• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7from cryptography.hazmat._oid import ObjectIdentifier
8from cryptography.hazmat.primitives import hashes
9
10
11class ExtensionOID(object):
12    SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
13    SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
14    KEY_USAGE = ObjectIdentifier("2.5.29.15")
15    SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
16    ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
17    BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
18    NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
19    CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
20    CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
21    POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
22    AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
23    POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
24    EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
25    FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
26    INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
27    ISSUING_DISTRIBUTION_POINT = ObjectIdentifier("2.5.29.28")
28    AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
29    SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
30    OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
31    TLS_FEATURE = ObjectIdentifier("1.3.6.1.5.5.7.1.24")
32    CRL_NUMBER = ObjectIdentifier("2.5.29.20")
33    DELTA_CRL_INDICATOR = ObjectIdentifier("2.5.29.27")
34    PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS = (
35        ObjectIdentifier("1.3.6.1.4.1.11129.2.4.2")
36    )
37    PRECERT_POISON = (
38        ObjectIdentifier("1.3.6.1.4.1.11129.2.4.3")
39    )
40
41
42class OCSPExtensionOID(object):
43    NONCE = ObjectIdentifier("1.3.6.1.5.5.7.48.1.2")
44
45
46class CRLEntryExtensionOID(object):
47    CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
48    CRL_REASON = ObjectIdentifier("2.5.29.21")
49    INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
50
51
52class NameOID(object):
53    COMMON_NAME = ObjectIdentifier("2.5.4.3")
54    COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
55    LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
56    STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8")
57    STREET_ADDRESS = ObjectIdentifier("2.5.4.9")
58    ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10")
59    ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11")
60    SERIAL_NUMBER = ObjectIdentifier("2.5.4.5")
61    SURNAME = ObjectIdentifier("2.5.4.4")
62    GIVEN_NAME = ObjectIdentifier("2.5.4.42")
63    TITLE = ObjectIdentifier("2.5.4.12")
64    GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44")
65    X500_UNIQUE_IDENTIFIER = ObjectIdentifier("2.5.4.45")
66    DN_QUALIFIER = ObjectIdentifier("2.5.4.46")
67    PSEUDONYM = ObjectIdentifier("2.5.4.65")
68    USER_ID = ObjectIdentifier("0.9.2342.19200300.100.1.1")
69    DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
70    EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
71    JURISDICTION_COUNTRY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.3")
72    JURISDICTION_LOCALITY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.1")
73    JURISDICTION_STATE_OR_PROVINCE_NAME = ObjectIdentifier(
74        "1.3.6.1.4.1.311.60.2.1.2"
75    )
76    BUSINESS_CATEGORY = ObjectIdentifier("2.5.4.15")
77    POSTAL_ADDRESS = ObjectIdentifier("2.5.4.16")
78    POSTAL_CODE = ObjectIdentifier("2.5.4.17")
79
80
81class SignatureAlgorithmOID(object):
82    RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
83    RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
84    # This is an alternate OID for RSA with SHA1 that is occasionally seen
85    _RSA_WITH_SHA1 = ObjectIdentifier("1.3.14.3.2.29")
86    RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
87    RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
88    RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
89    RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
90    RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10")
91    ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
92    ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
93    ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
94    ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
95    ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
96    DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
97    DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
98    DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
99
100
101_SIG_OIDS_TO_HASH = {
102    SignatureAlgorithmOID.RSA_WITH_MD5: hashes.MD5(),
103    SignatureAlgorithmOID.RSA_WITH_SHA1: hashes.SHA1(),
104    SignatureAlgorithmOID._RSA_WITH_SHA1: hashes.SHA1(),
105    SignatureAlgorithmOID.RSA_WITH_SHA224: hashes.SHA224(),
106    SignatureAlgorithmOID.RSA_WITH_SHA256: hashes.SHA256(),
107    SignatureAlgorithmOID.RSA_WITH_SHA384: hashes.SHA384(),
108    SignatureAlgorithmOID.RSA_WITH_SHA512: hashes.SHA512(),
109    SignatureAlgorithmOID.ECDSA_WITH_SHA1: hashes.SHA1(),
110    SignatureAlgorithmOID.ECDSA_WITH_SHA224: hashes.SHA224(),
111    SignatureAlgorithmOID.ECDSA_WITH_SHA256: hashes.SHA256(),
112    SignatureAlgorithmOID.ECDSA_WITH_SHA384: hashes.SHA384(),
113    SignatureAlgorithmOID.ECDSA_WITH_SHA512: hashes.SHA512(),
114    SignatureAlgorithmOID.DSA_WITH_SHA1: hashes.SHA1(),
115    SignatureAlgorithmOID.DSA_WITH_SHA224: hashes.SHA224(),
116    SignatureAlgorithmOID.DSA_WITH_SHA256: hashes.SHA256()
