aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/x509/__init__.py162
-rw-r--r--src/cryptography/x509/base.py (renamed from src/cryptography/x509.py)186
-rw-r--r--src/cryptography/x509/oid.py182
3 files changed, 354 insertions, 176 deletions
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
new file mode 100644
index 00000000..1283867f
--- /dev/null
+++ b/src/cryptography/x509/__init__.py
@@ -0,0 +1,162 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.x509.base import (
+ AccessDescription, AuthorityInformationAccess, AuthorityKeyIdentifier,
+ BasicConstraints, CRLDistributionPoints, Certificate, CertificateBuilder,
+ CertificatePolicies, CertificateRevocationList, CertificateSigningRequest,
+ CertificateSigningRequestBuilder, DNSName, DirectoryName,
+ DistributionPoint, DuplicateExtension, ExtendedKeyUsage,
+ Extension, ExtensionNotFound, ExtensionType, Extensions, GeneralName,
+ GeneralNames, IPAddress, InhibitAnyPolicy, InvalidVersion,
+ IssuerAlternativeName, KeyUsage, Name, NameAttribute, NameConstraints,
+ NoticeReference, OCSPNoCheck, ObjectIdentifier, OtherName,
+ PolicyInformation, RFC822Name, ReasonFlags, RegisteredID,
+ RevokedCertificate, SubjectAlternativeName, SubjectKeyIdentifier,
+ UniformResourceIdentifier, UnsupportedExtension,
+ UnsupportedGeneralNameType, UserNotice, Version, _GENERAL_NAMES,
+ load_der_x509_certificate,
+ load_der_x509_csr, load_pem_x509_certificate, load_pem_x509_csr,
+)
+from cryptography.x509.oid import (
+ OID_ANY_POLICY, OID_AUTHORITY_INFORMATION_ACCESS,
+ OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS, OID_CA_ISSUERS,
+ OID_CERTIFICATE_ISSUER, OID_CERTIFICATE_POLICIES, OID_CLIENT_AUTH,
+ OID_CODE_SIGNING, OID_COMMON_NAME, OID_COUNTRY_NAME, OID_CPS_QUALIFIER,
+ OID_CPS_USER_NOTICE, OID_CRL_DISTRIBUTION_POINTS, OID_CRL_REASON,
+ OID_DN_QUALIFIER, OID_DOMAIN_COMPONENT, OID_DSA_WITH_SHA1,
+ OID_DSA_WITH_SHA224, OID_DSA_WITH_SHA256, OID_ECDSA_WITH_SHA1,
+ OID_ECDSA_WITH_SHA224, OID_ECDSA_WITH_SHA256, OID_ECDSA_WITH_SHA384,
+ OID_ECDSA_WITH_SHA512, OID_EMAIL_ADDRESS, OID_EMAIL_PROTECTION,
+ OID_EXTENDED_KEY_USAGE, OID_FRESHEST_CRL, OID_GENERATION_QUALIFIER,
+ OID_GIVEN_NAME, OID_INHIBIT_ANY_POLICY, OID_INVALIDITY_DATE,
+ OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_LOCALITY_NAME,
+ OID_NAME_CONSTRAINTS, OID_OCSP, OID_OCSP_NO_CHECK, OID_OCSP_SIGNING,
+ OID_ORGANIZATIONAL_UNIT_NAME, OID_ORGANIZATION_NAME,
+ OID_POLICY_CONSTRAINTS, OID_POLICY_MAPPINGS, OID_PSEUDONYM,
+ OID_RSA_WITH_MD5, OID_RSA_WITH_SHA1, OID_RSA_WITH_SHA224,
+ OID_RSA_WITH_SHA256, OID_RSA_WITH_SHA384, OID_RSA_WITH_SHA512,
+ OID_SERIAL_NUMBER, OID_SERVER_AUTH, OID_STATE_OR_PROVINCE_NAME,
+ OID_SUBJECT_ALTERNATIVE_NAME, OID_SUBJECT_DIRECTORY_ATTRIBUTES,
+ OID_SUBJECT_INFORMATION_ACCESS, OID_SUBJECT_KEY_IDENTIFIER, OID_SURNAME,
+ OID_TIME_STAMPING, OID_TITLE, _SIG_OIDS_TO_HASH
+)
+
+__all__ = [
+ "load_pem_x509_certificate",
+ "load_der_x509_certificate",
+ "load_pem_x509_csr",
+ "load_der_x509_csr",
+ "InvalidVersion",
+ "DuplicateExtension",
+ "UnsupportedExtension",
+ "ExtensionNotFound",
+ "UnsupportedGeneralNameType",
+ "NameAttribute",
+ "Name",
+ "ObjectIdentifier",
+ "ExtensionType",
+ "Extensions",
+ "Extension",
+ "ExtendedKeyUsage",
+ "OCSPNoCheck",
+ "BasicConstraints",
+ "KeyUsage",
+ "AuthorityInformationAccess",
+ "AccessDescription",
+ "CertificatePolicies",
+ "PolicyInformation",
+ "UserNotice",
+ "NoticeReference",
+ "SubjectKeyIdentifier",
+ "NameConstraints",
+ "CRLDistributionPoints",
+ "DistributionPoint",
+ "ReasonFlags",
+ "InhibitAnyPolicy",
+ "SubjectAlternativeName",
+ "IssuerAlternativeName",
+ "AuthorityKeyIdentifier",
