From c315c8962de7df03bd34e68edb6280f6e1b10e76 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 9 Aug 2015 21:16:02 -0500 Subject: namespace OID extensions --- src/cryptography/x509/__init__.py | 59 +++++++++++++++--------------- src/cryptography/x509/base.py | 34 ++++++++---------- src/cryptography/x509/oid.py | 75 ++++++++++++++++++++------------------- 3 files changed, 81 insertions(+), 87 deletions(-) diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 45923b31..c49ef91a 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -23,29 +23,44 @@ from cryptography.x509.base import ( ) from cryptography.x509.name import Name, NameAttribute from cryptography.x509.oid import ( - OID_ANY_POLICY, OID_AUTHORITY_INFORMATION_ACCESS, - OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS, OID_CA_ISSUERS, - OID_CERTIFICATE_ISSUER, OID_CERTIFICATE_POLICIES, OID_CLIENT_AUTH, + ExtensionOID, OID_ANY_POLICY, + OID_CA_ISSUERS, OID_CERTIFICATE_ISSUER, OID_CLIENT_AUTH, OID_CODE_SIGNING, OID_COMMON_NAME, OID_COUNTRY_NAME, OID_CPS_QUALIFIER, - OID_CPS_USER_NOTICE, OID_CRL_DISTRIBUTION_POINTS, OID_CRL_REASON, + OID_CPS_USER_NOTICE, OID_CRL_REASON, OID_DN_QUALIFIER, OID_DOMAIN_COMPONENT, OID_DSA_WITH_SHA1, OID_DSA_WITH_SHA224, OID_DSA_WITH_SHA256, OID_ECDSA_WITH_SHA1, OID_ECDSA_WITH_SHA224, OID_ECDSA_WITH_SHA256, OID_ECDSA_WITH_SHA384, OID_ECDSA_WITH_SHA512, OID_EMAIL_ADDRESS, OID_EMAIL_PROTECTION, - OID_EXTENDED_KEY_USAGE, OID_FRESHEST_CRL, OID_GENERATION_QUALIFIER, - OID_GIVEN_NAME, OID_INHIBIT_ANY_POLICY, OID_INVALIDITY_DATE, - OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_LOCALITY_NAME, - OID_NAME_CONSTRAINTS, OID_OCSP, OID_OCSP_NO_CHECK, OID_OCSP_SIGNING, + OID_GENERATION_QUALIFIER, OID_GIVEN_NAME, OID_INVALIDITY_DATE, + OID_LOCALITY_NAME, OID_OCSP, OID_OCSP_SIGNING, OID_ORGANIZATIONAL_UNIT_NAME, OID_ORGANIZATION_NAME, - OID_POLICY_CONSTRAINTS, OID_POLICY_MAPPINGS, OID_PSEUDONYM, - OID_RSA_WITH_MD5, OID_RSA_WITH_SHA1, OID_RSA_WITH_SHA224, + OID_PSEUDONYM, OID_RSA_WITH_MD5, OID_RSA_WITH_SHA1, OID_RSA_WITH_SHA224, OID_RSA_WITH_SHA256, OID_RSA_WITH_SHA384, OID_RSA_WITH_SHA512, OID_SERIAL_NUMBER, OID_SERVER_AUTH, OID_STATE_OR_PROVINCE_NAME, - OID_SUBJECT_ALTERNATIVE_NAME, OID_SUBJECT_DIRECTORY_ATTRIBUTES, - OID_SUBJECT_INFORMATION_ACCESS, OID_SUBJECT_KEY_IDENTIFIER, OID_SURNAME, - OID_TIME_STAMPING, OID_TITLE, _SIG_OIDS_TO_HASH + OID_SURNAME, OID_TIME_STAMPING, OID_TITLE, _SIG_OIDS_TO_HASH ) + +OID_AUTHORITY_INFORMATION_ACCESS = ExtensionOID.AUTHORITY_INFORMATION_ACCESS +OID_AUTHORITY_KEY_IDENTIFIER = ExtensionOID.AUTHORITY_KEY_IDENTIFIER +OID_BASIC_CONSTRAINTS = ExtensionOID.BASIC_CONSTRAINTS +OID_CERTIFICATE_POLICIES = ExtensionOID.CERTIFICATE_POLICIES +OID_CRL_DISTRIBUTION_POINTS = ExtensionOID.CRL_DISTRIBUTION_POINTS +OID_EXTENDED_KEY_USAGE = ExtensionOID.EXTENDED_KEY_USAGE +OID_FRESHEST_CRL = ExtensionOID.FRESHEST_CRL +OID_INHIBIT_ANY_POLICY = ExtensionOID.INHIBIT_ANY_POLICY +OID_ISSUER_ALTERNATIVE_NAME = ExtensionOID.ISSUER_ALTERNATIVE_NAME +OID_KEY_USAGE = ExtensionOID.KEY_USAGE +OID_NAME_CONSTRAINTS = ExtensionOID.NAME_CONSTRAINTS +OID_OCSP_NO_CHECK = ExtensionOID.OCSP_NO_CHECK +OID_POLICY_CONSTRAINTS = ExtensionOID.POLICY_CONSTRAINTS +OID_POLICY_MAPPINGS = ExtensionOID.POLICY_MAPPINGS +OID_SUBJECT_ALTERNATIVE_NAME = ExtensionOID.SUBJECT_ALTERNATIVE_NAME +OID_SUBJECT_DIRECTORY_ATTRIBUTES = ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES +OID_SUBJECT_INFORMATION_ACCESS = ExtensionOID.SUBJECT_INFORMATION_ACCESS +OID_SUBJECT_KEY_IDENTIFIER = ExtensionOID.SUBJECT_KEY_IDENTIFIER + + __all__ = [ "load_pem_x509_certificate", "load_der_x509_certificate", @@ -97,27 +112,9 @@ __all__ = [ "CertificateSigningRequestBuilder", "CertificateBuilder", "Version", - "OID_SUBJECT_DIRECTORY_ATTRIBUTES", - "OID_SUBJECT_KEY_IDENTIFIER", - "OID_KEY_USAGE", - "OID_SUBJECT_ALTERNATIVE_NAME", - "OID_ISSUER_ALTERNATIVE_NAME", - "OID_BASIC_CONSTRAINTS", "OID_CRL_REASON", "OID_INVALIDITY_DATE", "OID_CERTIFICATE_ISSUER", - "OID_NAME_CONSTRAINTS", - "OID_CRL_DISTRIBUTION_POINTS", - "OID_CERTIFICATE_POLICIES", - "OID_POLICY_MAPPINGS", - "OID_AUTHORITY_KEY_IDENTIFIER", - "OID_POLICY_CONSTRAINTS", - "OID_EXTENDED_KEY_USAGE", - "OID_FRESHEST_CRL", - "OID_INHIBIT_ANY_POLICY", - "OID_AUTHORITY_INFORMATION_ACCESS", - "OID_SUBJECT_INFORMATION_ACCESS", - "OID_OCSP_NO_CHECK", "OID_COMMON_NAME", "OID_COUNTRY_NAME", "OID_LOCALITY_NAME", diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 29e6e878..78a3edbb 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -25,13 +25,7 @@ from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa from cryptography.x509.name import Name from cryptography.x509.oid import ( - OID_AUTHORITY_INFORMATION_ACCESS, - OID_AUTHORITY_KEY_IDENTIFIER, OID_BASIC_CONSTRAINTS, - OID_CA_ISSUERS, OID_CERTIFICATE_POLICIES, OID_CRL_DISTRIBUTION_POINTS, - OID_EXTENDED_KEY_USAGE, OID_INHIBIT_ANY_POLICY, - OID_ISSUER_ALTERNATIVE_NAME, OID_KEY_USAGE, OID_NAME_CONSTRAINTS, - OID_OCSP, OID_OCSP_NO_CHECK, OID_SUBJECT_ALTERNATIVE_NAME, - OID_SUBJECT_KEY_IDENTIFIER, ObjectIdentifier + ExtensionOID, OID_CA_ISSUERS, OID_OCSP, ObjectIdentifier ) @@ -194,7 +188,7 @@ class ExtensionType(object): @utils.register_interface(ExtensionType) class ExtendedKeyUsage(object): - oid = OID_EXTENDED_KEY_USAGE + oid = ExtensionOID.EXTENDED_KEY_USAGE def __init__(self, usages): if not all(isinstance(x, ObjectIdentifier) for x in usages): @@ -225,12 +219,12 @@ class ExtendedKeyUsage(object): @utils.register_interface(ExtensionType) class OCSPNoCheck(object): - oid = OID_OCSP_NO_CHECK + oid = ExtensionOID.OCSP_NO_CHECK @utils.register_interface(ExtensionType) class BasicConstraints(object): - oid = OID_BASIC_CONSTRAINTS + oid = ExtensionOID.BASIC_CONSTRAINTS def __init__(self, ca, path_length): if not isinstance(ca, bool): @@ -269,7 +263,7 @@ class BasicConstraints(object): @utils.register_interface(ExtensionType) class KeyUsage(object): - oid = OID_KEY_USAGE + oid = ExtensionOID.KEY_USAGE def __init__(self, digital_signature, content_commitment, key_encipherment, data_encipherment, key_agreement, key_cert_sign, crl_sign, @@ -355,7 +349,7 @@ class KeyUsage(object): @utils.register_interface(ExtensionType) class AuthorityInformationAccess(object): - oid = OID_AUTHORITY_INFORMATION_ACCESS + oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS def __init__(self, descriptions): if not all(isinstance(x, AccessDescription) for x in descriptions): @@ -422,7 +416,7 @@ class AccessDescription(object): @utils.register_interface(ExtensionType) class CertificatePolicies(object): - oid = OID_CERTIFICATE_POLICIES + oid = ExtensionOID.CERTIFICATE_POLICIES def __init__(self, policies): if not all(isinstance(x, PolicyInformation) for x in policies): @@ -562,7 +556,7 @@ class NoticeReference(object): @utils.register_interface(ExtensionType) class SubjectKeyIdentifier(object): - oid = OID_SUBJECT_KEY_IDENTIFIER + oid = ExtensionOID.SUBJECT_KEY_IDENTIFIER def __init__(self, digest): self._digest = digest @@ -590,7 +584,7 @@ class SubjectKeyIdentifier(object): @utils.register_interface(ExtensionType) class NameConstraints(object): - oid = OID_NAME_CONSTRAINTS + oid = ExtensionOID.NAME_CONSTRAINTS def __init__(self, permitted_subtrees, excluded_subtrees): if permitted_subtrees is not None: @@ -657,7 +651,7 @@ class NameConstraints(object): @utils.register_interface(ExtensionType) class CRLDistributionPoints(object): - oid = OID_CRL_DISTRIBUTION_POINTS + oid = ExtensionOID.CRL_DISTRIBUTION_POINTS def __init__(self, distribution_points): if not all( @@ -781,7 +775,7 @@ class ReasonFlags(Enum): @utils.register_interface(ExtensionType) class InhibitAnyPolicy(object): - oid = OID_INHIBIT_ANY_POLICY + oid = ExtensionOID.INHIBIT_ANY_POLICY def __init__(self, skip_certs): if not isinstance(skip_certs, six.integer_types): @@ -1074,7 +1068,7 @@ class GeneralNames(object): @utils.register_interface(ExtensionType) class SubjectAlternativeName(object): - oid = OID_SUBJECT_ALTERNATIVE_NAME + oid = ExtensionOID.SUBJECT_ALTERNATIVE_NAME def __init__(self, general_names): self._general_names = GeneralNames(general_names) @@ -1103,7 +1097,7 @@ class SubjectAlternativeName(object): @utils.register_interface(ExtensionType) class IssuerAlternativeName(object): - oid = OID_ISSUER_ALTERNATIVE_NAME + oid = ExtensionOID.ISSUER_ALTERNATIVE_NAME def __init__(self, general_names): self._general_names = GeneralNames(general_names) @@ -1132,7 +1126,7 @@ class IssuerAlternativeName(object): @utils.register_interface(ExtensionType) class AuthorityKeyIdentifier(object): - oid = OID_AUTHORITY_KEY_IDENTIFIER + oid = ExtensionOID.AUTHORITY_KEY_IDENTIFIER def __init__(self, key_identifier, authority_cert_issuer, authority_cert_serial_number): diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py index a3cc065e..57cf3c24 100644 --- a/src/cryptography/x509/oid.py +++ b/src/cryptography/x509/oid.py @@ -33,27 +33,30 @@ class ObjectIdentifier(object): dotted_string = utils.read_only_property("_dotted_string") -OID_SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9") -OID_SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14") -OID_KEY_USAGE = ObjectIdentifier("2.5.29.15") -OID_SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17") -OID_ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18") -OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19") +class ExtensionOID(object): + SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9") + SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14") + KEY_USAGE = ObjectIdentifier("2.5.29.15") + SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17") + ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18") + BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19") + NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30") + CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31") + CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32") + POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33") + AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35") + POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36") + EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37") + FRESHEST_CRL = ObjectIdentifier("2.5.29.46") + INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54") + AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1") + SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11") + OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5") + + OID_CRL_REASON = ObjectIdentifier("2.5.29.21") OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24") OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29") -OID_NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30") -OID_CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31") -OID_CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32") -OID_POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33") -OID_AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35") -OID_POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36") -OID_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37") -OID_FRESHEST_CRL = ObjectIdentifier("2.5.29.46") -OID_INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54") -OID_AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1") -OID_SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11") -OID_OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5") OID_COMMON_NAME = ObjectIdentifier("2.5.4.3") OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6") @@ -153,27 +156,27 @@ _OID_NAMES = { OID_EMAIL_PROTECTION: "emailProtection", OID_TIME_STAMPING: "timeStamping", OID_OCSP_SIGNING: "OCSPSigning", - OID_SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes", - OID_SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier", - OID_KEY_USAGE: "keyUsage", - OID_SUBJECT_ALTERNATIVE_NAME: "subjectAltName", - OID_ISSUER_ALTERNATIVE_NAME: "issuerAltName", - OID_BASIC_CONSTRAINTS: "basicConstraints", + ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes", + ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier", + ExtensionOID.KEY_USAGE: "keyUsage", + ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName", + ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName", + ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints", OID_CRL_REASON: "cRLReason", OID_INVALIDITY_DATE: "invalidityDate", OID_CERTIFICATE_ISSUER: "certificateIssuer", - OID_NAME_CONSTRAINTS: "nameConstraints", - OID_CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints", - OID_CERTIFICATE_POLICIES: "certificatePolicies", - OID_POLICY_MAPPINGS: "policyMappings", - OID_AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier", - OID_POLICY_CONSTRAINTS: "policyConstraints", - OID_EXTENDED_KEY_USAGE: "extendedKeyUsage", - OID_FRESHEST_CRL: "freshestCRL", - OID_INHIBIT_ANY_POLICY: "inhibitAnyPolicy", - OID_AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess", - OID_SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess", - OID_OCSP_NO_CHECK: "OCSPNoCheck", + ExtensionOID.NAME_CONSTRAINTS: "nameConstraints", + ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints", + ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies", + ExtensionOID.POLICY_MAPPINGS: "policyMappings", + ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier", + ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints", + ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage", + ExtensionOID.FRESHEST_CRL: "freshestCRL", + ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy", + ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess", + ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess", + ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck", OID_OCSP: "OCSP", OID_CA_ISSUERS: "caIssuers", OID_CPS_QUALIFIER: "id-qt-cps", -- cgit v1.2.3