django_ca.constants - constants

Collection of constants used by django-ca.

django_ca.constants.ACCESS_METHOD_TYPES

Read-only proxy of a mapping.

Key	Value
"ca_issuers"	AuthorityInformationAccessOID.CA_ISSUERS
"ca_repository"	SubjectInformationAccessOID.CA_REPOSITORY
"ocsp"	AuthorityInformationAccessOID.OCSP

django_ca.constants.CERTIFICATE_EXTENSION_KEYS: MappingProxyType

Map of ExtensionOID to keys that may exist in any certificate.

This value is based on END_ENTITY_CERTIFICATE_EXTENSION_KEYS and adds extensions that occur only in certificate authorities.

Key	Value
ExtensionOID.ADMISSIONS	"admissions"
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	"authority_information_access"
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	"authority_key_identifier"
ExtensionOID.BASIC_CONSTRAINTS	"basic_constraints"
ExtensionOID.CERTIFICATE_POLICIES	"certificate_policies"
ExtensionOID.CRL_DISTRIBUTION_POINTS	"crl_distribution_points"
ExtensionOID.EXTENDED_KEY_USAGE	"extended_key_usage"
ExtensionOID.FRESHEST_CRL	"freshest_crl"
ExtensionOID.INHIBIT_ANY_POLICY	"inhibit_any_policy"
ExtensionOID.ISSUER_ALTERNATIVE_NAME	"issuer_alternative_name"
ExtensionOID.KEY_USAGE	"key_usage"
ExtensionOID.MS_CERTIFICATE_TEMPLATE	"ms_certificate_template"
ExtensionOID.NAME_CONSTRAINTS	"name_constraints"
ExtensionOID.OCSP_NO_CHECK	"ocsp_no_check"
ExtensionOID.POLICY_CONSTRAINTS	"policy_constraints"
ExtensionOID.PRECERT_POISON	"precert_poison"
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	"precertificate_signed_certificate_timestamps"
ExtensionOID.PRIVATE_KEY_USAGE_PERIOD	"private_key_usage_period"
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	"signed_certificate_timestamps"
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	"subject_alternative_name"
ExtensionOID.SUBJECT_INFORMATION_ACCESS	"subject_information_access"
ExtensionOID.SUBJECT_KEY_IDENTIFIER	"subject_key_identifier"
ExtensionOID.TLS_FEATURE	"tls_feature"

django_ca.constants.CERTIFICATE_REVOCATION_LIST_ENCODING_TYPES: MappingProxyType

Types of encodings available for certificate revocation lists (CRLs).

Key	Value
"DER"	Encoding.DER
"PEM"	Encoding.PEM

django_ca.constants.ELLIPTIC_CURVE_TYPES

Mapping of elliptic curve names to the implementing classes

Key	Value
"brainpoolP256r1"	BrainpoolP256R1
"brainpoolP384r1"	BrainpoolP384R1
"brainpoolP512r1"	BrainpoolP512R1
"secp192r1"	SECP192R1
"secp224r1"	SECP224R1
"secp256k1"	SECP256K1
"secp256r1"	SECP256R1
"secp384r1"	SECP384R1
"secp521r1"	SECP521R1

django_ca.constants.END_ENTITY_CERTIFICATE_EXTENSION_KEYS: MappingProxyType

Map of ExtensionOID to keys that may exist in an end entity certificate.