+ "GeneralNames",
+ "GeneralName",
+ "RFC822Name",
+ "DNSName",
+ "UniformResourceIdentifier",
+ "RegisteredID",
+ "DirectoryName",
+ "IPAddress",
+ "OtherName",
+ "Certificate",
+ "CertificateRevocationList",
+ "CertificateSigningRequest",
+ "RevokedCertificate",
+ "CertificateSigningRequestBuilder",
+ "CertificateBuilder",
+ "Version",
+ "OID_SUBJECT_DIRECTORY_ATTRIBUTES",
+ "OID_SUBJECT_KEY_IDENTIFIER",
+ "OID_KEY_USAGE",
+ "OID_SUBJECT_ALTERNATIVE_NAME",
+ "OID_ISSUER_ALTERNATIVE_NAME",
+ "OID_BASIC_CONSTRAINTS",
+ "OID_CRL_REASON",
+ "OID_INVALIDITY_DATE",
+ "OID_CERTIFICATE_ISSUER",
+ "OID_NAME_CONSTRAINTS",
+ "OID_CRL_DISTRIBUTION_POINTS",
+ "OID_CERTIFICATE_POLICIES",
+ "OID_POLICY_MAPPINGS",
+ "OID_AUTHORITY_KEY_IDENTIFIER",
+ "OID_POLICY_CONSTRAINTS",
+ "OID_EXTENDED_KEY_USAGE",
+ "OID_FRESHEST_CRL",
+ "OID_INHIBIT_ANY_POLICY",
+ "OID_AUTHORITY_INFORMATION_ACCESS",
+ "OID_SUBJECT_INFORMATION_ACCESS",
+ "OID_OCSP_NO_CHECK",
+ "OID_COMMON_NAME",
+ "OID_COUNTRY_NAME",
+ "OID_LOCALITY_NAME",
+ "OID_STATE_OR_PROVINCE_NAME",
+ "OID_ORGANIZATION_NAME",
+ "OID_ORGANIZATIONAL_UNIT_NAME",
+ "OID_SERIAL_NUMBER",
+ "OID_SURNAME",
+ "OID_GIVEN_NAME",
+ "OID_TITLE",
+ "OID_GENERATION_QUALIFIER",
+ "OID_DN_QUALIFIER",
+ "OID_PSEUDONYM",
+ "OID_DOMAIN_COMPONENT",
+ "OID_EMAIL_ADDRESS",
+ "OID_RSA_WITH_MD5",
+ "OID_RSA_WITH_SHA1",
+ "OID_RSA_WITH_SHA224",
+ "OID_RSA_WITH_SHA256",
+ "OID_RSA_WITH_SHA384",
+ "OID_RSA_WITH_SHA512",
+ "OID_ECDSA_WITH_SHA1",
+ "OID_ECDSA_WITH_SHA224",
+ "OID_ECDSA_WITH_SHA256",
+ "OID_ECDSA_WITH_SHA384",
+ "OID_ECDSA_WITH_SHA512",
+ "OID_DSA_WITH_SHA1",
+ "OID_DSA_WITH_SHA224",
+ "OID_DSA_WITH_SHA256",
+ "_SIG_OIDS_TO_HASH",
+ "OID_CPS_QUALIFIER",
+ "OID_CPS_USER_NOTICE",
+ "OID_ANY_POLICY",
+ "OID_CA_ISSUERS",
+ "OID_OCSP",
+ "OID_SERVER_AUTH",
+ "OID_CLIENT_AUTH",
+ "OID_CODE_SIGNING",
+ "OID_EMAIL_PROTECTION",
+ "OID_TIME_STAMPING",
+ "OID_OCSP_SIGNING",
+ "_GENERAL_NAMES",
+]
diff --git a/src/cryptography/x509.py b/src/cryptography/x509/base.py
index a1d0b2f9..6fdc0f57 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509/base.py
@@ -21,8 +21,17 @@ import six
from six.moves import urllib_parse
from cryptography import utils
-from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
+from cryptography.x509.oid import (
+ OID_AUTHORITY_INFORMATION_ACCESS,
+ OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS,
+ OID_CA_ISSUERS, OID_CERTIFICATE_POLICIES, OID_CRL_DISTRIBUTION_POINTS,
+ OID_EXTENDED_KEY_USAGE, OID_INHIBIT_ANY_POLICY,
+ OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_NAME_CONSTRAINTS,
+ OID_OCSP, OID_OCSP_NO_CHECK, OID_SUBJECT_ALTERNATIVE_NAME,
+ OID_SUBJECT_KEY_IDENTIFIER, ObjectIdentifier
+)
class _SubjectPublicKeyInfo(univ.Sequence):
@@ -53,70 +62,6 @@ def _key_identifier_from_public_key(public_key):
return hashlib.sha1(data).digest()
-_OID_NAMES = {
- "2.5.4.3": "commonName",
- "2.5.4.6": "countryName",
- "2.5.4.7": "localityName",
- "2.5.4.8": "stateOrProvinceName",
- "2.5.4.10": "organizationName",
- "2.5.4.11": "organizationalUnitName",
- "2.5.4.5": "serialNumber",
- "2.5.4.4": "surname",
- "2.5.4.42": "givenName",
- "2.5.4.12": "title",
- "2.5.4.44": "generationQualifier",
- "2.5.4.46": "dnQualifier",
- "2.5.4.65": "pseudonym",
- "0.9.2342.19200300.100.1.25": "domainComponent",
- "1.2.840.113549.1.9.1": "emailAddress",
- "1.2.840.113549.1.1.4": "md5WithRSAEncryption",
- "1.2.840.113549.1.1.5": "sha1WithRSAEncryption",
- "1.2.840.113549.1.1.14": "sha224WithRSAEncryption",
- "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
- "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
- "1.2.840.113549.1.1.13": "sha512WithRSAEncryption",
