• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7from cryptography.hazmat._oid import ObjectIdentifier
8from cryptography.hazmat.primitives import hashes
9
10
11class ExtensionOID(object):
12    SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
13    SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
14    KEY_USAGE = ObjectIdentifier("2.5.29.15")
15    SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
16    ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
17    BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
18    NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
19    CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
20    CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
21    POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
22    AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
23    POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
24    EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
25    FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
26    INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
27    ISSUING_DISTRIBUTION_POINT = ObjectIdentifier("2.5.29.28")
28    AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
29    SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
30    OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
31    TLS_FEATURE = ObjectIdentifier("1.3.6.1.5.5.7.1.24")
32    CRL_NUMBER = ObjectIdentifier("2.5.29.20")
33    DELTA_CRL_INDICATOR = ObjectIdentifier("2.5.29.27")
34    PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS = ObjectIdentifier(
35        "1.3.6.1.4.1.11129.2.4.2"
36    )
37    PRECERT_POISON = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.3")
38    SIGNED_CERTIFICATE_TIMESTAMPS = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5")
39
40
41class OCSPExtensionOID(object):
42    NONCE = ObjectIdentifier("1.3.6.1.5.5.7.48.1.2")
43
44
45class CRLEntryExtensionOID(object):
46    CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
47    CRL_REASON = ObjectIdentifier("2.5.29.21")
48    INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
49
50
51class NameOID(object):
52    COMMON_NAME = ObjectIdentifier("2.5.4.3")
53    COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
54    LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
55    STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8")
56    STREET_ADDRESS = ObjectIdentifier("2.5.4.9")
57    ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10")
58    ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11")
59    SERIAL_NUMBER = ObjectIdentifier("2.5.4.5")
60    SURNAME = ObjectIdentifier("2.5.4.4")
61    GIVEN_NAME = ObjectIdentifier("2.5.4.42")
62    TITLE = ObjectIdentifier("2.5.4.12")
63    GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44")
64    X500_UNIQUE_IDENTIFIER = ObjectIdentifier("2.5.4.45")
65    DN_QUALIFIER = ObjectIdentifier("2.5.4.46")
66    PSEUDONYM = ObjectIdentifier("2.5.4.65")
67    USER_ID = ObjectIdentifier("0.9.2342.19200300.100.1.1")
68    DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
69    EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
70    JURISDICTION_COUNTRY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.3")
71    JURISDICTION_LOCALITY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.1")
72    JURISDICTION_STATE_OR_PROVINCE_NAME = ObjectIdentifier(
73        "1.3.6.1.4.1.311.60.2.1.2"
74    )
75    BUSINESS_CATEGORY = ObjectIdentifier("2.5.4.15")
76    POSTAL_ADDRESS = ObjectIdentifier("2.5.4.16")
77    POSTAL_CODE = ObjectIdentifier("2.5.4.17")
78    INN = ObjectIdentifier("1.2.643.3.131.1.1")
79    OGRN = ObjectIdentifier("1.2.643.100.1")
80    SNILS = ObjectIdentifier("1.2.643.100.3")
81    UNSTRUCTURED_NAME = ObjectIdentifier("1.2.840.113549.1.9.2")
82
83
84class SignatureAlgorithmOID(object):
85    RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
86    RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
87    # This is an alternate OID for RSA with SHA1 that is occasionally seen
88    _RSA_WITH_SHA1 = ObjectIdentifier("1.3.14.3.2.29")
89    RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
90    RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
91    RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
92    RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
93    RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10")
94    ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
95    ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
96    ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
97    ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
98    ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
99    DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
100    DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
101    DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
102    ED25519 = ObjectIdentifier("1.3.101.112")
103    ED448 = ObjectIdentifier("1.3.101.113")
104    GOSTR3411_94_WITH_3410_2001 = ObjectIdentifier("1.2.643.2.2.3")
105    GOSTR3410_2012_WITH_3411_2012_256 = ObjectIdentifier("1.2.643.7.1.1.3.2")
106    GOSTR3410_2012_WITH_3411_2012_512 = ObjectIdentifier("1.2.643.7.1.1.3.3")
107
108
109_SIG_OIDS_TO_HASH = {
110    SignatureAlgorithmOID.RSA_WITH_MD5: hashes.MD5(),
111    SignatureAlgorithmOID.RSA_WITH_SHA1: hashes.SHA1(),
112    SignatureAlgorithmOID._RSA_WITH_SHA1: hashes.SHA1(),
113    SignatureAlgorithmOID.RSA_WITH_SHA224: hashes.SHA224(),
114    SignatureAlgorithmOID.RSA_WITH_SHA256: hashes.SHA256(),
115    SignatureAlgorithmOID.RSA_WITH_SHA384: hashes.SHA384(),
116    SignatureAlgorithmOID.RSA_WITH_SHA512: hashes.SHA512(),
117    SignatureAlgorithmOID.ECDSA_WITH_SHA1: hashes.SHA1(),
118    SignatureAlgorithmOID.ECDSA_WITH_SHA224: hashes.SHA224(),
119    SignatureAlgorithmOID.ECDSA_WITH_SHA256: hashes.SHA256(),
120    SignatureAlgorithmOID.ECDSA_WITH_SHA384: hashes.SHA384(),
121    SignatureAlgorithmOID.ECDSA_WITH_SHA512: hashes.SHA512(),
122    SignatureAlgorithmOID.DSA_WITH_SHA1: hashes.SHA1(),
123    SignatureAlgorithmOID.DSA_WITH_SHA224: hashes.SHA224(),
124    SignatureAlgorithmOID.DSA_WITH_SHA256: hashes.SHA256(),
125    SignatureAlgorithmOID.ED25519: None,
126    SignatureAlgorithmOID.ED448: None,
127    SignatureAlgorithmOID.GOSTR3411_94_WITH_3410_2001: None,
128    SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_256: None,
129    SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_512: None,
130}
131
132
133class ExtendedKeyUsageOID(object):
134    SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