Key	Value
ExtensionOID.ADMISSIONS	"admissions"
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	"authority_information_access"
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	"authority_key_identifier"
ExtensionOID.BASIC_CONSTRAINTS	"basic_constraints"
ExtensionOID.CERTIFICATE_POLICIES	"certificate_policies"
ExtensionOID.CRL_DISTRIBUTION_POINTS	"crl_distribution_points"
ExtensionOID.EXTENDED_KEY_USAGE	"extended_key_usage"
ExtensionOID.FRESHEST_CRL	"freshest_crl"
ExtensionOID.ISSUER_ALTERNATIVE_NAME	"issuer_alternative_name"
ExtensionOID.KEY_USAGE	"key_usage"
ExtensionOID.MS_CERTIFICATE_TEMPLATE	"ms_certificate_template"
ExtensionOID.OCSP_NO_CHECK	"ocsp_no_check"
ExtensionOID.PRECERT_POISON	"precert_poison"
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	"precertificate_signed_certificate_timestamps"
ExtensionOID.PRIVATE_KEY_USAGE_PERIOD	"private_key_usage_period"
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	"signed_certificate_timestamps"
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	"subject_alternative_name"
ExtensionOID.SUBJECT_INFORMATION_ACCESS	"subject_information_access"
ExtensionOID.SUBJECT_KEY_IDENTIFIER	"subject_key_identifier"
ExtensionOID.TLS_FEATURE	"tls_feature"

django_ca.constants.EXTENDED_KEY_USAGE_NAMES

Map of ExtendedKeyUsageOIDs to names in RFC 5280 (and other RFCs).

Key	Value
ExtendedKeyUsageOID.ANY_EXTENDED_KEY_USAGE	"anyExtendedKeyUsage"
ExtendedKeyUsageOID.BUNDLE_SECURITY	"bundleSecurity"
ExtendedKeyUsageOID.CERTIFICATE_TRANSPARENCY	"certificateTransparency"
ExtendedKeyUsageOID.CLIENT_AUTH	"clientAuth"
ExtendedKeyUsageOID.CODE_SIGNING	"codeSigning"
ExtendedKeyUsageOID.EMAIL_PROTECTION	"emailProtection"
ExtendedKeyUsageOID.IPSEC_IKE	"ipsecIKE"
ExtendedKeyUsageOID.KERBEROS_PKINIT_KDC	"msKDC"
ExtendedKeyUsageOID.OCSP_SIGNING	"OCSPSigning"
ExtendedKeyUsageOID.SERVER_AUTH	"serverAuth"
ExtendedKeyUsageOID.SMARTCARD_LOGON	"smartcardLogon"
ExtendedKeyUsageOID.TIME_STAMPING	"timeStamping"
"1.0.18013.5.1.2"	"mdlDS"
"1.0.18013.5.1.3"	"mdlJWS"
"1.3.6.1.5.5.7.3.5"	"ipsecEndSystem"
"1.3.6.1.5.5.7.3.6"	"ipsecTunnel"
"1.3.6.1.5.5.7.3.7"	"ipsecUser"

django_ca.constants.EXTENSION_DEFAULT_CRITICAL

Map of ExtensionOIDs to the default critical values as defined in the RFC where they are defined.

Key	Value
ExtensionOID.ADMISSIONS	False
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	False
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	False
ExtensionOID.BASIC_CONSTRAINTS	True
ExtensionOID.CERTIFICATE_POLICIES	False
ExtensionOID.CRL_DISTRIBUTION_POINTS	False
ExtensionOID.CRL_NUMBER	False
ExtensionOID.DELTA_CRL_INDICATOR	True
ExtensionOID.EXTENDED_KEY_USAGE	False
ExtensionOID.FRESHEST_CRL	False
ExtensionOID.INHIBIT_ANY_POLICY	True
ExtensionOID.ISSUER_ALTERNATIVE_NAME	False
ExtensionOID.ISSUING_DISTRIBUTION_POINT	True
ExtensionOID.KEY_USAGE	True
ExtensionOID.NAME_CONSTRAINTS	True
ExtensionOID.OCSP_NO_CHECK	False
ExtensionOID.POLICY_CONSTRAINTS	True
ExtensionOID.POLICY_MAPPINGS	True
ExtensionOID.PRECERT_POISON	True
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	False
ExtensionOID.PRIVATE_KEY_USAGE_PERIOD	False
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	False
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	False
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES	False
ExtensionOID.SUBJECT_INFORMATION_ACCESS	False
ExtensionOID.SUBJECT_KEY_IDENTIFIER	False
ExtensionOID.TLS_FEATURE	False

django_ca.constants.EXTENSION_KEYS: MappingProxyType

Map of all ExtensionOID to keys that are known to cryptography.

