django_ca.constants - constants

django_ca.constants.ACCESS_METHOD_TYPES

Key	Value
"ca_issuers"	AuthorityInformationAccessOID.CA_ISSUERS
"ca_repository"	SubjectInformationAccessOID.CA_REPOSITORY
"ocsp"	AuthorityInformationAccessOID.OCSP

django_ca.constants.CERTIFICATE_EXTENSION_KEYS: mappingproxy[ObjectIdentifier, Literal['authority_information_access', 'authority_key_identifier', 'basic_constraints', 'certificate_policies', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'issuer_alternative_name', 'key_usage', 'ms_certificate_template', 'ocsp_no_check', 'precert_poison', 'precertificate_signed_certificate_timestamps', 'signed_certificate_timestamps', 'subject_alternative_name', 'subject_information_access', 'subject_key_identifier', 'tls_feature']]

Map of ExtensionOID to keys that may exist in an end entity certificate.

Key	Value
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	"authority_information_access"
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	"authority_key_identifier"
ExtensionOID.BASIC_CONSTRAINTS	"basic_constraints"
ExtensionOID.CERTIFICATE_POLICIES	"certificate_policies"
ExtensionOID.CRL_DISTRIBUTION_POINTS	"crl_distribution_points"
ExtensionOID.EXTENDED_KEY_USAGE	"extended_key_usage"
ExtensionOID.FRESHEST_CRL	"freshest_crl"
ExtensionOID.ISSUER_ALTERNATIVE_NAME	"issuer_alternative_name"
ExtensionOID.KEY_USAGE	"key_usage"
ExtensionOID.MS_CERTIFICATE_TEMPLATE	"ms_certificate_template"
ExtensionOID.OCSP_NO_CHECK	"ocsp_no_check"
ExtensionOID.PRECERT_POISON	"precert_poison"
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	"precertificate_signed_certificate_timestamps"
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	"signed_certificate_timestamps"
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	"subject_alternative_name"
ExtensionOID.SUBJECT_INFORMATION_ACCESS	"subject_information_access"
ExtensionOID.SUBJECT_KEY_IDENTIFIER	"subject_key_identifier"
ExtensionOID.TLS_FEATURE	"tls_feature"

django_ca.constants.ELLIPTIC_CURVE_TYPES

Mapping of elliptic curve names to the implementing classes

Key	Value
"brainpoolP256r1"	BrainpoolP256R1
"brainpoolP384r1"	BrainpoolP384R1
"brainpoolP512r1"	BrainpoolP512R1
"secp192r1"	SECP192R1
"secp224r1"	SECP224R1
"secp256k1"	SECP256K1
"secp256r1"	SECP256R1
"secp384r1"	SECP384R1
"secp521r1"	SECP521R1
"sect163k1"	SECT163K1
"sect163r2"	SECT163R2
"sect233k1"	SECT233K1
"sect233r1"	SECT233R1
"sect283k1"	SECT283K1
"sect283r1"	SECT283R1
"sect409k1"	SECT409K1
"sect409r1"	SECT409R1
"sect571k1"	SECT571K1
"sect571r1"	SECT571R1

django_ca.constants.EXTENDED_KEY_USAGE_NAMES

Map of ExtendedKeyUsageOIDs to names in RFC 5280 (and other RFCs).

Key	Value
ExtendedKeyUsageOID.ANY_EXTENDED_KEY_USAGE	"anyExtendedKeyUsage"
ExtendedKeyUsageOID.CERTIFICATE_TRANSPARENCY	"certificateTransparency"
ExtendedKeyUsageOID.CLIENT_AUTH	"clientAuth"
ExtendedKeyUsageOID.CODE_SIGNING	"codeSigning"
ExtendedKeyUsageOID.EMAIL_PROTECTION	"emailProtection"
ExtendedKeyUsageOID.IPSEC_IKE	"ipsecIKE"
ExtendedKeyUsageOID.KERBEROS_PKINIT_KDC	"msKDC"
ExtendedKeyUsageOID.OCSP_SIGNING	"OCSPSigning"
ExtendedKeyUsageOID.SERVER_AUTH	"serverAuth"
ExtendedKeyUsageOID.SMARTCARD_LOGON	"smartcardLogon"
ExtendedKeyUsageOID.TIME_STAMPING	"timeStamping"
"1.0.18013.5.1.2"	"mdlDS"
"1.0.18013.5.1.3"	"mdlJWS"
"1.3.6.1.5.5.7.3.5"	"ipsecEndSystem"
"1.3.6.1.5.5.7.3.6"	"ipsecTunnel"
"1.3.6.1.5.5.7.3.7"	"ipsecUser"

django_ca.constants.EXTENSION_DEFAULT_CRITICAL

Map of ExtensionOIDs to the default critical values as defined in the RFC where they are defined.

