From d44e413da192201a0db9506cd858a8bfe4bd8b82 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 10 Aug 2015 19:13:13 -0500
Subject: switch tests to use ExtensionOID namespace

---
 tests/test_x509.py     |  60 +++++++++++------------
 tests/test_x509_ext.py | 130 +++++++++++++++++++++++++------------------------
 2 files changed, 96 insertions(+), 94 deletions(-)

diff --git a/tests/test_x509.py b/tests/test_x509.py
index 99ac69ee..42f8f58d 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -20,7 +20,7 @@ from cryptography.hazmat.backends.interfaces import (
 )
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
-from cryptography.x509.oid import NameOID
+from cryptography.x509.oid import ExtensionOID, NameOID
 
 from .hazmat.primitives.fixtures_dsa import DSA_KEY_2048
 from .hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512
@@ -586,7 +586,7 @@ class TestRSACertificateRequest(object):
         with pytest.raises(x509.DuplicateExtension) as exc:
             request.extensions
 
-        assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+        assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS
 
     def test_unsupported_critical_extension(self, backend):
         request = _load_cert(
@@ -624,7 +624,7 @@ class TestRSACertificateRequest(object):
         assert isinstance(extensions, x509.Extensions)
         assert list(extensions) == [
             x509.Extension(
-                x509.OID_BASIC_CONSTRAINTS,
+                ExtensionOID.BASIC_CONSTRAINTS,
                 True,
                 x509.BasicConstraints(ca=True, path_length=1),
             ),
@@ -637,7 +637,7 @@ class TestRSACertificateRequest(object):
             backend,
         )
         ext = request.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert list(ext.value) == [
             x509.DNSName(u"cryptography.io"),
@@ -821,12 +821,12 @@ class TestRSACertificateRequest(object):
         assert cert.not_valid_before == not_valid_before
         assert cert.not_valid_after == not_valid_after
         basic_constraints = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is False
         assert basic_constraints.value.path_length is None
         subject_alternative_name = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert list(subject_alternative_name.value) == [
             x509.DNSName(u"cryptography.io"),
@@ -1315,7 +1315,7 @@ class TestCertificateBuilder(object):
         cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         )
         assert ext.critical is False
         assert ext.value == cdp
@@ -1357,12 +1357,12 @@ class TestCertificateBuilder(object):
         assert cert.not_valid_before == not_valid_before
         assert cert.not_valid_after == not_valid_after
         basic_constraints = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is False
         assert basic_constraints.value.path_length is None
         subject_alternative_name = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert list(subject_alternative_name.value) == [
             x509.DNSName(u"cryptography.io"),
@@ -1406,12 +1406,12 @@ class TestCertificateBuilder(object):
         assert cert.not_valid_before == not_valid_before
         assert cert.not_valid_after == not_valid_after
         basic_constraints = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is False
         assert basic_constraints.value.path_length is None
         subject_alternative_name = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert list(subject_alternative_name.value) == [
             x509.DNSName(u"cryptography.io"),
@@ -1472,7 +1472,7 @@ class TestCertificateBuilder(object):
         ).sign(issuer_private_key, hashes.SHA256(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_ISSUER_ALTERNATIVE_NAME
+            ExtensionOID.ISSUER_ALTERNATIVE_NAME
         )
         assert ext.critical is False
         assert ext.value == x509.IssuerAlternativeName([
@@ -1510,7 +1510,7 @@ class TestCertificateBuilder(object):
         ).sign(issuer_private_key, hashes.SHA256(), backend)
 
         eku = cert.extensions.get_extension_for_oid(
-            x509.OID_EXTENDED_KEY_USAGE
+            ExtensionOID.EXTENDED_KEY_USAGE
         )
         assert eku.critical is False
         assert eku.value == x509.ExtendedKeyUsage([
@@ -1545,7 +1545,7 @@ class TestCertificateBuilder(object):
         ).sign(issuer_private_key, hashes.SHA256(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_INHIBIT_ANY_POLICY
+            ExtensionOID.INHIBIT_ANY_POLICY
         )
         assert ext.value == x509.InhibitAnyPolicy(3)
 
