`django_ca.constants` - constants¶

Collection of constants used by django-ca.

django_ca.constants.EXTENDED_KEY_USAGE_HUMAN_READABLE_NAMES = mappingproxy({<ObjectIdentifier(oid=2.5.29.37.0, name=Unknown OID)>: 'Any Extended Key Usage', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.4, name=Unknown OID)>: 'Certificate Transparency', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clientAuth)>: 'SSL/TLS Web Client Authentication', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.3, name=codeSigning)>: 'Code signing', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.4, name=emailProtection)>: 'E-mail Protection (S/MIME)', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.5, name=Unknown OID)>: 'IPSec EndSystem', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.17, name=Unknown OID)>: 'IPSec Internet Key Exchange', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.6, name=Unknown OID)>: 'IPSec Tunnel', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.7, name=Unknown OID)>: 'IPSec User', <ObjectIdentifier(oid=1.3.6.1.5.2.3.5, name=pkInitKDC)>: 'Kerberos Domain Controller', <ObjectIdentifier(oid=1.0.18013.5.1.2, name=Unknown OID)>: 'mdlDS', <ObjectIdentifier(oid=1.0.18013.5.1.3, name=Unknown OID)>: 'mdlJWS', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.9, name=OCSPSigning)>: 'OCSP Signing', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name=serverAuth)>: 'SSL/TLS Web Server Authentication', <ObjectIdentifier(oid=1.3.6.1.4.1.311.20.2.2, name=msSmartcardLogin)>: 'Smart card logon', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.8, name=timeStamping)>: 'Trusted Timestamping'})¶: Map of ExtendedKeyUsageOIDs to human readable names.

django_ca.constants.EXTENDED_KEY_USAGE_NAMES = mappingproxy({<ObjectIdentifier(oid=2.5.29.37.0, name=Unknown OID)>: 'anyExtendedKeyUsage', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.4, name=Unknown OID)>: 'certificateTransparency', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clientAuth)>: 'clientAuth', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.3, name=codeSigning)>: 'codeSigning', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.4, name=emailProtection)>: 'emailProtection', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.5, name=Unknown OID)>: 'ipsecEndSystem', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.17, name=Unknown OID)>: 'ipsecIKE', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.6, name=Unknown OID)>: 'ipsecTunnel', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.7, name=Unknown OID)>: 'ipsecUser', <ObjectIdentifier(oid=1.3.6.1.5.2.3.5, name=pkInitKDC)>: 'msKDC', <ObjectIdentifier(oid=1.0.18013.5.1.2, name=Unknown OID)>: 'mdlDS', <ObjectIdentifier(oid=1.0.18013.5.1.3, name=Unknown OID)>: 'mdlJWS', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.9, name=OCSPSigning)>: 'OCSPSigning', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name=serverAuth)>: 'serverAuth', <ObjectIdentifier(oid=1.3.6.1.4.1.311.20.2.2, name=msSmartcardLogin)>: 'smartcardLogon', <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.8, name=timeStamping)>: 'timeStamping'})¶: Map of ExtendedKeyUsageOIDs to names in RFC 5280 (and other RFCs).

django_ca.constants.EXTENSION_CRITICAL_HELP = mappingproxy({<ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>: 'MUST be non-critical', <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>: 'MUST be non-critical', <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>: 'MUST usually be critical, but allows non-critical in some cases', <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>: 'may or may not be critical (recommended: non-critical)', <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>: 'SHOULD be non-critical', <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>: 'is non-critical', <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>: 'is critical', <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>: 'MAY, at your discretion, be either critical or non-critical', <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>: 'MUST be non-critical', <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>: 'MUST be critical', <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>: 'SHOULD be non-critical', <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>: 'is critical', <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>: 'SHOULD be critical', <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>: 'MUST be critical', <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>: 'SHOULD be a non-critical', <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>: 'MUST be critical', <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>: 'SHOULD be critical', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>: 'MUST be critical', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>: 'may or may not be critical (recommended: non-critical)', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>: 'may or may not be critical (recommended: non-critical)', <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>: 'SHOULD mark this extension as non-critical', <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>: 'MUST be non-critical', <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>: 'MUST be non-critical', <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>: 'SHOULD NOT be critical', <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>: 'MUST be non-critical'})¶: Map of ExtensionOIDs to a human-readable text describing if the extension should/must/… be critical.

django_ca.constants.EXTENSION_DEFAULT_CRITICAL = mappingproxy({<ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>: False, <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>: False, <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>: True, <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>: False, <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>: False, <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>: False, <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>: True, <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>: False, <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>: False, <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>: True, <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>: False, <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>: True, <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>: True, <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>: True, <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>: False, <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>: True, <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>: True, <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>: True, <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>: False, <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>: False, <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>: False, <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>: False, <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>: False, <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>: False, <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>: False})¶: Map of ExtensionOIDs to the default critical values as defined in the RFC where they are defined.

django_ca.constants.EXTENSION_KEYS = mappingproxy({<ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>: 'authority_information_access', <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>: 'authority_key_identifier', <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>: 'basic_constraints', <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>: 'certificate_policies', <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>: 'crl_distribution_points', <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>: 'crl_number', <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>: 'delta_crl_indicator', <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>: 'extended_key_usage', <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>: 'freshest_crl', <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>: 'inhibit_any_policy', <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>: 'issuer_alternative_name', <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>: 'issuing_distribution_point', <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>: 'key_usage', <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>: 'name_constraints', <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>: 'ocsp_no_check', <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>: 'policy_constraints', <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>: 'policy_mappings', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>: 'precert_poison', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>: 'precertificate_signed_certificate_timestamps', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>: 'signed_certificate_timestamps', <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>: 'subject_alternative_name', <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>: 'subject_directory_attributes', <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>: 'subject_information_access', <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>: 'subject_key_identifier', <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>: 'tls_feature'})¶: Map of ExtensionOIDs to keys that are usable as class attributes.