- "1.2.840.10045.4.1": "ecdsa-with-SHA1",
- "1.2.840.10045.4.3.1": "ecdsa-with-SHA224",
- "1.2.840.10045.4.3.2": "ecdsa-with-SHA256",
- "1.2.840.10045.4.3.3": "ecdsa-with-SHA384",
- "1.2.840.10045.4.3.4": "ecdsa-with-SHA512",
- "1.2.840.10040.4.3": "dsa-with-sha1",
- "2.16.840.1.101.3.4.3.1": "dsa-with-sha224",
- "2.16.840.1.101.3.4.3.2": "dsa-with-sha256",
- "1.3.6.1.5.5.7.3.1": "serverAuth",
- "1.3.6.1.5.5.7.3.2": "clientAuth",
- "1.3.6.1.5.5.7.3.3": "codeSigning",
- "1.3.6.1.5.5.7.3.4": "emailProtection",
- "1.3.6.1.5.5.7.3.8": "timeStamping",
- "1.3.6.1.5.5.7.3.9": "OCSPSigning",
- "2.5.29.9": "subjectDirectoryAttributes",
- "2.5.29.14": "subjectKeyIdentifier",
- "2.5.29.15": "keyUsage",
- "2.5.29.17": "subjectAltName",
- "2.5.29.18": "issuerAltName",
- "2.5.29.19": "basicConstraints",
- "2.5.29.21": "cRLReason",
- "2.5.29.24": "invalidityDate",
- "2.5.29.29": "certificateIssuer",
- "2.5.29.30": "nameConstraints",
- "2.5.29.31": "cRLDistributionPoints",
- "2.5.29.32": "certificatePolicies",
- "2.5.29.33": "policyMappings",
- "2.5.29.35": "authorityKeyIdentifier",
- "2.5.29.36": "policyConstraints",
- "2.5.29.37": "extendedKeyUsage",
- "2.5.29.46": "freshestCRL",
- "2.5.29.54": "inhibitAnyPolicy",
- "1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
- "1.3.6.1.5.5.7.1.11": "subjectInfoAccess",
- "1.3.6.1.5.5.7.48.1.5": "OCSPNoCheck",
- "1.3.6.1.5.5.7.48.1": "OCSP",
- "1.3.6.1.5.5.7.48.2": "caIssuers",
- "1.3.6.1.5.5.7.2.1": "id-qt-cps",
- "1.3.6.1.5.5.7.2.2": "id-qt-unotice",
-}
-
-
_GENERAL_NAMES = {
0: "otherName",
1: "rfc822Name",
@@ -217,31 +162,6 @@ class NameAttribute(object):
return "<NameAttribute(oid={0.oid}, value={0.value!r})>".format(self)
-class ObjectIdentifier(object):
- def __init__(self, dotted_string):
- self._dotted_string = dotted_string
-
- def __eq__(self, other):
- if not isinstance(other, ObjectIdentifier):
- return NotImplemented
-
- return self._dotted_string == other._dotted_string
-
- def __ne__(self, other):
- return not self == other
-
- def __repr__(self):
- return "<ObjectIdentifier(oid={0}, name={1})>".format(
- self._dotted_string,
- _OID_NAMES.get(self._dotted_string, "Unknown OID")
- )
-
- def __hash__(self):
- return hash(self.dotted_string)
-
- dotted_string = utils.read_only_property("_dotted_string")
-
-
class Name(object):
def __init__(self, attributes):
self._attributes = attributes
@@ -268,29 +188,6 @@ class Name(object):
return "<Name({0!r})>".format(self._attributes)
-OID_SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
-OID_SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
-OID_KEY_USAGE = ObjectIdentifier("2.5.29.15")
-OID_SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
-OID_ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
-OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
-OID_CRL_REASON = ObjectIdentifier("2.5.29.21")
-OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
-OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
-OID_NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
-OID_CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
-OID_CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
-OID_POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
-OID_AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
-OID_POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
-OID_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
-OID_FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
-OID_INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
-OID_AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
-OID_SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
