diff options
Diffstat (limited to 'rpkid/rpki')
46 files changed, 2537 insertions, 21956 deletions
diff --git a/rpkid/rpki/POW/__init__.py b/rpkid/rpki/POW/__init__.py index b150bbf1..d3796245 100644 --- a/rpkid/rpki/POW/__init__.py +++ b/rpkid/rpki/POW/__init__.py @@ -1,16 +1,7 @@ from _POW import * -from _POW import _docset -## @mainpage -## -## Python OpenSSL Wrappers (POW) is an old (but well-written) -## interface between Python and OpenSSL (ok, you could have guessed -## that from the name). Sadly, it appears to have fallen by the -## wayside, and M2Crypto is getting a lot more attention these days. -## -## POW ships with a submodule, POW.pkix, which includes a wonderful -## set of pure-Python routines for dealing with ASN.1 encodings of -## X.509v3 certificates, extensions, and related data. I haven't -## found anything as good anywhere else. This code deserves to be -## salvaged and put to work. +# Set callback to let POW construct rpki.sundial.datetime objects +from rpki.sundial import datetime as sundial_datetime +customDatetime(sundial_datetime) +del sundial_datetime diff --git a/rpkid/rpki/POW/_der.py b/rpkid/rpki/POW/_der.py deleted file mode 100644 index c7f58411..00000000 --- a/rpkid/rpki/POW/_der.py +++ /dev/null @@ -1,2294 +0,0 @@ -#*****************************************************************************# -#* *# -#* Copyright (c) 2002, Peter Shannon *# -#* All rights reserved. *# -#* *# -#* Redistribution and use in source and binary forms, with or without *# -#* modification, are permitted provided that the following conditions *# -#* are met: *# -#* *# -#* * Redistributions of source code must retain the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer. *# -#* *# -#* * Redistributions in binary form must reproduce the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer in the documentation and/or other materials *# -#* provided with the distribution. *# -#* *# -#* * The name of the contributors may be used to endorse or promote *# -#* products derived from this software without specific prior *# -#* written permission. *# -#* *# -#* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS *# -#* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT *# -#* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS *# -#* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS *# -#* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *# -#* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *# -#* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, *# -#* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY *# -#* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT *# -#* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE *# -#* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *# -#* *# -#*****************************************************************************# - -import exceptions, types, copy, string, time, base64, traceback, cStringIO - -DEBUG = 0 - -# CLASS -CLASS_UNIVERSAL = 0x00 -CLASS_APPLICATION = 0x40 -CLASS_CONTEXT = 0x80 -CLASS_PRIVATE = 0xC0 - -# FORM -FORM_PRIMITIVE = 0x00 -FORM_CONSTRUCTED = 0x20 - -# TAG -TAG_BOOLEAN = 0x01 -TAG_INTEGER = 0x02 -TAG_BITSTRING = 0x03 -TAG_OCTETSTRING = 0x04 -TAG_NULL = 0x05 -TAG_OID = 0x06 -TAG_OBJDESCRIPTOR = 0x07 -TAG_EXTERNAL = 0x08 -TAG_REAL = 0x09 -TAG_ENUMERATED = 0x0A -TAG_EMBEDDED_PDV = 0x0B -TAG_UTF8STRING = 0x0C -TAG_SEQUENCE = 0x10 -TAG_SET = 0x11 -TAG_NUMERICSTRING = 0x12 -TAG_PRINTABLESTRING = 0x13 -TAG_T61STRING = 0x14 -TAG_VIDEOTEXSTRING = 0x15 -TAG_IA5STRING = 0x16 -TAG_UTCTIME = 0x17 -TAG_GENERALIZEDTIME = 0x18 -TAG_GRAPHICSTRING = 0x19 -TAG_VISIBLESTRING = 0x1A -TAG_GENERALSTRING = 0x1B -TAG_UNIVERSALSTRING = 0x1C -TAG_BMPSTRING = 0x1E - -_fragments = [] - -def _docset(): - return _fragments - -def _addFragment(frag): - global _fragments - _fragments.append(frag) - - -_addFragment(''' -<moduleDescription> - <header> - <name>POW.pkix</name> - <author>Peter Shannon</author> - </header> - <body> - <para> - This module is a solution to reading and writing X509v3 written - purely in Python. It does use limited facilities from POW for - signing and verifying but these could be replaced easily. It is - an abstract module and to use it successfully RFC3280 should be - referred to as well as the sourcecode where necessary. The correct - use of many extensions often not clear from the definitions alone. - Do refer to the RFC for details. - </para> - <para> - Each constructed objects defined in the RFC is built from primitives - defined by the ASN1 recommedations. Not all ASN1 primitive are available but all those - required for X509v3 should be. The implementation is more or less - complete for DER encoding the only caveat, aside from a few - missing objects, is the behaviour of <classname>SET</classname> objects - and <classname>SET OF</classname> objects. The order the objects are - written in should be determined at runtime by sorting their tags but this - library does not do this. For X509 it isn't really necessary - since all the <classname>Set</classname> objects are simple and the - order they are written in is defined by the object's constructor. - </para> - <para> - Every documented object in this module supports the functions documented for - <classname>_GeneralObject</classname>. In general the function - will only be documented in descendant classes if the class changes - the behaviour significantly from its ancestor. This would - normally be <classname>_GeneralObject</classname> or - <classname>Sequence</classname>. - </para> - </body> -</moduleDescription> -''') - -class DerError(Exception): - def __init__(self, msg): - if not isinstance(msg, types.StringType): - raise Exception, 'argunment should be a string' - self.msg = msg - - def __repr__(self): - return self.msg - - __str__ = __repr__ - -class _Tag(object): - def __init__(self): - self.tagclass = 0 - self.tagform = 0 - self.tagnumber = 0 - - def __repr__(self): - return '(%s, %s, %s)' % (self.tagclass, self.tagform, self.tagnumber) - - def write(self, file): - if self.tagnumber < 31: - file.write( chr(self.tagclass | self.tagform | self.tagnumber) ) - else: - val = copy.deepcopy(self.tagnumber) - bytes = [] - while val: - byte = val & 0x7F - bytes.append(byte | 0x80) - val = val >> 7 - bytes[0] = bytes[0] ^ 0x80 - bytes.append( self.tagclass | self.tagform | 0x1F ) - bytes.reverse() - file.write( string.join(map(chr, bytes), '') ) - - def read(self, file): - octet1 = ord( file.read(1) ) - self.tagclass = octet1 & 0xC0 - self.tagform = octet1 & 0x20 - value = octet1 & 0x1F - if value < 31: - self.tagnumber = value - else: - total = 0 - byte = 0x80 - while byte & 0x80: - byte = ord( file.read(1) ) - if byte & 0x80: - total = (total << 7) | byte ^ 0x80 - else: - total = (total << 7) | byte - self.tagnumber = total - -class _Length(object): - def __init__(self): - self.length = 0 - - def __repr__(self): - return '(%s)' % self.length - - def write(self, file): - if self.length < 128: - file.write( chr(self.length) ) - else: - val = copy.deepcopy(self.length) - bytes = [] - while val: - byte = val & 0xFF - bytes.append(byte) - val = val >> 8 - lengthOfLength = len(bytes) - if lengthOfLength > 126: - raise DerError, 'object is too long!' - bytes.append(lengthOfLength) - bytes.reverse() - bytes[0] = bytes[0] ^ 0x80 - file.write( string.join(map(chr, bytes), '') ) - - def read(self, file): - octet1 = ord( file.read(1) ) - if octet1 < 128: - self.length = octet1 - else: - total = 0 - byte = 0 - for i in range(octet1 ^ 0x80): - byte = ord( file.read(1) ) - total = (total << 8) | byte - self.length = total - -class _TlvIo(_Tag, _Length): - def __init__(self, file): - self.file = file - self.offset = None - self.valueOffset = None - - def __repr__(self): - return '<TAG:%s Length:%s>' % (_Tag.__repr__(self), _Length.__repr__(self)) - - def __nonzero__(self): - pos = self.file.tell() - self.file.seek(0,2) - if self.file.tell(): - self.file.seek(pos) - return 1 - else: - return 0 - - def read(self): - self.offset = self.file.tell() - _Tag.read( self, self.file ) - _Length.read( self, self.file ) - self.valueOffset = self.file.tell() - self.file.seek( self.length, 1 ) - - def readValue(self): - self.file.seek( self.valueOffset ) - return self.file.read( self.length ) - - def write(self, val): - _Tag.write( self, self.file ) - self.length = len(val) - _Length.write( self, self.file ) - self.file.write(val) - -def _decodeBoolean(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - if ord(val) == 0xFF: - return 1 - elif ord(val) == 0x00: - return 0 - else: - raise DerError, 'boolean should be encode as all 1s or all 0s' - -def _encodeBoolean(val): - 'anything we can test for truth' - if val: - return chr(0xFF) - else: - return chr(0x00) - -def _decodeInteger(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - total = 0L - if ord(val[0]) & 0x80: - val = map( lambda x : ord(x) ^ 0xFF, val ) - for byte in val: - total = (total << 8) | byte - total = -(total+1) - else: - for byte in val: - total = (total << 8) | ord(byte) - return total - -def _encodeInteger(val): - 'python integer' - if not isinstance(val, types.IntType) and not isinstance(val, types.LongType): - raise DerError, 'argument should be an integer' - if val == 0: - return chr(0x00) - else: - val2 = copy.deepcopy(val) - if val2 < 0: - val2 = -(val2+1) - bytes = [] - byte = 0 - while val2: - byte = val2 & 0xFF - bytes.append(byte) - val2 = val2 >> 8 - # if we have no used up the last byte to represent the value we need - # to add one more on to show if this is negative of positive. Also, - # due to adding 1 and inverting -1 would be 0 or if 0 is the encoding - # value, so bytes would empty and this would lead to and empty value - # and this would not be working properly. Adding this null byte - # fixes this, since it is inverted to -1 and preserved for 0. - if byte & 0x80 or not bytes: - bytes.append(0x00) - if val < 0: - bytes = map( lambda x : x ^ 0xFF, bytes ) - bytes.reverse() - - return string.join(map(chr, bytes), '') - -def _decodeBitString(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - bitmasks = [0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01] - unused = ord( val[0] ) - bits = [] - for byte in val[1:]: - for j in range(8): - if ord(byte) & bitmasks[j]: - bits.append(1) - else: - bits.append(0) - if unused == 0: - return tuple(bits) - else: - return tuple(bits[:-unused]) - -def _encodeBitString(val): - 'list of true/false objects ie [0,1,1,0,1,1]' - if not (isinstance(val, types.ListType) or isinstance(val, types.TupleType)): - raise DerError, 'argument should be a list or tuple' - bitmasks = [0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01] - bytes = [] - fits, leftover = divmod(len(val), 8) - nobytes = fits - if leftover > 0: - nobytes = nobytes + 1 - if leftover: - unused = 8 - leftover - else: - unused = 0 - bytes.append(unused) - for i in range(nobytes): - byte = 0 - for j in range(8): - offset = j + i*8 - if offset < len(val): - if val[offset]: - byte = byte | bitmasks[j] - bytes.append(byte) - - return string.join(map(chr, bytes), '') - -def _decodeOid(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - arc12 = ord( val[0] ) - arc1, arc2 = divmod(arc12, 40) - oids = [arc1,arc2] - - total = 0 - for byte in val[1:]: - val = ord(byte) - if val & 0x80: - total = (total << 7) | (val ^ 0x80) - else: - total = (total << 7) | val - oids.append(total) - total = 0 - - return tuple(oids) - -def _encodeOid(val): - 'list of intgers' - if not (isinstance(val, types.ListType) or isinstance(val, types.TupleType)): - raise DerError, 'argument should be a list or tuple' - oids = [] - oids.append( chr(40 * val[0] + val[1]) ) - for val in val[2:]: - if val == 0: - oids.append( chr(0) ) - else: - bytes = [] - while val: - val, rem = divmod(val, 128) - bytes.append(rem | 0x80) - bytes[0] = bytes[0] ^ 0x80 - bytes.reverse() - oids.append( string.join(map(chr, bytes), '') ) - - return string.join(oids, '') - -def _decodeSequence(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - buf = cStringIO.StringIO(val) - buflen = len(val) - tvls = [] - while buf.tell() < buflen: - t = _TlvIo(buf) - t.read() - tvls.append(t) - return tuple(tvls) - -def _encodeSequence(val): - 'list of GenerlObjects' - if not (isinstance(val, types.ListType) or isinstance(val, types.TupleType)): - raise DerError, 'argument should be a list or tuple' - buf = cStringIO.StringIO() - for obj in val: - if obj or isinstance(obj, _GeneralObject): - obj.write(buf) - elif not obj.optional: - raise DerError, 'object not set which should be: %s' % obj - - return buf.getvalue() - -_addFragment(''' -<class> - <header> - <name>_GeneralObject</name> - </header> - <body> - <para> - <classname>_GeneralObject</classname> is the basis for all DER objects, - primitive or constructed. It defines the basic behaviour of an - object which is serialised using the tag, length and value - approach of DER. It is unlikely you would ever want to - instantiate one of these directly but I include a description - since many primatives don't override much of - <classname>_GeneralObject</classname>'s functions. - </para> - </body> -</class> -''') - -class _GeneralObject(object): - - _addFragment(''' - <constructor> - <header> - <memberof>_GeneralObject</memberof> - <parameter>normclass</parameter> - <parameter>normform</parameter> - <parameter>normnumber</parameter> - <parameter>encRoutine</parameter> - <parameter>decRoutine</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - <parameter>normclass</parameter> is the class of the object, - ei: universal, application, context or private. - <parameter>normform</parameter> is the form of the object, ei - primitive or constructed. <parameter>normnumber</parameter> is - the tag number of the object. - <parameter>encRoutine</parameter> is a function which takes a - value and encodes it according the appropriate DER rules. - <parameter>decRoutine</parameter> is a function which reads a - string value and returns a value which is more useful in - Python. <parameter>optional</parameter> is a boolean - indicating if this object is optional. The final parameter, - <parameter>default</parameter> is the base 64 encoded DER - value, which should be used as the default in leu of a value to - read or incase it is unset. - </para> - </body> - </constructor> - ''') - - def __init__(self, normclass, normform, normnumber, encRoutine, decRoutine, optional=0, default=''): - if not isinstance(normclass, types.IntType): - raise DerError, 'nomrclass argument should be an integer : %s' % normclass - if not isinstance(normform, types.IntType): - raise DerError, 'normform argument should be an integer : %s' % normform - if not isinstance(normnumber, types.IntType): - raise DerError, 'normnumber argument should be an integer : %s' % normnumber - if not isinstance(encRoutine, types.FunctionType): - raise DerError, 'encRoutine argument should be an function : %s' % encRoutine - if not isinstance(decRoutine, types.FunctionType): - raise DerError, 'decRoutine argument should be an function : %s' % decRoutine - if not isinstance(optional, types.IntType): - raise DerError, 'optional argument should be an integer : %s' % optional - if not isinstance(default, types.StringType): - raise DerError, 'default argument should be an String : %s' % default - self.normclass = normclass - self.normform = normform - self.normnumber = normnumber - self.encRoutine = encRoutine - self.decRoutine = decRoutine - self.value = None - self.optional = optional - self.default = default - self.reset() - - def _ioSafe(self): - 'is it safe to write this object' - if self.optional or self._isSet(): - return 1 - else: - return 0 - - def _isSet(self): - 'are the values of this object set or not' - if self.value is not None: - return 1 - else: - return 0 - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>reset</name> - </header> - <body> - <para> - This function re-initialises the object, clearing the value or - setting it to any default. - </para> - </body> - </method> - ''') - def reset(self): - self.value = None - if self.default: - buf = cStringIO.StringIO( base64.decodestring( self.default ) ) - io = _TlvIo(buf) - io.read() - self.read(io) - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>set</name> - <parameter>value</parameter> - </header> - <body> - <para> - This dosn't do much except store <parameter>value</parameter>, - presumably prior to writing the object. The correct values to - use would be determined by the encoder or decoder this class is - instantiated with. Be careful, there is some flexibility in - setting objects so you might find that once the object has been - written and read back in the value isn't identical. A good - example would be anything which contains a sequence(list or - tuple), all sequence objects are returned as tuples. - </para> - </body> - </method> - ''') - def set(self, value): - if value is not None: - self.value = value - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>get</name> - </header> - <body> - <para> - Gets the value stored presumably after reading the object. - </para> - </body> - </method> - ''') - def get(self): - return self.value - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>implied</name> - <parameter>impclass</parameter> - <parameter>impform</parameter> - <parameter>impnumber</parameter> - </header> - <body> - <para> - This function is used to change how the tag is written or read - for a particular object and should be called in the constructor - for derived objects. If you have an example of the structure you need to - process, Pete Gutmann's excellent - <application>dumpasn1</application> can be invaluable for - debugging objects. - </para> - </body> - </method> - ''') - def implied(self, impclass, impform, impnumber): - if not isinstance(impclass, types.IntType): - raise DerError, 'impclass argument should be an integer' - if not isinstance(impform, types.IntType): - raise DerError, 'impform argument should be an integer' - if not isinstance(impnumber, types.IntType): - raise DerError, 'impnumber argument should be an integer' - self.normclass = impclass - self.normform = impform - self.normnumber = impnumber - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>read</name> - <parameter>io</parameter> - </header> - <body> - <para> - <parameter>io</parameter> should be a file like object. If the - object being read matches the expected class, form and tag the - value is read and decoded using - <function>decRoutine</function>. Else, if it has a default - that is read and stored. - </para> - <para> - The return value of this function does not indicate success but - whether this TLV was processed successfully. This bahaviour is - vital for processing constructed types since the object may be - optional or have a default. Failure to decode would be indicated - by an exception. - </para> - </body> - </method> - ''') - - def read(self, io=None): - - processDefOpt = 0 - if io is None: - processDefOpt = 1 - elif isinstance(io, _TlvIo): - if not io: - processDefOpt = 1 - else: - pos = io.tell() - io.seek(0,2) - if io.tell(): - io.seek(pos) - else: - processDefOpt = 1 - - if processDefOpt: - if self.optional or self.default: - self.reset() - return 0 - else: - raise DerError, 'no TLV is available to read in non-optional/non-default object: %s' % repr(self) - - if not isinstance(io, _TlvIo): - tmp = _TlvIo(io) - tmp.read() - io = tmp - - if io.tagclass != self.normclass or io.tagform != self.normform or io.tagnumber != self.normnumber: - if self.default or self.optional: - self.reset() - return 0 - else: - raise DerError, 'error in encoding, missing object:%s' % repr(self) - else: - derval = io.readValue() - self.value = self.decRoutine( derval ) - return 1 - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>write</name> - <parameter>io</parameter> - </header> - <body> - <para> - If this object has not been set and is not optional and dosn't - have a default, a <classname>DerError</classname> exception will be raised - </para> - <para> - If no value has been set and this object is optional, nothing - is written. If this object's value is equal to the default, - nothing is written as stipulated by DER. Otherwise the value - is encoded and written. - </para> - </body> - </method> - ''') - - def write(self, file): - if not self._ioSafe(): - raise DerError, 'object not set which must be: %s' % repr(self) - elif self.optional and self.value is None: - pass - else: - buf = cStringIO.StringIO() - io = _TlvIo(buf) - io.tagclass = self.normclass - io.tagform = self.normform - io.tagnumber = self.normnumber - derval = self.encRoutine( self.value ) - io.length = len(derval) - io.write(derval) - if self.default: - if buf.getvalue() != base64.decodestring(self.default): - file.write( buf.getvalue() ) - else: - file.write( buf.getvalue() ) - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>toString</name> - </header> - <body> - <para> - Encodes the value in DER and returns it as a string. - </para> - </body> - </method> - ''') - - def toString(self): - buf = cStringIO.StringIO() - self.write(buf) - return buf.getvalue() - - _addFragment(''' - <method> - <header> - <memberof>_GeneralObject</memberof> - <name>fromString</name> - </header> - <body> - <para> - Decodes the string and sets the value of this object. - </para> - </body> - </method> - ''') - - def fromString(self, value): - buf = cStringIO.StringIO(value) - self.read(buf) - -class Any(_GeneralObject): - - def __init__(self): - self.value = None - self.normclass = None - self.normform = None - self.normnumber = None - - def _ioSafe(self): - if self.optional or (self._isSet() and self.normclass is not None and self.normform is not None and self.normnumber is not None): - return 1 - else: - return 0 - - def setTag(self, klass, form, number): - self.normclass = klass - self.normform = form - self.normnumber = number - - def reset(self): - self.value = None - - def get(self): - return self.value - - def set(self, value): - self.value = value - - def write(self,file): - if not self._ioSafe(): - raise DerError, 'object not set which must be: %s' % repr(self) - elif self.optional and self.value is None: - pass - else: - buf = cStringIO.StringIO() - io = _TlvIo(buf) - io.tagclass = self.normclass - io.tagform = self.normform - io.tagnumber = self.normnumber - io.length = len(self.value) - io.write(self.value) - file.write(buf.getvalue()) - - def read(self, io=None): - - processDefOpt = 0 - if io is None: - processDefOpt = 1 - elif isinstance(io, _TlvIo): - if not io: - processDefOpt = 1 - else: - pos = io.tell() - io.seek(0,2) - if io.tell(): - io.seek(pos) - else: - processDefOpt = 1 - if processDefOpt: - if self.optional or self.default: - self.reset() - return 0 - else: - raise DerError, 'no TLV is available to read in non-optional/non-default object: %s' % repr(self) - - if not isinstance(io, _TlvIo): - tmp = _TlvIo(io) - tmp.read() - io = tmp - - self.value = io.readValue() - self.normclass = io.tagclass - self.normform = io.tagform - self.normnumber = io.tagnumber - -_addFragment(''' -<class> - <header> - <name>Boolean</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 BOOLEAN type. It can be set - with any object which can be tested for truth. - </para> - </body> -</class> -''') - -class Boolean(_GeneralObject): # 0x01 - - _addFragment(''' - <constructor> - <header> - <memberof>Boolean</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_BOOLEAN, _encodeBoolean, _decodeBoolean, optional, default) - -_addFragment(''' -<class> - <header> - <name>Integer</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 INTEGER type. It should be set - with a Python integer. - </para> - </body> -</class> -''') - -class Integer(_GeneralObject): # 0x02 - - _addFragment(''' - <constructor> - <header> - <memberof>Integer</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_INTEGER, _encodeInteger, _decodeInteger, optional, default) - -_addFragment(''' -<class> - <header> - <name>BitString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 BIT STRING type. It should be set - with a sequence of integers. A non-zero number will set the bit, - zero will leave the bit unset. - </para> - </body> -</class> -''') - -class BitString(_GeneralObject): # 0x03 - - _addFragment(''' - <constructor> - <header> - <memberof>BitString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_BITSTRING, _encodeBitString, _decodeBitString, optional, default) - -_addFragment(''' -<class> - <header> - <name>AltBitString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 BIT STRING type. It differs from - the first <classname>BitString</classname> in that it's coding - routines treat values as binary data and do not interpret the data - in any way. Some application treat the - <classname>BIT STRING</classname> in the same way as - <classname>OCTET STRING</classname> type, hence this extra object. - </para> - </body> -</class> -''') - -class AltBitString(_GeneralObject): # 0x03 - - _addFragment(''' - <constructor> - <header> - <memberof>AltBitString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_BITSTRING, lambda x : chr(0)+x, lambda x : x[1:], optional, default) - -_addFragment(''' -<class> - <header> - <name>OctetString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 OCTET STRING type. This object - can be set with any binary data. - </para> - </body> -</class> -''') -class OctetString(_GeneralObject): # 0x04 - - _addFragment(''' - <constructor> - <header> - <memberof>OctetString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_OCTETSTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>Null</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 NULL type. There is no point in - setting this object, the value will always be ignored when it is - written out. - </para> - </body> -</class> -''') -class Null(_GeneralObject): # 0x05 - - _addFragment(''' - <constructor> - <header> - <memberof>Null</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_NULL, lambda x : '', lambda x : '', optional, default) - self.value = '' - - def _ioSafe(self): - return 1 - - def reset(self): - self.value = '' - -_addFragment(''' -<class> - <header> - <name>Oid</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 OID type. This object should be - set with a list or tuple of integers defining an objects oid. - Please note that the first three arcs have a restricted set of - values, so encoding (5, 3, 7, 1) will produce bad results. - </para> - </body> -</class> -''') -class Oid(_GeneralObject): # 0x06 - - _addFragment(''' - <constructor> - <header> - <memberof>Oid</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_OID, _encodeOid, _decodeOid, optional, default) - -_addFragment(''' -<class> - <header> - <name>Enum</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 ENUM type. This should be set - using a Python integer, the meaning should be described in the - ASN1 document for the object you are encoding. - </para> - </body> -</class> -''') -class Enum(_GeneralObject): # 0x0A - - _addFragment(''' - <constructor> - <header> - <memberof>Enum</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_ENUMERATED, _encodeInteger, _decodeInteger, optional, default) - -_addFragment(''' -<class> - <header> - <name>Utf8String</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 UTF8String type. This object - should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class Utf8String(_GeneralObject): # 0x0C - - _addFragment(''' - <constructor> - <header> - <memberof>Utf8String</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_UTF8STRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>NumericString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 NumericString type. This should - object should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class NumericString(_GeneralObject): # 0x12 - - _addFragment(''' - <constructor> - <header> - <memberof>NumericString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_NUMERICSTRING, lambda x : x, lambda x : x, optional, default) -_addFragment(''' -<class> - <header> - <name>PrintableString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 PrintableString type. This should - object should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class PrintableString(_GeneralObject): # 0x13 - - _addFragment(''' - <constructor> - <header> - <memberof>PrintableString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_PRINTABLESTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>T61String</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 T61String type. This object - should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class T61String(_GeneralObject): # 0x14 - - _addFragment(''' - <constructor> - <header> - <memberof>T61String</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_T61STRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>VideotexString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 VideotexString type. This should - object should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class VideotexString(_GeneralObject): # 0x15 - - _addFragment(''' - <constructor> - <header> - <memberof>VideotexString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_VIDEOTEXSTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>IA5String</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 IA5String type. This object - should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class IA5String(_GeneralObject): # 0x16 - - _addFragment(''' - <constructor> - <header> - <memberof>IA5String</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_IA5STRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>UtcTime</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 UTCTime type. This object should - be set with a string of the general format YYMMDDhhmmssZ. The - helper functions <function>time2utc</function> and - <function>utc2time</function> can be used to handle the conversion - from an integer to a string and back. - </para> - </body> -</class> -''') -class UtcTime(_GeneralObject): # 0x17 - - _addFragment(''' - <constructor> - <header> - <memberof>UtcTime</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_UTCTIME, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>GeneralizedTime</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 GeneralizedTime type. This object should - be set with a string of the general format YYYYMMDDhhmmssZ. The - helper functions <function>time2utc</function> and - <function>utc2time</function> can be used to handle the conversion - from an integer to a string and back. - </para> - </body> -</class> -''') -class GeneralizedTime(_GeneralObject): # 0x18 - - _addFragment(''' - <constructor> - <header> - <memberof>GeneralizedTime</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_GENERALIZEDTIME, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>GraphicString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 GraphicString type. This should - object should be set with a string. It is up to the application to - ensure it only contains valid characters for this type. - </para> - </body> -</class> -''') -class GraphicString(_GeneralObject): # 0x19 - - _addFragment(''' - <constructor> - <header> - <memberof>GraphicString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_GRAPHICSTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>VisibleString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 VisibleString type. This should - object should be set with a string. It is up to the application to - ensure it only contains valid characters for this type. - </para> - </body> -</class> -''') -class VisibleString(_GeneralObject): # 0xC0 - - _addFragment(''' - <constructor> - <header> - <memberof>VisibleString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_VISIBLESTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>GeneralString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 GeneralString type. This should - object should be set with a string. It is up to the application to - ensure it only contains valid characters for this type. - </para> - </body> -</class> -''') -class GeneralString(_GeneralObject): # 0xC0 - - _addFragment(''' - <constructor> - <header> - <memberof>GeneralString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_GENERALSTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>UniversalString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 UniversalString type. This should - object should be set with a string. It is up to the application to - ensure it only contains valid characters for this type. - </para> - </body> -</class> -''') -class UniversalString(_GeneralObject): # 0xC0 - - _addFragment(''' - <constructor> - <header> - <memberof>UniversalString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_UNIVERSALSTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>BmpString</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 BMPString type. This object - should be set with a string. It is up to the application to ensure - it only contains valid characters for this type. - </para> - </body> -</class> -''') -class BmpString(_GeneralObject): # 0xC0 - - _addFragment(''' - <constructor> - <header> - <memberof>BmpString</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - - def __init__(self, optional=0, default=''): - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_PRIMITIVE, TAG_BMPSTRING, lambda x : x, lambda x : x, optional, default) - -_addFragment(''' -<class> - <header> - <name>Sequence</name> - <super>_GeneralObject</super> - </header> - <body> - <para> - This object represents the ASN1 SEQUENCE type. - </para> - </body> -</class> -''') -class Sequence(_GeneralObject): # 0x10 - - _addFragment(''' - <constructor> - <header> - <memberof>Sequence</memberof> - <super>_GeneralObject</super> - <parameter>contents</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - The <parameter>contents</parameter> should be a list or tuple containing - the contents of the sequence. - Two important members are initialised this this constructor. - First <constant>self.next</constant> this is used to keep track - of which TLVs in this sequence has been read succesfully. The second, - <constant>self.contents</constant> should be set to the list of - objects stored in this sequence. Note that the order they are - specified in is the order in which they are written or read. - </para> - </body> - </constructor> - ''') - - def __init__(self, contents, optional=0, default=''): - self.contents = contents - self.next = 0 - _GeneralObject.__init__(self, CLASS_UNIVERSAL, FORM_CONSTRUCTED, TAG_SEQUENCE, _encodeSequence, _decodeSequence, optional, default) - - def _childRead(self, obj): - if self.next < len(self.value): - if obj.read( self.value[self.next] ): - self.next += 1 - else: - obj.read() - - _addFragment(''' - <method> - <header> - <memberof>Sequence</memberof> - <name>readContents</name> - <parameter>io</parameter> - <parameter>contents</parameter> - </header> - <body> - <para> - This function implements basic SEQUENCE like reading behaviour. - It will attempt to read each of the objects in - <parameter>contents</parameter> in turn from - <parameter>io</parameter>. It exists as a function, separate - from <function>read</function> for the benefit of the SEQUENCE - OF implementation. - </para> - <para> - The TLV of this SEQUENCE is read and parsed into a list of - TLVs, which are store in <constant>self.value</constant>, by - <classname>_GeneralObject</classname>.<function>read</function>. - Then <function>read</function> is called on each member to - process each TLV in turn. The next TLV is moved onto only when - a member returns TRUE from the read call. - </para> - </body> - </method> - ''') - - def readContents(self, io, contents): - if _GeneralObject.read( self, io ): - for item in contents: - Sequence._childRead( self, item ) - return 1 - else: - return 0 - - _addFragment(''' - <method> - <header> - <memberof>Sequence</memberof> - <name>read</name> - <parameter>io</parameter> - </header> - <body> - <para> - Most of the logic for reading is implemented in <function>readContents</function> - so it can be reused for <classname>SequenceOf</classname>'s - <function>read</function> function. - </para> - </body> - </method> - ''') - - def read(self, io=None): - self.next = 0 - return self.readContents(io, self.contents) - - _addFragment(''' - <method> - <header> - <memberof>Sequence</memberof> - <name>write</name> - <parameter>file</parameter> - </header> - <body> - <para> - <constant>self.value</constant> is set to the contents of this - SEQUENCE and then written by calling - <classname>_GeneralObject</classname>.<function>write</function> - whos encoder will call <function>write</function> of - each element in the list of contents in turn. - </para> - </body> - </method> - ''') - - def write(self, file): - if self._ioSafe(): - if self._isSet(): - _GeneralObject.set( self, self.contents ) - _GeneralObject.write( self, file ) - elif self.optional: - pass - else: - prob = self.findUnset() - raise DerError, '%s is not in a state which can be written, %s is unset' % (repr(self), repr(prob) ) - - _addFragment(''' - <method> - <header> - <memberof>Sequence</memberof> - <name>set</name> - <parameter>values</parameter> - </header> - <body> - <para> - Accessing and setting values for ASN1 objects is a bit of a - thorny issue. The problem stems from the arbitrary complexity - of the data and the possible levels of nesting, which in - practice are used and are quite massive. Designing a good general - approach is a bit tricky, perhaps nearly - impossible. I choose to use a most compact - form which is excellent for simple objects and is very concise. - </para> - <para> - <parameter>value</parameter> should be a list or tuple of - values. Each element of the list (or tuple) will be used in - turn to set a member. Defaults can be specified by using the - default value itself or <constant>None</constant>. Hence, for - SEQUENCES of SEQUENCES, SEQUENCES OF, SET and so on - <parameter>values</parameter> should consist of nested lists or - tuples. Look at the ASN1 specs for that object to figure out - exactly what these should look like. - </para> - </body> - </method> - ''') - - def set(self, values): - if self.contents is None: - raise DerError, 'the contents attribute should be set before using this object' - if not( isinstance(values, types.ListType) or isinstance(values, types.TupleType) ): - raise DerError, 'a sequence should be set with a list or tuple of values' - if len(values) != len(self.contents): - raise DerError, 'wrong number of values have been supplied to set %s. Expecting %i, got %i' % \ - (self.__class__.__name__, len(self.contents), len(values) ) - - i = 0 - for val in values: - self.contents[i].set(val) - i = i + 1 - - _addFragment(''' - <method> - <header> - <memberof>Sequence</memberof> - <name>get</name> - </header> - <body> - <para> - A tuple of the values of the contents of this sequence will be - returned. Hence, for SEQUENCES of SEQUENCES, SEQUENCES OF, SET - and so on nested tuples will be returned. - <function>get</function> always returns tuples even if a list - was used to set and object. - </para> - </body> - </method> - ''') - - def get(self): - if self.contents is None: - return _GeneralObject.get(self) - else: - results = [] - for obj in self.contents: - results.append( obj.get() ) - return tuple(results) - - def reset(self): - if self.contents is None: - raise DerError, 'this object has no members to set' - self.next = 0 - for obj in self.contents: - obj.reset() # clear all child objects prior to possible setting - # via default - _GeneralObject.reset(self) - - def _isSet(self): - if self.contents is None: - raise DerError, 'this object has no members to set' - for obj in self.contents: - if not obj._ioSafe(): - return 0 - return 1 - - def findUnset(self): - if self.contents is None: - raise DerError, 'this object has no members to check' - for obj in self.contents: - if not obj._ioSafe(): - return obj - - def _ioSafe(self): - if self.optional or self._isSet(): - return 1 - else: - for obj in self.contents: - if not obj._ioSafe(): - return 0 - return 1 - -_addFragment(''' -<class> - <header> - <name>SequenceOf</name> - <super>Sequence</super> - </header> - <body> - <para> - This object represents the ASN1 SEQUENCE OF construct. - </para> - </body> -</class> -''') -class SequenceOf(Sequence): - - _addFragment(''' - <constructor> - <header> - <memberof>SequenceOf</memberof> - <super>Sequence</super> - <parameter>contains</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - The <parameter>contains</parameter> should be the constructor - for the objects which this SEQUENCE OF contains. - </para> - </body> - </constructor> - ''') - - def __init__(self, contains, optional=0, default=''): - self.contains = contains - self.sequenceOf = [] - Sequence.__init__(self, [], optional, default) - - def _ioSafe(self): - return 1 - - def reset(self): - if self.contents is None: - raise DerError, 'this object has no members to set' - self.next = 0 - self.sequenceOf = [] - _GeneralObject.reset(self) - - def _isSet(self): - if self.sequenceOf: - for obj in self.contents: - if not obj._ioSafe(): - return 0 - return 1 - else: - return 0 - - def set(self, values): - if isinstance(values, types.NoneType): - return - objects = [] - for val in values: - obj = self.contains() - obj.set(val) - objects.append(obj) - self.sequenceOf = objects - - def get(self): - results = [] - for obj in self.sequenceOf: - results.append( obj.get() ) - return tuple(results) - - def read(self, io=None): - self.sequenceOf = [] - self.next = 0 - if _GeneralObject.read( self, io ): - for tagio in _GeneralObject.get(self): - value = self.contains() - value.read(tagio) - self.sequenceOf.append(value) - return 1 - else: - return 0 - - def write(self, file): - if not self._isSet() and self.optional: - pass - else: - _GeneralObject.set( self, self.sequenceOf ) - _GeneralObject.write( self, file ) - - def __len__(self): - return len(self.sequenceOf) - - def __getitem__(self, key): - return self.sequenceOf[key] - - def __iter__(self): - for i in self.sequenceOf: - yield(i) - - def __contains__(self, item): - return item in self.sequenceOf - -_addFragment(''' -<class> - <header> - <name>Set</name> - <super>Sequence</super> - </header> - <body> - <para> - This object represents the ASN1 Set type. - </para> - </body> -</class> -''') -class Set(Sequence): # 0x11 - - _addFragment(''' - <constructor> - <header> - <memberof>Set</memberof> - <super>Sequence</super> - <parameter>contents</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - The <parameter>contents</parameter> should be a list containing - the contents of the sequence. - </para> - </body> - </constructor> - ''') - - def __init__(self, contents, optional=0, default=''): - Sequence.__init__(self, contents, optional, default) - self.normnumber = TAG_SET - -_addFragment(''' -<class> - <header> - <name>SetOf</name> - <super>SequenceOf</super> - </header> - <body> - <para> - This object represents the ASN1 SET OF construct. - </para> - </body> -</class> -''') -class SetOf(SequenceOf): - - _addFragment(''' - <constructor> - <header> - <memberof>SetOf</memberof> - <super>SequenceOf</super> - <parameter>contains</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - The <parameter>contains</parameter> should be the constructor - for the objects which this SET OF contains. - </para> - </body> - </constructor> - ''') - - def __init__(self, contains, optional=0, default=''): - SequenceOf.__init__(self, contains, optional, default) - self.normnumber = TAG_SET - -_addFragment(''' -<class> - <header> - <name>Explicit</name> - <super>Sequence</super> - </header> - <body> - <para> - Explicit objects support the DER concept of explicit tagging. In - general they behave just like a SEQUENCE which must have only one - element. See below for other differences. - </para> - </body> -</class> -''') -class Explicit(Sequence): - - _addFragment(''' - <constructor> - <header> - <memberof>Explicit</memberof> - <super>Sequence</super> - <parameter>expclass</parameter> - <parameter>expform</parameter> - <parameter>expnumber</parameter> - <parameter>contents</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - <parameter>expclass</parameter>, - <parameter>expform</parameter>, - <parameter>expnumber</parameter> should be as - specified in the ASN1 documentation for this object. - <parameter>contents</parameter> should be an object instance - such as <classname>Integer</classname>, - <classname>Oid</classname> or a derived object which supports - the <classname>_GeneralObjec</classname> interface. - </para> - </body> - </constructor> - ''') - - def __init__(self, expclass, expform, expnumber, contents, optional=0, default=''): - self.contents = [contents] - self.next = 0 - _GeneralObject.__init__(self, expclass, expform, expnumber, _encodeSequence, _decodeSequence, optional, default) - - _addFragment(''' - <method> - <header> - <memberof>Explicit</memberof> - <name>set</name> - <parameter>value</parameter> - </header> - <body> - <para> - <parameter>value</parameter> is passed direct to - <function>set</function> of the explicit object, so it should - not be placed in a list or tuple(unless you are setting a constructed - object). - </para> - </body> - </method> - ''') - def set(self, value): - return Sequence.set(self, [value]) - - _addFragment(''' - <method> - <header> - <memberof>Explicit</memberof> - <name>get</name> - </header> - <body> - <para> - The value of explicit object is returned and not - put in a tuple. - </para> - </body> - </method> - ''') - def get(self): - return Sequence.get(self)[0] - -_addFragment(''' -<class> - <header> - <name>Choice</name> - </header> - <body> - <para> - This object represents the ASN1 Choice type. - </para> - </body> -</class> -''') -class Choice(object): - - _addFragment(''' - <constructor> - <header> - <memberof>Choice</memberof> - <parameter>choices</parameter> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - <body> - <para> - <parameter>choices</parameter> should be a dictionary of - objects which support the <classname>_GeneralObject</classname> - interface. The key being the name of the choice specified in the - ASN1 documentation. <parameter>optional</parameter> is a boolean - indicating if this object is optional. The final parameter, - <parameter>default</parameter> is the base 64 encoded DER - value, which should be used as the default in leu of a value to - read or incase it is unset. If neither - <parameter>optional</parameter> or - <parameter>default</parameter> is not set then the first choice - which is optional or has a default will be honored. - </para> - </body> - </constructor> - ''') - - def __init__(self, choices, optional=0, default=''): - self.value = None - self.choices = choices - self.optional = optional - self.default = default - self.choice = None - self.reset() - - def _ioSafe(self): - if self.optional or self._isSet(): - return 1 - elif self.choice and self.choices[ self.choice ]._ioSafe(): - return 1 - else: - return 0 - - def _isSet(self): - if self.choice and self.choices[self.choice]._isSet(): - return 1 - else: - return 0 - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>reset</name> - </header> - <body> - <para> - This function re-initialises the object, clearing the value or - setting it to any default. - </para> - </body> - </method> - ''') - def reset(self): - self.value = None - self.choice = None - if self.default: - buf = cStringIO.StringIO( base64.decodestring( self.default ) ) - io = _TlvIo(buf) - io.read() - self.read(io) - else: - for key in self.choices.keys(): - self.choices[key].reset() - if self.choices[key]._ioSafe(): - self.choice = key - break; - - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>set</name> - <parameter>value</parameter> - </header> - <body> - <para> - <parameter>value</parameter> should be a list or tuple with two - elements. The first value should be the name of the choice to - be set and the second the value to set it with. - </para> - </body> - </method> - ''') - def set(self, val): - if val is None: - return - if not (isinstance(val, types.ListType) or isinstance(val, types.TupleType)): - raise DerError, 'argument should be a list or tuple' - if not self.choices.has_key( val[0] ): - raise DerError, 'unknown choice: %s' % val[0] - self.choices[ val[0] ].set(val[1]) - self.choice = val[0] - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>get</name> - </header> - <body> - <para> - This function will return tuple with two elements. The first - value will be the name of the choice which was set and the second - the value it was set to. - </para> - </body> - </method> - ''') - - def get(self): - if self._isSet(): - return (self.choice, self.choices[ self.choice ].get()) - else: - return None - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>toString</name> - </header> - <body> - <para> - Encodes the value in DER and returns it as a string. - </para> - </body> - </method> - ''') - - def toString(self): - buf = cStringIO.StringIO() - self.write(buf) - return buf.getvalue() - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>fromString</name> - </header> - <body> - <para> - Decodes the string and sets the value of this object. - </para> - </body> - </method> - ''') - - def fromString(self, value): - buf = cStringIO.StringIO(value) - self.read(buf) - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>read</name> - <parameter>io</parameter> - </header> - <body> - <para> - <parameter>io</parameter> should be a file like object. If the - object being read matches the expected class, form and tag the - value is read and decoded using - <function>decRoutine</function>. Else, if it has a default - that is read and stored. - </para> - <para> - The return value of this function does not indicate success but - whether this TLV was processed successfully. This bahaviour is - vital for processing constructed types since the object may be - optional or have a default. Failure to decode would be indicated - by an exception. - </para> - </body> - </method> - ''') - - def _readChoices(self, io): - for key in self.choices.keys(): - try: - readindicator = self.choices[key].read(io) - self.choice = key - break; - except DerError: - if DEBUG: - traceback.print_exc() - return readindicator - - def read(self, io=None): - - self.choice = None - processDefOpt = 0 - readindicator = 0 - - if io is None: - processDefOpt = 1 - elif isinstance(io, _TlvIo): - if not io: - processDefOpt = 1 - else: - pos = io.tell() - io.seek(0,2) - if io.tell(): - io.seek(pos) - else: - processDefOpt = 1 - - if processDefOpt: - if self.optional or self.default: - self.reset() - return 0 - else: - readindicator = self._readChoices(io) - for key in self.choices.keys(): - try: - readindicator = self.choices[key].read(io) - self.choice = key - break; - except DerError: - if DEBUG: - traceback.print_exc() - if not self._isSet(): - raise DerError, 'no TLV is available to read in non-optional/non-default object: %s' % repr(self) - else: - return readindicator - - if not isinstance(io, _TlvIo): - tmp = _TlvIo(io) - tmp.read() - io = tmp - - for key in self.choices.keys(): - try: - if self.choices[key].read(io): - self.choice = key - readindicator = 1 - break; - except DerError: - if DEBUG: - traceback.print_exc() - - if not self._isSet(): - self.reset() - else: - return readindicator - - _addFragment(''' - <method> - <header> - <memberof>Choice</memberof> - <name>write</name> - <parameter>file</parameter> - </header> - <body> - <para> - If this object has not been set and is not optional and dosn't - have a default, a <classname>DerError</classname> exception will be raised - </para> - <para> - If no value has been set and this object is optional, nothing - is written. If this object's value is equal to the default, - nothing is written as stipulated by DER. Otherwise the value - is encoded and written. - </para> - </body> - </method> - ''') - def write(self,file): - if self.optional and not self.choice: - pass - elif not self.choice: - raise DerError, 'choice not set' - elif self.choice: - if self.default: - defval = base64.decodestring( self.default ) - if defval != self.choices[ self.choice ].toString(): - self.choices[ self.choice ].write(file) - else: - self.choices[ self.choice ].write(file) - else: - raise DerError, 'an internal error has occured: %s' % repr(self) - - diff --git a/rpkid/rpki/POW/_objects.py b/rpkid/rpki/POW/_objects.py deleted file mode 100644 index dc3a9c2b..00000000 --- a/rpkid/rpki/POW/_objects.py +++ /dev/null @@ -1,6880 +0,0 @@ -data = {'?': {'comment': 'ASTM 31.20', - 'description': '? (1 2 840 10065 2 2)', - 'hexoid': '06 07 2A 86 48 CE 51 02 02', - 'name': '?', - 'oid': (1, 2, 840, 10065, 2, 2)}, - 'AmericanExpress': {'comment': 'SET brand', - 'description': 'AmericanExpress (2 23 42 8 34)', - 'hexoid': '06 04 67 2A 08 22', - 'name': 'AmericanExpress', - 'oid': (2, 23, 42, 8, 34)}, - 'Antares': {'comment': 'SET vendor', - 'description': 'Antares (2 23 42 9 14)', - 'hexoid': '06 04 67 2A 09 0E', - 'name': 'Antares', - 'oid': (2, 23, 42, 9, 14)}, - 'BankGate': {'comment': 'SET vendor', - 'description': 'BankGate (2 23 42 9 7)', - 'hexoid': '06 04 67 2A 09 07', - 'name': 'BankGate', - 'oid': (2, 23, 42, 9, 7)}, - 'BlueMoney': {'comment': 'SET vendor', - 'description': 'BlueMoney (2 23 42 9 19)', - 'hexoid': '06 04 67 2A 09 13', - 'name': 'BlueMoney', - 'oid': (2, 23, 42, 9, 19)}, - 'Certicom': {'comment': 'SET vendor', - 'description': 'Certicom (2 23 42 9 11)', - 'hexoid': '06 04 67 2A 09 0B', - 'name': 'Certicom', - 'oid': (2, 23, 42, 9, 11)}, - 'Certificates': {'comment': 'Certificates Australia CA', - 'description': 'Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1)', - 'hexoid': '06 0A 2A 24 A4 97 A3 53 01 64 01 01', - 'name': 'Certificates', - 'oid': (1, 2, 36, 75878867, 1, 100, 1, 1)}, - 'CompuSource': {'comment': 'SET vendor', - 'description': 'CompuSource (2 23 42 9 9)', - 'hexoid': '06 04 67 2A 09 09', - 'name': 'CompuSource', - 'oid': (2, 23, 42, 9, 9)}, - 'CyberCash': {'comment': 'SET vendor', - 'description': 'CyberCash (2 23 42 9 2)', - 'hexoid': '06 04 67 2A 09 02', - 'name': 'CyberCash', - 'oid': (2, 23, 42, 9, 2)}, - 'Diners': {'comment': 'SET brand', - 'description': 'Diners (2 23 42 8 30)', - 'hexoid': '06 04 67 2A 08 1E', - 'name': 'Diners', - 'oid': (2, 23, 42, 8, 30)}, - 'ECC': {'comment': 'SET vendor', - 'description': 'ECC (2 23 42 9 15)', - 'hexoid': '06 04 67 2A 09 0F', - 'name': 'ECC', - 'oid': (2, 23, 42, 9, 15)}, - 'ElGamal': {'comment': 'Unsure about this OID', - 'description': 'ElGamal (1 3 14 7 2 1 1)', - 'hexoid': '06 06 2B 0E 07 02 01 01', - 'name': 'ElGamal', - 'oid': (1, 3, 14, 7, 2, 1, 1)}, - 'EntityLogo': {'comment': 'Netscape certificate extension', - 'description': 'EntityLogo (2 16 840 1 113730 1 10)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0A', - 'name': 'EntityLogo', - 'oid': (2, 16, 840, 1, 113730, 1, 10)}, - 'Entrust': {'comment': 'SET vendor', - 'description': 'Entrust (2 23 42 9 23)', - 'hexoid': '06 04 67 2A 09 17', - 'name': 'Entrust', - 'oid': (2, 23, 42, 9, 23)}, - 'FBCA-Basic': {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-Basic policyIdentifier (2 16 840 1 101 3 2 1 3 2)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 02', - 'name': 'FBCA-Basic', - 'oid': (2, 16, 840, 1, 101, 3, 2, 1, 3, 2)}, - 'FBCA-High': {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-High policyIdentifier (2 16 840 1 101 3 2 1 3 4)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 04', - 'name': 'FBCA-High', - 'oid': (2, 16, 840, 1, 101, 3, 2, 1, 3, 4)}, - 'FBCA-Medium': {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-Medium policyIdentifier (2 16 840 1 101 3 2 1 3 3)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 03', - 'name': 'FBCA-Medium', - 'oid': (2, 16, 840, 1, 101, 3, 2, 1, 3, 3)}, - 'FBCA-Rudimentary': {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-Rudimentary policyIdentifier (2 16 840 1 101 3 2 1 3 1)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 01', - 'name': 'FBCA-Rudimentary', - 'oid': (2, 16, 840, 1, 101, 3, 2, 1, 3, 1)}, - 'Fujitsu': {'comment': 'SET vendor', - 'description': 'Fujitsu (2 23 42 9 21)', - 'hexoid': '06 04 67 2A 09 15', - 'name': 'Fujitsu', - 'oid': (2, 23, 42, 9, 21)}, - 'GTE': {'comment': 'SET vendor', - 'description': 'GTE (2 23 42 9 8)', - 'hexoid': '06 04 67 2A 09 08', - 'name': 'GTE', - 'oid': (2, 23, 42, 9, 8)}, - 'Gemplus': {'comment': 'SET vendor', - 'description': 'Gemplus (2 23 42 9 38)', - 'hexoid': '06 04 67 2A 09 26', - 'name': 'Gemplus', - 'oid': (2, 23, 42, 9, 38)}, - 'GlobeSet': {'comment': 'SET vendor', - 'description': 'GlobeSet (2 23 42 9 0)', - 'hexoid': '06 04 67 2A 09 00', - 'name': 'GlobeSet', - 'oid': (2, 23, 42, 9, 0)}, - 'Griffin': {'comment': 'SET vendor', - 'description': 'Griffin (2 23 42 9 10)', - 'hexoid': '06 04 67 2A 09 0A', - 'name': 'Griffin', - 'oid': (2, 23, 42, 9, 10)}, - 'Hitachi': {'comment': 'SET vendor', - 'description': 'Hitachi (2 23 42 9 32)', - 'hexoid': '06 04 67 2A 09 20', - 'name': 'Hitachi', - 'oid': (2, 23, 42, 9, 32)}, - 'HomePage-url': {'comment': 'Netscape certificate extension', - 'description': 'HomePage-url (2 16 840 1 113730 1 9)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 09', - 'name': 'HomePage-url', - 'oid': (2, 16, 840, 1, 113730, 1, 9)}, - 'IATA-ATA': {'comment': 'SET brand', - 'description': 'IATA-ATA (2 23 42 8 1)', - 'hexoid': '06 04 67 2A 08 01', - 'name': 'IATA-ATA', - 'oid': (2, 23, 42, 8, 1)}, - 'IBM': {'comment': 'SET vendor', - 'description': 'IBM (2 23 42 9 1)', - 'hexoid': '06 04 67 2A 09 01', - 'name': 'IBM', - 'oid': (2, 23, 42, 9, 1)}, - 'ICE-TEL': {'comment': 'ICE-TEL CA policy', - 'description': 'ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 95 62 01 01 01', - 'name': 'ICE-TEL', - 'oid': (1, 3, 6, 1, 4, 1, 2786, 1, 1, 1)}, - 'III': {'comment': 'SET vendor', - 'description': 'III (2 23 42 9 25)', - 'hexoid': '06 04 67 2A 09 19', - 'name': 'III', - 'oid': (2, 23, 42, 9, 25)}, - 'IKEhmacWithMD5-RSA': {'comment': 'Novell signature algorithm', - 'description': 'IKEhmacWithMD5-RSA (2 16 840 1 113719 1 2 8 52)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 34', - 'name': 'IKEhmacWithMD5-RSA', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 52)}, - 'IKEhmacWithSHA1-RSA': {'comment': 'Novell signature algorithm', - 'description': 'IKEhmacWithSHA1-RSA (2 16 840 1 113719 1 2 8 51)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 33', - 'name': 'IKEhmacWithSHA1-RSA', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 51)}, - 'Identrus': {'comment': 'Identrus', - 'description': 'Identrus unknown policyIdentifier (1 2 840 114021 1 6 1)', - 'hexoid': '06 09 2A 86 48 86 FA 65 01 06 01', - 'name': 'Identrus', - 'oid': (1, 2, 840, 114021, 1, 6, 1)}, - 'Intertrader': {'comment': 'SET vendor', - 'description': 'Intertrader (2 23 42 9 28)', - 'hexoid': '06 04 67 2A 09 1C', - 'name': 'Intertrader', - 'oid': (2, 23, 42, 9, 28)}, - 'Japan': {'comment': 'SET national', - 'description': 'Japan (2 23 42 10 392)', - 'hexoid': '06 05 67 2A 0A 83 08', - 'name': 'Japan', - 'oid': (2, 23, 42, 10, 392)}, - 'LMDigest': {'comment': 'Novell digest algorithm', - 'description': 'LMDigest (2 16 840 1 113719 1 2 8 32)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 20', - 'name': 'LMDigest', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 32)}, - 'Lacerte': {'comment': 'SET vendor', - 'description': 'Lacerte (2 23 42 9 20)', - 'hexoid': '06 04 67 2A 09 14', - 'name': 'Lacerte', - 'oid': (2, 23, 42, 9, 20)}, - 'Lexem': {'comment': 'SET vendor', - 'description': 'Lexem (2 23 42 9 27)', - 'hexoid': '06 04 67 2A 09 1B', - 'name': 'Lexem', - 'oid': (2, 23, 42, 9, 27)}, - 'MD2': {'comment': 'Novell digest algorithm', - 'description': 'MD2 (2 16 840 1 113719 1 2 8 40)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 28', - 'name': 'MD2', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 40)}, - 'MD4': {'comment': 'Novell digest algorithm', - 'description': 'MD4 (2 16 840 1 113719 1 2 8 95)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 5F', - 'name': 'MD4', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 95)}, - 'MD4Packet': {'comment': 'Novell keyed hash', - 'description': 'MD4Packet (2 16 840 1 113719 1 2 8 130)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 02', - 'name': 'MD4Packet', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 130)}, - 'MD5': {'comment': 'Novell digest algorithm', - 'description': 'MD5 (2 16 840 1 113719 1 2 8 50)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 32', - 'name': 'MD5', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 50)}, - 'Maithean': {'comment': 'SET vendor', - 'description': 