django_ca.constants.EXTENSION_KEY_OIDS = mappingproxy({'authority_information_access': <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>, 'authority_key_identifier': <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>, 'basic_constraints': <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>, 'certificate_policies': <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>, 'crl_distribution_points': <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>, 'crl_number': <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>, 'delta_crl_indicator': <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>, 'extended_key_usage': <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>, 'freshest_crl': <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>, 'inhibit_any_policy': <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>, 'issuer_alternative_name': <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>, 'issuing_distribution_point': <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>, 'key_usage': <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>, 'name_constraints': <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>, 'ocsp_no_check': <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>, 'policy_constraints': <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>, 'policy_mappings': <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>, 'precert_poison': <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>, 'precertificate_signed_certificate_timestamps': <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>, 'signed_certificate_timestamps': <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>, 'subject_alternative_name': <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>, 'subject_directory_attributes': <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>, 'subject_information_access': <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>, 'subject_key_identifier': <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, 'tls_feature': <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>})¶: Map of extension keys to ExtensionOIDs (the inverse of EXTENSION_KEYS).

django_ca.constants.EXTENSION_NAMES = mappingproxy({<ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>: 'Authority Information Access', <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>: 'Authority Key Identifier', <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>: 'Basic Constraints', <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>: 'Certificate Policies', <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>: 'CRL Distribution Points', <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>: 'CRL Number', <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>: 'Delta CRL Indicator', <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>: 'Extended Key Usage', <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>: 'Freshest CRL', <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>: 'Inhibit anyPolicy', <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>: 'Issuer Alternative Name', <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>: 'Issuing Distribution Point', <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>: 'Key Usage', <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>: 'Name Constraints', <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>: 'OCSP No Check', <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>: 'Policy Constraints', <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>: 'Policy Mappings', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>: 'Precert Poison', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>: 'Precertificate Signed Certificate Timestamps', <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>: 'Signed Certificate Timestamps', <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>: 'Subject Alternative Name', <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>: 'Subject Directory Attributes', <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>: 'Subject Information Access', <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>: 'Subject Key Identifier', <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>: 'TLS Feature'})¶: Map of ExtensionOIDs to human readable names as they appear in the RFC where they are defined.

django_ca.constants.EXTENSION_RFC_DEFINITION = mappingproxy(defaultdict(<function <lambda>>, {<ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>: 2560, <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>: 7633, <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>: 6962, <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>: 6962, <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>: 6962}))¶: Map of ExtensionOIDs to an Integer describing the RFC number where the extension is defined.

class django_ca.constants.ExtendedKeyUsageOID[source]¶: Extend the OIDs known to cryptography with what users needed over the years.

django_ca.constants.KEY_USAGE_NAMES = mappingproxy({'crl_sign': 'cRLSign', 'data_encipherment': 'dataEncipherment', 'decipher_only': 'decipherOnly', 'digital_signature': 'digitalSignature', 'encipher_only': 'encipherOnly', 'key_agreement': 'keyAgreement', 'key_cert_sign': 'keyCertSign', 'key_encipherment': 'keyEncipherment', 'content_commitment': 'nonRepudiation'})¶: Map of kwargs for KeyUsage to names in RFC 5280.

django_ca.constants.LOG_ENTRY_TYPE_KEYS = mappingproxy({<LogEntryType.PRE_CERTIFICATE: 1>: 'precertificate', <LogEntryType.X509_CERTIFICATE: 0>: 'x509_certificate'})¶: Map of LogEntryTypes to their serialized value.

django_ca.constants.REASON_CODES = {0: ReasonFlags.unspecified, 1: ReasonFlags.key_compromise, 2: ReasonFlags.ca_compromise, 3: ReasonFlags.affiliation_changed, 4: ReasonFlags.superseded, 5: ReasonFlags.cessation_of_operation, 6: ReasonFlags.certificate_hold, 8: ReasonFlags.remove_from_crl, 9: ReasonFlags.privilege_withdrawn, 10: ReasonFlags.aa_compromise}¶: Mapping of RFC 5280, section 5.3.1 reason codes too cryptography reason codes

django_ca.constants.REVOCATION_REASONS = (('aa_compromise', 'Attribute Authority compromised'), ('affiliation_changed', 'Affiliation changed'), ('ca_compromise', 'CA compromised'), ('certificate_hold', 'On Hold'), ('cessation_of_operation', 'Cessation of operation'), ('key_compromise', 'Key compromised'), ('privilege_withdrawn', 'Privilege withdrawn'), ('remove_from_crl', 'Removed from CRL'), ('superseded', 'Superseded'), ('unspecified', 'Unspecified'))¶: Mapping of ReasonFlags to human-readable strings

class django_ca.constants.ReasonFlags(value)[source]¶

An enumeration for CRL reasons.

This enumeration is a copy of cryptography.x509.ReasonFlags. We create a copy because any change in the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems with your Django project.

django_ca.constants.TLS_FEATURE_NAMES = mappingproxy({'OCSPMustStaple': <TLSFeatureType.status_request: 5>, 'status_request': <TLSFeatureType.status_request: 5>, 'MultipleCertStatusRequest': <TLSFeatureType.status_request_v2: 17>, 'status_request_v2': <TLSFeatureType.status_request_v2: 17>})¶: Map of human readable names/serialized values to TLSFeatureTypes.

django_ca.constants - constants¶

`django_ca.constants` - constants¶