-OID_OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
-
-
class Extensions(object):
def __init__(self, extensions):
self._extensions = extensions
@@ -1360,69 +1257,6 @@ class AuthorityKeyIdentifier(object):
)
-OID_COMMON_NAME = ObjectIdentifier("2.5.4.3")
-OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
-OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
-OID_STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8")
-OID_ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10")
-OID_ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11")
-OID_SERIAL_NUMBER = ObjectIdentifier("2.5.4.5")
-OID_SURNAME = ObjectIdentifier("2.5.4.4")
-OID_GIVEN_NAME = ObjectIdentifier("2.5.4.42")
-OID_TITLE = ObjectIdentifier("2.5.4.12")
-OID_GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44")
-OID_DN_QUALIFIER = ObjectIdentifier("2.5.4.46")
-OID_PSEUDONYM = ObjectIdentifier("2.5.4.65")
-OID_DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
-OID_EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
-
-OID_RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
-OID_RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
-OID_RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
-OID_RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
-OID_RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
-OID_RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
-OID_ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
-OID_ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
-OID_ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
-OID_ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
-OID_ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
-OID_DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
-OID_DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
-OID_DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
-
-_SIG_OIDS_TO_HASH = {
- OID_RSA_WITH_MD5.dotted_string: hashes.MD5(),
- OID_RSA_WITH_SHA1.dotted_string: hashes.SHA1(),
- OID_RSA_WITH_SHA224.dotted_string: hashes.SHA224(),
- OID_RSA_WITH_SHA256.dotted_string: hashes.SHA256(),
- OID_RSA_WITH_SHA384.dotted_string: hashes.SHA384(),
- OID_RSA_WITH_SHA512.dotted_string: hashes.SHA512(),
- OID_ECDSA_WITH_SHA1.dotted_string: hashes.SHA1(),
- OID_ECDSA_WITH_SHA224.dotted_string: hashes.SHA224(),
- OID_ECDSA_WITH_SHA256.dotted_string: hashes.SHA256(),
- OID_ECDSA_WITH_SHA384.dotted_string: hashes.SHA384(),
- OID_ECDSA_WITH_SHA512.dotted_string: hashes.SHA512(),
- OID_DSA_WITH_SHA1.dotted_string: hashes.SHA1(),
- OID_DSA_WITH_SHA224.dotted_string: hashes.SHA224(),
- OID_DSA_WITH_SHA256.dotted_string: hashes.SHA256()
-}
-
-OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
-OID_CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
-OID_CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
-OID_EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
-OID_TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
-OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
-
-OID_CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
-OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
-
-OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
-OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
-OID_ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
-
-
@six.add_metaclass(abc.ABCMeta)
class Certificate(object):
@abc.abstractmethod
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
new file mode 100644
index 00000000..0c64e930
--- /dev/null
+++ b/src/cryptography/x509/oid.py
@@ -0,0 +1,182 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography import utils
+from cryptography.hazmat.primitives import hashes