'Maithean (2 23 42 9 16)', - 'hexoid': '06 04 67 2A 09 10', - 'name': 'Maithean', - 'oid': (2, 23, 42, 9, 16)}, - 'MasterCard': {'comment': 'SET brand', - 'description': 'MasterCard (2 23 42 8 5)', - 'hexoid': '06 04 67 2A 08 05', - 'name': 'MasterCard', - 'oid': (2, 23, 42, 8, 5)}, - 'Microsoft': {'comment': 'SET vendor', - 'description': 'Microsoft (2 23 42 9 33)', - 'hexoid': '06 04 67 2A 09 21', - 'name': 'Microsoft', - 'oid': (2, 23, 42, 9, 33)}, - 'Mitsubishi': {'comment': 'SET vendor', - 'description': 'Mitsubishi (2 23 42 9 35)', - 'hexoid': '06 04 67 2A 09 23', - 'name': 'Mitsubishi', - 'oid': (2, 23, 42, 9, 35)}, - 'NABLE': {'comment': 'SET vendor', - 'description': 'NABLE (2 23 42 9 30)', - 'hexoid': '06 04 67 2A 09 1E', - 'name': 'NABLE', - 'oid': (2, 23, 42, 9, 30)}, - 'NCR': {'comment': 'SET vendor', - 'description': 'NCR (2 23 42 9 36)', - 'hexoid': '06 04 67 2A 09 24', - 'name': 'NCR', - 'oid': (2, 23, 42, 9, 36)}, - 'NEC': {'comment': 'SET vendor', - 'description': 'NEC (2 23 42 9 34)', - 'hexoid': '06 04 67 2A 09 22', - 'name': 'NEC', - 'oid': (2, 23, 42, 9, 34)}, - 'NWPassword': {'comment': 'Novell encryption algorithm', - 'description': 'NWPassword (2 16 840 1 113719 1 2 8 132)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 04', - 'name': 'NWPassword', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 132)}, - 'Netscape': {'comment': 'SET vendor', - 'description': 'Netscape (2 23 42 9 17)', - 'hexoid': '06 04 67 2A 09 11', - 'name': 'Netscape', - 'oid': (2, 23, 42, 9, 17)}, - 'Northrop': {'comment': 'Northrop Grumman extended key usage', - 'description': 'Northrop Grumman extKeyUsage? (1 3 6 1 4 1 16334 509 1 1)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 01 01', - 'name': 'Northrop', - 'oid': (1, 3, 6, 1, 4, 1, 16334, 509, 1, 1)}, - 'Novus': {'comment': 'SET brand', - 'description': 'Novus (2 23 42 8 6011)', - 'hexoid': '06 05 67 2A 08 AE 7B', - 'name': 'Novus', - 'oid': (2, 23, 42, 8, 6011)}, - 'OSS': {'comment': 'SET vendor', - 'description': 'OSS (2 23 42 9 12)', - 'hexoid': '06 04 67 2A 09 0C', - 'name': 'OSS', - 'oid': (2, 23, 42, 9, 12)}, - 'OpenMarket': {'comment': 'SET vendor', - 'description': 'OpenMarket (2 23 42 9 26)', - 'hexoid': '06 04 67 2A 09 1A', - 'name': 'OpenMarket', - 'oid': (2, 23, 42, 9, 26)}, - 'PANData': {'comment': 'SET contentType', - 'description': 'PANData (2 23 42 0 0)', - 'hexoid': '06 04 67 2A 00 00', - 'name': 'PANData', - 'oid': (2, 23, 42, 0, 0)}, - 'PANOnly': {'comment': 'SET contentType', - 'description': 'PANOnly (2 23 42 0 2)', - 'hexoid': '06 04 67 2A 00 02', - 'name': 'PANOnly', - 'oid': (2, 23, 42, 0, 2)}, - 'PANToken': {'comment': 'SET contentType', - 'description': 'PANToken (2 23 42 0 1)', - 'hexoid': '06 04 67 2A 00 01', - 'name': 'PANToken', - 'oid': (2, 23, 42, 0, 1)}, - 'Persimmon': {'comment': 'SET vendor', - 'description': 'Persimmon (2 23 42 9 29)', - 'hexoid': '06 04 67 2A 09 1D', - 'name': 'Persimmon', - 'oid': (2, 23, 42, 9, 29)}, - 'RSADSI': {'comment': 'SET vendor', - 'description': 'RSADSI (2 23 42 9 4)', - 'hexoid': '06 04 67 2A 09 04', - 'name': 'RSADSI', - 'oid': (2, 23, 42, 9, 4)}, - 'SEIS': {'comment': 'SEIS Project attribute', - 'description': 'SEIS at-personalIdentifier (1 2 752 34 3 1)', - 'hexoid': '06 06 2A 85 70 22 03 01', - 'name': 'SEIS', - 'oid': (1, 2, 752, 34, 3, 1)}, - 'SHA-1': {'comment': 'Novell digest algorithm', - 'description': 'SHA-1 (2 16 840 1 113719 1 2 8 82)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 52', - 'name': 'SHA-1', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 82)}, - 'Signet': {'comment': 'Signet CA', - 'description': 'Signet policyIdentifier (1 2 36 68980861 1 1 20)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 14', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 20)}, - 'Telesec': {'comment': 'Telesec cert/CRL extension', - 'description': 'Telesec policyIdentifier (0 2 262 1 10 12 2)', - 'hexoid': '06 07 02 82 06 01 0A 0C 02', - 'name': 'Telesec', - 'oid': (0, 2, 262, 1, 10, 12, 2)}, - 'Teletrust': {'comment': 'Teletrust policy', - 'description': 'Teletrust SigGConform policyIdentifier (1 3 36 8 1 1)', - 'hexoid': '06 05 2B 24 08 01 01', - 'name': 'Teletrust', - 'oid': (1, 3, 36, 8, 1, 1)}, - 'TenthMountain': {'comment': 'SET vendor', - 'description': 'TenthMountain (2 23 42 9 13)', - 'hexoid': '06 04 67 2A 09 0D', - 'name': 'TenthMountain', - 'oid': (2, 23, 42, 9, 13)}, - 'Terisa': {'comment': 'SET vendor', - 'description': 'Terisa (2 23 42 9 3)', - 'hexoid': '06 04 67 2A 09 03', - 'name': 'Terisa', - 'oid': (2, 23, 42, 9, 3)}, - 'TrinTech': {'comment': 'SET vendor', - 'description': 'TrinTech (2 23 42 9 6)', - 'hexoid': '06 04 67 2A 09 06', - 'name': 'TrinTech', - 'oid': (2, 23, 42, 9, 6)}, - 'UNINETT': {'comment': 'UNINETT PCA', - 'description': 'UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 92 7C 0A 01 01', - 'name': 'UNINETT', - 'oid': (1, 3, 6, 1, 4, 1, 2428, 10, 1, 1)}, - 'Unknown': {'comment': 'Verisign extension', - 'description': 'Unknown Verisign VPN extension (2 16 840 1 113733 1 6 13)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 0D', - 'name': 'Unknown', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 13)}, - 'UserPicture': {'comment': 'Netscape certificate extension', - 'description': 'UserPicture (2 16 840 1 113730 1 11)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0B', - 'name': 'UserPicture', - 'oid': (2, 16, 840, 1, 113730, 1, 11)}, - 'VIAnet': {'comment': 'SET vendor', - 'description': 'VIAnet (2 23 42 9 24)', - 'hexoid': '06 04 67 2A 09 18', - 'name': 'VIAnet', - 'oid': (2, 23, 42, 9, 24)}, - 'VISA': {'comment': 'SET brand', - 'description': 'VISA (2 23 42 8 4)', - 'hexoid': '06 04 67 2A 08 04', - 'name': 'VISA', - 'oid': (2, 23, 42, 8, 4)}, - 'VeriFone': {'comment': 'SET vendor', - 'description': 'VeriFone (2 23 42 9 5)', - 'hexoid': '06 04 67 2A 09 05', - 'name': 'VeriFone', - 'oid': (2, 23, 42, 9, 5)}, - 'Verisign': {'comment': 'SET vendor', - 'description': 'Verisign (2 23 42 9 18)', - 'hexoid': '06 04 67 2A 09 12', - 'name': 'Verisign', - 'oid': (2, 23, 42, 9, 18)}, - 'X.500-Alg-Encryption': {'description': 'X.500-Alg-Encryption (2 5 8 1)', - 'hexoid': '06 03 55 08 01', - 'name': 'X.500-Alg-Encryption', - 'oid': (2, 5, 8, 1)}, - 'X.500-Algorithms': {'description': 'X.500-Algorithms (2 5 8)', - 'hexoid': '06 02 55 08', - 'name': 'X.500-Algorithms', - 'oid': (2, 5, 8)}, - 'aACertificate': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'aACertificate (2 5 4 61)', - 'hexoid': '06 03 55 04 3D', - 'name': 'aACertificate', - 'oid': (2, 5, 4, 61)}, - 'acAaControls': {'comment': 'PKIX private extension', - 'description': 'acAaControls (1 3 6 1 5 5 7 1 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 06', - 'name': 'acAaControls', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 6)}, - 'acAuditIdentity': {'comment': 'PKIX private extension', - 'description': 'acAuditIdentity (1 3 6 1 5 5 7 1 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 04', - 'name': 'acAuditIdentity', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 4)}, - 'acProxying': {'comment': 'PKIX private extension', - 'description': 'acProxying (1 3 6 1 5 5 7 1 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 0A', - 'name': 'acProxying', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 10)}, - 'acTargeting': {'comment': 'PKIX private extension', - 'description': 'acTargeting (1 3 6 1 5 5 7 1 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 05', - 'name': 'acTargeting', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 5)}, - 'accessIdentity': {'comment': 'PKIX attribute certificate extension', - 'description': 'accessIdentity (1 3 6 1 5 5 7 10 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 02', - 'name': 'accessIdentity', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 2)}, - 'accountNumber': {'comment': 'SET field', - 'description': 'accountNumber (2 23 42 2 11)', - 'hexoid': '06 04 67 2A 02 0B', - 'name': 'accountNumber', - 'oid': (2, 23, 42, 2, 11)}, - 'action': {'comment': 'Telesec', - 'description': 'action (0 2 262 1 10 9)', - 'hexoid': '06 06 02 82 06 01 0A 09', - 'name': 'action', - 'oid': (0, 2, 262, 1, 10, 9)}, - 'additionalAttributesSig': {'comment': 'S/MIME Signature Type Identifier', - 'description': 'additionalAttributesSig (1 2 840 113549 1 9 16 9 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 03', - 'name': 'additionalAttributesSig', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 9, 3)}, - 'additionalInformation': {'comment': 'Teletrust attribute', - 'description': 'additionalInformation (1 3 36 8 3 15)', - 'hexoid': '06 05 2B 24 08 03 0F', - 'name': 'additionalInformation', - 'oid': (1, 3, 36, 8, 3, 15)}, - 'additionalPolicy': {'comment': 'SET cert attribute', - 'description': 'additionalPolicy (2 23 42 3 0 1)', - 'hexoid': '06 05 67 2A 03 00 01', - 'name': 'additionalPolicy', - 'oid': (2, 23, 42, 3, 0, 1)}, - 'address': {'comment': 'SET field', - 'description': 'address (2 23 42 2 8)', - 'hexoid': '06 04 67 2A 02 08', - 'name': 'address', - 'oid': (2, 23, 42, 2, 8)}, - 'admission': {'comment': 'Teletrust attribute', - 'description': 'admission (1 3 36 8 3 3)', - 'hexoid': '06 05 2B 24 08 03 03', - 'name': 'admission', - 'oid': (1, 3, 36, 8, 3, 3)}, - 'aes': {'comment': 'NIST Algorithm', - 'description': 'aes (2 16 840 1 101 3 4 1)', - 'hexoid': '06 08 60 86 48 01 65 03 04 01', - 'name': 'aes', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1)}, - 'aes128-CBC': {'comment': 'NIST Algorithm', - 'description': 'aes128-CBC (2 16 840 1 101 3 4 1 2)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 02', - 'name': 'aes128-CBC', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 2)}, - 'aes128-CFB': {'comment': 'NIST Algorithm', - 'description': 'aes128-CFB (2 16 840 1 101 3 4 1 4)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 04', - 'name': 'aes128-CFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 4)}, - 'aes128-ECB': {'comment': 'NIST Algorithm', - 'description': 'aes128-ECB (2 16 840 1 101 3 4 1 1)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 01', - 'name': 'aes128-ECB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 1)}, - 'aes128-OFB': {'comment': 'NIST Algorithm', - 'description': 'aes128-OFB (2 16 840 1 101 3 4 1 3)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 03', - 'name': 'aes128-OFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 3)}, - 'aes192-CBC': {'comment': 'NIST Algorithm', - 'description': 'aes192-CBC (2 16 840 1 101 3 4 1 22)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 16', - 'name': 'aes192-CBC', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 22)}, - 'aes192-CFB': {'comment': 'NIST Algorithm', - 'description': 'aes192-CFB (2 16 840 1 101 3 4 1 24)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 18', - 'name': 'aes192-CFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 24)}, - 'aes192-ECB': {'comment': 'NIST Algorithm', - 'description': 'aes192-ECB (2 16 840 1 101 3 4 1 21)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 15', - 'name': 'aes192-ECB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 21)}, - 'aes192-OFB': {'comment': 'NIST Algorithm', - 'description': 'aes192-OFB (2 16 840 1 101 3 4 1 23)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 17', - 'name': 'aes192-OFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 23)}, - 'aes256-CBC': {'comment': 'NIST Algorithm', - 'description': 'aes256-CBC (2 16 840 1 101 3 4 1 42)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 2A', - 'name': 'aes256-CBC', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 42)}, - 'aes256-CFB': {'comment': 'NIST Algorithm', - 'description': 'aes256-CFB (2 16 840 1 101 3 4 1 44)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 2C', - 'name': 'aes256-CFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 44)}, - 'aes256-ECB': {'comment': 'NIST Algorithm', - 'description': 'aes256-ECB (2 16 840 1 101 3 4 1 41)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 29', - 'name': 'aes256-ECB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 41)}, - 'aes256-OFB': {'comment': 'NIST Algorithm', - 'description': 'aes256-OFB (2 16 840 1 101 3 4 1 43)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 2B', - 'name': 'aes256-OFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 43)}, - 'alExemptedAddressProcessor': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'alExemptedAddressProcessor (2 16 840 1 101 2 1 5 47)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2F', - 'name': 'alExemptedAddressProcessor', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 47)}, - 'algorithm': {'comment': 'SET', - 'description': 'algorithm (2 23 42 4)', - 'hexoid': '06 03 67 2A 04', - 'name': 'algorithm', - 'oid': (2, 23, 42, 4)}, - 'algorithms': {'comment': 'PKIX', - 'description': 'algorithms (1 3 6 1 5 5 7 6)', - 'hexoid': '06 07 2B 06 01 05 05 07 06', - 'name': 'algorithms', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6)}, - 'alias': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'alias (2 5 6 1)', - 'hexoid': '06 03 55 06 01', - 'name': 'alias', - 'oid': (2, 5, 6, 1)}, - 'aliasedEntryName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'aliasedEntryName (2 5 4 1)', - 'hexoid': '06 03 55 04 01', - 'name': 'aliasedEntryName', - 'oid': (2, 5, 4, 1)}, - 'alid': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'alid (2 16 840 1 101 2 1 5 14)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0E', - 'name': 'alid', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 14)}, - 'altCertTemplate': {'comment': 'PKIX CRMF registration control', - 'description': 'altCertTemplate (1 3 6 1 5 5 7 5 1 7)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 07', - 'name': 'altCertTemplate', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 7)}, - 'amount': {'comment': 'SET field', - 'description': 'amount (2 23 42 2 10)', - 'hexoid': '06 04 67 2A 02 0A', - 'name': 'amount', - 'oid': (2, 23, 42, 2, 10)}, - 'anonymizedPublicKeyDirectory': {'comment': 'Telesec attribute', - 'description': 'anonymizedPublicKeyDirectory (0 2 262 1 10 7 16)', - 'hexoid': '06 07 02 82 06 01 0A 07 10', - 'name': 'anonymizedPublicKeyDirectory', - 'oid': (0, 2, 262, 1, 10, 7, 16)}, - 'ansiX9p192r1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'ansiX9p192r1 (1 2 840 10045 3 1 1)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 01 01', - 'name': 'ansiX9p192r1', - 'oid': (1, 2, 840, 10045, 3, 1, 1)}, - 'ansiX9p256r1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'ansiX9p256r1 (1 2 840 10045 3 1 7)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 01 07', - 'name': 'ansiX9p256r1', - 'oid': (1, 2, 840, 10045, 3, 1, 7)}, - 'anyExtendedKeyUsage': {'comment': 'X.509 extended key usage', - 'description': 'anyExtendedKeyUsage (2 5 29 37 0)', - 'hexoid': '06 04 55 1D 25 00', - 'name': 'anyExtendedKeyUsage', - 'oid': (2, 5, 29, 37, 0)}, - 'anyPolicy': {'comment': 'X.509 certificatePolicies (2 5 29 32)', - 'description': 'anyPolicy (2 5 29 32 0)', - 'hexoid': '06 04 55 1D 20 00', - 'name': 'anyPolicy', - 'oid': (2, 5, 29, 32, 0)}, - 'api': {'comment': 'Teletrust API', - 'description': 'api (1 3 36 6)', - 'hexoid': '06 03 2B 24 06', - 'name': 'api', - 'oid': (1, 3, 36, 6)}, - 'applicationEntity': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'applicationEntity (2 5 6 12)', - 'hexoid': '06 03 55 06 0C', - 'name': 'applicationEntity', - 'oid': (2, 5, 6, 12)}, - 'applicationGroupIdentifier': {'comment': 'Telesec attribute', - 'description': 'applicationGroupIdentifier (0 2 262 1 10 7 0)', - 'hexoid': '06 07 02 82 06 01 0A 07 00', - 'name': 'applicationGroupIdentifier', - 'oid': (0, 2, 262, 1, 10, 7, 0)}, - 'applicationProcess': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'applicationProcess (2 5 6 11)', - 'hexoid': '06 03 55 06 0B', - 'name': 'applicationProcess', - 'oid': (2, 5, 6, 11)}, - 'aprUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'aprUKMs (2 16 840 1 101 2 1 5 23)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 17', - 'name': 'aprUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 23)}, - 'archiveTimeStamp': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'archiveTimeStamp (1 2 840 113549 1 9 16 2 27)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1B', - 'name': 'archiveTimeStamp', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 27)}, - 'archivedKey': {'comment': 'Microsoft attribute', - 'description': 'archivedKey (1 3 6 1 4 1 311 21 13)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 0D', - 'name': 'archivedKey', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 13)}, - 'ascom': {'comment': 'Ascom Systech', - 'description': 'ascom (1 3 6 1 4 1 188 7 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 81 3C 07 01 01', - 'name': 'ascom', - 'oid': (1, 3, 6, 1, 4, 1, 188, 7, 1, 1)}, - 'attrCert': {'comment': 'Teletrust signature attributes', - 'description': 'attrCert (1 3 36 8 6 3)', - 'hexoid': '06 05 2B 24 08 06 03', - 'name': 'attrCert', - 'oid': (1, 3, 36, 8, 6, 3)}, - 'attrRef': {'comment': 'Teletrust signature attributes', - 'description': 'attrRef (1 3 36 8 6 4)', - 'hexoid': '06 05 2B 24 08 06 04', - 'name': 'attrRef', - 'oid': (1, 3, 36, 8, 6, 4)}, - 'attribute': {'comment': 'SET', - 'description': 'attribute (2 23 42 3)', - 'hexoid': '06 03 67 2A 03', - 'name': 'attribute', - 'oid': (2, 23, 42, 3)}, - 'attribute-cert': {'comment': 'ANSI X9.57 attribute', - 'description': 'attribute-cert (1 2 840 10040 3 2)', - 'hexoid': '06 07 2A 86 48 CE 38 03 02', - 'name': 'attribute-cert', - 'oid': (1, 2, 840, 10040, 3, 2)}, - 'attributeAuthorityRevocationList': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeAuthorityRevocationList (2 5 4 63)', - 'hexoid': '06 03 55 04 3F', - 'name': 'attributeAuthorityRevocationList', - 'oid': (2, 5, 4, 63)}, - 'attributeCert': {'comment': 'PKIX', - 'description': 'attributeCert (1 3 6 1 5 5 7 0 12)', - 'hexoid': '06 08 2B 06 01 05 05 07 00 0C', - 'name': 'attributeCert', - 'oid': (1, 3, 6, 1, 5, 5, 7, 0, 12)}, - 'attributeCertificate': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeCertificate (2 5 4 58)', - 'hexoid': '06 03 55 04 3A', - 'name': 'attributeCertificate', - 'oid': (2, 5, 4, 58)}, - 'attributeCertificateRevocationList': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeCertificateRevocationList (2 5 4 59)', - 'hexoid': '06 03 55 04 3B', - 'name': 'attributeCertificateRevocationList', - 'oid': (2, 5, 4, 59)}, - 'attributeDescriptorCertificate': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeDescriptorCertificate (2 5 4 62)', - 'hexoid': '06 03 55 04 3E', - 'name': 'attributeDescriptorCertificate', - 'oid': (2, 5, 4, 62)}, - 'attributeGroup': {'comment': 'Telesec', - 'description': 'attributeGroup (0 2 262 1 10 8)', - 'hexoid': '06 06 02 82 06 01 0A 08', - 'name': 'attributeGroup', - 'oid': (0, 2, 262, 1, 10, 8)}, - 'attributeIntegrityInfo': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeIntegrityInfo (2 5 4 57)', - 'hexoid': '06 03 55 04 39', - 'name': 'attributeIntegrityInfo', - 'oid': (2, 5, 4, 57)}, - 'attributeSchema': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'attributeSchema (1 2 840 113556 1 3 14)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 0E', - 'name': 'attributeSchema', - 'oid': (1, 2, 840, 113556, 1, 3, 14)}, - 'attributeTypes': {'comment': 'Telesec module', - 'description': 'attributeTypes (0 2 262 1 10 2 1)', - 'hexoid': '06 07 02 82 06 01 0A 02 01', - 'name': 'attributeTypes', - 'oid': (0, 2, 262, 1, 10, 2, 1)}, - 'augUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'augUKMs (2 16 840 1 101 2 1 5 27)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1B', - 'name': 'augUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 27)}, - 'australianBusinessNumber': {'comment': 'Australian Government corporate taxpayer ID', - 'description': 'australianBusinessNumber (1 2 36 1 333 1)', - 'hexoid': '06 06 2A 24 01 82 4D 01', - 'name': 'australianBusinessNumber', - 'oid': (1, 2, 36, 1, 333, 1)}, - 'authData': {'comment': 'S/MIME Content Types', - 'description': 'authData (1 2 840 113549 1 9 16 1 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 02', - 'name': 'authData', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 2)}, - 'authenticatedAttributes': {'comment': 'S/MIME', - 'description': 'authenticatedAttributes (1 2 840 113549 1 9 16 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 02', - 'name': 'authenticatedAttributes', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2)}, - 'authentication': {'comment': 'Telesec mechanism', - 'description': 'authentication (0 2 262 1 10 1 0)', - 'hexoid': '06 07 02 82 06 01 0A 01 00', - 'name': 'authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0)}, - 'authenticationInfo': {'comment': 'PKIX attribute certificate extension', - 'description': 'authenticationInfo (1 3 6 1 5 5 7 10 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 01', - 'name': 'authenticationInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 1)}, - 'authenticator': {'comment': 'PKIX CRMF registration control', - 'description': 'authenticator (1 3 6 1 5 5 7 5 1 2)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 02', - 'name': 'authenticator', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 2)}, - 'authorityInfoAccess': {'comment': 'PKIX private extension', - 'description': 'authorityInfoAccess (1 3 6 1 5 5 7 1 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 01', - 'name': 'authorityInfoAccess', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 1)}, - 'authorityKeyIdentifier': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'authorityKeyIdentifier (2 5 29 35)', - 'hexoid': '06 03 55 1D 23', - 'name': 'authorityKeyIdentifier', - 'oid': (2, 5, 29, 35)}, - 'authorityRevocationList': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'authorityRevocationList (2 5 4 38)', - 'hexoid': '06 03 55 04 26', - 'name': 'authorityRevocationList', - 'oid': (2, 5, 4, 38)}, - 'autoGen': {'comment': 'Teletrust signature attributes', - 'description': 'autoGen (1 3 36 8 6 10)', - 'hexoid': '06 05 2B 24 08 06 0A', - 'name': 'autoGen', - 'oid': (1, 3, 36, 8, 6, 10)}, - 'basicConstraints': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'basicConstraints (2 5 29 19)', - 'hexoid': '06 03 55 1D 13', - 'name': 'basicConstraints', - 'oid': (2, 5, 29, 19)}, - 'biometricInfo': {'comment': 'PKIX private extension', - 'description': 'biometricInfo (1 3 6 1 5 5 7 1 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 02', - 'name': 'biometricInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 2)}, - 'birthFamilyName': {'comment': 'SET field', - 'description': 'birthFamilyName (2 23 42 2 3)', - 'hexoid': '06 04 67 2A 02 03', - 'name': 'birthFamilyName', - 'oid': (2, 23, 42, 2, 3)}, - 'blowfishCBC': {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishCBC (1 3 6 1 4 1 3029 1 1 2)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 02', - 'name': 'blowfishCBC', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 2)}, - 'blowfishCFB': {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishCFB (1 3 6 1 4 1 3029 1 1 3)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 03', - 'name': 'blowfishCFB', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 3)}, - 'blowfishECB': {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishECB (1 3 6 1 4 1 3029 1 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 01', - 'name': 'blowfishECB', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 1)}, - 'blowfishOFB': {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishOFB (1 3 6 1 4 1 3029 1 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 04', - 'name': 'blowfishOFB', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 4)}, - 'brainpoolP224r1': {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 14)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 0E', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 14)}, - 'brand': {'comment': 'SET', - 'description': 'brand (2 23 42 8)', - 'hexoid': '06 03 67 2A 08', - 'name': 'brand', - 'oid': (2, 23, 42, 8)}, - 'bsi': {'comment': 'BSI TR-03110/TR-03111', - 'description': 'bsi (0 4 0 127 0 7)', - 'hexoid': '06 05 04 00 7F 00 07', - 'name': 'bsi', - 'oid': (0, 4, 0, 127, 0, 7)}, - 'bsi-1': {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi-1 (1 3 36 3 1 5)', - 'hexoid': '06 05 2B 24 03 01 05', - 'name': 'bsi-1', - 'oid': (1, 3, 36, 3, 1, 5)}, - 'bsiCA': {'comment': 'BSI TR-03110', - 'description': 'bsiCA (0 4 0 127 0 7 2 2 1)', - 'hexoid': '06 08 04 00 7F 00 07 02 02 01', - 'name': 'bsiCA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 1)}, - 'bsiCA_DH': {'comment': 'BSI TR-03110', - 'description': 'bsiCA_DH (0 4 0 127 0 7 2 2 1 1)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 01 01', - 'name': 'bsiCA_DH', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 1, 1)}, - 'bsiCA_ECDH': {'comment': 'BSI TR-03110', - 'description': 'bsiCA_ECDH (0 4 0 127 0 7 2 2 1 2)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 01 02', - 'name': 'bsiCA_ECDH', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 1, 2)}, - 'bsiCharacteristicTwoBasis': {'comment': 'BSI TR-03111', - 'description': 'bsiCharacteristicTwoBasis (0 4 0 127 0 7 1 1 2 3)', - 'hexoid': '06 09 04 00 7F 00 07 01 01 02 03', - 'name': 'bsiCharacteristicTwoBasis', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2, 3)}, - 'bsiCharacteristicTwoField': {'comment': 'BSI TR-03111', - 'description': 'bsiCharacteristicTwoField (0 4 0 127 0 7 1 1 2)', - 'hexoid': '06 08 04 00 7F 00 07 01 01 02', - 'name': 'bsiCharacteristicTwoField', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2)}, - 'bsiEcKeyType': {'comment': 'BSI TR-03111', - 'description': 'bsiEcKeyType (0 4 0 127 0 7 1 2)', - 'hexoid': '06 07 04 00 7F 00 07 01 02', - 'name': 'bsiEcKeyType', - 'oid': (0, 4, 0, 127, 0, 7, 1, 2)}, - 'bsiEcPublicKey': {'comment': 'BSI TR-03111', - 'description': 'bsiEcPublicKey (0 4 0 127 0 7 1 2 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 02 01', - 'name': 'bsiEcPublicKey', - 'oid': (0, 4, 0, 127, 0, 7, 1, 2, 1)}, - 'bsiEcc': {'comment': 'BSI TR-03111', - 'description': 'bsiEcc (0 4 0 127 0 7 1)', - 'hexoid': '06 06 04 00 7F 00 07 01', - 'name': 'bsiEcc', - 'oid': (0, 4, 0, 127, 0, 7, 1)}, - 'bsiEcdsaSignatures': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaSignatures (0 4 0 127 0 7 1 4 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 04 01', - 'name': 'bsiEcdsaSignatures', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1)}, - 'bsiEcdsaWithRIPEMD160': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithRIPEMD160 (0 4 0 127 0 7 1 4 1 6)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 06', - 'name': 'bsiEcdsaWithRIPEMD160', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 6)}, - 'bsiEcdsaWithSHA1': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA1 (0 4 0 127 0 7 1 4 1 1)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 01', - 'name': 'bsiEcdsaWithSHA1', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 1)}, - 'bsiEcdsaWithSHA224': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA224 (0 4 0 127 0 7 1 4 1 2)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 02', - 'name': 'bsiEcdsaWithSHA224', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 2)}, - 'bsiEcdsaWithSHA256': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA256 (0 4 0 127 0 7 1 4 1 3)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 03', - 'name': 'bsiEcdsaWithSHA256', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 3)}, - 'bsiEcdsaWithSHA384': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA384 (0 4 0 127 0 7 1 4 1 4)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 04', - 'name': 'bsiEcdsaWithSHA384', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 4)}, - 'bsiEcdsaWithSHA512': {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA512 (0 4 0 127 0 7 1 4 1 5)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 05', - 'name': 'bsiEcdsaWithSHA512', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 5)}, - 'bsiGnBasis': {'comment': 'BSI TR-03111', - 'description': 'bsiGnBasis (0 4 0 127 0 7 1 1 2 3 1)', - 'hexoid': '06 0A 04 00 7F 00 07 01 01 02 03 01', - 'name': 'bsiGnBasis', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2, 3, 1)}, - 'bsiKaeg': {'comment': 'BSI TR-03111', - 'description': 'bsiKaeg (0 4 0 127 0 7 1 5 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 05 01', - 'name': 'bsiKaeg', - 'oid': (0, 4, 0, 127, 0, 7, 1, 5, 1)}, - 'bsiKaegWith3DESKDF': {'comment': 'BSI TR-03111', - 'description': 'bsiKaegWith3DESKDF (0 4 0 127 0 7 1 5 1 2)', - 'hexoid': '06 09 04 00 7F 00 07 01 05 01 02', - 'name': 'bsiKaegWith3DESKDF', - 'oid': (0, 4, 0, 127, 0, 7, 1, 5, 1, 2)}, - 'bsiKaegWithX963KDF': {'comment': 'BSI TR-03111', - 'description': 'bsiKaegWithX963KDF (0 4 0 127 0 7 1 5 1 1)', - 'hexoid': '06 09 04 00 7F 00 07 01 05 01 01', - 'name': 'bsiKaegWithX963KDF', - 'oid': (0, 4, 0, 127, 0, 7, 1, 5, 1, 1)}, - 'bsiPKE': {'comment': 'Teletrust key management', - 'description': 'bsiPKE (1 3 36 7 1 1)', - 'hexoid': '06 05 2B 24 07 01 01', - 'name': 'bsiPKE', - 'oid': (1, 3, 36, 7, 1, 1)}, - 'bsiPpBasis': {'comment': 'BSI TR-03111', - 'description': 'bsiPpBasis (0 4 0 127 0 7 1 1 2 3 3)', - 'hexoid': '06 0A 04 00 7F 00 07 01 01 02 03 03', - 'name': 'bsiPpBasis', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2, 3, 3)}, - 'bsiPrimeField': {'comment': 'BSI TR-03111', - 'description': 'bsiPrimeField (0 4 0 127 0 7 1 1 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 01 01', - 'name': 'bsiPrimeField', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 1)}, - 'bsiRoleEAC': {'comment': 'BSI TR-03110', - 'description': 'bsiRoleEAC (0 4 0 127 0 7 3 1 2)', - 'hexoid': '06 08 04 00 7F 00 07 03 01 02', - 'name': 'bsiRoleEAC', - 'oid': (0, 4, 0, 127, 0, 7, 3, 1, 2)}, - 'bsiTA': {'comment': 'BSI TR-03110', - 'description': 'bsiTA (0 4 0 127 0 7 2 2 2)', - 'hexoid': '06 08 04 00 7F 00 07 02 02 02', - 'name': 'bsiTA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2)}, - 'bsiTA_ECDSA': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA (0 4 0 127 0 7 2 2 2 2)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 02 02', - 'name': 'bsiTA_ECDSA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 2)}, - 'bsiTA_ECDSA_SHA1': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA_SHA1 (0 4 0 127 0 7 2 2 2 2 1)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 02 01', - 'name': 'bsiTA_ECDSA_SHA1', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 2, 1)}, - 'bsiTA_ECDSA_SHA224': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA_SHA224 (0 4 0 127 0 7 2 2 2 2 2)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 02 02', - 'name': 'bsiTA_ECDSA_SHA224', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 2, 2)}, - 'bsiTA_ECDSA_SHA256': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA_SHA256 (0 4 0 127 0 7 2 2 2 2 3)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 02 03', - 'name': 'bsiTA_ECDSA_SHA256', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 2, 3)}, - 'bsiTA_RSA': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSA (0 4 0 127 0 7 2 2 2 1)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 02 01', - 'name': 'bsiTA_RSA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 1)}, - 'bsiTA_RSAPSS_SHA1': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAPSS_SHA1 (0 4 0 127 0 7 2 2 2 1 3)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 03', - 'name': 'bsiTA_RSAPSS_SHA1', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 3)}, - 'bsiTA_RSAPSS_SHA256': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAPSS_SHA256 (0 4 0 127 0 7 2 2 2 1 4)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 04', - 'name': 'bsiTA_RSAPSS_SHA256', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 4)}, - 'bsiTA_RSAv1_5_SHA1': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAv1_5_SHA1 (0 4 0 127 0 7 2 2 2 1 1)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 01', - 'name': 'bsiTA_RSAv1_5_SHA1', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 1)}, - 'bsiTA_RSAv1_5_SHA256': {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAv1_5_SHA256 (0 4 0 127 0 7 2 2 2 1 2)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 02', - 'name': 'bsiTA_RSAv1_5_SHA256', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 2)}, - 'bsiTpBasis': {'comment': 'BSI TR-03111', - 'description': 'bsiTpBasis (0 4 0 127 0 7 1 1 2 3 2)', - 'hexoid': '06 0A 04 00 7F 00 07 01 01 02 03 02', - 'name': 'bsiTpBasis', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2, 3, 2)}, - 'bsi_1CBC_PEMpad': {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1)', - 'hexoid': '06 07 2B 24 03 01 05 02 01', - 'name': 'bsi_1CBC_PEMpad', - 'oid': (1, 3, 36, 3, 1, 5, 2, 1)}, - 'bsi_1CBC_pad': {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi_1CBC_pad (1 3 36 3 1 5 2)', - 'hexoid': '06 06 2B 24 03 01 05 02', - 'name': 'bsi_1CBC_pad', - 'oid': (1, 3, 36, 3, 1, 5, 2)}, - 'bsi_1ECB_pad': {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi_1ECB_pad (1 3 36 3 1 5 1)', - 'hexoid': '06 06 2B 24 03 01 05 01', - 'name': 'bsi_1ECB_pad', - 'oid': (1, 3, 36, 3, 1, 5, 1)}, - 'bsifieldType': {'comment': 'BSI TR-03111', - 'description': 'bsifieldType (0 4 0 127 0 7 1 1)', - 'hexoid': '06 07 04 00 7F 00 07 01 01', - 'name': 'bsifieldType', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1)}, - 'businessCategory': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'businessCategory (2 5 4 15)', - 'hexoid': '06 03 55 04 0F', - 'name': 'businessCategory', - 'oid': (2, 5, 4, 15)}, - 'c2pnb163v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb163v1 (1 2 840 10045 3 0 1)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 01', - 'name': 'c2pnb163v1', - 'oid': (1, 2, 840, 10045, 3, 0, 1)}, - 'c2pnb163v2': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb163v2 (1 2 840 10045 3 0 2)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 02', - 'name': 'c2pnb163v2', - 'oid': (1, 2, 840, 10045, 3, 0, 2)}, - 'c2pnb163v3': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb163v3 (1 2 840 10045 3 0 3)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 03', - 'name': 'c2pnb163v3', - 'oid': (1, 2, 840, 10045, 3, 0, 3)}, - 'c2pnb208w1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb208w1 (1 2 840 10045 3 0 10)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0A', - 'name': 'c2pnb208w1', - 'oid': (1, 2, 840, 10045, 3, 0, 10)}, - 'c2pnb272w1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb272w1 (1 2 840 10045 3 0 16)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 10', - 'name': 'c2pnb272w1', - 'oid': (1, 2, 840, 10045, 3, 0, 16)}, - 'c2pnb368w1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb368w1 (1 2 840 10045 3 0 19)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 13', - 'name': 'c2pnb368w1', - 'oid': (1, 2, 840, 10045, 3, 0, 19)}, - 'c2tnb191v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb191v1 (1 2 840 10045 3 0 5)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 05', - 'name': 'c2tnb191v1', - 'oid': (1, 2, 840, 10045, 3, 0, 5)}, - 'c2tnb191v2': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb191v2 (1 2 840 10045 3 0 6)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 06', - 'name': 'c2tnb191v2', - 'oid': (1, 2, 840, 10045, 3, 0, 6)}, - 'c2tnb191v3': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb191v3 (1 2 840 10045 3 0 7)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 07', - 'name': 'c2tnb191v3', - 'oid': (1, 2, 840, 10045, 3, 0, 7)}, - 'c2tnb239v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb239v1 (1 2 840 10045 3 0 11)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0B', - 'name': 'c2tnb239v1', - 'oid': (1, 2, 840, 10045, 3, 0, 11)}, - 'c2tnb239v2': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb239v2 (1 2 840 10045 3 0 12)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0C', - 'name': 'c2tnb239v2', - 'oid': (1, 2, 840, 10045, 3, 0, 12)}, - 'c2tnb239v3': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb239v3 (1 2 840 10045 3 0 13)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0D', - 'name': 'c2tnb239v3', - 'oid': (1, 2, 840, 10045, 3, 0, 13)}, - 'c2tnb359v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb359v1 (1 2 840 10045 3 0 18)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 12', - 'name': 'c2tnb359v1', - 'oid': (1, 2, 840, 10045, 3, 0, 18)}, - 'c2tnb431r1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb431r1 (1 2 840 10045 3 0 20)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 14', - 'name': 'c2tnb431r1', - 'oid': (1, 2, 840, 10045, 3, 0, 20)}, - 'cAClearanceConstraint': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'cAClearanceConstraint (2 16 840 1 101 2 1 5 60)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 3C', - 'name': 'cAClearanceConstraint', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 60)}, - 'cAKeyCertIndexPair': {'comment': 'Microsoft attribute', - 'description': 'cAKeyCertIndexPair (1 3 6 1 4 1 311 21 1)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 01', - 'name': 'cAKeyCertIndexPair', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 1)}, - 'cRLDistributionPoints': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'cRLDistributionPoints (2 5 29 31)', - 'hexoid': '06 03 55 1D 1F', - 'name': 'cRLDistributionPoints', - 'oid': (2, 5, 29, 31)}, - 'cRLNumber': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'cRLNumber (2 5 29 20)', - 'hexoid': '06 03 55 1D 14', - 'name': 'cRLNumber', - 'oid': (2, 5, 29, 20)}, - 'cRLReason': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'cRLReason (2 5 29 21)', - 'hexoid': '06 03 55 1D 15', - 'name': 'cRLReason', - 'oid': (2, 5, 29, 21)}, - 'caCertificate': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'caCertificate (2 5 4 37)', - 'hexoid': '06 03 55 04 25', - 'name': 'caCertificate', - 'oid': (2, 5, 4, 37)}, - 'caIssuers': {'comment': 'PKIX subject/authority info access descriptor', - 'description': 'caIssuers (1 3 6 1 5 5 7 48 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 02', - 'name': 'caIssuers', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 2)}, - 'caKeyUpdateInfo': {'comment': 'PKIX CMP information', - 'description': 'caKeyUpdateInfo (1 3 6 1 5 5 7 4 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 05', - 'name': 'caKeyUpdateInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 5)}, - 'caProtEncCert': {'comment': 'PKIX CMP information', - 'description': 'caProtEncCert (1 3 6 1 5 5 7 4 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 01', - 'name': 'caProtEncCert', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 1)}, - 'caRepository': {'comment': 'PKIX subject/authority info access descriptor', - 'description': 'caRepository (1 3 6 1 5 5 7 48 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 05', - 'name': 'caRepository', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 5)}, - 'callissuer': {'comment': 'ANSI X9.57 hold instruction', - 'description': 'callissuer (1 2 840 10040 2 2)', - 'hexoid': '06 07 2A 86 48 CE 38 02 02', - 'name': 'callissuer', - 'oid': (1, 2, 840, 10040, 2, 2)}, - 'canNotDecryptAny': {'comment': 'sMIMECapabilities', - 'description': 'canNotDecryptAny (1 2 840 113549 1 9 15 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 0F 02', - 'name': 'canNotDecryptAny', - 'oid': (1, 2, 840, 113549, 1, 9, 15, 2)}, - 'capabilities': {'comment': 'S/MIME', - 'description': 'capabilities (1 2 840 113549 1 9 16 11)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 0B', - 'name': 'capabilities', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 11)}, - 'capcoMarkings': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'capcoMarkings (2 16 840 1 101 2 1 3 13)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0D', - 'name': 'capcoMarkings', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13)}, - 'capcoSecurityCategories': {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoSecurityCategories (2 16 840 1 101 2 1 3 13 0)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 03 0D 00', - 'name': 'capcoSecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13, 0)}, - 'capcoTagSetName1': {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName1 (2 16 840 1 101 2 1 3 13 0 1)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 01', - 'name': 'capcoTagSetName1', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 1)}, - 'capcoTagSetName2': {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName2 (2 16 840 1 101 2 1 3 13 0 2)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 02', - 'name': 'capcoTagSetName2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 2)}, - 'capcoTagSetName3': {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName3 (2 16 840 1 101 2 1 3 13 0 3)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 03', - 'name': 'capcoTagSetName3', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 3)}, - 'capcoTagSetName4': {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName4 (2 16 840 1 101 2 1 3 13 0 4)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 04', - 'name': 'capcoTagSetName4', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 4)}, - 'carLicense': {'comment': 'Netscape LDAP definitions', - 'description': 'carLicense (2 16 840 1 113730 3 1 1)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 01', - 'name': 'carLicense', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 1)}, - 'cardCertRequired': {'comment': 'SET cert extension', - 'description': 'cardCertRequired (2 23 42 7 3)', - 'hexoid': '06 04 67 2A 07 03', - 'name': 'cardCertRequired', - 'oid': (2, 23, 42, 7, 3)}, - 'cast3CBC': {'comment': 'Nortel Secure Networks alg', - 'description': 'cast3CBC (1 2 840 113533 7 66 3)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 03', - 'name': 'cast3CBC', - 'oid': (1, 2, 840, 113533, 7, 66, 3)}, - 'cast5CBC': {'comment': 'Nortel Secure Networks alg', - 'description': 'cast5CBC (1 2 840 113533 7 66 10)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0A', - 'name': 'cast5CBC', - 'oid': (1, 2, 840, 113533, 7, 66, 10)}, - 'cast5MAC': {'comment': 'Nortel Secure Networks alg', - 'description': 'cast5MAC (1 2 840 113533 7 66 11)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0B', - 'name': 'cast5MAC', - 'oid': (1, 2, 840, 113533, 7, 66, 11)}, - 'cert': {'comment': 'SET attribute', - 'description': 'cert (2 23 42 3 0)', - 'hexoid': '06 04 67 2A 03 00', - 'name': 'cert', - 'oid': (2, 23, 42, 3, 0)}, - 'cert-extension': {'comment': 'Netscape', - 'description': 'cert-extension (2 16 840 1 113730 1)', - 'hexoid': '06 08 60 86 48 01 86 F8 42 01', - 'name': 'cert-extension', - 'oid': (2, 16, 840, 1, 113730, 1)}, - 'certAndCrlExtensionDefinitions': {'comment': 'Telesec', - 'description': 'certAndCrlExtensionDefinitions (0 2 262 1 10 12)', - 'hexoid': '06 06 02 82 06 01 0A 0C', - 'name': 'certAndCrlExtensionDefinitions', - 'oid': (0, 2, 262, 1, 10, 12)}, - 'certCRLTimestamp': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'certCRLTimestamp (1 2 840 113549 1 9 16 2 26)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1A', - 'name': 'certCRLTimestamp', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 26)}, - 'certDist-ldap': {'comment': 'S/MIME Certificate Distribution', - 'description': 'certDist-ldap (1 2 840 113549 1 9 16 4 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 04 01', - 'name': 'certDist-ldap', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 4, 1)}, - 'certExt': {'comment': 'SET', - 'description': 'certExt (2 23 42 7)', - 'hexoid': '06 03 67 2A 07', - 'name': 'certExt', - 'oid': (2, 23, 42, 7)}, - 'certHash': {'comment': 'Teletrust OCSP attribute', - 'description': 'certHash (1 3 36 8 3 13)', - 'hexoid': '06 05 2B 24 08 03 0D', - 'name': 'certHash', - 'oid': (1, 3, 36, 8, 3, 13)}, - 'certRef': {'comment': 'Teletrust signature attributes', - 'description': 'certRef (1 3 36 8 6 2)', - 'hexoid': '06 05 2B 24 08 06 02', - 'name': 'certRef', - 'oid': (1, 3, 36, 8, 6, 2)}, - 'certReq': {'comment': 'PKIX CRMF registration control', - 'description': 'certReq (1 3 6 1 5 5 7 5 2 2)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 02 02', - 'name': 'certReq', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 2, 2)}, - 'certReqExtensions': {'comment': 'Microsoft', - 'description': 'certReqExtensions (1 3 6 1 4 1 311 2 1 14)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0E', - 'name': 'certReqExtensions', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 14)}, - 'certSequence': {'comment': 'Netscape data type', - 'description': 'certSequence (2 16 840 1 113730 2 5)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 05', - 'name': 'certSequence', - 'oid': (2, 16, 840, 1, 113730, 2, 5)}, - 'certTrustList': {'comment': 'Microsoft PKCS #7 contentType', - 'description': 'certTrustList (1 3 6 1 4 1 311 10 1)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 0A 01', - 'name': 'certTrustList', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 1)}, - 'certTrustListSigning': {'comment': 'Microsoft enhanced key usage', - 'description': 'certTrustListSigning (1 3 6 1 4 1 311 10 3 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 01', - 'name': 'certTrustListSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 1)}, - 'certTypes': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'certTypes (for PKCS #12) (1 2 840 113549 1 9 22)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 16', - 'name': 'certTypes', - 'oid': (1, 2, 840, 113549, 1, 9, 22)}, - 'certURL': {'comment': 'Netscape certificate extension', - 'description': 'certURL (2 16 840 1 113730 2 6)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 06', - 'name': 'certURL', - 'oid': (2, 16, 840, 1, 113730, 2, 6)}, - 'certValues': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'certValues (1 2 840 113549 1 9 16 2 23)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 17', - 'name': 'certValues', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 23)}, - 'certificateAuthority': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'certificateAuthority (2 5 6 16)', - 'hexoid': '06 03 55 06 10', - 'name': 'certificateAuthority', - 'oid': (2, 5, 6, 16)}, - 'certificateIssuer': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'certificateIssuer (2 5 29 29)', - 'hexoid': '06 03 55 1D 1D', - 'name': 'certificateIssuer', - 'oid': (2, 5, 29, 29)}, - 'certificateNumber': {'comment': 'Telesec attribute', - 'description': 'certificateNumber (0 2 262 1 10 7 3)', - 'hexoid': '06 07 02 82 06 01 0A 07 03', - 'name': 'certificateNumber', - 'oid': (0, 2, 262, 1, 10, 7, 3)}, - 'certificatePolicies': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'certificatePolicies (2 5 29 32)', - 'hexoid': '06 03 55 1D 20', - 'name': 'certificatePolicies', - 'oid': (2, 5, 29, 32)}, - 'certificatePolicy': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'certificatePolicy (2 5 4 69)', - 'hexoid': '06 03 55 04 45', - 'name': 'certificatePolicy', - 'oid': (2, 5, 4, 69)}, - 'certificateRefs': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'certificateRefs (1 2 840 113549 1 9 16 2 21)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 15', - 'name': 'certificateRefs', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 21)}, - 'certificateRevocationList': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'certificateRevocationList (2 5 4 39)', - 'hexoid': '06 03 55 04 27', - 'name': 'certificateRevocationList', - 'oid': (2, 5, 4, 39)}, - 'certificateTemplate': {'comment': 'Microsoft CAPICOM certificate template, V2', - 'description': 'certificateTemplate (1 3 6 1 4 1 311 21 7)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 07', - 'name': 'certificateTemplate', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 7)}, - 'certificateTemplateList': {'comment': 'Telesec attribute', - 'description': 'certificateTemplateList (0 2 262 1 10 7 29)', - 'hexoid': '06 07 02 82 06 01 0A 07 1D', - 'name': 'certificateTemplateList', - 'oid': (0, 2, 262, 1, 10, 7, 29)}, - 'certificateType': {'comment': 'SET cert extension', - 'description': 'certificateType (2 23 42 7 1)', - 'hexoid': '06 04 67 2A 07 01', - 'name': 'certificateType', - 'oid': (2, 23, 42, 7, 1)}, - 'certificateTypes': {'comment': 'Telesec module', - 'description': 'certificateTypes (0 2 262 1 10 2 2)', - 'hexoid': '06 07 02 82 06 01 0A 02 02', - 'name': 'certificateTypes', - 'oid': (0, 2, 262, 1, 10, 2, 2)}, - 'certificationPracticeStmt': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'certificationPracticeStmt (2 5 4 68)', - 'hexoid': '06 03 55 04 44', - 'name': 'certificationPracticeStmt', - 'oid': (2, 5, 4, 68)}, - 'challengePassword': {'comment': 'PKCS #9', - 'description': 'challengePassword (1 2 840 113549 1 9 7)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 07', - 'name': 'challengePassword', - 'oid': (1, 2, 840, 113549, 1, 9, 7)}, - 'characteristic-two-basis': {'comment': 'ANSI X9.62 field type', - 'description': 'characteristic-two-basis (1 2 840 10045 1 2 3)', - 'hexoid': '06 08 2A 86 48 CE 3D 01 02 03', - 'name': 'characteristic-two-basis', - 'oid': (1, 2, 840, 10045, 1, 2, 3)}, - 'characteristic-two-field': {'comment': 'ANSI X9.62 field type', - 'description': 'characteristic-two-field (1 2 840 10045 1 2)', - 'hexoid': '06 07 2A 86 48 CE 3D 01 02', - 'name': 'characteristic-two-field', - 'oid': (1, 2, 840, 10045, 1, 2)}, - 'chargingIdentity': {'comment': 'PKIX attribute certificate extension', - 'description': 'chargingIdentity (1 3 6 1 5 5 7 10 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 03', - 'name': 'chargingIdentity', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 3)}, - 'classSchema': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'classSchema (1 2 840 113556 1 3 13)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 0D', - 'name': 'classSchema', - 'oid': (1, 2, 840, 113556, 1, 3, 13)}, - 'clearance': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'clearance (2 5 4 55)', - 'hexoid': '06 03 55 04 37', - 'name': 'clearance', - 'oid': (2, 5, 4, 55)}, - 'clientAuth': {'comment': 'PKIX key purpose', - 'description': 'clientAuth (1 3 6 1 5 5 7 3 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 02', - 'name': 'clientAuth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 2)}, - 'cmcControls': {'comment': 'PKIX', - 'description': 'cmcControls (1 3 6 1 5 5 7 7)', - 'hexoid': '06 07 2B 06 01 05 05 07 07', - 'name': 'cmcControls', - 'oid': (1, 3, 6, 1, 5, 5, 7, 7)}, - 'cmpInformationTypes': {'comment': 'PKIX', - 'description': 'cmpInformationTypes (1 3 6 1 5 5 7 4)', - 'hexoid': '06 07 2B 06 01 05 05 07 04', - 'name': 'cmpInformationTypes', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4)}, - 'cms3DESwrap': {'comment': 'S/MIME Algorithms', - 'description': 'cms3DESwrap (1 2 840 113549 1 9 16 3 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 06', - 'name': 'cms3DESwrap', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 3, 6)}, - 'cmsRC2wrap': {'comment': 'S/MIME Algorithms', - 'description': 'cmsRC2wrap (1 2 840 113549 1 9 16 3 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 07', - 'name': 'cmsRC2wrap', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 3, 7)}, - 'codeSigning': {'comment': 'PKIX key purpose', - 'description': 'codeSigning (1 3 6 1 5 5 7 3 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 03', - 'name': 'codeSigning', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 3)}, - 'collectiveFacsimileTelephoneNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveFacsimileTelephoneNumber (2 5 4 23 1)', - 'hexoid': '06 04 55 04 17 01', - 'name': 'collectiveFacsimileTelephoneNumber', - 'oid': (2, 5, 4, 23, 1)}, - 'collectiveInternationalISDNNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveInternationalISDNNumber (2 5 4 25 1)', - 'hexoid': '06 04 55 04 19 01', - 'name': 'collectiveInternationalISDNNumber', - 'oid': (2, 5, 4, 25, 1)}, - 'collectiveLocalityName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveLocalityName (2 5 4 7 1)', - 'hexoid': '06 04 55 04 07 01', - 'name': 'collectiveLocalityName', - 'oid': (2, 5, 4, 7, 1)}, - 'collectiveOrganizationName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveOrganizationName (2 5 4 10 1)', - 'hexoid': '06 04 55 04 0A 01', - 'name': 'collectiveOrganizationName', - 'oid': (2, 5, 4, 10, 1)}, - 'collectiveOrganizationalUnitName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveOrganizationalUnitName (2 5 4 11 1)', - 'hexoid': '06 04 55 04 0B 01', - 'name': 'collectiveOrganizationalUnitName', - 'oid': (2, 5, 4, 11, 1)}, - 'collectivePhysicalDeliveryOfficeName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePhysicalDeliveryOfficeName (2 5 4 19 1)', - 'hexoid': '06 04 55 04 13 01', - 'name': 'collectivePhysicalDeliveryOfficeName', - 'oid': (2, 5, 4, 19, 1)}, - 'collectivePostOfficeBox': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePostOfficeBox (2 5 4 18 1)', - 'hexoid': '06 04 55 04 12 01', - 'name': 'collectivePostOfficeBox', - 'oid': (2, 5, 4, 18, 1)}, - 'collectivePostalAddress': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePostalAddress (2 5 4 16 1)', - 'hexoid': '06 04 55 04 10 01', - 'name': 'collectivePostalAddress', - 'oid': (2, 5, 4, 16, 1)}, - 'collectivePostalCode': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePostalCode (2 5 4 17 1)', - 'hexoid': '06 04 55 04 11 01', - 'name': 'collectivePostalCode', - 'oid': (2, 5, 4, 17, 1)}, - 'collectiveStateOrProvinceName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveStateOrProvinceName (2 5 4 8 1)', - 'hexoid': '06 04 55 04 08 01', - 'name': 'collectiveStateOrProvinceName', - 'oid': (2, 5, 4, 8, 1)}, - 'collectiveStreetAddress': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveStreetAddress (2 5 4 9 1)', - 'hexoid': '06 04 55 04 09 01', - 'name': 'collectiveStreetAddress', - 'oid': (2, 5, 4, 9, 1)}, - 'collectiveTelephoneNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveTelephoneNumber (2 5 4 20 1)', - 'hexoid': '06 04 55 04 14 01', - 'name': 'collectiveTelephoneNumber', - 'oid': (2, 5, 4, 20, 1)}, - 'collectiveTeletexTerminalIdentifier': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveTeletexTerminalIdentifier (2 5 4 22 1)', - 'hexoid': '06 04 55 04 16 01', - 'name': 'collectiveTeletexTerminalIdentifier', - 'oid': (2, 5, 4, 22, 1)}, - 'collectiveTelexNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveTelexNumber (2 5 4 21 1)', - 'hexoid': '06 04 55 04 15 01', - 'name': 'collectiveTelexNumber', - 'oid': (2, 5, 4, 21, 1)}, - 'commPrivileges': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'commPrivileges (2 16 840 1 101 2 1 5 56)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 38', - 'name': 'commPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 56)}, - 'commercialCodeSigning': {'comment': 'Microsoft', - 'description': 'commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 16', - 'name': 'commercialCodeSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 22)}, - 'commitmentType': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'commitmentType (1 2 840 113549 1 9 16 2 16)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 10', - 'name': 'commitmentType', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 16)}, - 'commonName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'commonName (2 5 4 3)', - 'hexoid': '06 03 55 04 03', - 'name': 'commonName', - 'oid': (2, 5, 4, 3)}, - 'communicationsNetwork': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'communicationsNetwork (2 5 4 67)', - 'hexoid': '06 03 55 04 43', - 'name': 'communicationsNetwork', - 'oid': (2, 5, 4, 67)}, - 'communicationsService': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'communicationsService (2 5 4 66)', - 'hexoid': '06 03 55 04 42', - 'name': 'communicationsService', - 'oid': (2, 5, 4, 66)}, - 'comodoCertifiedDeliveryService': {'comment': 'Comodo CA', - 'description': 'comodoCertifiedDeliveryService (1 3 6 1 4 1 6449 1 3 5 2)', - 'hexoid': '06 0B 2B 06 01 04 01 B2 31 01 03 05 02', - 'name': 'comodoCertifiedDeliveryService', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 6449, - 1, - 3, - 5, - 2)}, - 'comodoPolicy': {'comment': 'Comodo CA', - 'description': 'comodoPolicy (1 3 6 1 4 1 6449 1 2 1 3 1)', - 'hexoid': '06 0C 2B 06 01 04 01 B2 31 01 02 01 03 01', - 'name': 'comodoPolicy', - 'oid': (1, 3, 6, 1, 4, 1, 6449, 1, 2, 1, 3, 1)}, - 'compressedData': {'comment': 'S/MIME Content Types', - 'description': 'compressedData (1 2 840 113549 1 9 16 1 9)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 09', - 'name': 'compressedData', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 9)}, - 'confKeyInfo': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'confKeyInfo (2 5 4 60)', - 'hexoid': '06 03 55 04 3C', - 'name': 'confKeyInfo', - 'oid': (2, 5, 4, 60)}, - 'confirmWaitTime': {'comment': 'PKIX CMP information', - 'description': 'confirmWaitTime (1 3 6 1 5 5 7 4 14)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0E', - 'name': 'confirmWaitTime', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 14)}, - 'container': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'container (1 2 840 113556 1 3 23)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 17', - 'name': 'container', - 'oid': (1, 2, 840, 113556, 1, 3, 23)}, - 'contentHint': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentHint (1 2 840 113549 1 9 16 2 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 04', - 'name': 'contentHint', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 4)}, - 'contentIdentifier': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentIdentifier (1 2 840 113549 1 9 16 2 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 07', - 'name': 'contentIdentifier', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 7)}, - 'contentInfo': {'comment': 'S/MIME Content Types', - 'description': 'contentInfo (1 2 840 113549 1 9 16 1 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 06', - 'name': 'contentInfo', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 6)}, - 'contentReference': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentReference (1 2 840 113549 1 9 16 2 10)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A', - 'name': 'contentReference', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 10)}, - 'contentTimestamp': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentTimestamp (1 2 840 113549 1 9 16 2 20)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 14', - 'name': 'contentTimestamp', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 20)}, - 'contentType': {'comment': 'SET', - 'description': 'contentType (2 23 42 0)', - 'hexoid': '06 03 67 2A 00', - 'name': 'contentType', - 'oid': (2, 23, 42, 0)}, - 'countersignature': {'comment': 'PKCS #9', - 'description': 'countersignature (1 2 840 113549 1 9 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 06', - 'name': 'countersignature', - 'oid': (1, 2, 840, 113549, 1, 9, 6)}, - 'country': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'country (2 5 6 2)', - 'hexoid': '06 03 55 06 02', - 'name': 'country', - 'oid': (2, 5, 6, 2)}, - 'countryName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'countryName (2 5 4 6)', - 'hexoid': '06 03 55 04 06', - 'name': 'countryName', - 'oid': (2, 5, 4, 6)}, - 'countryOfCitizenship': {'comment': 'PKIX personal data', - 'description': 'countryOfCitizenship (1 3 6 1 5 5 7 9 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 04', - 'name': 'countryOfCitizenship', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 4)}, - 'countryOfResidence': {'comment': 'PKIX personal data', - 'description': 'countryOfResidence (1 3 6 1 5 5 7 9 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 05', - 'name': 'countryOfResidence', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 5)}, - 'cps': {'comment': 'PKIX policy qualifier', - 'description': 'cps (1 3 6 1 5 5 7 2 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 02 01', - 'name': 'cps', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2, 1)}, - 'creationDate': {'comment': 'Telesec attribute', - 'description': 'creationDate (0 2 262 1 10 7 5)', - 'hexoid': '06 07 02 82 06 01 0A 07 05', - 'name': 'creationDate', - 'oid': (0, 2, 262, 1, 10, 7, 5)}, - 'crlExtReason': {'comment': 'cryptlib attribute type', - 'description': 'crlExtReason (1 3 6 1 4 1 3029 3 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 04', - 'name': 'crlExtReason', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 4)}, - 'crlTypes': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'crlTypes (for PKCS #12) (1 2 840 113549 1 9 23)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 17', - 'name': 'crlTypes', - 'oid': (1, 2, 840, 113549, 1, 9, 23)}, - 'crmfRegistration': {'comment': 'PKIX', - 'description': 