Key	Value
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	False
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	False
ExtensionOID.BASIC_CONSTRAINTS	True
ExtensionOID.CERTIFICATE_POLICIES	False
ExtensionOID.CRL_DISTRIBUTION_POINTS	False
ExtensionOID.CRL_NUMBER	False
ExtensionOID.DELTA_CRL_INDICATOR	True
ExtensionOID.EXTENDED_KEY_USAGE	False
ExtensionOID.FRESHEST_CRL	False
ExtensionOID.INHIBIT_ANY_POLICY	True
ExtensionOID.ISSUER_ALTERNATIVE_NAME	False
ExtensionOID.ISSUING_DISTRIBUTION_POINT	True
ExtensionOID.KEY_USAGE	True
ExtensionOID.NAME_CONSTRAINTS	True
ExtensionOID.OCSP_NO_CHECK	False
ExtensionOID.POLICY_CONSTRAINTS	True
ExtensionOID.POLICY_MAPPINGS	True
ExtensionOID.PRECERT_POISON	True
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	False
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	False
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	False
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES	False
ExtensionOID.SUBJECT_INFORMATION_ACCESS	False
ExtensionOID.SUBJECT_KEY_IDENTIFIER	False
ExtensionOID.TLS_FEATURE	False

django_ca.constants.EXTENSION_KEYS: mappingproxy[ObjectIdentifier, Literal['authority_information_access', 'authority_key_identifier', 'basic_constraints', 'certificate_policies', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'issuer_alternative_name', 'key_usage', 'ms_certificate_template', 'ocsp_no_check', 'precert_poison', 'precertificate_signed_certificate_timestamps', 'signed_certificate_timestamps', 'subject_alternative_name', 'subject_information_access', 'subject_key_identifier', 'tls_feature'] | Literal['crl_number', 'delta_crl_indicator', 'inhibit_any_policy', 'issuing_distribution_point', 'name_constraints', 'policy_constraints', 'policy_mappings', 'subject_directory_attributes']]

Map of all ExtensionOID to keys that are known to cryptography.

This value is a superset of CERTIFICATE_EXTENSION_KEYS and includes extensions that may occur in certificate authorities or CRLs.

Key	Value
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	"authority_information_access"
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	"authority_key_identifier"
ExtensionOID.BASIC_CONSTRAINTS	"basic_constraints"
ExtensionOID.CERTIFICATE_POLICIES	"certificate_policies"
ExtensionOID.CRL_DISTRIBUTION_POINTS	"crl_distribution_points"
ExtensionOID.CRL_NUMBER	"crl_number"
ExtensionOID.DELTA_CRL_INDICATOR	"delta_crl_indicator"
ExtensionOID.EXTENDED_KEY_USAGE	"extended_key_usage"
ExtensionOID.FRESHEST_CRL	"freshest_crl"
ExtensionOID.INHIBIT_ANY_POLICY	"inhibit_any_policy"
ExtensionOID.ISSUER_ALTERNATIVE_NAME	"issuer_alternative_name"
ExtensionOID.ISSUING_DISTRIBUTION_POINT	"issuing_distribution_point"
ExtensionOID.KEY_USAGE	"key_usage"
ExtensionOID.MS_CERTIFICATE_TEMPLATE	"ms_certificate_template"
ExtensionOID.NAME_CONSTRAINTS	"name_constraints"
ExtensionOID.OCSP_NO_CHECK	"ocsp_no_check"
ExtensionOID.POLICY_CONSTRAINTS	"policy_constraints"
ExtensionOID.POLICY_MAPPINGS	"policy_mappings"
ExtensionOID.PRECERT_POISON	"precert_poison"
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	"precertificate_signed_certificate_timestamps"
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	"signed_certificate_timestamps"
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	"subject_alternative_name"
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES	"subject_directory_attributes"
ExtensionOID.SUBJECT_INFORMATION_ACCESS	"subject_information_access"
ExtensionOID.SUBJECT_KEY_IDENTIFIER	"subject_key_identifier"
ExtensionOID.TLS_FEATURE	"tls_feature"

django_ca.constants.EXTENSION_KEY_OIDS: mappingproxy[Literal['authority_information_access', 'authority_key_identifier', 'basic_constraints', 'certificate_policies', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'issuer_alternative_name', 'key_usage', 'ms_certificate_template', 'ocsp_no_check', 'precert_poison', 'precertificate_signed_certificate_timestamps', 'signed_certificate_timestamps', 'subject_alternative_name', 'subject_information_access', 'subject_key_identifier', 'tls_feature'] | Literal['crl_number', 'delta_crl_indicator', 'inhibit_any_policy', 'issuing_distribution_point', 'name_constraints', 'policy_constraints', 'policy_mappings', 'subject_directory_attributes'], ObjectIdentifier]

Map of extension keys to ExtensionOIDs (the inverse of EXTENSION_KEYS).

django_ca.constants.GENERAL_NAME_TYPES: mappingproxy[Literal['email', 'URI', 'IP', 'DNS', 'RID', 'dirName', 'otherName'], type[GeneralName]]

Map for types of general names.

