django_ca.constants - constants

django_ca.constants.ACCESS_METHOD_TYPES

Key	Value
"ca_issuers"	AuthorityInformationAccessOID.CA_ISSUERS
"ca_repository"	SubjectInformationAccessOID.CA_REPOSITORY
"ocsp"	AuthorityInformationAccessOID.OCSP

django_ca.constants.ELLIPTIC_CURVE_TYPES

Mapping of elliptic curve names to the implementing classes

Key	Value
"brainpoolP256r1"	BrainpoolP256R1
"brainpoolP384r1"	BrainpoolP384R1
"brainpoolP512r1"	BrainpoolP512R1
"secp192r1"	SECP192R1
"secp224r1"	SECP224R1
"secp256k1"	SECP256K1
"secp256r1"	SECP256R1
"secp384r1"	SECP384R1
"secp521r1"	SECP521R1
"sect163k1"	SECT163K1
"sect163r2"	SECT163R2
"sect233k1"	SECT233K1
"sect233r1"	SECT233R1
"sect283k1"	SECT283K1
"sect283r1"	SECT283R1
"sect409k1"	SECT409K1
"sect409r1"	SECT409R1
"sect571k1"	SECT571K1
"sect571r1"	SECT571R1

django_ca.constants.EXTENDED_KEY_USAGE_NAMES

Map of ExtendedKeyUsageOIDs to names in RFC 5280 (and other RFCs).

test

Key	Value
ExtendedKeyUsageOID.ANY_EXTENDED_KEY_USAGE	"anyExtendedKeyUsage"
ExtendedKeyUsageOID.CERTIFICATE_TRANSPARENCY	"certificateTransparency"
ExtendedKeyUsageOID.CLIENT_AUTH	"clientAuth"
ExtendedKeyUsageOID.CODE_SIGNING	"codeSigning"
ExtendedKeyUsageOID.EMAIL_PROTECTION	"emailProtection"
ExtendedKeyUsageOID.IPSEC_IKE	"ipsecIKE"
ExtendedKeyUsageOID.KERBEROS_PKINIT_KDC	"msKDC"
ExtendedKeyUsageOID.OCSP_SIGNING	"OCSPSigning"
ExtendedKeyUsageOID.SERVER_AUTH	"serverAuth"
ExtendedKeyUsageOID.SMARTCARD_LOGON	"smartcardLogon"
ExtendedKeyUsageOID.TIME_STAMPING	"timeStamping"
"1.0.18013.5.1.2"	"mdlDS"
"1.0.18013.5.1.3"	"mdlJWS"
"1.3.6.1.5.5.7.3.5"	"ipsecEndSystem"
"1.3.6.1.5.5.7.3.6"	"ipsecTunnel"
"1.3.6.1.5.5.7.3.7"	"ipsecUser"

django_ca.constants.EXTENSION_DEFAULT_CRITICAL

Map of ExtensionOIDs to the default critical values as defined in the RFC where they are defined.

Key	Value
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	False
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	False
ExtensionOID.BASIC_CONSTRAINTS	True
ExtensionOID.CERTIFICATE_POLICIES	False
ExtensionOID.CRL_DISTRIBUTION_POINTS	False
ExtensionOID.CRL_NUMBER	False
ExtensionOID.DELTA_CRL_INDICATOR	True
ExtensionOID.EXTENDED_KEY_USAGE	False
ExtensionOID.FRESHEST_CRL	False
ExtensionOID.INHIBIT_ANY_POLICY	True
ExtensionOID.ISSUER_ALTERNATIVE_NAME	False
ExtensionOID.ISSUING_DISTRIBUTION_POINT	True
ExtensionOID.KEY_USAGE	True
ExtensionOID.NAME_CONSTRAINTS	True
ExtensionOID.OCSP_NO_CHECK	False
ExtensionOID.POLICY_CONSTRAINTS	True
ExtensionOID.POLICY_MAPPINGS	True
ExtensionOID.PRECERT_POISON	True
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	False
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	False
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	False
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES	False
ExtensionOID.SUBJECT_INFORMATION_ACCESS	False
ExtensionOID.SUBJECT_KEY_IDENTIFIER	False
ExtensionOID.TLS_FEATURE	False

django_ca.constants.EXTENSION_KEYS

Map of ExtensionOIDs to keys that are usable as class attributes.