'crmfRegistration (1 3 6 1 5 5 7 5)', - 'hexoid': '06 07 2B 06 01 05 05 07 05', - 'name': 'crmfRegistration', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5)}, - 'crossCertificatePair': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'crossCertificatePair (2 5 4 40)', - 'hexoid': '06 03 55 04 28', - 'name': 'crossCertificatePair', - 'oid': (2, 5, 4, 40)}, - 'cryptlibConfigData': {'comment': 'cryptlib content type', - 'description': 'cryptlibConfigData (1 3 6 1 4 1 3029 4 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 01', - 'name': 'cryptlibConfigData', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 1)}, - 'cryptlibContent': {'comment': 'cryptlib', - 'description': 'cryptlibContent (1 3 6 1 4 1 3029 4 1)', - 'hexoid': '06 09 2B 06 01 04 01 97 55 04 01', - 'name': 'cryptlibContent', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1)}, - 'cryptlibPresenceCheck': {'comment': 'cryptlib attribute type', - 'description': 'cryptlibPresenceCheck (1 3 6 1 4 1 3029 3 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 01', - 'name': 'cryptlibPresenceCheck', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 1)}, - 'cryptlibUserIndex': {'comment': 'cryptlib content type', - 'description': 'cryptlibUserIndex (1 3 6 1 4 1 3029 4 1 2)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 02', - 'name': 'cryptlibUserIndex', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 2)}, - 'cryptlibUserInfo': {'comment': 'cryptlib content type', - 'description': 'cryptlibUserInfo (1 3 6 1 4 1 3029 4 1 3)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 03', - 'name': 'cryptlibUserInfo', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 3)}, - 'cspContentType': {'comment': 'SDN.700 INFOSEC format', - 'description': 'cspContentType (2 16 840 1 101 2 1 2 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 03', - 'name': 'cspContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 3)}, - 'cspCsExtn': {'comment': 'SDN.700 INFOSEC extensions', - 'description': 'cspCsExtn (2 16 840 1 101 2 1 7 1 0)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 07 01 00', - 'name': 'cspCsExtn', - 'oid': (2, 16, 840, 1, 101, 2, 1, 7, 1, 0)}, - 'cspExtns': {'comment': 'SDN.700 INFOSEC extensions', - 'description': 'cspExtns (2 16 840 1 101 2 1 7 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 07 01', - 'name': 'cspExtns', - 'oid': (2, 16, 840, 1, 101, 2, 1, 7, 1)}, - 'cspForwardedMessageParameters': {'comment': 'SDN.700 INFOSEC format', - 'description': 'cspForwardedMessageParameters (2 16 840 1 101 2 1 2 75)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 4B', - 'name': 'cspForwardedMessageParameters', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 75)}, - 'ctlFileIsArchive': {'comment': 'Telesec attribute', - 'description': 'ctlFileIsArchive (0 2 262 1 10 7 27)', - 'hexoid': '06 07 02 82 06 01 0A 07 1B', - 'name': 'ctlFileIsArchive', - 'oid': (0, 2, 262, 1, 10, 7, 27)}, - 'currentCRL': {'comment': 'PKIX CMP information', - 'description': 'currentCRL (1 3 6 1 5 5 7 4 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 06', - 'name': 'currentCRL', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 6)}, - 'dSA': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'dSA (2 5 6 13)', - 'hexoid': '06 03 55 06 0D', - 'name': 'dSA', - 'oid': (2, 5, 6, 13)}, - 'dVCSRequestData': {'comment': 'S/MIME Content Types', - 'description': 'dVCSRequestData (1 2 840 113549 1 9 16 1 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 07', - 'name': 'dVCSRequestData', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 7)}, - 'dVCSResponseData': {'comment': 'S/MIME Content Types', - 'description': 'dVCSResponseData (1 2 840 113549 1 9 16 1 8)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 08', - 'name': 'dVCSResponseData', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 8)}, - 'data': {'comment': 'PKCS #7', - 'description': 'data (1 2 840 113549 1 7 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 01', - 'name': 'data', - 'oid': (1, 2, 840, 113549, 1, 7, 1)}, - 'data-type': {'comment': 'Netscape', - 'description': 'data-type (2 16 840 1 113730 2)', - 'hexoid': '06 08 60 86 48 01 86 F8 42 02', - 'name': 'data-type', - 'oid': (2, 16, 840, 1, 113730, 2)}, - 'dataGIF': {'comment': 'Netscape data type', - 'description': 'dataGIF (2 16 840 1 113730 2 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 01', - 'name': 'dataGIF', - 'oid': (2, 16, 840, 1, 113730, 2, 1)}, - 'dataHTML': {'comment': 'Netscape data type', - 'description': 'dataHTML (2 16 840 1 113730 2 4)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 04', - 'name': 'dataHTML', - 'oid': (2, 16, 840, 1, 113730, 2, 4)}, - 'dataJPEG': {'comment': 'Netscape data type', - 'description': 'dataJPEG (2 16 840 1 113730 2 2)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 02', - 'name': 'dataJPEG', - 'oid': (2, 16, 840, 1, 113730, 2, 2)}, - 'dataURL': {'comment': 'Netscape data type', - 'description': 'dataURL (2 16 840 1 113730 2 3)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 03', - 'name': 'dataURL', - 'oid': (2, 16, 840, 1, 113730, 2, 3)}, - 'date': {'comment': 'SET field', - 'description': 'date (2 23 42 2 7)', - 'hexoid': '06 04 67 2A 02 07', - 'name': 'date', - 'oid': (2, 23, 42, 2, 7)}, - 'dateOfBirth': {'comment': 'PKIX personal data', - 'description': 'dateOfBirth (1 3 6 1 5 5 7 9 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 01', - 'name': 'dateOfBirth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 1)}, - 'dateOfCertGen': {'comment': 'Teletrust attribute', - 'description': 'dateOfCertGen (1 3 36 8 3 1)', - 'hexoid': '06 05 2B 24 08 03 01', - 'name': 'dateOfCertGen', - 'oid': (1, 3, 36, 8, 3, 1)}, - 'decDEA': {'comment': 'DASS encryption algorithm', - 'description': 'decDEA (1 3 12 2 1011 7 1 2)', - 'hexoid': '06 08 2B 0C 02 87 73 07 01 02', - 'name': 'decDEA', - 'oid': (1, 3, 12, 2, 1011, 7, 1, 2)}, - 'decDEAMAC': {'comment': 'DASS signature algorithm', - 'description': 'decDEAMAC (1 3 12 2 1011 7 3 3)', - 'hexoid': '06 08 2B 0C 02 87 73 07 03 03', - 'name': 'decDEAMAC', - 'oid': (1, 3, 12, 2, 1011, 7, 3, 3)}, - 'decEncryptionAlgorithm': {'comment': 'DASS algorithm', - 'description': 'decEncryptionAlgorithm (1 3 12 2 1011 7 1)', - 'hexoid': '06 07 2B 0C 02 87 73 07 01', - 'name': 'decEncryptionAlgorithm', - 'oid': (1, 3, 12, 2, 1011, 7, 1)}, - 'decHashAlgorithm': {'comment': 'DASS algorithm', - 'description': 'decHashAlgorithm (1 3 12 2 1011 7 2)', - 'hexoid': '06 07 2B 0C 02 87 73 07 02', - 'name': 'decHashAlgorithm', - 'oid': (1, 3, 12, 2, 1011, 7, 2)}, - 'decMD2': {'comment': 'DASS hash algorithm', - 'description': 'decMD2 (1 3 12 2 1011 7 2 1)', - 'hexoid': '06 08 2B 0C 02 87 73 07 02 01', - 'name': 'decMD2', - 'oid': (1, 3, 12, 2, 1011, 7, 2, 1)}, - 'decMD2withRSA': {'comment': 'DASS signature algorithm', - 'description': 'decMD2withRSA (1 3 12 2 1011 7 3 1)', - 'hexoid': '06 08 2B 0C 02 87 73 07 03 01', - 'name': 'decMD2withRSA', - 'oid': (1, 3, 12, 2, 1011, 7, 3, 1)}, - 'decMD4': {'comment': 'DASS hash algorithm', - 'description': 'decMD4 (1 3 12 2 1011 7 2 2)', - 'hexoid': '06 08 2B 0C 02 87 73 07 02 02', - 'name': 'decMD4', - 'oid': (1, 3, 12, 2, 1011, 7, 2, 2)}, - 'decMD4withRSA': {'comment': 'DASS signature algorithm', - 'description': 'decMD4withRSA (1 3 12 2 1011 7 3 2)', - 'hexoid': '06 08 2B 0C 02 87 73 07 03 02', - 'name': 'decMD4withRSA', - 'oid': (1, 3, 12, 2, 1011, 7, 3, 2)}, - 'decSignatureAlgorithm': {'comment': 'DASS algorithm', - 'description': 'decSignatureAlgorithm (1 3 12 2 1011 7 3)', - 'hexoid': '06 07 2B 0C 02 87 73 07 03', - 'name': 'decSignatureAlgorithm', - 'oid': (1, 3, 12, 2, 1011, 7, 3)}, - 'decUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'decUKMs (2 16 840 1 101 2 1 5 31)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1F', - 'name': 'decUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 31)}, - 'declarationOfMajority': {'comment': 'Teletrust attribute', - 'description': 'declarationOfMajority (1 3 36 8 3 5)', - 'hexoid': '06 05 2B 24 08 03 05', - 'name': 'declarationOfMajority', - 'oid': (1, 3, 36, 8, 3, 5)}, - 'defaultDirQop': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'defaultDirQop (2 5 4 56)', - 'hexoid': '06 03 55 04 38', - 'name': 'defaultDirQop', - 'oid': (2, 5, 4, 56)}, - 'defaultSecurityPolicy': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'defaultSecurityPolicy (2 16 840 1 101 2 1 3 12)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0C', - 'name': 'defaultSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 12)}, - 'delegationPath': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'delegationPath (2 5 4 73)', - 'hexoid': '06 03 55 04 49', - 'name': 'delegationPath', - 'oid': (2, 5, 4, 73)}, - 'deliveryMechanism': {'comment': 'Microsoft Exchange Server - attribute', - 'description': 'deliveryMechanism (1 2 840 113556 1 2 241)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 02 81 71', - 'name': 'deliveryMechanism', - 'oid': (1, 2, 840, 113556, 1, 2, 241)}, - 'deltaCRLIndicator': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'deltaCRLIndicator (2 5 29 27)', - 'hexoid': '06 03 55 1D 1B', - 'name': 'deltaCRLIndicator', - 'oid': (2, 5, 29, 27)}, - 'deltaRevocationList': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'deltaRevocationList (2 5 4 53)', - 'hexoid': '06 03 55 04 35', - 'name': 'deltaRevocationList', - 'oid': (2, 5, 4, 53)}, - 'departmentNumber': {'comment': 'Netscape LDAP definitions', - 'description': 'departmentNumber (2 16 840 1 113730 3 1 2)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 02', - 'name': 'departmentNumber', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 2)}, - 'des': {'comment': 'Teletrust encryption algorithm', - 'description': 'des (1 3 36 3 1 1)', - 'hexoid': '06 05 2B 24 03 01 01', - 'name': 'des', - 'oid': (1, 3, 36, 3, 1, 1)}, - 'des-EDE3-CBC': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'des-EDE3-CBC (1 2 840 113549 3 7)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 07', - 'name': 'des-EDE3-CBC', - 'oid': (1, 2, 840, 113549, 3, 7)}, - 'des3': {'comment': 'Telesec encryption', - 'description': 'des3 (0 2 262 1 10 1 2 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 03', - 'name': 'des3', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3)}, - 'des3CBC': {'comment': 'Telesec encryption', - 'description': 'des3CBC (0 2 262 1 10 1 2 3 2)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 02', - 'name': 'des3CBC', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 2)}, - 'des3CFB64': {'comment': 'Telesec encryption', - 'description': 'des3CFB64 (0 2 262 1 10 1 2 3 5)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 05', - 'name': 'des3CFB64', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 5)}, - 'des3CFB8': {'comment': 'Telesec encryption', - 'description': 'des3CFB8 (0 2 262 1 10 1 2 3 4)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 04', - 'name': 'des3CFB8', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 4)}, - 'des3ECB': {'comment': 'Telesec encryption', - 'description': 'des3ECB (0 2 262 1 10 1 2 3 1)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 01', - 'name': 'des3ECB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 1)}, - 'des3OFB': {'comment': 'Telesec encryption', - 'description': 'des3OFB (0 2 262 1 10 1 2 3 3)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 03', - 'name': 'des3OFB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 3)}, - 'des40': {'comment': 'PKIX algorithm', - 'description': 'des40 (1 3 6 1 5 5 7 6 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 01', - 'name': 'des40', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 1)}, - 'desCBC': {'description': 'desCBC (1 3 14 3 2 7)', - 'hexoid': '06 05 2B 0E 03 02 07', - 'name': 'desCBC', - 'oid': (1, 3, 14, 3, 2, 7)}, - 'desCBC_ISOpad': {'comment': 'Teletrust encryption algorithm', - 'description': 'desCBC_ISOpad (1 3 36 3 1 1 2 1 1)', - 'hexoid': '06 08 2B 24 03 01 01 02 01 01', - 'name': 'desCBC_ISOpad', - 'oid': (1, 3, 36, 3, 1, 1, 2, 1, 1)}, - 'desCBC_pad': {'comment': 'Teletrust encryption algorithm', - 'description': 'desCBC_pad (1 3 36 3 1 1 2 1)', - 'hexoid': '06 07 2B 24 03 01 01 02 01', - 'name': 'desCBC_pad', - 'oid': (1, 3, 36, 3, 1, 1, 2, 1)}, - 'desCDMF': {'comment': 'RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad', - 'description': 'desCDMF (1 2 840 113549 3 10)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 0A', - 'name': 'desCDMF', - 'oid': (1, 2, 840, 113549, 3, 10)}, - 'desCFB': {'description': 'desCFB (1 3 14 3 2 9)', - 'hexoid': '06 05 2B 0E 03 02 09', - 'name': 'desCFB', - 'oid': (1, 3, 14, 3, 2, 9)}, - 'desCFB64': {'comment': 'Telesec encryption', - 'description': 'desCFB64 (0 2 262 1 10 1 2 2 5)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 05', - 'name': 'desCFB64', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 5)}, - 'desCFB8': {'comment': 'Telesec encryption', - 'description': 'desCFB8 (0 2 262 1 10 1 2 2 4)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 04', - 'name': 'desCFB8', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 4)}, - 'desCbcIV8': {'comment': 'Novell encryption algorithm', - 'description': 'desCbcIV8 (2 16 840 1 113719 1 2 8 22)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 16', - 'name': 'desCbcIV8', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 22)}, - 'desCbcPadIV8': {'comment': 'Novell encryption algorithm', - 'description': 'desCbcPadIV8 (2 16 840 1 113719 1 2 8 23)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 17', - 'name': 'desCbcPadIV8', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 23)}, - 'desECB': {'description': 'desECB (1 3 14 3 2 6)', - 'hexoid': '06 05 2B 0E 03 02 06', - 'name': 'desECB', - 'oid': (1, 3, 14, 3, 2, 6)}, - 'desECB_ISOpad': {'comment': 'Teletrust encryption algorithm', - 'description': 'desECB_ISOpad (1 3 36 3 1 1 1 1)', - 'hexoid': '06 07 2B 24 03 01 01 01 01', - 'name': 'desECB_ISOpad', - 'oid': (1, 3, 36, 3, 1, 1, 1, 1)}, - 'desECB_pad': {'comment': 'Teletrust encryption algorithm', - 'description': 'desECB_pad (1 3 36 3 1 1 1)', - 'hexoid': '06 06 2B 24 03 01 01 01', - 'name': 'desECB_pad', - 'oid': (1, 3, 36, 3, 1, 1, 1)}, - 'desEDE': {'comment': 'Oddball OIW OID. Mode is ECB', - 'description': 'desEDE (1 3 14 3 2 17)', - 'hexoid': '06 05 2B 0E 03 02 11', - 'name': 'desEDE', - 'oid': (1, 3, 14, 3, 2, 17)}, - 'desEDE2CbcIV8': {'comment': 'Novell encryption algorithm', - 'description': 'desEDE2CbcIV8 (2 16 840 1 113719 1 2 8 24)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 18', - 'name': 'desEDE2CbcIV8', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 24)}, - 'desEDE2CbcPadIV8': {'comment': 'Novell encryption algorithm', - 'description': 'desEDE2CbcPadIV8 (2 16 840 1 113719 1 2 8 25)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 19', - 'name': 'desEDE2CbcPadIV8', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 25)}, - 'desEDE3CbcIV8': {'comment': 'Novell encryption algorithm', - 'description': 'desEDE3CbcIV8 (2 16 840 1 113719 1 2 8 26)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1A', - 'name': 'desEDE3CbcIV8', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 26)}, - 'desEDE3CbcPadIV8': {'comment': 'Novell encryption algorithm', - 'description': 'desEDE3CbcPadIV8 (2 16 840 1 113719 1 2 8 27)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1B', - 'name': 'desEDE3CbcPadIV8', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 27)}, - 'desMAC': {'description': 'desMAC (1 3 14 3 2 10)', - 'hexoid': '06 05 2B 0E 03 02 0A', - 'name': 'desMAC', - 'oid': (1, 3, 14, 3, 2, 10)}, - 'desOFB': {'description': 'desOFB (1 3 14 3 2 8)', - 'hexoid': '06 05 2B 0E 03 02 08', - 'name': 'desOFB', - 'oid': (1, 3, 14, 3, 2, 8)}, - 'des_3': {'comment': 'Teletrust encryption algorithm', - 'description': 'des_3 (1 3 36 3 1 3)', - 'hexoid': '06 05 2B 24 03 01 03', - 'name': 'des_3', - 'oid': (1, 3, 36, 3, 1, 3)}, - 'des_3CBC_ISOpad': {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1)', - 'hexoid': '06 08 2B 24 03 01 03 02 01 01', - 'name': 'des_3CBC_ISOpad', - 'oid': (1, 3, 36, 3, 1, 3, 2, 1, 1)}, - 'des_3CBC_pad': {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3CBC_pad (1 3 36 3 1 3 2 1)', - 'hexoid': '06 07 2B 24 03 01 03 02 01', - 'name': 'des_3CBC_pad', - 'oid': (1, 3, 36, 3, 1, 3, 2, 1)}, - 'des_3ECB_ISOpad': {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1)', - 'hexoid': '06 08 2B 24 03 01 03 01 01 01', - 'name': 'des_3ECB_ISOpad', - 'oid': (1, 3, 36, 3, 1, 3, 1, 1, 1)}, - 'des_3ECB_pad': {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3ECB_pad (1 3 36 3 1 3 1 1)', - 'hexoid': '06 07 2B 24 03 01 03 01 01', - 'name': 'des_3ECB_pad', - 'oid': (1, 3, 36, 3, 1, 3, 1, 1)}, - 'description': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'description (2 5 4 13)', - 'hexoid': '06 03 55 04 0D', - 'name': 'description', - 'oid': (2, 5, 4, 13)}, - 'destinationIndicator': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'destinationIndicator (2 5 4 27)', - 'hexoid': '06 03 55 04 1B', - 'name': 'destinationIndicator', - 'oid': (2, 5, 4, 27)}, - 'desx-CBC': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'desx-CBC (1 2 840 113549 3 6)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 06', - 'name': 'desx-CBC', - 'oid': (1, 2, 840, 113549, 3, 6)}, - 'device': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'device (2 5 6 14)', - 'hexoid': '06 03 55 06 0E', - 'name': 'device', - 'oid': (2, 5, 6, 14)}, - 'dh-pop': {'comment': 'PKIX algorithm', - 'description': 'dh-pop (1 3 6 1 5 5 7 6 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 04', - 'name': 'dh-pop', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 4)}, - 'dh-sig-hmac-sha1': {'comment': 'PKIX algorithm', - 'description': 'dh-sig-hmac-sha1 (1 3 6 1 5 5 7 6 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 03', - 'name': 'dh-sig-hmac-sha1', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 3)}, - 'dhEphem': {'comment': 'ANSI X9.42 scheme', - 'description': 'dhEphem (1 2 840 10046 3 2)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 02', - 'name': 'dhEphem', - 'oid': (1, 2, 840, 10046, 3, 2)}, - 'dhHybrid1': {'comment': 'ANSI X9.42 scheme', - 'description': 'dhHybrid1 (1 2 840 10046 3 3)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 03', - 'name': 'dhHybrid1', - 'oid': (1, 2, 840, 10046, 3, 3)}, - 'dhHybrid2': {'comment': 'ANSI X9.42 scheme', - 'description': 'dhHybrid2 (1 2 840 10046 3 4)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 04', - 'name': 'dhHybrid2', - 'oid': (1, 2, 840, 10046, 3, 4)}, - 'dhKeyAgreement': {'comment': 'PKCS #3', - 'description': 'dhKeyAgreement (1 2 840 113549 1 3 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 03 01', - 'name': 'dhKeyAgreement', - 'oid': (1, 2, 840, 113549, 1, 3, 1)}, - 'dhPublicKey': {'comment': 'ANSI X9.42 number type', - 'description': 'dhPublicKey (1 2 840 10046 2 1)', - 'hexoid': '06 07 2A 86 48 CE 3E 02 01', - 'name': 'dhPublicKey', - 'oid': (1, 2, 840, 10046, 2, 1)}, - 'dhStatic': {'comment': 'ANSI X9.42 scheme', - 'description': 'dhStatic (1 2 840 10046 3 1)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 01', - 'name': 'dhStatic', - 'oid': (1, 2, 840, 10046, 3, 1)}, - 'digestAlgorithm': {'description': 'digestAlgorithm (1 2 840 113549 2)', - 'hexoid': '06 07 2A 86 48 86 F7 0D 02', - 'name': 'digestAlgorithm', - 'oid': (1, 2, 840, 113549, 2)}, - 'digestedData': {'comment': 'PKCS #7', - 'description': 'digestedData (1 2 840 113549 1 7 5)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 05', - 'name': 'digestedData', - 'oid': (1, 2, 840, 113549, 1, 7, 5)}, - 'directory': {'comment': 'Netscape', - 'description': 'directory (2 16 840 1 113730 3)', - 'hexoid': '06 08 60 86 48 01 86 F8 42 03', - 'name': 'directory', - 'oid': (2, 16, 840, 1, 113730, 3)}, - 'directoryGroup': {'comment': 'Telesec object class', - 'description': 'directoryGroup (0 2 262 1 10 3 3)', - 'hexoid': '06 07 02 82 06 01 0A 03 03', - 'name': 'directoryGroup', - 'oid': (0, 2, 262, 1, 10, 3, 3)}, - 'directoryGroupName': {'comment': 'Telesec attribute', - 'description': 'directoryGroupName (0 2 262 1 10 7 32)', - 'hexoid': '06 07 02 82 06 01 0A 07 20', - 'name': 'directoryGroupName', - 'oid': (0, 2, 262, 1, 10, 7, 32)}, - 'directoryName': {'comment': 'Telesec attribute', - 'description': 'directoryName (0 2 262 1 10 7 30)', - 'hexoid': '06 07 02 82 06 01 0A 07 1E', - 'name': 'directoryName', - 'oid': (0, 2, 262, 1, 10, 7, 30)}, - 'directoryService': {'comment': 'Teletrust extended key usage', - 'description': 'directoryService (1 3 36 8 2 1)', - 'hexoid': '06 05 2B 24 08 02 01', - 'name': 'directoryService', - 'oid': (1, 3, 36, 8, 2, 1)}, - 'directoryType': {'comment': 'Telesec object class', - 'description': 'directoryType (0 2 262 1 10 3 2)', - 'hexoid': '06 07 02 82 06 01 0A 03 02', - 'name': 'directoryType', - 'oid': (0, 2, 262, 1, 10, 3, 2)}, - 'directoryTypeName': {'comment': 'Telesec attribute', - 'description': 'directoryTypeName (0 2 262 1 10 7 31)', - 'hexoid': '06 07 02 82 06 01 0A 07 1F', - 'name': 'directoryTypeName', - 'oid': (0, 2, 262, 1, 10, 7, 31)}, - 'directoryUser': {'comment': 'Telesec object class', - 'description': 'directoryUser (0 2 262 1 10 3 4)', - 'hexoid': '06 07 02 82 06 01 0A 03 04', - 'name': 'directoryUser', - 'oid': (0, 2, 262, 1, 10, 3, 4)}, - 'directoryUserName': {'comment': 'Telesec attribute', - 'description': 'directoryUserName (0 2 262 1 10 7 33)', - 'hexoid': '06 07 02 82 06 01 0A 07 21', - 'name': 'directoryUserName', - 'oid': (0, 2, 262, 1, 10, 7, 33)}, - 'distinguishedName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'distinguishedName (2 5 4 49)', - 'hexoid': '06 03 55 04 31', - 'name': 'distinguishedName', - 'oid': (2, 5, 4, 49)}, - 'dmdName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'dmdName (2 5 4 54)', - 'hexoid': '06 03 55 04 36', - 'name': 'dmdName', - 'oid': (2, 5, 4, 54)}, - 'dnQualifier': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'dnQualifier (2 5 4 46)', - 'hexoid': '06 03 55 04 2E', - 'name': 'dnQualifier', - 'oid': (2, 5, 4, 46)}, - 'document': {'comment': 'Teletrust document', - 'description': 'document (1 3 36 1)', - 'hexoid': '06 03 2B 24 01', - 'name': 'document', - 'oid': (1, 3, 36, 1)}, - 'domainComponent': {'comment': 'Men are from Mars, this OID is from Pluto', - 'description': 'domainComponent (0 9 2342 19200300 100 1 25)', - 'hexoid': '06 0A 09 92 26 89 93 F2 2C 64 01 19', - 'name': 'domainComponent', - 'oid': (0, 9, 2342, 19200300, 100, 1, 25)}, - 'domainSig': {'comment': 'S/MIME Signature Type Identifier', - 'description': 'domainSig (1 2 840 113549 1 9 16 9 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 02', - 'name': 'domainSig', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 9, 2)}, - 'draft': {'comment': 'Teletrust document', - 'description': 'draft (1 3 36 1 2)', - 'hexoid': '06 04 2B 24 01 02', - 'name': 'draft', - 'oid': (1, 3, 36, 1, 2)}, - 'dsa': {'comment': 'ANSI X9.57 algorithm', - 'description': 'dsa (1 2 840 10040 4 1)', - 'hexoid': '06 07 2A 86 48 CE 38 04 01', - 'name': 'dsa', - 'oid': (1, 2, 840, 10040, 4, 1)}, - 'dsa-match': {'comment': 'ANSI X9.57 algorithm', - 'description': 'dsa-match (1 2 840 10040 4 2)', - 'hexoid': '06 07 2A 86 48 CE 38 04 02', - 'name': 'dsa-match', - 'oid': (1, 2, 840, 10040, 4, 2)}, - 'dsaExtended': {'comment': 'Teletrust signature algorithm', - 'description': 'dsaExtended (1 3 36 8 5 1 2 1)', - 'hexoid': '06 07 2B 24 08 05 01 02 01', - 'name': 'dsaExtended', - 'oid': (1, 3, 36, 8, 5, 1, 2, 1)}, - 'dsaWithCommonSHA1': {'comment': 'OIW', - 'description': 'dsaWithCommonSHA1 (1 3 14 3 2 28)', - 'hexoid': '06 05 2B 0E 03 02 1C', - 'name': 'dsaWithCommonSHA1', - 'oid': (1, 3, 14, 3, 2, 28)}, - 'dsaWithRIPEMD160': {'comment': 'Teletrust signature algorithm', - 'description': 'dsaWithRIPEMD160 (1 3 36 8 5 1 2 2)', - 'hexoid': '06 07 2B 24 08 05 01 02 02', - 'name': 'dsaWithRIPEMD160', - 'oid': (1, 3, 36, 8, 5, 1, 2, 2)}, - 'dsaWithSHA1': {'comment': 'OIW. This OID may also be assigned as ripemd-160', - 'description': 'dsaWithSHA1 (1 3 14 3 2 27)', - 'hexoid': '06 05 2B 0E 03 02 1B', - 'name': 'dsaWithSHA1', - 'oid': (1, 3, 14, 3, 2, 27)}, - 'dsaWithSha1': {'comment': 'ANSI X9.57 algorithm', - 'description': 'dsaWithSha1 (1 2 840 10040 4 3)', - 'hexoid': '06 07 2A 86 48 CE 38 04 03', - 'name': 'dsaWithSha1', - 'oid': (1, 2, 840, 10040, 4, 3)}, - 'dsaWithSha224': {'comment': 'NIST Algorithm', - 'description': 'dsaWithSha224 (2 16 840 1 101 3 4 3 1)', - 'hexoid': '06 09 60 86 48 01 65 03 04 03 01', - 'name': 'dsaWithSha224', - 'oid': (2, 16, 840, 1, 101, 3, 4, 3, 1)}, - 'dsaWithSha256': {'comment': 'NIST Algorithm', - 'description': 'dsaWithSha256 (2 16 840 1 101 3 4 3 2)', - 'hexoid': '06 09 60 86 48 01 65 03 04 03 02', - 'name': 'dsaWithSha256', - 'oid': (2, 16, 840, 1, 101, 3, 4, 3, 2)}, - 'dvcs': {'comment': 'PKIX key purpose', - 'description': 'dvcs (1 3 6 1 5 5 7 3 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0A', - 'name': 'dvcs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 10)}, - 'dvcs-dvc': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'dvcs-dvc (1 2 840 113549 1 9 16 2 29)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1D', - 'name': 'dvcs-dvc', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 29)}, - 'e-COMM': {'comment': 'SET vendor', - 'description': 'e-COMM (2 23 42 9 37)', - 'hexoid': '06 04 67 2A 09 25', - 'name': 'e-COMM', - 'oid': (2, 23, 42, 9, 37)}, - 'eLab': {'comment': 'SET vendor', - 'description': 'eLab (2 23 42 9 22)', - 'hexoid': '06 04 67 2A 09 16', - 'name': 'eLab', - 'oid': (2, 23, 42, 9, 22)}, - 'eapOverPPP': {'comment': 'PKIX key purpose', - 'description': 'eapOverPPP (1 3 6 1 5 5 7 3 13)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0D', - 'name': 'eapOverPPP', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 13)}, - 'ecPublicKey': {'comment': 'ANSI X9.62 public key type', - 'description': 'ecPublicKey (1 2 840 10045 2 1)', - 'hexoid': '06 07 2A 86 48 CE 3D 02 01', - 'name': 'ecPublicKey', - 'oid': (1, 2, 840, 10045, 2, 1)}, - 'ecdsaWithRecommended': {'comment': 'ANSI X9.62 ECDSA algorithm with Recommended', - 'description': 'ecdsaWithRecommended (1 2 840 10045 4 2)', - 'hexoid': '06 07 2A 86 48 CE 3D 04 02', - 'name': 'ecdsaWithRecommended', - 'oid': (1, 2, 840, 10045, 4, 2)}, - 'ecdsaWithSHA1': {'comment': 'ANSI X9.62 ECDSA algorithm with SHA1', - 'description': 'ecdsaWithSHA1 (1 2 840 10045 4 1)', - 'hexoid': '06 07 2A 86 48 CE 3D 04 01', - 'name': 'ecdsaWithSHA1', - 'oid': (1, 2, 840, 10045, 4, 1)}, - 'ecdsaWithSHA224': {'comment': 'ANSI X9.62 ECDSA algorithm with SHA224', - 'description': 'ecdsaWithSHA224 (1 2 840 10045 4 3 1)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 01', - 'name': 'ecdsaWithSHA224', - 'oid': (1, 2, 840, 10045, 4, 3, 1)}, - 'ecdsaWithSHA256': {'comment': 'ANSI X9.62 ECDSA algorithm with SHA256', - 'description': 'ecdsaWithSHA256 (1 2 840 10045 4 3 2)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 02', - 'name': 'ecdsaWithSHA256', - 'oid': (1, 2, 840, 10045, 4, 3, 2)}, - 'ecdsaWithSHA384': {'comment': 'ANSI X9.62 ECDSA algorithm with SHA384', - 'description': 'ecdsaWithSHA384 (1 2 840 10045 4 3 3)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 03', - 'name': 'ecdsaWithSHA384', - 'oid': (1, 2, 840, 10045, 4, 3, 3)}, - 'ecdsaWithSHA512': {'comment': 'ANSI X9.62 ECDSA algorithm with SHA512', - 'description': 'ecdsaWithSHA512 (1 2 840 10045 4 3 4)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 04', - 'name': 'ecdsaWithSHA512', - 'oid': (1, 2, 840, 10045, 4, 3, 4)}, - 'ecdsaWithSpecified': {'comment': 'ANSI X9.62 ECDSA algorithm with Specified', - 'description': 'ecdsaWithSpecified (1 2 840 10045 4 3)', - 'hexoid': '06 07 2A 86 48 CE 3D 04 03', - 'name': 'ecdsaWithSpecified', - 'oid': (1, 2, 840, 10045, 4, 3)}, - 'eciaAscX12Edi': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'eciaAscX12Edi (1 3 6 1 4 1 3576 7)', - 'hexoid': '06 08 2B 06 01 04 01 9B 78 07', - 'name': 'eciaAscX12Edi', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7)}, - 'eciaEdifact': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'eciaEdifact (1 3 6 1 4 1 3576 8)', - 'hexoid': '06 08 2B 06 01 04 01 9B 78 08', - 'name': 'eciaEdifact', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 8)}, - 'eciaNonEdi': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'eciaNonEdi (1 3 6 1 4 1 3576 9)', - 'hexoid': '06 08 2B 06 01 04 01 9B 78 09', - 'name': 'eciaNonEdi', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 9)}, - 'ecsieSign': {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSign (1 3 36 3 3 2)', - 'hexoid': '06 05 2B 24 03 03 02', - 'name': 'ecsieSign', - 'oid': (1, 3, 36, 3, 3, 2)}, - 'ecsieSignWithmd2': {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithmd2 (1 3 36 3 3 2 3)', - 'hexoid': '06 06 2B 24 03 03 02 03', - 'name': 'ecsieSignWithmd2', - 'oid': (1, 3, 36, 3, 3, 2, 3)}, - 'ecsieSignWithmd5': {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithmd5 (1 3 36 3 3 2 4)', - 'hexoid': '06 06 2B 24 03 03 02 04', - 'name': 'ecsieSignWithmd5', - 'oid': (1, 3, 36, 3, 3, 2, 4)}, - 'ecsieSignWithripemd160': {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithripemd160 (1 3 36 3 3 2 2)', - 'hexoid': '06 06 2B 24 03 03 02 02', - 'name': 'ecsieSignWithripemd160', - 'oid': (1, 3, 36, 3, 3, 2, 2)}, - 'ecsieSignWithsha1': {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithsha1 (1 3 36 3 3 2 1)', - 'hexoid': '06 06 2B 24 03 03 02 01', - 'name': 'ecsieSignWithsha1', - 'oid': (1, 3, 36, 3, 3, 2, 1)}, - 'electronicOrder': {'comment': 'Telesec module', - 'description': 'electronicOrder (0 2 262 1 10 2 10)', - 'hexoid': '06 07 02 82 06 01 0A 02 0A', - 'name': 'electronicOrder', - 'oid': (0, 2, 262, 1, 10, 2, 10)}, - 'elgamal': {'comment': 'cryptlib public-key algorithm', - 'description': 'elgamal (1 3 6 1 4 1 3029 1 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 02 01', - 'name': 'elgamal', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1)}, - 'elgamalWithRIPEMD-160': {'comment': 'cryptlib public-key algorithm', - 'description': 'elgamalWithRIPEMD-160 (1 3 6 1 4 1 3029 1 2 1 2)', - 'hexoid': '06 0B 2B 06 01 04 01 97 55 01 02 01 02', - 'name': 'elgamalWithRIPEMD-160', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1, 2)}, - 'elgamalWithSHA-1': {'comment': 'cryptlib public-key algorithm', - 'description': 'elgamalWithSHA-1 (1 3 6 1 4 1 3029 1 2 1 1)', - 'hexoid': '06 0B 2B 06 01 04 01 97 55 01 02 01 01', - 'name': 'elgamalWithSHA-1', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1, 1)}, - 'emailAddress': {'comment': 'PKCS #9. Deprecated, use an altName extension instead', - 'description': 'emailAddress (1 2 840 113549 1 9 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 01', - 'name': 'emailAddress', - 'oid': (1, 2, 840, 113549, 1, 9, 1)}, - 'emailProtection': {'comment': 'PKIX key purpose', - 'description': 'emailProtection (1 3 6 1 5 5 7 3 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 04', - 'name': 'emailProtection', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 4)}, - 'employeeNumber': {'comment': 'Netscape LDAP definitions', - 'description': 'employeeNumber (2 16 840 1 113730 3 1 3)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 03', - 'name': 'employeeNumber', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 3)}, - 'employeeType': {'comment': 'Netscape LDAP definitions', - 'description': 'employeeType (2 16 840 1 113730 3 1 4)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 04', - 'name': 'employeeType', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 4)}, - 'emptyContent': {'comment': 'SDN.700 INFOSEC format', - 'description': 'emptyContent (2 16 840 1 101 2 1 2 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 02', - 'name': 'emptyContent', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 2)}, - 'encAttrs': {'comment': 'PKIX attribute certificate extension', - 'description': 'encAttrs (1 3 6 1 5 5 7 10 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 06', - 'name': 'encAttrs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 6)}, - 'encISO9796-2Withrsa': {'comment': 'Teletrust key management. 9796-2 with key stored in hash field', - 'description': 'encISO9796-2Withrsa (1 3 36 7 2 1)', - 'hexoid': '06 05 2B 24 07 02 01', - 'name': 'encISO9796-2Withrsa', - 'oid': (1, 3, 36, 7, 2, 1)}, - 'encKeyPairTypes': {'comment': 'PKIX CMP information', - 'description': 'encKeyPairTypes (1 3 6 1 5 5 7 4 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 03', - 'name': 'encKeyPairTypes', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 3)}, - 'encrypKeyPref': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'encrypKeyPref (1 2 840 113549 1 9 16 2 11)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0B', - 'name': 'encrypKeyPref', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 11)}, - 'encryptedData': {'comment': 'PKCS #7', - 'description': 'encryptedData (1 2 840 113549 1 7 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 06', - 'name': 'encryptedData', - 'oid': (1, 2, 840, 113549, 1, 7, 6)}, - 'encryptedFileSystem': {'comment': 'Microsoft enhanced key usage', - 'description': 'encryptedFileSystem (1 3 6 1 4 1 311 10 3 4)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 04', - 'name': 'encryptedFileSystem', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 4)}, - 'encryptedKeyHash': {'comment': 'Microsoft attribute', - 'description': 'encryptedKeyHash (1 3 6 1 4 1 311 21 21)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 15', - 'name': 'encryptedKeyHash', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 21)}, - 'encryptedPrivateKeyInfo': {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'encryptedPrivateKeyInfo (1 2 840 113549 1 9 25 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 02', - 'name': 'encryptedPrivateKeyInfo', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 2)}, - 'encryption': {'comment': 'Telesec mechanism', - 'description': 'encryption (0 2 262 1 10 1 2)', - 'hexoid': '06 07 02 82 06 01 0A 01 02', - 'name': 'encryption', - 'oid': (0, 2, 262, 1, 10, 1, 2)}, - 'encryptionAlgorithm': {'comment': 'Teletrust algorithm', - 'description': 'encryptionAlgorithm (1 3 36 3 1)', - 'hexoid': '06 04 2B 24 03 01', - 'name': 'encryptionAlgorithm', - 'oid': (1, 3, 36, 3, 1)}, - 'enhancedSearchGuide': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'enhancedSearchGuide (2 5 4 47)', - 'hexoid': '06 03 55 04 2F', - 'name': 'enhancedSearchGuide', - 'oid': (2, 5, 4, 47)}, - 'enrollCerttypeExtension': {'comment': 'Microsoft CAPICOM certificate template, V1', - 'description': 'enrollCerttypeExtension (1 3 6 1 4 1 311 20 2)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 14 02', - 'name': 'enrollCerttypeExtension', - 'oid': (1, 3, 6, 1, 4, 1, 311, 20, 2)}, - 'enrolmentCSP': {'comment': 'Microsoft attribute', - 'description': 'enrolmentCSP (1 3 6 1 4 1 311 13 2 2)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0D 02 02', - 'name': 'enrolmentCSP', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 2, 2)}, - 'enrolmentNameValuePair': {'comment': 'Microsoft attribute', - 'description': 'enrolmentNameValuePair (1 3 6 1 4 1 311 13 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0D 02 01', - 'name': 'enrolmentNameValuePair', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 2, 1)}, - 'entrustCAInfo': {'comment': 'Nortel Secure Networks at', - 'description': 'entrustCAInfo (1 2 840 113533 7 68 0)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 44 00', - 'name': 'entrustCAInfo', - 'oid': (1, 2, 840, 113533, 7, 68, 0)}, - 'entrustUser': {'comment': 'Nortel Secure Networks oc', - 'description': 'entrustUser (1 2 840 113533 7 67 0)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 43 00', - 'name': 'entrustUser', - 'oid': (1, 2, 840, 113533, 7, 67, 0)}, - 'entrustVersInfo': {'comment': 'Nortel Secure Networks ce', - 'description': 'entrustVersInfo (1 2 840 113533 7 65 0)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 41 00', - 'name': 'entrustVersInfo', - 'oid': (1, 2, 840, 113533, 7, 65, 0)}, - 'envelopedData': {'comment': 'PKCS #7', - 'description': 'envelopedData (1 2 840 113549 1 7 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 03', - 'name': 'envelopedData', - 'oid': (1, 2, 840, 113549, 1, 7, 3)}, - 'equivalentLabels': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'equivalentLabels (1 2 840 113549 1 9 16 2 9)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 09', - 'name': 'equivalentLabels', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 9)}, - 'esDH': {'comment': 'S/MIME Algorithms', - 'description': 'esDH (1 2 840 113549 1 9 16 3 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 05', - 'name': 'esDH', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 3, 5)}, - 'escTimeStamp': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'escTimeStamp (1 2 840 113549 1 9 16 2 25)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 19', - 'name': 'escTimeStamp', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 25)}, - 'espace-net': {'comment': 'SET vendor', - 'description': 'espace-net (2 23 42 9 31)', - 'hexoid': '06 04 67 2A 09 1F', - 'name': 'espace-net', - 'oid': (2, 23, 42, 9, 31)}, - 'etsiQcs': {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcs (0 4 0 1862 1)', - 'hexoid': '06 05 04 00 8E 46 01', - 'name': 'etsiQcs', - 'oid': (0, 4, 0, 1862, 1)}, - 'etsiQcsCompliance': {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsCompliance (0 4 0 1862 1 1)', - 'hexoid': '06 06 04 00 8E 46 01 01', - 'name': 'etsiQcsCompliance', - 'oid': (0, 4, 0, 1862, 1, 1)}, - 'etsiQcsLimitValue': {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsLimitValue (0 4 0 1862 1 2)', - 'hexoid': '06 06 04 00 8E 46 01 02', - 'name': 'etsiQcsLimitValue', - 'oid': (0, 4, 0, 1862, 1, 2)}, - 'etsiQcsProfile': {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsProfile (0 4 0 1862)', - 'hexoid': '06 04 04 00 8E 46', - 'name': 'etsiQcsProfile', - 'oid': (0, 4, 0, 1862)}, - 'etsiQcsQcSSCD': {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsQcSSCD (0 4 0 1862 1 4)', - 'hexoid': '06 06 04 00 8E 46 01 04', - 'name': 'etsiQcsQcSSCD', - 'oid': (0, 4, 0, 1862, 1, 4)}, - 'etsiQcsRetentionPeriod': {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsRetentionPeriod (0 4 0 1862 1 3)', - 'hexoid': '06 06 04 00 8E 46 01 03', - 'name': 'etsiQcsRetentionPeriod', - 'oid': (0, 4, 0, 1862, 1, 3)}, - 'extKeyUsage': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'extKeyUsage (2 5 29 37)', - 'hexoid': '06 03 55 1D 25', - 'name': 'extKeyUsage', - 'oid': (2, 5, 29, 37)}, - 'extendedCertificateAttributes': {'comment': 'PKCS #9', - 'description': 'extendedCertificateAttributes (1 2 840 113549 1 9 9)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 09', - 'name': 'extendedCertificateAttributes', - 'oid': (1, 2, 840, 113549, 1, 9, 9)}, - 'extension': {'comment': 'Telesec', - 'description': 'extension (0 2 262 1 10 0)', - 'hexoid': '06 06 02 82 06 01 0A 00', - 'name': 'extension', - 'oid': (0, 2, 262, 1, 10, 0)}, - 'extensionRequest': {'comment': 'PKCS #9 via CRMF', - 'description': 'extensionRequest (1 2 840 113549 1 9 14)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 0E', - 'name': 'extensionRequest', - 'oid': (1, 2, 840, 113549, 1, 9, 14)}, - 'facsimileTelephoneNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'facsimileTelephoneNumber (2 5 4 23)', - 'hexoid': '06 03 55 04 17', - 'name': 'facsimileTelephoneNumber', - 'oid': (2, 5, 4, 23)}, - 'failInfo': {'comment': 'Verisign PKCS #7 attribute', - 'description': 'failInfo (2 16 840 1 113733 1 9 4)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 04', - 'name': 'failInfo', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 4)}, - 'familyInformation': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'familyInformation (2 5 4 64)', - 'hexoid': '06 03 55 04 40', - 'name': 'familyInformation', - 'oid': (2, 5, 4, 64)}, - 'familyName': {'comment': 'SET field', - 'description': 'familyName (2 23 42 2 2)', - 'hexoid': '06 04 67 2A 02 02', - 'name': 'familyName', - 'oid': (2, 23, 42, 2, 2)}, - 'febUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'febUKMs (2 16 840 1 101 2 1 5 21)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 15', - 'name': 'febUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 21)}, - 'fec': {'comment': 'Telesec module', - 'description': 'fec (0 2 262 1 10 2 6)', - 'hexoid': '06 07 02 82 06 01 0A 02 06', - 'name': 'fec', - 'oid': (0, 2, 262, 1, 10, 2, 6)}, - 'fecFunction': {'comment': 'Telesec mechanism', - 'description': 'fecFunction (0 2 262 1 10 1 4)', - 'hexoid': '06 07 02 82 06 01 0A 01 04', - 'name': 'fecFunction', - 'oid': (0, 2, 262, 1, 10, 1, 4)}, - 'field': {'comment': 'SET', - 'description': 'field (2 23 42 2)', - 'hexoid': '06 03 67 2A 02', - 'name': 'field', - 'oid': (2, 23, 42, 2)}, - 'fieldType': {'comment': 'ANSI X9.42', - 'description': 'fieldType (1 2 840 10046 1)', - 'hexoid': '06 06 2A 86 48 CE 3E 01', - 'name': 'fieldType', - 'oid': (1, 2, 840, 10046, 1)}, - 'fileName': {'comment': 'Teletrust signature attributes', - 'description': 'fileName (1 3 36 8 6 5)', - 'hexoid': '06 05 2B 24 08 06 05', - 'name': 'fileName', - 'oid': (1, 3, 36, 8, 6, 5)}, - 'fileSize': {'comment': 'Teletrust signature attributes', - 'description': 'fileSize (1 3 36 8 6 7)', - 'hexoid': '06 05 2B 24 08 06 07', - 'name': 'fileSize', - 'oid': (1, 3, 36, 8, 6, 7)}, - 'fileType': {'comment': 'Telesec attribute', - 'description': 'fileType (0 2 262 1 10 7 26)', - 'hexoid': '06 07 02 82 06 01 0A 07 1A', - 'name': 'fileType', - 'oid': (0, 2, 262, 1, 10, 7, 26)}, - 'finalVersion': {'comment': 'Teletrust document', - 'description': 'finalVersion (1 3 36 1 1)', - 'hexoid': '06 04 2B 24 01 01', - 'name': 'finalVersion', - 'oid': (1, 3, 36, 1, 1)}, - 'fortezzaCKL': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'fortezzaCKL (2 16 840 1 101 2 1 5 46)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2E', - 'name': 'fortezzaCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 46)}, - 'fortezzaConfidentialityAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm', - 'description': 'fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 04', - 'name': 'fortezzaConfidentialityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 4)}, - 'fortezzaIntegrityAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm', - 'description': 'fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 06', - 'name': 'fortezzaIntegrityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 6)}, - 'fortezzaKMandSigAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm', - 'description': 'fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0C', - 'name': 'fortezzaKMandSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 12)}, - 'fortezzaKMandUpdSigAlgorithms': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms', - 'description': 'fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 14', - 'name': 'fortezzaKMandUpdSigAlgorithms', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 20)}, - 'fortezzaKeyManagementAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm', - 'description': 'fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0A', - 'name': 'fortezzaKeyManagementAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 10)}, - 'fortezzaSignatureAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1.', - 'description': 'fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 02', - 'name': 'fortezzaSignatureAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 2)}, - 'fortezzaTokenProtectionAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm', - 'description': 'fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 08', - 'name': 'fortezzaTokenProtectionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 8)}, - 'fortezzaUpdatedIntegAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm', - 'description': 'fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 15', - 'name': 'fortezzaUpdatedIntegAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 21)}, - 'fortezzaUpdatedSigAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm', - 'description': 'fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 13', - 'name': 'fortezzaUpdatedSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 19)}, - 'fortezzaWrap80Algorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'fortezzaWrap80Algorithm (2 16 840 1 101 2 1 1 23)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 17', - 'name': 'fortezzaWrap80Algorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 23)}, - 'forwardedCSPMsgBodyPart': {'comment': 'SDN.700 INFOSEC format', - 'description': 'forwardedCSPMsgBodyPart (2 16 840 1 101 2 1 2 74)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 4A', - 'name': 'forwardedCSPMsgBodyPart', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 74)}, - 'forwardedMSPMessageBodyPart': {'comment': 'SDN.700 INFOSEC format', - 'description': 'forwardedMSPMessageBodyPart (2 16 840 1 101 2 1 2 72)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 48', - 'name': 'forwardedMSPMessageBodyPart', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 72)}, - 'freshestCRL': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'freshestCRL (2 5 29 46)', - 'hexoid': '06 03 55 1D 2E', - 'name': 'freshestCRL', - 'oid': (2, 5, 29, 46)}, - 'friendlyName': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'friendlyName (for PKCS #12) (1 2 840 113549 1 9 20)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 14', - 'name': 'friendlyName', - 'oid': (1, 2, 840, 113549, 1, 9, 20)}, - 'fullName': {'comment': 'SET field', - 'description': 'fullName (2 23 42 2 0)', - 'hexoid': '06 04 67 2A 02 00', - 'name': 'fullName', - 'oid': (2, 23, 42, 2, 0)}, - 'functionality-specific_api': {'comment': 'Teletrust API', - 'description': 'functionality-specific_api (1 3 36 6 2)', - 'hexoid': '06 04 2B 24 06 02', - 'name': 'functionality-specific_api', - 'oid': (1, 3, 36, 6, 2)}, - 'gKeyData': {'comment': 'Telesec attribute', - 'description': 'gKeyData (0 2 262 1 10 7 38)', - 'hexoid': '06 07 02 82 06 01 0A 07 26', - 'name': 'gKeyData', - 'oid': (0, 2, 262, 1, 10, 7, 38)}, - 'gender': {'comment': 'PKIX personal data', - 'description': 'gender (1 3 6 1 5 5 7 9 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 03', - 'name': 'gender', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 3)}, - 'generationQualifier': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'generationQualifier (2 5 4 44)', - 'hexoid': '06 03 55 04 2C', - 'name': 'generationQualifier', - 'oid': (2, 5, 4, 44)}, - 'genser': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'genser (2 16 840 1 101 2 1 3 11)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0B', - 'name': 'genser', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 11)}, - 'genserSecurityCategories': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'genserSecurityCategories (2 16 840 1 101 2 1 3 11 3)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 03 0B 03', - 'name': 'genserSecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 11, 3)}, - 'genserTagSetName': {'comment': 'SDN.700 INFOSEC GENSER policy', - 'description': 'genserTagSetName (2 16 840 1 101 2 1 3 11 3 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0B 03 00', - 'name': 'genserTagSetName', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 11, 3, 0)}, - 'gf-prime': {'comment': 'ANSI X9.42 field type', - 'description': 'gf-prime (1 2 840 10046 1 1)', - 'hexoid': '06 07 2A 86 48 CE 3E 01 01', - 'name': 'gf-prime', - 'oid': (1, 2, 840, 10046, 1, 1)}, - 'givenName': {'comment': 'SET field', - 'description': 'givenName (2 23 42 2 1)', - 'hexoid': '06 04 67 2A 02 01', - 'name': 'givenName', - 'oid': (2, 23, 42, 2, 1)}, - 'glNumber': {'comment': 'Telesec attribute', - 'description': 'glNumber (0 2 262 1 10 7 36)', - 'hexoid': '06 07 02 82 06 01 0A 07 24', - 'name': 'glNumber', - 'oid': (0, 2, 262, 1, 10, 7, 36)}, - 'gnu': {'comment': 'GNU Project (see http://www.gnupg.org/oids.html)', - 'description': 'gnu (1 3 6 1 4 1 11591)', - 'hexoid': '06 07 2B 06 01 04 01 DA 47', - 'name': 'gnu', - 'oid': (1, 3, 6, 1, 4, 1, 11591)}, - 'gnuDigestAlgorithm': {'comment': 'GNU digest algorithm', - 'description': 'gnuDigestAlgorithm (1 3 6 1 4 1 11591 12)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 0C', - 'name': 'gnuDigestAlgorithm', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 12)}, - 'gnuEncryptionAlgorithm': {'comment': 'GNU encryption algorithm', - 'description': 'gnuEncryptionAlgorithm (1 3 6 1 4 1 11591 13)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 0D', - 'name': 'gnuEncryptionAlgorithm', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13)}, - 'gnuRadar': {'comment': 'GNU Radar', - 'description': 'gnuRadar (1 3 6 1 4 1 11591 3)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 03', - 'name': 'gnuRadar', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 3)}, - 'gnuRadius': {'comment': 'GNU Radius', - 'description': 'gnuRadius (1 3 6 1 4 1 11591 1)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 01', - 'name': 'gnuRadius', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 1)}, - 'goNumber': {'comment': 'Telesec attribute', - 'description': 'goNumber (0 2 262 1 10 7 37)', - 'hexoid': '06 07 02 82 06 01 0A 07 25', - 'name': 'goNumber', - 'oid': (0, 2, 262, 1, 10, 7, 37)}, - 'group': {'comment': 'PKIX attribute certificate extension', - 'description': 'group (1 3 6 1 5 5 7 10 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 04', - 'name': 'group', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 4)}, - 'groupOfNames': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'groupOfNames (2 5 6 9)', - 'hexoid': '06 03 55 06 09', - 'name': 'groupOfNames', - 'oid': (2, 5, 6, 9)}, - 'groupOfUniqueNames': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'groupOfUniqueNames (2 5 6 17)', - 'hexoid': '06 03 55 06 11', - 'name': 'groupOfUniqueNames', - 'oid': (2, 5, 6, 17)}, - 'hashAlgorithm': {'comment': 'Teletrust algorithm', - 'description': 'hashAlgorithm (1 3 36 3 2)', - 'hexoid': '06 04 2B 24 03 02', - 'name': 'hashAlgorithm', - 'oid': (1, 3, 36, 3, 2)}, - 'hashAlgos': {'comment': 'NIST Algorithm', - 'description': 'hashAlgos (2 16 840 1 101 3 4 2)', - 'hexoid': '06 08 60 86 48 01 65 03 04 02', - 'name': 'hashAlgos', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2)}, - 'hashUsingBlockCipher': {'comment': 'Telesec one-way function', - 'description': 'hashUsingBlockCipher (0 2 262 1 10 1 3 6)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 06', - 'name': 'hashUsingBlockCipher', - 'oid': (0, 2, 262, 1, 10, 1, 3, 6)}, - 'hashedRootKey': {'comment': 'SET cert extension', - 'description': 'hashedRootKey (2 23 42 7 0)', - 'hexoid': '06 04 67 2A 07 00', - 'name': 'hashedRootKey', - 'oid': (2, 23, 42, 7, 0)}, - 'hbciRsaSignature': {'comment': 'Telesec signature', - 'description': 'hbciRsaSignature (0 2 262 1 10 1 1 9)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 09', - 'name': 'hbciRsaSignature', - 'oid': (0, 2, 262, 1, 10, 1, 1, 9)}, - 'healthcareLicense': {'comment': 'ASTM 31.20', - 'description': 'healthcareLicense (1 2 840 10065 2 3)', - 'hexoid': '06 07 2A 86 48 CE 51 02 03', - 'name': 'healthcareLicense', - 'oid': (1, 2, 840, 10065, 2, 3)}, - 'hmacMD5': {'comment': 'ISAKMP HMAC algorithm', - 'description': 'hmacMD5 (1 3 6 1 5 5 8 1 1)', - 'hexoid': '06 08 2B 06 01 05 05 08 01 01', - 'name': 'hmacMD5', - 'oid': (1, 3, 6, 1, 5, 5, 8, 1, 1)}, - 'hmacSHA': {'comment': 'ISAKMP HMAC algorithm', - 'description': 'hmacSHA (1 3 6 1 5 5 8 1 2)', - 'hexoid': '06 08 2B 06 01 05 05 08 01 02', - 'name': 'hmacSHA', - 'oid': (1, 3, 6, 1, 5, 5, 8, 1, 2)}, - 'hmacTiger': {'comment': 'ISAKMP HMAC algorithm', - 'description': 'hmacTiger (1 3 6 1 5 5 8 1 3)', - 'hexoid': '06 08 2B 06 01 05 05 08 01 03', - 'name': 'hmacTiger', - 'oid': (1, 3, 6, 1, 5, 5, 8, 1, 3)}, - 'hmacWithSHA1': {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA1 (1 2 840 113549 2 7)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 07', - 'name': 'hmacWithSHA1', - 'oid': (1, 2, 840, 113549, 2, 7)}, - 'hmacWithSHA224': {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA224 (1 2 840 113549 2 8)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 08', - 'name': 'hmacWithSHA224', - 'oid': (1, 2, 840, 113549, 2, 8)}, - 'hmacWithSHA256': {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA256 (1 2 840 113549 2 9)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 09', - 'name': 'hmacWithSHA256', - 'oid': (1, 2, 840, 113549, 2, 9)}, - 'hmacWithSHA384': {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA384 (1 2 840 113549 2 10)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 0A', - 'name': 'hmacWithSHA384', - 'oid': (1, 2, 840, 113549, 2, 10)}, - 'hmacWithSHA512': {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA512 (1 2 840 113549 2 11)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 0B', - 'name': 'hmacWithSHA512', - 'oid': (1, 2, 840, 113549, 2, 11)}, - 'holdinstruction': {'comment': 'ANSI X9.57', - 'description': 'holdinstruction (1 2 840 10040 2)', - 'hexoid': '06 06 2A 86 48 CE 38 02', - 'name': 'holdinstruction', - 'oid': (1, 2, 840, 10040, 2)}, - 'holdinstruction-none': {'comment': 'ANSI X9.57 hold instruction', - 'description': 'holdinstruction-none (1 2 840 10040 2 1)', - 'hexoid': '06 07 2A 86 48 CE 38 02 01', - 'name': 'holdinstruction-none', - 'oid': (1, 2, 840, 10040, 2, 1)}, - 'houseIdentifier': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'houseIdentifier (2 5 4 51)', - 'hexoid': '06 03 55 04 33', - 'name': 'houseIdentifier', - 'oid': (2, 5, 4, 51)}, - 'iKEIntermediate': {'comment': 'IKE ???', - 'description': 'iKEIntermediate (1 3 6 1 5 5 8 2 2)', - 'hexoid': '06 08 2B 06 01 05 05 08 02 02', - 'name': 'iKEIntermediate', - 'oid': (1, 3, 6, 1, 5, 5, 8, 2, 2)}, - 'iaReceiptMessage': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'iaReceiptMessage (1 3 6 1 4 1 3576 7 65)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 41', - 'name': 'iaReceiptMessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 65)}, - 'iaStatusMessage': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'iaStatusMessage (1 3 6 1 4 1 3576 7 97)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 61', - 'name': 'iaStatusMessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 97)}, - 'id-ad-rpkiManifest': {'comment': 'RPKI project', - 'description': 'id-ad-rpkiManifest (1 3 6 1 5 5 7 48 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 0A', - 'name': 'id-ad-rpkiManifest', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 10)}, - 'id-ad-signedObject': {'comment': 'RPKI project', - 'description': 'id-ad-signedObject (1 3 6 1 5 5 7 48 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 0B', - 'name': 'id-ad-signedObject', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 11)}, - 'id-ad-signedObjectRepository': {'comment': 'RPKI project', - 'description': 'id-ad-signedObjectRepository (1 3 6 1 5 5 7 48 9)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 09', - 'name': 'id-ad-signedObjectRepository', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 9)}, - 'id-cp-ipAddr-asNumber': {'comment': 'RPKI project', - 'description': 'id-cp-ipAddr-asNumber (1 3 6 1 5 5 7 14 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 0E 02', - 'name': 'id-cp-ipAddr-asNumber', - 'oid': (1, 3, 6, 1, 5, 5, 7, 14, 2)}, - 'id-ct-routeOriginAttestation': {'comment': 'RPKI project', - 'description': 'id-ct-routeOriginAttestation (1 2 840 113549 1 9 16 1 24)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 18', - 'name': 'id-ct-routeOriginAttestation', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 24)}, - 'id-ct-rpkiManifest': {'comment': 'RPKI project', - 'description': 'id-ct-rpkiManifest (1 2 840 113549 1 9 16 1 26)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A', - 'name': 'id-ct-rpkiManifest', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 26)}, - 'id-ct-xml': {'comment': 'RPKI project', - 'description': 'id-ct-xml (1 2 840 113549 1 9 16 1 28)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 1C', - 'name': 'id-ct-xml', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 28)}, - 'id-mod': {'comment': 'id-sMIME', - 'description': 'id-mod (1 2 840 113549 1 9 16 0)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 00', - 'name': 'id-mod', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0)}, - 'id-mod-cms': {'comment': 'S/MIME Modules', - 'description': 'id-mod-cms (1 2 840 113549 1 9 16 0 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 01', - 'name': 'id-mod-cms', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 1)}, - 'id-mod-ess': {'comment': 'S/MIME Modules', - 'description': 'id-mod-ess (1 2 840 113549 1 9 16 0 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 02', - 'name': 'id-mod-ess', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 2)}, - 'id-mod-ets-eSigPolicy-88': {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 8)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 08', - 'name': 'id-mod-ets-eSigPolicy-88', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 8)}, - 'id-mod-ets-eSignature-88': {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSignature-88 (1 2 840 113549 1 9 16 0 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 05', - 'name': 'id-mod-ets-eSignature-88', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 5)}, - 'id-mod-ets-eSignature-97': {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSignature-97 (1 2 840 113549 1 9 16 0 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 06', - 'name': 'id-mod-ets-eSignature-97', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 6)}, - 'id-mod-msg-v3': {'comment': 'S/MIME Modules', - 'description': 'id-mod-msg-v3 (1 2 840 113549 1 9 16 0 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 04', - 'name': 'id-mod-msg-v3', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 4)}, - 'id-mod-oid': {'comment': 'S/MIME Modules', - 'description': 'id-mod-oid (1 2 840 113549 1 9 16 0 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 03', - 'name': 'id-mod-oid', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0, 3)}, - 'id-sMIME': {'comment': 'PKCS #9', - 'description': 'id-sMIME (1 2 840 113549 1 9 16)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 10', - 'name': 'id-sMIME', - 'oid': (1, 2, 840, 113549, 1, 9, 16)}, - 'idea': {'comment': 'Teletrust encryption algorithm', - 'description': 'idea (1 3 36 3 1 2)', - 'hexoid': '06 05 2B 24 03 01 02', - 'name': 'idea', - 'oid': (1, 3, 36, 3, 1, 2)}, - 'ideaCBC': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCBC (1 3 36 3 1 2 2)', - 'hexoid': '06 06 2B 24 03 01 02 02', - 'name': 'ideaCBC', - 'oid': (1, 3, 36, 3, 1, 2, 2)}, - 'ideaCBC_ISOpad': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1)', - 'hexoid': '06 08 2B 24 03 01 02 02 01 01', - 'name': 'ideaCBC_ISOpad', - 'oid': (1, 3, 36, 3, 1, 2, 2, 1, 1)}, - 'ideaCBC_pad': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCBC_pad (1 3 36 3 1 2 2 1)', - 'hexoid': '06 07 2B 24 03 01 02 02 01', - 'name': 'ideaCBC_pad', - 'oid': (1, 3, 36, 3, 1, 2, 2, 1)}, - 'ideaCFB': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCFB (1 3 36 3 1 2 4)', - 'hexoid': '06 06 2B 24 03 01 02 04', - 'name': 'ideaCFB', - 'oid': (1, 3, 36, 3, 1, 2, 4)}, - 'ideaCFB64': {'comment': 'Telesec encryption', - 'description': 'ideaCFB64 (0 2 262 1 10 1 2 5 5)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 05', - 'name': 'ideaCFB64', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 5)}, - 'ideaCFB8': {'comment': 'Telesec encryption', - 'description': 'ideaCFB8 (0 2 262 1 10 1 2 5 4)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 04', - 'name': 'ideaCFB8', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 4)}, - 'ideaECB': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaECB (1 3 36 3 1 2 1)', - 'hexoid': '06 06 2B 24 03 01 02 01', - 'name': 'ideaECB', - 'oid': (1, 3, 36, 3, 1, 2, 1)}, - 'ideaECB_ISOpad': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaECB_ISOpad (1 3 36 3 1 2 1 1 1)', - 'hexoid': '06 08 2B 24 03 01 02 01 01 01', - 'name': 'ideaECB_ISOpad', - 'oid': (1, 3, 36, 3, 1, 2, 1, 1, 1)}, - 'ideaECB_pad': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaECB_pad (1 3 36 3 1 2 1 1)', - 'hexoid': '06 07 2B 24 03 01 02 01 01', - 'name': 'ideaECB_pad', - 'oid': (1, 3, 36, 3, 1, 2, 1, 1)}, - 'ideaOFB': {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaOFB (1 3 36 3 1 2 3)', - 'hexoid': '06 06 2B 24 03 01 02 03', - 'name': 'ideaOFB', - 'oid': (1, 3, 36, 3, 1, 2, 3)}, - 'identificationNumber': {'comment': 'SET field', - 'description': 'identificationNumber (2 23 42 2 5)', - 