`django_ca.constants` - constants

Collection of constants used by django-ca.

django_ca.constants.ACCESS_METHOD_TYPES

Read-only proxy of a mapping.

Key	Value
`"ca_issuers"`	`AuthorityInformationAccessOID.CA_ISSUERS`
`"ca_repository"`	`SubjectInformationAccessOID.CA_REPOSITORY`
`"ocsp"`	`AuthorityInformationAccessOID.OCSP`

django_ca.constants.CERTIFICATE_EXTENSION_KEYS: MappingProxyType

Map of ExtensionOID to keys that may exist in any certificate.

This value is based on END_ENTITY_CERTIFICATE_EXTENSION_KEYS and adds extensions that occur only in certificate authorities.

Key	Value
`ExtensionOID.ADMISSIONS`	`"admissions"`
`ExtensionOID.AUTHORITY_INFORMATION_ACCESS`	`"authority_information_access"`
`ExtensionOID.AUTHORITY_KEY_IDENTIFIER`	`"authority_key_identifier"`
`ExtensionOID.BASIC_CONSTRAINTS`	`"basic_constraints"`
`ExtensionOID.CERTIFICATE_POLICIES`	`"certificate_policies"`
`ExtensionOID.CRL_DISTRIBUTION_POINTS`	`"crl_distribution_points"`
`ExtensionOID.EXTENDED_KEY_USAGE`	`"extended_key_usage"`
`ExtensionOID.FRESHEST_CRL`	`"freshest_crl"`
`ExtensionOID.INHIBIT_ANY_POLICY`	`"inhibit_any_policy"`
`ExtensionOID.ISSUER_ALTERNATIVE_NAME`	`"issuer_alternative_name"`
`ExtensionOID.KEY_USAGE`	`"key_usage"`
`ExtensionOID.MS_CERTIFICATE_TEMPLATE`	`"ms_certificate_template"`
`ExtensionOID.NAME_CONSTRAINTS`	`"name_constraints"`
`ExtensionOID.OCSP_NO_CHECK`	`"ocsp_no_check"`
`ExtensionOID.POLICY_CONSTRAINTS`	`"policy_constraints"`
`ExtensionOID.PRECERT_POISON`	`"precert_poison"`
`ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS`	`"precertificate_signed_certificate_timestamps"`
`ExtensionOID.PRIVATE_KEY_USAGE_PERIOD`	`"private_key_usage_period"`
`ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS`	`"signed_certificate_timestamps"`
`ExtensionOID.SUBJECT_ALTERNATIVE_NAME`	`"subject_alternative_name"`
`ExtensionOID.SUBJECT_INFORMATION_ACCESS`	`"subject_information_access"`
`ExtensionOID.SUBJECT_KEY_IDENTIFIER`	`"subject_key_identifier"`
`ExtensionOID.TLS_FEATURE`	`"tls_feature"`

django_ca.constants.CERTIFICATE_REVOCATION_LIST_ENCODING_TYPES: MappingProxyType

Types of encodings available for certificate revocation lists (CRLs).

Key	Value
`"DER"`	Encoding.DER
`"PEM"`	Encoding.PEM

django_ca.constants.ELLIPTIC_CURVE_TYPES

Mapping of elliptic curve names to the implementing classes

Key	Value
`"brainpoolP256r1"`	`BrainpoolP256R1`
`"brainpoolP384r1"`	`BrainpoolP384R1`
`"brainpoolP512r1"`	`BrainpoolP512R1`
`"secp192r1"`	`SECP192R1`
`"secp224r1"`	`SECP224R1`
`"secp256k1"`	`SECP256K1`
`"secp256r1"`	`SECP256R1`
`"secp384r1"`	`SECP384R1`
`"secp521r1"`	`SECP521R1`
`"sect163k1"`	`SECT163K1`
`"sect163r2"`	`SECT163R2`
`"sect233k1"`	`SECT233K1`
`"sect233r1"`	`SECT233R1`
`"sect283k1"`	`SECT283K1`
`"sect283r1"`	`SECT283R1`
`"sect409k1"`	`SECT409K1`
`"sect409r1"`	`SECT409R1`
`"sect571k1"`	`SECT571K1`
`"sect571r1"`	`SECT571R1`

django_ca.constants.END_ENTITY_CERTIFICATE_EXTENSION_KEYS: MappingProxyType

Map of ExtensionOID to keys that may exist in an end entity certificate.