This value is based on CERTIFICATE_EXTENSION_KEYS and adds extensions for CRLs and object identifiers where no corresponding cryptography class exists.

Key	Value
ExtensionOID.ADMISSIONS	"admissions"
ExtensionOID.AUTHORITY_INFORMATION_ACCESS	"authority_information_access"
ExtensionOID.AUTHORITY_KEY_IDENTIFIER	"authority_key_identifier"
ExtensionOID.BASIC_CONSTRAINTS	"basic_constraints"
ExtensionOID.CERTIFICATE_POLICIES	"certificate_policies"
ExtensionOID.CRL_DISTRIBUTION_POINTS	"crl_distribution_points"
ExtensionOID.CRL_NUMBER	"crl_number"
ExtensionOID.DELTA_CRL_INDICATOR	"delta_crl_indicator"
ExtensionOID.EXTENDED_KEY_USAGE	"extended_key_usage"
ExtensionOID.FRESHEST_CRL	"freshest_crl"
ExtensionOID.INHIBIT_ANY_POLICY	"inhibit_any_policy"
ExtensionOID.ISSUER_ALTERNATIVE_NAME	"issuer_alternative_name"
ExtensionOID.ISSUING_DISTRIBUTION_POINT	"issuing_distribution_point"
ExtensionOID.KEY_USAGE	"key_usage"
ExtensionOID.MS_CERTIFICATE_TEMPLATE	"ms_certificate_template"
ExtensionOID.NAME_CONSTRAINTS	"name_constraints"
ExtensionOID.OCSP_NO_CHECK	"ocsp_no_check"
ExtensionOID.POLICY_CONSTRAINTS	"policy_constraints"
ExtensionOID.POLICY_MAPPINGS	"policy_mappings"
ExtensionOID.PRECERT_POISON	"precert_poison"
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS	"precertificate_signed_certificate_timestamps"
ExtensionOID.PRIVATE_KEY_USAGE_PERIOD	"private_key_usage_period"
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS	"signed_certificate_timestamps"
ExtensionOID.SUBJECT_ALTERNATIVE_NAME	"subject_alternative_name"
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES	"subject_directory_attributes"
ExtensionOID.SUBJECT_INFORMATION_ACCESS	"subject_information_access"
ExtensionOID.SUBJECT_KEY_IDENTIFIER	"subject_key_identifier"
ExtensionOID.TLS_FEATURE	"tls_feature"

django_ca.constants.EXTENSION_KEY_OIDS: MappingProxyType

Map of extension keys to ExtensionOIDs (the inverse of EXTENSION_KEYS).

django_ca.constants.GENERAL_NAME_TYPES: MappingProxyType

Map for types of general names.

Key	Value
"DNS"	DNSName
"IP"	IPAddress
"RID"	RegisteredID
"URI"	UniformResourceIdentifier
"dirName"	DirectoryName
"email"	RFC822Name
"otherName"	OtherName

django_ca.constants.KEY_USAGE_NAMES: MappingProxyType

Map of kwargs for KeyUsage to names in RFC 5280.

Key	Value
"content_commitment"	"nonRepudiation"
"crl_sign"	"cRLSign"
"data_encipherment"	"dataEncipherment"
"decipher_only"	"decipherOnly"
"digital_signature"	"digitalSignature"
"encipher_only"	"encipherOnly"
"key_agreement"	"keyAgreement"
"key_cert_sign"	"keyCertSign"
"key_encipherment"	"keyEncipherment"

