django_ca.extensions
- X509 extensions¶
The extension classes provided by django-ca act as convenience classes for handling extensions. They
abstract away the complex API of cryptography and have some advanced data handling functions. As a
constructor, they always take either a dict
or a cryptography extension:
>>> from django_ca.extensions import KeyUsage
>>> KeyUsage({'value': ['keyAgreement', 'keyEncipherment']})
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>
… but you can also pass an equivalent cryptography extension:
>>> from cryptography import x509
>>> from cryptography.x509.oid import ExtensionOID
>>> KeyUsage(x509.Extension(
... oid=ExtensionOID.KEY_USAGE, critical=True, value=x509.KeyUsage(
... key_agreement=True, key_encipherment=True, digital_signature=False, crl_sign=False,
... content_commitment=False, data_encipherment=False, key_cert_sign=False, encipher_only=False,
... decipher_only=False)
... ))
<KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True>
… regardless of how you created the extension, you can modify it at will until you actually use it somewhere:
>>> from django_ca.extensions import KeyUsage
>>> ku = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']})
>>> ku |= ['nonRepudiation']
>>> ku.add('cRLSign')
>>> ku
<KeyUsage: ['cRLSign', 'keyAgreement', 'keyEncipherment', 'nonRepudiation'], critical=True>
You can always convert extensions to valid cryptography extensions:
>>> ku.extension_type
<KeyUsage(digital_signature=False, ...)>
>>> ku.as_extension()
<Extension(oid=<ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>, critical=True, value=<KeyUsage(...)>)>
Many extensions are modeled after builtin python types and are designed to be handled in a similar way.
For example, KeyUsage
inherits from
OrderedSetExtension
, and thus handles like an ordered set:
>>> ku = KeyUsage()
>>> ku |= {'decipherOnly', }
>>> ku |= KeyUsage({'value': ['digitalSignature']})
>>> ku
<KeyUsage: ['decipherOnly', 'digitalSignature'], critical=True>
>>> ku.add('nonRepudiation')
>>> ku.add('nonRepudiation')
>>> ku
<KeyUsage: ['decipherOnly', 'digitalSignature', 'nonRepudiation'], critical=True>
When passing a dictionary, you can always pass a critical
value. If omitted, the default value is
determined by the default_critical
flag, which matches common X.509 usage for each extension:
>>> KeyUsage()
<KeyUsage: [], critical=True>
>>> KeyUsage({'critical': False})
<KeyUsage: [], critical=False>
You can always serialize an extension to its dict
representation and later restore it (e.g. after sending
it over the network):
>>> ku = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']})
>>> ku == KeyUsage(ku.serialize())
True
Extension classes¶
Extension classes wrapping various X.509 extensions.
The classes in this module wrap cryptography extensions, but allow adding/removing values, creating extensions in a more pythonic manner and provide access functions.
- class django_ca.extensions.AuthorityInformationAccess(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.AuthorityInformationAccess
,django_ca.typehints.ParsableAuthorityInformationAccess
,django_ca.typehints.SerializedAuthorityInformationAccess
]Class representing a AuthorityInformationAccess extension.
See also
The value passed to this extension should be a
dict
with anocsp
andissuers
key, both are optional:>>> AuthorityInformationAccess({'value': { ... 'ocsp': ['http://ocsp.example.com'], ... 'issuers': ['http://issuer.example.com'], ... }}) <AuthorityInformationAccess: issuers=['URI:http://issuer.example.com'], ocsp=['URI:http://ocsp.example.com'], critical=False>
You can set/get the OCSP/issuers at runtime and dynamically use either strings or
GeneralName
as values:>>> aia = AuthorityInformationAccess() >>> aia.issuers = ['http://issuer.example.com'] >>> aia.ocsp = [x509.UniformResourceIdentifier('http://ocsp.example.com/')] >>> aia <AuthorityInformationAccess: issuers=['URI:http://issuer.example.com'], ocsp=['URI:http://ocsp.example.com/'], critical=False>
- property issuers¶
Issuers named by this extension.
- key = 'authority_information_access'¶
Key used in CA_PROFILES.
- property ocsp¶
OCSP endpoints described by this extension.
- class django_ca.extensions.AuthorityKeyIdentifier(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.AuthorityKeyIdentifier
,Union
[str
,bytes
,django_ca.typehints.ParsableAuthorityKeyIdentifierDict
],django_ca.typehints.SerializedAuthorityKeyIdentifier
]Class representing a AuthorityKeyIdentifier extension.