Key	Value
`ExtensionOID.ADMISSIONS`	`"admissions"`
`ExtensionOID.AUTHORITY_INFORMATION_ACCESS`	`"authority_information_access"`
`ExtensionOID.AUTHORITY_KEY_IDENTIFIER`	`"authority_key_identifier"`
`ExtensionOID.BASIC_CONSTRAINTS`	`"basic_constraints"`
`ExtensionOID.CERTIFICATE_POLICIES`	`"certificate_policies"`
`ExtensionOID.CRL_DISTRIBUTION_POINTS`	`"crl_distribution_points"`
`ExtensionOID.EXTENDED_KEY_USAGE`	`"extended_key_usage"`
`ExtensionOID.FRESHEST_CRL`	`"freshest_crl"`
`ExtensionOID.ISSUER_ALTERNATIVE_NAME`	`"issuer_alternative_name"`
`ExtensionOID.KEY_USAGE`	`"key_usage"`
`ExtensionOID.MS_CERTIFICATE_TEMPLATE`	`"ms_certificate_template"`
`ExtensionOID.OCSP_NO_CHECK`	`"ocsp_no_check"`
`ExtensionOID.PRECERT_POISON`	`"precert_poison"`
`ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS`	`"precertificate_signed_certificate_timestamps"`
`ExtensionOID.PRIVATE_KEY_USAGE_PERIOD`	`"private_key_usage_period"`
`ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS`	`"signed_certificate_timestamps"`
`ExtensionOID.SUBJECT_ALTERNATIVE_NAME`	`"subject_alternative_name"`
`ExtensionOID.SUBJECT_INFORMATION_ACCESS`	`"subject_information_access"`
`ExtensionOID.SUBJECT_KEY_IDENTIFIER`	`"subject_key_identifier"`
`ExtensionOID.TLS_FEATURE`	`"tls_feature"`

django_ca.constants.EXTENDED_KEY_USAGE_NAMES

Map of ExtendedKeyUsageOIDs to names in RFC 5280 (and other RFCs).

Key	Value
`ExtendedKeyUsageOID.ANY_EXTENDED_KEY_USAGE`	`"anyExtendedKeyUsage"`
`ExtendedKeyUsageOID.BUNDLE_SECURITY`	`"bundleSecurity"`
`ExtendedKeyUsageOID.CERTIFICATE_TRANSPARENCY`	`"certificateTransparency"`
`ExtendedKeyUsageOID.CLIENT_AUTH`	`"clientAuth"`
`ExtendedKeyUsageOID.CODE_SIGNING`	`"codeSigning"`
`ExtendedKeyUsageOID.EMAIL_PROTECTION`	`"emailProtection"`
`ExtendedKeyUsageOID.IPSEC_IKE`	`"ipsecIKE"`
`ExtendedKeyUsageOID.KERBEROS_PKINIT_KDC`	`"msKDC"`
`ExtendedKeyUsageOID.OCSP_SIGNING`	`"OCSPSigning"`
`ExtendedKeyUsageOID.SERVER_AUTH`	`"serverAuth"`
`ExtendedKeyUsageOID.SMARTCARD_LOGON`	`"smartcardLogon"`
`ExtendedKeyUsageOID.TIME_STAMPING`	`"timeStamping"`
`"1.0.18013.5.1.2"`	`"mdlDS"`
`"1.0.18013.5.1.3"`	`"mdlJWS"`
`"1.3.6.1.5.5.7.3.5"`	`"ipsecEndSystem"`
`"1.3.6.1.5.5.7.3.6"`	`"ipsecTunnel"`
`"1.3.6.1.5.5.7.3.7"`	`"ipsecUser"`

django_ca.constants.EXTENSION_DEFAULT_CRITICAL

Map of ExtensionOIDs to the default critical values as defined in the RFC where they are defined.

