Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add RFC9174 OIDs #12143

Merged
merged 8 commits into from
Dec 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 75 additions & 1 deletion docs/x509/reference.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3737,7 +3737,17 @@ instances. The following common OIDs are available as constants.
Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.17"``. This
is used to denote that a certificate may be assigned to an IPSEC SA,
and can be used by the assignee to initiate an IPSec Internet Key
Exchange. For more information see :rfc:`4945`.
Exchange (IKE). For more information see :rfc:`4945`.

.. attribute:: BUNDLE_SECURITY

.. versionadded:: 45.0.0

Corresponds to the dotted string ``"1.3.6.1.5.5.7.3.35"``. This
is used to denote that a certificate is used by a Bundle Protocol
Node to secure data either in transit (e.g. via TLS/TCPCL) or at
rest (e.g. via BPSec).
For more information see :rfc:`9172` and :rfc:`9174`.

.. attribute:: CERTIFICATE_TRANSPARENCY

Expand All @@ -3749,6 +3759,70 @@ instances. The following common OIDs are available as constants.
purposes. For more information see :rfc:`6962`.


.. class:: OtherNameFormOID
:canonical: cryptography.hazmat._oid.OtherNameFormOID

.. versionadded:: 45.0.0

.. attribute:: PERMANENT_IDENTIFIER

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.3"``.
This is used to correlate multiple certificates which relate to
the same entity, as identified by this Other Name value.
The Other Name value is encoded as sequence of optional
UTF-8 value and optional OID assigner.
For more information see :rfc:`4043`.

.. attribute:: HW_MODULE_NAME

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.4"``.
This is used to identify hardware module components when
protecting firmware packages.
The Other Name value is encoded as sequence of OID hardware-type
and octet-string serial number.
For more information see :rfc:`4108`.

.. attribute:: DNS_SRV

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.7"``.
This is used to identify service names using qualified DNS name
of the form ``_Service.Name``.
The Other Name value is encoded as IA5 text.
For more information see :rfc:`4985`.

.. attribute:: NAI_REALM

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.8"``.
This is used to identify realms for RADIUS dynamic peer discovery
using Network Access Identifier (NAI) values.
The Other Name value is encoded as UTF-8 text.
For more information see :rfc:`7585`.

.. attribute:: SMTP_UTF8_MAILBOX

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.9"``.
This is used to identify an internationalized email address associated
with an entity.
The Other Name value is encoded as UTF-8 text.
For more information see :rfc:`9598`.

.. attribute:: ACP_NODE_NAME

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.10"``.
This is used to identify a single node within an
Autonomic Control Plane (ACP).
The Other Name value is encoded as IA5 text.
For more information see :rfc:`8994`.

.. attribute:: BUNDLE_EID

Corresponds to the dotted string ``"1.3.6.1.5.5.7.8.11"``.
This is used to contain the text form of an endpoint identifier (EID)
for the Bundle Protocol Version 7.
The Other Name value is encoded as IA5 text.
For more information see :rfc:`9171` and :rfc:`9174`.


.. class:: AuthorityInformationAccessOID
:canonical: cryptography.hazmat._oid.AuthorityInformationAccessOID

Expand Down
11 changes: 11 additions & 0 deletions src/cryptography/hazmat/_oid.py
Original file line number Diff line number Diff line change
Expand Up @@ -177,9 +177,20 @@ class ExtendedKeyUsageOID:
SMARTCARD_LOGON = ObjectIdentifier("1.3.6.1.4.1.311.20.2.2")
KERBEROS_PKINIT_KDC = ObjectIdentifier("1.3.6.1.5.2.3.5")
IPSEC_IKE = ObjectIdentifier("1.3.6.1.5.5.7.3.17")
BUNDLE_SECURITY = ObjectIdentifier("1.3.6.1.5.5.7.3.35")
CERTIFICATE_TRANSPARENCY = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.4")


class OtherNameFormOID:
PERMANENT_IDENTIFIER = ObjectIdentifier("1.3.6.1.5.5.7.8.3")
HW_MODULE_NAME = ObjectIdentifier("1.3.6.1.5.5.7.8.4")
DNS_SRV = ObjectIdentifier("1.3.6.1.5.5.7.8.7")
NAI_REALM = ObjectIdentifier("1.3.6.1.5.5.7.8.8")
SMTP_UTF8_MAILBOX = ObjectIdentifier("1.3.6.1.5.5.7.8.9")
ACP_NODE_NAME = ObjectIdentifier("1.3.6.1.5.5.7.8.10")
BUNDLE_EID = ObjectIdentifier("1.3.6.1.5.5.7.8.11")


class AuthorityInformationAccessOID:
CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
Expand Down
2 changes: 2 additions & 0 deletions src/cryptography/x509/oid.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
NameOID,
ObjectIdentifier,
OCSPExtensionOID,
OtherNameFormOID,
PublicKeyAlgorithmOID,
SignatureAlgorithmOID,
SubjectInformationAccessOID,
Expand All @@ -29,6 +30,7 @@
"NameOID",
"OCSPExtensionOID",
"ObjectIdentifier",
"OtherNameFormOID",
"PublicKeyAlgorithmOID",
"SignatureAlgorithmOID",
"SubjectInformationAccessOID",
Expand Down
Loading