@@ -1585,7 +1585,7 @@ class TestCertificateBuilder(object):
             critical=False
         ).sign(issuer_private_key, hashes.SHA256(), backend)
 
-        ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        ext = cert.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
         assert ext.critical is False
         assert ext.value == x509.KeyUsage(
             digital_signature=True,
@@ -1641,7 +1641,7 @@ class TestCertificateSigningRequestBuilder(object):
             x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
         ]
         basic_constraints = request.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is True
         assert basic_constraints.value.path_length == 2
@@ -1689,7 +1689,7 @@ class TestCertificateSigningRequestBuilder(object):
             x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
         ]
         basic_constraints = request.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is False
         assert basic_constraints.value.path_length is None
@@ -1719,7 +1719,7 @@ class TestCertificateSigningRequestBuilder(object):
             x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'),
         ]
         basic_constraints = request.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is True
         assert basic_constraints.value.path_length == 2
@@ -1748,7 +1748,7 @@ class TestCertificateSigningRequestBuilder(object):
             x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
         ]
         basic_constraints = request.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is True
         assert basic_constraints.value.path_length == 2
@@ -1811,7 +1811,7 @@ class TestCertificateSigningRequestBuilder(object):
             critical=False
         ).sign(private_key, hashes.SHA256(), backend)
         assert len(request.extensions) == 1
-        ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        ext = request.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
         assert ext.critical is False
         assert ext.value == x509.KeyUsage(
             digital_signature=True,
@@ -1847,7 +1847,7 @@ class TestCertificateSigningRequestBuilder(object):
             critical=False
         ).sign(private_key, hashes.SHA256(), backend)
         assert len(request.extensions) == 1
-        ext = request.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        ext = request.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
         assert ext.critical is False
         assert ext.value == x509.KeyUsage(
             digital_signature=False,
@@ -1877,12 +1877,12 @@ class TestCertificateSigningRequestBuilder(object):
         public_key = request.public_key()
         assert isinstance(public_key, rsa.RSAPublicKey)
         basic_constraints = request.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert basic_constraints.value.ca is True
         assert basic_constraints.value.path_length == 2
         ext = request.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert list(ext.value) == [x509.DNSName(u"cryptography.io")]
 
@@ -1939,10 +1939,10 @@ class TestCertificateSigningRequestBuilder(object):
 
         assert len(csr.extensions) == 1
         ext = csr.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert not ext.critical
-        assert ext.oid == x509.OID_SUBJECT_ALTERNATIVE_NAME
+        assert ext.oid == ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         assert list(ext.value) == [
             x509.DNSName(u"example.com"),
             x509.DNSName(u"*.example.com"),
@@ -2018,7 +2018,7 @@ class TestCertificateSigningRequestBuilder(object):
         ).sign(private_key, hashes.SHA256(), backend)
 
         eku = request.extensions.get_extension_for_oid(
-            x509.OID_EXTENDED_KEY_USAGE
+            ExtensionOID.EXTENDED_KEY_USAGE
         )
         assert eku.critical is False
         assert eku.value == x509.ExtendedKeyUsage([
@@ -2079,7 +2079,7 @@ class TestCertificateSigningRequestBuilder(object):
         cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_INFORMATION_ACCESS
+            ExtensionOID.AUTHORITY_INFORMATION_ACCESS
         )
         assert ext.value == aia
 
@@ -2115,7 +2115,7 @@ class TestCertificateSigningRequestBuilder(object):
         cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_KEY_IDENTIFIER
+            ExtensionOID.SUBJECT_KEY_IDENTIFIER
         )
         assert ext.value == ski
 
@@ -2191,7 +2191,7 @@ class TestCertificateSigningRequestBuilder(object):
         cert = builder.sign(issuer_private_key, hashes.SHA256(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_KEY_IDENTIFIER
+            ExtensionOID.AUTHORITY_KEY_IDENTIFIER
         )
         assert ext.value == aki
 
@@ -2221,7 +2221,7 @@ class TestCertificateSigningRequestBuilder(object):
         cert = builder.sign(issuer_private_key, hashes.SHA256(), backend)
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_OCSP_NO_CHECK
+            ExtensionOID.OCSP_NO_CHECK
         )
         assert isinstance(ext.value, x509.OCSPNoCheck)
 