This extension identifies the signing CA, so it is not usually defined in a profile or instantiated by a user. This extension will automatically be added by django-ca. If it is, the value must be a str or bytes:
>>> AuthorityKeyIdentifier({'value': '33:33:33:33:33:33'}) <AuthorityKeyIdentifier: keyid: 33:33:33:33:33:33, critical=False> >>> AuthorityKeyIdentifier({'value': b'333333'}) <AuthorityKeyIdentifier: keyid: 33:33:33:33:33:33, critical=False>
If you want to set an
authorityCertIssuer
andauthorityCertIssuer
, you can also pass adict
instead:>>> AuthorityKeyIdentifier({'value': { ... 'key_identifier': b'0', ... 'authority_cert_issuer': ['example.com'], ... 'authority_cert_serial_number': 1, ... }}) <AuthorityKeyIdentifier: keyid: 30, issuer: ['DNS:example.com'], serial: 1, critical=False>
See also
- from_subject_key_identifier(ext)[source]¶
Create an extension based on SubjectKeyIdentifier extension.
- key = 'authority_key_identifier'¶
Key used in CA_PROFILES.
- class django_ca.extensions.BasicConstraints(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.BasicConstraints
,django_ca.typehints.ParsableBasicConstraints
,django_ca.typehints.SerializedBasicConstraints
]Class representing a BasicConstraints extension.
This class has the boolean attributes
ca
and the attributepathlen
, which is eitherNone
or anint
. Note that this extension is marked as critical by default if you pass a dict to the constructor:>>> bc = BasicConstraints({'value': {'ca': True, 'pathlen': 4}}) >>> (bc.ca, bc.pathlen, bc.critical) (True, 4, True)
See also
- default_critical = True¶
This extension is marked as critical by default.
- key = 'basic_constraints'¶
Key used in CA_PROFILES.
- class django_ca.extensions.CRLDistributionPoints(value=None)[source]¶
Bases:
django_ca.extensions.base.CRLDistributionPointsBase
[cryptography.x509.extensions.CRLDistributionPoints
]Class representing a CRLDistributionPoints extension.
This extension identifies where a client can retrieve a Certificate Revocation List (CRL).
The value passed to this extension should be a
list
ofDistributionPoint
instances. Naturally, you can also pass those in serialized form:>>> CRLDistributionPoints({'value': [ ... {'full_name': ['http://crl.example.com']} ... ]}) <CRLDistributionPoints: [<DistributionPoint: full_name=['URI:http://crl.example.com']>], critical=False>
See also
- key = 'crl_distribution_points'¶
Key used in CA_PROFILES.
- class django_ca.extensions.CertificatePolicies(value=None)[source]¶
Bases:
django_ca.extensions.base.ListExtension
[cryptography.x509.extensions.CertificatePolicies
,Union
[django_ca.extensions.utils.PolicyInformation
,django_ca.typehints.ParsablePolicyInformation
],django_ca.typehints.SerializedPolicyInformation
,django_ca.extensions.utils.PolicyInformation
]Class representing a Certificate Policies extension.
The value passed to this extension should be a
list
ofPolicyInformation
instances. Naturally, you can also pass those in serialized form:>>> CertificatePolicies({'value': [{ ... 'policy_identifier': '2.5.29.32.0', ... 'policy_qualifier': ['policy1'], ... }]}) <CertificatePolicies: 1 policy, critical=False>
See also
- key = 'certificate_policies'¶
Key used in CA_PROFILES.
- class django_ca.extensions.ExtendedKeyUsage(value=None)[source]¶
Bases:
django_ca.extensions.base.OrderedSetExtension
[cryptography.x509.extensions.ExtendedKeyUsage
,Union
[cryptography.x509.ObjectIdentifier
,str
],str
,cryptography.x509.ObjectIdentifier
]Class representing a ExtendedKeyUsage extension.
- KNOWN_PARAMETERS = ['OCSPSigning', 'anyExtendedKeyUsage', 'clientAuth', 'codeSigning', 'emailProtection', 'ipsecEndSystem', 'ipsecTunnel', 'ipsecUser', 'mdlDS', 'mdlJWS', 'msKDC', 'serverAuth', 'smartcardLogon', 'timeStamping']¶
Known values that can be passed to this extension.