'hexoid': '06 04 67 2A 02 05', - 'name': 'identificationNumber', - 'oid': (2, 23, 42, 2, 5)}, - 'identrusOCSP': {'comment': 'Identrus', - 'description': 'identrusOCSP (1 2 840 114021 4 1)', - 'hexoid': '06 08 2A 86 48 86 FA 65 04 01', - 'name': 'identrusOCSP', - 'oid': (1, 2, 840, 114021, 4, 1)}, - 'implicitConfirm': {'comment': 'PKIX CMP information', - 'description': 'implicitConfirm (1 3 6 1 5 5 7 4 13)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0D', - 'name': 'implicitConfirm', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 13)}, - 'individualCodeSigning': {'comment': 'Microsoft', - 'description': 'individualCodeSigning (1 3 6 1 4 1 311 2 1 21)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 15', - 'name': 'individualCodeSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 21)}, - 'inetOrgPerson': {'comment': 'Netscape LDAP definitions', - 'description': 'inetOrgPerson (2 16 840 1 113730 3 2 2)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 02 02', - 'name': 'inetOrgPerson', - 'oid': (2, 16, 840, 1, 113730, 3, 2, 2)}, - 'inhibitAnyPolicy': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'inhibitAnyPolicy (2 5 29 54)', - 'hexoid': '06 03 55 1D 36', - 'name': 'inhibitAnyPolicy', - 'oid': (2, 5, 29, 54)}, - 'initials': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'initials (2 5 4 43)', - 'hexoid': '06 03 55 04 2B', - 'name': 'initials', - 'oid': (2, 5, 4, 43)}, - 'instructionCode': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'instructionCode (2 5 29 23)', - 'hexoid': '06 03 55 1D 17', - 'name': 'instructionCode', - 'oid': (2, 5, 29, 23)}, - 'integratedCircuitCardSerialNumber': {'comment': 'Teletrust attribute', - 'description': 'integratedCircuitCardSerialNumber (1 3 36 8 3 6)', - 'hexoid': '06 05 2B 24 08 03 06', - 'name': 'integratedCircuitCardSerialNumber', - 'oid': (1, 3, 36, 8, 3, 6)}, - 'integrityEDImessage': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'integrityEDImessage (1 3 6 1 4 1 3576 7 5)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 05', - 'name': 'integrityEDImessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 5)}, - 'internationalISDNNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'internationalISDNNumber (2 5 4 25)', - 'hexoid': '06 03 55 04 19', - 'name': 'internationalISDNNumber', - 'oid': (2, 5, 4, 25)}, - 'invalidityDate': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'invalidityDate (2 5 29 24)', - 'hexoid': '06 03 55 1D 18', - 'name': 'invalidityDate', - 'oid': (2, 5, 29, 24)}, - 'ipsecEndSystem': {'comment': 'PKIX key purpose', - 'description': 'ipsecEndSystem (1 3 6 1 5 5 7 3 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 05', - 'name': 'ipsecEndSystem', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 5)}, - 'ipsecTunnel': {'comment': 'PKIX key purpose', - 'description': 'ipsecTunnel (1 3 6 1 5 5 7 3 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 06', - 'name': 'ipsecTunnel', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 6)}, - 'ipsecUser': {'comment': 'PKIX key purpose', - 'description': 'ipsecUser (1 3 6 1 5 5 7 3 7)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 07', - 'name': 'ipsecUser', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 7)}, - 'issuer': {'comment': 'Telesec attribute', - 'description': 'issuer (0 2 262 1 10 7 6)', - 'hexoid': '06 07 02 82 06 01 0A 07 06', - 'name': 'issuer', - 'oid': (0, 2, 262, 1, 10, 7, 6)}, - 'issuerAltName': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'issuerAltName (2 5 29 18)', - 'hexoid': '06 03 55 1D 12', - 'name': 'issuerAltName', - 'oid': (2, 5, 29, 18)}, - 'issuingDistributionPoint': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'issuingDistributionPoint (2 5 29 28)', - 'hexoid': '06 03 55 1D 1C', - 'name': 'issuingDistributionPoint', - 'oid': (2, 5, 29, 28)}, - 'janUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'janUKMs (2 16 840 1 101 2 1 5 20)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 14', - 'name': 'janUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 20)}, - 'julUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'julUKMs (2 16 840 1 101 2 1 5 26)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1A', - 'name': 'julUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 26)}, - 'junUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'junUKMs (2 16 840 1 101 2 1 5 25)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 19', - 'name': 'junUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 25)}, - 'kEAKeyEncryptionAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'kEAKeyEncryptionAlgorithm (2 16 840 1 101 2 1 1 24)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 18', - 'name': 'kEAKeyEncryptionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 24)}, - 'kafka': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafka (2 16 840 1 101 2 1 12 0 3)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 00 03', - 'name': 'kafka', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 3)}, - 'kafkaSecurityCategories': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaSecurityCategories (2 16 840 1 101 2 1 12 0 3 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 0C 00 03 00', - 'name': 'kafkaSecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0)}, - 'kafkaTagSetName1': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaTagSetName1 (2 16 840 1 101 2 1 12 0 3 0 1)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 03 00 01', - 'name': 'kafkaTagSetName1', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0, 1)}, - 'kafkaTagSetName2': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaTagSetName2 (2 16 840 1 101 2 1 12 0 3 0 2)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 03 00 02', - 'name': 'kafkaTagSetName2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0, 2)}, - 'kafkaTagSetName3': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaTagSetName3 (2 16 840 1 101 2 1 12 0 3 0 3)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 03 00 03', - 'name': 'kafkaTagSetName3', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0, 3)}, - 'keyExchangeAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm', - 'description': 'keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 16', - 'name': 'keyExchangeAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 22)}, - 'keyFeatures': {'comment': 'cryptlib attribute type', - 'description': 'keyFeatures (1 3 6 1 4 1 3029 3 1 5)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 05', - 'name': 'keyFeatures', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 5)}, - 'keyPairParamRep': {'comment': 'PKIX CMP information', - 'description': 'keyPairParamRep (1 3 6 1 5 5 7 4 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0B', - 'name': 'keyPairParamRep', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 11)}, - 'keyPairParamReq': {'comment': 'PKIX CMP information', - 'description': 'keyPairParamReq (1 3 6 1 5 5 7 4 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0A', - 'name': 'keyPairParamReq', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 10)}, - 'keyPurpose': {'comment': 'PKIX', - 'description': 'keyPurpose (1 3 6 1 5 5 7 3)', - 'hexoid': '06 07 2B 06 01 05 05 07 03', - 'name': 'keyPurpose', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3)}, - 'keyUsage': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'keyUsage (2 5 29 15)', - 'hexoid': '06 03 55 1D 0F', - 'name': 'keyUsage', - 'oid': (2, 5, 29, 15)}, - 'keyagree': {'comment': 'Teletrust key management', - 'description': 'keyagree (1 3 36 7 1)', - 'hexoid': '06 04 2B 24 07 01', - 'name': 'keyagree', - 'oid': (1, 3, 36, 7, 1)}, - 'keyed-hash-seal': {'comment': 'Oddball OIW OID', - 'description': 'keyed-hash-seal (1 3 14 3 2 23)', - 'hexoid': '06 05 2B 0E 03 02 17', - 'name': 'keyed-hash-seal', - 'oid': (1, 3, 14, 3, 2, 23)}, - 'keymgmnt': {'comment': 'Teletrust key management', - 'description': 'keymgmnt (1 3 36 7)', - 'hexoid': '06 03 2B 24 07', - 'name': 'keymgmnt', - 'oid': (1, 3, 36, 7)}, - 'keytrans': {'comment': 'Teletrust key management', - 'description': 'keytrans (1 3 36 7 2)', - 'hexoid': '06 04 2B 24 07 02', - 'name': 'keytrans', - 'oid': (1, 3, 36, 7, 2)}, - 'kmPrivileges': {'comment': 'SDN.700 INFOSEC privileges', - 'description': 'kmPrivileges (2 16 840 1 101 2 1 10 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0A 02', - 'name': 'kmPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 10, 2)}, - 'knowledgeInformation': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'knowledgeInformation (2 5 4 2)', - 'hexoid': '06 03 55 04 02', - 'name': 'knowledgeInformation', - 'oid': (2, 5, 4, 2)}, - 'ktKeyData': {'comment': 'Telesec attribute', - 'description': 'ktKeyData (0 2 262 1 10 7 40)', - 'hexoid': '06 07 02 82 06 01 0A 07 28', - 'name': 'ktKeyData', - 'oid': (0, 2, 262, 1, 10, 7, 40)}, - 'ktKeyNumber': {'comment': 'Telesec attribute', - 'description': 'ktKeyNumber (0 2 262 1 10 7 41)', - 'hexoid': '06 07 02 82 06 01 0A 07 29', - 'name': 'ktKeyNumber', - 'oid': (0, 2, 262, 1, 10, 7, 41)}, - 'labeledAttribute': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'labeledAttribute (2 16 840 1 101 2 1 5 57)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 39', - 'name': 'labeledAttribute', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 57)}, - 'ldapDefinitions': {'comment': 'Netscape directory', - 'description': 'ldapDefinitions (2 16 840 1 113730 3 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 03 01', - 'name': 'ldapDefinitions', - 'oid': (2, 16, 840, 1, 113730, 3, 1)}, - 'liabilityLimitationFlag': {'comment': 'Telesec cert/CRL extension', - 'description': 'liabilityLimitationFlag (0 2 262 1 10 12 0)', - 'hexoid': '06 07 02 82 06 01 0A 0C 00', - 'name': 'liabilityLimitationFlag', - 'oid': (0, 2, 262, 1, 10, 12, 0)}, - 'liabilityText': {'comment': 'Telesec attribute', - 'description': 'liabilityText (0 2 262 1 10 7 52)', - 'hexoid': '06 07 02 82 06 01 0A 07 34', - 'name': 'liabilityText', - 'oid': (0, 2, 262, 1, 10, 7, 52)}, - 'license?': {'comment': 'ASTM 31.20 healthcare license type', - 'description': 'license? (1 2 840 10065 2 3 1 1)', - 'hexoid': '06 09 2A 86 48 CE 51 02 03 01 01', - 'name': 'license?', - 'oid': (1, 2, 840, 10065, 2, 3, 1, 1)}, - 'localKeyID': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'localKeyID (for PKCS #12) (1 2 840 113549 1 9 21)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 15', - 'name': 'localKeyID', - 'oid': (1, 2, 840, 113549, 1, 9, 21)}, - 'locality': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'locality (2 5 6 3)', - 'hexoid': '06 03 55 06 03', - 'name': 'locality', - 'oid': (2, 5, 6, 3)}, - 'localityName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'localityName (2 5 4 7)', - 'hexoid': '06 03 55 04 07', - 'name': 'localityName', - 'oid': (2, 5, 4, 7)}, - 'location': {'comment': 'Teletrust signature attributes', - 'description': 'location (1 3 36 8 6 8)', - 'hexoid': '06 05 2B 24 08 06 08', - 'name': 'location', - 'oid': (1, 3, 36, 8, 6, 8)}, - 'logo': {'comment': 'PKIX qualified certificates', - 'description': 'logo (1 3 6 1 5 5 7 20)', - 'hexoid': '06 07 2B 06 01 05 05 07 14', - 'name': 'logo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 20)}, - 'logoBackground': {'comment': 'PKIX', - 'description': 'logoBackground (1 3 6 1 5 5 7 20 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 14 02', - 'name': 'logoBackground', - 'oid': (1, 3, 6, 1, 5, 5, 7, 20, 2)}, - 'logoLoyalty': {'comment': 'PKIX', - 'description': 'logoLoyalty (1 3 6 1 5 5 7 20 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 14 01', - 'name': 'logoLoyalty', - 'oid': (1, 3, 6, 1, 5, 5, 7, 20, 1)}, - 'logoType': {'comment': 'PKIX private extension', - 'description': 'logoType (1 3 6 1 5 5 7 1 12)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 0C', - 'name': 'logoType', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 12)}, - 'mISSISecurityCategories': {'comment': 'SDN.700 INFOSEC security category', - 'description': 'mISSISecurityCategories (2 16 840 1 101 2 1 8 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 08 01', - 'name': 'mISSISecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 8, 1)}, - 'mac': {'comment': 'Telesec one-way function', - 'description': 'mac (0 2 262 1 10 1 3 7)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 07', - 'name': 'mac', - 'oid': (0, 2, 262, 1, 10, 1, 3, 7)}, - 'magenta': {'comment': 'Telesec encryption', - 'description': 'magenta (0 2 262 1 10 1 2 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 04', - 'name': 'magenta', - 'oid': (0, 2, 262, 1, 10, 1, 2, 4)}, - 'mailRecipient': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'mailRecipient (1 2 840 113556 1 3 46)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 2E', - 'name': 'mailRecipient', - 'oid': (1, 2, 840, 113556, 1, 3, 46)}, - 'mailbox': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'mailbox (1 2 840 113556 1 3 22)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 16', - 'name': 'mailbox', - 'oid': (1, 2, 840, 113556, 1, 3, 22)}, - 'mailbox-Agent': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'mailbox-Agent (1 2 840 113556 1 3 17)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 11', - 'name': 'mailbox-Agent', - 'oid': (1, 2, 840, 113556, 1, 3, 17)}, - 'manufacturer-specific_api': {'comment': 'Teletrust API', - 'description': 'manufacturer-specific_api (1 3 36 6 1)', - 'hexoid': '06 04 2B 24 06 01', - 'name': 'manufacturer-specific_api', - 'oid': (1, 3, 36, 6, 1)}, - 'marUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'marUKMs (2 16 840 1 101 2 1 5 22)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 16', - 'name': 'marUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 22)}, - 'mayUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mayUKMs (2 16 840 1 101 2 1 5 24)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 18', - 'name': 'mayUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 24)}, - 'md2': {'comment': 'RSADSI digestAlgorithm', - 'description': 'md2 (1 2 840 113549 2 2)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 02', - 'name': 'md2', - 'oid': (1, 2, 840, 113549, 2, 2)}, - 'md2WithElGamal': {'comment': 'Unsure about this OID', - 'description': 'md2WithElGamal (1 3 14 7 2 3 2)', - 'hexoid': '06 06 2B 0E 07 02 03 02', - 'name': 'md2WithElGamal', - 'oid': (1, 3, 14, 7, 2, 3, 2)}, - 'md2WithRSA': {'comment': 'Unsure about this OID', - 'description': 'md2WithRSA (1 3 14 7 2 3 1)', - 'hexoid': '06 06 2B 0E 07 02 03 01', - 'name': 'md2WithRSA', - 'oid': (1, 3, 14, 7, 2, 3, 1)}, - 'md2WithRSAEncryptionBSafe1': {'comment': 'Novell signature algorithm', - 'description': 'md2WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 29)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1D', - 'name': 'md2WithRSAEncryptionBSafe1', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 29)}, - 'md2WithRSASignature': {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'md2WithRSASignature (1 3 14 3 2 24)', - 'hexoid': '06 05 2B 0E 03 02 18', - 'name': 'md2WithRSASignature', - 'oid': (1, 3, 14, 3, 2, 24)}, - 'md2withRSAEncryption': {'comment': 'PKCS #1', - 'description': 'md2withRSAEncryption (1 2 840 113549 1 1 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 02', - 'name': 'md2withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 2)}, - 'md4': {'comment': 'RSADSI digestAlgorithm', - 'description': 'md4 (1 2 840 113549 2 4)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 04', - 'name': 'md4', - 'oid': (1, 2, 840, 113549, 2, 4)}, - 'md4WitRSA': {'comment': 'Oddball OIW OID', - 'description': 'md4WitRSA (1 3 14 3 2 2)', - 'hexoid': '06 05 2B 0E 03 02 02', - 'name': 'md4WitRSA', - 'oid': (1, 3, 14, 3, 2, 2)}, - 'md4WithRSAAndISO9697': {'comment': 'Telesec mechanism', - 'description': 'md4WithRSAAndISO9697 (0 2 262 1 10 1 1 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 01', - 'name': 'md4WithRSAAndISO9697', - 'oid': (0, 2, 262, 1, 10, 1, 1, 1)}, - 'md4WithRSAAndTelesecSignatureStandard': {'comment': 'Telesec mechanism', - 'description': 'md4WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 2)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 02', - 'name': 'md4WithRSAAndTelesecSignatureStandard', - 'oid': (0, 2, 262, 1, 10, 1, 1, 2)}, - 'md4WithRSAEncryption': {'comment': 'Oddball OIW OID', - 'description': 'md4WithRSAEncryption (1 3 14 3 2 4)', - 'hexoid': '06 05 2B 0E 03 02 04', - 'name': 'md4WithRSAEncryption', - 'oid': (1, 3, 14, 3, 2, 4)}, - 'md4withRSAEncryption': {'comment': 'PKCS #1', - 'description': 'md4withRSAEncryption (1 2 840 113549 1 1 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 03', - 'name': 'md4withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 3)}, - 'md5': {'comment': 'RSADSI digestAlgorithm', - 'description': 'md5 (1 2 840 113549 2 5)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 05', - 'name': 'md5', - 'oid': (1, 2, 840, 113549, 2, 5)}, - 'md5WithRSA': {'comment': 'Oddball OIW OID', - 'description': 'md5WithRSA (1 3 14 3 2 3)', - 'hexoid': '06 05 2B 0E 03 02 03', - 'name': 'md5WithRSA', - 'oid': (1, 3, 14, 3, 2, 3)}, - 'md5WithRSAAndISO9697': {'comment': 'Telesec mechanism', - 'description': 'md5WithRSAAndISO9697 (0 2 262 1 10 1 1 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 03', - 'name': 'md5WithRSAAndISO9697', - 'oid': (0, 2, 262, 1, 10, 1, 1, 3)}, - 'md5WithRSAAndTelesecSignatureStandard': {'comment': 'Telesec mechanism', - 'description': 'md5WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 04', - 'name': 'md5WithRSAAndTelesecSignatureStandard', - 'oid': (0, 2, 262, 1, 10, 1, 1, 4)}, - 'md5WithRSAEncryptionBSafe1': {'comment': 'Novell signature algorithm', - 'description': 'md5WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 30)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1E', - 'name': 'md5WithRSAEncryptionBSafe1', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 30)}, - 'md5WithRSASignature': {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'md5WithRSASignature (1 3 14 3 2 25)', - 'hexoid': '06 05 2B 0E 03 02 19', - 'name': 'md5WithRSASignature', - 'oid': (1, 3, 14, 3, 2, 25)}, - 'md5withRSAEncryption': {'comment': 'PKCS #1', - 'description': 'md5withRSAEncryption (1 2 840 113549 1 1 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 04', - 'name': 'md5withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 4)}, - 'mdc-2': {'comment': 'Oddball OIW OID, DES-based hash, planned for X9.31 Part 2', - 'description': 'mdc-2 (1 3 14 3 2 19)', - 'hexoid': '06 05 2B 0E 03 02 13', - 'name': 'mdc-2', - 'oid': (1, 3, 14, 3, 2, 19)}, - 'mdc2WithRSASignature': {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'mdc2WithRSASignature (1 3 14 3 2 14)', - 'hexoid': '06 05 2B 0E 03 02 0E', - 'name': 'mdc2WithRSASignature', - 'oid': (1, 3, 14, 3, 2, 14)}, - 'mdc2doubleLength': {'comment': 'Teletrust hash algorithm', - 'description': 'mdc2doubleLength (1 3 36 3 2 5)', - 'hexoid': '06 05 2B 24 03 02 05', - 'name': 'mdc2doubleLength', - 'oid': (1, 3, 36, 3, 2, 5)}, - 'mdc2singleLength': {'comment': 'Teletrust hash algorithm', - 'description': 'mdc2singleLength (1 3 36 3 2 4)', - 'hexoid': '06 05 2B 24 03 02 04', - 'name': 'mdc2singleLength', - 'oid': (1, 3, 36, 3, 2, 4)}, - 'mechanism': {'comment': 'Telesec', - 'description': 'mechanism (0 2 262 1 10 1)', - 'hexoid': '06 06 02 82 06 01 0A 01', - 'name': 'mechanism', - 'oid': (0, 2, 262, 1, 10, 1)}, - 'member': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'member (2 5 4 31)', - 'hexoid': '06 03 55 04 1F', - 'name': 'member', - 'oid': (2, 5, 4, 31)}, - 'merchantData': {'comment': 'SET cert extension', - 'description': 'merchantData (2 23 42 7 2)', - 'hexoid': '06 04 67 2A 07 02', - 'name': 'merchantData', - 'oid': (2, 23, 42, 7, 2)}, - 'messageDigest': {'comment': 'PKCS #9', - 'description': 'messageDigest (1 2 840 113549 1 9 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 04', - 'name': 'messageDigest', - 'oid': (1, 2, 840, 113549, 1, 9, 4)}, - 'messageType': {'comment': 'Verisign PKCS #7 attribute', - 'description': 'messageType (2 16 840 1 113733 1 9 2)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 02', - 'name': 'messageType', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 2)}, - 'messageTypes': {'comment': 'Telesec module', - 'description': 'messageTypes (0 2 262 1 10 2 3)', - 'hexoid': '06 07 02 82 06 01 0A 02 03', - 'name': 'messageTypes', - 'oid': (0, 2, 262, 1, 10, 2, 3)}, - 'metaSDNSckl': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'metaSDNSckl (2 16 840 1 101 2 1 5 40)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 28', - 'name': 'metaSDNSckl', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 40)}, - 'metaSDNSsignatureCKL': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'metaSDNSsignatureCKL (2 16 840 1 101 2 1 5 42)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2A', - 'name': 'metaSDNSsignatureCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 42)}, - 'microsoftExcel': {'comment': 'Microsoft', - 'description': 'microsoftExcel (1 2 840 113556 4 3)', - 'hexoid': '06 08 2A 86 48 86 F7 14 04 03', - 'name': 'microsoftExcel', - 'oid': (1, 2, 840, 113556, 4, 3)}, - 'microsoftPowerPoint': {'comment': 'Microsoft', - 'description': 'microsoftPowerPoint (1 2 840 113556 4 5)', - 'hexoid': '06 08 2A 86 48 86 F7 14 04 05', - 'name': 'microsoftPowerPoint', - 'oid': (1, 2, 840, 113556, 4, 5)}, - 'microsoftRecipientInfo': {'comment': 'Microsoft attribute', - 'description': 'microsoftRecipientInfo (1 3 6 1 4 1 311 16 4)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 10 04', - 'name': 'microsoftRecipientInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 16, 4)}, - 'misty1-cbc': {'comment': 'Mitsubishi security algorithm', - 'description': 'misty1-cbc (1 2 392 200011 61 1 1 1 1)', - 'hexoid': '06 0B 2A 83 08 8C 9A 4B 3D 01 01 01 01', - 'name': 'misty1-cbc', - 'oid': (1, 2, 392, 200011, 61, 1, 1, 1, 1)}, - 'mlAdministrators': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mlAdministrators (2 16 840 1 101 2 1 5 13)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0D', - 'name': 'mlAdministrators', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 13)}, - 'mlExpandHistory': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'mlExpandHistory (1 2 840 113549 1 9 16 2 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 03', - 'name': 'mlExpandHistory', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 3)}, - 'mlMembership': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mlMembership (2 16 840 1 101 2 1 5 12)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0C', - 'name': 'mlMembership', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 12)}, - 'mlReceiptPolicy': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mlReceiptPolicy (2 16 840 1 101 2 1 5 11)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0B', - 'name': 'mlReceiptPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 11)}, - 'module': {'comment': 'SET', - 'description': 'module (2 23 42 6)', - 'hexoid': '06 03 67 2A 06', - 'name': 'module', - 'oid': (2, 23, 42, 6)}, - 'monetaryLimit': {'comment': 'Teletrust attribute', - 'description': 'monetaryLimit (1 3 36 8 3 4)', - 'hexoid': '06 05 2B 24 08 03 04', - 'name': 'monetaryLimit', - 'oid': (1, 3, 36, 8, 3, 4)}, - 'month': {'comment': 'SET field', - 'description': 'month (2 23 42 2 6)', - 'hexoid': '06 04 67 2A 02 06', - 'name': 'month', - 'oid': (2, 23, 42, 2, 6)}, - 'mosaicPRBAC': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'mosaicPRBAC (2 16 840 1 101 2 1 3 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 03', - 'name': 'mosaicPRBAC', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 3)}, - 'mpeg-1': {'comment': 'cryptlib special MPEG-of-cat OID', - 'description': 'mpeg-1 (1 3 6 1 4 1 3029 42 11172 1)', - 'hexoid': '06 0B 2B 06 01 04 01 97 55 2A D7 24 01', - 'name': 'mpeg-1', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 42, 11172, 1)}, - 'mqv1': {'comment': 'ANSI X9.42 scheme', - 'description': 'mqv1 (1 2 840 10046 3 6)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 06', - 'name': 'mqv1', - 'oid': (1, 2, 840, 10046, 3, 6)}, - 'mqv2': {'comment': 'ANSI X9.42 scheme', - 'description': 'mqv2 (1 2 840 10046 3 5)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 05', - 'name': 'mqv2', - 'oid': (1, 2, 840, 10046, 3, 5)}, - 'msPKI-Cert-Template-OID': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Cert-Template-OID (1 2 840 113556 1 4 1436)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1C', - 'name': 'msPKI-Cert-Template-OID', - 'oid': (1, 2, 840, 113556, 1, 4, 1436)}, - 'msPKI-Certificate-Application-Policy': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Certificate-Application-Policy (1 2 840 113556 1 4 1674)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8D 0A', - 'name': 'msPKI-Certificate-Application-Policy', - 'oid': (1, - 2, - 840, - 113556, - 1, - 4, - 1674)}, - 'msPKI-Certificate-Name-Flag': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Certificate-Name-Flag (1 2 840 113556 1 4 1432)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 18', - 'name': 'msPKI-Certificate-Name-Flag', - 'oid': (1, 2, 840, 113556, 1, 4, 1432)}, - 'msPKI-Certificate-Policy': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Certificate-Policy (1 2 840 113556 1 4 1439)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1F', - 'name': 'msPKI-Certificate-Policy', - 'oid': (1, 2, 840, 113556, 1, 4, 1439)}, - 'msPKI-Enrollment-Flag': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Enrollment-Flag (1 2 840 113556 1 4 1430)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 16', - 'name': 'msPKI-Enrollment-Flag', - 'oid': (1, 2, 840, 113556, 1, 4, 1430)}, - 'msPKI-Minimal-Key-Size': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Minimal-Key-Size (1 2 840 113556 1 4 1433)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 19', - 'name': 'msPKI-Minimal-Key-Size', - 'oid': (1, 2, 840, 113556, 1, 4, 1433)}, - 'msPKI-Private-Key-Flag': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Private-Key-Flag (1 2 840 113556 1 4 1431)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 17', - 'name': 'msPKI-Private-Key-Flag', - 'oid': (1, 2, 840, 113556, 1, 4, 1431)}, - 'msPKI-RA-Application-Policies': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-RA-Application-Policies (1 2 840 113556 1 4 1675)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8D 0B', - 'name': 'msPKI-RA-Application-Policies', - 'oid': (1, 2, 840, 113556, 1, 4, 1675)}, - 'msPKI-RA-Policies': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-RA-Policies (1 2 840 113556 1 4 1438)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1E', - 'name': 'msPKI-RA-Policies', - 'oid': (1, 2, 840, 113556, 1, 4, 1438)}, - 'msPKI-RA-Signature': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-RA-Signature (1 2 840 113556 1 4 1429)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 15', - 'name': 'msPKI-RA-Signature', - 'oid': (1, 2, 840, 113556, 1, 4, 1429)}, - 'msPKI-Supersede-Templates': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Supersede-Templates (1 2 840 113556 1 4 1437)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1D', - 'name': 'msPKI-Supersede-Templates', - 'oid': (1, 2, 840, 113556, 1, 4, 1437)}, - 'msPKI-Template-Minor-Revision': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Template-Minor-Revision (1 2 840 113556 1 4 1435)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1B', - 'name': 'msPKI-Template-Minor-Revision', - 'oid': (1, 2, 840, 113556, 1, 4, 1435)}, - 'msPKI-Template-Schema-Version': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Template-Schema-Version (1 2 840 113556 1 4 1434)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1A', - 'name': 'msPKI-Template-Schema-Version', - 'oid': (1, 2, 840, 113556, 1, 4, 1434)}, - 'msgExt': {'comment': 'SET', - 'description': 'msgExt (2 23 42 1)', - 'hexoid': '06 03 67 2A 01', - 'name': 'msgExt', - 'oid': (2, 23, 42, 1)}, - 'msgSigDigest': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'msgSigDigest (1 2 840 113549 1 9 16 2 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 05', - 'name': 'msgSigDigest', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 5)}, - 'mspContentType': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspContentType (2 16 840 1 101 2 1 2 48)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 30', - 'name': 'mspContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 48)}, - 'mspForwardedMessageParameters': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspForwardedMessageParameters (2 16 840 1 101 2 1 2 73)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 49', - 'name': 'mspForwardedMessageParameters', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 73)}, - 'mspMMP': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspMMP (2 16 840 1 101 2 1 2 50)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 32', - 'name': 'mspMMP', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 50)}, - 'mspMMP2': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspMMP2 (2 16 840 1 101 2 1 2 76)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 4C', - 'name': 'mspMMP2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 76)}, - 'mspRekeyAgentProtocol': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspRekeyAgentProtocol (2 16 840 1 101 2 1 2 49)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 31', - 'name': 'mspRekeyAgentProtocol', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 49)}, - 'mspRev3-1ContentType': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspRev3-1ContentType (2 16 840 1 101 2 1 2 66)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 42', - 'name': 'mspRev3-1ContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 66)}, - 'mspRev3ContentType': {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspRev3ContentType (2 16 840 1 101 2 1 2 42)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 2A', - 'name': 'mspRev3ContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 42)}, - 'name': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'name (2 5 4 41)', - 'hexoid': '06 03 55 04 29', - 'name': 'name', - 'oid': (2, 5, 4, 41)}, - 'nameAdditions': {'comment': 'Telesec attribute', - 'description': 'nameAdditions (0 2 262 1 10 7 18)', - 'hexoid': '06 07 02 82 06 01 0A 07 12', - 'name': 'nameAdditions', - 'oid': (0, 2, 262, 1, 10, 7, 18)}, - 'nameAtBirth': {'comment': 'Teletrust attribute', - 'description': 'nameAtBirth (1 3 36 8 3 14)', - 'hexoid': '06 05 2B 24 08 03 0E', - 'name': 'nameAtBirth', - 'oid': (1, 3, 36, 8, 3, 14)}, - 'nameBinding': {'comment': 'Telesec', - 'description': 'nameBinding (0 2 262 1 10 6)', - 'hexoid': '06 06 02 82 06 01 0A 06', - 'name': 'nameBinding', - 'oid': (0, 2, 262, 1, 10, 6)}, - 'nameConstraints': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'nameConstraints (2 5 29 30)', - 'hexoid': '06 03 55 1D 1E', - 'name': 'nameConstraints', - 'oid': (2, 5, 29, 30)}, - 'nameDistinguisher': {'comment': 'Telesec attribute', - 'description': 'nameDistinguisher (0 2 262 1 10 7 20)', - 'hexoid': '06 07 02 82 06 01 0A 07 14', - 'name': 'nameDistinguisher', - 'oid': (0, 2, 262, 1, 10, 7, 20)}, - 'namedTagSetPrivilege': {'comment': 'SDN.700 INFOSEC privileges', - 'description': 'namedTagSetPrivilege (2 16 840 1 101 2 1 10 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0A 03', - 'name': 'namedTagSetPrivilege', - 'oid': (2, 16, 840, 1, 101, 2, 1, 10, 3)}, - 'namingAuthorities': {'comment': 'Teletrust attribute', - 'description': 'namingAuthorities (1 3 36 8 3 11)', - 'hexoid': '06 05 2B 24 08 03 0B', - 'name': 'namingAuthorities', - 'oid': (1, 3, 36, 8, 3, 11)}, - 'namingAuthority': {'comment': 'Telesec attribute', - 'description': 'namingAuthority (0 2 262 1 10 7 7)', - 'hexoid': '06 07 02 82 06 01 0A 07 07', - 'name': 'namingAuthority', - 'oid': (0, 2, 262, 1, 10, 7, 7)}, - 'national': {'comment': 'SET', - 'description': 'national (2 23 42 10)', - 'hexoid': '06 03 67 2A 0A', - 'name': 'national', - 'oid': (2, 23, 42, 10)}, - 'netscape-base-url': {'comment': 'Netscape certificate extension', - 'description': 'netscape-base-url (2 16 840 1 113730 1 2)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 02', - 'name': 'netscape-base-url', - 'oid': (2, 16, 840, 1, 113730, 1, 2)}, - 'netscape-ca-policy-url': {'comment': 'Netscape certificate extension', - 'description': 'netscape-ca-policy-url (2 16 840 1 113730 1 8)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 08', - 'name': 'netscape-ca-policy-url', - 'oid': (2, 16, 840, 1, 113730, 1, 8)}, - 'netscape-ca-revocation-url': {'comment': 'Netscape certificate extension', - 'description': 'netscape-ca-revocation-url (2 16 840 1 113730 1 4)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 04', - 'name': 'netscape-ca-revocation-url', - 'oid': (2, 16, 840, 1, 113730, 1, 4)}, - 'netscape-cert-renewal-url': {'comment': 'Netscape certificate extension', - 'description': 'netscape-cert-renewal-url (2 16 840 1 113730 1 7)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 07', - 'name': 'netscape-cert-renewal-url', - 'oid': (2, 16, 840, 1, 113730, 1, 7)}, - 'netscape-cert-type': {'comment': 'Netscape certificate extension', - 'description': 'netscape-cert-type (2 16 840 1 113730 1 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 01', - 'name': 'netscape-cert-type', - 'oid': (2, 16, 840, 1, 113730, 1, 1)}, - 'netscape-comment': {'comment': 'Netscape certificate extension', - 'description': 'netscape-comment (2 16 840 1 113730 1 13)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0D', - 'name': 'netscape-comment', - 'oid': (2, 16, 840, 1, 113730, 1, 13)}, - 'netscape-revocation-url': {'comment': 'Netscape certificate extension', - 'description': 'netscape-revocation-url (2 16 840 1 113730 1 3)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 03', - 'name': 'netscape-revocation-url', - 'oid': (2, 16, 840, 1, 113730, 1, 3)}, - 'netscape-ssl-server-name': {'comment': 'Netscape certificate extension', - 'description': 'netscape-ssl-server-name (2 16 840 1 113730 1 12)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0C', - 'name': 'netscape-ssl-server-name', - 'oid': (2, 16, 840, 1, 113730, 1, 12)}, - 'nextUpdateLocation': {'comment': 'Microsoft', - 'description': 'nextUpdateLocation (1 3 6 1 4 1 311 10 2)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 0A 02', - 'name': 'nextUpdateLocation', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 2)}, - 'ngcClass1': {'comment': 'Northrop Grumman policy', - 'description': 'ngcClass1 (1 3 6 1 4 1 16334 509 2 1)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 02 01', - 'name': 'ngcClass1', - 'oid': (1, 3, 6, 1, 4, 1, 16334, 509, 2, 1)}, - 'ngcClass2': {'comment': 'Northrop Grumman policy', - 'description': 'ngcClass2 (1 3 6 1 4 1 16334 509 2 2)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 02 02', - 'name': 'ngcClass2', - 'oid': (1, 3, 6, 1, 4, 1, 16334, 509, 2, 2)}, - 'ngcClass3': {'comment': 'Northrop Grumman policy', - 'description': 'ngcClass3 (1 3 6 1 4 1 16334 509 2 3)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 02 03', - 'name': 'ngcClass3', - 'oid': (1, 3, 6, 1, 4, 1, 16334, 509, 2, 3)}, - 'nistAlgorithm': {'comment': 'NIST Algorithm', - 'description': 'nistAlgorithm (2 16 840 1 101 3 4)', - 'hexoid': '06 07 60 86 48 01 65 03 04', - 'name': 'nistAlgorithm', - 'oid': (2, 16, 840, 1, 101, 3, 4)}, - 'noSignature': {'comment': 'PKIX algorithm', - 'description': 'noSignature (1 3 6 1 5 5 7 6 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 02', - 'name': 'noSignature', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 2)}, - 'none': {'comment': 'Telesec encryption', - 'description': 'none (0 2 262 1 10 1 2 0)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 00', - 'name': 'none', - 'oid': (0, 2, 262, 1, 10, 1, 2, 0)}, - 'notar': {'comment': 'Teletrust ProfessionInfo', - 'description': 'notar (1 3 36 8 3 11 1 9)', - 'hexoid': '06 07 2B 24 08 03 0B 01 09', - 'name': 'notar', - 'oid': (1, 3, 36, 8, 3, 11, 1, 9)}, - 'notarVertreter': {'comment': 'Teletrust ProfessionInfo', - 'description': 'notarVertreter (1 3 36 8 3 11 1 11)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0B', - 'name': 'notarVertreter', - 'oid': (1, 3, 36, 8, 3, 11, 1, 11)}, - 'notarVertreterin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'notarVertreterin (1 3 36 8 3 11 1 10)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0A', - 'name': 'notarVertreterin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 10)}, - 'notariatsVerwalter': {'comment': 'Teletrust ProfessionInfo', - 'description': 'notariatsVerwalter (1 3 36 8 3 11 1 13)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0D', - 'name': 'notariatsVerwalter', - 'oid': (1, 3, 36, 8, 3, 11, 1, 13)}, - 'notariatsVerwalterin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'notariatsVerwalterin (1 3 36 8 3 11 1 12)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0C', - 'name': 'notariatsVerwalterin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 12)}, - 'notarin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'notarin (1 3 36 8 3 11 1 8)', - 'hexoid': '06 07 2B 24 08 03 0B 01 08', - 'name': 'notarin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 8)}, - 'notification': {'comment': 'Telesec', - 'description': 'notification (0 2 262 1 10 10)', - 'hexoid': '06 06 02 82 06 01 0A 0A', - 'name': 'notification', - 'oid': (0, 2, 262, 1, 10, 10)}, - 'novUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'novUKMs (2 16 840 1 101 2 1 5 30)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1E', - 'name': 'novUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 30)}, - 'novellAlgorithm': {'comment': 'Novell', - 'description': 'novellAlgorithm (2 16 840 1 113719 1 2 8)', - 'hexoid': '06 0A 60 86 48 01 86 F8 37 01 02 08', - 'name': 'novellAlgorithm', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8)}, - 'novellObfuscate-1': {'comment': 'Novell encryption algorithm', - 'description': 'novellObfuscate-1 (2 16 840 1 113719 1 2 8 133)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 05', - 'name': 'novellObfuscate-1', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 133)}, - 'nsn': {'description': 'nsn (1 2 840 113533 7)', - 'hexoid': '06 07 2A 86 48 86 F6 7D 07', - 'name': 'nsn', - 'oid': (1, 2, 840, 113533, 7)}, - 'nsn-alg': {'description': 'nsn-alg (1 2 840 113533 7 66)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 42', - 'name': 'nsn-alg', - 'oid': (1, 2, 840, 113533, 7, 66)}, - 'nsn-at': {'description': 'nsn-at (1 2 840 113533 7 68)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 44', - 'name': 'nsn-at', - 'oid': (1, 2, 840, 113533, 7, 68)}, - 'nsn-ce': {'description': 'nsn-ce (1 2 840 113533 7 65)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 41', - 'name': 'nsn-ce', - 'oid': (1, 2, 840, 113533, 7, 65)}, - 'nsn-oc': {'description': 'nsn-oc (1 2 840 113533 7 67)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 43', - 'name': 'nsn-oc', - 'oid': (1, 2, 840, 113533, 7, 67)}, - 'ntSecurityDescriptor': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'ntSecurityDescriptor (1 2 840 113556 1 2 281)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 02 82 19', - 'name': 'ntSecurityDescriptor', - 'oid': (1, 2, 840, 113556, 1, 2, 281)}, - 'numberType': {'comment': 'ANSI X9.42', - 'description': 'numberType (1 2 840 10046 2)', - 'hexoid': '06 06 2A 86 48 CE 3E 02', - 'name': 'numberType', - 'oid': (1, 2, 840, 10046, 2)}, - 'objectClass': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'objectClass (2 5 4 0)', - 'hexoid': '06 03 55 04 00', - 'name': 'objectClass', - 'oid': (2, 5, 4, 0)}, - 'ocsp': {'comment': 'PKIX', - 'description': 'ocsp (1 3 6 1 5 5 7 48 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 01', - 'name': 'ocsp', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1)}, - 'ocspArchiveCutoff': {'comment': 'OCSP', - 'description': 'ocspArchiveCutoff (1 3 6 1 5 5 7 48 1 6)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 06', - 'name': 'ocspArchiveCutoff', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 6)}, - 'ocspBasic': {'comment': 'OCSP', - 'description': 'ocspBasic (1 3 6 1 5 5 7 48 1 1)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 01', - 'name': 'ocspBasic', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 1)}, - 'ocspCRL': {'comment': 'OCSP', - 'description': 'ocspCRL (1 3 6 1 5 5 7 48 1 3)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 03', - 'name': 'ocspCRL', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 3)}, - 'ocspNoCheck': {'comment': 'OCSP', - 'description': 'ocspNoCheck (1 3 6 1 5 5 7 48 1 5)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 05', - 'name': 'ocspNoCheck', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 5)}, - 'ocspNonce': {'comment': 'OCSP', - 'description': 'ocspNonce (1 3 6 1 5 5 7 48 1 2)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 02', - 'name': 'ocspNonce', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 2)}, - 'ocspResponse': {'comment': 'OCSP', - 'description': 'ocspResponse (1 3 6 1 5 5 7 48 1 4)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 04', - 'name': 'ocspResponse', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 4)}, - 'ocspServiceLocator': {'comment': 'OCSP', - 'description': 'ocspServiceLocator (1 3 6 1 5 5 7 48 1 7)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 07', - 'name': 'ocspServiceLocator', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 7)}, - 'ocspSigning': {'comment': 'PKIX key purpose', - 'description': 'ocspSigning (1 3 6 1 5 5 7 3 9)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 09', - 'name': 'ocspSigning', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 9)}, - 'octUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'octUKMs (2 16 840 1 101 2 1 5 29)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1D', - 'name': 'octUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 29)}, - 'oldCertID': {'comment': 'PKIX CRMF registration control', - 'description': 'oldCertID (1 3 6 1 5 5 7 5 1 5)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 05', - 'name': 'oldCertID', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 5)}, - 'onBasis': {'comment': 'ANSI X9.62 field basis', - 'description': 'onBasis (1 2 840 10045 1 2 3 1)', - 'hexoid': '06 09 2A 86 48 CE 3D 01 02 03 01', - 'name': 'onBasis', - 'oid': (1, 2, 840, 10045, 1, 2, 3, 1)}, - 'oneWayFunction': {'comment': 'Telesec mechanism', - 'description': 'oneWayFunction (0 2 262 1 10 1 3)', - 'hexoid': '06 07 02 82 06 01 0A 01 03', - 'name': 'oneWayFunction', - 'oid': (0, 2, 262, 1, 10, 1, 3)}, - 'oneWayISO9798Authentication': {'comment': 'Telesec authentication', - 'description': 'oneWayISO9798Authentication (0 2 262 1 10 1 0 6)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 06', - 'name': 'oneWayISO9798Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 6)}, - 'oneWayX509Authentication': {'comment': 'Telesec authentication', - 'description': 'oneWayX509Authentication (0 2 262 1 10 1 0 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 03', - 'name': 'oneWayX509Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 3)}, - 'organization': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organization (2 5 6 4)', - 'hexoid': '06 03 55 06 04', - 'name': 'organization', - 'oid': (2, 5, 6, 4)}, - 'organizationName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'organizationName (2 5 4 10)', - 'hexoid': '06 03 55 04 0A', - 'name': 'organizationName', - 'oid': (2, 5, 4, 10)}, - 'organizationalPerson': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organizationalPerson (2 5 6 7)', - 'hexoid': '06 03 55 06 07', - 'name': 'organizationalPerson', - 'oid': (2, 5, 6, 7)}, - 'organizationalRole': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organizationalRole (2 5 6 8)', - 'hexoid': '06 03 55 06 08', - 'name': 'organizationalRole', - 'oid': (2, 5, 6, 8)}, - 'organizationalUnit': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organizationalUnit (2 5 6 5)', - 'hexoid': '06 03 55 06 05', - 'name': 'organizationalUnit', - 'oid': (2, 5, 6, 5)}, - 'organizationalUnitName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'organizationalUnitName (2 5 4 11)', - 'hexoid': '06 03 55 04 0B', - 'name': 'organizationalUnitName', - 'oid': (2, 5, 4, 11)}, - 'origPKIMessage': {'comment': 'PKIX CMP information', - 'description': 'origPKIMessage (1 3 6 1 5 5 7 4 15)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0F', - 'name': 'origPKIMessage', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 15)}, - 'originalFilename': {'comment': 'Microsoft attribute', - 'description': 'originalFilename (1 3 6 1 4 1 311 88 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 58 02 01', - 'name': 'originalFilename', - 'oid': (1, 3, 6, 1, 4, 1, 311, 88, 2, 1)}, - 'originatorSig': {'comment': 'S/MIME Signature Type Identifier', - 'description': 'originatorSig (1 2 840 113549 1 9 16 9 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 01', - 'name': 'originatorSig', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 9, 1)}, - 'osVersion': {'comment': 'Microsoft attribute', - 'description': 'osVersion (1 3 6 1 4 1 311 13 2 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0D 02 03', - 'name': 'osVersion', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 2, 3)}, - 'otherNames': {'comment': 'PKIX', - 'description': 'otherNames (1 3 6 1 5 5 7 8)', - 'hexoid': '06 07 2B 06 01 05 05 07 08', - 'name': 'otherNames', - 'oid': (1, 3, 6, 1, 5, 5, 7, 8)}, - 'otherSigCert': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'otherSigCert (1 2 840 113549 1 9 16 2 19)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 13', - 'name': 'otherSigCert', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 19)}, - 'owner': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'owner (2 5 4 32)', - 'hexoid': '06 03 55 04 20', - 'name': 'owner', - 'oid': (2, 5, 4, 32)}, - 'pKICriticalExtensions': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKICriticalExtensions (1 2 840 113556 1 4 1330)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 32', - 'name': 'pKICriticalExtensions', - 'oid': (1, 2, 840, 113556, 1, 4, 1330)}, - 'pKIDefaultCSPs': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIDefaultCSPs (1 2 840 113556 1 4 1334)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 36', - 'name': 'pKIDefaultCSPs', - 'oid': (1, 2, 840, 113556, 1, 4, 1334)}, - 'pKIDefaultKeySpec': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIDefaultKeySpec (1 2 840 113556 1 4 1327)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 2F', - 'name': 'pKIDefaultKeySpec', - 'oid': (1, 2, 840, 113556, 1, 4, 1327)}, - 'pKIEnrollmentAccess': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIEnrollmentAccess (1 2 840 113556 1 4 1335)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 37', - 'name': 'pKIEnrollmentAccess', - 'oid': (1, 2, 840, 113556, 1, 4, 1335)}, - 'pKIExpirationPeriod': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIExpirationPeriod (1 2 840 113556 1 4 1331)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 33', - 'name': 'pKIExpirationPeriod', - 'oid': (1, 2, 840, 113556, 1, 4, 1331)}, - 'pKIExtendedKeyUsage': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIExtendedKeyUsage (1 2 840 113556 1 4 1333)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 35', - 'name': 'pKIExtendedKeyUsage', - 'oid': (1, 2, 840, 113556, 1, 4, 1333)}, - 'pKIKeyUsage': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIKeyUsage (1 2 840 113556 1 4 1328)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 30', - 'name': 'pKIKeyUsage', - 'oid': (1, 2, 840, 113556, 1, 4, 1328)}, - 'pKIMaxIssuingDepth': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIMaxIssuingDepth (1 2 840 113556 1 4 1329)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 31', - 'name': 'pKIMaxIssuingDepth', - 'oid': (1, 2, 840, 113556, 1, 4, 1329)}, - 'pKIOverlapPeriod': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIOverlapPeriod (1 2 840 113556 1 4 1332)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 34', - 'name': 'pKIOverlapPeriod', - 'oid': (1, 2, 840, 113556, 1, 4, 1332)}, - 'pKReference': {'comment': 'Teletrust attribute', - 'description': 'pKReference (1 3 36 8 3 7)', - 'hexoid': '06 05 2B 24 08 03 07', - 'name': 'pKReference', - 'oid': (1, 3, 36, 8, 3, 7)}, - 'package': {'comment': 'Telesec', - 'description': 'package (0 2 262 1 10 4)', - 'hexoid': '06 06 02 82 06 01 0A 04', - 'name': 'package', - 'oid': (0, 2, 262, 1, 10, 4)}, - 'parameter': {'comment': 'Telesec', - 'description': 'parameter (0 2 262 1 10 5)', - 'hexoid': '06 06 02 82 06 01 0A 05', - 'name': 'parameter', - 'oid': (0, 2, 262, 1, 10, 5)}, - 'passPhrase': {'comment': 'SET field', - 'description': 'passPhrase (2 23 42 2 12)', - 'hexoid': '06 04 67 2A 02 0C', - 'name': 'passPhrase', - 'oid': (2, 23, 42, 2, 12)}, - 'passwordAuthentication': {'comment': 'Telesec authentication', - 'description': 'passwordAuthentication (0 2 262 1 10 1 0 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 01', - 'name': 'passwordAuthentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 1)}, - 'passwordBasedMac': {'comment': 'Nortel Secure Networks alg', - 'description': 'passwordBasedMac (1 2 840 113533 7 66 13)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0D', - 'name': 'passwordBasedMac', - 'oid': (1, 2, 840, 113533, 7, 66, 13)}, - 'patentAnwaeltin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'patentAnwaeltin (1 3 36 8 3 11 1 18)', - 'hexoid': '06 07 2B 24 08 03 0B 01 12', - 'name': 'patentAnwaeltin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 18)}, - 'patentAnwalt': {'comment': 'Teletrust ProfessionInfo', - 'description': 'patentAnwalt (1 3 36 8 3 11 1 19)', - 'hexoid': '06 07 2B 24 08 03 0B 01 13', - 'name': 'patentAnwalt', - 'oid': (1, 3, 36, 8, 3, 11, 1, 19)}, - 'pbeWithMD2AndDES-CBC': {'comment': 'PKCS #5', - 'description': 'pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 01', - 'name': 'pbeWithMD2AndDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 1)}, - 'pbeWithMD2AndRC2-CBC': {'comment': 'PKCS #5', - 'description': 'pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 04', - 'name': 'pbeWithMD2AndRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 4)}, - 'pbeWithMD5AndCAST5-CBC': {'comment': 'Nortel Secure Networks alg', - 'description': 'pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0C', - 'name': 'pbeWithMD5AndCAST5-CBC', - 'oid': (1, 2, 840, 113533, 7, 66, 12)}, - 'pbeWithMD5AndDES-CBC': {'comment': 'PKCS #5', - 'description': 'pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 03', - 'name': 'pbeWithMD5AndDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 3)}, - 'pbeWithMD5AndRC2-CBC': {'comment': 'PKCS #5', - 'description': 'pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 06', - 'name': 'pbeWithMD5AndRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 6)}, - 'pbeWithSHAAnd128BitRC2-CBC': {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 05', - 'name': 'pbeWithSHAAnd128BitRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 5)}, - 'pbeWithSHAAnd128BitRC4': {'comment': 'PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode', - 'description': 'pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 01', - 'name': 'pbeWithSHAAnd128BitRC4', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 1)}, - 'pbeWithSHAAnd2-KeyTripleDES-CBC': {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 04', - 'name': 'pbeWithSHAAnd2-KeyTripleDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 4)}, - 'pbeWithSHAAnd3-KeyTripleDES-CBC': {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 03', - 'name': 'pbeWithSHAAnd3-KeyTripleDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 3)}, - 'pbeWithSHAAnd40BitRC2-CBC': {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 06', - 'name': 'pbeWithSHAAnd40BitRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 6)}, - 'pbeWithSHAAnd40BitRC4': {'comment': 'PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode', - 'description': 'pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 02', - 'name': 'pbeWithSHAAnd40BitRC4', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 2)}, - 'pbeWithSHAAndDES-CBC': {'comment': 'PKCS #5', - 'description': 'pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0A', - 'name': 'pbeWithSHAAndDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 10)}, - 'person': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'person (2 5 6 6)', - 'hexoid': '06 03 55 06 06', - 'name': 'person', - 'oid': (2, 5, 6, 6)}, - 'personalData': {'comment': 'Teletrust OtherName attribute', - 'description': 'personalData (1 3 36 8 4 1)', - 'hexoid': '06 05 2B 24 08 04 01', - 'name': 'personalData', - 'oid': (1, 3, 36, 8, 4, 1)}, - 'pgpExtension': {'comment': 'PGP key information', - 'description': 'pgpExtension (1 3 6 1 4 1 3401 8 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 9A 49 08 01 01', - 'name': 'pgpExtension', - 'oid': (1, 3, 6, 1, 4, 1, 3401, 8, 1, 1)}, - 'physicalCardNumber': {'comment': 'Telesec attribute', - 'description': 'physicalCardNumber (0 2 262 1 10 7 25)', - 'hexoid': '06 07 02 82 06 01 0A 07 19', - 'name': 'physicalCardNumber', - 'oid': (0, 2, 262, 1, 10, 7, 25)}, - 'physicalDeliveryOfficeName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'physicalDeliveryOfficeName (2 5 4 19)', - 'hexoid': '06 03 55 04 13', - 'name': 'physicalDeliveryOfficeName', - 'oid': (2, 5, 4, 19)}, - 'physicianIdentifiers': {'comment': 'MEDePass', - 'description': 'physicianIdentifiers (1 3 6 1 4 1 5770 0 4)', - 'hexoid': '06 09 2B 06 01 04 01 AD 0A 00 04', - 'name': 'physicianIdentifiers', - 'oid': (1, 3, 6, 1, 4, 1, 5770, 0, 4)}, - 'pickupToken': {'comment': 'ANSI X9.57 hold instruction', - 'description': 'pickupToken (1 2 840 10040 2 4)', - 'hexoid': '06 07 2A 86 48 CE 38 02 04', - 'name': 'pickupToken', - 'oid': (1, 2, 840, 10040, 2, 4)}, - 'pkcs-1': {'description': 'pkcs-1 (1 2 840 113549 1 1)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 01', - 'name': 'pkcs-1', - 'oid': (1, 2, 840, 113549, 1, 1)}, - 'pkcs-12': {'description': 'pkcs-12 (1 2 840 113549 1 12)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 0C', - 'name': 'pkcs-12', - 'oid': (1, 2, 840, 113549, 1, 12)}, - 'pkcs-12-BagIds': {'description': 'pkcs-12-BagIds (1 2 840 113549 1 12 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0C 03', - 'name': 'pkcs-12-BagIds', - 'oid': (1, 2, 840, 113549, 1, 12, 3)}, - 'pkcs-12-EnvelopingID': {'comment': 'PKCS #12 OID. Deprecated, use the conventional PKCS #1 OIDs instead', - 'description': 'pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 05 02', - 'name': 'pkcs-12-EnvelopingID', - 'oid': (1, 2, 840, 113549, 1, 12, 5, 2)}, - 'pkcs-12-PbeIds': {'comment': 'This OID was formerly assigned as PKCS #12 modeID', - 'description': 'pkcs-12-PbeIds (1 2 840 113549 1 12 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0C 01', - 'name': 'pkcs-12-PbeIds', - 'oid': (1, 2, 840, 113549, 1, 12, 1)}, - 'pkcs-12-SDSICertBagID': {'comment': 'PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag', - 'description': 'pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 04 02', - 'name': 'pkcs-12-SDSICertBagID', - 'oid': (1, 2, 840, 113549, 1, 12, 4, 2)}, - 'pkcs-12-X509CertCRLBagID': {'comment': 'PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag', - 'description': 'pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 04 01', - 'name': 'pkcs-12-X509CertCRLBagID', - 'oid': (1, 2, 840, 113549, 1, 12, 4, 1)}, - 'pkcs-12-certAndCRLBagId': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 02', - 'name': 'pkcs-12-certAndCRLBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 2)}, - 'pkcs-12-certBag': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-certBag (1 2 840 113549 1 12 10 1 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03', - 'name': 'pkcs-12-certBag', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1, 3)}, - 'pkcs-12-crlBag': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04', - 'name': 'pkcs-12-crlBag', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1, 4)}, - 'pkcs-12-keyBag': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01', - 'name': 'pkcs-12-keyBag', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1, 1)}, - 'pkcs-12-keyBagId': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-keyBagId (1 2 840 113549 1 12 3 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 01', - 'name': 'pkcs-12-keyBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 1)}, - 'pkcs-12-pkcs-8ShroudedKeyBag': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02', - 'name': 'pkcs-12-pkcs-8ShroudedKeyBag', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1, 2)}, - 'pkcs-12-pkcs-8ShroudedKeyBagId': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 05', - 'name': 'pkcs-12-pkcs-8ShroudedKeyBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 5)}, - 'pkcs-12-safeContentsBag': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06', - 'name': 'pkcs-12-safeContentsBag', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1, 6)}, - 'pkcs-12-safeContentsId': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 04', - 'name': 'pkcs-12-safeContentsId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 4)}, - 'pkcs-12-secretBag': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05', - 'name': 'pkcs-12-secretBag', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1, 5)}, - 'pkcs-12-secretBagId': {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-secretBagId (1 2 840 113549 1 12 3 3)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 03', - 'name': 'pkcs-12-secretBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 3)}, - 'pkcs-12BadIds': {'description': 'pkcs-12BadIds (1 2 840 113549 1 12 10 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 0A 01', - 'name': 'pkcs-12BadIds', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1)}, - 'pkcs-12Version1': {'description': 'pkcs-12Version1 (1 2 840 113549 1 12 10)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0C 0A', - 'name': 'pkcs-12Version1', - 'oid': (1, 2, 840, 113549, 1, 12, 10)}, - 'pkcs-3': {'description': 'pkcs-3 (1 2 840 113549 1 3)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 03', - 'name': 'pkcs-3', - 'oid': (1, 2, 840, 113549, 1, 3)}, - 'pkcs-5': {'description': 'pkcs-5 (1 2 840 113549 1 5)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 05', - 'name': 'pkcs-5', - 'oid': (1, 2, 840, 113549, 1, 5)}, - 'pkcs-7': {'description': 'pkcs-7 (1 2 840 113549 1 7)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 07', - 'name': 'pkcs-7', - 'oid': (1, 2, 840, 113549, 1, 7)}, - 'pkcs-9': {'description': 'pkcs-9 (1 2 840 113549 1 9)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 09', - 'name': 'pkcs-9', - 'oid': (1, 2, 840, 113549, 1, 9)}, - 'pkcs1-MGF': {'comment': 'PKCS #1', - 'description': 'pkcs1-MGF (1 2 840 113549 1 1 8)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 08', - 'name': 'pkcs1-MGF', - 'oid': (1, 2, 840, 113549, 1, 1, 8)}, - 'pkcs15Token': {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'pkcs15Token (1 2 840 113549 1 9 25 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 01', - 'name': 'pkcs15Token', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 1)}, - 'pkcs15attributes': {'comment': 'PKCS #15', - 'description': 'pkcs15attributes (1 2 840 113549 1 15 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0F 02', - 'name': 'pkcs15attributes', - 'oid': (1, 2, 840, 113549, 1, 15, 2)}, - 'pkcs15content': {'comment': 'PKCS #15 content type', - 'description': 'pkcs15content (1 2 840 113549 1 15 3 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0F 03 01', - 'name': 'pkcs15content', - 'oid': (1, 2, 840, 113549, 1, 15, 3, 1)}, - 'pkcs15contentType': {'comment': 'PKCS #15', - 'description': 'pkcs15contentType (1 2 840 113549 1 15 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0F 03', - 'name': 'pkcs15contentType', - 'oid': (1, 2, 840, 113549, 1, 15, 3)}, - 'pkcs15modules': {'comment': 'PKCS #15', - 'description': 'pkcs15modules (1 2 840 113549 1 15 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0F 01', - 'name': 'pkcs15modules', - 'oid': (1, 2, 840, 113549, 1, 15, 1)}, - 'pkcs5PBES2': {'comment': 'PKCS #5 v2.0', - 'description': 'pkcs5PBES2 (1 2 840 113549 1 5 13)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0D', - 'name': 'pkcs5PBES2', - 'oid': (1, 2, 840, 113549, 1, 5, 13)}, - 'pkcs5PBKDF2': {'comment': 'PKCS #5 v2.0', - 'description': 'pkcs5PBKDF2 (1 2 840 113549 1 5 12)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0C', - 'name': 'pkcs5PBKDF2', - 'oid': (1, 2, 840, 113549, 1, 5, 12)}, - 'pkcs5PBMAC1': {'comment': 'PKCS #5 v2.0', - 'description': 