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index c94ffae1..faf9086a 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -17,7 +17,7 @@ from cryptography.hazmat.backends.interfaces import (
     DSABackend, EllipticCurveBackend, RSABackend, X509Backend
 )
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.x509.oid import NameOID
+from cryptography.x509.oid import ExtensionOID, NameOID
 
 from .hazmat.primitives.test_ec import _skip_curve_unsupported
 from .test_x509 import _load_cert
@@ -32,11 +32,11 @@ class TestExtension(object):
     def test_critical_not_a_bool(self):
         bc = x509.BasicConstraints(ca=False, path_length=None)
         with pytest.raises(TypeError):
-            x509.Extension(x509.OID_BASIC_CONSTRAINTS, "notabool", bc)
+            x509.Extension(ExtensionOID.BASIC_CONSTRAINTS, "notabool", bc)
 
     def test_repr(self):
         bc = x509.BasicConstraints(ca=False, path_length=None)
-        ext = x509.Extension(x509.OID_BASIC_CONSTRAINTS, True, bc)
+        ext = x509.Extension(ExtensionOID.BASIC_CONSTRAINTS, True, bc)
         assert repr(ext) == (
             "<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConst"
             "raints)>, critical=True, value=<BasicConstraints(ca=False, path"
@@ -278,7 +278,7 @@ class TestCertificatePoliciesExtension(object):
         )
 
         cp = cert.extensions.get_extension_for_oid(
-            x509.OID_CERTIFICATE_POLICIES
+            ExtensionOID.CERTIFICATE_POLICIES
         ).value
 
         assert cp == x509.CertificatePolicies([
@@ -298,7 +298,7 @@ class TestCertificatePoliciesExtension(object):
         )
 
         cp = cert.extensions.get_extension_for_oid(
-            x509.OID_CERTIFICATE_POLICIES
+            ExtensionOID.CERTIFICATE_POLICIES
         ).value
 
         assert cp == x509.CertificatePolicies([
@@ -325,7 +325,7 @@ class TestCertificatePoliciesExtension(object):
         )
 
         cp = cert.extensions.get_extension_for_oid(
-            x509.OID_CERTIFICATE_POLICIES
+            ExtensionOID.CERTIFICATE_POLICIES
         ).value
 
         assert cp == x509.CertificatePolicies([
@@ -345,7 +345,7 @@ class TestCertificatePoliciesExtension(object):
         )
 
         cp = cert.extensions.get_extension_for_oid(
-            x509.OID_CERTIFICATE_POLICIES
+            ExtensionOID.CERTIFICATE_POLICIES
         ).value
 
         assert cp == x509.CertificatePolicies([
@@ -557,7 +557,7 @@ class TestSubjectKeyIdentifier(object):
         ski = x509.SubjectKeyIdentifier(
             binascii.unhexlify(b"092384932230498bc980aa8098456f6ff7ff3ac9")
         )
-        ext = x509.Extension(x509.OID_SUBJECT_KEY_IDENTIFIER, False, ski)
+        ext = x509.Extension(ExtensionOID.SUBJECT_KEY_IDENTIFIER, False, ski)
         if six.PY3:
             assert repr(ext) == (
                 "<Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectK"
@@ -775,9 +775,9 @@ class TestExtensions(object):
         assert len(ext) == 0
         assert list(ext) == []
         with pytest.raises(x509.ExtensionNotFound) as exc:
-            ext.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+            ext.get_extension_for_oid(ExtensionOID.BASIC_CONSTRAINTS)
 
-        assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+        assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS
 
     def test_one_extension(self, backend):
         cert = _load_cert(
@@ -788,7 +788,7 @@ class TestExtensions(object):
             backend
         )
         extensions = cert.extensions
-        ext = extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+        ext = extensions.get_extension_for_oid(ExtensionOID.BASIC_CONSTRAINTS)
         assert ext is not None
         assert ext.value.ca is False
 
@@ -803,7 +803,7 @@ class TestExtensions(object):
         with pytest.raises(x509.DuplicateExtension) as exc:
             cert.extensions
 