117}
118
119
120class ExtendedKeyUsageOID(object):
121    SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
122    CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
123    CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
124    EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
125    TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
126    OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
127    ANY_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37.0")
128
129
130class AuthorityInformationAccessOID(object):
131    CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
132    OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
133
134
135class CertificatePoliciesOID(object):
136    CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
137    CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
138    ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
139
140
141_OID_NAMES = {
142    NameOID.COMMON_NAME: "commonName",
143    NameOID.COUNTRY_NAME: "countryName",
144    NameOID.LOCALITY_NAME: "localityName",
145    NameOID.STATE_OR_PROVINCE_NAME: "stateOrProvinceName",
146    NameOID.STREET_ADDRESS: "streetAddress",
147    NameOID.ORGANIZATION_NAME: "organizationName",
148    NameOID.ORGANIZATIONAL_UNIT_NAME: "organizationalUnitName",
149    NameOID.SERIAL_NUMBER: "serialNumber",
150    NameOID.SURNAME: "surname",
151    NameOID.GIVEN_NAME: "givenName",
152    NameOID.TITLE: "title",
153    NameOID.GENERATION_QUALIFIER: "generationQualifier",
154    NameOID.X500_UNIQUE_IDENTIFIER: "x500UniqueIdentifier",
155    NameOID.DN_QUALIFIER: "dnQualifier",
156    NameOID.PSEUDONYM: "pseudonym",
157    NameOID.USER_ID: "userID",
158    NameOID.DOMAIN_COMPONENT: "domainComponent",
159    NameOID.EMAIL_ADDRESS: "emailAddress",
160    NameOID.JURISDICTION_COUNTRY_NAME: "jurisdictionCountryName",
161    NameOID.JURISDICTION_LOCALITY_NAME: "jurisdictionLocalityName",
162    NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME: (
163        "jurisdictionStateOrProvinceName"
164    ),
165    NameOID.BUSINESS_CATEGORY: "businessCategory",
166    NameOID.POSTAL_ADDRESS: "postalAddress",
167    NameOID.POSTAL_CODE: "postalCode",
168
169    SignatureAlgorithmOID.RSA_WITH_MD5: "md5WithRSAEncryption",
170    SignatureAlgorithmOID.RSA_WITH_SHA1: "sha1WithRSAEncryption",
171    SignatureAlgorithmOID.RSA_WITH_SHA224: "sha224WithRSAEncryption",
172    SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption",
173    SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption",
174    SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption",
175    SignatureAlgorithmOID.RSASSA_PSS: "RSASSA-PSS",
176    SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1",
177    SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224",
178    SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256",
179    SignatureAlgorithmOID.ECDSA_WITH_SHA384: "ecdsa-with-SHA384",
180    SignatureAlgorithmOID.ECDSA_WITH_SHA512: "ecdsa-with-SHA512",
181    SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
182    SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
183    SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
184    ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth",
185    ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth",
186    ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning",
187    ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection",
188    ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping",
189    ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning",
190    ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
191    ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
192    ExtensionOID.KEY_USAGE: "keyUsage",
193    ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
194    ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
195    ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
196    ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: (
197        "signedCertificateTimestampList"
198    ),
199    CRLEntryExtensionOID.CRL_REASON: "cRLReason",
200    CRLEntryExtensionOID.INVALIDITY_DATE: "invalidityDate",
201    CRLEntryExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer",
202    ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
203    ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
204    ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
205    ExtensionOID.POLICY_MAPPINGS: "policyMappings",
206    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier",
207    ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints",
208    ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage",
209    ExtensionOID.FRESHEST_CRL: "freshestCRL",
210    ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy",
211    ExtensionOID.ISSUING_DISTRIBUTION_POINT: (
212        "issuingDistributionPoint"
213    ),
214    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
215    ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
216    ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
217    ExtensionOID.CRL_NUMBER: "cRLNumber",
218    ExtensionOID.DELTA_CRL_INDICATOR: "deltaCRLIndicator",
219    ExtensionOID.TLS_FEATURE: "TLSFeature",
220    AuthorityInformationAccessOID.OCSP: "OCSP",
221    AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
222    CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",
223    CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice",
224    OCSPExtensionOID.NONCE: "OCSPNonce",
225}
226