'pkcs5PBMAC1 (1 2 840 113549 1 5 14)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0E', - 'name': 'pkcs5PBMAC1', - 'oid': (1, 2, 840, 113549, 1, 5, 14)}, - 'pkcs7Attribute': {'comment': 'Verisign PKI extension', - 'description': 'pkcs7Attribute (2 16 840 1 113733 1 9)', - 'hexoid': '06 09 60 86 48 01 86 F8 45 01 09', - 'name': 'pkcs7Attribute', - 'oid': (2, 16, 840, 1, 113733, 1, 9)}, - 'pkcs7PDU': {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'pkcs7PDU (1 2 840 113549 1 9 25 5)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 05', - 'name': 'pkcs7PDU', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 5)}, - 'pkcs9attributes': {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9attributes (1 2 840 113549 1 9 25)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 19', - 'name': 'pkcs9attributes', - 'oid': (1, 2, 840, 113549, 1, 9, 25)}, - 'pkcs9matchingRules': {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9matchingRules (1 2 840 113549 1 9 27)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 1B', - 'name': 'pkcs9matchingRules', - 'oid': (1, 2, 840, 113549, 1, 9, 27)}, - 'pkcs9objectClass': {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9objectClass (1 2 840 113549 1 9 24)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 18', - 'name': 'pkcs9objectClass', - 'oid': (1, 2, 840, 113549, 1, 9, 24)}, - 'pkcs9syntax': {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9syntax (1 2 840 113549 1 9 26)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 1A', - 'name': 'pkcs9syntax', - 'oid': (1, 2, 840, 113549, 1, 9, 26)}, - 'pki': {'comment': 'Verisign extension', - 'description': 'pki (2 16 840 1 113733 1)', - 'hexoid': '06 08 60 86 48 01 86 F8 45 01', - 'name': 'pki', - 'oid': (2, 16, 840, 1, 113733, 1)}, - 'pkiArchiveOptions': {'comment': 'PKIX CRMF registration control', - 'description': 'pkiArchiveOptions (1 3 6 1 5 5 7 5 1 4)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 04', - 'name': 'pkiArchiveOptions', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 4)}, - 'pkiAttributeType': {'comment': 'Novell PKI', - 'description': 'pkiAttributeType (2 16 840 1 113719 1 9 4)', - 'hexoid': '06 0A 60 86 48 01 86 F8 37 01 09 04', - 'name': 'pkiAttributeType', - 'oid': (2, 16, 840, 1, 113719, 1, 9, 4)}, - 'pkiBoot': {'comment': 'cryptlib attribute type', - 'description': 'pkiBoot (1 3 6 1 4 1 3029 3 1 2)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 02', - 'name': 'pkiBoot', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 2)}, - 'pkiCA': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'pkiCA (2 5 6 22)', - 'hexoid': '06 03 55 06 16', - 'name': 'pkiCA', - 'oid': (2, 5, 6, 22)}, - 'pkiPath': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'pkiPath (2 5 4 70)', - 'hexoid': '06 03 55 04 46', - 'name': 'pkiPath', - 'oid': (2, 5, 4, 70)}, - 'pkiPublicationInfo': {'comment': 'PKIX CRMF registration control', - 'description': 'pkiPublicationInfo (1 3 6 1 5 5 7 5 1 3)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 03', - 'name': 'pkiPublicationInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 3)}, - 'pkiStatus': {'comment': 'Verisign PKCS #7 attribute', - 'description': 'pkiStatus (2 16 840 1 113733 1 9 3)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 03', - 'name': 'pkiStatus', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 3)}, - 'pkiUser': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'pkiUser (2 5 6 21)', - 'hexoid': '06 03 55 06 15', - 'name': 'pkiUser', - 'oid': (2, 5, 6, 21)}, - 'pkix': {'description': 'pkix (1 3 6 1 5 5 7)', - 'hexoid': '06 06 2B 06 01 05 05 07', - 'name': 'pkix', - 'oid': (1, 3, 6, 1, 5, 5, 7)}, - 'pkixQCSyntax-v1': {'comment': 'PKIX qualified certificates', - 'description': 'pkixQCSyntax-v1 (1 3 6 1 5 5 7 11 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 0B 01', - 'name': 'pkixQCSyntax-v1', - 'oid': (1, 3, 6, 1, 5, 5, 7, 11, 1)}, - 'plProtocol': {'comment': 'Telesec module', - 'description': 'plProtocol (0 2 262 1 10 2 4)', - 'hexoid': '06 07 02 82 06 01 0A 02 04', - 'name': 'plProtocol', - 'oid': (0, 2, 262, 1, 10, 2, 4)}, - 'placeName': {'comment': 'SET field', - 'description': 'placeName (2 23 42 2 4)', - 'hexoid': '06 04 67 2A 02 04', - 'name': 'placeName', - 'oid': (2, 23, 42, 2, 4)}, - 'placeOfBirth': {'comment': 'PKIX personal data', - 'description': 'placeOfBirth (1 3 6 1 5 5 7 9 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 02', - 'name': 'placeOfBirth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 2)}, - 'plainEDImessage': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'plainEDImessage (1 3 6 1 4 1 3576 7 1)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 01', - 'name': 'plainEDImessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 1)}, - 'policy': {'comment': 'SET', - 'description': 'policy (2 23 42 5)', - 'hexoid': '06 03 67 2A 05', - 'name': 'policy', - 'oid': (2, 23, 42, 5)}, - 'policyConstraints': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'policyConstraints (2 5 29 36)', - 'hexoid': '06 03 55 1D 24', - 'name': 'policyConstraints', - 'oid': (2, 5, 29, 36)}, - 'policyMappings': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'policyMappings (2 5 29 33)', - 'hexoid': '06 03 55 1D 21', - 'name': 'policyMappings', - 'oid': (2, 5, 29, 33)}, - 'policyQualifierIds': {'comment': 'PKIX', - 'description': 'policyQualifierIds (1 3 6 1 5 5 7 2)', - 'hexoid': '06 07 2B 06 01 05 05 07 02', - 'name': 'policyQualifierIds', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2)}, - 'postOfficeBox': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'postOfficeBox (2 5 4 18)', - 'hexoid': '06 03 55 04 12', - 'name': 'postOfficeBox', - 'oid': (2, 5, 4, 18)}, - 'postalAddress': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'postalAddress (2 5 4 16)', - 'hexoid': '06 03 55 04 10', - 'name': 'postalAddress', - 'oid': (2, 5, 4, 16)}, - 'postalCode': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'postalCode (2 5 4 17)', - 'hexoid': '06 03 55 04 11', - 'name': 'postalCode', - 'oid': (2, 5, 4, 17)}, - 'ppBasis': {'comment': 'ANSI X9.62 field basis', - 'description': 'ppBasis (1 2 840 10045 1 2 3 3)', - 'hexoid': '06 09 2A 86 48 CE 3D 01 02 03 03', - 'name': 'ppBasis', - 'oid': (1, 2, 840, 10045, 1, 2, 3, 3)}, - 'prbacCAConstraints': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'prbacCAConstraints (2 16 840 1 101 2 1 5 54)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 36', - 'name': 'prbacCAConstraints', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 54)}, - 'prbacInfo': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'prbacInfo (2 16 840 1 101 2 1 5 53)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 35', - 'name': 'prbacInfo', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 53)}, - 'preferBinaryInside': {'comment': 'S/MIME Capability', - 'description': 'preferBinaryInside (1 2 840 113549 1 9 16 11 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 0B 01', - 'name': 'preferBinaryInside', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 11, 1)}, - 'preferSignedData': {'comment': 'sMIMECapabilities', - 'description': 'preferSignedData (1 2 840 113549 1 9 15 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 0F 01', - 'name': 'preferSignedData', - 'oid': (1, 2, 840, 113549, 1, 9, 15, 1)}, - 'preferredDeliveryMehtod': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'preferredDeliveryMehtod (2 5 4 28)', - 'hexoid': '06 03 55 04 1C', - 'name': 'preferredDeliveryMehtod', - 'oid': (2, 5, 4, 28)}, - 'preferredSymmAlg': {'comment': 'PKIX CMP information', - 'description': 'preferredSymmAlg (1 3 6 1 5 5 7 4 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 04', - 'name': 'preferredSymmAlg', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 4)}, - 'presentationAddress': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'presentationAddress (2 5 4 29)', - 'hexoid': '06 03 55 04 1D', - 'name': 'presentationAddress', - 'oid': (2, 5, 4, 29)}, - 'prime-field': {'comment': 'ANSI X9.62 field type', - 'description': 'prime-field (1 2 840 10045 1 1)', - 'hexoid': '06 07 2A 86 48 CE 3D 01 01', - 'name': 'prime-field', - 'oid': (1, 2, 840, 10045, 1, 1)}, - 'prime192v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime192v1 (1 2 840 10045 3 1 1 1)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 01', - 'name': 'prime192v1', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 1)}, - 'prime192v2': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime192v2 (1 2 840 10045 3 1 1 2)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 02', - 'name': 'prime192v2', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 2)}, - 'prime192v3': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime192v3 (1 2 840 10045 3 1 1 3)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 03', - 'name': 'prime192v3', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 3)}, - 'prime239v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime239v1 (1 2 840 10045 3 1 1 4)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 04', - 'name': 'prime239v1', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 4)}, - 'prime239v2': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime239v2 (1 2 840 10045 3 1 1 5)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 05', - 'name': 'prime239v2', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 5)}, - 'prime239v3': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime239v3 (1 2 840 10045 3 1 1 6)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 06', - 'name': 'prime239v3', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 6)}, - 'prime256v1': {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime256v1 (1 2 840 10045 3 1 1 7)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 07', - 'name': 'prime256v1', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 7)}, - 'privPolicy': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'privPolicy (2 5 4 71)', - 'hexoid': '06 03 55 04 47', - 'name': 'privPolicy', - 'oid': (2, 5, 4, 71)}, - 'privateExtension': {'comment': 'PKIX', - 'description': 'privateExtension (1 3 6 1 5 5 7 1)', - 'hexoid': '06 07 2B 06 01 05 05 07 01', - 'name': 'privateExtension', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1)}, - 'privateKeyUsagePeriod': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'privateKeyUsagePeriod (2 5 29 16)', - 'hexoid': '06 03 55 1D 10', - 'name': 'privateKeyUsagePeriod', - 'oid': (2, 5, 29, 16)}, - 'procuration': {'comment': 'Teletrust attribute', - 'description': 'procuration (1 3 36 8 3 2)', - 'hexoid': '06 05 2B 24 08 03 02', - 'name': 'procuration', - 'oid': (1, 3, 36, 8, 3, 2)}, - 'proofOfApproval': {'comment': 'S/MIME', - 'description': 'proofOfApproval (1 2 840 113549 1 9 16 6 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 05', - 'name': 'proofOfApproval', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 6, 5)}, - 'proofOfCreation': {'comment': 'S/MIME', - 'description': 'proofOfCreation (1 2 840 113549 1 9 16 6 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 06', - 'name': 'proofOfCreation', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 6, 6)}, - 'proofOfDelivery': {'comment': 'S/MIME', - 'description': 'proofOfDelivery (1 2 840 113549 1 9 16 6 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 03', - 'name': 'proofOfDelivery', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 6, 3)}, - 'proofOfOrigin': {'comment': 'S/MIME', - 'description': 'proofOfOrigin (1 2 840 113549 1 9 16 6 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 01', - 'name': 'proofOfOrigin', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 6, 1)}, - 'proofOfReceipt': {'comment': 'S/MIME', - 'description': 'proofOfReceipt (1 2 840 113549 1 9 16 6 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 02', - 'name': 'proofOfReceipt', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 6, 2)}, - 'proofOfSender': {'comment': 'S/MIME', - 'description': 'proofOfSender (1 2 840 113549 1 9 16 6 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 04', - 'name': 'proofOfSender', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 6, 4)}, - 'protectedPasswordAuthentication': {'comment': 'Telesec authentication', - 'description': 'protectedPasswordAuthentication (0 2 262 1 10 1 0 2)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 02', - 'name': 'protectedPasswordAuthentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 2)}, - 'protocolEncrKey': {'comment': 'PKIX CRMF registration control', - 'description': 'protocolEncrKey (1 3 6 1 5 5 7 5 1 6)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 06', - 'name': 'protocolEncrKey', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 6)}, - 'protocolInformation': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'protocolInformation (2 5 4 48)', - 'hexoid': '06 03 55 04 30', - 'name': 'protocolInformation', - 'oid': (2, 5, 4, 48)}, - 'pseudonym': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'pseudonym (2 5 4 65)', - 'hexoid': '06 03 55 04 41', - 'name': 'pseudonym', - 'oid': (2, 5, 4, 65)}, - 'ptAdobeILL': {'comment': 'Teletrust presentation types', - 'description': 'ptAdobeILL (1 3 36 8 7 1 1)', - 'hexoid': '06 06 2B 24 08 07 01 01', - 'name': 'ptAdobeILL', - 'oid': (1, 3, 36, 8, 7, 1, 1)}, - 'ptAmiPro': {'comment': 'Teletrust presentation types', - 'description': 'ptAmiPro (1 3 36 8 7 1 2)', - 'hexoid': '06 06 2B 24 08 07 01 02', - 'name': 'ptAmiPro', - 'oid': (1, 3, 36, 8, 7, 1, 2)}, - 'ptAutoCAD': {'comment': 'Teletrust presentation types', - 'description': 'ptAutoCAD (1 3 36 8 7 1 3)', - 'hexoid': '06 06 2B 24 08 07 01 03', - 'name': 'ptAutoCAD', - 'oid': (1, 3, 36, 8, 7, 1, 3)}, - 'ptBMP': {'comment': 'Teletrust presentation types', - 'description': 'ptBMP (1 3 36 8 7 1 5)', - 'hexoid': '06 06 2B 24 08 07 01 05', - 'name': 'ptBMP', - 'oid': (1, 3, 36, 8, 7, 1, 5)}, - 'ptBinary': {'comment': 'Teletrust presentation types', - 'description': 'ptBinary (1 3 36 8 7 1 4)', - 'hexoid': '06 06 2B 24 08 07 01 04', - 'name': 'ptBinary', - 'oid': (1, 3, 36, 8, 7, 1, 4)}, - 'ptCGM': {'comment': 'Teletrust presentation types', - 'description': 'ptCGM (1 3 36 8 7 1 6)', - 'hexoid': '06 06 2B 24 08 07 01 06', - 'name': 'ptCGM', - 'oid': (1, 3, 36, 8, 7, 1, 6)}, - 'ptCorelCRT': {'comment': 'Teletrust presentation types', - 'description': 'ptCorelCRT (1 3 36 8 7 1 7)', - 'hexoid': '06 06 2B 24 08 07 01 07', - 'name': 'ptCorelCRT', - 'oid': (1, 3, 36, 8, 7, 1, 7)}, - 'ptCorelDRW': {'comment': 'Teletrust presentation types', - 'description': 'ptCorelDRW (1 3 36 8 7 1 8)', - 'hexoid': '06 06 2B 24 08 07 01 08', - 'name': 'ptCorelDRW', - 'oid': (1, 3, 36, 8, 7, 1, 8)}, - 'ptCorelEXC': {'comment': 'Teletrust presentation types', - 'description': 'ptCorelEXC (1 3 36 8 7 1 9)', - 'hexoid': '06 06 2B 24 08 07 01 09', - 'name': 'ptCorelEXC', - 'oid': (1, 3, 36, 8, 7, 1, 9)}, - 'ptCorelPHT': {'comment': 'Teletrust presentation types', - 'description': 'ptCorelPHT (1 3 36 8 7 1 10)', - 'hexoid': '06 06 2B 24 08 07 01 0A', - 'name': 'ptCorelPHT', - 'oid': (1, 3, 36, 8, 7, 1, 10)}, - 'ptDVI': {'comment': 'Teletrust presentation types', - 'description': 'ptDVI (1 3 36 8 7 1 12)', - 'hexoid': '06 06 2B 24 08 07 01 0C', - 'name': 'ptDVI', - 'oid': (1, 3, 36, 8, 7, 1, 12)}, - 'ptDraw': {'comment': 'Teletrust presentation types', - 'description': 'ptDraw (1 3 36 8 7 1 11)', - 'hexoid': '06 06 2B 24 08 07 01 0B', - 'name': 'ptDraw', - 'oid': (1, 3, 36, 8, 7, 1, 11)}, - 'ptEPS': {'comment': 'Teletrust presentation types', - 'description': 'ptEPS (1 3 36 8 7 1 13)', - 'hexoid': '06 06 2B 24 08 07 01 0D', - 'name': 'ptEPS', - 'oid': (1, 3, 36, 8, 7, 1, 13)}, - 'ptExcel': {'comment': 'Teletrust presentation types', - 'description': 'ptExcel (1 3 36 8 7 1 14)', - 'hexoid': '06 06 2B 24 08 07 01 0E', - 'name': 'ptExcel', - 'oid': (1, 3, 36, 8, 7, 1, 14)}, - 'ptGEM': {'comment': 'Teletrust presentation types', - 'description': 'ptGEM (1 3 36 8 7 1 15)', - 'hexoid': '06 06 2B 24 08 07 01 0F', - 'name': 'ptGEM', - 'oid': (1, 3, 36, 8, 7, 1, 15)}, - 'ptGIF': {'comment': 'Teletrust presentation types', - 'description': 'ptGIF (1 3 36 8 7 1 16)', - 'hexoid': '06 06 2B 24 08 07 01 10', - 'name': 'ptGIF', - 'oid': (1, 3, 36, 8, 7, 1, 16)}, - 'ptHPGL': {'comment': 'Teletrust presentation types', - 'description': 'ptHPGL (1 3 36 8 7 1 17)', - 'hexoid': '06 06 2B 24 08 07 01 11', - 'name': 'ptHPGL', - 'oid': (1, 3, 36, 8, 7, 1, 17)}, - 'ptJPEG': {'comment': 'Teletrust presentation types', - 'description': 'ptJPEG (1 3 36 8 7 1 18)', - 'hexoid': '06 06 2B 24 08 07 01 12', - 'name': 'ptJPEG', - 'oid': (1, 3, 36, 8, 7, 1, 18)}, - 'ptKodak': {'comment': 'Teletrust presentation types', - 'description': 'ptKodak (1 3 36 8 7 1 19)', - 'hexoid': '06 06 2B 24 08 07 01 13', - 'name': 'ptKodak', - 'oid': (1, 3, 36, 8, 7, 1, 19)}, - 'ptLaTeX': {'comment': 'Teletrust presentation types', - 'description': 'ptLaTeX (1 3 36 8 7 1 20)', - 'hexoid': '06 06 2B 24 08 07 01 14', - 'name': 'ptLaTeX', - 'oid': (1, 3, 36, 8, 7, 1, 20)}, - 'ptLotus': {'comment': 'Teletrust presentation types', - 'description': 'ptLotus (1 3 36 8 7 1 21)', - 'hexoid': '06 06 2B 24 08 07 01 15', - 'name': 'ptLotus', - 'oid': (1, 3, 36, 8, 7, 1, 21)}, - 'ptLotusPIC': {'comment': 'Teletrust presentation types', - 'description': 'ptLotusPIC (1 3 36 8 7 1 22)', - 'hexoid': '06 06 2B 24 08 07 01 16', - 'name': 'ptLotusPIC', - 'oid': (1, 3, 36, 8, 7, 1, 22)}, - 'ptMSWfD': {'comment': 'Teletrust presentation types', - 'description': 'ptMSWfD (1 3 36 8 7 1 25)', - 'hexoid': '06 06 2B 24 08 07 01 19', - 'name': 'ptMSWfD', - 'oid': (1, 3, 36, 8, 7, 1, 25)}, - 'ptMSWord': {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord (1 3 36 8 7 1 26)', - 'hexoid': '06 06 2B 24 08 07 01 1A', - 'name': 'ptMSWord', - 'oid': (1, 3, 36, 8, 7, 1, 26)}, - 'ptMSWord2': {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord2 (1 3 36 8 7 1 27)', - 'hexoid': '06 06 2B 24 08 07 01 1B', - 'name': 'ptMSWord2', - 'oid': (1, 3, 36, 8, 7, 1, 27)}, - 'ptMSWord6': {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord6 (1 3 36 8 7 1 28)', - 'hexoid': '06 06 2B 24 08 07 01 1C', - 'name': 'ptMSWord6', - 'oid': (1, 3, 36, 8, 7, 1, 28)}, - 'ptMSWord8': {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord8 (1 3 36 8 7 1 29)', - 'hexoid': '06 06 2B 24 08 07 01 1D', - 'name': 'ptMSWord8', - 'oid': (1, 3, 36, 8, 7, 1, 29)}, - 'ptMacPICT': {'comment': 'Teletrust presentation types', - 'description': 'ptMacPICT (1 3 36 8 7 1 23)', - 'hexoid': '06 06 2B 24 08 07 01 17', - 'name': 'ptMacPICT', - 'oid': (1, 3, 36, 8, 7, 1, 23)}, - 'ptMacWord': {'comment': 'Teletrust presentation types', - 'description': 'ptMacWord (1 3 36 8 7 1 24)', - 'hexoid': '06 06 2B 24 08 07 01 18', - 'name': 'ptMacWord', - 'oid': (1, 3, 36, 8, 7, 1, 24)}, - 'ptPDF': {'comment': 'Teletrust presentation types', - 'description': 'ptPDF (1 3 36 8 7 1 30)', - 'hexoid': '06 06 2B 24 08 07 01 1E', - 'name': 'ptPDF', - 'oid': (1, 3, 36, 8, 7, 1, 30)}, - 'ptPIF': {'comment': 'Teletrust presentation types', - 'description': 'ptPIF (1 3 36 8 7 1 31)', - 'hexoid': '06 06 2B 24 08 07 01 1F', - 'name': 'ptPIF', - 'oid': (1, 3, 36, 8, 7, 1, 31)}, - 'ptPostscript': {'comment': 'Teletrust presentation types', - 'description': 'ptPostscript (1 3 36 8 7 1 32)', - 'hexoid': '06 06 2B 24 08 07 01 20', - 'name': 'ptPostscript', - 'oid': (1, 3, 36, 8, 7, 1, 32)}, - 'ptRTF': {'comment': 'Teletrust presentation types', - 'description': 'ptRTF (1 3 36 8 7 1 33)', - 'hexoid': '06 06 2B 24 08 07 01 21', - 'name': 'ptRTF', - 'oid': (1, 3, 36, 8, 7, 1, 33)}, - 'ptSCITEX': {'comment': 'Teletrust presentation types', - 'description': 'ptSCITEX (1 3 36 8 7 1 34)', - 'hexoid': '06 06 2B 24 08 07 01 22', - 'name': 'ptSCITEX', - 'oid': (1, 3, 36, 8, 7, 1, 34)}, - 'ptTAR': {'comment': 'Teletrust presentation types', - 'description': 'ptTAR (1 3 36 8 7 1 35)', - 'hexoid': '06 06 2B 24 08 07 01 23', - 'name': 'ptTAR', - 'oid': (1, 3, 36, 8, 7, 1, 35)}, - 'ptTIFF': {'comment': 'Teletrust presentation types', - 'description': 'ptTIFF (1 3 36 8 7 1 39)', - 'hexoid': '06 06 2B 24 08 07 01 27', - 'name': 'ptTIFF', - 'oid': (1, 3, 36, 8, 7, 1, 39)}, - 'ptTIFF-FC': {'comment': 'Teletrust presentation types', - 'description': 'ptTIFF-FC (1 3 36 8 7 1 40)', - 'hexoid': '06 06 2B 24 08 07 01 28', - 'name': 'ptTIFF-FC', - 'oid': (1, 3, 36, 8, 7, 1, 40)}, - 'ptTarga': {'comment': 'Teletrust presentation types', - 'description': 'ptTarga (1 3 36 8 7 1 36)', - 'hexoid': '06 06 2B 24 08 07 01 24', - 'name': 'ptTarga', - 'oid': (1, 3, 36, 8, 7, 1, 36)}, - 'ptTeX': {'comment': 'Teletrust presentation types', - 'description': 'ptTeX (1 3 36 8 7 1 37)', - 'hexoid': '06 06 2B 24 08 07 01 25', - 'name': 'ptTeX', - 'oid': (1, 3, 36, 8, 7, 1, 37)}, - 'ptText': {'comment': 'Teletrust presentation types', - 'description': 'ptText (1 3 36 8 7 1 38)', - 'hexoid': '06 06 2B 24 08 07 01 26', - 'name': 'ptText', - 'oid': (1, 3, 36, 8, 7, 1, 38)}, - 'ptUID': {'comment': 'Teletrust presentation types', - 'description': 'ptUID (1 3 36 8 7 1 41)', - 'hexoid': '06 06 2B 24 08 07 01 29', - 'name': 'ptUID', - 'oid': (1, 3, 36, 8, 7, 1, 41)}, - 'ptUUEncode': {'comment': 'Teletrust presentation types', - 'description': 'ptUUEncode (1 3 36 8 7 1 42)', - 'hexoid': '06 06 2B 24 08 07 01 2A', - 'name': 'ptUUEncode', - 'oid': (1, 3, 36, 8, 7, 1, 42)}, - 'ptWMF': {'comment': 'Teletrust presentation types', - 'description': 'ptWMF (1 3 36 8 7 1 43)', - 'hexoid': '06 06 2B 24 08 07 01 2B', - 'name': 'ptWMF', - 'oid': (1, 3, 36, 8, 7, 1, 43)}, - 'ptWPGrph': {'comment': 'Teletrust presentation types', - 'description': 'ptWPGrph (1 3 36 8 7 1 45)', - 'hexoid': '06 06 2B 24 08 07 01 2D', - 'name': 'ptWPGrph', - 'oid': (1, 3, 36, 8, 7, 1, 45)}, - 'ptWordPerfect': {'comment': 'Teletrust presentation types', - 'description': 'ptWordPerfect (1 3 36 8 7 1 44)', - 'hexoid': '06 06 2B 24 08 07 01 2C', - 'name': 'ptWordPerfect', - 'oid': (1, 3, 36, 8, 7, 1, 44)}, - 'publicKeyDirectory': {'comment': 'Telesec attribute', - 'description': 'publicKeyDirectory (0 2 262 1 10 7 8)', - 'hexoid': '06 07 02 82 06 01 0A 07 08', - 'name': 'publicKeyDirectory', - 'oid': (0, 2, 262, 1, 10, 7, 8)}, - 'publicKeyType': {'comment': 'ANSI X9.62', - 'description': 'publicKeyType (1 2 840 10045 2)', - 'hexoid': '06 06 2A 86 48 CE 3D 02', - 'name': 'publicKeyType', - 'oid': (1, 2, 840, 10045, 2)}, - 'publishCert': {'comment': 'S/MIME Content Types', - 'description': 'publishCert (1 2 840 113549 1 9 16 1 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 03', - 'name': 'publishCert', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 3)}, - 'pwri-KEK': {'comment': 'S/MIME Algorithms', - 'description': 'pwri-KEK (1 2 840 113549 1 9 16 3 9)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 09', - 'name': 'pwri-KEK', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 3, 9)}, - 'qcStatements': {'comment': 'PKIX private extension', - 'description': 'qcStatements (1 3 6 1 5 5 7 1 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 03', - 'name': 'qcStatements', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 3)}, - 'randomNonce': {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'randomNonce (1 2 840 113549 1 9 25 3)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 03', - 'name': 'randomNonce', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 3)}, - 'rc2BSafe1Cbc': {'comment': 'Novell encryption algorithm', - 'description': 'rc2BSafe1Cbc (2 16 840 1 113719 1 2 8 92)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 5C', - 'name': 'rc2BSafe1Cbc', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 92)}, - 'rc2CBC': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc2CBC (1 2 840 113549 3 2)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 02', - 'name': 'rc2CBC', - 'oid': (1, 2, 840, 113549, 3, 2)}, - 'rc2CbcPad': {'comment': 'Novell encryption algorithm', - 'description': 'rc2CbcPad (2 16 840 1 113719 1 2 8 69)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 45', - 'name': 'rc2CbcPad', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 69)}, - 'rc2ECB': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc2ECB (1 2 840 113549 3 3)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 03', - 'name': 'rc2ECB', - 'oid': (1, 2, 840, 113549, 3, 3)}, - 'rc4': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc4 (1 2 840 113549 3 4)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 04', - 'name': 'rc4', - 'oid': (1, 2, 840, 113549, 3, 4)}, - 'rc4WithMAC': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc4WithMAC (1 2 840 113549 3 5)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 05', - 'name': 'rc4WithMAC', - 'oid': (1, 2, 840, 113549, 3, 5)}, - 'rc5-CBCPad': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc5-CBCPad (1 2 840 113549 3 9)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 09', - 'name': 'rc5-CBCPad', - 'oid': (1, 2, 840, 113549, 3, 9)}, - 'rc5CBC': {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc5CBC (1 2 840 113549 3 8)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 08', - 'name': 'rc5CBC', - 'oid': (1, 2, 840, 113549, 3, 8)}, - 'rc5CbcPad': {'comment': 'Novell encryption algorithm', - 'description': 'rc5CbcPad (2 16 840 1 113719 1 2 8 28)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1C', - 'name': 'rc5CbcPad', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 28)}, - 'receipt': {'comment': 'S/MIME Content Types', - 'description': 'receipt (1 2 840 113549 1 9 16 1 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 01', - 'name': 'receipt', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 1)}, - 'receiptRequest': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'receiptRequest (1 2 840 113549 1 9 16 2 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 01', - 'name': 'receiptRequest', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 1)}, - 'rechtWirtschaftSteuern': {'comment': 'Teletrust naming authorities', - 'description': 'rechtWirtschaftSteuern (1 3 36 8 3 11 1)', - 'hexoid': '06 06 2B 24 08 03 0B 01', - 'name': 'rechtWirtschaftSteuern', - 'oid': (1, 3, 36, 8, 3, 11, 1)}, - 'rechtsBeistand': {'comment': 'Teletrust ProfessionInfo', - 'description': 'rechtsBeistand (1 3 36 8 3 11 1 3)', - 'hexoid': '06 07 2B 24 08 03 0B 01 03', - 'name': 'rechtsBeistand', - 'oid': (1, 3, 36, 8, 3, 11, 1, 3)}, - 'rechtsanwaeltin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'rechtsanwaeltin (1 3 36 8 3 11 1 1)', - 'hexoid': '06 07 2B 24 08 03 0B 01 01', - 'name': 'rechtsanwaeltin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 1)}, - 'rechtsanwalt': {'comment': 'Teletrust ProfessionInfo', - 'description': 'rechtsanwalt (1 3 36 8 3 11 1 2)', - 'hexoid': '06 07 2B 24 08 03 0B 01 02', - 'name': 'rechtsanwalt', - 'oid': (1, 3, 36, 8, 3, 11, 1, 2)}, - 'recipientNonce': {'comment': 'Verisign PKCS #7 attribute', - 'description': 'recipientNonce (2 16 840 1 113733 1 9 6)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 06', - 'name': 'recipientNonce', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 6)}, - 'reedSolomon': {'comment': 'Telesec mechanism', - 'description': 'reedSolomon (0 2 262 1 10 1 4 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 04 01', - 'name': 'reedSolomon', - 'oid': (0, 2, 262, 1, 10, 1, 4, 1)}, - 'regCtrl': {'comment': 'PKIX CRMF registration', - 'description': 'regCtrl (1 3 6 1 5 5 7 5 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 05 01', - 'name': 'regCtrl', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1)}, - 'regToken': {'comment': 'PKIX CRMF registration control', - 'description': 'regToken (1 3 6 1 5 5 7 5 1 1)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 01', - 'name': 'regToken', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 1)}, - 'registeredAddress': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'registeredAddress (2 5 4 26)', - 'hexoid': '06 03 55 04 1A', - 'name': 'registeredAddress', - 'oid': (2, 5, 4, 26)}, - 'reject': {'comment': 'ANSI X9.57 hold instruction', - 'description': 'reject (1 2 840 10040 2 3)', - 'hexoid': '06 07 2A 86 48 CE 38 02 03', - 'name': 'reject', - 'oid': (1, 2, 840, 10040, 2, 3)}, - 'relianceLimit': {'comment': 'Novell PKI attribute type', - 'description': 'relianceLimit (2 16 840 1 113719 1 9 4 2)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 09 04 02', - 'name': 'relianceLimit', - 'oid': (2, 16, 840, 1, 113719, 1, 9, 4, 2)}, - 'renewalCertificate': {'comment': 'Microsoft attribute', - 'description': 'renewalCertificate (1 3 6 1 4 1 311 13 1)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 0D 01', - 'name': 'renewalCertificate', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 1)}, - 'requestClientInfo': {'comment': 'Microsoft attribute', - 'description': 'requestClientInfo (1 3 6 1 4 1 311 21 20)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 14', - 'name': 'requestClientInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 20)}, - 'requestedCertificate': {'comment': 'Teletrust attribute', - 'description': 'requestedCertificate (1 3 36 8 3 10)', - 'hexoid': '06 05 2B 24 08 03 0A', - 'name': 'requestedCertificate', - 'oid': (1, 3, 36, 8, 3, 10)}, - 'residentialPerson': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'residentialPerson (2 5 6 10)', - 'hexoid': '06 03 55 06 0A', - 'name': 'residentialPerson', - 'oid': (2, 5, 6, 10)}, - 'restriction': {'comment': 'Teletrust attribute certificate attribute', - 'description': 'restriction (1 3 36 8 4 8)', - 'hexoid': '06 05 2B 24 08 04 08', - 'name': 'restriction', - 'oid': (1, 3, 36, 8, 4, 8)}, - 'retrieveIfAllowed': {'comment': 'Teletrust attribute', - 'description': 'retrieveIfAllowed (1 3 36 8 3 9)', - 'hexoid': '06 05 2B 24 08 03 09', - 'name': 'retrieveIfAllowed', - 'oid': (1, 3, 36, 8, 3, 9)}, - 'revPassphrase': {'comment': 'PKIX CMP information', - 'description': 'revPassphrase (1 3 6 1 5 5 7 4 12)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0C', - 'name': 'revPassphrase', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 12)}, - 'reviewSig': {'comment': 'S/MIME Signature Type Identifier', - 'description': 'reviewSig (1 2 840 113549 1 9 16 9 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 04', - 'name': 'reviewSig', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 9, 4)}, - 'revision': {'comment': 'Microsoft Cert Template - attribute', - 'description': 'revision (1 2 840 113556 1 4 145)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 81 11', - 'name': 'revision', - 'oid': (1, 2, 840, 113556, 1, 4, 145)}, - 'revocationFlag': {'comment': 'Telesec attribute', - 'description': 'revocationFlag (0 2 262 1 10 7 34)', - 'hexoid': '06 07 02 82 06 01 0A 07 22', - 'name': 'revocationFlag', - 'oid': (0, 2, 262, 1, 10, 7, 34)}, - 'revocationRefs': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'revocationRefs (1 2 840 113549 1 9 16 2 22)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 16', - 'name': 'revocationRefs', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 22)}, - 'revocationValues': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'revocationValues (1 2 840 113549 1 9 16 2 24)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 18', - 'name': 'revocationValues', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 24)}, - 'rfc822Mailbox': {'comment': 'Some oddball X.500 attribute collection', - 'description': 'rfc822Mailbox (0 9 2342 19200300 100 1 3)', - 'hexoid': '06 0A 09 92 26 89 93 F2 2C 64 01 03', - 'name': 'rfc822Mailbox', - 'oid': (0, 9, 2342, 19200300, 100, 1, 3)}, - 'rfc822MessageFormat': {'comment': 'SDN.700 INFOSEC format', - 'description': 'rfc822MessageFormat (2 16 840 1 101 2 1 2 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 01', - 'name': 'rfc822MessageFormat', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 1)}, - 'ripemd128': {'comment': 'Teletrust hash algorithm', - 'description': 'ripemd128 (1 3 36 3 2 2)', - 'hexoid': '06 05 2B 24 03 02 02', - 'name': 'ripemd128', - 'oid': (1, 3, 36, 3, 2, 2)}, - 'ripemd160': {'comment': 'Teletrust hash algorithm', - 'description': 'ripemd160 (1 3 36 3 2 1)', - 'hexoid': '06 05 2B 24 03 02 01', - 'name': 'ripemd160', - 'oid': (1, 3, 36, 3, 2, 1)}, - 'ripemd160WithRSAAndTelekomSignatureStandard': {'comment': 'Telesec mechanism', - 'description': 'ripemd160WithRSAAndTelekomSignatureStandard (0 2 262 1 10 1 1 5)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 05', - 'name': 'ripemd160WithRSAAndTelekomSignatureStandard', - 'oid': (0, - 2, - 262, - 1, - 10, - 1, - 1, - 5)}, - 'ripemd256': {'comment': 'Teletrust hash algorithm', - 'description': 'ripemd256 (1 3 36 3 2 3)', - 'hexoid': '06 05 2B 24 03 02 03', - 'name': 'ripemd256', - 'oid': (1, 3, 36, 3, 2, 3)}, - 'rolUnicoNacional': {'comment': 'Chilean Government national unique roll number', - 'description': 'rolUnicoNacional (1 3 6 1 4 1 8231 1)', - 'hexoid': '06 08 2B 06 01 04 01 C0 27 01', - 'name': 'rolUnicoNacional', - 'oid': (1, 3, 6, 1, 4, 1, 8231, 1)}, - 'role': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'role (2 5 4 72)', - 'hexoid': '06 03 55 04 48', - 'name': 'role', - 'oid': (2, 5, 4, 72)}, - 'roleOccupant': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'roleOccupant (2 5 4 33)', - 'hexoid': '06 03 55 04 21', - 'name': 'roleOccupant', - 'oid': (2, 5, 4, 33)}, - 'root': {'comment': 'SET policy', - 'description': 'root (2 23 42 5 0)', - 'hexoid': '06 04 67 2A 05 00', - 'name': 'root', - 'oid': (2, 23, 42, 5, 0)}, - 'rootKeyThumb': {'comment': 'SET cert attribute', - 'description': 'rootKeyThumb (2 23 42 3 0 0)', - 'hexoid': '06 05 67 2A 03 00 00', - 'name': 'rootKeyThumb', - 'oid': (2, 23, 42, 3, 0, 0)}, - 'rsa': {'comment': 'X.509. Unsure about this OID', - 'description': 'rsa (1 3 14 3 2 1 1)', - 'hexoid': '06 06 2B 0E 03 02 01 01', - 'name': 'rsa', - 'oid': (1, 3, 14, 3, 2, 1, 1)}, - 'rsaEncryption': {'comment': 'Teletrust encryption algorithm', - 'description': 'rsaEncryption (1 3 36 3 1 4)', - 'hexoid': '06 05 2B 24 03 01 04', - 'name': 'rsaEncryption', - 'oid': (1, 3, 36, 3, 1, 4)}, - 'rsaEncryptionBsafe1': {'comment': 'Novell encryption algorithm', - 'description': 'rsaEncryptionBsafe1 (2 16 840 1 113719 1 2 8 131)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 03', - 'name': 'rsaEncryptionBsafe1', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 131)}, - 'rsaEncryptionWithlmod512expe17': {'comment': 'Teletrust encryption algorithm', - 'description': 'rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17)', - 'hexoid': '06 08 2B 24 03 01 04 84 00 11', - 'name': 'rsaEncryptionWithlmod512expe17', - 'oid': (1, 3, 36, 3, 1, 4, 512, 17)}, - 'rsaIndicateRIPEMD160': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaIndicateRIPEMD160 (1 3 36 8 5 1 1 2)', - 'hexoid': '06 07 2B 24 08 05 01 01 02', - 'name': 'rsaIndicateRIPEMD160', - 'oid': (1, 3, 36, 8, 5, 1, 1, 2)}, - 'rsaIndicateSHA1': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaIndicateSHA1 (1 3 36 8 5 1 1 1)', - 'hexoid': '06 07 2B 24 08 05 01 01 01', - 'name': 'rsaIndicateSHA1', - 'oid': (1, 3, 36, 8, 5, 1, 1, 1)}, - 'rsaKeyTransport': {'comment': 'Oddball OIW OID', - 'description': 'rsaKeyTransport (1 3 14 3 2 22)', - 'hexoid': '06 05 2B 0E 03 02 16', - 'name': 'rsaKeyTransport', - 'oid': (1, 3, 14, 3, 2, 22)}, - 'rsaOAEP': {'comment': 'PKCS #1', - 'description': 'rsaOAEP (1 2 840 113549 1 1 7)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 07', - 'name': 'rsaOAEP', - 'oid': (1, 2, 840, 113549, 1, 1, 7)}, - 'rsaOAEP-pSpecified': {'comment': 'PKCS #1', - 'description': 'rsaOAEP-pSpecified (1 2 840 113549 1 1 9)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 09', - 'name': 'rsaOAEP-pSpecified', - 'oid': (1, 2, 840, 113549, 1, 1, 9)}, - 'rsaOAEPEncryptionSET': {'comment': 'PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption', - 'description': 'rsaOAEPEncryptionSET (1 2 840 113549 1 1 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 06', - 'name': 'rsaOAEPEncryptionSET', - 'oid': (1, 2, 840, 113549, 1, 1, 6)}, - 'rsaPSS': {'comment': 'PKCS #1', - 'description': 'rsaPSS (1 2 840 113549 1 1 10)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0A', - 'name': 'rsaPSS', - 'oid': (1, 2, 840, 113549, 1, 1, 10)}, - 'rsaSignature': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignature (1 3 36 3 3 1)', - 'hexoid': '06 05 2B 24 03 03 01', - 'name': 'rsaSignature', - 'oid': (1, 3, 36, 3, 3, 1)}, - 'rsaSignatureWithrimpemd128': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3)', - 'hexoid': '06 06 2B 24 03 03 01 03', - 'name': 'rsaSignatureWithrimpemd128', - 'oid': (1, 3, 36, 3, 3, 1, 3)}, - 'rsaSignatureWithrimpemd256': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4)', - 'hexoid': '06 06 2B 24 03 03 01 04', - 'name': 'rsaSignatureWithrimpemd256', - 'oid': (1, 3, 36, 3, 3, 1, 4)}, - 'rsaSignatureWithripemd160': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160 (1 3 36 3 3 1 2)', - 'hexoid': '06 06 2B 24 03 03 01 02', - 'name': 'rsaSignatureWithripemd160', - 'oid': (1, 3, 36, 3, 3, 1, 2)}, - 'rsaSignatureWithripemd160_l1024_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 0B', - 'name': 'rsaSignatureWithripemd160_l1024_l11', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 1024, - 11)}, - 'rsaSignatureWithripemd160_l1024_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 02', - 'name': 'rsaSignatureWithripemd160_l1024_l2', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 1024, - 2)}, - 'rsaSignatureWithripemd160_l1024_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 03', - 'name': 'rsaSignatureWithripemd160_l1024_l3', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 1024, - 3)}, - 'rsaSignatureWithripemd160_l1024_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 05', - 'name': 'rsaSignatureWithripemd160_l1024_l5', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 1024, - 5)}, - 'rsaSignatureWithripemd160_l1024_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 09', - 'name': 'rsaSignatureWithripemd160_l1024_l9', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 1024, - 9)}, - 'rsaSignatureWithripemd160_l512_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 0B', - 'name': 'rsaSignatureWithripemd160_l512_l11', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 512, - 11)}, - 'rsaSignatureWithripemd160_l512_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 02', - 'name': 'rsaSignatureWithripemd160_l512_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 2)}, - 'rsaSignatureWithripemd160_l512_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 03', - 'name': 'rsaSignatureWithripemd160_l512_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 3)}, - 'rsaSignatureWithripemd160_l512_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 05', - 'name': 'rsaSignatureWithripemd160_l512_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 5)}, - 'rsaSignatureWithripemd160_l512_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 09', - 'name': 'rsaSignatureWithripemd160_l512_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 9)}, - 'rsaSignatureWithripemd160_l640_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 0B', - 'name': 'rsaSignatureWithripemd160_l640_l11', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 640, - 11)}, - 'rsaSignatureWithripemd160_l640_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 02', - 'name': 'rsaSignatureWithripemd160_l640_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 2)}, - 'rsaSignatureWithripemd160_l640_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 03', - 'name': 'rsaSignatureWithripemd160_l640_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 3)}, - 'rsaSignatureWithripemd160_l640_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 05', - 'name': 'rsaSignatureWithripemd160_l640_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 5)}, - 'rsaSignatureWithripemd160_l640_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 09', - 'name': 'rsaSignatureWithripemd160_l640_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 9)}, - 'rsaSignatureWithripemd160_l768_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 0B', - 'name': 'rsaSignatureWithripemd160_l768_l11', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 768, - 11)}, - 'rsaSignatureWithripemd160_l768_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 02', - 'name': 'rsaSignatureWithripemd160_l768_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 2)}, - 'rsaSignatureWithripemd160_l768_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 03', - 'name': 'rsaSignatureWithripemd160_l768_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 3)}, - 'rsaSignatureWithripemd160_l768_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 05', - 'name': 'rsaSignatureWithripemd160_l768_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 5)}, - 'rsaSignatureWithripemd160_l768_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 09', - 'name': 'rsaSignatureWithripemd160_l768_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 9)}, - 'rsaSignatureWithripemd160_l896_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 0B', - 'name': 'rsaSignatureWithripemd160_l896_l11', - 'oid': (1, - 3, - 36, - 3, - 3, - 1, - 2, - 896, - 11)}, - 'rsaSignatureWithripemd160_l896_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 896 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 02', - 'name': 'rsaSignatureWithripemd160_l896_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 2)}, - 'rsaSignatureWithripemd160_l896_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 03', - 'name': 'rsaSignatureWithripemd160_l896_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 3)}, - 'rsaSignatureWithripemd160_l896_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 05', - 'name': 'rsaSignatureWithripemd160_l896_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 5)}, - 'rsaSignatureWithripemd160_l896_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 09', - 'name': 'rsaSignatureWithripemd160_l896_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 9)}, - 'rsaSignatureWithsha1': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1 (1 3 36 3 3 1 1)', - 'hexoid': '06 06 2B 24 03 03 01 01', - 'name': 'rsaSignatureWithsha1', - 'oid': (1, 3, 36, 3, 3, 1, 1)}, - 'rsaSignatureWithsha1_l1024_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 0B', - 'name': 'rsaSignatureWithsha1_l1024_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 11)}, - 'rsaSignatureWithsha1_l1024_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 02', - 'name': 'rsaSignatureWithsha1_l1024_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 2)}, - 'rsaSignatureWithsha1_l1024_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 03', - 'name': 'rsaSignatureWithsha1_l1024_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 3)}, - 'rsaSignatureWithsha1_l1024_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 05', - 'name': 'rsaSignatureWithsha1_l1024_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 5)}, - 'rsaSignatureWithsha1_l1024_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 09', - 'name': 'rsaSignatureWithsha1_l1024_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 9)}, - 'rsaSignatureWithsha1_l512_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 0B', - 'name': 'rsaSignatureWithsha1_l512_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 11)}, - 'rsaSignatureWithsha1_l512_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 02', - 'name': 'rsaSignatureWithsha1_l512_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 2)}, - 'rsaSignatureWithsha1_l512_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 03', - 'name': 'rsaSignatureWithsha1_l512_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 3)}, - 'rsaSignatureWithsha1_l512_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 05', - 'name': 'rsaSignatureWithsha1_l512_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 5)}, - 'rsaSignatureWithsha1_l512_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 09', - 'name': 'rsaSignatureWithsha1_l512_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 9)}, - 'rsaSignatureWithsha1_l640_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 0B', - 'name': 'rsaSignatureWithsha1_l640_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 11)}, - 'rsaSignatureWithsha1_l640_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 02', - 'name': 'rsaSignatureWithsha1_l640_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 2)}, - 'rsaSignatureWithsha1_l640_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 03', - 'name': 'rsaSignatureWithsha1_l640_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 3)}, - 'rsaSignatureWithsha1_l640_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 05', - 'name': 'rsaSignatureWithsha1_l640_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 5)}, - 'rsaSignatureWithsha1_l640_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 09', - 'name': 'rsaSignatureWithsha1_l640_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 9)}, - 'rsaSignatureWithsha1_l768_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 0B', - 'name': 'rsaSignatureWithsha1_l768_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 11)}, - 'rsaSignatureWithsha1_l768_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 02', - 'name': 'rsaSignatureWithsha1_l768_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 2)}, - 'rsaSignatureWithsha1_l768_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 03', - 'name': 'rsaSignatureWithsha1_l768_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 3)}, - 'rsaSignatureWithsha1_l768_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 05', - 'name': 'rsaSignatureWithsha1_l768_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 5)}, - 'rsaSignatureWithsha1_l768_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 09', - 'name': 'rsaSignatureWithsha1_l768_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 9)}, - 'rsaSignatureWithsha1_l896_l11': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 0B', - 'name': 'rsaSignatureWithsha1_l896_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 11)}, - 'rsaSignatureWithsha1_l896_l2': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 896 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 02', - 'name': 'rsaSignatureWithsha1_l896_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 2)}, - 'rsaSignatureWithsha1_l896_l3': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 03', - 'name': 'rsaSignatureWithsha1_l896_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 3)}, - 'rsaSignatureWithsha1_l896_l5': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 05', - 'name': 'rsaSignatureWithsha1_l896_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 5)}, - 'rsaSignatureWithsha1_l896_l9': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 09', - 'name': 'rsaSignatureWithsha1_l896_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 9)}, - 'rsaTelesec': {'comment': 'Telesec encryption', - 'description': 'rsaTelesec (0 2 262 1 10 1 2 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 01', - 'name': 'rsaTelesec', - 'oid': (0, 2, 262, 1, 10, 1, 2, 1)}, - 'rsaWithRIPEMD160': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaWithRIPEMD160 (1 3 36 8 5 1 1 4)', - 'hexoid': '06 07 2B 24 08 05 01 01 04', - 'name': 'rsaWithRIPEMD160', - 'oid': (1, 3, 36, 8, 5, 1, 1, 4)}, - 'rsaWithSHA1': {'comment': 'Teletrust signature algorithm', - 'description': 'rsaWithSHA1 (1 3 36 8 5 1 1 3)', - 'hexoid': '06 07 2B 24 08 05 01 01 03', - 'name': 'rsaWithSHA1', - 'oid': (1, 3, 36, 8, 5, 1, 1, 3)}, - 'rtcsRequest': {'comment': 'cryptlib content type', - 'description': 'rtcsRequest (1 3 6 1 4 1 3029 4 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 04', - 'name': 'rtcsRequest', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 4)}, - 'rtcsResponse': {'comment': 'cryptlib content type', - 'description': 'rtcsResponse (1 3 6 1 4 1 3029 4 1 5)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 05', - 'name': 'rtcsResponse', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 5)}, - 'rtcsResponseExt': {'comment': 'cryptlib content type', - 'description': 'rtcsResponseExt (1 3 6 1 4 1 3029 4 1 6)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 06', - 'name': 'rtcsResponseExt', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 6)}, - 'sMIMECapabilities': {'comment': 'PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name', - 'description': 'sMIMECapabilities (1 2 840 113549 1 9 15)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 0F', - 'name': 'sMIMECapabilities', - 'oid': (1, 2, 840, 113549, 1, 9, 15)}, - 'sadmib': {'comment': 'Telesec module', - 'description': 'sadmib (0 2 262 1 10 2 9)', - 'hexoid': '06 07 02 82 06 01 0A 02 09', - 'name': 'sadmib', - 'oid': (0, 2, 262, 1, 10, 2, 9)}, - 'sbgp-autonomousSysNum': {'comment': 'PKIX private extension', - 'description': 'sbgp-autonomousSysNum (1 3 6 1 5 5 7 1 8)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 08', - 'name': 'sbgp-autonomousSysNum', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 8)}, - 'sbgp-ipAddrBlock': {'comment': 'PKIX private extension', - 'description': 'sbgp-ipAddrBlock (1 3 6 1 5 5 7 1 7)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 07', - 'name': 'sbgp-ipAddrBlock', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 7)}, - 'sbgp-routerIdentifier': {'comment': 'PKIX private extension', - 'description': 'sbgp-routerIdentifier (1 3 6 1 5 5 7 1 9)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 09', - 'name': 'sbgp-routerIdentifier', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 9)}, - 'sbgpCertAAServerAuth': {'comment': 'PKIX key purpose', - 'description': 'sbgpCertAAServerAuth (1 3 6 1 5 5 7 3 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0B', - 'name': 'sbgpCertAAServerAuth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 11)}, - 'scheme': {'comment': 'ANSI X9.42', - 'description': 'scheme (1 2 840 10046 3)', - 'hexoid': '06 06 2A 86 48 CE 3E 03', - 'name': 'scheme', - 'oid': (1, 2, 840, 10046, 3)}, - 'sdnsCKL': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sdnsCKL (2 16 840 1 101 2 1 5 41)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 29', - 'name': 'sdnsCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 41)}, - 'sdnsCertificateRevocationList': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sdnsCertificateRevocationList (2 16 840 1 101 2 1 5 44)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2C', - 'name': 'sdnsCertificateRevocationList', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 44)}, - 'sdnsConfidentialityAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 03', - 'name': 'sdnsConfidentialityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 3)}, - 'sdnsIntegrityAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 05', - 'name': 'sdnsIntegrityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 5)}, - 'sdnsKMandSigAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0B', - 'name': 'sdnsKMandSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 11)}, - 'sdnsKeyManagementAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 09', - 'name': 'sdnsKeyManagementAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 9)}, - 'sdnsPRBAC': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'sdnsPRBAC (2 16 840 1 101 2 1 3 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 02', - 'name': 'sdnsPRBAC', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 2)}, - 'sdnsSecurityPolicy': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'sdnsSecurityPolicy (2 16 840 1 101 2 1 3 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 01', - 'name': 'sdnsSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 1)}, - 'sdnsSignatureAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 01', - 'name': 'sdnsSignatureAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 1)}, - 'sdnsSignatureCKL': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sdnsSignatureCKL (2 16 840 1 101 2 1 5 43)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2B', - 'name': 'sdnsSignatureCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 43)}, - 'sdnsTokenProtectionAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 07', - 'name': 'sdnsTokenProtectionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 7)}, - 'sdsiCertificate': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 16 02', - 'name': 'sdsiCertificate', - 'oid': (1, 2, 840, 113549, 1, 9, 22, 2)}, - 'searchGuide': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'searchGuide (2 5 4 14)', - 'hexoid': '06 03 55 04 0E', - 'name': 'searchGuide', - 'oid': (2, 5, 4, 14)}, - 'secPolicyInformationFile': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'secPolicyInformationFile (2 16 840 1 101 2 1 5 59)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 3B', - 'name': 'secPolicyInformationFile', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 59)}, - 'secondaryPractices': {'comment': 'MEDePass', - 'description': 'secondaryPractices (1 3 6 1 4 1 5770 0 3)', - 'hexoid': '06 09 2B 06 01 04 01 AD 0A 00 03', - 'name': 'secondaryPractices', - 'oid': (1, 3, 6, 1, 4, 1, 5770, 0, 3)}, - 'secp112r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp112r1 (1 3 132 0 6)', - 'hexoid': '06 05 2B 81 04 00 06', - 'name': 'secp112r1', - 'oid': (1, 3, 132, 0, 6)}, - 'secp112r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp112r2 (1 3 132 0 7)', - 'hexoid': '06 05 2B 81 04 00 07', - 'name': 'secp112r2', - 'oid': (1, 3, 132, 0, 7)}, - 'secp128r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp128r1 (1 3 132 0 28)', - 'hexoid': '06 05 2B 81 04 00 1C', - 'name': 'secp128r1', - 'oid': (1, 3, 132, 0, 28)}, - 'secp128r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp128r2 (1 3 132 0 29)', - 'hexoid': '06 05 2B 81 04 00 1D', - 'name': 'secp128r2', - 'oid': (1, 3, 132, 0, 29)}, - 'secp160k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp160k1 (1 3 132 0 9)', - 'hexoid': '06 05 2B 81 04 00 09', - 'name': 'secp160k1', - 'oid': (1, 3, 132, 0, 9)}, - 'secp160r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp160r1 (1 3 132 0 8)', - 'hexoid': '06 05 2B 81 04 00 08', - 'name': 'secp160r1', - 'oid': (1, 3, 132, 0, 8)}, - 'secp160r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp160r2 (1 3 132 0 30)', - 'hexoid': '06 05 2B 81 04 00 1E', - 'name': 'secp160r2', - 'oid': (1, 3, 132, 0, 30)}, - 'secp192k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp192k1 (1 3 132 0 31)', - 'hexoid': '06 05 2B 81 04 00 1F', - 'name': 'secp192k1', - 'oid': (1, 3, 132, 0, 31)}, - 'secp224k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp224k1 (1 3 132 0 32)', - 'hexoid': '06 05 2B 81 04 00 20', - 'name': 'secp224k1', - 'oid': (1, 3, 132, 0, 32)}, - 'secp224r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp224r1 (1 3 132 0 33)', - 'hexoid': '06 05 2B 81 04 00 21', - 'name': 'secp224r1', - 'oid': (1, 3, 132, 0, 33)}, - 'secp256k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp256k1 (1 3 132 0 10)', - 'hexoid': '06 05 2B 81 04 00 0A', - 'name': 'secp256k1', - 'oid': (1, 3, 132, 0, 10)}, - 'secp384r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp384r1 (1 3 132 0 34)', - 'hexoid': '06 05 2B 81 04 00 22', - 'name': 'secp384r1', - 'oid': (1, 3, 132, 0, 34)}, - 'secp521r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp521r1 (1 3 132 0 35)', - 'hexoid': '06 05 2B 81 04 00 23', - 'name': 'secp521r1', - 'oid': (1, 3, 132, 0, 35)}, - 'sect113r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect113r1 (1 3 132 0 4)', - 'hexoid': '06 05 2B 81 04 00 04', - 'name': 'sect113r1', - 'oid': (1, 3, 132, 0, 4)}, - 'sect113r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect113r2 (1 3 132 0 5)', - 'hexoid': '06 05 2B 81 04 00 05', - 'name': 'sect113r2', - 'oid': (1, 3, 132, 0, 5)}, - 'sect131r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect131r1 (1 3 132 0 22)', - 'hexoid': '06 05 2B 81 04 00 16', - 'name': 'sect131r1', - 'oid': (1, 3, 132, 0, 22)}, - 'sect131r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect131r2 (1 3 132 0 23)', - 'hexoid': '06 05 2B 81 04 00 17', - 'name': 'sect131r2', - 'oid': (1, 3, 132, 0, 23)}, - 'sect163k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect163k1 (1 3 132 0 1)', - 'hexoid': '06 05 2B 81 04 00 01', - 'name': 'sect163k1', - 'oid': (1, 3, 132, 0, 1)}, - 'sect163r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect163r1 (1 3 132 0 2)', - 'hexoid': '06 05 2B 81 04 00 02', - 'name': 'sect163r1', - 'oid': (1, 3, 132, 0, 2)}, - 'sect163r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect163r2 (1 3 132 0 15)', - 'hexoid': '06 05 2B 81 04 00 0F', - 'name': 'sect163r2', - 'oid': (1, 3, 132, 0, 15)}, - 'sect193r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect193r1 (1 3 132 0 24)', - 'hexoid': '06 05 2B 81 04 00 18', - 'name': 'sect193r1', - 'oid': (1, 3, 132, 0, 24)}, - 'sect193r2': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect193r2 (1 3 132 0 25)', - 'hexoid': '06 05 2B 81 04 00 19', - 'name': 'sect193r2', - 'oid': (1, 3, 132, 0, 25)}, - 'sect233k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect233k1 (1 3 132 0 26)', - 'hexoid': '06 05 2B 81 04 00 1A', - 'name': 'sect233k1', - 'oid': (1, 3, 132, 0, 26)}, - 'sect233r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect233r1 (1 3 132 0 27)', - 'hexoid': '06 05 2B 81 04 00 1B', - 'name': 'sect233r1', - 'oid': (1, 3, 132, 0, 27)}, - 'sect239k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect239k1 (1 3 132 0 3)', - 'hexoid': '06 05 2B 81 04 00 03', - 'name': 'sect239k1', - 'oid': (1, 3, 132, 0, 3)}, - 'sect283k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect283k1 (1 3 132 0 16)', - 'hexoid': '06 05 2B 81 04 00 10', - 'name': 'sect283k1', - 'oid': (1, 3, 132, 0, 16)}, - 'sect283r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect283r1 (1 3 132 0 17)', - 'hexoid': '06 05 2B 81 04 00 11', - 'name': 'sect283r1', - 'oid': (1, 3, 132, 0, 17)}, - 'sect409k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect409k1 (1 3 132 0 36)', - 'hexoid': '06 05 2B 81 04 00 24', - 'name': 'sect409k1', - 'oid': (1, 3, 132, 0, 36)}, - 'sect409r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect409r1 (1 3 132 0 37)', - 'hexoid': '06 05 2B 81 04 00 25', - 'name': 'sect409r1', - 'oid': (1, 3, 132, 0, 37)}, - 'sect571k1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect571k1 (1 3 132 0 38)', - 'hexoid': '06 05 2B 81 04 00 26', - 'name': 'sect571k1', - 'oid': (1, 3, 132, 0, 38)}, - 'sect571r1': {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect571r1 (1 3 132 0 39)', - 'hexoid': '06 05 2B 81 04 00 27', - 'name': 'sect571r1', - 'oid': (1, 3, 132, 0, 39)}, - 'securityApplication': {'comment': 'Telesec SNMP MIBs', - 'description': 'securityApplication (0 2 262 1 10 11 1)', - 'hexoid': '06 07 02 82 06 01 0A 0B 01', - 'name': 'securityApplication', - 'oid': (0, 2, 262, 1, 10, 11, 1)}, - 'securityAttributes': {'comment': 'Novell PKI attribute type', - 'description': 'securityAttributes (2 16 840 1 113719 1 9 4 1)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 09 04 01', - 'name': 'securityAttributes', - 'oid': (2, 16, 840, 1, 113719, 1, 9, 4, 1)}, - 'securityDomain': {'comment': 'Telesec attribute', - 'description': 'securityDomain (0 2 262 1 10 7 9)', - 'hexoid': '06 07 02 82 06 01 0A 07 09', - 'name': 'securityDomain', - 'oid': (0, 2, 262, 1, 10, 7, 9)}, - 'securityLabel': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'securityLabel (1 2 840 113549 1 9 16 2 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 02', - 'name': 'securityLabel', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 2)}, - 'securityMessEnv': {'comment': 'Telesec attribute', - 'description': 'securityMessEnv (0 2 262 1 10 7 15)', - 'hexoid': '06 07 02 82 06 01 0A 07 0F', - 'name': 'securityMessEnv', - 'oid': (0, 2, 262, 1, 10, 7, 15)}, - 'sedu': {'comment': 'Teletrust sio', - 'description': 'sedu (1 3 36 2 1)', - 'hexoid': '06 04 2B 24 02 01', - 'name': 'sedu', - 'oid': (1, 3, 36, 2, 1)}, - 'seeAlso': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'seeAlso (2 5 4 34)', - 'hexoid': '06 03 55 04 22', - 'name': 'seeAlso', - 'oid': (2, 5, 4, 34)}, - 'seis-cp': {'comment': 'SEIS Project', - 'description': 'seis-cp (1 2 752 34 1)', - 'hexoid': '06 05 2A 85 70 22 01', - 'name': 'seis-cp', - 'oid': (1, 2, 752, 34, 1)}, - 'senderNonce': {'comment': 'Verisign PKCS #7 attribute', - 'description': 'senderNonce (2 16 840 1 113733 1 9 5)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 05', - 'name': 'senderNonce', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 5)}, - 'sepUKMs': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sepUKMs (2 16 840 1 101 2 1 5 28)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1C', - 'name': 'sepUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 