Key	Value
"DNS"	DNSName
"IP"	IPAddress
"RID"	RegisteredID
"URI"	UniformResourceIdentifier
"dirName"	DirectoryName
"email"	RFC822Name
"otherName"	OtherName

django_ca.constants.HASH_ALGORITHM_NAMES

Map of hash algorithm types in cryptography to standard hash algorithm names.

Keys are the types from AllowedHashTypes, values are the matching names from HashAlgorithms.

Key	Value
SHA224	"SHA-224"
SHA256	"SHA-256"
SHA384	"SHA-384"
SHA3_224	"SHA3/224"
SHA3_256	"SHA3/256"
SHA3_384	"SHA3/384"
SHA3_512	"SHA3/512"
SHA512	"SHA-512"

django_ca.constants.HASH_ALGORITHM_TYPES

Map of hash algorithm names to hash algorithm types (the inverse of HASH_ALGORITHM_NAMES).

django_ca.constants.KEY_USAGE_NAMES: mappingproxy[Literal['crl_sign', 'data_encipherment', 'decipher_only', 'digital_signature', 'encipher_only', 'key_agreement', 'key_cert_sign', 'key_encipherment', 'content_commitment'], str]

Map of kwargs for KeyUsage to names in RFC 5280.

Key	Value
"content_commitment"	"nonRepudiation"
"crl_sign"	"cRLSign"
"data_encipherment"	"dataEncipherment"
"decipher_only"	"decipherOnly"
"digital_signature"	"digitalSignature"
"encipher_only"	"encipherOnly"
"key_agreement"	"keyAgreement"
"key_cert_sign"	"keyCertSign"
"key_encipherment"	"keyEncipherment"

django_ca.constants.MULTIPLE_OIDS

OIDs that can occur multiple times in a certificate

django_ca.constants.NAME_OID_NAMES

Map OID objects to IDs used in subject strings

Key	Value
NameOID.BUSINESS_CATEGORY	"businessCategory"
NameOID.COMMON_NAME	"commonName"
NameOID.COUNTRY_NAME	"countryName"
NameOID.DN_QUALIFIER	"dnQualifier"
NameOID.DOMAIN_COMPONENT	"domainComponent"
NameOID.EMAIL_ADDRESS	"emailAddress"
NameOID.GENERATION_QUALIFIER	"generationQualifier"
NameOID.GIVEN_NAME	"givenName"
NameOID.INITIALS	"initials"
NameOID.JURISDICTION_COUNTRY_NAME	"jurisdictionCountryName"
NameOID.JURISDICTION_LOCALITY_NAME	"jurisdictionLocalityName"
NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME	"jurisdictionStateOrProvinceName"
NameOID.LOCALITY_NAME	"localityName"
NameOID.ORGANIZATIONAL_UNIT_NAME	"organizationalUnitName"
NameOID.ORGANIZATION_IDENTIFIER	"organizationIdentifier"
NameOID.ORGANIZATION_NAME	"organizationName"
NameOID.POSTAL_ADDRESS	"postalAddress"
NameOID.POSTAL_CODE	"postalCode"
NameOID.PSEUDONYM	"pseudonym"
NameOID.SERIAL_NUMBER	"serialNumber"
NameOID.STATE_OR_PROVINCE_NAME	"stateOrProvinceName"
NameOID.STREET_ADDRESS	"street"
NameOID.SURNAME	"surname"
NameOID.TITLE	"title"
NameOID.UNSTRUCTURED_NAME	"unstructuredName"
NameOID.USER_ID	"uid"
NameOID.X500_UNIQUE_IDENTIFIER	"x500UniqueIdentifier"
NameOID.INN	"inn"
NameOID.OGRN	"ogrn"
NameOID.SNILS	"snils"

django_ca.constants.NAME_OID_TYPES

Map NameOID names to cryptography NameOID objects. This variant adds all RFC 4519 aliases as well.