Key	Value
`ExtensionOID.ADMISSIONS`	`False`
`ExtensionOID.AUTHORITY_INFORMATION_ACCESS`	`False`
`ExtensionOID.AUTHORITY_KEY_IDENTIFIER`	`False`
`ExtensionOID.BASIC_CONSTRAINTS`	`True`
`ExtensionOID.CERTIFICATE_POLICIES`	`False`
`ExtensionOID.CRL_DISTRIBUTION_POINTS`	`False`
`ExtensionOID.CRL_NUMBER`	`False`
`ExtensionOID.DELTA_CRL_INDICATOR`	`True`
`ExtensionOID.EXTENDED_KEY_USAGE`	`False`
`ExtensionOID.FRESHEST_CRL`	`False`
`ExtensionOID.INHIBIT_ANY_POLICY`	`True`
`ExtensionOID.ISSUER_ALTERNATIVE_NAME`	`False`
`ExtensionOID.ISSUING_DISTRIBUTION_POINT`	`True`
`ExtensionOID.KEY_USAGE`	`True`
`ExtensionOID.NAME_CONSTRAINTS`	`True`
`ExtensionOID.OCSP_NO_CHECK`	`False`
`ExtensionOID.POLICY_CONSTRAINTS`	`True`
`ExtensionOID.POLICY_MAPPINGS`	`True`
`ExtensionOID.PRECERT_POISON`	`True`
`ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS`	`False`
`ExtensionOID.PRIVATE_KEY_USAGE_PERIOD`	`False`
`ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS`	`False`
`ExtensionOID.SUBJECT_ALTERNATIVE_NAME`	`False`
`ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES`	`False`
`ExtensionOID.SUBJECT_INFORMATION_ACCESS`	`False`
`ExtensionOID.SUBJECT_KEY_IDENTIFIER`	`False`
`ExtensionOID.TLS_FEATURE`	`False`

django_ca.constants.EXTENSION_KEYS: MappingProxyType

Map of all ExtensionOID to keys that are known to cryptography.

This value is based on CERTIFICATE_EXTENSION_KEYS and adds extensions for CRLs and object identifiers where no corresponding cryptography class exists.

Key	Value
`ExtensionOID.ADMISSIONS`	`"admissions"`
`ExtensionOID.AUTHORITY_INFORMATION_ACCESS`	`"authority_information_access"`
`ExtensionOID.AUTHORITY_KEY_IDENTIFIER`	`"authority_key_identifier"`
`ExtensionOID.BASIC_CONSTRAINTS`	`"basic_constraints"`
`ExtensionOID.CERTIFICATE_POLICIES`	`"certificate_policies"`
`ExtensionOID.CRL_DISTRIBUTION_POINTS`	`"crl_distribution_points"`
`ExtensionOID.CRL_NUMBER`	`"crl_number"`
`ExtensionOID.DELTA_CRL_INDICATOR`	`"delta_crl_indicator"`
`ExtensionOID.EXTENDED_KEY_USAGE`	`"extended_key_usage"`
`ExtensionOID.FRESHEST_CRL`	`"freshest_crl"`
`ExtensionOID.INHIBIT_ANY_POLICY`	`"inhibit_any_policy"`
`ExtensionOID.ISSUER_ALTERNATIVE_NAME`	`"issuer_alternative_name"`
`ExtensionOID.ISSUING_DISTRIBUTION_POINT`	`"issuing_distribution_point"`
`ExtensionOID.KEY_USAGE`	`"key_usage"`
`ExtensionOID.MS_CERTIFICATE_TEMPLATE`	`"ms_certificate_template"`
`ExtensionOID.NAME_CONSTRAINTS`	`"name_constraints"`
`ExtensionOID.OCSP_NO_CHECK`	`"ocsp_no_check"`
`ExtensionOID.POLICY_CONSTRAINTS`	`"policy_constraints"`
`ExtensionOID.POLICY_MAPPINGS`	`"policy_mappings"`
`ExtensionOID.PRECERT_POISON`	`"precert_poison"`
`ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS`	`"precertificate_signed_certificate_timestamps"`
`ExtensionOID.PRIVATE_KEY_USAGE_PERIOD`	`"private_key_usage_period"`
`ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS`	`"signed_certificate_timestamps"`
`ExtensionOID.SUBJECT_ALTERNATIVE_NAME`	`"subject_alternative_name"`
`ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES`	`"subject_directory_attributes"`
`ExtensionOID.SUBJECT_INFORMATION_ACCESS`	`"subject_information_access"`
`ExtensionOID.SUBJECT_KEY_IDENTIFIER`	`"subject_key_identifier"`
`ExtensionOID.TLS_FEATURE`	`"tls_feature"`