28)}, - 'sequenceNumber': {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'sequenceNumber (1 2 840 113549 1 9 25 4)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 04', - 'name': 'sequenceNumber', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 4)}, - 'serialNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'serialNumber (2 5 4 5)', - 'hexoid': '06 03 55 04 05', - 'name': 'serialNumber', - 'oid': (2, 5, 4, 5)}, - 'serpent': {'comment': 'GNU encryption algorithm', - 'description': 'serpent (1 3 6 1 4 1 11591 13 2)', - 'hexoid': '06 09 2B 06 01 04 01 DA 47 0D 02', - 'name': 'serpent', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2)}, - 'serpent128_CBC': {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_CBC (1 3 6 1 4 1 11591 13 2 2)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 02', - 'name': 'serpent128_CBC', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 2)}, - 'serpent128_CFB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_CFB (1 3 6 1 4 1 11591 13 2 4)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 04', - 'name': 'serpent128_CFB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 4)}, - 'serpent128_ECB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_ECB (1 3 6 1 4 1 11591 13 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 01', - 'name': 'serpent128_ECB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 1)}, - 'serpent128_OFB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_OFB (1 3 6 1 4 1 11591 13 2 3)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 03', - 'name': 'serpent128_OFB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 3)}, - 'serpent192_CBC': {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_CBC (1 3 6 1 4 1 11591 13 2 22)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 16', - 'name': 'serpent192_CBC', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 22)}, - 'serpent192_CFB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_CFB (1 3 6 1 4 1 11591 13 2 24)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 18', - 'name': 'serpent192_CFB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 24)}, - 'serpent192_ECB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_ECB (1 3 6 1 4 1 11591 13 2 21)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 15', - 'name': 'serpent192_ECB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 21)}, - 'serpent192_OFB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_OFB (1 3 6 1 4 1 11591 13 2 23)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 17', - 'name': 'serpent192_OFB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 23)}, - 'serpent256_CBC': {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_CBC (1 3 6 1 4 1 11591 13 2 42)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 2A', - 'name': 'serpent256_CBC', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 42)}, - 'serpent256_CFB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_CFB (1 3 6 1 4 1 11591 13 2 44)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 2C', - 'name': 'serpent256_CFB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 44)}, - 'serpent256_ECB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_ECB (1 3 6 1 4 1 11591 13 2 41)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 29', - 'name': 'serpent256_ECB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 41)}, - 'serpent256_OFB': {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_OFB (1 3 6 1 4 1 11591 13 2 43)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 2B', - 'name': 'serpent256_OFB', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2, 43)}, - 'serverAuth': {'comment': 'PKIX key purpose', - 'description': 'serverAuth (1 3 6 1 5 5 7 3 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 01', - 'name': 'serverAuth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 1)}, - 'serverGatedCrypto': {'comment': 'Netscape', - 'description': 'serverGatedCrypto (2 16 840 1 113730 4 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 04 01', - 'name': 'serverGatedCrypto', - 'oid': (2, 16, 840, 1, 113730, 4, 1)}, - 'setExtensions': {'comment': 'SET cert extension', - 'description': 'setExtensions (2 23 42 7 5)', - 'hexoid': '06 04 67 2A 07 05', - 'name': 'setExtensions', - 'oid': (2, 23, 42, 7, 5)}, - 'setQualifier': {'comment': 'SET cert extension', - 'description': 'setQualifier (2 23 42 7 6)', - 'hexoid': '06 04 67 2A 07 06', - 'name': 'setQualifier', - 'oid': (2, 23, 42, 7, 6)}, - 'sha': {'comment': 'Oddball OIW OID', - 'description': 'sha (1 3 14 3 2 18)', - 'hexoid': '06 05 2B 0E 03 02 12', - 'name': 'sha', - 'oid': (1, 3, 14, 3, 2, 18)}, - 'sha-1WithRSAEncryption': {'comment': 'Oddball OIW OID', - 'description': 'sha-1WithRSAEncryption (1 3 14 3 2 29)', - 'hexoid': '06 05 2B 0E 03 02 1D', - 'name': 'sha-1WithRSAEncryption', - 'oid': (1, 3, 14, 3, 2, 29)}, - 'sha-224': {'comment': 'NIST Algorithm', - 'description': 'sha-224 (2 16 840 1 101 3 4 2 4)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 04', - 'name': 'sha-224', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 4)}, - 'sha-256': {'comment': 'NIST Algorithm', - 'description': 'sha-256 (2 16 840 1 101 3 4 2 1)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 01', - 'name': 'sha-256', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 1)}, - 'sha-384': {'comment': 'NIST Algorithm', - 'description': 'sha-384 (2 16 840 1 101 3 4 2 2)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 02', - 'name': 'sha-384', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 2)}, - 'sha-512': {'comment': 'NIST Algorithm', - 'description': 'sha-512 (2 16 840 1 101 3 4 2 3)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 03', - 'name': 'sha-512', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 3)}, - 'sha1': {'comment': 'OIW', - 'description': 'sha1 (1 3 14 3 2 26)', - 'hexoid': '06 05 2B 0E 03 02 1A', - 'name': 'sha1', - 'oid': (1, 3, 14, 3, 2, 26)}, - 'sha1WithRSAEncryptionBSafe1': {'comment': 'Novell signature algorithm', - 'description': 'sha1WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 31)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1F', - 'name': 'sha1WithRSAEncryptionBSafe1', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8, 31)}, - 'sha1withRSAEncryption': {'comment': 'PKCS #1', - 'description': 'sha1withRSAEncryption (1 2 840 113549 1 1 5)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 05', - 'name': 'sha1withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 5)}, - 'sha256WithRSAEncryption': {'comment': 'PKCS #1', - 'description': 'sha256WithRSAEncryption (1 2 840 113549 1 1 11)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0B', - 'name': 'sha256WithRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 11)}, - 'sha384WithRSAEncryption': {'comment': 'PKCS #1', - 'description': 'sha384WithRSAEncryption (1 2 840 113549 1 1 12)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0C', - 'name': 'sha384WithRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 12)}, - 'sha512WithRSAEncryption': {'comment': 'PKCS #1', - 'description': 'sha512WithRSAEncryption (1 2 840 113549 1 1 13)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0D', - 'name': 'sha512WithRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 13)}, - 'shaWithRSASignature': {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'shaWithRSASignature (1 3 14 3 2 15)', - 'hexoid': '06 05 2B 0E 03 02 0F', - 'name': 'shaWithRSASignature', - 'oid': (1, 3, 14, 3, 2, 15)}, - 'siSecurityPolicy': {'comment': 'SDN.700 INFOSEC policy', - 'description': 'siSecurityPolicy (2 16 840 1 101 2 1 3 10)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0A', - 'name': 'siSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 10)}, - 'sigNumber': {'comment': 'Teletrust signature attributes', - 'description': 'sigNumber (1 3 36 8 6 9)', - 'hexoid': '06 05 2B 24 08 06 09', - 'name': 'sigNumber', - 'oid': (1, 3, 36, 8, 6, 9)}, - 'sigOrKMPrivileges': {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sigOrKMPrivileges (2 16 840 1 101 2 1 5 55)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 37', - 'name': 'sigOrKMPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 55)}, - 'sigPolicyId': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'sigPolicyId (1 2 840 113549 1 9 16 2 15)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0F', - 'name': 'sigPolicyId', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 15)}, - 'sigPolicyQualifier-spUserNotice': {'comment': 'S/MIME Signature Policy Qualifier', - 'description': 'sigPolicyQualifier-spUserNotice (1 2 840 113549 1 9 16 5 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 05 02', - 'name': 'sigPolicyQualifier-spUserNotice', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 5, - 2)}, - 'sigPolicyQualifier-spuri': {'comment': 'S/MIME Signature Policy Qualifier', - 'description': 'sigPolicyQualifier-spuri (1 2 840 113549 1 9 16 5 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 05 01', - 'name': 'sigPolicyQualifier-spuri', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 5, 1)}, - 'sigPrivileges': {'comment': 'SDN.700 INFOSEC privileges', - 'description': 'sigPrivileges (2 16 840 1 101 2 1 10 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0A 01', - 'name': 'sigPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 10, 1)}, - 'sigS_ISO9796-1': {'comment': 'Teletrust signature scheme', - 'description': 'sigS_ISO9796-1 (1 3 36 3 4 1)', - 'hexoid': '06 05 2B 24 03 04 01', - 'name': 'sigS_ISO9796-1', - 'oid': (1, 3, 36, 3, 4, 1)}, - 'sigS_ISO9796-2': {'comment': 'Teletrust signature scheme', - 'description': 'sigS_ISO9796-2 (1 3 36 3 4 2)', - 'hexoid': '06 05 2B 24 03 04 02', - 'name': 'sigS_ISO9796-2', - 'oid': (1, 3, 36, 3, 4, 2)}, - 'sigS_ISO9796-2Withred': {'comment': 'Teletrust signature scheme. Unsure what this is supposed to be', - 'description': 'sigS_ISO9796-2Withred (1 3 36 3 4 2 1)', - 'hexoid': '06 06 2B 24 03 04 02 01', - 'name': 'sigS_ISO9796-2Withred', - 'oid': (1, 3, 36, 3, 4, 2, 1)}, - 'sigS_ISO9796-2Withrnd': {'comment': 'Teletrust signature scheme. 9796-2 with random number in padding field', - 'description': 'sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3)', - 'hexoid': '06 06 2B 24 03 04 02 03', - 'name': 'sigS_ISO9796-2Withrnd', - 'oid': (1, 3, 36, 3, 4, 2, 3)}, - 'sigS_ISO9796-2Withrsa': {'comment': 'Teletrust signature scheme. Unsure what this is supposed to be', - 'description': 'sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2)', - 'hexoid': '06 06 2B 24 03 04 02 02', - 'name': 'sigS_ISO9796-2Withrsa', - 'oid': (1, 3, 36, 3, 4, 2, 2)}, - 'signKeyPairTypes': {'comment': 'PKIX CMP information', - 'description': 'signKeyPairTypes (1 3 6 1 5 5 7 4 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 02', - 'name': 'signKeyPairTypes', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 2)}, - 'signature': {'comment': 'Telesec mechanism', - 'description': 'signature (0 2 262 1 10 1 1)', - 'hexoid': '06 07 02 82 06 01 0A 01 01', - 'name': 'signature', - 'oid': (0, 2, 262, 1, 10, 1, 1)}, - 'signatureAlgorithm': {'comment': 'Teletrust algorithm', - 'description': 'signatureAlgorithm (1 3 36 3 3)', - 'hexoid': '06 04 2B 24 03 03', - 'name': 'signatureAlgorithm', - 'oid': (1, 3, 36, 3, 3)}, - 'signatureScheme': {'comment': 'Teletrust algorithm', - 'description': 'signatureScheme (1 3 36 3 4)', - 'hexoid': '06 04 2B 24 03 04', - 'name': 'signatureScheme', - 'oid': (1, 3, 36, 3, 4)}, - 'signatureType': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signatureType (1 2 840 113549 1 9 16 2 28)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1C', - 'name': 'signatureType', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 28)}, - 'signatureTypeIdentifier': {'comment': 'S/MIME', - 'description': 'signatureTypeIdentifier (1 2 840 113549 1 9 16 9)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 09', - 'name': 'signatureTypeIdentifier', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 9)}, - 'signedAndEnvelopedData': {'comment': 'PKCS #7', - 'description': 'signedAndEnvelopedData (1 2 840 113549 1 7 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 04', - 'name': 'signedAndEnvelopedData', - 'oid': (1, 2, 840, 113549, 1, 7, 4)}, - 'signedData': {'comment': 'PKCS #7', - 'description': 'signedData (1 2 840 113549 1 7 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 02', - 'name': 'signedData', - 'oid': (1, 2, 840, 113549, 1, 7, 2)}, - 'signedEDImessage': {'comment': 'TMN EDI for Interactive Agents', - 'description': 'signedEDImessage (1 3 6 1 4 1 3576 7 2)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 02', - 'name': 'signedEDImessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 2)}, - 'signerAttr': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signerAttr (1 2 840 113549 1 9 16 2 18)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 12', - 'name': 'signerAttr', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 18)}, - 'signerLocation': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signerLocation (1 2 840 113549 1 9 16 2 17)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 11', - 'name': 'signerLocation', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 17)}, - 'signingCertificate': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signingCertificate (1 2 840 113549 1 9 16 2 12)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0C', - 'name': 'signingCertificate', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 12)}, - 'signingDescription': {'comment': 'PKCS #9', - 'description': 'signingDescription (1 2 840 113549 1 9 13)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 0D', - 'name': 'signingDescription', - 'oid': (1, 2, 840, 113549, 1, 9, 13)}, - 'signingTime': {'comment': 'PKCS #9', - 'description': 'signingTime (1 2 840 113549 1 9 5)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 05', - 'name': 'signingTime', - 'oid': (1, 2, 840, 113549, 1, 9, 5)}, - 'simple-strong-auth-mechanism': {'comment': 'Oddball OIW OID', - 'description': 'simple-strong-auth-mechanism (1 3 14 3 3 1)', - 'hexoid': '06 05 2B 0E 03 03 01', - 'name': 'simple-strong-auth-mechanism', - 'oid': (1, 3, 14, 3, 3, 1)}, - 'sio': {'comment': 'Teletrust sio', - 'description': 'sio (1 3 36 2)', - 'hexoid': '06 03 2B 24 02', - 'name': 'sio', - 'oid': (1, 3, 36, 2)}, - 'site-Addressing': {'comment': 'Microsoft Exchange Server - object class', - 'description': 'site-Addressing (1 2 840 113556 1 3 0)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 00', - 'name': 'site-Addressing', - 'oid': (1, 2, 840, 113556, 1, 3, 0)}, - 'smeAndComponentsOfSme': {'comment': 'Telesec module', - 'description': 'smeAndComponentsOfSme (0 2 262 1 10 2 5)', - 'hexoid': '06 07 02 82 06 01 0A 02 05', - 'name': 'smeAndComponentsOfSme', - 'oid': (0, 2, 262, 1, 10, 2, 5)}, - 'smimeEncryptCerts': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'smimeEncryptCerts (1 2 840 113549 1 9 16 2 13)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0D', - 'name': 'smimeEncryptCerts', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 13)}, - 'snmp-mibs': {'comment': 'Telesec', - 'description': 'snmp-mibs (0 2 262 1 10 11)', - 'hexoid': '06 06 02 82 06 01 0A 0B', - 'name': 'snmp-mibs', - 'oid': (0, 2, 262, 1, 10, 11)}, - 'spcAgencyInfo': {'comment': 'Microsoft code signing. Also known as policyLink', - 'description': 'spcAgencyInfo (1 3 6 1 4 1 311 2 1 10)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0A', - 'name': 'spcAgencyInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 10)}, - 'spcFinancialCriteriaInfo': {'comment': 'Microsoft code signing', - 'description': 'spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 1B', - 'name': 'spcFinancialCriteriaInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 27)}, - 'spcIndirectDataContext': {'comment': 'Microsoft code signing', - 'description': 'spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 04', - 'name': 'spcIndirectDataContext', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 4)}, - 'spcJavaClassData': {'comment': 'Microsoft code signing. Formerly "link extension" aka "glue extension"', - 'description': 'spcJavaClassData (type 1) (1 3 6 1 4 1 311 2 1 20)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 14', - 'name': 'spcJavaClassData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 20)}, - 'spcLink': {'comment': 'Microsoft code signing. Also known as "glue extension"', - 'description': 'spcLink (type 3) (1 3 6 1 4 1 311 2 1 28)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 1C', - 'name': 'spcLink', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 28)}, - 'spcMinimalCriteriaInfo': {'comment': 'Microsoft code signing', - 'description': 'spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 1A', - 'name': 'spcMinimalCriteriaInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 26)}, - 'spcPEImageData': {'comment': 'Microsoft code signing', - 'description': 'spcPEImageData (1 3 6 1 4 1 311 2 1 15)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0F', - 'name': 'spcPEImageData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 15)}, - 'spcRawFileData': {'comment': 'Microsoft code signing', - 'description': 'spcRawFileData (1 3 6 1 4 1 311 2 1 18)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 12', - 'name': 'spcRawFileData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 18)}, - 'spcSpOpusInfo': {'comment': 'Microsoft code signing', - 'description': 'spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0C', - 'name': 'spcSpOpusInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 12)}, - 'spcStatementType': {'comment': 'Microsoft code signing', - 'description': 'spcStatementType (1 3 6 1 4 1 311 2 1 11)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0B', - 'name': 'spcStatementType', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 11)}, - 'spcStructuredStorageData': {'comment': 'Microsoft code signing', - 'description': 'spcStructuredStorageData (1 3 6 1 4 1 311 2 1 19)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 13', - 'name': 'spcStructuredStorageData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 19)}, - 'sqModNISO': {'comment': 'Telesec one-way function', - 'description': 'sqModNISO (0 2 262 1 10 1 3 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 04', - 'name': 'sqModNISO', - 'oid': (0, 2, 262, 1, 10, 1, 3, 4)}, - 'sqModNX509': {'comment': 'Telesec one-way function', - 'description': 'sqModNX509 (0 2 262 1 10 1 3 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 03', - 'name': 'sqModNX509', - 'oid': (0, 2, 262, 1, 10, 1, 3, 3)}, - 'standardSecurityLabelPrivileges': {'comment': 'SDN.700 INFOSEC security category', - 'description': 'standardSecurityLabelPrivileges (2 16 840 1 101 2 1 8 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 08 02', - 'name': 'standardSecurityLabelPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 8, 2)}, - 'stateOrProvinceName': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'stateOrProvinceName (2 5 4 8)', - 'hexoid': '06 03 55 04 08', - 'name': 'stateOrProvinceName', - 'oid': (2, 5, 4, 8)}, - 'stefiles': {'comment': 'Telesec module', - 'description': 'stefiles (0 2 262 1 10 2 8)', - 'hexoid': '06 07 02 82 06 01 0A 02 08', - 'name': 'stefiles', - 'oid': (0, 2, 262, 1, 10, 2, 8)}, - 'steuerBerater': {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBerater (1 3 36 8 3 11 1 5)', - 'hexoid': '06 07 2B 24 08 03 0B 01 05', - 'name': 'steuerBerater', - 'oid': (1, 3, 36, 8, 3, 11, 1, 5)}, - 'steuerBeraterin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBeraterin (1 3 36 8 3 11 1 4)', - 'hexoid': '06 07 2B 24 08 03 0B 01 04', - 'name': 'steuerBeraterin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 4)}, - 'steuerBevollmaechtigte': {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBevollmaechtigte (1 3 36 8 3 11 1 6)', - 'hexoid': '06 07 2B 24 08 03 0B 01 06', - 'name': 'steuerBevollmaechtigte', - 'oid': (1, 3, 36, 8, 3, 11, 1, 6)}, - 'steuerBevollmaechtigter': {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBevollmaechtigter (1 3 36 8 3 11 1 7)', - 'hexoid': '06 07 2B 24 08 03 0B 01 07', - 'name': 'steuerBevollmaechtigter', - 'oid': (1, 3, 36, 8, 3, 11, 1, 7)}, - 'storageTime': {'comment': 'Teletrust signature attributes', - 'description': 'storageTime (1 3 36 8 6 6)', - 'hexoid': '06 05 2B 24 08 06 06', - 'name': 'storageTime', - 'oid': (1, 3, 36, 8, 6, 6)}, - 'streetAddress': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'streetAddress (2 5 4 9)', - 'hexoid': '06 03 55 04 09', - 'name': 'streetAddress', - 'oid': (2, 5, 4, 9)}, - 'strongAuthenticationUser': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'strongAuthenticationUser (2 5 6 15)', - 'hexoid': '06 03 55 06 0F', - 'name': 'strongAuthenticationUser', - 'oid': (2, 5, 6, 15)}, - 'strongExtranet': {'comment': 'Thawte certificate extension', - 'description': 'strongExtranet (1 3 101 1 4 1)', - 'hexoid': '06 05 2B 65 01 04 01', - 'name': 'strongExtranet', - 'oid': (1, 3, 101, 1, 4, 1)}, - 'subject': {'comment': 'Telesec attribute', - 'description': 'subject (0 2 262 1 10 7 10)', - 'hexoid': '06 07 02 82 06 01 0A 07 0A', - 'name': 'subject', - 'oid': (0, 2, 262, 1, 10, 7, 10)}, - 'subjectAltName': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'subjectAltName (2 5 29 17)', - 'hexoid': '06 03 55 1D 11', - 'name': 'subjectAltName', - 'oid': (2, 5, 29, 17)}, - 'subjectDirectoryAttributes': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'subjectDirectoryAttributes (2 5 29 9)', - 'hexoid': '06 03 55 1D 09', - 'name': 'subjectDirectoryAttributes', - 'oid': (2, 5, 29, 9)}, - 'subjectInfoAccess': {'comment': 'PKIX private extension', - 'description': 'subjectInfoAccess (1 3 6 1 5 5 7 1 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 0B', - 'name': 'subjectInfoAccess', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 11)}, - 'subjectKeyIdentifier': {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'subjectKeyIdentifier (2 5 29 14)', - 'hexoid': '06 03 55 1D 0E', - 'name': 'subjectKeyIdentifier', - 'oid': (2, 5, 29, 14)}, - 'suiteAConfidentialityAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0E', - 'name': 'suiteAConfidentialityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 14)}, - 'suiteAIntegrityAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0F', - 'name': 'suiteAIntegrityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 15)}, - 'suiteAKMandSigAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 12', - 'name': 'suiteAKMandSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 18)}, - 'suiteAKeyManagementAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 11', - 'name': 'suiteAKeyManagementAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 17)}, - 'suiteASignatureAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0D', - 'name': 'suiteASignatureAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 13)}, - 'suiteATokenProtectionAlgorithm': {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 10', - 'name': 'suiteATokenProtectionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 16)}, - 'suppLangTags': {'comment': 'PKIX CMP information', - 'description': 'suppLangTags (1 3 6 1 5 5 7 4 16)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 10', - 'name': 'suppLangTags', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 16)}, - 'supportedAlgorithms': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'supportedAlgorithms (2 5 4 52)', - 'hexoid': '06 03 55 04 34', - 'name': 'supportedAlgorithms', - 'oid': (2, 5, 4, 52)}, - 'supportedApplicationContext': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'supportedApplicationContext (2 5 4 30)', - 'hexoid': '06 03 55 04 1E', - 'name': 'supportedApplicationContext', - 'oid': (2, 5, 4, 30)}, - 'surname': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'surname (2 5 4 4)', - 'hexoid': '06 03 55 04 04', - 'name': 'surname', - 'oid': (2, 5, 4, 4)}, - 'symmetric-encryption-algorithm': {'comment': 'Mitsubishi security algorithm', - 'description': 'symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1)', - 'hexoid': '06 0A 2A 83 08 8C 9A 4B 3D 01 01 01', - 'name': 'symmetric-encryption-algorithm', - 'oid': (1, 2, 392, 200011, 61, 1, 1, 1)}, - 'symmetricKeyEntry': {'comment': 'Telesec object class', - 'description': 'symmetricKeyEntry (0 2 262 1 10 3 5)', - 'hexoid': '06 07 02 82 06 01 0A 03 05', - 'name': 'symmetricKeyEntry', - 'oid': (0, 2, 262, 1, 10, 3, 5)}, - 'symmetricKeyEntryName': {'comment': 'Telesec attribute', - 'description': 'symmetricKeyEntryName (0 2 262 1 10 7 35)', - 'hexoid': '06 07 02 82 06 01 0A 07 23', - 'name': 'symmetricKeyEntryName', - 'oid': (0, 2, 262, 1, 10, 7, 35)}, - 'systemHealth': {'comment': 'Microsoft extended key usage', - 'description': 'systemHealth (1 3 6 1 4 1 311 47 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 2F 01 01', - 'name': 'systemHealth', - 'oid': (1, 3, 6, 1, 4, 1, 311, 47, 1, 1)}, - 'systemHealthLoophole': {'comment': 'Microsoft extended key usage', - 'description': 'systemHealthLoophole (1 3 6 1 4 1 311 47 1 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 2F 01 03', - 'name': 'systemHealthLoophole', - 'oid': (1, 3, 6, 1, 4, 1, 311, 47, 1, 3)}, - 'tDTInfo': {'comment': 'S/MIME Content Types', - 'description': 'tDTInfo (1 2 840 113549 1 9 16 1 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 05', - 'name': 'tDTInfo', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 5)}, - 'tSTInfo': {'comment': 'S/MIME Content Types', - 'description': 'tSTInfo (1 2 840 113549 1 9 16 1 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 04', - 'name': 'tSTInfo', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1, 4)}, - 'tcp1': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tcp1 (2 16 840 1 101 2 1 12 1 1)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 01 01', - 'name': 'tcp1', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 1, 1)}, - 'telekomAuthentication': {'comment': 'Telesec authentication', - 'description': 'telekomAuthentication (0 2 262 1 10 1 0 8)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 08', - 'name': 'telekomAuthentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 8)}, - 'telephone': {'comment': 'SET field', - 'description': 'telephone (2 23 42 2 9)', - 'hexoid': '06 04 67 2A 02 09', - 'name': 'telephone', - 'oid': (2, 23, 42, 2, 9)}, - 'telephoneNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'telephoneNumber (2 5 4 20)', - 'hexoid': '06 03 55 04 14', - 'name': 'telephoneNumber', - 'oid': (2, 5, 4, 20)}, - 'telesecCRLFilterExt': {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecCRLFilterExt (0 2 262 1 10 12 5)', - 'hexoid': '06 07 02 82 06 01 0A 0C 05', - 'name': 'telesecCRLFilterExt', - 'oid': (0, 2, 262, 1, 10, 12, 5)}, - 'telesecCRLFilteredExt': {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecCRLFilteredExt (0 2 262 1 10 12 4)', - 'hexoid': '06 07 02 82 06 01 0A 0C 04', - 'name': 'telesecCRLFilteredExt', - 'oid': (0, 2, 262, 1, 10, 12, 4)}, - 'telesecCertIdExt': {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecCertIdExt (0 2 262 1 10 12 1)', - 'hexoid': '06 07 02 82 06 01 0A 0C 01', - 'name': 'telesecCertIdExt', - 'oid': (0, 2, 262, 1, 10, 12, 1)}, - 'telesecCertificate': {'comment': 'Telesec attribute', - 'description': 'telesecCertificate (0 2 262 1 10 7 2)', - 'hexoid': '06 07 02 82 06 01 0A 07 02', - 'name': 'telesecCertificate', - 'oid': (0, 2, 262, 1, 10, 7, 2)}, - 'telesecCertificateList': {'comment': 'Telesec attribute', - 'description': 'telesecCertificateList (0 2 262 1 10 7 21)', - 'hexoid': '06 07 02 82 06 01 0A 07 15', - 'name': 'telesecCertificateList', - 'oid': (0, 2, 262, 1, 10, 7, 21)}, - 'telesecGivenName': {'comment': 'Telesec attribute', - 'description': 'telesecGivenName (0 2 262 1 10 7 17)', - 'hexoid': '06 07 02 82 06 01 0A 07 11', - 'name': 'telesecGivenName', - 'oid': (0, 2, 262, 1, 10, 7, 17)}, - 'telesecNamingAuthorityExt': {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecNamingAuthorityExt (0 2 262 1 10 12 6)', - 'hexoid': '06 07 02 82 06 01 0A 0C 06', - 'name': 'telesecNamingAuthorityExt', - 'oid': (0, 2, 262, 1, 10, 12, 6)}, - 'telesecOtherName': {'comment': 'Telesec object class', - 'description': 'telesecOtherName (0 2 262 1 10 3 0)', - 'hexoid': '06 07 02 82 06 01 0A 03 00', - 'name': 'telesecOtherName', - 'oid': (0, 2, 262, 1, 10, 3, 0)}, - 'telesecPolicyQualifierID': {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecPolicyQualifierID (0 2 262 1 10 12 3)', - 'hexoid': '06 07 02 82 06 01 0A 0C 03', - 'name': 'telesecPolicyQualifierID', - 'oid': (0, 2, 262, 1, 10, 12, 3)}, - 'telesecPostalCode': {'comment': 'Telesec attribute', - 'description': 'telesecPostalCode (0 2 262 1 10 7 19)', - 'hexoid': '06 07 02 82 06 01 0A 07 13', - 'name': 'telesecPostalCode', - 'oid': (0, 2, 262, 1, 10, 7, 19)}, - 'telesecTtpAsymmetricApplication': {'comment': 'Telesec module', - 'description': 'telesecTtpAsymmetricApplication (0 2 262 1 10 2 11)', - 'hexoid': '06 07 02 82 06 01 0A 02 0B', - 'name': 'telesecTtpAsymmetricApplication', - 'oid': (0, 2, 262, 1, 10, 2, 11)}, - 'telesecTtpBasisApplication': {'comment': 'Telesec module', - 'description': 'telesecTtpBasisApplication (0 2 262 1 10 2 12)', - 'hexoid': '06 07 02 82 06 01 0A 02 0C', - 'name': 'telesecTtpBasisApplication', - 'oid': (0, 2, 262, 1, 10, 2, 12)}, - 'telesecTtpMessages': {'comment': 'Telesec module', - 'description': 'telesecTtpMessages (0 2 262 1 10 2 13)', - 'hexoid': '06 07 02 82 06 01 0A 02 0D', - 'name': 'telesecTtpMessages', - 'oid': (0, 2, 262, 1, 10, 2, 13)}, - 'telesecTtpTimeStampApplication': {'comment': 'Telesec module', - 'description': 'telesecTtpTimeStampApplication (0 2 262 1 10 2 14)', - 'hexoid': '06 07 02 82 06 01 0A 02 0E', - 'name': 'telesecTtpTimeStampApplication', - 'oid': (0, 2, 262, 1, 10, 2, 14)}, - 'teletexTerminalIdentifier': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'teletexTerminalIdentifier (2 5 4 22)', - 'hexoid': '06 03 55 04 16', - 'name': 'teletexTerminalIdentifier', - 'oid': (2, 5, 4, 22)}, - 'teletrustCertificateList': {'comment': 'Telesec attribute', - 'description': 'teletrustCertificateList (0 2 262 1 10 7 22)', - 'hexoid': '06 07 02 82 06 01 0A 07 16', - 'name': 'teletrustCertificateList', - 'oid': (0, 2, 262, 1, 10, 7, 22)}, - 'telexNumber': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'telexNumber (2 5 4 21)', - 'hexoid': '06 03 55 04 15', - 'name': 'telexNumber', - 'oid': (2, 5, 4, 21)}, - 'testSecurityPolicy': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'testSecurityPolicy (2 16 840 1 101 2 1 12 0)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0C 00', - 'name': 'testSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0)}, - 'textNotice': {'comment': 'PKIX policy qualifier', - 'description': 'textNotice (1 3 6 1 5 5 7 2 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 02 03', - 'name': 'textNotice', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2, 3)}, - 'thawte-ce': {'comment': 'Thawte', - 'description': 'thawte-ce (1 3 101 1 4)', - 'hexoid': '06 04 2B 65 01 04', - 'name': 'thawte-ce', - 'oid': (1, 3, 101, 1, 4)}, - 'threeWayX509Authentication': {'comment': 'Telesec authentication', - 'description': 'threeWayX509Authentication (0 2 262 1 10 1 0 5)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 05', - 'name': 'threeWayX509Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 5)}, - 'tiger': {'comment': 'GNU digest algorithm', - 'description': 'tiger (1 3 6 1 4 1 11591 12 2)', - 'hexoid': '06 09 2B 06 01 04 01 DA 47 0C 02', - 'name': 'tiger', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 12, 2)}, - 'timeOfIssue': {'comment': 'Telesec attribute', - 'description': 'timeOfIssue (0 2 262 1 10 7 24)', - 'hexoid': '06 07 02 82 06 01 0A 07 18', - 'name': 'timeOfIssue', - 'oid': (0, 2, 262, 1, 10, 7, 24)}, - 'timeOfRevocation': {'comment': 'Telesec attribute', - 'description': 'timeOfRevocation (0 2 262 1 10 7 11)', - 'hexoid': '06 07 02 82 06 01 0A 07 0B', - 'name': 'timeOfRevocation', - 'oid': (0, 2, 262, 1, 10, 7, 11)}, - 'timeOfRevocationGen': {'comment': 'Telesec attribute', - 'description': 'timeOfRevocationGen (0 2 262 1 10 7 51)', - 'hexoid': '06 07 02 82 06 01 0A 07 33', - 'name': 'timeOfRevocationGen', - 'oid': (0, 2, 262, 1, 10, 7, 51)}, - 'timeStampSigning': {'comment': 'Microsoft enhanced key usage', - 'description': 'timeStampSigning (1 3 6 1 4 1 311 10 3 2)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 02', - 'name': 'timeStampSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 2)}, - 'timeStampToken': {'comment': 'S/MIME Authenticated Attributes', - 'description': 'timeStampToken (1 2 840 113549 1 9 16 2 14)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0E', - 'name': 'timeStampToken', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2, 14)}, - 'timeStamping': {'comment': 'PKIX subject/authority info access descriptor', - 'description': 'timeStamping (1 3 6 1 5 5 7 48 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 03', - 'name': 'timeStamping', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 3)}, - 'timeproof': {'comment': 'enterprise', - 'description': 'timeproof (1 3 6 1 4 1 5472)', - 'hexoid': '06 07 2B 06 01 04 01 AA 60', - 'name': 'timeproof', - 'oid': (1, 3, 6, 1, 4, 1, 5472)}, - 'timestampRequest': {'comment': 'Microsoft code signing', - 'description': 'timestampRequest (1 3 6 1 4 1 311 3 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 03 02 01', - 'name': 'timestampRequest', - 'oid': (1, 3, 6, 1, 4, 1, 311, 3, 2, 1)}, - 'title': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'title (2 5 4 12)', - 'hexoid': '06 03 55 04 0C', - 'name': 'title', - 'oid': (2, 5, 4, 12)}, - 'titledWithOID': {'comment': 'Microsoft', - 'description': 'titledWithOID (1 2 840 113556 4 4)', - 'hexoid': '06 08 2A 86 48 86 F7 14 04 04', - 'name': 'titledWithOID', - 'oid': (1, 2, 840, 113556, 4, 4)}, - 'top': {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'top (2 5 6 0)', - 'hexoid': '06 03 55 06 00', - 'name': 'top', - 'oid': (2, 5, 6, 0)}, - 'tpBasis': {'comment': 'ANSI X9.62 field basis', - 'description': 'tpBasis (1 2 840 10045 1 2 3 2)', - 'hexoid': '06 09 2A 86 48 CE 3D 01 02 03 02', - 'name': 'tpBasis', - 'oid': (1, 2, 840, 10045, 1, 2, 3, 2)}, - 'transID': {'comment': 'Verisign PKCS #7 attribute', - 'description': 'transID (2 16 840 1 113733 1 9 7)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 07', - 'name': 'transID', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 7)}, - 'tsp1': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1 (2 16 840 1 101 2 1 12 0 1)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 00 01', - 'name': 'tsp1', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 1)}, - 'tsp1SecurityCategories': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1SecurityCategories (2 16 840 1 101 2 1 12 0 1 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 0C 00 01 00', - 'name': 'tsp1SecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0)}, - 'tsp1TagSetOne': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1TagSetOne (2 16 840 1 101 2 1 12 0 1 0 1)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 01 00 01', - 'name': 'tsp1TagSetOne', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0, 1)}, - 'tsp1TagSetTwo': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1TagSetTwo (2 16 840 1 101 2 1 12 0 1 0 2)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 01 00 02', - 'name': 'tsp1TagSetTwo', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0, 2)}, - 'tsp1TagSetZero': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1TagSetZero (2 16 840 1 101 2 1 12 0 1 0 0)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 01 00 00', - 'name': 'tsp1TagSetZero', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0, 0)}, - 'tsp2': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2 (2 16 840 1 101 2 1 12 0 2)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 00 02', - 'name': 'tsp2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 2)}, - 'tsp2SecurityCategories': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2SecurityCategories (2 16 840 1 101 2 1 12 0 2 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 0C 00 02 00', - 'name': 'tsp2SecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0)}, - 'tsp2TagSetOne': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2TagSetOne (2 16 840 1 101 2 1 12 0 2 0 1)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 02 00 01', - 'name': 'tsp2TagSetOne', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0, 1)}, - 'tsp2TagSetTwo': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2TagSetTwo (2 16 840 1 101 2 1 12 0 2 0 2)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 02 00 02', - 'name': 'tsp2TagSetTwo', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0, 2)}, - 'tsp2TagSetZero': {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2TagSetZero (2 16 840 1 101 2 1 12 0 2 0 0)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 02 00 00', - 'name': 'tsp2TagSetZero', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0, 0)}, - 'tss': {'comment': 'timeproof', - 'description': 'tss (1 3 6 1 4 1 5472 1)', - 'hexoid': '06 08 2B 06 01 04 01 AA 60 01', - 'name': 'tss', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1)}, - 'tss380': {'comment': 'timeproof TSS', - 'description': 'tss380 (1 3 6 1 4 1 5472 1 2)', - 'hexoid': '06 09 2B 06 01 04 01 AA 60 01 02', - 'name': 'tss380', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1, 2)}, - 'tss400': {'comment': 'timeproof TSS', - 'description': 'tss400 (1 3 6 1 4 1 5472 1 3)', - 'hexoid': '06 09 2B 06 01 04 01 AA 60 01 03', - 'name': 'tss400', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1, 3)}, - 'tss80': {'comment': 'timeproof TSS', - 'description': 'tss80 (1 3 6 1 4 1 5472 1 1)', - 'hexoid': '06 09 2B 06 01 04 01 AA 60 01 01', - 'name': 'tss80', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1, 1)}, - 'tunneling': {'comment': 'SET cert extension', - 'description': 'tunneling (2 23 42 7 4)', - 'hexoid': '06 04 67 2A 07 04', - 'name': 'tunneling', - 'oid': (2, 23, 42, 7, 4)}, - 'twoWayISO9798Authentication': {'comment': 'Telesec authentication', - 'description': 'twoWayISO9798Authentication (0 2 262 1 10 1 0 7)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 07', - 'name': 'twoWayISO9798Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 7)}, - 'twoWayX509Authentication': {'comment': 'Telesec authentication', - 'description': 'twoWayX509Authentication (0 2 262 1 10 1 0 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 04', - 'name': 'twoWayX509Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 4)}, - 'ukDemo': {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'ukDemo (2 16 840 1 101 2 1 11 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 01', - 'name': 'ukDemo', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 1)}, - 'uniqueIdentifier': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'uniqueIdentifier (2 5 4 45)', - 'hexoid': '06 03 55 04 2D', - 'name': 'uniqueIdentifier', - 'oid': (2, 5, 4, 45)}, - 'uniqueMember': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'uniqueMember (2 5 4 50)', - 'hexoid': '06 03 55 04 32', - 'name': 'uniqueMember', - 'oid': (2, 5, 4, 50)}, - 'universalPrincipalName': {'comment': 'Microsoft UPN', - 'description': 'universalPrincipalName (1 3 6 1 4 1 311 20 2 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 14 02 03', - 'name': 'universalPrincipalName', - 'oid': (1, 3, 6, 1, 4, 1, 311, 20, 2, 3)}, - 'unotice': {'comment': 'PKIX policy qualifier', - 'description': 'unotice (1 3 6 1 5 5 7 2 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 02 02', - 'name': 'unotice', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2, 2)}, - 'unstructuredAddress': {'comment': 'PKCS #9', - 'description': 'unstructuredAddress (1 2 840 113549 1 9 8)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 08', - 'name': 'unstructuredAddress', - 'oid': (1, 2, 840, 113549, 1, 9, 8)}, - 'unstructuredName': {'comment': 'PKCS #9', - 'description': 'unstructuredName (1 2 840 113549 1 9 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 02', - 'name': 'unstructuredName', - 'oid': (1, 2, 840, 113549, 1, 9, 2)}, - 'unsupportedOIDs': {'comment': 'PKIX CMP information', - 'description': 'unsupportedOIDs (1 3 6 1 5 5 7 4 7)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 07', - 'name': 'unsupportedOIDs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 7)}, - 'usDODClass2': {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass2 (2 16 840 1 101 2 1 11 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 02', - 'name': 'usDODClass2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 2)}, - 'usDODClass3': {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass3 (2 16 840 1 101 2 1 11 5)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 05', - 'name': 'usDODClass3', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 5)}, - 'usDODClass4': {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass4 (2 16 840 1 101 2 1 11 4)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 04', - 'name': 'usDODClass4', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 4)}, - 'usDODClass5': {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass5 (2 16 840 1 101 2 1 11 6)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 06', - 'name': 'usDODClass5', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 6)}, - 'usMediumPilot': {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usMediumPilot (2 16 840 1 101 2 1 11 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 03', - 'name': 'usMediumPilot', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 3)}, - 'usefulDefinitions': {'comment': 'Telesec module', - 'description': 'usefulDefinitions (0 2 262 1 10 2 7)', - 'hexoid': '06 07 02 82 06 01 0A 02 07', - 'name': 'usefulDefinitions', - 'oid': (0, 2, 262, 1, 10, 2, 7)}, - 'userCertificate': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'userCertificate (2 5 4 36)', - 'hexoid': '06 03 55 04 24', - 'name': 'userCertificate', - 'oid': (2, 5, 4, 36)}, - 'userGroup': {'comment': 'PKIX other name', - 'description': 'userGroup (1 3 6 1 5 5 7 8 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 08 02', - 'name': 'userGroup', - 'oid': (1, 3, 6, 1, 5, 5, 7, 8, 2)}, - 'userGroupReference': {'comment': 'Telesec attribute', - 'description': 'userGroupReference (0 2 262 1 10 7 12)', - 'hexoid': '06 07 02 82 06 01 0A 07 0C', - 'name': 'userGroupReference', - 'oid': (0, 2, 262, 1, 10, 7, 12)}, - 'userID': {'comment': 'Some oddball X.500 attribute collection', - 'description': 'userID (0 9 2342 19200300 100 1 1)', - 'hexoid': '06 0A 09 92 26 89 93 F2 2C 64 01 01', - 'name': 'userID', - 'oid': (0, 9, 2342, 19200300, 100, 1, 1)}, - 'userPassword': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'userPassword (2 5 4 35)', - 'hexoid': '06 03 55 04 23', - 'name': 'userPassword', - 'oid': (2, 5, 4, 35)}, - 'utf8Pairs': {'comment': 'PKIX CRMF registration control', - 'description': 'utf8Pairs (1 3 6 1 5 5 7 5 2 1)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 02 01', - 'name': 'utf8Pairs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 2, 1)}, - 'utimaco-api': {'comment': 'Teletrust API', - 'description': 'utimaco-api (1 3 36 6 1 1)', - 'hexoid': '06 05 2B 24 06 01 01', - 'name': 'utimaco-api', - 'oid': (1, 3, 36, 6, 1, 1)}, - 'validity': {'comment': 'Telesec attribute', - 'description': 'validity (0 2 262 1 10 7 13)', - 'hexoid': '06 07 02 82 06 01 0A 07 0D', - 'name': 'validity', - 'oid': (0, 2, 262, 1, 10, 7, 13)}, - 'validityModel': {'comment': 'TU Darmstadt ValidityModel', - 'description': 'validityModel (1 3 6 1 4 1 8301 3 5)', - 'hexoid': '06 09 2B 06 01 04 01 C0 6D 03 05', - 'name': 'validityModel', - 'oid': (1, 3, 6, 1, 4, 1, 8301, 3, 5)}, - 'validityModelChain': {'comment': 'TU Darmstadt ValidityModel', - 'description': 'validityModelChain (1 3 6 1 4 1 8301 3 5 1)', - 'hexoid': '06 0A 2B 06 01 04 01 C0 6D 03 05 01', - 'name': 'validityModelChain', - 'oid': (1, 3, 6, 1, 4, 1, 8301, 3, 5, 1)}, - 'validityModelShell': {'comment': 'ValidityModel', - 'description': 'validityModelShell (1 3 6 1 4 1 8301 3 5 2)', - 'hexoid': '06 0A 2B 06 01 04 01 C0 6D 03 05 02', - 'name': 'validityModelShell', - 'oid': (1, 3, 6, 1, 4, 1, 8301, 3, 5, 2)}, - 'vendor': {'comment': 'SET', - 'description': 'vendor (2 23 42 9)', - 'hexoid': '06 03 67 2A 09', - 'name': 'vendor', - 'oid': (2, 23, 42, 9)}, - 'vereidigteBuchprueferin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'vereidigteBuchprueferin (1 3 36 8 3 11 1 16)', - 'hexoid': '06 07 2B 24 08 03 0B 01 10', - 'name': 'vereidigteBuchprueferin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 16)}, - 'vereidigterBuchpruefer': {'comment': 'Teletrust ProfessionInfo', - 'description': 'vereidigterBuchpruefer (1 3 36 8 3 11 1 17)', - 'hexoid': '06 07 2B 24 08 03 0B 01 11', - 'name': 'vereidigterBuchpruefer', - 'oid': (1, 3, 36, 8, 3, 11, 1, 17)}, - 'verisignCPSv1notice': {'comment': 'Verisign policy (obsolete)', - 'description': 'verisignCPSv1notice (2 16 840 1 113733 1 7 1 1 1)', - 'hexoid': '06 0C 60 86 48 01 86 F8 45 01 07 01 01 01', - 'name': 'verisignCPSv1notice', - 'oid': (2, 16, 840, 1, 113733, 1, 7, 1, 1, 1)}, - 'verisignCPSv1nsi': {'comment': 'Verisign policy (obsolete)', - 'description': 'verisignCPSv1nsi (2 16 840 1 113733 1 7 1 1 2)', - 'hexoid': '06 0C 60 86 48 01 86 F8 45 01 07 01 01 02', - 'name': 'verisignCPSv1nsi', - 'oid': (2, 16, 840, 1, 113733, 1, 7, 1, 1, 2)}, - 'verisignCZAG': {'comment': 'Verisign extension', - 'description': 'verisignCZAG (2 16 840 1 113733 1 6 3)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 03', - 'name': 'verisignCZAG', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 3)}, - 'verisignInBox': {'comment': 'Verisign extension', - 'description': 'verisignInBox (2 16 840 1 113733 1 6 6)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 06', - 'name': 'verisignInBox', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 6)}, - 'wirtschaftsPruefer': {'comment': 'Teletrust ProfessionInfo', - 'description': 'wirtschaftsPruefer (1 3 36 8 3 11 1 15)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0F', - 'name': 'wirtschaftsPruefer', - 'oid': (1, 3, 36, 8, 3, 11, 1, 15)}, - 'wirtschaftsPrueferin': {'comment': 'Teletrust ProfessionInfo', - 'description': 'wirtschaftsPrueferin (1 3 36 8 3 11 1 14)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0E', - 'name': 'wirtschaftsPrueferin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 14)}, - 'wlanSSID': {'comment': 'PKIX key purpose', - 'description': 'wlanSSID (1 3 6 1 5 5 7 3 14)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0E', - 'name': 'wlanSSID', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 14)}, - 'wtlsTemplate': {'comment': 'PKIX CRMF registration control', - 'description': 'wtlsTemplate (1 3 6 1 5 5 7 5 1 8)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 08', - 'name': 'wtlsTemplate', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 8)}, - 'x121Address': {'comment': 'X.520 id-at (2 5 4)', - 'description': 'x121Address (2 5 4 24)', - 'hexoid': '06 03 55 04 18', - 'name': 'x121Address', - 'oid': (2, 5, 4, 24)}, - 'x509Certificate': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 16 01', - 'name': 'x509Certificate', - 'oid': (1, 2, 840, 113549, 1, 9, 22, 1)}, - 'x509CertificateList': {'comment': 'Telesec attribute', - 'description': 'x509CertificateList (0 2 262 1 10 7 23)', - 'hexoid': '06 07 02 82 06 01 0A 07 17', - 'name': 'x509CertificateList', - 'oid': (0, 2, 262, 1, 10, 7, 23)}, - 'x509Crl': {'comment': 'PKCS #9 via PKCS #12', - 'description': 'x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 17 01', - 'name': 'x509Crl', - 'oid': (1, 2, 840, 113549, 1, 9, 23, 1)}, - 'x9f1-cert-mgmt': {'comment': 'ANSI X9.57 module', - 'description': 'x9f1-cert-mgmt (1 2 840 10040 1 1)', - 'hexoid': '06 07 2A 86 48 CE 38 01 01', - 'name': 'x9f1-cert-mgmt', - 'oid': (1, 2, 840, 10040, 1, 1)}, - 'xYZZY': {'comment': 'cryptlib certificate policy', - 'description': 'xYZZY policyIdentifier (1 3 6 1 4 1 3029 88 89 90 90 89)', - 'hexoid': '06 0C 2B 06 01 04 01 97 55 58 59 5A 5A 59', - 'name': 'xYZZY', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 88, 89, 90, 90, 89)}, - 'yesnoTrustAttr': {'comment': 'Microsoft attribute', - 'description': 'yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 04 01', - 'name': 'yesnoTrustAttr', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 4, 1)}, - 'zKeyData': {'comment': 'Telesec attribute', - 'description': 'zKeyData (0 2 262 1 10 7 39)', - 'hexoid': '06 07 02 82 06 01 0A 07 27', - 'name': 'zKeyData', - 'oid': (0, 2, 262, 1, 10, 7, 39)}, - 'zert93': {'comment': 'Telesec attribute', - 'description': 'zert93 (0 2 262 1 10 7 14)', - 'hexoid': '06 07 02 82 06 01 0A 07 0E', - 'name': 'zert93', - 'oid': (0, 2, 262, 1, 10, 7, 14)}, - 'zlib': {'comment': 'S/MIME Algorithms', - 'description': 'zlib (1 2 840 113549 1 9 16 3 8)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 08', - 'name': 'zlib', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 3, 8)}} diff --git a/rpkid/rpki/POW/_oids.py b/rpkid/rpki/POW/_oids.py deleted file mode 100644 index e170236b..00000000 --- a/rpkid/rpki/POW/_oids.py +++ /dev/null @@ -1,8636 +0,0 @@ -data = {(0, 2, 262, 1, 10): {'comment': 'Deutsche Telekom', - 'description': 'Telesec (0 2 262 1 10)', - 'hexoid': '06 05 02 82 06 01 0A', - 'name': 'Telesec', - 'oid': (0, 2, 262, 1, 10)}, - (0, 2, 262, 1, 10, 0): {'comment': 'Telesec', - 'description': 'extension (0 2 262 1 10 0)', - 'hexoid': '06 06 02 82 06 01 0A 00', - 'name': 'extension', - 'oid': (0, 2, 262, 1, 10, 0)}, - (0, 2, 262, 1, 10, 1): {'comment': 'Telesec', - 'description': 'mechanism (0 2 262 1 10 1)', - 'hexoid': '06 06 02 82 06 01 0A 01', - 'name': 'mechanism', - 'oid': (0, 2, 262, 1, 10, 1)}, - (0, 2, 262, 1, 10, 1, 0): {'comment': 'Telesec mechanism', - 'description': 'authentication (0 2 262 1 10 1 0)', - 'hexoid': '06 07 02 82 06 01 0A 01 00', - 'name': 'authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0)}, - (0, 2, 262, 1, 10, 1, 0, 1): {'comment': 'Telesec authentication', - 'description': 'passwordAuthentication (0 2 262 1 10 1 0 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 01', - 'name': 'passwordAuthentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 1)}, - (0, 2, 262, 1, 10, 1, 0, 2): {'comment': 'Telesec authentication', - 'description': 'protectedPasswordAuthentication (0 2 262 1 10 1 0 2)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 02', - 'name': 'protectedPasswordAuthentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 2)}, - (0, 2, 262, 1, 10, 1, 0, 3): {'comment': 'Telesec authentication', - 'description': 'oneWayX509Authentication (0 2 262 1 10 1 0 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 03', - 'name': 'oneWayX509Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 3)}, - (0, 2, 262, 1, 10, 1, 0, 4): {'comment': 'Telesec authentication', - 'description': 'twoWayX509Authentication (0 2 262 1 10 1 0 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 04', - 'name': 'twoWayX509Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 4)}, - (0, 2, 262, 1, 10, 1, 0, 5): {'comment': 'Telesec authentication', - 'description': 'threeWayX509Authentication (0 2 262 1 10 1 0 5)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 05', - 'name': 'threeWayX509Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 5)}, - (0, 2, 262, 1, 10, 1, 0, 6): {'comment': 'Telesec authentication', - 'description': 'oneWayISO9798Authentication (0 2 262 1 10 1 0 6)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 06', - 'name': 'oneWayISO9798Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 6)}, - (0, 2, 262, 1, 10, 1, 0, 7): {'comment': 'Telesec authentication', - 'description': 'twoWayISO9798Authentication (0 2 262 1 10 1 0 7)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 07', - 'name': 'twoWayISO9798Authentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 7)}, - (0, 2, 262, 1, 10, 1, 0, 8): {'comment': 'Telesec authentication', - 'description': 'telekomAuthentication (0 2 262 1 10 1 0 8)', - 'hexoid': '06 08 02 82 06 01 0A 01 00 08', - 'name': 'telekomAuthentication', - 'oid': (0, 2, 262, 1, 10, 1, 0, 8)}, - (0, 2, 262, 1, 10, 1, 1): {'comment': 'Telesec mechanism', - 'description': 'signature (0 2 262 1 10 1 1)', - 'hexoid': '06 07 02 82 06 01 0A 01 01', - 'name': 'signature', - 'oid': (0, 2, 262, 1, 10, 1, 1)}, - (0, 2, 262, 1, 10, 1, 1, 1): {'comment': 'Telesec mechanism', - 'description': 'md4WithRSAAndISO9697 (0 2 262 1 10 1 1 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 01', - 'name': 'md4WithRSAAndISO9697', - 'oid': (0, 2, 262, 1, 10, 1, 1, 1)}, - (0, 2, 262, 1, 10, 1, 1, 2): {'comment': 'Telesec mechanism', - 'description': 'md4WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 2)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 02', - 'name': 'md4WithRSAAndTelesecSignatureStandard', - 'oid': (0, 2, 262, 1, 10, 1, 1, 2)}, - (0, 2, 262, 1, 10, 1, 1, 3): {'comment': 'Telesec mechanism', - 'description': 'md5WithRSAAndISO9697 (0 2 262 1 10 1 1 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 03', - 'name': 'md5WithRSAAndISO9697', - 'oid': (0, 2, 262, 1, 10, 1, 1, 3)}, - (0, 2, 262, 1, 10, 1, 1, 4): {'comment': 'Telesec mechanism', - 'description': 'md5WithRSAAndTelesecSignatureStandard (0 2 262 1 10 1 1 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 04', - 'name': 'md5WithRSAAndTelesecSignatureStandard', - 'oid': (0, 2, 262, 1, 10, 1, 1, 4)}, - (0, 2, 262, 1, 10, 1, 1, 5): {'comment': 'Telesec mechanism', - 'description': 'ripemd160WithRSAAndTelekomSignatureStandard (0 2 262 1 10 1 1 5)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 05', - 'name': 'ripemd160WithRSAAndTelekomSignatureStandard', - 'oid': (0, 2, 262, 1, 10, 1, 1, 5)}, - (0, 2, 262, 1, 10, 1, 1, 9): {'comment': 'Telesec signature', - 'description': 'hbciRsaSignature (0 2 262 1 10 1 1 9)', - 'hexoid': '06 08 02 82 06 01 0A 01 01 09', - 'name': 'hbciRsaSignature', - 'oid': (0, 2, 262, 1, 10, 1, 1, 9)}, - (0, 2, 262, 1, 10, 1, 2): {'comment': 'Telesec mechanism', - 'description': 'encryption (0 2 262 1 10 1 2)', - 'hexoid': '06 07 02 82 06 01 0A 01 02', - 'name': 'encryption', - 'oid': (0, 2, 262, 1, 10, 1, 2)}, - (0, 2, 262, 1, 10, 1, 2, 0): {'comment': 'Telesec encryption', - 'description': 'none (0 2 262 1 10 1 2 0)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 00', - 'name': 'none', - 'oid': (0, 2, 262, 1, 10, 1, 2, 0)}, - (0, 2, 262, 1, 10, 1, 2, 1): {'comment': 'Telesec encryption', - 'description': 'rsaTelesec (0 2 262 1 10 1 2 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 01', - 'name': 'rsaTelesec', - 'oid': (0, 2, 262, 1, 10, 1, 2, 1)}, - (0, 2, 262, 1, 10, 1, 2, 2): {'comment': 'Telesec encryption', - 'description': 'des (0 2 262 1 10 1 2 2)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 02', - 'name': 'des', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2)}, - (0, 2, 262, 1, 10, 1, 2, 2, 1): {'comment': 'Telesec encryption', - 'description': 'desECB (0 2 262 1 10 1 2 2 1)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 01', - 'name': 'desECB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 1)}, - (0, 2, 262, 1, 10, 1, 2, 2, 2): {'comment': 'Telesec encryption', - 'description': 'desCBC (0 2 262 1 10 1 2 2 2)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 02', - 'name': 'desCBC', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 2)}, - (0, 2, 262, 1, 10, 1, 2, 2, 3): {'comment': 'Telesec encryption', - 'description': 'desOFB (0 2 262 1 10 1 2 2 3)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 03', - 'name': 'desOFB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 3)}, - (0, 2, 262, 1, 10, 1, 2, 2, 4): {'comment': 'Telesec encryption', - 'description': 'desCFB8 (0 2 262 1 10 1 2 2 4)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 04', - 'name': 'desCFB8', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 4)}, - (0, 2, 262, 1, 10, 1, 2, 2, 5): {'comment': 'Telesec encryption', - 'description': 'desCFB64 (0 2 262 1 10 1 2 2 5)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 02 05', - 'name': 'desCFB64', - 'oid': (0, 2, 262, 1, 10, 1, 2, 2, 5)}, - (0, 2, 262, 1, 10, 1, 2, 3): {'comment': 'Telesec encryption', - 'description': 'des3 (0 2 262 1 10 1 2 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 03', - 'name': 'des3', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3)}, - (0, 2, 262, 1, 10, 1, 2, 3, 1): {'comment': 'Telesec encryption', - 'description': 'des3ECB (0 2 262 1 10 1 2 3 1)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 01', - 'name': 'des3ECB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 1)}, - (0, 2, 262, 1, 10, 1, 2, 3, 2): {'comment': 'Telesec encryption', - 'description': 'des3CBC (0 2 262 1 10 1 2 3 2)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 02', - 'name': 'des3CBC', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 2)}, - (0, 2, 262, 1, 10, 1, 2, 3, 3): {'comment': 'Telesec encryption', - 'description': 'des3OFB (0 2 262 1 10 1 2 3 3)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 03', - 'name': 'des3OFB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 3)}, - (0, 2, 262, 1, 10, 1, 2, 3, 4): {'comment': 'Telesec encryption', - 'description': 'des3CFB8 (0 2 262 1 10 1 2 3 4)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 04', - 'name': 'des3CFB8', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 4)}, - (0, 2, 262, 1, 10, 1, 2, 3, 5): {'comment': 'Telesec encryption', - 'description': 'des3CFB64 (0 2 262 1 10 1 2 3 5)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 03 05', - 'name': 'des3CFB64', - 'oid': (0, 2, 262, 1, 10, 1, 2, 3, 5)}, - (0, 2, 262, 1, 10, 1, 2, 4): {'comment': 'Telesec encryption', - 'description': 'magenta (0 2 262 1 10 1 2 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 04', - 'name': 'magenta', - 'oid': (0, 2, 262, 1, 10, 1, 2, 4)}, - (0, 2, 262, 1, 10, 1, 2, 5): {'comment': 'Telesec encryption', - 'description': 'idea (0 2 262 1 10 1 2 5)', - 'hexoid': '06 08 02 82 06 01 0A 01 02 05', - 'name': 'idea', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5)}, - (0, 2, 262, 1, 10, 1, 2, 5, 1): {'comment': 'Telesec encryption', - 'description': 'ideaECB (0 2 262 1 10 1 2 5 1)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 01', - 'name': 'ideaECB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 1)}, - (0, 2, 262, 1, 10, 1, 2, 5, 2): {'comment': 'Telesec encryption', - 'description': 'ideaCBC (0 2 262 1 10 1 2 5 2)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 02', - 'name': 'ideaCBC', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 2)}, - (0, 2, 262, 1, 10, 1, 2, 5, 3): {'comment': 'Telesec encryption', - 'description': 'ideaOFB (0 2 262 1 10 1 2 5 3)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 03', - 'name': 'ideaOFB', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 3)}, - (0, 2, 262, 1, 10, 1, 2, 5, 4): {'comment': 'Telesec encryption', - 'description': 'ideaCFB8 (0 2 262 1 10 1 2 5 4)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 04', - 'name': 'ideaCFB8', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 4)}, - (0, 2, 262, 1, 10, 1, 2, 5, 5): {'comment': 'Telesec encryption', - 'description': 'ideaCFB64 (0 2 262 1 10 1 2 5 5)', - 'hexoid': '06 09 02 82 06 01 0A 01 02 05 05', - 'name': 'ideaCFB64', - 'oid': (0, 2, 262, 1, 10, 1, 2, 5, 5)}, - (0, 2, 262, 1, 10, 1, 3): {'comment': 'Telesec mechanism', - 'description': 'oneWayFunction (0 2 262 1 10 1 3)', - 'hexoid': '06 07 02 82 06 01 0A 01 03', - 'name': 'oneWayFunction', - 'oid': (0, 2, 262, 1, 10, 1, 3)}, - (0, 2, 262, 1, 10, 1, 3, 1): {'comment': 'Telesec one-way function', - 'description': 'md4 (0 2 262 1 10 1 3 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 01', - 'name': 'md4', - 'oid': (0, 2, 262, 1, 10, 1, 3, 1)}, - (0, 2, 262, 1, 10, 1, 3, 2): {'comment': 'Telesec one-way function', - 'description': 'md5 (0 2 262 1 10 1 3 2)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 02', - 'name': 'md5', - 'oid': (0, 2, 262, 1, 10, 1, 3, 2)}, - (0, 2, 262, 1, 10, 1, 3, 3): {'comment': 'Telesec one-way function', - 'description': 'sqModNX509 (0 2 262 1 10 1 3 3)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 03', - 'name': 'sqModNX509', - 'oid': (0, 2, 262, 1, 10, 1, 3, 3)}, - (0, 2, 262, 1, 10, 1, 3, 4): {'comment': 'Telesec one-way function', - 'description': 'sqModNISO (0 2 262 1 10 1 3 4)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 04', - 'name': 'sqModNISO', - 'oid': (0, 2, 262, 1, 10, 1, 3, 4)}, - (0, 2, 262, 1, 10, 1, 3, 5): {'comment': 'Telesec one-way function', - 'description': 'ripemd128 (0 2 262 1 10 1 3 5)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 05', - 'name': 'ripemd128', - 'oid': (0, 2, 262, 1, 10, 1, 3, 5)}, - (0, 2, 262, 1, 10, 1, 3, 6): {'comment': 'Telesec one-way function', - 'description': 'hashUsingBlockCipher (0 2 262 1 10 1 3 6)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 06', - 'name': 'hashUsingBlockCipher', - 'oid': (0, 2, 262, 1, 10, 1, 3, 6)}, - (0, 2, 262, 1, 10, 1, 3, 7): {'comment': 'Telesec one-way function', - 'description': 'mac (0 2 262 1 10 1 3 7)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 07', - 'name': 'mac', - 'oid': (0, 2, 262, 1, 10, 1, 3, 7)}, - (0, 2, 262, 1, 10, 1, 3, 8): {'comment': 'Telesec one-way function', - 'description': 'ripemd160 (0 2 262 1 10 1 3 8)', - 'hexoid': '06 08 02 82 06 01 0A 01 03 08', - 'name': 'ripemd160', - 'oid': (0, 2, 262, 1, 10, 1, 3, 8)}, - (0, 2, 262, 1, 10, 1, 4): {'comment': 'Telesec mechanism', - 'description': 'fecFunction (0 2 262 1 10 1 4)', - 'hexoid': '06 07 02 82 06 01 0A 01 04', - 'name': 'fecFunction', - 'oid': (0, 2, 262, 1, 10, 1, 4)}, - (0, 2, 262, 1, 10, 1, 4, 1): {'comment': 'Telesec mechanism', - 'description': 'reedSolomon (0 2 262 1 10 1 4 1)', - 'hexoid': '06 08 02 82 06 01 0A 01 04 01', - 'name': 'reedSolomon', - 'oid': (0, 2, 262, 1, 10, 1, 4, 1)}, - (0, 2, 262, 1, 10, 2): {'comment': 'Telesec', - 'description': 'module (0 2 262 1 10 2)', - 'hexoid': '06 06 02 82 06 01 0A 02', - 'name': 'module', - 'oid': (0, 2, 262, 1, 10, 2)}, - (0, 2, 262, 1, 10, 2, 0): {'comment': 'Telesec module', - 'description': 'algorithms (0 2 262 1 10 2 0)', - 'hexoid': '06 07 02 82 06 01 0A 02 00', - 'name': 'algorithms', - 'oid': (0, 2, 262, 1, 10, 2, 0)}, - (0, 2, 262, 1, 10, 2, 1): {'comment': 'Telesec module', - 'description': 'attributeTypes (0 2 262 1 10 2 1)', - 'hexoid': '06 07 02 82 06 01 0A 02 01', - 'name': 'attributeTypes', - 'oid': (0, 2, 262, 1, 10, 2, 1)}, - (0, 2, 262, 1, 10, 2, 2): {'comment': 'Telesec module', - 'description': 'certificateTypes (0 2 262 1 10 2 2)', - 'hexoid': '06 07 02 82 06 01 0A 02 02', - 'name': 'certificateTypes', - 'oid': (0, 2, 262, 1, 10, 2, 2)}, - (0, 2, 262, 1, 10, 2, 3): {'comment': 'Telesec module', - 'description': 'messageTypes (0 2 262 1 10 2 3)', - 'hexoid': '06 07 02 82 06 01 0A 02 03', - 'name': 'messageTypes', - 'oid': (0, 2, 262, 1, 10, 2, 3)}, - (0, 2, 262, 1, 10, 2, 4): {'comment': 'Telesec module', - 'description': 'plProtocol (0 2 262 1 10 2 4)', - 'hexoid': '06 07 02 82 06 01 0A 02 04', - 'name': 'plProtocol', - 'oid': (0, 2, 262, 1, 10, 2, 4)}, - (0, 2, 262, 1, 10, 2, 5): {'comment': 'Telesec module', - 'description': 'smeAndComponentsOfSme (0 2 262 1 10 2 5)', - 'hexoid': '06 07 02 82 06 01 0A 02 05', - 'name': 'smeAndComponentsOfSme', - 'oid': (0, 2, 262, 1, 10, 2, 5)}, - (0, 2, 262, 1, 10, 2, 6): {'comment': 'Telesec module', - 'description': 'fec (0 2 262 1 10 2 6)', - 'hexoid': '06 07 02 82 06 01 0A 02 06', - 'name': 'fec', - 'oid': (0, 2, 262, 1, 10, 2, 6)}, - (0, 2, 262, 1, 10, 2, 7): {'comment': 'Telesec module', - 'description': 'usefulDefinitions (0 2 262 1 10 2 7)', - 'hexoid': '06 07 02 82 06 01 0A 02 07', - 'name': 'usefulDefinitions', - 'oid': (0, 2, 262, 1, 10, 2, 7)}, - (0, 2, 262, 1, 10, 2, 8): {'comment': 'Telesec module', - 'description': 'stefiles (0 2 262 1 10 2 8)', - 'hexoid': '06 07 02 82 06 01 0A 02 08', - 'name': 'stefiles', - 'oid': (0, 2, 262, 1, 10, 2, 8)}, - (0, 2, 262, 1, 10, 2, 9): {'comment': 'Telesec module', - 'description': 'sadmib (0 2 262 1 10 2 9)', - 'hexoid': '06 07 02 82 06 01 0A 02 09', - 'name': 'sadmib', - 'oid': (0, 2, 262, 1, 10, 2, 9)}, - (0, 2, 262, 1, 10, 2, 10): {'comment': 'Telesec module', - 'description': 'electronicOrder (0 2 262 1 10 2 10)', - 'hexoid': '06 07 02 82 06 01 0A 02 0A', - 'name': 'electronicOrder', - 'oid': (0, 2, 262, 1, 10, 2, 10)}, - (0, 2, 262, 1, 10, 2, 11): {'comment': 'Telesec module', - 'description': 'telesecTtpAsymmetricApplication (0 2 262 1 10 2 11)', - 'hexoid': '06 07 02 82 06 01 0A 02 0B', - 'name': 'telesecTtpAsymmetricApplication', - 'oid': (0, 2, 262, 1, 10, 2, 11)}, - (0, 2, 262, 1, 10, 2, 12): {'comment': 'Telesec module', - 'description': 'telesecTtpBasisApplication (0 2 262 1 10 2 12)', - 'hexoid': '06 07 02 82 06 01 0A 02 0C', - 'name': 'telesecTtpBasisApplication', - 'oid': (0, 2, 262, 1, 10, 2, 12)}, - (0, 2, 262, 1, 10, 2, 13): {'comment': 'Telesec module', - 'description': 'telesecTtpMessages (0 2 262 1 10 2 13)', - 'hexoid': '06 07 02 82 06 01 0A 02 0D', - 'name': 'telesecTtpMessages', - 'oid': (0, 2, 262, 1, 10, 2, 13)}, - (0, 2, 262, 1, 10, 2, 14): {'comment': 'Telesec module', - 'description': 'telesecTtpTimeStampApplication (0 2 262 1 10 2 14)', - 'hexoid': '06 07 02 82 06 01 0A 02 0E', - 'name': 'telesecTtpTimeStampApplication', - 'oid': (0, 2, 262, 1, 10, 2, 14)}, - (0, 2, 262, 1, 10, 3): {'comment': 'Telesec', - 'description': 'objectClass (0 2 262 1 10 3)', - 'hexoid': '06 06 02 82 06 01 0A 03', - 'name': 'objectClass', - 'oid': (0, 2, 262, 1, 10, 3)}, - (0, 2, 262, 1, 10, 3, 0): {'comment': 'Telesec object class', - 'description': 'telesecOtherName (0 2 262 1 10 3 0)', - 'hexoid': '06 07 02 82 06 01 0A 03 00', - 'name': 'telesecOtherName', - 'oid': (0, 2, 262, 1, 10, 3, 0)}, - (0, 2, 262, 1, 10, 3, 1): {'comment': 'Telesec object class', - 'description': 'directory (0 2 262 1 10 3 1)', - 'hexoid': '06 07 02 82 06 01 0A 03 01', - 'name': 'directory', - 'oid': (0, 2, 262, 1, 10, 3, 1)}, - (0, 2, 262, 1, 10, 3, 2): {'comment': 'Telesec object class', - 'description': 'directoryType (0 2 262 1 10 3 2)', - 'hexoid': '06 07 02 82 06 01 0A 03 02', - 'name': 'directoryType', - 'oid': (0, 2, 262, 1, 10, 3, 2)}, - (0, 2, 262, 1, 10, 3, 3): {'comment': 'Telesec object class', - 'description': 'directoryGroup (0 2 262 1 10 3 3)', - 'hexoid': '06 07 02 82 06 01 0A 03 03', - 'name': 'directoryGroup', - 'oid': (0, 2, 262, 1, 10, 3, 3)}, - (0, 2, 262, 1, 10, 3, 4): {'comment': 'Telesec object class', - 'description': 'directoryUser (0 2 262 1 10 3 4)', - 'hexoid': '06 07 02 82 06 01 0A 03 04', - 'name': 'directoryUser', - 'oid': (0, 2, 262, 1, 10, 3, 4)}, - (0, 2, 262, 1, 10, 3, 5): {'comment': 'Telesec object class', - 'description': 'symmetricKeyEntry (0 2 262 1 10 3 5)', - 'hexoid': '06 07 02 82 06 01 0A 03 05', - 'name': 'symmetricKeyEntry', - 'oid': (0, 2, 262, 1, 10, 3, 5)}, - (0, 2, 262, 1, 10, 4): {'comment': 'Telesec', - 'description': 'package (0 2 262 1 10 4)', - 'hexoid': '06 06 02 82 06 01 0A 04', - 'name': 'package', - 'oid': (0, 2, 262, 1, 10, 4)}, - (0, 2, 262, 1, 10, 5): {'comment': 'Telesec', - 'description': 'parameter (0 2 262 1 10 5)', - 'hexoid': '06 06 02 82 06 01 0A 05', - 'name': 'parameter', - 'oid': (0, 2, 262, 1, 10, 5)}, - (0, 2, 262, 1, 10, 6): {'comment': 'Telesec', - 'description': 'nameBinding (0 2 262 1 10 6)', - 'hexoid': '06 06 02 82 06 01 0A 06', - 'name': 'nameBinding', - 'oid': (0, 2, 262, 1, 10, 6)}, - (0, 2, 262, 1, 10, 7): {'comment': 'Telesec', - 'description': 'attribute (0 2 262 1 10 7)', - 'hexoid': '06 06 02 82 06 01 0A 07', - 'name': 'attribute', - 'oid': (0, 2, 262, 1, 10, 7)}, - (0, 2, 262, 1, 10, 7, 0): {'comment': 'Telesec attribute', - 'description': 'applicationGroupIdentifier (0 2 262 1 10 7 0)', - 'hexoid': '06 07 02 82 06 01 0A 07 00', - 'name': 'applicationGroupIdentifier', - 'oid': (0, 2, 262, 1, 10, 7, 0)}, - (0, 2, 262, 1, 10, 7, 1): {'comment': 'Telesec attribute', - 'description': 'certificateType (0 2 262 1 10 7 1)', - 'hexoid': '06 07 02 82 06 01 0A 07 01', - 'name': 'certificateType', - 'oid': (0, 2, 262, 1, 10, 7, 1)}, - (0, 2, 262, 1, 10, 7, 2): {'comment': 'Telesec attribute', - 'description': 'telesecCertificate (0 2 262 1 10 7 2)', - 'hexoid': '06 07 02 82 06 01 0A 07 02', - 'name': 'telesecCertificate', - 'oid': (0, 2, 262, 1, 10, 7, 2)}, - (0, 2, 262, 1, 10, 7, 3): {'comment': 'Telesec attribute', - 'description': 'certificateNumber (0 2 262 1 10 7 3)', - 'hexoid': '06 07 02 82 06 01 0A 07 03', - 'name': 'certificateNumber', - 'oid': (0, 2, 262, 1, 10, 7, 3)}, - (0, 2, 262, 1, 10, 7, 4): {'comment': 'Telesec attribute', - 'description': 'certificateRevocationList (0 2 262 1 10 7 4)', - 'hexoid': '06 07 02 82 06 01 0A 07 04', - 'name': 'certificateRevocationList', - 'oid': (0, 2, 262, 1, 10, 7, 4)}, - (0, 2, 262, 1, 10, 7, 5): {'comment': 'Telesec attribute', - 'description': 'creationDate (0 2 262 1 10 7 5)', - 'hexoid': '06 07 02 82 06 01 0A 07 05', - 'name': 'creationDate', - 'oid': (0, 2, 262, 1, 10, 7, 5)}, - (0, 2, 262, 1, 10, 7, 6): {'comment': 'Telesec attribute', - 'description': 'issuer (0 2 262 1 10 7 6)', - 'hexoid': '06 07 02 82 06 01 0A 07 06', - 'name': 'issuer', - 'oid': (0, 2, 262, 1, 10, 7, 6)}, - (0, 2, 262, 1, 10, 7, 7): {'comment': 'Telesec attribute', - 'description': 'namingAuthority (0 2 262 1 10 7 7)', - 'hexoid': '06 07 02 82 06 01 0A 07 07', - 'name': 'namingAuthority', - 'oid': (0, 2, 262, 1, 10, 7, 7)}, - (0, 2, 262, 1, 10, 7, 8): {'comment': 'Telesec attribute', - 'description': 'publicKeyDirectory (0 2 262 1 10 7 8)', - 'hexoid': '06 07 02 82 06 01 0A 07 08', - 'name': 'publicKeyDirectory', - 'oid': (0, 2, 262, 1, 10, 7, 8)}, - (0, 2, 262, 1, 10, 7, 9): {'comment': 'Telesec attribute', - 'description': 'securityDomain (0 2 262 1 10 7 9)', - 'hexoid': '06 07 02 82 06 01 0A 07 09', - 'name': 'securityDomain', - 'oid': (0, 2, 262, 1, 10, 7, 9)}, - (0, 2, 262, 1, 10, 7, 10): {'comment': 'Telesec attribute', - 'description': 'subject (0 2 262 1 10 7 10)', - 'hexoid': '06 07 02 82 06 01 0A 07 0A', - 'name': 'subject', - 'oid': (0, 2, 262, 1, 10, 7, 10)}, - (0, 2, 262, 1, 10, 7, 11): {'comment': 'Telesec attribute', - 'description': 'timeOfRevocation (0 2 262 1 10 7 11)', - 'hexoid': '06 07 02 82 06 01 0A 07 0B', - 'name': 'timeOfRevocation', - 'oid': (0, 2, 262, 1, 10, 7, 11)}, - (0, 2, 262, 1, 10, 7, 12): {'comment': 'Telesec attribute', - 'description': 'userGroupReference (0 2 262 1 10 7 12)', - 'hexoid': '06 07 02 82 06 01 0A 07 0C', - 'name': 'userGroupReference', - 'oid': (0, 2, 262, 1, 10, 7, 12)}, - (0, 2, 262, 1, 10, 7, 13): {'comment': 'Telesec attribute', - 'description': 'validity (0 2 262 1 10 7 13)', - 'hexoid': '06 07 02 82 06 01 0A 07 0D', - 'name': 'validity', - 'oid': (0, 2, 262, 1, 10, 7, 13)}, - (0, 2, 262, 1, 10, 7, 14): {'comment': 'Telesec attribute', - 'description': 'zert93 (0 2 262 1 10 7 14)', - 'hexoid': '06 07 02 82 06 01 0A 07 0E', - 'name': 'zert93', - 'oid': (0, 2, 262, 1, 10, 7, 14)}, - (0, 2, 262, 1, 10, 7, 15): {'comment': 'Telesec attribute', - 'description': 'securityMessEnv (0 2 262 1 10 7 15)', - 'hexoid': '06 07 02 82 06 01 0A 07 0F', - 'name': 'securityMessEnv', - 'oid': (0, 2, 262, 1, 10, 7, 15)}, - (0, 2, 262, 1, 10, 7, 16): {'comment': 'Telesec attribute', - 'description': 'anonymizedPublicKeyDirectory (0 2 262 1 10 7 16)', - 'hexoid': '06 07 02 82 06 01 0A 07 10', - 'name': 'anonymizedPublicKeyDirectory', - 'oid': (0, 2, 262, 1, 10, 7, 16)}, - (0, 2, 262, 1, 10, 7, 17): {'comment': 'Telesec attribute', - 'description': 'telesecGivenName (0 2 262 1 10 7 17)', - 'hexoid': '06 07 02 82 06 01 0A 07 11', - 'name': 'telesecGivenName', - 'oid': (0, 2, 262, 1, 10, 7, 17)}, - (0, 2, 262, 1, 10, 7, 18): {'comment': 'Telesec attribute', - 'description': 'nameAdditions (0 2 262 1 10 7 18)', - 'hexoid': '06 07 02 82 06 01 0A 07 12', - 'name': 'nameAdditions', - 'oid': (0, 2, 262, 1, 10, 7, 18)}, - (0, 2, 262, 1, 10, 7, 19): {'comment': 'Telesec attribute', - 'description': 'telesecPostalCode (0 2 262 1 10 7 19)', - 'hexoid': '06 07 02 82 06 01 0A 07 13', - 'name': 'telesecPostalCode', - 'oid': (0, 2, 262, 1, 10, 7, 19)}, - (0, 2, 262, 1, 10, 7, 20): {'comment': 'Telesec attribute', - 'description': 'nameDistinguisher (0 2 262 1 10 7 20)', - 'hexoid': '06 07 02 82 06 01 0A 07 14', - 'name': 'nameDistinguisher', - 'oid': (0, 2, 262, 1, 10, 7, 20)}, - (0, 2, 262, 1, 10, 7, 21): {'comment': 'Telesec attribute', - 'description': 'telesecCertificateList (0 2 262 1 10 7 21)', - 'hexoid': '06 07 02 82 06 01 0A 07 15', - 'name': 'telesecCertificateList', - 'oid': (0, 2, 262, 1, 10, 7, 21)}, - (0, 2, 262, 1, 10, 7, 22): {'comment': 'Telesec attribute', - 'description': 'teletrustCertificateList (0 2 262 1 10 7 22)', - 'hexoid': '06 07 02 82 06 01 0A 07 16', - 'name': 'teletrustCertificateList', - 'oid': (0, 2, 262, 1, 10, 7, 22)}, - (0, 2, 262, 1, 10, 7, 23): {'comment': 'Telesec attribute', - 'description': 'x509CertificateList (0 2 262 1 10 7 23)', - 'hexoid': '06 07 02 82 06 01 0A 07 17', - 'name': 'x509CertificateList', - 'oid': (0, 2, 262, 1, 10, 7, 23)}, - (0, 2, 262, 1, 10, 7, 24): {'comment': 'Telesec attribute', - 'description': 'timeOfIssue (0 2 262 1 10 7 24)', - 'hexoid': '06 07 02 82 06 01 0A 07 18', - 'name': 'timeOfIssue', - 'oid': (0, 2, 262, 1, 10, 7, 24)}, - (0, 2, 262, 1, 10, 7, 25): {'comment': 'Telesec attribute', - 'description': 'physicalCardNumber (0 2 262 1 10 7 25)', - 'hexoid': '06 07 02 82 06 01 0A 07 19', - 'name': 'physicalCardNumber', - 'oid': (0, 2, 262, 1, 10, 7, 25)}, - (0, 2, 262, 1, 10, 7, 26): {'comment': 'Telesec attribute', - 'description': 'fileType (0 2 262 1 10 7 26)', - 'hexoid': '06 07 02 82 06 01 0A 07 1A', - 'name': 'fileType', - 'oid': (0, 2, 262, 1, 10, 7, 26)}, - (0, 2, 262, 1, 10, 7, 27): {'comment': 'Telesec attribute', - 'description': 'ctlFileIsArchive (0 2 262 1 10 7 27)', - 'hexoid': '06 07 02 82 06 01 0A 07 1B', - 'name': 'ctlFileIsArchive', - 'oid': (0, 2, 262, 1, 10, 7, 27)}, - (0, 2, 262, 1, 10, 7, 28): {'comment': 'Telesec attribute', - 'description': 'emailAddress (0 2 262 1 10 7 28)', - 'hexoid': '06 07 02 82 06 01 0A 07 1C', - 'name': 'emailAddress', - 'oid': (0, 2, 262, 1, 10, 7, 28)}, - (0, 2, 262, 1, 10, 7, 29): {'comment': 'Telesec attribute', - 'description': 'certificateTemplateList (0 2 262 1 10 7 29)', - 'hexoid': '06 07 02 82 06 01 0A 07 1D', - 'name': 'certificateTemplateList', - 'oid': (0, 2, 262, 1, 10, 7, 29)}, - (0, 2, 262, 1, 10, 7, 30): {'comment': 'Telesec attribute', - 'description': 'directoryName (0 2 262 1 10 7 30)', - 'hexoid': '06 07 02 82 06 01 0A 07 1E', - 'name': 'directoryName', - 'oid': (0, 2, 262, 1, 10, 7, 30)}, - (0, 2, 262, 1, 10, 7, 31): {'comment': 'Telesec attribute', - 'description': 'directoryTypeName (0 2 262 1 10 7 31)', - 'hexoid': '06 07 02 82 06 01 0A 07 1F', - 'name': 'directoryTypeName', - 'oid': (0, 2, 262, 1, 10, 7, 31)}, - (0, 2, 262, 1, 10, 7, 32): {'comment': 'Telesec attribute', - 'description': 'directoryGroupName (0 2 262 1 10 7 32)', - 'hexoid': '06 07 02 82 06 01 0A 07 20', - 'name': 'directoryGroupName', - 'oid': (0, 2, 262, 1, 10, 7, 32)}, - (0, 2, 262, 1, 10, 7, 33): {'comment': 'Telesec attribute', - 'description': 'directoryUserName (0 2 262 1 10 7 33)', - 'hexoid': '06 07 02 82 06 01 0A 07 21', - 'name': 'directoryUserName', - 'oid': (0, 2, 262, 1, 10, 7, 33)}, - (0, 2, 262, 1, 10, 7, 34): {'comment': 'Telesec attribute', - 'description': 'revocationFlag (0 2 262 1 10 7 34)', - 'hexoid': '06 07 02 82 06 01 0A 07 22', - 'name': 'revocationFlag', - 'oid': (0, 2, 262, 1, 10, 7, 34)}, - (0, 2, 262, 1, 10, 7, 35): {'comment': 'Telesec attribute', - 'description': 'symmetricKeyEntryName (0 2 262 1 10 7 35)', - 'hexoid': '06 07 02 82 06 01 0A 07 23', - 'name': 'symmetricKeyEntryName', - 'oid': (0, 2, 262, 1, 10, 7, 35)}, - (0, 2, 262, 1, 10, 7, 36): {'comment': 'Telesec attribute', - 'description': 'glNumber (0 2 262 1 10 7 36)', - 'hexoid': '06 07 02 82 06 01 0A 07 24', - 'name': 'glNumber', - 'oid': (0, 2, 262, 1, 10, 7, 36)}, - (0, 2, 262, 1, 10, 7, 37): {'comment': 'Telesec attribute', - 'description': 'goNumber (0 2 262 1 10 7 37)', - 'hexoid': '06 07 02 82 06 01 0A 07 25', - 'name': 'goNumber', - 'oid': (0, 2, 262, 1, 10, 7, 37)}, - (0, 2, 262, 1, 10, 7, 38): {'comment': 'Telesec attribute', - 'description': 'gKeyData (0 2 262 1 10 7 38)', - 'hexoid': '06 07 02 82 06 01 0A 07 26', - 'name': 'gKeyData', - 'oid': (0, 2, 262, 1, 10, 7, 38)}, - (0, 2, 262, 1, 10, 7, 39): {'comment': 'Telesec attribute', - 'description': 'zKeyData (0 2 262 1 10 7 39)', - 'hexoid': '06 07 02 82 06 01 0A 07 27', - 'name': 'zKeyData', - 'oid': (0, 2, 262, 1, 10, 7, 39)}, - (0, 2, 262, 1, 10, 7, 40): {'comment': 'Telesec attribute', - 'description': 'ktKeyData (0 2 262 1 10 7 40)', - 'hexoid': '06 07 02 82 06 01 0A 07 28', - 'name': 'ktKeyData', - 'oid': (0, 2, 262, 1, 10, 7, 40)}, - (0, 2, 262, 1, 10, 7, 41): {'comment': 'Telesec attribute', - 'description': 'ktKeyNumber (0 2 262 1 10 7 41)', - 'hexoid': '06 07 02 82 06 01 0A 07 29', - 'name': 'ktKeyNumber', - 'oid': (0, 2, 262, 1, 10, 7, 41)}, - (0, 2, 262, 1, 10, 7, 51): {'comment': 'Telesec attribute', - 'description': 'timeOfRevocationGen (0 2 262 1 10 7 51)', - 'hexoid': '06 07 02 82 06 01 0A 07 33', - 'name': 'timeOfRevocationGen', - 'oid': (0, 2, 262, 1, 10, 7, 51)}, - (0, 2, 262, 1, 10, 7, 52): {'comment': 'Telesec attribute', - 'description': 'liabilityText (0 2 262 1 10 7 52)', - 'hexoid': '06 07 02 82 06 01 0A 07 34', - 'name': 'liabilityText', - 'oid': (0, 2, 262, 1, 10, 7, 52)}, - (0, 2, 262, 1, 10, 8): {'comment': 'Telesec', - 'description': 'attributeGroup (0 2 262 1 10 8)', - 'hexoid': '06 06 02 82 06 01 0A 08', - 'name': 'attributeGroup', - 'oid': (0, 2, 262, 1, 10, 8)}, - (0, 2, 262, 1, 10, 9): {'comment': 'Telesec', - 'description': 'action (0 2 262 1 10 9)', - 'hexoid': '06 06 02 82 06 01 0A 09', - 'name': 'action', - 'oid': (0, 2, 262, 1, 10, 9)}, - (0, 2, 262, 1, 10, 10): {'comment': 'Telesec', - 'description': 'notification (0 2 262 1 10 10)', - 'hexoid': '06 06 02 82 06 01 0A 0A', - 'name': 'notification', - 'oid': (0, 2, 262, 1, 10, 10)}, - (0, 2, 262, 1, 10, 11): {'comment': 'Telesec', - 'description': 'snmp-mibs (0 2 262 1 10 11)', - 'hexoid': '06 06 02 82 06 01 0A 0B', - 'name': 'snmp-mibs', - 'oid': (0, 2, 262, 1, 10, 11)}, - (0, 2, 262, 1, 10, 11, 1): {'comment': 'Telesec SNMP MIBs', - 'description': 'securityApplication (0 2 262 1 10 11 1)', - 'hexoid': '06 07 02 82 06 01 0A 0B 01', - 'name': 'securityApplication', - 'oid': (0, 2, 262, 1, 10, 11, 1)}, - (0, 2, 262, 1, 10, 12): {'comment': 'Telesec', - 'description': 'certAndCrlExtensionDefinitions (0 2 262 1 10 12)', - 'hexoid': '06 06 02 82 06 01 0A 0C', - 'name': 'certAndCrlExtensionDefinitions', - 'oid': (0, 2, 262, 1, 10, 12)}, - (0, 2, 262, 1, 10, 12, 0): {'comment': 'Telesec cert/CRL extension', - 'description': 'liabilityLimitationFlag (0 2 262 1 10 12 0)', - 'hexoid': '06 07 02 82 06 01 0A 0C 00', - 'name': 'liabilityLimitationFlag', - 'oid': (0, 2, 262, 1, 10, 12, 0)}, - (0, 2, 262, 1, 10, 12, 1): {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecCertIdExt (0 2 262 1 10 12 1)', - 'hexoid': '06 07 02 82 06 01 0A 0C 01', - 'name': 'telesecCertIdExt', - 'oid': (0, 2, 262, 1, 10, 12, 1)}, - (0, 2, 262, 1, 10, 12, 2): {'comment': 'Telesec cert/CRL extension', - 'description': 'Telesec policyIdentifier (0 2 262 1 10 12 2)', - 'hexoid': '06 07 02 82 06 01 0A 0C 02', - 'name': 'Telesec', - 'oid': (0, 2, 262, 1, 10, 12, 2)}, - (0, 2, 262, 1, 10, 12, 3): {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecPolicyQualifierID (0 2 262 1 10 12 3)', - 'hexoid': '06 07 02 82 06 01 0A 0C 03', - 'name': 'telesecPolicyQualifierID', - 'oid': (0, 2, 262, 1, 10, 12, 3)}, - (0, 2, 262, 1, 10, 12, 4): {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecCRLFilteredExt (0 2 262 1 10 12 4)', - 'hexoid': '06 07 02 82 06 01 0A 0C 04', - 'name': 'telesecCRLFilteredExt', - 'oid': (0, 2, 262, 1, 10, 12, 4)}, - (0, 2, 262, 1, 10, 12, 5): {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecCRLFilterExt (0 2 262 1 10 12 5)', - 'hexoid': '06 07 02 82 06 01 0A 0C 05', - 'name': 'telesecCRLFilterExt', - 'oid': (0, 2, 262, 1, 10, 12, 5)}, - (0, 2, 262, 1, 10, 12, 6): {'comment': 'Telesec cert/CRL extension', - 'description': 'telesecNamingAuthorityExt (0 2 262 1 10 12 6)', - 'hexoid': '06 07 02 82 06 01 0A 0C 06', - 'name': 'telesecNamingAuthorityExt', - 'oid': (0, 2, 262, 1, 10, 12, 6)}, - (0, 4, 0, 127, 0, 7): {'comment': 'BSI TR-03110/TR-03111', - 'description': 'bsi (0 4 0 127 0 7)', - 'hexoid': '06 05 04 00 7F 00 07', - 'name': 'bsi', - 'oid': (0, 4, 0, 127, 0, 7)}, - (0, 4, 0, 127, 0, 7, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiEcc (0 4 0 127 0 7 1)', - 'hexoid': '06 06 04 00 7F 00 07 01', - 'name': 'bsiEcc', - 'oid': (0, 4, 0, 127, 0, 7, 1)}, - (0, 4, 0, 127, 0, 7, 1, 1): {'comment': 'BSI TR-03111', - 'description': 'bsifieldType (0 4 0 127 0 7 1 1)', - 'hexoid': '06 07 04 00 7F 00 07 01 01', - 'name': 'bsifieldType', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1)}, - (0, 4, 0, 127, 0, 7, 1, 1, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiPrimeField (0 4 0 127 0 7 1 1 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 01 01', - 'name': 'bsiPrimeField', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 1)}, - (0, 4, 0, 127, 0, 7, 1, 1, 2): {'comment': 'BSI TR-03111', - 'description': 'bsiCharacteristicTwoField (0 4 0 127 0 7 1 1 2)', - 'hexoid': '06 08 04 00 7F 00 07 01 01 02', - 'name': 'bsiCharacteristicTwoField', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2)}, - (0, 4, 0, 127, 0, 7, 1, 1, 2, 3): {'comment': 'BSI TR-03111', - 'description': 'bsiCharacteristicTwoBasis (0 4 0 127 0 7 1 1 2 3)', - 'hexoid': '06 09 04 00 7F 00 07 01 01 02 03', - 'name': 'bsiCharacteristicTwoBasis', - 'oid': (0, 4, 0, 127, 0, 7, 1, 1, 2, 3)}, - (0, 4, 0, 127, 0, 7, 1, 1, 2, 3, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiGnBasis (0 4 0 127 0 7 1 1 2 3 1)', - 'hexoid': '06 0A 04 00 7F 00 07 01 01 02 03 01', - 'name': 'bsiGnBasis', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 1, - 1, - 2, - 3, - 1)}, - (0, 4, 0, 127, 0, 7, 1, 1, 2, 3, 2): {'comment': 'BSI TR-03111', - 'description': 'bsiTpBasis (0 4 0 127 0 7 1 1 2 3 2)', - 'hexoid': '06 0A 04 00 7F 00 07 01 01 02 03 02', - 'name': 'bsiTpBasis', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 1, - 1, - 2, - 3, - 2)}, - (0, 4, 0, 127, 0, 7, 1, 1, 2, 3, 3): {'comment': 'BSI TR-03111', - 'description': 'bsiPpBasis (0 4 0 127 0 7 1 1 2 3 3)', - 'hexoid': '06 0A 04 00 7F 00 07 01 01 02 03 03', - 'name': 'bsiPpBasis', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 1, - 1, - 2, - 3, - 3)}, - (0, 4, 0, 127, 0, 7, 1, 2): {'comment': 'BSI TR-03111', - 'description': 'bsiEcKeyType (0 4 0 127 0 7 1 2)', - 'hexoid': '06 07 04 00 7F 00 07 01 02', - 'name': 'bsiEcKeyType', - 'oid': (0, 4, 0, 127, 0, 7, 1, 2)}, - (0, 4, 0, 127, 0, 7, 1, 2, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiEcPublicKey (0 4 0 127 0 7 1 2 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 02 01', - 'name': 'bsiEcPublicKey', - 'oid': (0, 4, 0, 127, 0, 7, 1, 2, 1)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaSignatures (0 4 0 127 0 7 1 4 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 04 01', - 'name': 'bsiEcdsaSignatures', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA1 (0 4 0 127 0 7 1 4 1 1)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 01', - 'name': 'bsiEcdsaWithSHA1', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 1)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1, 2): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA224 (0 4 0 127 0 7 1 4 1 2)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 02', - 'name': 'bsiEcdsaWithSHA224', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 2)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1, 3): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA256 (0 4 0 127 0 7 1 4 1 3)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 03', - 'name': 'bsiEcdsaWithSHA256', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 3)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1, 4): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA384 (0 4 0 127 0 7 1 4 1 4)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 04', - 'name': 'bsiEcdsaWithSHA384', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 4)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1, 5): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithSHA512 (0 4 0 127 0 7 1 4 1 5)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 05', - 'name': 'bsiEcdsaWithSHA512', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 5)}, - (0, 4, 0, 127, 0, 7, 1, 4, 1, 6): {'comment': 'BSI TR-03111', - 'description': 'bsiEcdsaWithRIPEMD160 (0 4 0 127 0 7 1 4 1 6)', - 'hexoid': '06 09 04 00 7F 00 07 01 04 01 06', - 'name': 'bsiEcdsaWithRIPEMD160', - 'oid': (0, 4, 0, 127, 0, 7, 1, 4, 1, 6)}, - (0, 4, 0, 127, 0, 7, 1, 5, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiKaeg (0 4 0 127 0 7 1 5 1)', - 'hexoid': '06 08 04 00 7F 00 07 01 05 01', - 'name': 'bsiKaeg', - 'oid': (0, 4, 0, 127, 0, 7, 1, 5, 1)}, - (0, 4, 0, 127, 0, 7, 1, 5, 1, 1): {'comment': 'BSI TR-03111', - 'description': 'bsiKaegWithX963KDF (0 4 0 127 0 7 1 5 1 1)', - 'hexoid': '06 09 04 00 7F 00 07 01 05 01 01', - 'name': 'bsiKaegWithX963KDF', - 'oid': (0, 4, 0, 127, 0, 7, 1, 5, 1, 1)}, - (0, 4, 0, 127, 0, 7, 1, 5, 1, 2): {'comment': 'BSI TR-03111', - 'description': 'bsiKaegWith3DESKDF (0 4 0 127 0 7 1 5 1 2)', - 'hexoid': '06 09 04 00 7F 00 07 01 05 01 02', - 'name': 'bsiKaegWith3DESKDF', - 'oid': (0, 4, 0, 127, 0, 7, 1, 5, 1, 2)}, - (0, 4, 0, 127, 0, 7, 2, 2, 1): {'comment': 'BSI TR-03110', - 'description': 'bsiCA (0 4 0 127 0 7 2 2 1)', - 'hexoid': '06 08 04 00 7F 00 07 02 02 01', - 'name': 'bsiCA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 1)}, - (0, 4, 0, 127, 0, 7, 2, 2, 1, 1): {'comment': 'BSI TR-03110', - 'description': 'bsiCA_DH (0 4 0 127 0 7 2 2 1 1)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 01 01', - 'name': 'bsiCA_DH', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 1, 1)}, - (0, 4, 0, 127, 0, 7, 2, 2, 1, 2): {'comment': 'BSI TR-03110', - 'description': 'bsiCA_ECDH (0 4 0 127 0 7 2 2 1 2)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 01 02', - 'name': 'bsiCA_ECDH', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 1, 2)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2): {'comment': 'BSI TR-03110', - 'description': 'bsiTA (0 4 0 127 0 7 2 2 2)', - 'hexoid': '06 08 04 00 7F 00 07 02 02 02', - 'name': 'bsiTA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 1): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSA (0 4 0 127 0 7 2 2 2 1)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 02 01', - 'name': 'bsiTA_RSA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 1)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 1): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAv1_5_SHA1 (0 4 0 127 0 7 2 2 2 1 1)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 01', - 'name': 'bsiTA_RSAv1_5_SHA1', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 1, - 1)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 2): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAv1_5_SHA256 (0 4 0 127 0 7 2 2 2 1 2)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 02', - 'name': 'bsiTA_RSAv1_5_SHA256', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 1, - 2)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 3): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAPSS_SHA1 (0 4 0 127 0 7 2 2 2 1 3)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 03', - 'name': 'bsiTA_RSAPSS_SHA1', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 1, - 3)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 1, 4): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_RSAPSS_SHA256 (0 4 0 127 0 7 2 2 2 1 4)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 01 04', - 'name': 'bsiTA_RSAPSS_SHA256', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 1, - 4)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 2): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA (0 4 0 127 0 7 2 2 2 2)', - 'hexoid': '06 09 04 00 7F 00 07 02 02 02 02', - 'name': 'bsiTA_ECDSA', - 'oid': (0, 4, 0, 127, 0, 7, 2, 2, 2, 2)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 2, 1): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA_SHA1 (0 4 0 127 0 7 2 2 2 2 1)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 02 01', - 'name': 'bsiTA_ECDSA_SHA1', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 2, - 1)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 2, 2): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA_SHA224 (0 4 0 127 0 7 2 2 2 2 2)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 02 02', - 'name': 'bsiTA_ECDSA_SHA224', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 2, - 2)}, - (0, 4, 0, 127, 0, 7, 2, 2, 2, 2, 3): {'comment': 'BSI TR-03110', - 'description': 'bsiTA_ECDSA_SHA256 (0 4 0 127 0 7 2 2 2 2 3)', - 'hexoid': '06 0A 04 00 7F 00 07 02 02 02 02 03', - 'name': 'bsiTA_ECDSA_SHA256', - 'oid': (0, - 4, - 0, - 127, - 0, - 7, - 2, - 2, - 2, - 2, - 3)}, - (0, 4, 0, 127, 0, 7, 3, 1, 2): {'comment': 'BSI TR-03110', - 'description': 'bsiRoleEAC (0 4 0 127 0 7 3 1 2)', - 'hexoid': '06 08 04 00 7F 00 07 03 01 02', - 'name': 'bsiRoleEAC', - 'oid': (0, 4, 0, 127, 0, 7, 3, 1, 2)}, - (0, 4, 0, 1862): {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsProfile (0 4 0 1862)', - 'hexoid': '06 04 04 00 8E 46', - 'name': 'etsiQcsProfile', - 'oid': (0, 4, 0, 1862)}, - (0, 4, 0, 1862, 1): {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcs (0 4 0 1862 1)', - 'hexoid': '06 05 04 00 8E 46 01', - 'name': 'etsiQcs', - 'oid': (0, 4, 0, 1862, 1)}, - (0, 4, 0, 1862, 1, 1): {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsCompliance (0 4 0 1862 1 1)', - 'hexoid': '06 06 04 00 8E 46 01 01', - 'name': 'etsiQcsCompliance', - 'oid': (0, 4, 0, 1862, 1, 1)}, - (0, 4, 0, 1862, 1, 2): {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsLimitValue (0 4 0 1862 1 2)', - 'hexoid': '06 06 04 00 8E 46 01 02', - 'name': 'etsiQcsLimitValue', - 'oid': (0, 4, 0, 1862, 1, 2)}, - (0, 4, 0, 1862, 1, 3): {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsRetentionPeriod (0 4 0 1862 1 3)', - 'hexoid': '06 06 04 00 8E 46 01 03', - 'name': 'etsiQcsRetentionPeriod', - 'oid': (0, 4, 0, 1862, 1, 3)}, - (0, 4, 0, 1862, 1, 4): {'comment': 'ETSI TS 101 862 qualified certificates', - 'description': 'etsiQcsQcSSCD (0 4 0 1862 1 4)', - 'hexoid': '06 06 04 00 8E 46 01 04', - 'name': 'etsiQcsQcSSCD', - 'oid': (0, 4, 0, 1862, 1, 4)}, - (0, 9, 2342, 19200300, 100, 1, 1): {'comment': 'Some oddball X.500 attribute collection', - 'description': 'userID (0 9 2342 19200300 100 1 1)', - 'hexoid': '06 0A 09 92 26 89 93 F2 2C 64 01 01', - 'name': 'userID', - 'oid': (0, 9, 2342, 19200300, 100, 1, 1)}, - (0, 9, 2342, 19200300, 100, 1, 3): {'comment': 'Some oddball X.500 attribute collection', - 'description': 'rfc822Mailbox (0 9 2342 19200300 100 1 3)', - 'hexoid': '06 0A 09 92 26 89 93 F2 2C 64 01 03', - 'name': 'rfc822Mailbox', - 'oid': (0, 9, 2342, 19200300, 100, 1, 3)}, - (0, 9, 2342, 19200300, 100, 1, 25): {'comment': 'Men are from Mars, this OID is from Pluto', - 'description': 'domainComponent (0 9 2342 19200300 100 1 25)', - 'hexoid': '06 0A 09 92 26 89 93 F2 2C 64 01 19', - 'name': 'domainComponent', - 'oid': (0, - 9, - 2342, - 19200300, - 100, - 1, - 25)}, - (1, 2, 36, 1, 333, 1): {'comment': 'Australian Government corporate taxpayer ID', - 'description': 'australianBusinessNumber (1 2 36 1 333 1)', - 'hexoid': '06 06 2A 24 01 82 4D 01', - 'name': 'australianBusinessNumber', - 'oid': (1, 2, 36, 1, 333, 1)}, - (1, 2, 36, 68980861, 1, 1, 2): {'comment': 'Signet CA', - 'description': 'Signet personal (1 2 36 68980861 1 1 2)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 02', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 2)}, - (1, 2, 36, 68980861, 1, 1, 3): {'comment': 'Signet CA', - 'description': 'Signet business (1 2 36 68980861 1 1 3)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 03', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 3)}, - (1, 2, 36, 68980861, 1, 1, 4): {'comment': 'Signet CA', - 'description': 'Signet legal (1 2 36 68980861 1 1 4)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 04', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 4)}, - (1, 2, 36, 68980861, 1, 1, 10): {'comment': 'Signet CA', - 'description': 'Signet pilot (1 2 36 68980861 1 1 10)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 0A', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 10)}, - (1, 2, 36, 68980861, 1, 1, 11): {'comment': 'Signet CA', - 'description': 'Signet intraNet (1 2 36 68980861 1 1 11)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 0B', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 11)}, - (1, 2, 36, 68980861, 1, 1, 20): {'comment': 'Signet CA', - 'description': 'Signet policyIdentifier (1 2 36 68980861 1 1 20)', - 'hexoid': '06 09 2A 24 A0 F2 A0 7D 01 01 14', - 'name': 'Signet', - 'oid': (1, 2, 36, 68980861, 1, 1, 20)}, - (1, 2, 36, 75878867, 1, 100, 1, 1): {'comment': 'Certificates Australia CA', - 'description': 'Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1)', - 'hexoid': '06 0A 2A 24 A4 97 A3 53 01 64 01 01', - 'name': 'Certificates', - 'oid': (1, - 2, - 36, - 75878867, - 1, - 100, - 1, - 1)}, - (1, 2, 392, 200011, 61, 1, 1, 1): {'comment': 'Mitsubishi security algorithm', - 'description': 'symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1)', - 'hexoid': '06 0A 2A 83 08 8C 9A 4B 3D 01 01 01', - 'name': 'symmetric-encryption-algorithm', - 'oid': (1, 2, 392, 200011, 61, 1, 1, 1)}, - (1, 2, 392, 200011, 61, 1, 1, 1, 1): {'comment': 'Mitsubishi security algorithm', - 'description': 'misty1-cbc (1 2 392 200011 61 1 1 1 1)', - 'hexoid': '06 0B 2A 83 08 8C 9A 4B 3D 01 01 01 01', - 'name': 'misty1-cbc', - 'oid': (1, - 2, - 392, - 200011, - 61, - 1, - 1, - 1, - 1)}, - (1, 2, 752, 34, 1): {'comment': 'SEIS Project', - 'description': 'seis-cp (1 2 752 34 1)', - 'hexoid': '06 05 2A 85 70 22 01', - 'name': 'seis-cp', - 'oid': (1, 2, 752, 34, 1)}, - (1, 2, 752, 34, 1, 1): {'comment': 'SEIS Project certificate policies', - 'description': 'SEIS high-assurance policyIdentifier (1 2 752 34 1 1)', - 'hexoid': '06 06 2A 85 70 22 01 01', - 'name': 'SEIS', - 'oid': (1, 2, 752, 34, 1, 1)}, - (1, 2, 752, 34, 1, 2): {'comment': 'SEIS Project certificate policies', - 'description': 'SEIS GAK policyIdentifier (1 2 752 34 1 2)', - 'hexoid': '06 06 2A 85 70 22 01 02', - 'name': 'SEIS', - 'oid': (1, 2, 752, 34, 1, 2)}, - (1, 2, 752, 34, 2): {'comment': 'SEIS Project', - 'description': 'SEIS pe (1 2 752 34 2)', - 'hexoid': '06 05 2A 85 70 22 02', - 'name': 'SEIS', - 'oid': (1, 2, 752, 34, 2)}, - (1, 2, 752, 34, 3): {'comment': 'SEIS Project', - 'description': 'SEIS at (1 2 752 34 3)', - 'hexoid': '06 05 2A 85 70 22 03', - 'name': 'SEIS', - 'oid': (1, 2, 752, 34, 3)}, - (1, 2, 752, 34, 3, 1): {'comment': 'SEIS Project attribute', - 'description': 'SEIS at-personalIdentifier (1 2 752 34 3 1)', - 'hexoid': '06 06 2A 85 70 22 03 01', - 'name': 'SEIS', - 'oid': (1, 2, 752, 34, 3, 1)}, - (1, 2, 840, 10040, 1): {'comment': 'ANSI X9.57', - 'description': 'module (1 2 840 10040 1)', - 'hexoid': '06 06 2A 86 48 CE 38 01', - 'name': 'module', - 'oid': (1, 2, 840, 10040, 1)}, - (1, 2, 840, 10040, 1, 1): {'comment': 'ANSI X9.57 module', - 'description': 'x9f1-cert-mgmt (1 2 840 10040 1 1)', - 'hexoid': '06 07 2A 86 48 CE 38 01 01', - 'name': 'x9f1-cert-mgmt', - 'oid': (1, 2, 840, 10040, 1, 1)}, - (1, 2, 840, 10040, 2): {'comment': 'ANSI X9.57', - 'description': 'holdinstruction (1 2 840 10040 2)', - 'hexoid': '06 06 2A 86 48 CE 38 02', - 'name': 'holdinstruction', - 'oid': (1, 2, 840, 10040, 2)}, - (1, 2, 840, 10040, 2, 1): {'comment': 'ANSI X9.57 hold instruction', - 'description': 'holdinstruction-none (1 2 840 10040 2 1)', - 'hexoid': '06 07 2A 86 48 CE 38 02 01', - 'name': 'holdinstruction-none', - 'oid': (1, 2, 840, 10040, 2, 1)}, - (1, 2, 840, 10040, 2, 2): {'comment': 'ANSI X9.57 hold instruction', - 'description': 'callissuer (1 2 840 10040 2 2)', - 'hexoid': '06 07 2A 86 48 CE 38 02 02', - 'name': 'callissuer', - 'oid': (1, 2, 840, 10040, 2, 2)}, - (1, 2, 840, 10040, 2, 3): {'comment': 'ANSI X9.57 hold instruction', - 'description': 'reject (1 2 840 10040 2 3)', - 'hexoid': '06 07 2A 86 48 CE 38 02 03', - 'name': 'reject', - 'oid': (1, 2, 840, 10040, 2, 3)}, - (1, 2, 840, 10040, 2, 4): {'comment': 'ANSI X9.57 hold instruction', - 'description': 'pickupToken (1 2 840 10040 2 4)', - 'hexoid': '06 07 2A 86 48 CE 38 02 04', - 'name': 'pickupToken', - 'oid': (1, 2, 840, 10040, 2, 4)}, - (1, 2, 840, 10040, 3): {'comment': 'ANSI X9.57', - 'description': 'attribute (1 2 840 10040 3)', - 'hexoid': '06 06 2A 86 48 CE 38 03', - 'name': 'attribute', - 'oid': (1, 2, 840, 10040, 3)}, - (1, 2, 840, 10040, 3, 1): {'comment': 'ANSI X9.57 attribute', - 'description': 'countersignature (1 2 840 10040 3 1)', - 'hexoid': '06 07 2A 86 48 CE 38 03 01', - 'name': 'countersignature', - 'oid': (1, 2, 840, 10040, 3, 1)}, - (1, 2, 840, 10040, 3, 2): {'comment': 'ANSI X9.57 attribute', - 'description': 'attribute-cert (1 2 840 10040 3 2)', - 'hexoid': '06 07 2A 86 48 CE 38 03 02', - 'name': 'attribute-cert', - 'oid': (1, 2, 840, 10040, 3, 2)}, - (1, 2, 840, 10040, 4): {'comment': 'ANSI X9.57', - 'description': 'algorithm (1 2 840 10040 4)', - 'hexoid': '06 06 2A 86 48 CE 38 04', - 'name': 'algorithm', - 'oid': (1, 2, 840, 10040, 4)}, - (1, 2, 840, 10040, 4, 1): {'comment': 'ANSI X9.57 algorithm', - 'description': 'dsa (1 2 840 10040 4 1)', - 'hexoid': '06 07 2A 86 48 CE 38 04 01', - 'name': 'dsa', - 'oid': (1, 2, 840, 10040, 4, 1)}, - (1, 2, 840, 10040, 4, 2): {'comment': 'ANSI X9.57 algorithm', - 'description': 'dsa-match (1 2 840 10040 4 2)', - 'hexoid': '06 07 2A 86 48 CE 38 04 02', - 'name': 'dsa-match', - 'oid': (1, 2, 840, 10040, 4, 2)}, - (1, 2, 840, 10040, 4, 3): {'comment': 'ANSI X9.57 algorithm', - 'description': 'dsaWithSha1 (1 2 840 10040 4 3)', - 'hexoid': '06 07 2A 86 48 CE 38 04 03', - 'name': 'dsaWithSha1', - 'oid': (1, 2, 840, 10040, 4, 3)}, - (1, 2, 840, 10045, 1): {'comment': 'ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1', - 'description': 'fieldType (1 2 840 10045 1)', - 'hexoid': '06 06 2A 86 48 CE 3D 01', - 'name': 'fieldType', - 'oid': (1, 2, 840, 10045, 1)}, - (1, 2, 840, 10045, 1, 1): {'comment': 'ANSI X9.62 field type', - 'description': 'prime-field (1 2 840 10045 1 1)', - 'hexoid': '06 07 2A 86 48 CE 3D 01 01', - 'name': 'prime-field', - 'oid': (1, 2, 840, 10045, 1, 1)}, - (1, 2, 840, 10045, 1, 2): {'comment': 'ANSI X9.62 field type', - 'description': 'characteristic-two-field (1 2 840 10045 1 2)', - 'hexoid': '06 07 2A 86 48 CE 3D 01 02', - 'name': 'characteristic-two-field', - 'oid': (1, 2, 840, 10045, 1, 2)}, - (1, 2, 840, 10045, 1, 2, 3): {'comment': 'ANSI X9.62 field type', - 'description': 'characteristic-two-basis (1 2 840 10045 1 2 3)', - 'hexoid': '06 08 2A 86 48 CE 3D 01 02 03', - 'name': 'characteristic-two-basis', - 'oid': (1, 2, 840, 10045, 1, 2, 3)}, - (1, 2, 840, 10045, 1, 2, 3, 1): {'comment': 'ANSI X9.62 field basis', - 'description': 'onBasis (1 2 840 10045 1 2 3 1)', - 'hexoid': '06 09 2A 86 48 CE 3D 01 02 03 01', - 'name': 'onBasis', - 'oid': (1, 2, 840, 10045, 1, 2, 3, 1)}, - (1, 2, 840, 10045, 1, 2, 3, 2): {'comment': 'ANSI X9.62 field basis', - 'description': 'tpBasis (1 2 840 10045 1 2 3 2)', - 'hexoid': '06 09 2A 86 48 CE 3D 01 02 03 02', - 'name': 'tpBasis', - 'oid': (1, 2, 840, 10045, 1, 2, 3, 2)}, - (1, 2, 840, 10045, 1, 2, 3, 3): {'comment': 'ANSI X9.62 field basis', - 'description': 'ppBasis (1 2 840 10045 1 2 3 3)', - 'hexoid': '06 09 2A 86 48 CE 3D 01 02 03 03', - 'name': 'ppBasis', - 'oid': (1, 2, 840, 10045, 1, 2, 3, 3)}, - (1, 2, 840, 10045, 2): {'comment': 'ANSI X9.62', - 'description': 'publicKeyType (1 2 840 10045 2)', - 'hexoid': '06 06 2A 86 48 CE 3D 02', - 'name': 'publicKeyType', - 'oid': (1, 2, 840, 10045, 2)}, - (1, 2, 840, 10045, 2, 1): {'comment': 'ANSI X9.62 public key type', - 'description': 'ecPublicKey (1 2 840 10045 2 1)', - 'hexoid': '06 07 2A 86 48 CE 3D 02 01', - 'name': 'ecPublicKey', - 'oid': (1, 2, 840, 10045, 2, 1)}, - (1, 2, 840, 10045, 3, 0, 1): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb163v1 (1 2 840 10045 3 0 1)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 01', - 'name': 'c2pnb163v1', - 'oid': (1, 2, 840, 10045, 3, 0, 1)}, - (1, 2, 840, 10045, 3, 0, 2): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb163v2 (1 2 840 10045 3 0 2)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 02', - 'name': 'c2pnb163v2', - 'oid': (1, 2, 840, 10045, 3, 0, 2)}, - (1, 2, 840, 10045, 3, 0, 3): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb163v3 (1 2 840 10045 3 0 3)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 03', - 'name': 'c2pnb163v3', - 'oid': (1, 2, 840, 10045, 3, 0, 3)}, - (1, 2, 840, 10045, 3, 0, 5): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb191v1 (1 2 840 10045 3 0 5)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 05', - 'name': 'c2tnb191v1', - 'oid': (1, 2, 840, 10045, 3, 0, 5)}, - (1, 2, 840, 10045, 3, 0, 6): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb191v2 (1 2 840 10045 3 0 6)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 06', - 'name': 'c2tnb191v2', - 'oid': (1, 2, 840, 10045, 3, 0, 6)}, - (1, 2, 840, 10045, 3, 0, 7): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb191v3 (1 2 840 10045 3 0 7)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 07', - 'name': 'c2tnb191v3', - 'oid': (1, 2, 840, 10045, 3, 0, 7)}, - (1, 2, 840, 10045, 3, 0, 10): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb208w1 (1 2 840 10045 3 0 10)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0A', - 'name': 'c2pnb208w1', - 'oid': (1, 2, 840, 10045, 3, 0, 10)}, - (1, 2, 840, 10045, 3, 0, 11): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb239v1 (1 2 840 10045 3 0 11)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0B', - 'name': 'c2tnb239v1', - 'oid': (1, 2, 840, 10045, 3, 0, 11)}, - (1, 2, 840, 10045, 3, 0, 12): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb239v2 (1 2 840 10045 3 0 12)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0C', - 'name': 'c2tnb239v2', - 'oid': (1, 2, 840, 10045, 3, 0, 12)}, - (1, 2, 840, 10045, 3, 0, 13): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb239v3 (1 2 840 10045 3 0 13)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 0D', - 'name': 'c2tnb239v3', - 'oid': (1, 2, 840, 10045, 3, 0, 13)}, - (1, 2, 840, 10045, 3, 0, 16): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb272w1 (1 2 840 10045 3 0 16)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 10', - 'name': 'c2pnb272w1', - 'oid': (1, 2, 840, 10045, 3, 0, 16)}, - (1, 2, 840, 10045, 3, 0, 18): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb359v1 (1 2 840 10045 3 0 18)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 12', - 'name': 'c2tnb359v1', - 'oid': (1, 2, 840, 10045, 3, 0, 18)}, - (1, 2, 840, 10045, 3, 0, 19): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2pnb368w1 (1 2 840 10045 3 0 19)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 13', - 'name': 'c2pnb368w1', - 'oid': (1, 2, 840, 10045, 3, 0, 19)}, - (1, 2, 840, 10045, 3, 0, 20): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'c2tnb431r1 (1 2 840 10045 3 0 20)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 00 14', - 'name': 'c2tnb431r1', - 'oid': (1, 2, 840, 10045, 3, 0, 20)}, - (1, 2, 840, 10045, 3, 1, 1): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'ansiX9p192r1 (1 2 840 10045 3 1 1)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 01 01', - 'name': 'ansiX9p192r1', - 'oid': (1, 2, 840, 10045, 3, 1, 1)}, - (1, 2, 840, 10045, 3, 1, 1, 1): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime192v1 (1 2 840 10045 3 1 1 1)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 01', - 'name': 'prime192v1', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 1)}, - (1, 2, 840, 10045, 3, 1, 1, 2): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime192v2 (1 2 840 10045 3 1 1 2)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 02', - 'name': 'prime192v2', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 2)}, - (1, 2, 840, 10045, 3, 1, 1, 3): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime192v3 (1 2 840 10045 3 1 1 3)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 03', - 'name': 'prime192v3', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 3)}, - (1, 2, 840, 10045, 3, 1, 1, 4): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime239v1 (1 2 840 10045 3 1 1 4)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 04', - 'name': 'prime239v1', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 4)}, - (1, 2, 840, 10045, 3, 1, 1, 5): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime239v2 (1 2 840 10045 3 1 1 5)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 05', - 'name': 'prime239v2', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 5)}, - (1, 2, 840, 10045, 3, 1, 1, 6): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime239v3 (1 2 840 10045 3 1 1 6)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 06', - 'name': 'prime239v3', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 6)}, - (1, 2, 840, 10045, 3, 1, 1, 7): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'prime256v1 (1 2 840 10045 3 1 1 7)', - 'hexoid': '06 09 2A 86 48 CE 3D 03 01 01 07', - 'name': 'prime256v1', - 'oid': (1, 2, 840, 10045, 3, 1, 1, 7)}, - (1, 2, 840, 10045, 3, 1, 7): {'comment': 'ANSI X9.62 named elliptic curve', - 'description': 'ansiX9p256r1 (1 2 840 10045 3 1 7)', - 'hexoid': '06 08 2A 86 48 CE 3D 03 01 07', - 'name': 'ansiX9p256r1', - 'oid': (1, 2, 840, 10045, 3, 1, 7)}, - (1, 2, 840, 10045, 4, 1): {'comment': 'ANSI X9.62 ECDSA algorithm with SHA1', - 'description': 'ecdsaWithSHA1 (1 2 840 10045 4 1)', - 'hexoid': '06 07 2A 86 48 CE 3D 04 01', - 'name': 'ecdsaWithSHA1', - 'oid': (1, 2, 840, 10045, 4, 1)}, - (1, 2, 840, 10045, 4, 2): {'comment': 'ANSI X9.62 ECDSA algorithm with Recommended', - 'description': 'ecdsaWithRecommended (1 2 840 10045 4 2)', - 'hexoid': '06 07 2A 86 48 CE 3D 04 02', - 'name': 'ecdsaWithRecommended', - 'oid': (1, 2, 840, 10045, 4, 2)}, - (1, 2, 840, 10045, 4, 3): {'comment': 'ANSI X9.62 ECDSA algorithm with Specified', - 'description': 'ecdsaWithSpecified (1 2 840 10045 4 3)', - 'hexoid': '06 07 2A 86 48 CE 3D 04 03', - 'name': 'ecdsaWithSpecified', - 'oid': (1, 2, 840, 10045, 4, 3)}, - (1, 2, 840, 10045, 4, 3, 1): {'comment': 'ANSI X9.62 ECDSA algorithm with SHA224', - 'description': 'ecdsaWithSHA224 (1 2 840 10045 4 3 1)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 01', - 'name': 'ecdsaWithSHA224', - 'oid': (1, 2, 840, 10045, 4, 3, 1)}, - (1, 2, 840, 10045, 4, 3, 2): {'comment': 'ANSI X9.62 ECDSA algorithm with SHA256', - 'description': 'ecdsaWithSHA256 (1 2 840 10045 4 3 2)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 02', - 'name': 'ecdsaWithSHA256', - 'oid': (1, 2, 840, 10045, 4, 3, 2)}, - (1, 2, 840, 10045, 4, 3, 3): {'comment': 'ANSI X9.62 ECDSA algorithm with SHA384', - 'description': 'ecdsaWithSHA384 (1 2 840 10045 4 3 3)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 03', - 'name': 'ecdsaWithSHA384', - 'oid': (1, 2, 840, 10045, 4, 3, 3)}, - (1, 2, 840, 10045, 4, 3, 4): {'comment': 'ANSI X9.62 ECDSA algorithm with SHA512', - 'description': 'ecdsaWithSHA512 (1 2 840 10045 4 3 4)', - 'hexoid': '06 08 2A 86 48 CE 3D 04 03 04', - 'name': 'ecdsaWithSHA512', - 'oid': (1, 2, 840, 10045, 4, 3, 4)}, - (1, 2, 840, 10046, 1): {'comment': 'ANSI X9.42', - 'description': 'fieldType (1 2 840 10046 1)', - 'hexoid': '06 06 2A 86 48 CE 3E 01', - 'name': 'fieldType', - 'oid': (1, 2, 840, 10046, 1)}, - (1, 2, 840, 10046, 1, 1): {'comment': 'ANSI X9.42 field type', - 'description': 'gf-prime (1 2 840 10046 1 1)', - 'hexoid': '06 07 2A 86 48 CE 3E 01 01', - 'name': 'gf-prime', - 'oid': (1, 2, 840, 10046, 1, 1)}, - (1, 2, 840, 10046, 2): {'comment': 'ANSI X9.42', - 'description': 'numberType (1 2 840 10046 2)', - 'hexoid': '06 06 2A 86 48 CE 3E 02', - 'name': 'numberType', - 'oid': (1, 2, 840, 10046, 2)}, - (1, 2, 840, 10046, 2, 1): {'comment': 'ANSI X9.42 number type', - 'description': 'dhPublicKey (1 2 840 10046 2 1)', - 'hexoid': '06 07 2A 86 48 CE 3E 02 01', - 'name': 'dhPublicKey', - 'oid': (1, 2, 840, 10046, 2, 1)}, - (1, 2, 840, 10046, 3): {'comment': 'ANSI X9.42', - 'description': 'scheme (1 2 840 10046 3)', - 'hexoid': '06 06 2A 86 48 CE 3E 03', - 'name': 'scheme', - 'oid': (1, 2, 840, 10046, 3)}, - (1, 2, 840, 10046, 3, 1): {'comment': 'ANSI X9.42 scheme', - 'description': 'dhStatic (1 2 840 10046 3 1)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 01', - 'name': 'dhStatic', - 'oid': (1, 2, 840, 10046, 3, 1)}, - (1, 2, 840, 10046, 3, 2): {'comment': 'ANSI X9.42 scheme', - 'description': 'dhEphem (1 2 840 10046 3 2)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 02', - 'name': 'dhEphem', - 'oid': (1, 2, 840, 10046, 3, 2)}, - (1, 2, 840, 10046, 3, 3): {'comment': 'ANSI X9.42 scheme', - 'description': 'dhHybrid1 (1 2 840 10046 3 3)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 03', - 'name': 'dhHybrid1', - 'oid': (1, 2, 840, 10046, 3, 3)}, - (1, 2, 840, 10046, 3, 4): {'comment': 'ANSI X9.42 scheme', - 'description': 'dhHybrid2 (1 2 840 10046 3 4)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 04', - 'name': 'dhHybrid2', - 'oid': (1, 2, 840, 10046, 3, 4)}, - (1, 2, 840, 10046, 3, 5): {'comment': 'ANSI X9.42 scheme', - 'description': 'mqv2 (1 2 840 10046 3 5)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 05', - 'name': 'mqv2', - 'oid': (1, 2, 840, 10046, 3, 5)}, - (1, 2, 840, 10046, 3, 6): {'comment': 'ANSI X9.42 scheme', - 'description': 'mqv1 (1 2 840 10046 3 6)', - 'hexoid': '06 07 2A 86 48 CE 3E 03 06', - 'name': 'mqv1', - 'oid': (1, 2, 840, 10046, 3, 6)}, - (1, 2, 840, 10065, 2, 2): {'comment': 'ASTM 31.20', - 'description': '? (1 2 840 10065 2 2)', - 'hexoid': '06 07 2A 86 48 CE 51 02 02', - 'name': '?', - 'oid': (1, 2, 840, 10065, 2, 2)}, - (1, 2, 840, 10065, 2, 3): {'comment': 'ASTM 31.20', - 'description': 'healthcareLicense (1 2 840 10065 2 3)', - 'hexoid': '06 07 2A 86 48 CE 51 02 03', - 'name': 'healthcareLicense', - 'oid': (1, 2, 840, 10065, 2, 3)}, - (1, 2, 840, 10065, 2, 3, 1, 1): {'comment': 'ASTM 31.20 healthcare license type', - 'description': 'license? (1 2 840 10065 2 3 1 1)', - 'hexoid': '06 09 2A 86 48 CE 51 02 03 01 01', - 'name': 'license?', - 'oid': (1, 2, 840, 10065, 2, 3, 1, 1)}, - (1, 2, 840, 113533, 7): {'description': 'nsn (1 2 840 113533 7)', - 'hexoid': '06 07 2A 86 48 86 F6 7D 07', - 'name': 'nsn', - 'oid': (1, 2, 840, 113533, 7)}, - (1, 2, 840, 113533, 7, 65): {'description': 'nsn-ce (1 2 840 113533 7 65)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 41', - 'name': 'nsn-ce', - 'oid': (1, 2, 840, 113533, 7, 65)}, - (1, 2, 840, 113533, 7, 65, 0): {'comment': 'Nortel Secure Networks ce', - 'description': 'entrustVersInfo (1 2 840 113533 7 65 0)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 41 00', - 'name': 'entrustVersInfo', - 'oid': (1, 2, 840, 113533, 7, 65, 0)}, - (1, 2, 840, 113533, 7, 66): {'description': 'nsn-alg (1 2 840 113533 7 66)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 42', - 'name': 'nsn-alg', - 'oid': (1, 2, 840, 113533, 7, 66)}, - (1, 2, 840, 113533, 7, 66, 3): {'comment': 'Nortel Secure Networks alg', - 'description': 'cast3CBC (1 2 840 113533 7 66 3)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 03', - 'name': 'cast3CBC', - 'oid': (1, 2, 840, 113533, 7, 66, 3)}, - (1, 2, 840, 113533, 7, 66, 10): {'comment': 'Nortel Secure Networks alg', - 'description': 'cast5CBC (1 2 840 113533 7 66 10)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0A', - 'name': 'cast5CBC', - 'oid': (1, 2, 840, 113533, 7, 66, 10)}, - (1, 2, 840, 113533, 7, 66, 11): {'comment': 'Nortel Secure Networks alg', - 'description': 'cast5MAC (1 2 840 113533 7 66 11)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0B', - 'name': 'cast5MAC', - 'oid': (1, 2, 840, 113533, 7, 66, 11)}, - (1, 2, 840, 113533, 7, 66, 12): {'comment': 'Nortel Secure Networks alg', - 'description': 'pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0C', - 'name': 'pbeWithMD5AndCAST5-CBC', - 'oid': (1, 2, 840, 113533, 7, 66, 12)}, - (1, 2, 840, 113533, 7, 66, 13): {'comment': 'Nortel Secure Networks alg', - 'description': 'passwordBasedMac (1 2 840 113533 7 66 13)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 42 0D', - 'name': 'passwordBasedMac', - 'oid': (1, 2, 840, 113533, 7, 66, 13)}, - (1, 2, 840, 113533, 7, 67): {'description': 'nsn-oc (1 2 840 113533 7 67)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 43', - 'name': 'nsn-oc', - 'oid': (1, 2, 840, 113533, 7, 67)}, - (1, 2, 840, 113533, 7, 67, 0): {'comment': 'Nortel Secure Networks oc', - 'description': 'entrustUser (1 2 840 113533 7 67 0)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 43 00', - 'name': 'entrustUser', - 'oid': (1, 2, 840, 113533, 7, 67, 0)}, - (1, 2, 840, 113533, 7, 68): {'description': 'nsn-at (1 2 840 113533 7 68)', - 'hexoid': '06 08 2A 86 48 86 F6 7D 07 44', - 'name': 'nsn-at', - 'oid': (1, 2, 840, 113533, 7, 68)}, - (1, 2, 840, 113533, 7, 68, 0): {'comment': 'Nortel Secure Networks at', - 'description': 'entrustCAInfo (1 2 840 113533 7 68 0)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 44 00', - 'name': 'entrustCAInfo', - 'oid': (1, 2, 840, 113533, 7, 68, 0)}, - (1, 2, 840, 113533, 7, 68, 10): {'comment': 'Nortel Secure Networks at', - 'description': 'attributeCertificate (1 2 840 113533 7 68 10)', - 'hexoid': '06 09 2A 86 48 86 F6 7D 07 44 0A', - 'name': 'attributeCertificate', - 'oid': (1, 2, 840, 113533, 7, 68, 10)}, - (1, 2, 840, 113549, 1, 1): {'description': 'pkcs-1 (1 2 840 113549 1 1)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 01', - 'name': 'pkcs-1', - 'oid': (1, 2, 840, 113549, 1, 1)}, - (1, 2, 840, 113549, 1, 1, 1): {'comment': 'PKCS #1', - 'description': 'rsaEncryption (1 2 840 113549 1 1 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 01', - 'name': 'rsaEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 1)}, - (1, 2, 840, 113549, 1, 1, 2): {'comment': 'PKCS #1', - 'description': 'md2withRSAEncryption (1 2 840 113549 1 1 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 02', - 'name': 'md2withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 2)}, - (1, 2, 840, 113549, 1, 1, 3): {'comment': 'PKCS #1', - 'description': 'md4withRSAEncryption (1 2 840 113549 1 1 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 03', - 'name': 'md4withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 3)}, - (1, 2, 840, 113549, 1, 1, 4): {'comment': 'PKCS #1', - 'description': 'md5withRSAEncryption (1 2 840 113549 1 1 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 04', - 'name': 'md5withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 4)}, - (1, 2, 840, 113549, 1, 1, 5): {'comment': 'PKCS #1', - 'description': 'sha1withRSAEncryption (1 2 840 113549 1 1 5)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 05', - 'name': 'sha1withRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 5)}, - (1, 2, 840, 113549, 1, 1, 6): {'comment': 'PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption', - 'description': 'rsaOAEPEncryptionSET (1 2 840 113549 1 1 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 06', - 'name': 'rsaOAEPEncryptionSET', - 'oid': (1, 2, 840, 113549, 1, 1, 6)}, - (1, 2, 840, 113549, 1, 1, 7): {'comment': 'PKCS #1', - 'description': 'rsaOAEP (1 2 840 113549 1 1 7)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 07', - 'name': 'rsaOAEP', - 'oid': (1, 2, 840, 113549, 1, 1, 7)}, - (1, 2, 840, 113549, 1, 1, 8): {'comment': 'PKCS #1', - 'description': 'pkcs1-MGF (1 2 840 113549 1 1 8)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 08', - 'name': 'pkcs1-MGF', - 'oid': (1, 2, 840, 113549, 1, 1, 8)}, - (1, 2, 840, 113549, 1, 1, 9): {'comment': 'PKCS #1', - 'description': 'rsaOAEP-pSpecified (1 2 840 113549 1 1 9)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 09', - 'name': 'rsaOAEP-pSpecified', - 'oid': (1, 2, 840, 113549, 1, 1, 9)}, - (1, 2, 840, 113549, 1, 1, 10): {'comment': 'PKCS #1', - 'description': 'rsaPSS (1 2 840 113549 1 1 10)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0A', - 'name': 'rsaPSS', - 'oid': (1, 2, 840, 113549, 1, 1, 10)}, - (1, 2, 840, 113549, 1, 1, 11): {'comment': 'PKCS #1', - 'description': 'sha256WithRSAEncryption (1 2 840 113549 1 1 11)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0B', - 'name': 'sha256WithRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 11)}, - (1, 2, 840, 113549, 1, 1, 12): {'comment': 'PKCS #1', - 'description': 'sha384WithRSAEncryption (1 2 840 113549 1 1 12)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0C', - 'name': 'sha384WithRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 12)}, - (1, 2, 840, 113549, 1, 1, 13): {'comment': 'PKCS #1', - 'description': 'sha512WithRSAEncryption (1 2 840 113549 1 1 13)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 01 0D', - 'name': 'sha512WithRSAEncryption', - 'oid': (1, 2, 840, 113549, 1, 1, 13)}, - (1, 2, 840, 113549, 1, 3): {'description': 'pkcs-3 (1 2 840 113549 1 3)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 03', - 'name': 'pkcs-3', - 'oid': (1, 2, 840, 113549, 1, 3)}, - (1, 2, 840, 113549, 1, 3, 1): {'comment': 'PKCS #3', - 'description': 'dhKeyAgreement (1 2 840 113549 1 3 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 03 01', - 'name': 'dhKeyAgreement', - 'oid': (1, 2, 840, 113549, 1, 3, 1)}, - (1, 2, 840, 113549, 1, 5): {'description': 'pkcs-5 (1 2 840 113549 1 5)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 05', - 'name': 'pkcs-5', - 'oid': (1, 2, 840, 113549, 1, 5)}, - (1, 2, 840, 113549, 1, 5, 1): {'comment': 'PKCS #5', - 'description': 'pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 01', - 'name': 'pbeWithMD2AndDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 1)}, - (1, 2, 840, 113549, 1, 5, 3): {'comment': 'PKCS #5', - 'description': 'pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 03', - 'name': 'pbeWithMD5AndDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 3)}, - (1, 2, 840, 113549, 1, 5, 4): {'comment': 'PKCS #5', - 'description': 'pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 04', - 'name': 'pbeWithMD2AndRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 4)}, - (1, 2, 840, 113549, 1, 5, 6): {'comment': 'PKCS #5', - 'description': 'pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 06', - 'name': 'pbeWithMD5AndRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 6)}, - (1, 2, 840, 113549, 1, 5, 10): {'comment': 'PKCS #5', - 'description': 'pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0A', - 'name': 'pbeWithSHAAndDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 5, 10)}, - (1, 2, 840, 113549, 1, 5, 12): {'comment': 'PKCS #5 v2.0', - 'description': 'pkcs5PBKDF2 (1 2 840 113549 1 5 12)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0C', - 'name': 'pkcs5PBKDF2', - 'oid': (1, 2, 840, 113549, 1, 5, 12)}, - (1, 2, 840, 113549, 1, 5, 13): {'comment': 'PKCS #5 v2.0', - 'description': 'pkcs5PBES2 (1 2 840 113549 1 5 13)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0D', - 'name': 'pkcs5PBES2', - 'oid': (1, 2, 840, 113549, 1, 5, 13)}, - (1, 2, 840, 113549, 1, 5, 14): {'comment': 'PKCS #5 v2.0', - 'description': 'pkcs5PBMAC1 (1 2 840 113549 1 5 14)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 05 0E', - 'name': 'pkcs5PBMAC1', - 'oid': (1, 2, 840, 113549, 1, 5, 14)}, - (1, 2, 840, 113549, 1, 7): {'description': 'pkcs-7 (1 2 840 113549 1 7)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 07', - 'name': 'pkcs-7', - 'oid': (1, 2, 840, 113549, 1, 7)}, - (1, 2, 840, 113549, 1, 7, 1): {'comment': 'PKCS #7', - 'description': 'data (1 2 840 113549 1 7 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 01', - 'name': 'data', - 'oid': (1, 2, 840, 113549, 1, 7, 1)}, - (1, 2, 840, 113549, 1, 7, 2): {'comment': 'PKCS #7', - 'description': 'signedData (1 2 840 113549 1 7 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 02', - 'name': 'signedData', - 'oid': (1, 2, 840, 113549, 1, 7, 2)}, - (1, 2, 840, 113549, 1, 7, 3): {'comment': 'PKCS #7', - 'description': 'envelopedData (1 2 840 113549 1 7 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 03', - 'name': 'envelopedData', - 'oid': (1, 2, 840, 113549, 1, 7, 3)}, - (1, 2, 840, 113549, 1, 7, 4): {'comment': 'PKCS #7', - 'description': 'signedAndEnvelopedData (1 2 840 113549 1 7 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 04', - 'name': 'signedAndEnvelopedData', - 'oid': (1, 2, 840, 113549, 1, 7, 4)}, - (1, 2, 840, 113549, 1, 7, 5): {'comment': 'PKCS #7', - 'description': 'digestedData (1 2 840 113549 1 7 5)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 05', - 'name': 'digestedData', - 'oid': (1, 2, 840, 113549, 1, 7, 5)}, - (1, 2, 840, 113549, 1, 7, 6): {'comment': 'PKCS #7', - 'description': 'encryptedData (1 2 840 113549 1 7 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 07 06', - 'name': 'encryptedData', - 'oid': (1, 2, 840, 113549, 1, 7, 6)}, - (1, 