+
+
+class ObjectIdentifier(object):
+ def __init__(self, dotted_string):
+ self._dotted_string = dotted_string
+
+ def __eq__(self, other):
+ if not isinstance(other, ObjectIdentifier):
+ return NotImplemented
+
+ return self._dotted_string == other._dotted_string
+
+ def __ne__(self, other):
+ return not self == other
+
+ def __repr__(self):
+ return "<ObjectIdentifier(oid={0}, name={1})>".format(
+ self._dotted_string,
+ _OID_NAMES.get(self._dotted_string, "Unknown OID")
+ )
+
+ def __hash__(self):
+ return hash(self.dotted_string)
+
+ dotted_string = utils.read_only_property("_dotted_string")
+
+
+_OID_NAMES = {
+ "2.5.4.3": "commonName",
+ "2.5.4.6": "countryName",
+ "2.5.4.7": "localityName",
+ "2.5.4.8": "stateOrProvinceName",
+ "2.5.4.10": "organizationName",
+ "2.5.4.11": "organizationalUnitName",
+ "2.5.4.5": "serialNumber",
+ "2.5.4.4": "surname",
+ "2.5.4.42": "givenName",
+ "2.5.4.12": "title",
+ "2.5.4.44": "generationQualifier",
+ "2.5.4.46": "dnQualifier",
+ "2.5.4.65": "pseudonym",
+ "0.9.2342.19200300.100.1.25": "domainComponent",
+ "1.2.840.113549.1.9.1": "emailAddress",
+ "1.2.840.113549.1.1.4": "md5WithRSAEncryption",
+ "1.2.840.113549.1.1.5": "sha1WithRSAEncryption",
+ "1.2.840.113549.1.1.14": "sha224WithRSAEncryption",
+ "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
+ "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
+ "1.2.840.113549.1.1.13": "sha512WithRSAEncryption",
+ "1.2.840.10045.4.1": "ecdsa-with-SHA1",
+ "1.2.840.10045.4.3.1": "ecdsa-with-SHA224",
+ "1.2.840.10045.4.3.2": "ecdsa-with-SHA256",
+ "1.2.840.10045.4.3.3": "ecdsa-with-SHA384",
+ "1.2.840.10045.4.3.4": "ecdsa-with-SHA512",
+ "1.2.840.10040.4.3": "dsa-with-sha1",
+ "2.16.840.1.101.3.4.3.1": "dsa-with-sha224",
+ "2.16.840.1.101.3.4.3.2": "dsa-with-sha256",
+ "1.3.6.1.5.5.7.3.1": "serverAuth",
+ "1.3.6.1.5.5.7.3.2": "clientAuth",
+ "1.3.6.1.5.5.7.3.3": "codeSigning",
+ "1.3.6.1.5.5.7.3.4": "emailProtection",
+ "1.3.6.1.5.5.7.3.8": "timeStamping",
+ "1.3.6.1.5.5.7.3.9": "OCSPSigning",
+ "2.5.29.9": "subjectDirectoryAttributes",
+ "2.5.29.14": "subjectKeyIdentifier",
+ "2.5.29.15": "keyUsage",
+ "2.5.29.17": "subjectAltName",
+ "2.5.29.18": "issuerAltName",
+ "2.5.29.19": "basicConstraints",
+ "2.5.29.21": "cRLReason",
+ "2.5.29.24": "invalidityDate",
+ "2.5.29.29": "certificateIssuer",
+ "2.5.29.30": "nameConstraints",
+ "2.5.29.31": "cRLDistributionPoints",
+ "2.5.29.32": "certificatePolicies",
+ "2.5.29.33": "policyMappings",
+ "2.5.29.35": "authorityKeyIdentifier",
+ "2.5.29.36": "policyConstraints",
+ "2.5.29.37": "extendedKeyUsage",
+ "2.5.29.46": "freshestCRL",
+ "2.5.29.54": "inhibitAnyPolicy",
+ "1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
+ "1.3.6.1.5.5.7.1.11": "subjectInfoAccess",
+ "1.3.6.1.5.5.7.48.1.5": "OCSPNoCheck",
+ "1.3.6.1.5.5.7.48.1": "OCSP",
+ "1.3.6.1.5.5.7.48.2": "caIssuers",
+ "1.3.6.1.5.5.7.2.1": "id-qt-cps",
+ "1.3.6.1.5.5.7.2.2": "id-qt-unotice",
+}
+
+
+OID_SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
+OID_SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
+OID_KEY_USAGE = ObjectIdentifier("2.5.29.15")
+OID_SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
+OID_ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
+OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
+OID_CRL_REASON = ObjectIdentifier("2.5.29.21")
+OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
+OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
+OID_NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
+OID_CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
+OID_CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