django_ca.constants.EXTENSION_KEY_OIDS: MappingProxyType: Map of extension keys to ExtensionOIDs (the inverse of EXTENSION_KEYS).

django_ca.constants.GENERAL_NAME_TYPES: MappingProxyType

Map for types of general names.

Key	Value
`"DNS"`	`DNSName`
`"IP"`	`IPAddress`
`"RID"`	`RegisteredID`
`"URI"`	`UniformResourceIdentifier`
`"dirName"`	`DirectoryName`
`"email"`	`RFC822Name`
`"otherName"`	`OtherName`

django_ca.constants.KEY_USAGE_NAMES: MappingProxyType

Map of kwargs for KeyUsage to names in RFC 5280.

Key	Value
`"content_commitment"`	`"nonRepudiation"`
`"crl_sign"`	`"cRLSign"`
`"data_encipherment"`	`"dataEncipherment"`
`"decipher_only"`	`"decipherOnly"`
`"digital_signature"`	`"digitalSignature"`
`"encipher_only"`	`"encipherOnly"`
`"key_agreement"`	`"keyAgreement"`
`"key_cert_sign"`	`"keyCertSign"`
`"key_encipherment"`	`"keyEncipherment"`

django_ca.constants.MULTIPLE_OIDS: OIDs that can occur multiple times in a certificate

django_ca.constants.NAME_OID_NAMES

Map OID objects to IDs used in subject strings

Key	Value
`NameOID.BUSINESS_CATEGORY`	`"businessCategory"`
`NameOID.COMMON_NAME`	`"commonName"`
`NameOID.COUNTRY_NAME`	`"countryName"`
`NameOID.DN_QUALIFIER`	`"dnQualifier"`
`NameOID.DOMAIN_COMPONENT`	`"domainComponent"`
`NameOID.EMAIL_ADDRESS`	`"emailAddress"`
`NameOID.GENERATION_QUALIFIER`	`"generationQualifier"`
`NameOID.GIVEN_NAME`	`"givenName"`
`NameOID.INITIALS`	`"initials"`
`NameOID.JURISDICTION_COUNTRY_NAME`	`"jurisdictionCountryName"`
`NameOID.JURISDICTION_LOCALITY_NAME`	`"jurisdictionLocalityName"`
`NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME`	`"jurisdictionStateOrProvinceName"`
`NameOID.LOCALITY_NAME`	`"localityName"`
`NameOID.ORGANIZATIONAL_UNIT_NAME`	`"organizationalUnitName"`
`NameOID.ORGANIZATION_IDENTIFIER`	`"organizationIdentifier"`
`NameOID.ORGANIZATION_NAME`	`"organizationName"`
`NameOID.POSTAL_ADDRESS`	`"postalAddress"`
`NameOID.POSTAL_CODE`	`"postalCode"`
`NameOID.PSEUDONYM`	`"pseudonym"`
`NameOID.SERIAL_NUMBER`	`"serialNumber"`
`NameOID.STATE_OR_PROVINCE_NAME`	`"stateOrProvinceName"`
`NameOID.STREET_ADDRESS`	`"street"`
`NameOID.SURNAME`	`"surname"`
`NameOID.TITLE`	`"title"`
`NameOID.UNSTRUCTURED_NAME`	`"unstructuredName"`
`NameOID.USER_ID`	`"uid"`
`NameOID.X500_UNIQUE_IDENTIFIER`	`"x500UniqueIdentifier"`
`NameOID.INN`	`"inn"`
`NameOID.OGRN`	`"ogrn"`
`NameOID.SNILS`	`"snils"`