- key = 'extended_key_usage'¶
Key used in CA_PROFILES.
- class django_ca.extensions.Extension(value=None)[source]¶
Bases:
Generic
[django_ca.typehints.ExtensionTypeTypeVar
,django_ca.typehints.ParsableValue
,django_ca.typehints.SerializedValue
]Convenience class to handle X509 Extensions.
The value is a
dict
as used by the CA_PROFILES setting:>>> KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=True> >>> KeyUsage({'critical': False, 'value': ['key_agreement', 'key_encipherment']}) <KeyUsage: ['keyAgreement', 'keyEncipherment'], critical=False>
… but can also use a subclass of
ExtensionType
fromcryptography
:>>> from cryptography import x509 >>> cg_ext = x509.extensions.Extension( ... oid=ExtensionOID.EXTENDED_KEY_USAGE, ... critical=False, ... value=x509.ExtendedKeyUsage([ExtendedKeyUsageOID.SERVER_AUTH]) ... ) >>> ExtendedKeyUsage(cg_ext) <ExtendedKeyUsage: ['serverAuth'], critical=False> >>> ExtendedKeyUsage({'value': ['serverAuth']}) <ExtendedKeyUsage: ['serverAuth'], critical=False>
Changed in version 1.18.0: This class is now an abstract base class.
- Parameters
- valuelist or tuple or dict or str or
ExtensionType
The value of the extension, the description provides further details.
- valuelist or tuple or dict or str or
- Attributes
- name
A human readable name of this extension
- value
Raw value for this extension. The type various from subclass to subclass.
- criticalbool
If this extension is marked as critical
- oid
The OID for this extension.
- keystr
The key is a reusable ID used in various parts of the application.
- default_criticalbool
The default critical value if you pass a dict without the
"critical"
key.
- abstract property extension_type¶
The
ExtensionType
instance of this extension.Implementing classes are expected to implement this function.
- for_builder()[source]¶
Return a tuple suitable for a
CertificateBuilder
.Example:
>>> ext = KeyUsage({'value': ['keyAgreement', 'keyEncipherment']}) >>> builder = x509.CertificateBuilder() >>> builder.add_extension(*ext.for_builder()) <cryptography.x509.base.CertificateBuilder object at ...>
- abstract from_dict(value)[source]¶
Load class from a dictionary.
Implementing classes are expected to implement this function.
- abstract from_extension(value)[source]¶
Load a wrapper class from a cryptography extension instance.
Implementing classes are expected to implement this function.
- from_other(value)[source]¶
Load class from any other value type.
This class can be overwritten to allow loading classes from different types.
- hash_value()[source]¶
Return the current extension value in hashable form.
This function is used for the default implementations for
hash()
and the==
equality operator.
- abstract repr_value()[source]¶
String representation of the current value for this extension.
Implementing classes are expected to implement this function.
- class django_ca.extensions.FreshestCRL(value=None)[source]¶
Bases:
django_ca.extensions.base.CRLDistributionPointsBase
[cryptography.x509.extensions.FreshestCRL
]Class representing a FreshestCRL extension.
This extension handles identically to the
CRLDistributionPoints
extension:>>> FreshestCRL({'value': [ ... {'full_name': ['http://crl.example.com']} ... ]}) <FreshestCRL: [<DistributionPoint: full_name=['URI:http://crl.example.com']>], critical=False>
See also
- key = 'freshest_crl'¶
Key used in CA_PROFILES.
- class django_ca.extensions.InhibitAnyPolicy(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.InhibitAnyPolicy
,int
,int
]Class representing a InhibitAnyPolicy extension.
Example:
>>> InhibitAnyPolicy({'value': 1}) # normal value dict is supported <InhibitAnyPolicy: 1, critical=True> >>> ext = InhibitAnyPolicy(3) # a simple int is also okay >>> ext <InhibitAnyPolicy: 3, critical=True> >>> ext.skip_certs = 5 >>> ext.skip_certs 5
See also
- default_critical = True¶
This extension is marked as critical by default (RFC 5280 requires this extension to be marked as critical).
- key = 'inhibit_any_policy'¶
Key used in CA_PROFILES.