+OID_POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
+OID_AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
+OID_POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
+OID_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
+OID_FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
+OID_INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
+OID_AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
+OID_SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
+OID_OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
+
+OID_COMMON_NAME = ObjectIdentifier("2.5.4.3")
+OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
+OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
+OID_STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8")
+OID_ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10")
+OID_ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11")
+OID_SERIAL_NUMBER = ObjectIdentifier("2.5.4.5")
+OID_SURNAME = ObjectIdentifier("2.5.4.4")
+OID_GIVEN_NAME = ObjectIdentifier("2.5.4.42")
+OID_TITLE = ObjectIdentifier("2.5.4.12")
+OID_GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44")
+OID_DN_QUALIFIER = ObjectIdentifier("2.5.4.46")
+OID_PSEUDONYM = ObjectIdentifier("2.5.4.65")
+OID_DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
+OID_EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
+
+OID_RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
+OID_RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
+OID_RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
+OID_RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
+OID_RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
+OID_RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
+OID_ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
+OID_ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
+OID_ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
+OID_ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
+OID_ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
+OID_DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
+OID_DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
+OID_DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
+
+_SIG_OIDS_TO_HASH = {
+ OID_RSA_WITH_MD5.dotted_string: hashes.MD5(),
+ OID_RSA_WITH_SHA1.dotted_string: hashes.SHA1(),
+ OID_RSA_WITH_SHA224.dotted_string: hashes.SHA224(),
+ OID_RSA_WITH_SHA256.dotted_string: hashes.SHA256(),
+ OID_RSA_WITH_SHA384.dotted_string: hashes.SHA384(),
+ OID_RSA_WITH_SHA512.dotted_string: hashes.SHA512(),
+ OID_ECDSA_WITH_SHA1.dotted_string: hashes.SHA1(),
+ OID_ECDSA_WITH_SHA224.dotted_string: hashes.SHA224(),
+ OID_ECDSA_WITH_SHA256.dotted_string: hashes.SHA256(),
+ OID_ECDSA_WITH_SHA384.dotted_string: hashes.SHA384(),
+ OID_ECDSA_WITH_SHA512.dotted_string: hashes.SHA512(),
+ OID_DSA_WITH_SHA1.dotted_string: hashes.SHA1(),
+ OID_DSA_WITH_SHA224.dotted_string: hashes.SHA224(),
+ OID_DSA_WITH_SHA256.dotted_string: hashes.SHA256()
+}
+
+OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
+OID_CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
+OID_CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
+OID_EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
+OID_TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
+OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
+
+OID_CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
+OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
+
+OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
+OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
+OID_ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-23 14:48:13 +0000