django_ca.constants
- constants¶
- django_ca.constants.ACCESS_METHOD_TYPES¶
Key
Value
"ca_issuers"
"ca_repository"
"ocsp"
- django_ca.constants.CERTIFICATE_EXTENSION_KEYS: mappingproxy[ObjectIdentifier, Literal['authority_information_access', 'authority_key_identifier', 'basic_constraints', 'certificate_policies', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'issuer_alternative_name', 'key_usage', 'ms_certificate_template', 'ocsp_no_check', 'precert_poison', 'precertificate_signed_certificate_timestamps', 'signed_certificate_timestamps', 'subject_alternative_name', 'subject_information_access', 'subject_key_identifier', 'tls_feature']]¶
Map of
ExtensionOID
to keys that may exist in an end entity certificate.Key
Value
"authority_information_access"
"authority_key_identifier"
"basic_constraints"
"certificate_policies"
"crl_distribution_points"
"extended_key_usage"
"freshest_crl"
"issuer_alternative_name"
"key_usage"
"ms_certificate_template"
"ocsp_no_check"
"precert_poison"
"precertificate_signed_certificate_timestamps"
"signed_certificate_timestamps"
"subject_alternative_name"
"subject_information_access"
"subject_key_identifier"
"tls_feature"
- django_ca.constants.ELLIPTIC_CURVE_TYPES¶
Mapping of elliptic curve names to the implementing classes
Key
Value
"brainpoolP256r1"
"brainpoolP384r1"
"brainpoolP512r1"
"secp192r1"
"secp224r1"
"secp256k1"
"secp256r1"
"secp384r1"
"secp521r1"
"sect163k1"
"sect163r2"
"sect233k1"
"sect233r1"
"sect283k1"
"sect283r1"
"sect409k1"
"sect409r1"
"sect571k1"
"sect571r1"
- django_ca.constants.EXTENDED_KEY_USAGE_NAMES¶
Map of ExtendedKeyUsageOIDs to names in RFC 5280 (and other RFCs).
Key
Value
"anyExtendedKeyUsage"
"certificateTransparency"
"clientAuth"
"codeSigning"
"emailProtection"
"ipsecIKE"
"msKDC"
"OCSPSigning"
"serverAuth"
"smartcardLogon"
"timeStamping"
"1.0.18013.5.1.2"
"mdlDS"
"1.0.18013.5.1.3"
"mdlJWS"
"1.3.6.1.5.5.7.3.5"
"ipsecEndSystem"
"1.3.6.1.5.5.7.3.6"
"ipsecTunnel"
"1.3.6.1.5.5.7.3.7"
"ipsecUser"
- django_ca.constants.EXTENSION_DEFAULT_CRITICAL¶
Map of ExtensionOIDs to the default critical values as defined in the RFC where they are defined.
Key
Value
False
False
True
False
False
False
True
False
False
True
False
True
True
True
False
True
True
True
False
False
False
False
False
False
False
- django_ca.constants.EXTENSION_KEYS: mappingproxy[ObjectIdentifier, Literal['authority_information_access', 'authority_key_identifier', 'basic_constraints', 'certificate_policies', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'issuer_alternative_name', 'key_usage', 'ms_certificate_template', 'ocsp_no_check', 'precert_poison', 'precertificate_signed_certificate_timestamps', 'signed_certificate_timestamps', 'subject_alternative_name', 'subject_information_access', 'subject_key_identifier', 'tls_feature'] | Literal['crl_number', 'delta_crl_indicator', 'inhibit_any_policy', 'issuing_distribution_point', 'name_constraints', 'policy_constraints', 'policy_mappings', 'subject_directory_attributes']]¶
Map of all
ExtensionOID
to keys that are known to cryptography.This value is a superset of
CERTIFICATE_EXTENSION_KEYS
and includes extensions that may occur in certificate authorities or CRLs.Key
Value
"authority_information_access"
"authority_key_identifier"
"basic_constraints"
"certificate_policies"
"crl_distribution_points"
"crl_number"
"delta_crl_indicator"
"extended_key_usage"
"freshest_crl"
"inhibit_any_policy"
"issuer_alternative_name"
"issuing_distribution_point"
"key_usage"
"ms_certificate_template"
"name_constraints"
"ocsp_no_check"
"policy_constraints"
"policy_mappings"
"precert_poison"
"precertificate_signed_certificate_timestamps"
"signed_certificate_timestamps"
"subject_alternative_name"
"subject_directory_attributes"
"subject_information_access"
"subject_key_identifier"
"tls_feature"
- django_ca.constants.EXTENSION_KEY_OIDS: mappingproxy[Literal['authority_information_access', 'authority_key_identifier', 'basic_constraints', 'certificate_policies', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'issuer_alternative_name', 'key_usage', 'ms_certificate_template', 'ocsp_no_check', 'precert_poison', 'precertificate_signed_certificate_timestamps', 'signed_certificate_timestamps', 'subject_alternative_name', 'subject_information_access', 'subject_key_identifier', 'tls_feature'] | Literal['crl_number', 'delta_crl_indicator', 'inhibit_any_policy', 'issuing_distribution_point', 'name_constraints', 'policy_constraints', 'policy_mappings', 'subject_directory_attributes'], ObjectIdentifier]¶
Map of extension keys to ExtensionOIDs (the inverse of EXTENSION_KEYS).
- django_ca.constants.GENERAL_NAME_TYPES: mappingproxy[Literal['email', 'URI', 'IP', 'DNS', 'RID', 'dirName', 'otherName'], type[GeneralName]]¶
Map for types of general names.
