namespace the rest of the oids

3 files changed, 58 insertions, 47 deletions

diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index 82e83616..3e6420e7 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -25,12 +25,9 @@ from cryptography.x509.general_name import (
 )
 from cryptography.x509.name import Name, NameAttribute
 from cryptography.x509.oid import (
-    ExtensionOID, NameOID, OID_ANY_POLICY,
-    OID_CA_ISSUERS, OID_CERTIFICATE_ISSUER, OID_CLIENT_AUTH,
-    OID_CODE_SIGNING, OID_CPS_QUALIFIER, OID_CPS_USER_NOTICE, OID_CRL_REASON,
-    OID_EMAIL_PROTECTION, OID_INVALIDITY_DATE, OID_OCSP, OID_OCSP_SIGNING,
-    OID_SERVER_AUTH, OID_TIME_STAMPING,
-    SignatureAlgorithmOID, _SIG_OIDS_TO_HASH
+    AuthorityInformationAccessOID, CRLExtensionOID, CertificatePoliciesOID,
+    ExtendedKeyUsageOID, ExtensionOID, NameOID, SignatureAlgorithmOID,
+    _SIG_OIDS_TO_HASH
 )
 
 
@@ -84,6 +81,24 @@ OID_STATE_OR_PROVINCE_NAME = NameOID.STATE_OR_PROVINCE_NAME
 OID_SURNAME = NameOID.SURNAME
 OID_TITLE = NameOID.TITLE
 
+OID_CLIENT_AUTH = ExtendedKeyUsageOID.CLIENT_AUTH
+OID_CODE_SIGNING = ExtendedKeyUsageOID.CODE_SIGNING
+OID_EMAIL_PROTECTION = ExtendedKeyUsageOID.EMAIL_PROTECTION
+OID_OCSP_SIGNING = ExtendedKeyUsageOID.OCSP_SIGNING
+OID_SERVER_AUTH = ExtendedKeyUsageOID.SERVER_AUTH
+OID_TIME_STAMPING = ExtendedKeyUsageOID.TIME_STAMPING
+
+OID_ANY_POLICY = CertificatePoliciesOID.ANY_POLICY
+OID_CPS_QUALIFIER = CertificatePoliciesOID.CPS_QUALIFIER
+OID_CPS_USER_NOTICE = CertificatePoliciesOID.CPS_USER_NOTICE
+
+OID_CERTIFICATE_ISSUER = CRLExtensionOID.CERTIFICATE_ISSUER
+OID_CRL_REASON = CRLExtensionOID.CRL_REASON
+OID_INVALIDITY_DATE = CRLExtensionOID.INVALIDITY_DATE
+
+OID_CA_ISSUERS = AuthorityInformationAccessOID.CA_ISSUERS
+OID_OCSP = AuthorityInformationAccessOID.OCSP
+
 
 __all__ = [
     "load_pem_x509_certificate",
@@ -136,20 +151,8 @@ __all__ = [
     "CertificateSigningRequestBuilder",
     "CertificateBuilder",
     "Version",
-    "OID_CRL_REASON",
-    "OID_INVALIDITY_DATE",
-    "OID_CERTIFICATE_ISSUER",
     "_SIG_OIDS_TO_HASH",
-    "OID_CPS_QUALIFIER",
-    "OID_CPS_USER_NOTICE",
-    "OID_ANY_POLICY",
     "OID_CA_ISSUERS",
     "OID_OCSP",
-    "OID_SERVER_AUTH",
-    "OID_CLIENT_AUTH",
-    "OID_CODE_SIGNING",
-    "OID_EMAIL_PROTECTION",
-    "OID_TIME_STAMPING",
-    "OID_OCSP_SIGNING",
     "_GENERAL_NAMES",
 ]
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 8eabee88..4f0d11ef 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -21,7 +21,7 @@ from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
 from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
 from cryptography.x509.name import Name
 from cryptography.x509.oid import (
-    ExtensionOID, OID_CA_ISSUERS, OID_OCSP, ObjectIdentifier
+    AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier
 )
 
 
@@ -359,7 +359,8 @@ class AuthorityInformationAccess(object):
 
 class AccessDescription(object):
     def __init__(self, access_method, access_location):
-        if not (access_method == OID_OCSP or access_method == OID_CA_ISSUERS):
+        if not (access_method == AuthorityInformationAccessOID.OCSP or
+                access_method == AuthorityInformationAccessOID.CA_ISSUERS):
             raise ValueError(
                 "access_method must be OID_OCSP or OID_CA_ISSUERS"
             )
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index 911343e3..9fabab72 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -54,9 +54,10 @@ class ExtensionOID(object):
     OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
 
 
-OID_CRL_REASON = ObjectIdentifier("2.5.29.21")
-OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
-OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
+class CRLExtensionOID(object):
+    CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
+    CRL_REASON = ObjectIdentifier("2.5.29.21")
+    INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
 
 
 class NameOID(object):
@@ -110,19 +111,25 @@ _SIG_OIDS_TO_HASH = {
     SignatureAlgorithmOID.DSA_WITH_SHA256.dotted_string: hashes.SHA256()
 }
 
-OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
-OID_CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
-OID_CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
-OID_EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
-OID_TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
-OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
 
-OID_CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
-OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
+class ExtendedKeyUsageOID(object):
+    SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
+    CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
+    CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
+    EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
+    TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
+    OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
 
-OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
-OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
-OID_ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
+
+class AuthorityInformationAccessOID(object):
+    CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
+    OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
+
+
+class CertificatePoliciesOID(object):
+    CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
+    CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
+    ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
 
 _OID_NAMES = {
     NameOID.COMMON_NAME: "commonName",
@@ -154,21 +161,21 @@ _OID_NAMES = {
     SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
     SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
     SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
-    OID_SERVER_AUTH: "serverAuth",
-    OID_CLIENT_AUTH: "clientAuth",
-    OID_CODE_SIGNING: "codeSigning",
-    OID_EMAIL_PROTECTION: "emailProtection",
-    OID_TIME_STAMPING: "timeStamping",
-    OID_OCSP_SIGNING: "OCSPSigning",
+    ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth",
+    ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth",
+    ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning",
+    ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection",
+    ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping",
+    ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning",
     ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
     ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
     ExtensionOID.KEY_USAGE: "keyUsage",
     ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
     ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
     ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
-    OID_CRL_REASON: "cRLReason",
-    OID_INVALIDITY_DATE: "invalidityDate",
-    OID_CERTIFICATE_ISSUER: "certificateIssuer",
+    CRLExtensionOID.CRL_REASON: "cRLReason",
+    CRLExtensionOID.INVALIDITY_DATE: "invalidityDate",
+    CRLExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer",
     ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
     ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
     ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
@@ -181,8 +188,8 @@ _OID_NAMES = {
     ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
     ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
     ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
-    OID_OCSP: "OCSP",
-    OID_CA_ISSUERS: "caIssuers",
-    OID_CPS_QUALIFIER: "id-qt-cps",
-    OID_CPS_USER_NOTICE: "id-qt-unotice",
+    AuthorityInformationAccessOID.OCSP: "OCSP",
+    AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
+    CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",
+    CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice",
 }