "freshestCRL", + ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy", + ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess", + ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess", + ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck", OID_OCSP: "OCSP", OID_CA_ISSUERS: "caIssuers", OID_CPS_QUALIFIER: "id-qt-cps", |