diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-31 07:13:59 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-31 07:13:59 -0400 |
| commit | 43f7fba27d2d8cd829857fdea847e3ce8d2fd130 (patch) | |
| tree | 9e90efc85efa82e1a47f3dd3ea8e25b2db9243c6 | |
| parent | 387b5bfa6bf948df013090ccf51e6437652577a6 (diff) | |
| parent | e1513fa0b801e1fce989316575a97bb5b69bb81a (diff) | |
| download | cryptography-43f7fba27d2d8cd829857fdea847e3ce8d2fd130.tar.gz cryptography-43f7fba27d2d8cd829857fdea847e3ce8d2fd130.tar.bz2 cryptography-43f7fba27d2d8cd829857fdea847e3ce8d2fd130.zip | |
Merge pull request #1806 from reaperhulk/eku-oids
support the EKU OIDs specified in RFC 5280 section 4.2.1.12
| -rw-r--r-- | docs/x509.rst | 33 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 15 |
2 files changed, 48 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index dbfb441b..d8fce976 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -633,6 +633,39 @@ Signature Algorithm OIDs Corresponds to the dotted string ``"2.16.840.1.101.3.4.3.2"``. This is a SHA256 digest signed by a DSA key. +Extended Key Usage OIDs +~~~~~~~~~~~~~~~~~~~~~~~ + +.. data:: OID_SERVER_AUTH + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.1"``. This is used to + denote that a certificate may be used for TLS web server authentication. + +.. data:: OID_CLIENT_AUTH + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.2"``. This is used to + denote that a certificate may be used for TLS web client authentication. + +.. data:: OID_CODE_SIGNING + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.3"``. This is used to + denote that a certificate may be used for code signing. + +.. data:: OID_EMAIL_PROTECTION + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.4"``. This is used to + denote that a certificate may be used for email protection. + +.. data:: OID_TIME_STAMPING + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.8"``. This is used to + denote that a certificate may be used for time stamping. + +.. data:: OID_OCSP_SIGNING + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.9"``. This is used to + denote that a certificate may be used for signing OCSP responses. + .. _extension_oids: Extension OIDs diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 113c35e0..8b4ee20f 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -42,8 +42,15 @@ _OID_NAMES = { "1.2.840.10040.4.3": "dsa-with-sha1", "2.16.840.1.101.3.4.3.1": "dsa-with-sha224", "2.16.840.1.101.3.4.3.2": "dsa-with-sha256", + "1.3.6.1.5.5.7.3.1": "serverAuth", + "1.3.6.1.5.5.7.3.2": "clientAuth", + "1.3.6.1.5.5.7.3.3": "codeSigning", + "1.3.6.1.5.5.7.3.4": "emailProtection", + "1.3.6.1.5.5.7.3.8": "timeStamping", + "1.3.6.1.5.5.7.3.9": "OCSPSigning", "2.5.29.19": "basicConstraints", "2.5.29.15": "keyUsage", + "2.5.29.37": "extendedKeyUsage", } @@ -170,6 +177,7 @@ class Name(object): OID_KEY_USAGE = ObjectIdentifier("2.5.29.15") +OID_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37") OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19") @@ -287,6 +295,13 @@ _SIG_OIDS_TO_HASH = { OID_DSA_WITH_SHA256.dotted_string: hashes.SHA256() } +OID_SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1") +OID_CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2") +OID_CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3") +OID_EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4") +OID_TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8") +OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9") + @six.add_metaclass(abc.ABCMeta) class Certificate(object): |