- class django_ca.extensions.IssuerAlternativeName(value=None)[source]¶
Bases:
django_ca.extensions.base.AlternativeNameExtension
[cryptography.x509.extensions.IssuerAlternativeName
]Class representing an Issuer Alternative Name extension.
This extension is usually marked as non-critical.
>>> IssuerAlternativeName({'value': ['https://example.com']}) <IssuerAlternativeName: ['URI:https://example.com'], critical=False>
See also
- key = 'issuer_alternative_name'¶
Key used in CA_PROFILES.
- class django_ca.extensions.KeyUsage(value=None)[source]¶
Bases:
django_ca.extensions.base.OrderedSetExtension
[cryptography.x509.extensions.KeyUsage
,str
,str
,str
]Class representing a KeyUsage extension, which defines the purpose of a certificate.
This extension is usually marked as critical and RFC 5280 defines that conforming CAs SHOULD mark it as critical. The value
keyAgreement
is always added ifencipherOnly
ordecipherOnly
is present, since the value of this extension is not meaningful otherwise.>>> KeyUsage({'value': ['encipherOnly'], 'critical': True}) <KeyUsage: ['encipherOnly', 'keyAgreement'], critical=True> >>> KeyUsage({'value': ['decipherOnly'], 'critical': True}) <KeyUsage: ['decipherOnly', 'keyAgreement'], critical=True>
See also
- KNOWN_PARAMETERS = ['cRLSign', 'dataEncipherment', 'decipherOnly', 'digitalSignature', 'encipherOnly', 'keyAgreement', 'keyCertSign', 'keyEncipherment', 'nonRepudiation']¶
Known values that can be passed to this extension.
- default_critical = True¶
This extension is marked as critical by default.
- key = 'key_usage'¶
Key used in CA_PROFILES.
- class django_ca.extensions.NameConstraints(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.NameConstraints
,django_ca.typehints.ParsableNameConstraints
,django_ca.typehints.SerializedNameConstraints
]Class representing a NameConstraints extension.
Unlike most other extensions, this extension does not accept a string as value, but you can pass a list containing the permitted/excluded subtrees as lists. Similar to
SubjectAlternativeName
, you can pass both strings or instances ofGeneralName
:>>> NameConstraints({'value': { ... 'permitted': ['DNS:.com', 'example.org'], ... 'excluded': [x509.DNSName('.net')] ... }}) <NameConstraints: permitted=['DNS:.com', 'DNS:example.org'], excluded=['DNS:.net'], critical=True>
We also have permitted/excluded getters/setters to easily configure this extension:
>>> nc = NameConstraints() >>> nc.permitted = ['example.com'] >>> nc.excluded = ['example.net'] >>> nc <NameConstraints: permitted=['DNS:example.com'], excluded=['DNS:example.net'], critical=True> >>> nc.permitted, nc.excluded (<GeneralNameList: ['DNS:example.com']>, <GeneralNameList: ['DNS:example.net']>)
See also
- default_critical = True¶
This extension is marked as critical by default.
- property excluded¶
The
excluded
value of this instance.
- key = 'name_constraints'¶
Key used in CA_PROFILES.
- property permitted¶
The
permitted
value of this instance.
- class django_ca.extensions.OCSPNoCheck(value=None)[source]¶
Bases:
django_ca.extensions.base.NullExtension
[cryptography.x509.extensions.OCSPNoCheck
]Extension to indicate that an OCSP client should (blindly) trust the certificate for it’s lifetime.
As a NullExtension, any value is ignored and you can pass a simple empty
dict
(or nothing at all) to the extension:>>> OCSPNoCheck() <OCSPNoCheck: critical=False> >>> OCSPNoCheck({'critical': True}) # unlike PrecertPoison, you can still mark it as critical <OCSPNoCheck: critical=True>
This extension is only meaningful in an OCSP responder certificate.
See also
- key = 'ocsp_no_check'¶
Key used in CA_PROFILES.
- class django_ca.extensions.PolicyConstraints(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.PolicyConstraints
,django_ca.typehints.ParsablePolicyConstraints
,django_ca.typehints.SerializedPolicyConstraints
]Class representing a PolicyConstraints extension.
Example:
>>> ext = PolicyConstraints({'value': {'require_explicit_policy': 1, 'inhibit_policy_mapping': 2}}) >>> ext <PolicyConstraints: inhibit_policy_mapping=2, require_explicit_policy=1, critical=True> >>> ext.require_explicit_policy 1 >>> ext.inhibit_policy_mapping = 5 >>> ext.inhibit_policy_mapping 5
See also
- default_critical = True¶
This extension is marked as critical by default (RFC 5280 requires this).