django_ca.constants.MULTIPLE_OIDS

OIDs that can occur multiple times in a certificate

django_ca.constants.NAME_OID_NAMES

Map OID objects to IDs used in subject strings

Key	Value
NameOID.BUSINESS_CATEGORY	"businessCategory"
NameOID.COMMON_NAME	"commonName"
NameOID.COUNTRY_NAME	"countryName"
NameOID.DN_QUALIFIER	"dnQualifier"
NameOID.DOMAIN_COMPONENT	"domainComponent"
NameOID.EMAIL_ADDRESS	"emailAddress"
NameOID.GENERATION_QUALIFIER	"generationQualifier"
NameOID.GIVEN_NAME	"givenName"
NameOID.INITIALS	"initials"
NameOID.JURISDICTION_COUNTRY_NAME	"jurisdictionCountryName"
NameOID.JURISDICTION_LOCALITY_NAME	"jurisdictionLocalityName"
NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME	"jurisdictionStateOrProvinceName"
NameOID.LOCALITY_NAME	"localityName"
NameOID.ORGANIZATIONAL_UNIT_NAME	"organizationalUnitName"
NameOID.ORGANIZATION_IDENTIFIER	"organizationIdentifier"
NameOID.ORGANIZATION_NAME	"organizationName"
NameOID.POSTAL_ADDRESS	"postalAddress"
NameOID.POSTAL_CODE	"postalCode"
NameOID.PSEUDONYM	"pseudonym"
NameOID.SERIAL_NUMBER	"serialNumber"
NameOID.STATE_OR_PROVINCE_NAME	"stateOrProvinceName"
NameOID.STREET_ADDRESS	"street"
NameOID.SURNAME	"surname"
NameOID.TITLE	"title"
NameOID.UNSTRUCTURED_NAME	"unstructuredName"
NameOID.USER_ID	"uid"
NameOID.X500_UNIQUE_IDENTIFIER	"x500UniqueIdentifier"
NameOID.INN	"inn"
NameOID.OGRN	"ogrn"
NameOID.SNILS	"snils"

django_ca.constants.NAME_OID_TYPES

Map NameOID names to cryptography NameOID objects. This variant adds all RFC 4519 aliases as well.

Key	Value
"C"	NameOID.COUNTRY_NAME
"CN"	NameOID.COMMON_NAME
"DC"	NameOID.DOMAIN_COMPONENT
"L"	NameOID.LOCALITY_NAME
"O"	NameOID.ORGANIZATION_NAME
"OU"	NameOID.ORGANIZATIONAL_UNIT_NAME
"SN"	NameOID.SURNAME
"ST"	NameOID.STATE_OR_PROVINCE_NAME
"businessCategory"	NameOID.BUSINESS_CATEGORY
"commonName"	NameOID.COMMON_NAME
"countryName"	NameOID.COUNTRY_NAME
"dnQualifier"	NameOID.DN_QUALIFIER
"domainComponent"	NameOID.DOMAIN_COMPONENT
"emailAddress"	NameOID.EMAIL_ADDRESS
"generationQualifier"	NameOID.GENERATION_QUALIFIER
"givenName"	NameOID.GIVEN_NAME
"initials"	NameOID.INITIALS
"inn"	NameOID.INN
"jurisdictionCountryName"	NameOID.JURISDICTION_COUNTRY_NAME
"jurisdictionLocalityName"	NameOID.JURISDICTION_LOCALITY_NAME
"jurisdictionStateOrProvinceName"	NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME
"localityName"	NameOID.LOCALITY_NAME
"ogrn"	NameOID.OGRN
"organizationIdentifier"	NameOID.ORGANIZATION_IDENTIFIER
"organizationName"	NameOID.ORGANIZATION_NAME
"organizationalUnitName"	NameOID.ORGANIZATIONAL_UNIT_NAME
"postalAddress"	NameOID.POSTAL_ADDRESS
"postalCode"	NameOID.POSTAL_CODE
"pseudonym"	NameOID.PSEUDONYM
"serialNumber"	NameOID.SERIAL_NUMBER
"snils"	NameOID.SNILS
"stateOrProvinceName"	NameOID.STATE_OR_PROVINCE_NAME
"street"	NameOID.STREET_ADDRESS
"streetAddress"	NameOID.STREET_ADDRESS
"surname"	NameOID.SURNAME
"title"	NameOID.TITLE
"uid"	NameOID.USER_ID
"unstructuredName"	NameOID.UNSTRUCTURED_NAME
"userid"	NameOID.USER_ID
"x500UniqueIdentifier"	NameOID.X500_UNIQUE_IDENTIFIER

django_ca.constants.TLS_FEATURE_NAMES

Map of human-readable names/serialized values to TLSFeatureType members.