Key	Value
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	"authority_information_access"
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	"authority_key_identifier"
ExtensionOID.BASIC_CONSTRAINTS	"basic_constraints"
ExtensionOID.CERTIFICATE_POLICIES	"certificate_policies"
ExtensionOID.CRL_DISTRIBUTION_POINTS	"crl_distribution_points"
ExtensionOID.CRL_NUMBER	"crl_number"
ExtensionOID.DELTA_CRL_INDICATOR	"delta_crl_indicator"
ExtensionOID.EXTENDED_KEY_USAGE	"extended_key_usage"
ExtensionOID.FRESHEST_CRL	"freshest_crl"
ExtensionOID.INHIBIT_ANY_POLICY	"inhibit_any_policy"
ExtensionOID.ISSUER_ALTERNATIVE_NAME	"issuer_alternative_name"
ExtensionOID.ISSUING_DISTRIBUTION_POINT	"issuing_distribution_point"
ExtensionOID.KEY_USAGE	"key_usage"
ExtensionOID.MS_CERTIFICATE_TEMPLATE	"ms_certificate_template"
ExtensionOID.NAME_CONSTRAINTS	"name_constraints"
ExtensionOID.OCSP_NO_CHECK	"ocsp_no_check"
ExtensionOID.POLICY_CONSTRAINTS	"policy_constraints"
ExtensionOID.POLICY_MAPPINGS	"policy_mappings"
ExtensionOID.PRECERT_POISON	"precert_poison"
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	"precertificate_signed_certificate_timestamps"
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	"signed_certificate_timestamps"
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	"subject_alternative_name"
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES	"subject_directory_attributes"
ExtensionOID.SUBJECT_INFORMATION_ACCESS	"subject_information_access"
ExtensionOID.SUBJECT_KEY_IDENTIFIER	"subject_key_identifier"
ExtensionOID.TLS_FEATURE	"tls_feature"

django_ca.constants.EXTENSION_KEY_OIDS

Map of extension keys to ExtensionOIDs (the inverse of EXTENSION_KEYS).

django_ca.constants.GENERAL_NAME_TYPES: MappingProxyType[GeneralNames, Type[x509.GeneralName]]

Map for types of general names.

Key	Value
"DNS"	DNSName
"IP"	IPAddress
"RID"	RegisteredID
"URI"	UniformResourceIdentifier
"dirName"	DirectoryName
"email"	RFC822Name
"otherName"	OtherName

django_ca.constants.KEY_USAGE_NAMES: MappingProxyType[KeyUsages, str]

Map of kwargs for KeyUsage to names in RFC 5280.

Key	Value
"content_commitment"	"nonRepudiation"
"crl_sign"	"cRLSign"
"data_encipherment"	"dataEncipherment"
"decipher_only"	"decipherOnly"
"digital_signature"	"digitalSignature"
"encipher_only"	"encipherOnly"
"key_agreement"	"keyAgreement"
"key_cert_sign"	"keyCertSign"
"key_encipherment"	"keyEncipherment"

django_ca.constants.NAME_OID_NAMES

Map OID objects to IDs used in subject strings

Key	Value
NameOID.BUSINESS_CATEGORY	"businessCategory"
NameOID.COMMON_NAME	"commonName"
NameOID.COUNTRY_NAME	"countryName"
NameOID.DN_QUALIFIER	"dnQualifier"
NameOID.DOMAIN_COMPONENT	"domainComponent"
NameOID.EMAIL_ADDRESS	"emailAddress"
NameOID.GENERATION_QUALIFIER	"generationQualifier"
NameOID.GIVEN_NAME	"givenName"
NameOID.INITIALS	"initials"
NameOID.JURISDICTION_COUNTRY_NAME	"jurisdictionCountryName"
NameOID.JURISDICTION_LOCALITY_NAME	"jurisdictionLocalityName"
NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME	"jurisdictionStateOrProvinceName"
NameOID.LOCALITY_NAME	"localityName"
NameOID.ORGANIZATIONAL_UNIT_NAME	"organizationalUnitName"
NameOID.ORGANIZATION_IDENTIFIER	"organizationIdentifier"
NameOID.ORGANIZATION_NAME	"organizationName"
NameOID.POSTAL_ADDRESS	"postalAddress"
NameOID.POSTAL_CODE	"postalCode"
NameOID.PSEUDONYM	"pseudonym"
NameOID.SERIAL_NUMBER	"serialNumber"
NameOID.STATE_OR_PROVINCE_NAME	"stateOrProvinceName"
NameOID.STREET_ADDRESS	"street"
NameOID.SURNAME	"surname"
NameOID.TITLE	"title"
NameOID.UNSTRUCTURED_NAME	"unstructuredName"
NameOID.USER_ID	"uid"
NameOID.X500_UNIQUE_IDENTIFIER	"x500UniqueIdentifier"
NameOID.INN	"inn"
NameOID.OGRN	"ogrn"
NameOID.SNILS	"snils"

django_ca.constants.NAME_OID_TYPES

Map NameOID names to cryptography NameOID objects. This variant adds all RFC 4519 aliases as well.