django_ca.constants.NAME_OID_TYPES

Map NameOID names to cryptography NameOID objects. This variant adds all RFC 4519 aliases as well.

Key	Value
`"C"`	`NameOID.COUNTRY_NAME`
`"CN"`	`NameOID.COMMON_NAME`
`"DC"`	`NameOID.DOMAIN_COMPONENT`
`"L"`	`NameOID.LOCALITY_NAME`
`"O"`	`NameOID.ORGANIZATION_NAME`
`"OU"`	`NameOID.ORGANIZATIONAL_UNIT_NAME`
`"SN"`	`NameOID.SURNAME`
`"ST"`	`NameOID.STATE_OR_PROVINCE_NAME`
`"businessCategory"`	`NameOID.BUSINESS_CATEGORY`
`"commonName"`	`NameOID.COMMON_NAME`
`"countryName"`	`NameOID.COUNTRY_NAME`
`"dnQualifier"`	`NameOID.DN_QUALIFIER`
`"domainComponent"`	`NameOID.DOMAIN_COMPONENT`
`"emailAddress"`	`NameOID.EMAIL_ADDRESS`
`"generationQualifier"`	`NameOID.GENERATION_QUALIFIER`
`"givenName"`	`NameOID.GIVEN_NAME`
`"initials"`	`NameOID.INITIALS`
`"inn"`	`NameOID.INN`
`"jurisdictionCountryName"`	`NameOID.JURISDICTION_COUNTRY_NAME`
`"jurisdictionLocalityName"`	`NameOID.JURISDICTION_LOCALITY_NAME`
`"jurisdictionStateOrProvinceName"`	`NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME`
`"localityName"`	`NameOID.LOCALITY_NAME`
`"ogrn"`	`NameOID.OGRN`
`"organizationIdentifier"`	`NameOID.ORGANIZATION_IDENTIFIER`
`"organizationName"`	`NameOID.ORGANIZATION_NAME`
`"organizationalUnitName"`	`NameOID.ORGANIZATIONAL_UNIT_NAME`
`"postalAddress"`	`NameOID.POSTAL_ADDRESS`
`"postalCode"`	`NameOID.POSTAL_CODE`
`"pseudonym"`	`NameOID.PSEUDONYM`
`"serialNumber"`	`NameOID.SERIAL_NUMBER`
`"snils"`	`NameOID.SNILS`
`"stateOrProvinceName"`	`NameOID.STATE_OR_PROVINCE_NAME`
`"street"`	`NameOID.STREET_ADDRESS`
`"streetAddress"`	`NameOID.STREET_ADDRESS`
`"surname"`	`NameOID.SURNAME`
`"title"`	`NameOID.TITLE`
`"uid"`	`NameOID.USER_ID`
`"unstructuredName"`	`NameOID.UNSTRUCTURED_NAME`
`"userid"`	`NameOID.USER_ID`
`"x500UniqueIdentifier"`	`NameOID.X500_UNIQUE_IDENTIFIER`

django_ca.constants.TLS_FEATURE_NAMES

Map of human-readable names/serialized values to TLSFeatureType members.

