You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

oid.py 11KB

5 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232
  1. # This file is dual licensed under the terms of the Apache License, Version
  2. # 2.0, and the BSD License. See the LICENSE file in the root of this repository
  3. # for complete details.
  4. from __future__ import absolute_import, division, print_function
  5. from cryptography.hazmat._oid import ObjectIdentifier
  6. from cryptography.hazmat.primitives import hashes
  7. class ExtensionOID(object):
  8. SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
  9. SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
  10. KEY_USAGE = ObjectIdentifier("2.5.29.15")
  11. SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
  12. ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
  13. BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
  14. NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
  15. CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
  16. CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
  17. POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
  18. AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
  19. POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
  20. EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
  21. FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
  22. INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
  23. ISSUING_DISTRIBUTION_POINT = ObjectIdentifier("2.5.29.28")
  24. AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
  25. SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
  26. OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
  27. TLS_FEATURE = ObjectIdentifier("1.3.6.1.5.5.7.1.24")
  28. CRL_NUMBER = ObjectIdentifier("2.5.29.20")
  29. DELTA_CRL_INDICATOR = ObjectIdentifier("2.5.29.27")
  30. PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS = (
  31. ObjectIdentifier("1.3.6.1.4.1.11129.2.4.2")
  32. )
  33. PRECERT_POISON = (
  34. ObjectIdentifier("1.3.6.1.4.1.11129.2.4.3")
  35. )
  36. class OCSPExtensionOID(object):
  37. NONCE = ObjectIdentifier("1.3.6.1.5.5.7.48.1.2")
  38. class CRLEntryExtensionOID(object):
  39. CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
  40. CRL_REASON = ObjectIdentifier("2.5.29.21")
  41. INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
  42. class NameOID(object):
  43. COMMON_NAME = ObjectIdentifier("2.5.4.3")
  44. COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
  45. LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
  46. STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8")
  47. STREET_ADDRESS = ObjectIdentifier("2.5.4.9")
  48. ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10")
  49. ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11")
  50. SERIAL_NUMBER = ObjectIdentifier("2.5.4.5")
  51. SURNAME = ObjectIdentifier("2.5.4.4")
  52. GIVEN_NAME = ObjectIdentifier("2.5.4.42")
  53. TITLE = ObjectIdentifier("2.5.4.12")
  54. GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44")
  55. X500_UNIQUE_IDENTIFIER = ObjectIdentifier("2.5.4.45")
  56. DN_QUALIFIER = ObjectIdentifier("2.5.4.46")
  57. PSEUDONYM = ObjectIdentifier("2.5.4.65")
  58. USER_ID = ObjectIdentifier("0.9.2342.19200300.100.1.1")
  59. DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
  60. EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
  61. JURISDICTION_COUNTRY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.3")
  62. JURISDICTION_LOCALITY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.1")
  63. JURISDICTION_STATE_OR_PROVINCE_NAME = ObjectIdentifier(
  64. "1.3.6.1.4.1.311.60.2.1.2"
  65. )
  66. BUSINESS_CATEGORY = ObjectIdentifier("2.5.4.15")
  67. POSTAL_ADDRESS = ObjectIdentifier("2.5.4.16")
  68. POSTAL_CODE = ObjectIdentifier("2.5.4.17")
  69. class SignatureAlgorithmOID(object):
  70. RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
  71. RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
  72. # This is an alternate OID for RSA with SHA1 that is occasionally seen
  73. _RSA_WITH_SHA1 = ObjectIdentifier("1.3.14.3.2.29")
  74. RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
  75. RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
  76. RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
  77. RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
  78. RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10")
  79. ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
  80. ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
  81. ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
  82. ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
  83. ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
  84. DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
  85. DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
  86. DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
  87. ED25519 = ObjectIdentifier("1.3.101.112")
  88. ED448 = ObjectIdentifier("1.3.101.113")
  89. _SIG_OIDS_TO_HASH = {
  90. SignatureAlgorithmOID.RSA_WITH_MD5: hashes.MD5(),
  91. SignatureAlgorithmOID.RSA_WITH_SHA1: hashes.SHA1(),
  92. SignatureAlgorithmOID._RSA_WITH_SHA1: hashes.SHA1(),
  93. SignatureAlgorithmOID.RSA_WITH_SHA224: hashes.SHA224(),
  94. SignatureAlgorithmOID.RSA_WITH_SHA256: hashes.SHA256(),
  95. SignatureAlgorithmOID.RSA_WITH_SHA384: hashes.SHA384(),
  96. SignatureAlgorithmOID.RSA_WITH_SHA512: hashes.SHA512(),
  97. SignatureAlgorithmOID.ECDSA_WITH_SHA1: hashes.SHA1(),
  98. SignatureAlgorithmOID.ECDSA_WITH_SHA224: hashes.SHA224(),
  99. SignatureAlgorithmOID.ECDSA_WITH_SHA256: hashes.SHA256(),
  100. SignatureAlgorithmOID.ECDSA_WITH_SHA384: hashes.SHA384(),
  101. SignatureAlgorithmOID.ECDSA_WITH_SHA512: hashes.SHA512(),
  102. SignatureAlgorithmOID.DSA_WITH_SHA1: hashes.SHA1(),