-        assert exc.value.oid == x509.OID_BASIC_CONSTRAINTS
+        assert exc.value.oid == ExtensionOID.BASIC_CONSTRAINTS
 
     def test_unsupported_critical_extension(self, backend):
         cert = _load_cert(
@@ -843,7 +843,7 @@ class TestBasicConstraintsExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert ext is not None
         assert ext.critical is True
@@ -857,7 +857,7 @@ class TestBasicConstraintsExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert ext is not None
         assert ext.critical is True
@@ -871,7 +871,7 @@ class TestBasicConstraintsExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert ext is not None
         assert ext.critical is True
@@ -885,7 +885,7 @@ class TestBasicConstraintsExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert ext is not None
         assert ext.critical is True
@@ -904,7 +904,9 @@ class TestBasicConstraintsExtension(object):
             backend
         )
         with pytest.raises(x509.ExtensionNotFound):
-            cert.extensions.get_extension_for_oid(x509.OID_BASIC_CONSTRAINTS)
+            cert.extensions.get_extension_for_oid(
+                ExtensionOID.BASIC_CONSTRAINTS
+            )
 
     def test_basic_constraint_not_critical(self, backend):
         cert = _load_cert(
@@ -915,7 +917,7 @@ class TestBasicConstraintsExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_BASIC_CONSTRAINTS
+            ExtensionOID.BASIC_CONSTRAINTS
         )
         assert ext is not None
         assert ext.critical is False
@@ -932,7 +934,7 @@ class TestSubjectKeyIdentifierExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_KEY_IDENTIFIER
+            ExtensionOID.SUBJECT_KEY_IDENTIFIER
         )
         ski = ext.value
         assert ext is not None
@@ -951,7 +953,7 @@ class TestSubjectKeyIdentifierExtension(object):
         )
         with pytest.raises(x509.ExtensionNotFound):
             cert.extensions.get_extension_for_oid(
-                x509.OID_SUBJECT_KEY_IDENTIFIER
+                ExtensionOID.SUBJECT_KEY_IDENTIFIER
             )
 
     @pytest.mark.requires_backend_interface(interface=RSABackend)
@@ -963,7 +965,7 @@ class TestSubjectKeyIdentifierExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_KEY_IDENTIFIER
+            ExtensionOID.SUBJECT_KEY_IDENTIFIER
         )
         ski = x509.SubjectKeyIdentifier.from_public_key(
             cert.public_key()
@@ -980,7 +982,7 @@ class TestSubjectKeyIdentifierExtension(object):
         )
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_KEY_IDENTIFIER
+            ExtensionOID.SUBJECT_KEY_IDENTIFIER
         )
         ski = x509.SubjectKeyIdentifier.from_public_key(
             cert.public_key()
@@ -998,7 +1000,7 @@ class TestSubjectKeyIdentifierExtension(object):
         )
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_KEY_IDENTIFIER
+            ExtensionOID.SUBJECT_KEY_IDENTIFIER
         )
         ski = x509.SubjectKeyIdentifier.from_public_key(
             cert.public_key()
@@ -1017,9 +1019,9 @@ class TestKeyUsageExtension(object):
         )
         ext = cert.extensions
         with pytest.raises(x509.ExtensionNotFound) as exc:
-            ext.get_extension_for_oid(x509.OID_KEY_USAGE)
+            ext.get_extension_for_oid(ExtensionOID.KEY_USAGE)
 
-        assert exc.value.oid == x509.OID_KEY_USAGE
+        assert exc.value.oid == ExtensionOID.KEY_USAGE
 
     def test_all_purposes(self, backend):
         cert = _load_cert(
@@ -1030,7 +1032,7 @@ class TestKeyUsageExtension(object):
             backend
         )
         extensions = cert.extensions
-        ext = extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        ext = extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
         assert ext is not None
 
         ku = ext.value
@@ -1052,7 +1054,7 @@ class TestKeyUsageExtension(object):
             x509.load_der_x509_certificate,
             backend
         )
-        ext = cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE)
+        ext = cert.extensions.get_extension_for_oid(ExtensionOID.KEY_USAGE)
         assert ext is not None
         assert ext.critical is True
 