Key	Value
`"MultipleCertStatusRequest"`	`status_request_v2`
`"OCSPMustStaple"`	`status_request`
`"status_request"`	`status_request`
`"status_request_v2"`	`status_request_v2`

class django_ca.constants.ReasonFlags(*values)[source]

An enumeration for CRL reasons.

This enumeration is a copy of cryptography.x509.ReasonFlags. We create a copy because any change in the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems with your Django project.

django_ca.constants.SIGNATURE_HASH_ALGORITHM_NAMES

Map of hash algorithm types in cryptography to standard hash algorithm names.

Keys are the types from SignatureHashAlgorithm, values are the matching names from SignatureHashAlgorithmName.

Key	Value
`SHA224`	`"SHA-224"`
`SHA256`	`"SHA-256"`
`SHA384`	`"SHA-384"`
`SHA3_224`	`"SHA3/224"`
`SHA3_256`	`"SHA3/256"`
`SHA3_384`	`"SHA3/384"`
`SHA3_512`	`"SHA3/512"`
`SHA512`	`"SHA-512"`

django_ca.constants.SIGNATURE_HASH_ALGORITHM_NAMES_WITH_LEGACY

SIGNATURE_HASH_ALGORITHM_NAMES plus insecure legacy algorithms (MD5 and SHA1).

This value is used when displaying data which may include legacy signatures.

Key	Value
`MD5`	`"MD5"`
`SHA1`	`"SHA1"`
`SHA224`	`"SHA-224"`
`SHA256`	`"SHA-256"`
`SHA384`	`"SHA-384"`
`SHA3_224`	`"SHA3/224"`
`SHA3_256`	`"SHA3/256"`
`SHA3_384`	`"SHA3/384"`
`SHA3_512`	`"SHA3/512"`
`SHA512`	`"SHA-512"`

django_ca.constants.SIGNATURE_HASH_ALGORITHM_TYPES: Map of hash algorithm names to hash algorithm types (the inverse of SIGNATURE_HASH_ALGORITHM_NAMES_WITH_LEGACY).

django_ca.constants.SIGNATURE_HASH_ALGORITHM_TYPES_WITH_LEGACY

Map of hash algorithm names to hash algorithm types (the inverse of SIGNATURE_HASH_ALGORITHM_NAMES_WITH_LEGACY.

This value is used when displaying data which may include legacy signatures.

OtherName values

The two mappings given here give a list of types that can be used for specifying OtherName values. They are a subset of the values supported in ASN1_GENERATE_NCONF(3SSL).

django_ca.constants.OTHER_NAME_TYPES: MappingProxyType

Names supported for parsing OtherName values.

Key	Value
`"BOOLEAN"`	`asn1crypto.core.Boolean`
`"GENERALIZEDTIME"`	`asn1crypto.core.GeneralizedTime`
`"IA5STRING"`	`asn1crypto.core.IA5String`
`"INTEGER"`	`asn1crypto.core.Integer`
`"NULL"`	`asn1crypto.core.Null`
`"OctetString"`	`asn1crypto.core.OctetString`
`"UNIVERSALSTRING"`	`asn1crypto.core.UniversalString`
`"UTCTIME"`	`asn1crypto.core.UTCTime`
`"UTF8String"`	`asn1crypto.core.UTF8String`

Aliases are shortcuts for other types, for example BOOL is equivalent to BOOLEAN:

django_ca.constants.OTHER_NAME_ALIASES: MappingProxyType

Aliases for parsing OtherName values.

Key	Value
`"BOOL"`	`"BOOLEAN"`
`"GENTIME"`	`"GENERALIZEDTIME"`
`"IA5"`	`"IA5STRING"`
`"INT"`	`"INTEGER"`
`"UNIV"`	`"UNIVERSALSTRING"`
`"UTC"`	`"UTCTIME"`
`"UTF8"`	`"UTF8String"`

django_ca.constants - constants

OtherName values

`django_ca.constants` - constants