- key = 'policy_constraints'¶
Key used in CA_PROFILES.
- class django_ca.extensions.PrecertPoison(value=None)[source]¶
Bases:
django_ca.extensions.base.NullExtension
[cryptography.x509.extensions.PrecertPoison
]Extension to indicate that the certificate is a submission to a certificate transparency log.
Note that creating this extension will raise
ValueError
if it is not marked as critical:>>> PrecertPoison() <PrecertPoison: critical=True> >>> PrecertPoison({'critical': False}) Traceback (most recent call last): ... ValueError: PrecertPoison must always be marked as critical
See also
- default_critical = True¶
This extension is marked as critical by default.
- key = 'precert_poison'¶
Key used in CA_PROFILES.
- class django_ca.extensions.PrecertificateSignedCertificateTimestamps(value=None)[source]¶
Bases:
django_ca.extensions.base.SignedCertificateTimestampsBase
[cryptography.x509.extensions.PrecertificateSignedCertificateTimestamps
]Class representing signed certificate timestamps in a Precertificate.
This extension is included in certificates sent to a certificate transparency log.
This class cannot be instantiated by anything but
cryptography.x509.PrecertificateSignedCertificateTimestamps
. Please seeSignedCertificateTimestampsBase
for more information.- key = 'precertificate_signed_certificate_timestamps'¶
Key used in CA_PROFILES.
- class django_ca.extensions.SubjectAlternativeName(value=None)[source]¶
Bases:
django_ca.extensions.base.AlternativeNameExtension
[cryptography.x509.extensions.SubjectAlternativeName
]Class representing an Subject Alternative Name extension.
This extension is usually marked as non-critical.
>>> SubjectAlternativeName({'value': ['example.com']}) <SubjectAlternativeName: ['DNS:example.com'], critical=False>
See also
- get_common_name()[source]¶
Get a value suitable for use as CommonName in a subject, or None if no such value is found.
This function returns a string representation of the first value that is not a DirectoryName, RegisteredID or OtherName.
- key = 'subject_alternative_name'¶
Key used in CA_PROFILES.
- class django_ca.extensions.SubjectKeyIdentifier(value=None)[source]¶
Bases:
django_ca.extensions.base.Extension
[cryptography.x509.extensions.SubjectKeyIdentifier
,Union
[str
,bytes
,cryptography.x509.extensions.SubjectKeyIdentifier
],str
]Class representing a SubjectKeyIdentifier extension.
This extension identifies the certificate, so it is not usually defined in a profile or instantiated by a user. This extension will automatically be added by django-ca. If you ever handle this extension directly, the value must be a str or bytes:
>>> SubjectKeyIdentifier({'value': '33:33:33:33:33:33'}) <SubjectKeyIdentifier: b'333333', critical=False> >>> SubjectKeyIdentifier({'value': b'333333'}) <SubjectKeyIdentifier: b'333333', critical=False>
- key = 'subject_key_identifier'¶
Key used in CA_PROFILES.
- class django_ca.extensions.TLSFeature(value=None)[source]¶
Bases:
django_ca.extensions.base.OrderedSetExtension
[cryptography.x509.extensions.TLSFeature
,Union
[cryptography.x509.extensions.TLSFeatureType
,str
],str
,cryptography.x509.extensions.TLSFeatureType
]Class representing a TLSFeature extension.
As a
OrderedSetExtension
, this extension handles much like it’s other sister extensions:>>> TLSFeature({'value': ['OCSPMustStaple']}) <TLSFeature: ['OCSPMustStaple'], critical=False> >>> tf = TLSFeature({'value': ['OCSPMustStaple']}) >>> tf.add('MultipleCertStatusRequest') >>> tf <TLSFeature: ['MultipleCertStatusRequest', 'OCSPMustStaple'], critical=False>
- KNOWN_PARAMETERS = ['MultipleCertStatusRequest', 'OCSPMustStaple']¶
Known values that can be passed to this extension.
- key = 'tls_feature'¶
Key used in CA_PROFILES.
Helper functions/classes¶
In addition to extension classes, there are a few helper functions to ease handling of extensions:
- django_ca.extensions.get_extension_name(ext)[source]¶
Function to get the name of an extension.