  103. SignatureAlgorithmOID.DSA_WITH_SHA224: hashes.SHA224(),
  104. SignatureAlgorithmOID.DSA_WITH_SHA256: hashes.SHA256(),
  105. SignatureAlgorithmOID.ED25519: None,
  106. SignatureAlgorithmOID.ED448: None,
  107. }
  108. class ExtendedKeyUsageOID(object):
  109. SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
  110. CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
  111. CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
  112. EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
  113. TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
  114. OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
  115. ANY_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37.0")
  116. class AuthorityInformationAccessOID(object):
  117. CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
  118. OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
  119. class CertificatePoliciesOID(object):
  120. CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
  121. CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
  122. ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
  123. _OID_NAMES = {
  124. NameOID.COMMON_NAME: "commonName",
  125. NameOID.COUNTRY_NAME: "countryName",
  126. NameOID.LOCALITY_NAME: "localityName",
  127. NameOID.STATE_OR_PROVINCE_NAME: "stateOrProvinceName",
  128. NameOID.STREET_ADDRESS: "streetAddress",
  129. NameOID.ORGANIZATION_NAME: "organizationName",
  130. NameOID.ORGANIZATIONAL_UNIT_NAME: "organizationalUnitName",
  131. NameOID.SERIAL_NUMBER: "serialNumber",
  132. NameOID.SURNAME: "surname",
  133. NameOID.GIVEN_NAME: "givenName",
  134. NameOID.TITLE: "title",
  135. NameOID.GENERATION_QUALIFIER: "generationQualifier",
  136. NameOID.X500_UNIQUE_IDENTIFIER: "x500UniqueIdentifier",
  137. NameOID.DN_QUALIFIER: "dnQualifier",
  138. NameOID.PSEUDONYM: "pseudonym",
  139. NameOID.USER_ID: "userID",
  140. NameOID.DOMAIN_COMPONENT: "domainComponent",
  141. NameOID.EMAIL_ADDRESS: "emailAddress",
  142. NameOID.JURISDICTION_COUNTRY_NAME: "jurisdictionCountryName",
  143. NameOID.JURISDICTION_LOCALITY_NAME: "jurisdictionLocalityName",
  144. NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME: (
  145. "jurisdictionStateOrProvinceName"
  146. ),
  147. NameOID.BUSINESS_CATEGORY: "businessCategory",
  148. NameOID.POSTAL_ADDRESS: "postalAddress",
  149. NameOID.POSTAL_CODE: "postalCode",
  150. SignatureAlgorithmOID.RSA_WITH_MD5: "md5WithRSAEncryption",
  151. SignatureAlgorithmOID.RSA_WITH_SHA1: "sha1WithRSAEncryption",
  152. SignatureAlgorithmOID.RSA_WITH_SHA224: "sha224WithRSAEncryption",
  153. SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption",
  154. SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption",
  155. SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption",
  156. SignatureAlgorithmOID.RSASSA_PSS: "RSASSA-PSS",
  157. SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1",
  158. SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224",
  159. SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256",
  160. SignatureAlgorithmOID.ECDSA_WITH_SHA384: "ecdsa-with-SHA384",
  161. SignatureAlgorithmOID.ECDSA_WITH_SHA512: "ecdsa-with-SHA512",
  162. SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
  163. SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
  164. SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
  165. SignatureAlgorithmOID.ED25519: "ed25519",
  166. SignatureAlgorithmOID.ED448: "ed448",
  167. ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth",
  168. ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth",
  169. ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning",
  170. ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection",
  171. ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping",
  172. ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning",
  173. ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
  174. ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
  175. ExtensionOID.KEY_USAGE: "keyUsage",
  176. ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
  177. ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
  178. ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
  179. ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: (
  180. "signedCertificateTimestampList"
  181. ),
  182. ExtensionOID.PRECERT_POISON: "ctPoison",
  183. CRLEntryExtensionOID.CRL_REASON: "cRLReason",
  184. CRLEntryExtensionOID.INVALIDITY_DATE: "invalidityDate",
  185. CRLEntryExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer",
  186. ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
  187. ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
  188. ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
  189. ExtensionOID.POLICY_MAPPINGS: "policyMappings",
  190. ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier",
  191. ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints",
  192. ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage",
  193. ExtensionOID.FRESHEST_CRL: "freshestCRL",
  194. ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy",
  195. ExtensionOID.ISSUING_DISTRIBUTION_POINT: (
  196. "issuingDistributionPoint"
  197. ),
  198. ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
  199. ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
  200. ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
  201. ExtensionOID.CRL_NUMBER: "cRLNumber",
  202. ExtensionOID.DELTA_CRL_INDICATOR: "deltaCRLIndicator",
  203. ExtensionOID.TLS_FEATURE: "TLSFeature",
  204. AuthorityInformationAccessOID.OCSP: "OCSP",
  205. AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
  206. CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",
  207. CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice",
  208. OCSPExtensionOID.NONCE: "OCSPNonce",
  209. }