Key	Value
"MultipleCertStatusRequest"	status_request_v2
"OCSPMustStaple"	status_request
"status_request"	status_request
"status_request_v2"	status_request_v2

class django_ca.constants.ReasonFlags(*values)

An enumeration for CRL reasons.

This enumeration is a copy of cryptography.x509.ReasonFlags. We create a copy because any change in the enumeration would trigger a database migration, so up/downgrading cryptography might cause problems with your Django project.

django_ca.constants.SIGNATURE_HASH_ALGORITHM_NAMES

Map of hash algorithm types in cryptography to standard hash algorithm names.

Keys are the types from SignatureHashAlgorithm, values are the matching names from SignatureHashAlgorithmName.

Key	Value
SHA224	"SHA-224"
SHA256	"SHA-256"
SHA384	"SHA-384"
SHA3_224	"SHA3/224"
SHA3_256	"SHA3/256"
SHA3_384	"SHA3/384"
SHA3_512	"SHA3/512"
SHA512	"SHA-512"

django_ca.constants.SIGNATURE_HASH_ALGORITHM_NAMES_WITH_LEGACY

SIGNATURE_HASH_ALGORITHM_NAMES plus insecure legacy algorithms (MD5 and SHA1).

This value is used when displaying data which may include legacy signatures.

Key	Value
MD5	"MD5"
SHA1	"SHA1"
SHA224	"SHA-224"
SHA256	"SHA-256"
SHA384	"SHA-384"
SHA3_224	"SHA3/224"
SHA3_256	"SHA3/256"
SHA3_384	"SHA3/384"
SHA3_512	"SHA3/512"
SHA512	"SHA-512"

django_ca.constants.SIGNATURE_HASH_ALGORITHM_TYPES

Map of hash algorithm names to hash algorithm types (the inverse of SIGNATURE_HASH_ALGORITHM_NAMES_WITH_LEGACY).

django_ca.constants.SIGNATURE_HASH_ALGORITHM_TYPES_WITH_LEGACY

Map of hash algorithm names to hash algorithm types (the inverse of SIGNATURE_HASH_ALGORITHM_NAMES_WITH_LEGACY.

This value is used when displaying data which may include legacy signatures.

OtherName values

The two mappings given here give a list of types that can be used for specifying OtherName values. They are a subset of the values supported in ASN1_GENERATE_NCONF(3SSL).

django_ca.constants.OTHER_NAME_TYPES: MappingProxyType

Names supported for parsing OtherName values.

Key	Value
"BOOLEAN"	asn1crypto.core.Boolean
"GENERALIZEDTIME"	asn1crypto.core.GeneralizedTime
"IA5STRING"	asn1crypto.core.IA5String
"INTEGER"	asn1crypto.core.Integer
"NULL"	asn1crypto.core.Null
"OctetString"	asn1crypto.core.OctetString
"UNIVERSALSTRING"	asn1crypto.core.UniversalString
"UTCTIME"	asn1crypto.core.UTCTime
"UTF8String"	asn1crypto.core.UTF8String

Aliases are shortcuts for other types, for example BOOL is equivalent to BOOLEAN:

django_ca.constants.OTHER_NAME_ALIASES: MappingProxyType

Aliases for parsing OtherName values.

Key	Value
"BOOL"	"BOOLEAN"
"GENTIME"	"GENERALIZEDTIME"
"IA5"	"IA5STRING"
"INT"	"INTEGER"
"UNIV"	"UNIVERSALSTRING"
"UTC"	"UTCTIME"
"UTF8"	"UTF8String"