135    CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
136    CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
137    EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
138    TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
139    OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
140    ANY_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37.0")
141
142
143class AuthorityInformationAccessOID(object):
144    CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
145    OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
146
147
148class SubjectInformationAccessOID(object):
149    CA_REPOSITORY = ObjectIdentifier("1.3.6.1.5.5.7.48.5")
150
151
152class CertificatePoliciesOID(object):
153    CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
154    CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
155    ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
156
157
158class AttributeOID(object):
159    CHALLENGE_PASSWORD = ObjectIdentifier("1.2.840.113549.1.9.7")
160    UNSTRUCTURED_NAME = ObjectIdentifier("1.2.840.113549.1.9.2")
161
162
163_OID_NAMES = {
164    NameOID.COMMON_NAME: "commonName",
165    NameOID.COUNTRY_NAME: "countryName",
166    NameOID.LOCALITY_NAME: "localityName",
167    NameOID.STATE_OR_PROVINCE_NAME: "stateOrProvinceName",
168    NameOID.STREET_ADDRESS: "streetAddress",
169    NameOID.ORGANIZATION_NAME: "organizationName",
170    NameOID.ORGANIZATIONAL_UNIT_NAME: "organizationalUnitName",
171    NameOID.SERIAL_NUMBER: "serialNumber",
172    NameOID.SURNAME: "surname",
173    NameOID.GIVEN_NAME: "givenName",
174    NameOID.TITLE: "title",
175    NameOID.GENERATION_QUALIFIER: "generationQualifier",
176    NameOID.X500_UNIQUE_IDENTIFIER: "x500UniqueIdentifier",
177    NameOID.DN_QUALIFIER: "dnQualifier",
178    NameOID.PSEUDONYM: "pseudonym",
179    NameOID.USER_ID: "userID",
180    NameOID.DOMAIN_COMPONENT: "domainComponent",
181    NameOID.EMAIL_ADDRESS: "emailAddress",
182    NameOID.JURISDICTION_COUNTRY_NAME: "jurisdictionCountryName",
183    NameOID.JURISDICTION_LOCALITY_NAME: "jurisdictionLocalityName",
184    NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME: (
185        "jurisdictionStateOrProvinceName"
186    ),
187    NameOID.BUSINESS_CATEGORY: "businessCategory",
188    NameOID.POSTAL_ADDRESS: "postalAddress",
189    NameOID.POSTAL_CODE: "postalCode",
190    NameOID.INN: "INN",
191    NameOID.OGRN: "OGRN",
192    NameOID.SNILS: "SNILS",
193    NameOID.UNSTRUCTURED_NAME: "unstructuredName",
194    SignatureAlgorithmOID.RSA_WITH_MD5: "md5WithRSAEncryption",
195    SignatureAlgorithmOID.RSA_WITH_SHA1: "sha1WithRSAEncryption",
196    SignatureAlgorithmOID.RSA_WITH_SHA224: "sha224WithRSAEncryption",
197    SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption",
198    SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption",
199    SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption",
200    SignatureAlgorithmOID.RSASSA_PSS: "RSASSA-PSS",
201    SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1",
202    SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224",
203    SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256",
204    SignatureAlgorithmOID.ECDSA_WITH_SHA384: "ecdsa-with-SHA384",
205    SignatureAlgorithmOID.ECDSA_WITH_SHA512: "ecdsa-with-SHA512",
206    SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
207    SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
208    SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
209    SignatureAlgorithmOID.ED25519: "ed25519",
210    SignatureAlgorithmOID.ED448: "ed448",
211    SignatureAlgorithmOID.GOSTR3411_94_WITH_3410_2001: (
212        "GOST R 34.11-94 with GOST R 34.10-2001"
213    ),
214    SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_256: (
215        "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
216    ),
217    SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_512: (
218        "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
219    ),
220    ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth",
221    ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth",
222    ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning",
223    ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection",
224    ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping",
225    ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning",
226    ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
227    ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
228    ExtensionOID.KEY_USAGE: "keyUsage",
229    ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
230    ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
231    ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
232    ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: (
233        "signedCertificateTimestampList"
234    ),
235    ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS: (
236        "signedCertificateTimestampList"
237    ),
238    ExtensionOID.PRECERT_POISON: "ctPoison",
239    CRLEntryExtensionOID.CRL_REASON: "cRLReason",
240    CRLEntryExtensionOID.INVALIDITY_DATE: "invalidityDate",
241    CRLEntryExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer",
242    ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
243    ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
244    ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
245    ExtensionOID.POLICY_MAPPINGS: "policyMappings",
246    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier",
247    ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints",
248    ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage",
249    ExtensionOID.FRESHEST_CRL: "freshestCRL",
250    ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy",
251    ExtensionOID.ISSUING_DISTRIBUTION_POINT: ("issuingDistributionPoint"),
252    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
253    ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
254    ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
255    ExtensionOID.CRL_NUMBER: "cRLNumber",
256    ExtensionOID.DELTA_CRL_INDICATOR: "deltaCRLIndicator",
257    ExtensionOID.TLS_FEATURE: "TLSFeature",
258    AuthorityInformationAccessOID.OCSP: "OCSP",
259    AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
260    SubjectInformationAccessOID.CA_REPOSITORY: "caRepository",
261    CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",
262    CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice",
263    OCSPExtensionOID.NONCE: "OCSPNonce",
264    AttributeOID.CHALLENGE_PASSWORD: "challengePassword",
265}
266