From 273e8f79555ad0219e555c3aea1011b6d23e5b8f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 9 Aug 2015 23:38:11 -0500 Subject: namespace the rest of the oids --- src/cryptography/x509/__init__.py | 39 +++++++++++++------------ src/cryptography/x509/base.py | 5 ++-- src/cryptography/x509/oid.py | 61 ++++++++++++++++++++++----------------- 3 files changed, 58 insertions(+), 47 deletions(-) diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 82e83616..3e6420e7 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -25,12 +25,9 @@ from cryptography.x509.general_name import ( ) from cryptography.x509.name import Name, NameAttribute from cryptography.x509.oid import ( - ExtensionOID, NameOID, OID_ANY_POLICY, - OID_CA_ISSUERS, OID_CERTIFICATE_ISSUER, OID_CLIENT_AUTH, - OID_CODE_SIGNING, OID_CPS_QUALIFIER, OID_CPS_USER_NOTICE, OID_CRL_REASON, - OID_EMAIL_PROTECTION, OID_INVALIDITY_DATE, OID_OCSP, OID_OCSP_SIGNING, - OID_SERVER_AUTH, OID_TIME_STAMPING, - SignatureAlgorithmOID, _SIG_OIDS_TO_HASH + AuthorityInformationAccessOID, CRLExtensionOID, CertificatePoliciesOID, + ExtendedKeyUsageOID, ExtensionOID, NameOID, SignatureAlgorithmOID, + _SIG_OIDS_TO_HASH ) @@ -84,6 +81,24 @@ OID_STATE_OR_PROVINCE_NAME = NameOID.STATE_OR_PROVINCE_NAME OID_SURNAME = NameOID.SURNAME OID_TITLE = NameOID.TITLE +OID_CLIENT_AUTH = ExtendedKeyUsageOID.CLIENT_AUTH +OID_CODE_SIGNING = ExtendedKeyUsageOID.CODE_SIGNING +OID_EMAIL_PROTECTION = ExtendedKeyUsageOID.EMAIL_PROTECTION +OID_OCSP_SIGNING = ExtendedKeyUsageOID.OCSP_SIGNING +OID_SERVER_AUTH = ExtendedKeyUsageOID.SERVER_AUTH +OID_TIME_STAMPING = ExtendedKeyUsageOID.TIME_STAMPING + +OID_ANY_POLICY = CertificatePoliciesOID.ANY_POLICY +OID_CPS_QUALIFIER = CertificatePoliciesOID.CPS_QUALIFIER +OID_CPS_USER_NOTICE = CertificatePoliciesOID.CPS_USER_NOTICE + +OID_CERTIFICATE_ISSUER = CRLExtensionOID.CERTIFICATE_ISSUER +OID_CRL_REASON = CRLExtensionOID.CRL_REASON +OID_INVALIDITY_DATE = CRLExtensionOID.INVALIDITY_DATE + +OID_CA_ISSUERS = AuthorityInformationAccessOID.CA_ISSUERS +OID_OCSP = AuthorityInformationAccessOID.OCSP + __all__ = [ "load_pem_x509_certificate", @@ -136,20 +151,8 @@ __all__ = [ "CertificateSigningRequestBuilder", "CertificateBuilder", "Version", - "OID_CRL_REASON", - "OID_INVALIDITY_DATE", - "OID_CERTIFICATE_ISSUER", "_SIG_OIDS_TO_HASH", - "OID_CPS_QUALIFIER", - "OID_CPS_USER_NOTICE", - "OID_ANY_POLICY", "OID_CA_ISSUERS", "OID_OCSP", - "OID_SERVER_AUTH", - "OID_CLIENT_AUTH", - "OID_CODE_SIGNING", - "OID_EMAIL_PROTECTION", - "OID_TIME_STAMPING", - "OID_OCSP_SIGNING", "_GENERAL_NAMES", ] diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 8eabee88..4f0d11ef 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -21,7 +21,7 @@ from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name from cryptography.x509.oid import ( - ExtensionOID, OID_CA_ISSUERS, OID_OCSP, ObjectIdentifier + AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier ) @@ -359,7 +359,8 @@ class AuthorityInformationAccess(object): class AccessDescription(object): def __init__(self, access_method, access_location): - if not (access_method == OID_OCSP or access_method == OID_CA_ISSUERS): + if not (access_method == AuthorityInformationAccessOID.OCSP or + access_method == AuthorityInformationAccessOID.CA_ISSUERS): raise ValueError( "access_method must be OID_OCSP or OID_CA_ISSUERS" ) diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py index 911343e3..9fabab72 100644 --- a/src/cryptography/x509/oid.py +++ b/src/cryptography/x509/oid.py @@ -54,9 +54,10 @@ class ExtensionOID(object): OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5") -OID_CRL_REASON = ObjectIdentifier("2.5.29.21") -OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24") -OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29") +class CRLExtensionOID(object): + CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29") + CRL_REASON = ObjectIdentifier("2.5.29.21") + INVALIDITY_DATE = ObjectIdentifier("2.5.29.24") class NameOID(object): @@ -110,19 +111,25 @@ _SIG_OIDS_TO_HASH = { SignatureAlgorithmOID.DSA_WITH_SHA256.dotted_string: hashes.SHA256() } -OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1") -OID_CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2") -OID_CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3") -OID_EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4") -OID_TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8") -OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9") -OID_CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2") -OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1") +class ExtendedKeyUsageOID(object): + SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1") + CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2") + CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3") + EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4") + TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8") + OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9") -OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1") -OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2") -OID_ANY_POLICY = ObjectIdentifier("2.5.29.32.0") + +class AuthorityInformationAccessOID(object): + CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2") + OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1") + + +class CertificatePoliciesOID(object): + CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1") + CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2") + ANY_POLICY = ObjectIdentifier("2.5.29.32.0") _OID_NAMES = { NameOID.COMMON_NAME: "commonName", @@ -154,21 +161,21 @@ _OID_NAMES = { SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1", SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224", SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256", - OID_SERVER_AUTH: "serverAuth", - OID_CLIENT_AUTH: "clientAuth", - OID_CODE_SIGNING: "codeSigning", - OID_EMAIL_PROTECTION: "emailProtection", - OID_TIME_STAMPING: "timeStamping", - OID_OCSP_SIGNING: "OCSPSigning", + ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth", + ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth", + ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning", + ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection", + ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping", + ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning", ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes", ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier", ExtensionOID.KEY_USAGE: "keyUsage", ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName", ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName", ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints", - OID_CRL_REASON: "cRLReason", - OID_INVALIDITY_DATE: "invalidityDate", - OID_CERTIFICATE_ISSUER: "certificateIssuer", + CRLExtensionOID.CRL_REASON: "cRLReason", + CRLExtensionOID.INVALIDITY_DATE: "invalidityDate", + CRLExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer", ExtensionOID.NAME_CONSTRAINTS: "nameConstraints", ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints", ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies", @@ -181,8 +188,8 @@ _OID_NAMES = { ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess", ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess", ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck", - OID_OCSP: "OCSP", - OID_CA_ISSUERS: "caIssuers", - OID_CPS_QUALIFIER: "id-qt-cps", - OID_CPS_USER_NOTICE: "id-qt-unotice", + AuthorityInformationAccessOID.OCSP: "OCSP", + AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers", + CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps", + CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice", } -- cgit v1.2.3