Key
Value
"DNS"
"IP"
"RID"
"URI"
"dirName"
"email"
"otherName"
- django_ca.constants.HASH_ALGORITHM_NAMES¶
Map of hash algorithm types in cryptography to standard hash algorithm names.
Keys are the types from
AllowedHashTypes
, values are the matching names fromHashAlgorithms
.Key
Value
"SHA-224"
"SHA-256"
"SHA-384"
"SHA3/224"
"SHA3/256"
"SHA3/384"
"SHA3/512"
"SHA-512"
- django_ca.constants.HASH_ALGORITHM_TYPES¶
Map of hash algorithm names to hash algorithm types (the inverse of
HASH_ALGORITHM_NAMES
).
- django_ca.constants.KEY_USAGE_NAMES: mappingproxy[Literal['crl_sign', 'data_encipherment', 'decipher_only', 'digital_signature', 'encipher_only', 'key_agreement', 'key_cert_sign', 'key_encipherment', 'content_commitment'], str]¶
Map of kwargs for
KeyUsage
to names in RFC 5280.Key
Value
"content_commitment"
"nonRepudiation"
"crl_sign"
"cRLSign"
"data_encipherment"
"dataEncipherment"
"decipher_only"
"decipherOnly"
"digital_signature"
"digitalSignature"
"encipher_only"
"encipherOnly"
"key_agreement"
"keyAgreement"
"key_cert_sign"
"keyCertSign"
"key_encipherment"
"keyEncipherment"
- django_ca.constants.MULTIPLE_OIDS¶
OIDs that can occur multiple times in a certificate
- django_ca.constants.NAME_OID_NAMES¶
Map OID objects to IDs used in subject strings
Key
Value
"businessCategory"
"commonName"
"countryName"
"dnQualifier"
"domainComponent"
"emailAddress"
"generationQualifier"
"givenName"
"initials"
"jurisdictionCountryName"
"jurisdictionLocalityName"
"jurisdictionStateOrProvinceName"
"localityName"
"organizationalUnitName"
"organizationIdentifier"
"organizationName"
"postalAddress"
"postalCode"
"pseudonym"
"serialNumber"
"stateOrProvinceName"
"street"
"surname"
"title"
"unstructuredName"
"uid"
"x500UniqueIdentifier"
NameOID.INN
"inn"
NameOID.OGRN
"ogrn"
NameOID.SNILS
"snils"
- django_ca.constants.NAME_OID_TYPES¶
Map NameOID names to cryptography NameOID objects. This variant adds all RFC 4519 aliases as well.
Key
Value
"C"
"CN"
"DC"
"L"
"O"
"OU"
"SN"
"ST"
"businessCategory"
"commonName"
"countryName"
"dnQualifier"
"domainComponent"
"emailAddress"
"generationQualifier"
"givenName"
"initials"
"inn"
NameOID.INN
"jurisdictionCountryName"
"jurisdictionLocalityName"
"jurisdictionStateOrProvinceName"
"localityName"
"ogrn"
NameOID.OGRN
"organizationIdentifier"
"organizationName"
"organizationalUnitName"
"postalAddress"
"postalCode"
"pseudonym"
"serialNumber"
"snils"
NameOID.SNILS
"stateOrProvinceName"
"street"
"streetAddress"
"surname"
"title"
"uid"
"unstructuredName"
"userid"
"x500UniqueIdentifier"
- django_ca.constants.TLS_FEATURE_NAMES¶
Map of human-readable names/serialized values to
TLSFeatureType
members.Key
Value
"MultipleCertStatusRequest"
"OCSPMustStaple"
"status_request"
"status_request_v2"
- class django_ca.constants.ReasonFlags(value, names=None, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶
An enumeration for CRL reasons.
This enumeration is a copy of
cryptography.x509.ReasonFlags
. We create a copy because any change in the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems with your Django project.
OtherName values¶
The two mappings given here give a list of types that can be used for specifying OtherName values. They are a subset of the values supported in ASN1_GENERATE_NCONF(3SSL).
- django_ca.constants.OTHER_NAME_TYPES: mappingproxy[Literal['UTF8String', 'UNIVERSALSTRING', 'IA5STRING', 'BOOLEAN', 'NULL', 'UTCTIME', 'GENERALIZEDTIME', 'INTEGER', 'OctetString'], Primitive]¶
Names supported for parsing
OtherName
values.Key
Value
"BOOLEAN"
asn1crypto.core.Boolean
"GENERALIZEDTIME"
asn1crypto.core.GeneralizedTime
"IA5STRING"
asn1crypto.core.IA5String
"INTEGER"
asn1crypto.core.Integer
"NULL"
asn1crypto.core.Null
"OctetString"
asn1crypto.core.OctetString
"UNIVERSALSTRING"
asn1crypto.core.UniversalString
"UTCTIME"
asn1crypto.core.UTCTime
"UTF8String"
asn1crypto.core.UTF8String
Aliases are shortcuts for other types, for example BOOL
is equivalent to BOOLEAN
:
- django_ca.constants.OTHER_NAME_ALIASES: mappingproxy[str, Literal['UTF8String', 'UNIVERSALSTRING', 'IA5STRING', 'BOOLEAN', 'NULL', 'UTCTIME', 'GENERALIZEDTIME', 'INTEGER', 'OctetString']]¶
Aliases for parsing
OtherName
values.Key
Value
"BOOL"
"BOOLEAN"
"GENTIME"
"GENERALIZEDTIME"
"IA5"
"IA5STRING"
"INT"
"INTEGER"
"UNIV"
"UNIVERSALSTRING"
"UTC"
"UTCTIME"
"UTF8"
"UTF8String"