@@ -1217,7 +1219,7 @@ class TestRegisteredID(object):
 
     def test_ne(self):
         gn = x509.RegisteredID(NameOID.COMMON_NAME)
-        gn2 = x509.RegisteredID(x509.OID_BASIC_CONSTRAINTS)
+        gn2 = x509.RegisteredID(ExtensionOID.BASIC_CONSTRAINTS)
         assert gn != gn2
         assert gn != object()
 
@@ -1425,7 +1427,7 @@ class TestRSAIssuerAlternativeNameExtension(object):
             backend,
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_ISSUER_ALTERNATIVE_NAME
+            ExtensionOID.ISSUER_ALTERNATIVE_NAME
         )
         assert list(ext.value) == [
             x509.UniformResourceIdentifier(u"http://path.to.root/root.crt"),
@@ -1498,7 +1500,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1515,7 +1517,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
 
         dns = ext.value.get_values_for_type(x509.DNSName)
@@ -1533,7 +1535,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
 
         dns = ext.value.get_values_for_type(x509.DNSName)
@@ -1559,7 +1561,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1577,7 +1579,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         uri = ext.value.get_values_for_type(
@@ -1598,7 +1600,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1620,7 +1622,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1645,7 +1647,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1675,7 +1677,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         rfc822_name = ext.value.get_values_for_type(x509.RFC822Name)
@@ -1694,7 +1696,7 @@ class TestRSASubjectAlternativeNameExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1745,7 +1747,7 @@ class TestRSASubjectAlternativeNameExtension(object):
         )
 
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_SUBJECT_ALTERNATIVE_NAME
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
         )
         assert ext is not None
         assert ext.critical is False
@@ -1771,7 +1773,7 @@ class TestExtendedKeyUsageExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_EXTENDED_KEY_USAGE
+            ExtensionOID.EXTENDED_KEY_USAGE
         )
         assert ext is not None
         assert ext.critical is False
@@ -1940,7 +1942,7 @@ class TestAuthorityInformationAccessExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_INFORMATION_ACCESS
+            ExtensionOID.AUTHORITY_INFORMATION_ACCESS
         )
         assert ext is not None
         assert ext.critical is False
@@ -1963,7 +1965,7 @@ class TestAuthorityInformationAccessExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_INFORMATION_ACCESS
+            ExtensionOID.AUTHORITY_INFORMATION_ACCESS
         )
         assert ext is not None
         assert ext.critical is False
@@ -1994,7 +1996,7 @@ class TestAuthorityInformationAccessExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_INFORMATION_ACCESS
+            ExtensionOID.AUTHORITY_INFORMATION_ACCESS
         )
         assert ext is not None
         assert ext.critical is False
@@ -2013,7 +2015,7 @@ class TestAuthorityInformationAccessExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_INFORMATION_ACCESS
+            ExtensionOID.AUTHORITY_INFORMATION_ACCESS
         )
         assert ext is not None
         assert ext.critical is False
@@ -2042,7 +2044,7 @@ class TestAuthorityKeyIdentifierExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_KEY_IDENTIFIER
+            ExtensionOID.AUTHORITY_KEY_IDENTIFIER
         )
         assert ext is not None
         assert ext.critical is False
@@ -2062,7 +2064,7 @@ class TestAuthorityKeyIdentifierExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_KEY_IDENTIFIER
+            ExtensionOID.AUTHORITY_KEY_IDENTIFIER
         )
         assert ext is not None
         assert ext.critical is False
@@ -2093,7 +2095,7 @@ class TestAuthorityKeyIdentifierExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_KEY_IDENTIFIER
+            ExtensionOID.AUTHORITY_KEY_IDENTIFIER
         )
         assert ext is not None
         assert ext.critical is False
@@ -2125,7 +2127,7 @@ class TestAuthorityKeyIdentifierExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_AUTHORITY_KEY_IDENTIFIER
+            ExtensionOID.AUTHORITY_KEY_IDENTIFIER
         )
         aki = x509.AuthorityKeyIdentifier.from_issuer_public_key(
             issuer_cert.public_key()
@@ -2242,7 +2244,7 @@ class TestNameConstraintsExtension(object):
             backend
         )
         nc = cert.extensions.get_extension_for_oid(
-            x509.OID_NAME_CONSTRAINTS
+            ExtensionOID.NAME_CONSTRAINTS
         ).value
         assert nc == x509.NameConstraints(
             permitted_subtrees=[
@@ -2264,7 +2266,7 @@ class TestNameConstraintsExtension(object):
             backend
         )
         nc = cert.extensions.get_extension_for_oid(
-            x509.OID_NAME_CONSTRAINTS
+            ExtensionOID.NAME_CONSTRAINTS
         ).value
         assert nc == x509.NameConstraints(
             permitted_subtrees=[
@@ -2282,7 +2284,7 @@ class TestNameConstraintsExtension(object):
             backend
         )
         nc = cert.extensions.get_extension_for_oid(
-            x509.OID_NAME_CONSTRAINTS
+            ExtensionOID.NAME_CONSTRAINTS
         ).value
         assert nc == x509.NameConstraints(
             permitted_subtrees=[
@@ -2301,7 +2303,7 @@ class TestNameConstraintsExtension(object):
             backend
         )
         nc = cert.extensions.get_extension_for_oid(
-            x509.OID_NAME_CONSTRAINTS
+            ExtensionOID.NAME_CONSTRAINTS
         ).value
         assert nc == x509.NameConstraints(
             permitted_subtrees=None,
@@ -2320,7 +2322,7 @@ class TestNameConstraintsExtension(object):
             backend
         )
         nc = cert.extensions.get_extension_for_oid(
-            x509.OID_NAME_CONSTRAINTS
+            ExtensionOID.NAME_CONSTRAINTS
         ).value
         assert nc == x509.NameConstraints(
             permitted_subtrees=[
@@ -2342,7 +2344,7 @@ class TestNameConstraintsExtension(object):
             backend
         )
         nc = cert.extensions.get_extension_for_oid(
-            x509.OID_NAME_CONSTRAINTS
+            ExtensionOID.NAME_CONSTRAINTS
         ).value
         assert nc == x509.NameConstraints(
             permitted_subtrees=[
@@ -2362,7 +2364,7 @@ class TestNameConstraintsExtension(object):
         )
         with pytest.raises(ValueError):
             cert.extensions.get_extension_for_oid(
-                x509.OID_NAME_CONSTRAINTS
+                ExtensionOID.NAME_CONSTRAINTS
             )
 