>>> ext = x509.Extension(value=x509.BasicConstraints(ca=True, path_length=3), critical=True, ... oid=ExtensionOID.BASIC_CONSTRAINTS) >>> get_extension_name(ext) 'BasicConstraints'
- extensions.KEY_TO_EXTENSION {'basic_constraints': <class 'django_ca.extensions.BasicConstraints'>, ...}¶
A dictionary mapping of a unique key to an extension class:
>>> KEY_TO_EXTENSION['authority_information_access'].__name__ 'AuthorityInformationAccess'
- extensions.OID_TO_EXTENSION {<ObjectIdentifier(oid=...): <class 'django_ca.extensions...>, ...}¶
A dictionary mapping of OIDs to extension classes:
>>> from cryptography.x509.oid import ExtensionOID >>> OID_TO_EXTENSION[ExtensionOID.BASIC_CONSTRAINTS].__name__ 'BasicConstraints'
django_ca.extensions.utils
¶
django_ca.extensions.utils
contains various utility classes used by X.509 extensions.
- class django_ca.extensions.utils.DistributionPoint(data=None)[source]¶
Bases:
object
Class representing a Distribution Point.
This class is used internally by extensions that have a list of Distribution Points, e.g. the :
CRLDistributionPoints
extension. The class accepts either acryptography.x509.DistributionPoint
or adict
. Note that in the latter case, you can also pass a list ofstr
asfull_name
orcrl_issuer
:>>> DistributionPoint(x509.DistributionPoint( ... full_name=[x509.UniformResourceIdentifier('http://ca.example.com/crl')], ... relative_name=None, crl_issuer=None, reasons=None ... )) <DistributionPoint: full_name=['URI:http://ca.example.com/crl']> >>> DistributionPoint({'full_name': ['http://example.com']}) <DistributionPoint: full_name=['URI:http://example.com']> >>> DistributionPoint({'full_name': ['http://example.com']}) <DistributionPoint: full_name=['URI:http://example.com']> >>> DistributionPoint({ ... 'relative_name': '/CN=example.com', ... 'crl_issuer': ['http://example.com'], ... 'reasons': ['key_compromise', 'ca_compromise'], ... }) <DistributionPoint: relative_name='/CN=example.com', crl_issuer=['URI:http://example.com'], reasons=['ca_compromise', 'key_compromise']>
See also
- property for_extension_type¶
Convert instance to a suitable cryptography class.
- class django_ca.extensions.utils.PolicyInformation(data=None)[source]¶
Bases:
MutableSequence
[Union
[str
,cryptography.x509.UserNotice
]]Class representing a PolicyInformation object.
This class is internally used by the
CertificatePolicies
extension.You can pass a
PolicyInformation
instance or a dictionary representing that instance:>>> PolicyInformation({'policy_identifier': '2.5.29.32.0', 'policy_qualifiers': ['text1']}) <PolicyInformation(oid=2.5.29.32.0, qualifiers=['text1'])> >>> PolicyInformation({ ... 'policy_identifier': '2.5.29.32.0', ... 'policy_qualifiers': [{'explicit_text': 'text2', }], ... }) <PolicyInformation(oid=2.5.29.32.0, qualifiers=[{'explicit_text': 'text2'}])> >>> PolicyInformation({ ... 'policy_identifier': '2.5', ... 'policy_qualifiers': [{ ... 'notice_reference': { ... 'organization': 't3', ... 'notice_numbers': [1, ], ... } ... }], ... }) <PolicyInformation(oid=2.5, qualifiers=[{'notice_reference': {...}}])>
- property for_extension_type¶
Convert instance to a suitable cryptography class.
- get_policy_identifier()[source]¶
Property for the policy identifier.
Note that you can set any parsable value, it will always be an object identifier:
>>> pi = PolicyInformation() >>> pi.policy_identifier = '1.2.3' >>> pi.policy_identifier <ObjectIdentifier(oid=1.2.3, name=Unknown OID)>
- property policy_identifier¶
Property for the policy identifier.
Note that you can set any parsable value, it will always be an object identifier:
>>> pi = PolicyInformation() >>> pi.policy_identifier = '1.2.3' >>> pi.policy_identifier <ObjectIdentifier(oid=1.2.3, name=Unknown OID)>