Key	Value
"C"	NameOID.COUNTRY_NAME
"CN"	NameOID.COMMON_NAME
"DC"	NameOID.DOMAIN_COMPONENT
"L"	NameOID.LOCALITY_NAME
"O"	NameOID.ORGANIZATION_NAME
"OU"	NameOID.ORGANIZATIONAL_UNIT_NAME
"SN"	NameOID.SURNAME
"ST"	NameOID.STATE_OR_PROVINCE_NAME
"businessCategory"	NameOID.BUSINESS_CATEGORY
"commonName"	NameOID.COMMON_NAME
"countryName"	NameOID.COUNTRY_NAME
"dnQualifier"	NameOID.DN_QUALIFIER
"domainComponent"	NameOID.DOMAIN_COMPONENT
"emailAddress"	NameOID.EMAIL_ADDRESS
"generationQualifier"	NameOID.GENERATION_QUALIFIER
"givenName"	NameOID.GIVEN_NAME
"initials"	NameOID.INITIALS
"inn"	NameOID.INN
"jurisdictionCountryName"	NameOID.JURISDICTION_COUNTRY_NAME
"jurisdictionLocalityName"	NameOID.JURISDICTION_LOCALITY_NAME
"jurisdictionStateOrProvinceName"	NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME
"localityName"	NameOID.LOCALITY_NAME
"ogrn"	NameOID.OGRN
"organizationIdentifier"	NameOID.ORGANIZATION_IDENTIFIER
"organizationName"	NameOID.ORGANIZATION_NAME
"organizationalUnitName"	NameOID.ORGANIZATIONAL_UNIT_NAME
"postalAddress"	NameOID.POSTAL_ADDRESS
"postalCode"	NameOID.POSTAL_CODE
"pseudonym"	NameOID.PSEUDONYM
"serialNumber"	NameOID.SERIAL_NUMBER
"snils"	NameOID.SNILS
"stateOrProvinceName"	NameOID.STATE_OR_PROVINCE_NAME
"street"	NameOID.STREET_ADDRESS
"streetAddress"	NameOID.STREET_ADDRESS
"surname"	NameOID.SURNAME
"title"	NameOID.TITLE
"uid"	NameOID.USER_ID
"unstructuredName"	NameOID.UNSTRUCTURED_NAME
"userid"	NameOID.USER_ID
"x500UniqueIdentifier"	NameOID.X500_UNIQUE_IDENTIFIER

django_ca.constants.TLS_FEATURE_NAMES

Map of human-readable names/serialized values to TLSFeatureType members.

Key	Value
"MultipleCertStatusRequest"	status_request_v2
"OCSPMustStaple"	status_request
"status_request"	status_request
"status_request_v2"	status_request_v2

class django_ca.constants.ReasonFlags(value, names=None, *values, module=None, qualname=None, type=None, start=1, boundary=None)

An enumeration for CRL reasons.

This enumeration is a copy of cryptography.x509.ReasonFlags. We create a copy because any change in the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems with your Django project.

OtherName values

The two mappings given here give a list of types that can be used for specifying OtherName values. They are a subset of the values supported in ASN1_GENERATE_NCONF(3SSL).

django_ca.constants.OTHER_NAME_TYPES: MappingProxyType[OtherNames, asn1crypto.core.Primitive]

Names supported for parsing OtherName values.

Key	Value
"BOOLEAN"	asn1crypto.core.Boolean
"GENERALIZEDTIME"	asn1crypto.core.GeneralizedTime
"IA5STRING"	asn1crypto.core.IA5String
"INTEGER"	asn1crypto.core.Integer
"NULL"	asn1crypto.core.Null
"OctetString"	asn1crypto.core.OctetString
"UNIVERSALSTRING"	asn1crypto.core.UniversalString
"UTCTIME"	asn1crypto.core.UTCTime
"UTF8String"	asn1crypto.core.UTF8String

Aliases are shortcuts for other types, for example BOOL is equivalent to BOOLEAN:

django_ca.constants.OTHER_NAME_ALIASES: MappingProxyType[str, OtherNames]

Aliases for parsing OtherName values.

Key	Value
"BOOL"	"BOOLEAN"
"GENTIME"	"GENERALIZEDTIME"
"IA5"	"IA5STRING"
"INT"	"INTEGER"
"UNIV"	"UNIVERSALSTRING"
"UTC"	"UTCTIME"
"UTF8"	"UTF8String"