 
@@ -2671,7 +2673,7 @@ class TestCRLDistributionPointsExtension(object):
         )
 
         cdps = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         ).value
 
         assert cdps == x509.CRLDistributionPoints([
@@ -2721,7 +2723,7 @@ class TestCRLDistributionPointsExtension(object):
         )
 
         cdps = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         ).value
 
         assert cdps == x509.CRLDistributionPoints([
@@ -2760,7 +2762,7 @@ class TestCRLDistributionPointsExtension(object):
         )
 
         cdps = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         ).value
 
         assert cdps == x509.CRLDistributionPoints([
@@ -2797,7 +2799,7 @@ class TestCRLDistributionPointsExtension(object):
         )
 
         cdps = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         ).value
 
         assert cdps == x509.CRLDistributionPoints([
@@ -2830,7 +2832,7 @@ class TestCRLDistributionPointsExtension(object):
         )
 
         cdps = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         ).value
 
         assert cdps == x509.CRLDistributionPoints([
@@ -2854,7 +2856,7 @@ class TestCRLDistributionPointsExtension(object):
         )
 
         cdps = cert.extensions.get_extension_for_oid(
-            x509.OID_CRL_DISTRIBUTION_POINTS
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
         ).value
 
         assert cdps == x509.CRLDistributionPoints([
@@ -2885,7 +2887,7 @@ class TestOCSPNoCheckExtension(object):
             backend
         )
         ext = cert.extensions.get_extension_for_oid(
-            x509.OID_OCSP_NO_CHECK
+            ExtensionOID.OCSP_NO_CHECK
         )
         assert isinstance(ext.value, x509.OCSPNoCheck)
 
@@ -2927,7 +2929,7 @@ class TestInhibitAnyPolicyExtension(object):
             backend
         )
         iap = cert.extensions.get_extension_for_oid(
-            x509.OID_INHIBIT_ANY_POLICY
+            ExtensionOID.INHIBIT_ANY_POLICY
         ).value
         assert iap.skip_certs == 5
 
-- 
cgit v1.2.3