Key	Value
"C"	NameOID.COUNTRY_NAME
"CN"	NameOID.COMMON_NAME
"DC"	NameOID.DOMAIN_COMPONENT
"L"	NameOID.LOCALITY_NAME
"O"	NameOID.ORGANIZATION_NAME
"OU"	NameOID.ORGANIZATIONAL_UNIT_NAME
"SN"	NameOID.SURNAME
"ST"	NameOID.STATE_OR_PROVINCE_NAME
"businessCategory"	NameOID.BUSINESS_CATEGORY
"commonName"	NameOID.COMMON_NAME
"countryName"	NameOID.COUNTRY_NAME
"dnQualifier"	NameOID.DN_QUALIFIER
"domainComponent"	NameOID.DOMAIN_COMPONENT
"emailAddress"	NameOID.EMAIL_ADDRESS
"generationQualifier"	NameOID.GENERATION_QUALIFIER
"givenName"	NameOID.GIVEN_NAME
"initials"	NameOID.INITIALS
"inn"	NameOID.INN
"jurisdictionCountryName"	NameOID.JURISDICTION_COUNTRY_NAME
"jurisdictionLocalityName"	NameOID.JURISDICTION_LOCALITY_NAME
"jurisdictionStateOrProvinceName"	NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME
"localityName"	NameOID.LOCALITY_NAME
"ogrn"	NameOID.OGRN
"organizationIdentifier"	NameOID.ORGANIZATION_IDENTIFIER
"organizationName"	NameOID.ORGANIZATION_NAME
"organizationalUnitName"	NameOID.ORGANIZATIONAL_UNIT_NAME
"postalAddress"	NameOID.POSTAL_ADDRESS
"postalCode"	NameOID.POSTAL_CODE
"pseudonym"	NameOID.PSEUDONYM
"serialNumber"	NameOID.SERIAL_NUMBER
"snils"	NameOID.SNILS
"stateOrProvinceName"	NameOID.STATE_OR_PROVINCE_NAME
"street"	NameOID.STREET_ADDRESS
"streetAddress"	NameOID.STREET_ADDRESS
"surname"	NameOID.SURNAME
"title"	NameOID.TITLE
"uid"	NameOID.USER_ID
"unstructuredName"	NameOID.UNSTRUCTURED_NAME
"userid"	NameOID.USER_ID
"x500UniqueIdentifier"	NameOID.X500_UNIQUE_IDENTIFIER

django_ca.constants.TLS_FEATURE_NAMES

Map of human-readable names/serialized values to TLSFeatureType members.

Key	Value
"MultipleCertStatusRequest"	status_request_v2
"OCSPMustStaple"	status_request
"status_request"	status_request
"status_request_v2"	status_request_v2

class django_ca.constants.ReasonFlags(value, names=None, *values, module=None, qualname=None, type=None, start=1, boundary=None)

An enumeration for CRL reasons.

This enumeration is a copy of cryptography.x509.ReasonFlags. We create a copy because any change in the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems with your Django project.

OtherName values

The two mappings given here give a list of types that can be used for specifying OtherName values. They are a subset of the values supported in ASN1_GENERATE_NCONF(3SSL).

django_ca.constants.OTHER_NAME_TYPES: mappingproxy[Literal['UTF8String', 'UNIVERSALSTRING', 'IA5STRING', 'BOOLEAN', 'NULL', 'UTCTIME', 'GENERALIZEDTIME', 'INTEGER', 'OctetString'], Primitive]

Names supported for parsing OtherName values.

Key	Value
"BOOLEAN"	asn1crypto.core.Boolean
"GENERALIZEDTIME"	asn1crypto.core.GeneralizedTime
"IA5STRING"	asn1crypto.core.IA5String
"INTEGER"	asn1crypto.core.Integer
"NULL"	asn1crypto.core.Null
"OctetString"	asn1crypto.core.OctetString
"UNIVERSALSTRING"	asn1crypto.core.UniversalString
"UTCTIME"	asn1crypto.core.UTCTime
"UTF8String"	asn1crypto.core.UTF8String

Aliases are shortcuts for other types, for example BOOL is equivalent to BOOLEAN:

django_ca.constants.OTHER_NAME_ALIASES: mappingproxy[str, Literal['UTF8String', 'UNIVERSALSTRING', 'IA5STRING', 'BOOLEAN', 'NULL', 'UTCTIME', 'GENERALIZEDTIME', 'INTEGER', 'OctetString']]

Aliases for parsing OtherName values.

Key	Value
"BOOL"	"BOOLEAN"
"GENTIME"	"GENERALIZEDTIME"
"IA5"	"IA5STRING"
"INT"	"INTEGER"
"UNIV"	"UNIVERSALSTRING"
"UTC"	"UTCTIME"
"UTF8"	"UTF8String"