2, 840, 113549, 1, 9): {'description': 'pkcs-9 (1 2 840 113549 1 9)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 09', - 'name': 'pkcs-9', - 'oid': (1, 2, 840, 113549, 1, 9)}, - (1, 2, 840, 113549, 1, 9, 1): {'comment': 'PKCS #9. Deprecated, use an altName extension instead', - 'description': 'emailAddress (1 2 840 113549 1 9 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 01', - 'name': 'emailAddress', - 'oid': (1, 2, 840, 113549, 1, 9, 1)}, - (1, 2, 840, 113549, 1, 9, 2): {'comment': 'PKCS #9', - 'description': 'unstructuredName (1 2 840 113549 1 9 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 02', - 'name': 'unstructuredName', - 'oid': (1, 2, 840, 113549, 1, 9, 2)}, - (1, 2, 840, 113549, 1, 9, 3): {'comment': 'PKCS #9', - 'description': 'contentType (1 2 840 113549 1 9 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 03', - 'name': 'contentType', - 'oid': (1, 2, 840, 113549, 1, 9, 3)}, - (1, 2, 840, 113549, 1, 9, 4): {'comment': 'PKCS #9', - 'description': 'messageDigest (1 2 840 113549 1 9 4)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 04', - 'name': 'messageDigest', - 'oid': (1, 2, 840, 113549, 1, 9, 4)}, - (1, 2, 840, 113549, 1, 9, 5): {'comment': 'PKCS #9', - 'description': 'signingTime (1 2 840 113549 1 9 5)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 05', - 'name': 'signingTime', - 'oid': (1, 2, 840, 113549, 1, 9, 5)}, - (1, 2, 840, 113549, 1, 9, 6): {'comment': 'PKCS #9', - 'description': 'countersignature (1 2 840 113549 1 9 6)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 06', - 'name': 'countersignature', - 'oid': (1, 2, 840, 113549, 1, 9, 6)}, - (1, 2, 840, 113549, 1, 9, 7): {'comment': 'PKCS #9', - 'description': 'challengePassword (1 2 840 113549 1 9 7)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 07', - 'name': 'challengePassword', - 'oid': (1, 2, 840, 113549, 1, 9, 7)}, - (1, 2, 840, 113549, 1, 9, 8): {'comment': 'PKCS #9', - 'description': 'unstructuredAddress (1 2 840 113549 1 9 8)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 08', - 'name': 'unstructuredAddress', - 'oid': (1, 2, 840, 113549, 1, 9, 8)}, - (1, 2, 840, 113549, 1, 9, 9): {'comment': 'PKCS #9', - 'description': 'extendedCertificateAttributes (1 2 840 113549 1 9 9)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 09', - 'name': 'extendedCertificateAttributes', - 'oid': (1, 2, 840, 113549, 1, 9, 9)}, - (1, 2, 840, 113549, 1, 9, 13): {'comment': 'PKCS #9', - 'description': 'signingDescription (1 2 840 113549 1 9 13)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 0D', - 'name': 'signingDescription', - 'oid': (1, 2, 840, 113549, 1, 9, 13)}, - (1, 2, 840, 113549, 1, 9, 14): {'comment': 'PKCS #9 via CRMF', - 'description': 'extensionRequest (1 2 840 113549 1 9 14)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 0E', - 'name': 'extensionRequest', - 'oid': (1, 2, 840, 113549, 1, 9, 14)}, - (1, 2, 840, 113549, 1, 9, 15): {'comment': 'PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name', - 'description': 'sMIMECapabilities (1 2 840 113549 1 9 15)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 0F', - 'name': 'sMIMECapabilities', - 'oid': (1, 2, 840, 113549, 1, 9, 15)}, - (1, 2, 840, 113549, 1, 9, 15, 1): {'comment': 'sMIMECapabilities', - 'description': 'preferSignedData (1 2 840 113549 1 9 15 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 0F 01', - 'name': 'preferSignedData', - 'oid': (1, 2, 840, 113549, 1, 9, 15, 1)}, - (1, 2, 840, 113549, 1, 9, 15, 2): {'comment': 'sMIMECapabilities', - 'description': 'canNotDecryptAny (1 2 840 113549 1 9 15 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 0F 02', - 'name': 'canNotDecryptAny', - 'oid': (1, 2, 840, 113549, 1, 9, 15, 2)}, - (1, 2, 840, 113549, 1, 9, 16): {'comment': 'PKCS #9', - 'description': 'id-sMIME (1 2 840 113549 1 9 16)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 10', - 'name': 'id-sMIME', - 'oid': (1, 2, 840, 113549, 1, 9, 16)}, - (1, 2, 840, 113549, 1, 9, 16, 0): {'comment': 'id-sMIME', - 'description': 'id-mod (1 2 840 113549 1 9 16 0)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 00', - 'name': 'id-mod', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 0)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 1): {'comment': 'S/MIME Modules', - 'description': 'id-mod-cms (1 2 840 113549 1 9 16 0 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 01', - 'name': 'id-mod-cms', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 2): {'comment': 'S/MIME Modules', - 'description': 'id-mod-ess (1 2 840 113549 1 9 16 0 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 02', - 'name': 'id-mod-ess', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 2)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 3): {'comment': 'S/MIME Modules', - 'description': 'id-mod-oid (1 2 840 113549 1 9 16 0 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 03', - 'name': 'id-mod-oid', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 3)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 4): {'comment': 'S/MIME Modules', - 'description': 'id-mod-msg-v3 (1 2 840 113549 1 9 16 0 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 04', - 'name': 'id-mod-msg-v3', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 4)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 5): {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSignature-88 (1 2 840 113549 1 9 16 0 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 05', - 'name': 'id-mod-ets-eSignature-88', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 5)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 6): {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSignature-97 (1 2 840 113549 1 9 16 0 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 06', - 'name': 'id-mod-ets-eSignature-97', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 6)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 7): {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 07', - 'name': 'id-mod-ets-eSigPolicy-88', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 7)}, - (1, 2, 840, 113549, 1, 9, 16, 0, 8): {'comment': 'S/MIME Modules', - 'description': 'id-mod-ets-eSigPolicy-88 (1 2 840 113549 1 9 16 0 8)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 00 08', - 'name': 'id-mod-ets-eSigPolicy-88', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 0, - 8)}, - (1, 2, 840, 113549, 1, 9, 16, 1): {'comment': 'S/MIME', - 'description': 'contentType (1 2 840 113549 1 9 16 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 01', - 'name': 'contentType', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 1)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 1): {'comment': 'S/MIME Content Types', - 'description': 'receipt (1 2 840 113549 1 9 16 1 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 01', - 'name': 'receipt', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 2): {'comment': 'S/MIME Content Types', - 'description': 'authData (1 2 840 113549 1 9 16 1 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 02', - 'name': 'authData', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 2)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 3): {'comment': 'S/MIME Content Types', - 'description': 'publishCert (1 2 840 113549 1 9 16 1 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 03', - 'name': 'publishCert', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 3)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 4): {'comment': 'S/MIME Content Types', - 'description': 'tSTInfo (1 2 840 113549 1 9 16 1 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 04', - 'name': 'tSTInfo', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 4)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 5): {'comment': 'S/MIME Content Types', - 'description': 'tDTInfo (1 2 840 113549 1 9 16 1 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 05', - 'name': 'tDTInfo', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 5)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 6): {'comment': 'S/MIME Content Types', - 'description': 'contentInfo (1 2 840 113549 1 9 16 1 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 06', - 'name': 'contentInfo', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 6)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 7): {'comment': 'S/MIME Content Types', - 'description': 'dVCSRequestData (1 2 840 113549 1 9 16 1 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 07', - 'name': 'dVCSRequestData', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 7)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 8): {'comment': 'S/MIME Content Types', - 'description': 'dVCSResponseData (1 2 840 113549 1 9 16 1 8)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 08', - 'name': 'dVCSResponseData', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 8)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 9): {'comment': 'S/MIME Content Types', - 'description': 'compressedData (1 2 840 113549 1 9 16 1 9)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 09', - 'name': 'compressedData', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 9)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 24): {'comment': 'RPKI project', - 'description': 'id-ct-routeOriginAttestation (1 2 840 113549 1 9 16 1 24)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 18', - 'name': 'id-ct-routeOriginAttestation', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 24)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 26): {'comment': 'RPKI project', - 'description': 'id-ct-rpkiManifest (1 2 840 113549 1 9 16 1 26)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A', - 'name': 'id-ct-rpkiManifest', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 26)}, - (1, 2, 840, 113549, 1, 9, 16, 1, 28): {'comment': 'RPKI project', - 'description': 'id-ct-xml (1 2 840 113549 1 9 16 1 28)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 01 1C', - 'name': 'id-ct-xml', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 1, - 28)}, - (1, 2, 840, 113549, 1, 9, 16, 2): {'comment': 'S/MIME', - 'description': 'authenticatedAttributes (1 2 840 113549 1 9 16 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 02', - 'name': 'authenticatedAttributes', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 2)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 1): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'receiptRequest (1 2 840 113549 1 9 16 2 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 01', - 'name': 'receiptRequest', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 2): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'securityLabel (1 2 840 113549 1 9 16 2 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 02', - 'name': 'securityLabel', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 2)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 3): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'mlExpandHistory (1 2 840 113549 1 9 16 2 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 03', - 'name': 'mlExpandHistory', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 3)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 4): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentHint (1 2 840 113549 1 9 16 2 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 04', - 'name': 'contentHint', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 4)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 5): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'msgSigDigest (1 2 840 113549 1 9 16 2 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 05', - 'name': 'msgSigDigest', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 5)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 7): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentIdentifier (1 2 840 113549 1 9 16 2 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 07', - 'name': 'contentIdentifier', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 7)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 9): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'equivalentLabels (1 2 840 113549 1 9 16 2 9)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 09', - 'name': 'equivalentLabels', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 9)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 10): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentReference (1 2 840 113549 1 9 16 2 10)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A', - 'name': 'contentReference', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 10)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 11): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'encrypKeyPref (1 2 840 113549 1 9 16 2 11)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0B', - 'name': 'encrypKeyPref', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 11)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 12): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signingCertificate (1 2 840 113549 1 9 16 2 12)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0C', - 'name': 'signingCertificate', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 12)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 13): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'smimeEncryptCerts (1 2 840 113549 1 9 16 2 13)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0D', - 'name': 'smimeEncryptCerts', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 13)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 14): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'timeStampToken (1 2 840 113549 1 9 16 2 14)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0E', - 'name': 'timeStampToken', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 14)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 15): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'sigPolicyId (1 2 840 113549 1 9 16 2 15)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 0F', - 'name': 'sigPolicyId', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 15)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 16): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'commitmentType (1 2 840 113549 1 9 16 2 16)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 10', - 'name': 'commitmentType', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 16)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 17): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signerLocation (1 2 840 113549 1 9 16 2 17)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 11', - 'name': 'signerLocation', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 17)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 18): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signerAttr (1 2 840 113549 1 9 16 2 18)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 12', - 'name': 'signerAttr', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 18)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 19): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'otherSigCert (1 2 840 113549 1 9 16 2 19)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 13', - 'name': 'otherSigCert', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 19)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 20): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'contentTimestamp (1 2 840 113549 1 9 16 2 20)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 14', - 'name': 'contentTimestamp', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 20)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 21): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'certificateRefs (1 2 840 113549 1 9 16 2 21)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 15', - 'name': 'certificateRefs', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 21)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 22): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'revocationRefs (1 2 840 113549 1 9 16 2 22)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 16', - 'name': 'revocationRefs', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 22)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 23): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'certValues (1 2 840 113549 1 9 16 2 23)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 17', - 'name': 'certValues', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 23)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 24): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'revocationValues (1 2 840 113549 1 9 16 2 24)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 18', - 'name': 'revocationValues', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 24)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 25): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'escTimeStamp (1 2 840 113549 1 9 16 2 25)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 19', - 'name': 'escTimeStamp', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 25)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 26): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'certCRLTimestamp (1 2 840 113549 1 9 16 2 26)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1A', - 'name': 'certCRLTimestamp', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 26)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 27): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'archiveTimeStamp (1 2 840 113549 1 9 16 2 27)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1B', - 'name': 'archiveTimeStamp', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 27)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 28): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'signatureType (1 2 840 113549 1 9 16 2 28)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1C', - 'name': 'signatureType', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 28)}, - (1, 2, 840, 113549, 1, 9, 16, 2, 29): {'comment': 'S/MIME Authenticated Attributes', - 'description': 'dvcs-dvc (1 2 840 113549 1 9 16 2 29)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 02 1D', - 'name': 'dvcs-dvc', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 2, - 29)}, - (1, 2, 840, 113549, 1, 9, 16, 3, 5): {'comment': 'S/MIME Algorithms', - 'description': 'esDH (1 2 840 113549 1 9 16 3 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 05', - 'name': 'esDH', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 3, - 5)}, - (1, 2, 840, 113549, 1, 9, 16, 3, 6): {'comment': 'S/MIME Algorithms', - 'description': 'cms3DESwrap (1 2 840 113549 1 9 16 3 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 06', - 'name': 'cms3DESwrap', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 3, - 6)}, - (1, 2, 840, 113549, 1, 9, 16, 3, 7): {'comment': 'S/MIME Algorithms', - 'description': 'cmsRC2wrap (1 2 840 113549 1 9 16 3 7)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 07', - 'name': 'cmsRC2wrap', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 3, - 7)}, - (1, 2, 840, 113549, 1, 9, 16, 3, 8): {'comment': 'S/MIME Algorithms', - 'description': 'zlib (1 2 840 113549 1 9 16 3 8)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 08', - 'name': 'zlib', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 3, - 8)}, - (1, 2, 840, 113549, 1, 9, 16, 3, 9): {'comment': 'S/MIME Algorithms', - 'description': 'pwri-KEK (1 2 840 113549 1 9 16 3 9)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 03 09', - 'name': 'pwri-KEK', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 3, - 9)}, - (1, 2, 840, 113549, 1, 9, 16, 4, 1): {'comment': 'S/MIME Certificate Distribution', - 'description': 'certDist-ldap (1 2 840 113549 1 9 16 4 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 04 01', - 'name': 'certDist-ldap', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 4, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 5, 1): {'comment': 'S/MIME Signature Policy Qualifier', - 'description': 'sigPolicyQualifier-spuri (1 2 840 113549 1 9 16 5 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 05 01', - 'name': 'sigPolicyQualifier-spuri', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 5, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 5, 2): {'comment': 'S/MIME Signature Policy Qualifier', - 'description': 'sigPolicyQualifier-spUserNotice (1 2 840 113549 1 9 16 5 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 05 02', - 'name': 'sigPolicyQualifier-spUserNotice', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 5, - 2)}, - (1, 2, 840, 113549, 1, 9, 16, 6, 1): {'comment': 'S/MIME', - 'description': 'proofOfOrigin (1 2 840 113549 1 9 16 6 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 01', - 'name': 'proofOfOrigin', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 6, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 6, 2): {'comment': 'S/MIME', - 'description': 'proofOfReceipt (1 2 840 113549 1 9 16 6 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 02', - 'name': 'proofOfReceipt', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 6, - 2)}, - (1, 2, 840, 113549, 1, 9, 16, 6, 3): {'comment': 'S/MIME', - 'description': 'proofOfDelivery (1 2 840 113549 1 9 16 6 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 03', - 'name': 'proofOfDelivery', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 6, - 3)}, - (1, 2, 840, 113549, 1, 9, 16, 6, 4): {'comment': 'S/MIME', - 'description': 'proofOfSender (1 2 840 113549 1 9 16 6 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 04', - 'name': 'proofOfSender', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 6, - 4)}, - (1, 2, 840, 113549, 1, 9, 16, 6, 5): {'comment': 'S/MIME', - 'description': 'proofOfApproval (1 2 840 113549 1 9 16 6 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 05', - 'name': 'proofOfApproval', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 6, - 5)}, - (1, 2, 840, 113549, 1, 9, 16, 6, 6): {'comment': 'S/MIME', - 'description': 'proofOfCreation (1 2 840 113549 1 9 16 6 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 06 06', - 'name': 'proofOfCreation', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 6, - 6)}, - (1, 2, 840, 113549, 1, 9, 16, 9): {'comment': 'S/MIME', - 'description': 'signatureTypeIdentifier (1 2 840 113549 1 9 16 9)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 09', - 'name': 'signatureTypeIdentifier', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 9)}, - (1, 2, 840, 113549, 1, 9, 16, 9, 1): {'comment': 'S/MIME Signature Type Identifier', - 'description': 'originatorSig (1 2 840 113549 1 9 16 9 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 01', - 'name': 'originatorSig', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 9, - 1)}, - (1, 2, 840, 113549, 1, 9, 16, 9, 2): {'comment': 'S/MIME Signature Type Identifier', - 'description': 'domainSig (1 2 840 113549 1 9 16 9 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 02', - 'name': 'domainSig', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 9, - 2)}, - (1, 2, 840, 113549, 1, 9, 16, 9, 3): {'comment': 'S/MIME Signature Type Identifier', - 'description': 'additionalAttributesSig (1 2 840 113549 1 9 16 9 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 03', - 'name': 'additionalAttributesSig', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 9, - 3)}, - (1, 2, 840, 113549, 1, 9, 16, 9, 4): {'comment': 'S/MIME Signature Type Identifier', - 'description': 'reviewSig (1 2 840 113549 1 9 16 9 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 09 04', - 'name': 'reviewSig', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 9, - 4)}, - (1, 2, 840, 113549, 1, 9, 16, 11): {'comment': 'S/MIME', - 'description': 'capabilities (1 2 840 113549 1 9 16 11)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 10 0B', - 'name': 'capabilities', - 'oid': (1, 2, 840, 113549, 1, 9, 16, 11)}, - (1, 2, 840, 113549, 1, 9, 16, 11, 1): {'comment': 'S/MIME Capability', - 'description': 'preferBinaryInside (1 2 840 113549 1 9 16 11 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 09 10 0B 01', - 'name': 'preferBinaryInside', - 'oid': (1, - 2, - 840, - 113549, - 1, - 9, - 16, - 11, - 1)}, - (1, 2, 840, 113549, 1, 9, 20): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'friendlyName (for PKCS #12) (1 2 840 113549 1 9 20)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 14', - 'name': 'friendlyName', - 'oid': (1, 2, 840, 113549, 1, 9, 20)}, - (1, 2, 840, 113549, 1, 9, 21): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'localKeyID (for PKCS #12) (1 2 840 113549 1 9 21)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 15', - 'name': 'localKeyID', - 'oid': (1, 2, 840, 113549, 1, 9, 21)}, - (1, 2, 840, 113549, 1, 9, 22): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'certTypes (for PKCS #12) (1 2 840 113549 1 9 22)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 16', - 'name': 'certTypes', - 'oid': (1, 2, 840, 113549, 1, 9, 22)}, - (1, 2, 840, 113549, 1, 9, 22, 1): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 16 01', - 'name': 'x509Certificate', - 'oid': (1, 2, 840, 113549, 1, 9, 22, 1)}, - (1, 2, 840, 113549, 1, 9, 22, 2): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 16 02', - 'name': 'sdsiCertificate', - 'oid': (1, 2, 840, 113549, 1, 9, 22, 2)}, - (1, 2, 840, 113549, 1, 9, 23): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'crlTypes (for PKCS #12) (1 2 840 113549 1 9 23)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 17', - 'name': 'crlTypes', - 'oid': (1, 2, 840, 113549, 1, 9, 23)}, - (1, 2, 840, 113549, 1, 9, 23, 1): {'comment': 'PKCS #9 via PKCS #12', - 'description': 'x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 17 01', - 'name': 'x509Crl', - 'oid': (1, 2, 840, 113549, 1, 9, 23, 1)}, - (1, 2, 840, 113549, 1, 9, 24): {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9objectClass (1 2 840 113549 1 9 24)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 18', - 'name': 'pkcs9objectClass', - 'oid': (1, 2, 840, 113549, 1, 9, 24)}, - (1, 2, 840, 113549, 1, 9, 25): {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9attributes (1 2 840 113549 1 9 25)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 19', - 'name': 'pkcs9attributes', - 'oid': (1, 2, 840, 113549, 1, 9, 25)}, - (1, 2, 840, 113549, 1, 9, 25, 1): {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'pkcs15Token (1 2 840 113549 1 9 25 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 01', - 'name': 'pkcs15Token', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 1)}, - (1, 2, 840, 113549, 1, 9, 25, 2): {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'encryptedPrivateKeyInfo (1 2 840 113549 1 9 25 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 02', - 'name': 'encryptedPrivateKeyInfo', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 2)}, - (1, 2, 840, 113549, 1, 9, 25, 3): {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'randomNonce (1 2 840 113549 1 9 25 3)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 03', - 'name': 'randomNonce', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 3)}, - (1, 2, 840, 113549, 1, 9, 25, 4): {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'sequenceNumber (1 2 840 113549 1 9 25 4)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 04', - 'name': 'sequenceNumber', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 4)}, - (1, 2, 840, 113549, 1, 9, 25, 5): {'comment': 'PKCS #9/RFC 2985 attribute', - 'description': 'pkcs7PDU (1 2 840 113549 1 9 25 5)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 09 19 05', - 'name': 'pkcs7PDU', - 'oid': (1, 2, 840, 113549, 1, 9, 25, 5)}, - (1, 2, 840, 113549, 1, 9, 26): {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9syntax (1 2 840 113549 1 9 26)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 1A', - 'name': 'pkcs9syntax', - 'oid': (1, 2, 840, 113549, 1, 9, 26)}, - (1, 2, 840, 113549, 1, 9, 27): {'comment': 'PKCS #9/RFC 2985', - 'description': 'pkcs9matchingRules (1 2 840 113549 1 9 27)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 09 1B', - 'name': 'pkcs9matchingRules', - 'oid': (1, 2, 840, 113549, 1, 9, 27)}, - (1, 2, 840, 113549, 1, 12): {'description': 'pkcs-12 (1 2 840 113549 1 12)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 01 0C', - 'name': 'pkcs-12', - 'oid': (1, 2, 840, 113549, 1, 12)}, - (1, 2, 840, 113549, 1, 12, 1): {'comment': 'This OID was formerly assigned as PKCS #12 modeID', - 'description': 'pkcs-12-PbeIds (1 2 840 113549 1 12 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0C 01', - 'name': 'pkcs-12-PbeIds', - 'oid': (1, 2, 840, 113549, 1, 12, 1)}, - (1, 2, 840, 113549, 1, 12, 1, 1): {'comment': 'PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode', - 'description': 'pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 01', - 'name': 'pbeWithSHAAnd128BitRC4', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 1)}, - (1, 2, 840, 113549, 1, 12, 1, 2): {'comment': 'PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode', - 'description': 'pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 02', - 'name': 'pbeWithSHAAnd40BitRC4', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 2)}, - (1, 2, 840, 113549, 1, 12, 1, 3): {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 03', - 'name': 'pbeWithSHAAnd3-KeyTripleDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 3)}, - (1, 2, 840, 113549, 1, 12, 1, 4): {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 04', - 'name': 'pbeWithSHAAnd2-KeyTripleDES-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 4)}, - (1, 2, 840, 113549, 1, 12, 1, 5): {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 05', - 'name': 'pbeWithSHAAnd128BitRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 5)}, - (1, 2, 840, 113549, 1, 12, 1, 6): {'comment': 'PKCS #12 PbeIds', - 'description': 'pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 01 06', - 'name': 'pbeWithSHAAnd40BitRC2-CBC', - 'oid': (1, 2, 840, 113549, 1, 12, 1, 6)}, - (1, 2, 840, 113549, 1, 12, 3): {'description': 'pkcs-12-BagIds (1 2 840 113549 1 12 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0C 03', - 'name': 'pkcs-12-BagIds', - 'oid': (1, 2, 840, 113549, 1, 12, 3)}, - (1, 2, 840, 113549, 1, 12, 3, 1): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-keyBagId (1 2 840 113549 1 12 3 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 01', - 'name': 'pkcs-12-keyBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 1)}, - (1, 2, 840, 113549, 1, 12, 3, 2): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 02', - 'name': 'pkcs-12-certAndCRLBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 2)}, - (1, 2, 840, 113549, 1, 12, 3, 3): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-secretBagId (1 2 840 113549 1 12 3 3)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 03', - 'name': 'pkcs-12-secretBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 3)}, - (1, 2, 840, 113549, 1, 12, 3, 4): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 04', - 'name': 'pkcs-12-safeContentsId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 4)}, - (1, 2, 840, 113549, 1, 12, 3, 5): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 03 05', - 'name': 'pkcs-12-pkcs-8ShroudedKeyBagId', - 'oid': (1, 2, 840, 113549, 1, 12, 3, 5)}, - (1, 2, 840, 113549, 1, 12, 4, 1): {'comment': 'PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag', - 'description': 'pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 04 01', - 'name': 'pkcs-12-X509CertCRLBagID', - 'oid': (1, 2, 840, 113549, 1, 12, 4, 1)}, - (1, 2, 840, 113549, 1, 12, 4, 2): {'comment': 'PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag', - 'description': 'pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 04 02', - 'name': 'pkcs-12-SDSICertBagID', - 'oid': (1, 2, 840, 113549, 1, 12, 4, 2)}, - (1, 2, 840, 113549, 1, 12, 5, 2): {'comment': 'PKCS #12 OID. Deprecated, use the conventional PKCS #1 OIDs instead', - 'description': 'pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 05 02', - 'name': 'pkcs-12-EnvelopingID', - 'oid': (1, 2, 840, 113549, 1, 12, 5, 2)}, - (1, 2, 840, 113549, 1, 12, 10): {'description': 'pkcs-12Version1 (1 2 840 113549 1 12 10)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0C 0A', - 'name': 'pkcs-12Version1', - 'oid': (1, 2, 840, 113549, 1, 12, 10)}, - (1, 2, 840, 113549, 1, 12, 10, 1): {'description': 'pkcs-12BadIds (1 2 840 113549 1 12 10 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0C 0A 01', - 'name': 'pkcs-12BadIds', - 'oid': (1, 2, 840, 113549, 1, 12, 10, 1)}, - (1, 2, 840, 113549, 1, 12, 10, 1, 1): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01', - 'name': 'pkcs-12-keyBag', - 'oid': (1, - 2, - 840, - 113549, - 1, - 12, - 10, - 1, - 1)}, - (1, 2, 840, 113549, 1, 12, 10, 1, 2): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02', - 'name': 'pkcs-12-pkcs-8ShroudedKeyBag', - 'oid': (1, - 2, - 840, - 113549, - 1, - 12, - 10, - 1, - 2)}, - (1, 2, 840, 113549, 1, 12, 10, 1, 3): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-certBag (1 2 840 113549 1 12 10 1 3)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03', - 'name': 'pkcs-12-certBag', - 'oid': (1, - 2, - 840, - 113549, - 1, - 12, - 10, - 1, - 3)}, - (1, 2, 840, 113549, 1, 12, 10, 1, 4): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04', - 'name': 'pkcs-12-crlBag', - 'oid': (1, - 2, - 840, - 113549, - 1, - 12, - 10, - 1, - 4)}, - (1, 2, 840, 113549, 1, 12, 10, 1, 5): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05', - 'name': 'pkcs-12-secretBag', - 'oid': (1, - 2, - 840, - 113549, - 1, - 12, - 10, - 1, - 5)}, - (1, 2, 840, 113549, 1, 12, 10, 1, 6): {'comment': 'PKCS #12 BagIds', - 'description': 'pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6)', - 'hexoid': '06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06', - 'name': 'pkcs-12-safeContentsBag', - 'oid': (1, - 2, - 840, - 113549, - 1, - 12, - 10, - 1, - 6)}, - (1, 2, 840, 113549, 1, 15, 1): {'comment': 'PKCS #15', - 'description': 'pkcs15modules (1 2 840 113549 1 15 1)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0F 01', - 'name': 'pkcs15modules', - 'oid': (1, 2, 840, 113549, 1, 15, 1)}, - (1, 2, 840, 113549, 1, 15, 2): {'comment': 'PKCS #15', - 'description': 'pkcs15attributes (1 2 840 113549 1 15 2)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0F 02', - 'name': 'pkcs15attributes', - 'oid': (1, 2, 840, 113549, 1, 15, 2)}, - (1, 2, 840, 113549, 1, 15, 3): {'comment': 'PKCS #15', - 'description': 'pkcs15contentType (1 2 840 113549 1 15 3)', - 'hexoid': '06 09 2A 86 48 86 F7 0D 01 0F 03', - 'name': 'pkcs15contentType', - 'oid': (1, 2, 840, 113549, 1, 15, 3)}, - (1, 2, 840, 113549, 1, 15, 3, 1): {'comment': 'PKCS #15 content type', - 'description': 'pkcs15content (1 2 840 113549 1 15 3 1)', - 'hexoid': '06 0A 2A 86 48 86 F7 0D 01 0F 03 01', - 'name': 'pkcs15content', - 'oid': (1, 2, 840, 113549, 1, 15, 3, 1)}, - (1, 2, 840, 113549, 2): {'description': 'digestAlgorithm (1 2 840 113549 2)', - 'hexoid': '06 07 2A 86 48 86 F7 0D 02', - 'name': 'digestAlgorithm', - 'oid': (1, 2, 840, 113549, 2)}, - (1, 2, 840, 113549, 2, 2): {'comment': 'RSADSI digestAlgorithm', - 'description': 'md2 (1 2 840 113549 2 2)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 02', - 'name': 'md2', - 'oid': (1, 2, 840, 113549, 2, 2)}, - (1, 2, 840, 113549, 2, 4): {'comment': 'RSADSI digestAlgorithm', - 'description': 'md4 (1 2 840 113549 2 4)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 04', - 'name': 'md4', - 'oid': (1, 2, 840, 113549, 2, 4)}, - (1, 2, 840, 113549, 2, 5): {'comment': 'RSADSI digestAlgorithm', - 'description': 'md5 (1 2 840 113549 2 5)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 05', - 'name': 'md5', - 'oid': (1, 2, 840, 113549, 2, 5)}, - (1, 2, 840, 113549, 2, 7): {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA1 (1 2 840 113549 2 7)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 07', - 'name': 'hmacWithSHA1', - 'oid': (1, 2, 840, 113549, 2, 7)}, - (1, 2, 840, 113549, 2, 8): {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA224 (1 2 840 113549 2 8)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 08', - 'name': 'hmacWithSHA224', - 'oid': (1, 2, 840, 113549, 2, 8)}, - (1, 2, 840, 113549, 2, 9): {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA256 (1 2 840 113549 2 9)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 09', - 'name': 'hmacWithSHA256', - 'oid': (1, 2, 840, 113549, 2, 9)}, - (1, 2, 840, 113549, 2, 10): {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA384 (1 2 840 113549 2 10)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 0A', - 'name': 'hmacWithSHA384', - 'oid': (1, 2, 840, 113549, 2, 10)}, - (1, 2, 840, 113549, 2, 11): {'comment': 'RSADSI digestAlgorithm', - 'description': 'hmacWithSHA512 (1 2 840 113549 2 11)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 02 0B', - 'name': 'hmacWithSHA512', - 'oid': (1, 2, 840, 113549, 2, 11)}, - (1, 2, 840, 113549, 3): {'description': 'encryptionAlgorithm (1 2 840 113549 3)', - 'hexoid': '06 07 2A 86 48 86 F7 0D 03', - 'name': 'encryptionAlgorithm', - 'oid': (1, 2, 840, 113549, 3)}, - (1, 2, 840, 113549, 3, 2): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc2CBC (1 2 840 113549 3 2)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 02', - 'name': 'rc2CBC', - 'oid': (1, 2, 840, 113549, 3, 2)}, - (1, 2, 840, 113549, 3, 3): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc2ECB (1 2 840 113549 3 3)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 03', - 'name': 'rc2ECB', - 'oid': (1, 2, 840, 113549, 3, 3)}, - (1, 2, 840, 113549, 3, 4): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc4 (1 2 840 113549 3 4)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 04', - 'name': 'rc4', - 'oid': (1, 2, 840, 113549, 3, 4)}, - (1, 2, 840, 113549, 3, 5): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc4WithMAC (1 2 840 113549 3 5)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 05', - 'name': 'rc4WithMAC', - 'oid': (1, 2, 840, 113549, 3, 5)}, - (1, 2, 840, 113549, 3, 6): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'desx-CBC (1 2 840 113549 3 6)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 06', - 'name': 'desx-CBC', - 'oid': (1, 2, 840, 113549, 3, 6)}, - (1, 2, 840, 113549, 3, 7): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'des-EDE3-CBC (1 2 840 113549 3 7)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 07', - 'name': 'des-EDE3-CBC', - 'oid': (1, 2, 840, 113549, 3, 7)}, - (1, 2, 840, 113549, 3, 8): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc5CBC (1 2 840 113549 3 8)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 08', - 'name': 'rc5CBC', - 'oid': (1, 2, 840, 113549, 3, 8)}, - (1, 2, 840, 113549, 3, 9): {'comment': 'RSADSI encryptionAlgorithm', - 'description': 'rc5-CBCPad (1 2 840 113549 3 9)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 09', - 'name': 'rc5-CBCPad', - 'oid': (1, 2, 840, 113549, 3, 9)}, - (1, 2, 840, 113549, 3, 10): {'comment': 'RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad', - 'description': 'desCDMF (1 2 840 113549 3 10)', - 'hexoid': '06 08 2A 86 48 86 F7 0D 03 0A', - 'name': 'desCDMF', - 'oid': (1, 2, 840, 113549, 3, 10)}, - (1, 2, 840, 113556, 1, 2, 241): {'comment': 'Microsoft Exchange Server - attribute', - 'description': 'deliveryMechanism (1 2 840 113556 1 2 241)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 02 81 71', - 'name': 'deliveryMechanism', - 'oid': (1, 2, 840, 113556, 1, 2, 241)}, - (1, 2, 840, 113556, 1, 2, 281): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'ntSecurityDescriptor (1 2 840 113556 1 2 281)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 02 82 19', - 'name': 'ntSecurityDescriptor', - 'oid': (1, 2, 840, 113556, 1, 2, 281)}, - (1, 2, 840, 113556, 1, 3, 0): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'site-Addressing (1 2 840 113556 1 3 0)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 00', - 'name': 'site-Addressing', - 'oid': (1, 2, 840, 113556, 1, 3, 0)}, - (1, 2, 840, 113556, 1, 3, 13): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'classSchema (1 2 840 113556 1 3 13)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 0D', - 'name': 'classSchema', - 'oid': (1, 2, 840, 113556, 1, 3, 13)}, - (1, 2, 840, 113556, 1, 3, 14): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'attributeSchema (1 2 840 113556 1 3 14)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 0E', - 'name': 'attributeSchema', - 'oid': (1, 2, 840, 113556, 1, 3, 14)}, - (1, 2, 840, 113556, 1, 3, 17): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'mailbox-Agent (1 2 840 113556 1 3 17)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 11', - 'name': 'mailbox-Agent', - 'oid': (1, 2, 840, 113556, 1, 3, 17)}, - (1, 2, 840, 113556, 1, 3, 22): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'mailbox (1 2 840 113556 1 3 22)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 16', - 'name': 'mailbox', - 'oid': (1, 2, 840, 113556, 1, 3, 22)}, - (1, 2, 840, 113556, 1, 3, 23): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'container (1 2 840 113556 1 3 23)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 17', - 'name': 'container', - 'oid': (1, 2, 840, 113556, 1, 3, 23)}, - (1, 2, 840, 113556, 1, 3, 46): {'comment': 'Microsoft Exchange Server - object class', - 'description': 'mailRecipient (1 2 840 113556 1 3 46)', - 'hexoid': '06 09 2A 86 48 86 F7 14 01 03 2E', - 'name': 'mailRecipient', - 'oid': (1, 2, 840, 113556, 1, 3, 46)}, - (1, 2, 840, 113556, 1, 4, 145): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'revision (1 2 840 113556 1 4 145)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 81 11', - 'name': 'revision', - 'oid': (1, 2, 840, 113556, 1, 4, 145)}, - (1, 2, 840, 113556, 1, 4, 1327): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIDefaultKeySpec (1 2 840 113556 1 4 1327)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 2F', - 'name': 'pKIDefaultKeySpec', - 'oid': (1, 2, 840, 113556, 1, 4, 1327)}, - (1, 2, 840, 113556, 1, 4, 1328): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIKeyUsage (1 2 840 113556 1 4 1328)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 30', - 'name': 'pKIKeyUsage', - 'oid': (1, 2, 840, 113556, 1, 4, 1328)}, - (1, 2, 840, 113556, 1, 4, 1329): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIMaxIssuingDepth (1 2 840 113556 1 4 1329)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 31', - 'name': 'pKIMaxIssuingDepth', - 'oid': (1, 2, 840, 113556, 1, 4, 1329)}, - (1, 2, 840, 113556, 1, 4, 1330): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKICriticalExtensions (1 2 840 113556 1 4 1330)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 32', - 'name': 'pKICriticalExtensions', - 'oid': (1, 2, 840, 113556, 1, 4, 1330)}, - (1, 2, 840, 113556, 1, 4, 1331): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIExpirationPeriod (1 2 840 113556 1 4 1331)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 33', - 'name': 'pKIExpirationPeriod', - 'oid': (1, 2, 840, 113556, 1, 4, 1331)}, - (1, 2, 840, 113556, 1, 4, 1332): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIOverlapPeriod (1 2 840 113556 1 4 1332)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 34', - 'name': 'pKIOverlapPeriod', - 'oid': (1, 2, 840, 113556, 1, 4, 1332)}, - (1, 2, 840, 113556, 1, 4, 1333): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIExtendedKeyUsage (1 2 840 113556 1 4 1333)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 35', - 'name': 'pKIExtendedKeyUsage', - 'oid': (1, 2, 840, 113556, 1, 4, 1333)}, - (1, 2, 840, 113556, 1, 4, 1334): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIDefaultCSPs (1 2 840 113556 1 4 1334)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 36', - 'name': 'pKIDefaultCSPs', - 'oid': (1, 2, 840, 113556, 1, 4, 1334)}, - (1, 2, 840, 113556, 1, 4, 1335): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'pKIEnrollmentAccess (1 2 840 113556 1 4 1335)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8A 37', - 'name': 'pKIEnrollmentAccess', - 'oid': (1, 2, 840, 113556, 1, 4, 1335)}, - (1, 2, 840, 113556, 1, 4, 1429): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-RA-Signature (1 2 840 113556 1 4 1429)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 15', - 'name': 'msPKI-RA-Signature', - 'oid': (1, 2, 840, 113556, 1, 4, 1429)}, - (1, 2, 840, 113556, 1, 4, 1430): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Enrollment-Flag (1 2 840 113556 1 4 1430)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 16', - 'name': 'msPKI-Enrollment-Flag', - 'oid': (1, 2, 840, 113556, 1, 4, 1430)}, - (1, 2, 840, 113556, 1, 4, 1431): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Private-Key-Flag (1 2 840 113556 1 4 1431)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 17', - 'name': 'msPKI-Private-Key-Flag', - 'oid': (1, 2, 840, 113556, 1, 4, 1431)}, - (1, 2, 840, 113556, 1, 4, 1432): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Certificate-Name-Flag (1 2 840 113556 1 4 1432)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 18', - 'name': 'msPKI-Certificate-Name-Flag', - 'oid': (1, 2, 840, 113556, 1, 4, 1432)}, - (1, 2, 840, 113556, 1, 4, 1433): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Minimal-Key-Size (1 2 840 113556 1 4 1433)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 19', - 'name': 'msPKI-Minimal-Key-Size', - 'oid': (1, 2, 840, 113556, 1, 4, 1433)}, - (1, 2, 840, 113556, 1, 4, 1434): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Template-Schema-Version (1 2 840 113556 1 4 1434)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1A', - 'name': 'msPKI-Template-Schema-Version', - 'oid': (1, 2, 840, 113556, 1, 4, 1434)}, - (1, 2, 840, 113556, 1, 4, 1435): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Template-Minor-Revision (1 2 840 113556 1 4 1435)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1B', - 'name': 'msPKI-Template-Minor-Revision', - 'oid': (1, 2, 840, 113556, 1, 4, 1435)}, - (1, 2, 840, 113556, 1, 4, 1436): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Cert-Template-OID (1 2 840 113556 1 4 1436)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1C', - 'name': 'msPKI-Cert-Template-OID', - 'oid': (1, 2, 840, 113556, 1, 4, 1436)}, - (1, 2, 840, 113556, 1, 4, 1437): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Supersede-Templates (1 2 840 113556 1 4 1437)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1D', - 'name': 'msPKI-Supersede-Templates', - 'oid': (1, 2, 840, 113556, 1, 4, 1437)}, - (1, 2, 840, 113556, 1, 4, 1438): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-RA-Policies (1 2 840 113556 1 4 1438)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1E', - 'name': 'msPKI-RA-Policies', - 'oid': (1, 2, 840, 113556, 1, 4, 1438)}, - (1, 2, 840, 113556, 1, 4, 1439): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Certificate-Policy (1 2 840 113556 1 4 1439)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8B 1F', - 'name': 'msPKI-Certificate-Policy', - 'oid': (1, 2, 840, 113556, 1, 4, 1439)}, - (1, 2, 840, 113556, 1, 4, 1674): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-Certificate-Application-Policy (1 2 840 113556 1 4 1674)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8D 0A', - 'name': 'msPKI-Certificate-Application-Policy', - 'oid': (1, 2, 840, 113556, 1, 4, 1674)}, - (1, 2, 840, 113556, 1, 4, 1675): {'comment': 'Microsoft Cert Template - attribute', - 'description': 'msPKI-RA-Application-Policies (1 2 840 113556 1 4 1675)', - 'hexoid': '06 0A 2A 86 48 86 F7 14 01 04 8D 0B', - 'name': 'msPKI-RA-Application-Policies', - 'oid': (1, 2, 840, 113556, 1, 4, 1675)}, - (1, 2, 840, 113556, 4, 3): {'comment': 'Microsoft', - 'description': 'microsoftExcel (1 2 840 113556 4 3)', - 'hexoid': '06 08 2A 86 48 86 F7 14 04 03', - 'name': 'microsoftExcel', - 'oid': (1, 2, 840, 113556, 4, 3)}, - (1, 2, 840, 113556, 4, 4): {'comment': 'Microsoft', - 'description': 'titledWithOID (1 2 840 113556 4 4)', - 'hexoid': '06 08 2A 86 48 86 F7 14 04 04', - 'name': 'titledWithOID', - 'oid': (1, 2, 840, 113556, 4, 4)}, - (1, 2, 840, 113556, 4, 5): {'comment': 'Microsoft', - 'description': 'microsoftPowerPoint (1 2 840 113556 4 5)', - 'hexoid': '06 08 2A 86 48 86 F7 14 04 05', - 'name': 'microsoftPowerPoint', - 'oid': (1, 2, 840, 113556, 4, 5)}, - (1, 2, 840, 114021, 1, 6, 1): {'comment': 'Identrus', - 'description': 'Identrus unknown policyIdentifier (1 2 840 114021 1 6 1)', - 'hexoid': '06 09 2A 86 48 86 FA 65 01 06 01', - 'name': 'Identrus', - 'oid': (1, 2, 840, 114021, 1, 6, 1)}, - (1, 2, 840, 114021, 4, 1): {'comment': 'Identrus', - 'description': 'identrusOCSP (1 2 840 114021 4 1)', - 'hexoid': '06 08 2A 86 48 86 FA 65 04 01', - 'name': 'identrusOCSP', - 'oid': (1, 2, 840, 114021, 4, 1)}, - (1, 3, 6, 1, 4, 1, 188, 7, 1, 1): {'comment': 'Ascom Systech', - 'description': 'ascom (1 3 6 1 4 1 188 7 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 81 3C 07 01 01', - 'name': 'ascom', - 'oid': (1, 3, 6, 1, 4, 1, 188, 7, 1, 1)}, - (1, 3, 6, 1, 4, 1, 188, 7, 1, 1, 1): {'comment': 'Ascom Systech', - 'description': 'ideaECB (1 3 6 1 4 1 188 7 1 1 1)', - 'hexoid': '06 0B 2B 06 01 04 01 81 3C 07 01 01 01', - 'name': 'ideaECB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 188, - 7, - 1, - 1, - 1)}, - (1, 3, 6, 1, 4, 1, 188, 7, 1, 1, 2): {'comment': 'Ascom Systech', - 'description': 'ideaCBC (1 3 6 1 4 1 188 7 1 1 2)', - 'hexoid': '06 0B 2B 06 01 04 01 81 3C 07 01 01 02', - 'name': 'ideaCBC', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 188, - 7, - 1, - 1, - 2)}, - (1, 3, 6, 1, 4, 1, 188, 7, 1, 1, 3): {'comment': 'Ascom Systech', - 'description': 'ideaCFB (1 3 6 1 4 1 188 7 1 1 3)', - 'hexoid': '06 0B 2B 06 01 04 01 81 3C 07 01 01 03', - 'name': 'ideaCFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 188, - 7, - 1, - 1, - 3)}, - (1, 3, 6, 1, 4, 1, 188, 7, 1, 1, 4): {'comment': 'Ascom Systech', - 'description': 'ideaOFB (1 3 6 1 4 1 188 7 1 1 4)', - 'hexoid': '06 0B 2B 06 01 04 01 81 3C 07 01 01 04', - 'name': 'ideaOFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 188, - 7, - 1, - 1, - 4)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 4): {'comment': 'Microsoft code signing', - 'description': 'spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 04', - 'name': 'spcIndirectDataContext', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 4)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 10): {'comment': 'Microsoft code signing. Also known as policyLink', - 'description': 'spcAgencyInfo (1 3 6 1 4 1 311 2 1 10)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0A', - 'name': 'spcAgencyInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 10)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 11): {'comment': 'Microsoft code signing', - 'description': 'spcStatementType (1 3 6 1 4 1 311 2 1 11)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0B', - 'name': 'spcStatementType', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 11)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 12): {'comment': 'Microsoft code signing', - 'description': 'spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0C', - 'name': 'spcSpOpusInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 12)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 14): {'comment': 'Microsoft', - 'description': 'certReqExtensions (1 3 6 1 4 1 311 2 1 14)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0E', - 'name': 'certReqExtensions', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 14)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 15): {'comment': 'Microsoft code signing', - 'description': 'spcPEImageData (1 3 6 1 4 1 311 2 1 15)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 0F', - 'name': 'spcPEImageData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 15)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 18): {'comment': 'Microsoft code signing', - 'description': 'spcRawFileData (1 3 6 1 4 1 311 2 1 18)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 12', - 'name': 'spcRawFileData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 18)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 19): {'comment': 'Microsoft code signing', - 'description': 'spcStructuredStorageData (1 3 6 1 4 1 311 2 1 19)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 13', - 'name': 'spcStructuredStorageData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 19)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 20): {'comment': 'Microsoft code signing. Formerly "link extension" aka "glue extension"', - 'description': 'spcJavaClassData (type 1) (1 3 6 1 4 1 311 2 1 20)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 14', - 'name': 'spcJavaClassData', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 20)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 21): {'comment': 'Microsoft', - 'description': 'individualCodeSigning (1 3 6 1 4 1 311 2 1 21)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 15', - 'name': 'individualCodeSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 21)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 22): {'comment': 'Microsoft', - 'description': 'commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 16', - 'name': 'commercialCodeSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 22)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 25): {'comment': 'Microsoft code signing. Also known as "glue extension"', - 'description': 'spcLink (type 2) (1 3 6 1 4 1 311 2 1 25)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 19', - 'name': 'spcLink', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 25)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 26): {'comment': 'Microsoft code signing', - 'description': 'spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 1A', - 'name': 'spcMinimalCriteriaInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 26)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 27): {'comment': 'Microsoft code signing', - 'description': 'spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 1B', - 'name': 'spcFinancialCriteriaInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 27)}, - (1, 3, 6, 1, 4, 1, 311, 2, 1, 28): {'comment': 'Microsoft code signing. Also known as "glue extension"', - 'description': 'spcLink (type 3) (1 3 6 1 4 1 311 2 1 28)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 02 01 1C', - 'name': 'spcLink', - 'oid': (1, 3, 6, 1, 4, 1, 311, 2, 1, 28)}, - (1, 3, 6, 1, 4, 1, 311, 3, 2, 1): {'comment': 'Microsoft code signing', - 'description': 'timestampRequest (1 3 6 1 4 1 311 3 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 03 02 01', - 'name': 'timestampRequest', - 'oid': (1, 3, 6, 1, 4, 1, 311, 3, 2, 1)}, - (1, 3, 6, 1, 4, 1, 311, 10, 1): {'comment': 'Microsoft PKCS #7 contentType', - 'description': 'certTrustList (1 3 6 1 4 1 311 10 1)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 0A 01', - 'name': 'certTrustList', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 1)}, - (1, 3, 6, 1, 4, 1, 311, 10, 2): {'comment': 'Microsoft', - 'description': 'nextUpdateLocation (1 3 6 1 4 1 311 10 2)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 0A 02', - 'name': 'nextUpdateLocation', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 2)}, - (1, 3, 6, 1, 4, 1, 311, 10, 3, 1): {'comment': 'Microsoft enhanced key usage', - 'description': 'certTrustListSigning (1 3 6 1 4 1 311 10 3 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 01', - 'name': 'certTrustListSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 1)}, - (1, 3, 6, 1, 4, 1, 311, 10, 3, 2): {'comment': 'Microsoft enhanced key usage', - 'description': 'timeStampSigning (1 3 6 1 4 1 311 10 3 2)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 02', - 'name': 'timeStampSigning', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 2)}, - (1, 3, 6, 1, 4, 1, 311, 10, 3, 3): {'comment': 'Microsoft enhanced key usage', - 'description': 'serverGatedCrypto (1 3 6 1 4 1 311 10 3 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 03', - 'name': 'serverGatedCrypto', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 3)}, - (1, 3, 6, 1, 4, 1, 311, 10, 3, 4): {'comment': 'Microsoft enhanced key usage', - 'description': 'encryptedFileSystem (1 3 6 1 4 1 311 10 3 4)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 03 04', - 'name': 'encryptedFileSystem', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 3, 4)}, - (1, 3, 6, 1, 4, 1, 311, 10, 4, 1): {'comment': 'Microsoft attribute', - 'description': 'yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0A 04 01', - 'name': 'yesnoTrustAttr', - 'oid': (1, 3, 6, 1, 4, 1, 311, 10, 4, 1)}, - (1, 3, 6, 1, 4, 1, 311, 13, 1): {'comment': 'Microsoft attribute', - 'description': 'renewalCertificate (1 3 6 1 4 1 311 13 1)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 0D 01', - 'name': 'renewalCertificate', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 1)}, - (1, 3, 6, 1, 4, 1, 311, 13, 2, 1): {'comment': 'Microsoft attribute', - 'description': 'enrolmentNameValuePair (1 3 6 1 4 1 311 13 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0D 02 01', - 'name': 'enrolmentNameValuePair', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 2, 1)}, - (1, 3, 6, 1, 4, 1, 311, 13, 2, 2): {'comment': 'Microsoft attribute', - 'description': 'enrolmentCSP (1 3 6 1 4 1 311 13 2 2)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0D 02 02', - 'name': 'enrolmentCSP', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 2, 2)}, - (1, 3, 6, 1, 4, 1, 311, 13, 2, 3): {'comment': 'Microsoft attribute', - 'description': 'osVersion (1 3 6 1 4 1 311 13 2 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 0D 02 03', - 'name': 'osVersion', - 'oid': (1, 3, 6, 1, 4, 1, 311, 13, 2, 3)}, - (1, 3, 6, 1, 4, 1, 311, 16, 4): {'comment': 'Microsoft attribute', - 'description': 'microsoftRecipientInfo (1 3 6 1 4 1 311 16 4)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 10 04', - 'name': 'microsoftRecipientInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 16, 4)}, - (1, 3, 6, 1, 4, 1, 311, 20, 2): {'comment': 'Microsoft CAPICOM certificate template, V1', - 'description': 'enrollCerttypeExtension (1 3 6 1 4 1 311 20 2)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 14 02', - 'name': 'enrollCerttypeExtension', - 'oid': (1, 3, 6, 1, 4, 1, 311, 20, 2)}, - (1, 3, 6, 1, 4, 1, 311, 20, 2, 3): {'comment': 'Microsoft UPN', - 'description': 'universalPrincipalName (1 3 6 1 4 1 311 20 2 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 14 02 03', - 'name': 'universalPrincipalName', - 'oid': (1, 3, 6, 1, 4, 1, 311, 20, 2, 3)}, - (1, 3, 6, 1, 4, 1, 311, 21, 1): {'comment': 'Microsoft attribute', - 'description': 'cAKeyCertIndexPair (1 3 6 1 4 1 311 21 1)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 01', - 'name': 'cAKeyCertIndexPair', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 1)}, - (1, 3, 6, 1, 4, 1, 311, 21, 7): {'comment': 'Microsoft CAPICOM certificate template, V2', - 'description': 'certificateTemplate (1 3 6 1 4 1 311 21 7)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 07', - 'name': 'certificateTemplate', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 7)}, - (1, 3, 6, 1, 4, 1, 311, 21, 13): {'comment': 'Microsoft attribute', - 'description': 'archivedKey (1 3 6 1 4 1 311 21 13)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 0D', - 'name': 'archivedKey', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 13)}, - (1, 3, 6, 1, 4, 1, 311, 21, 20): {'comment': 'Microsoft attribute', - 'description': 'requestClientInfo (1 3 6 1 4 1 311 21 20)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 14', - 'name': 'requestClientInfo', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 20)}, - (1, 3, 6, 1, 4, 1, 311, 21, 21): {'comment': 'Microsoft attribute', - 'description': 'encryptedKeyHash (1 3 6 1 4 1 311 21 21)', - 'hexoid': '06 09 2B 06 01 04 01 82 37 15 15', - 'name': 'encryptedKeyHash', - 'oid': (1, 3, 6, 1, 4, 1, 311, 21, 21)}, - (1, 3, 6, 1, 4, 1, 311, 47, 1, 1): {'comment': 'Microsoft extended key usage', - 'description': 'systemHealth (1 3 6 1 4 1 311 47 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 2F 01 01', - 'name': 'systemHealth', - 'oid': (1, 3, 6, 1, 4, 1, 311, 47, 1, 1)}, - (1, 3, 6, 1, 4, 1, 311, 47, 1, 3): {'comment': 'Microsoft extended key usage', - 'description': 'systemHealthLoophole (1 3 6 1 4 1 311 47 1 3)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 2F 01 03', - 'name': 'systemHealthLoophole', - 'oid': (1, 3, 6, 1, 4, 1, 311, 47, 1, 3)}, - (1, 3, 6, 1, 4, 1, 311, 88, 2, 1): {'comment': 'Microsoft attribute', - 'description': 'originalFilename (1 3 6 1 4 1 311 88 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 82 37 58 02 01', - 'name': 'originalFilename', - 'oid': (1, 3, 6, 1, 4, 1, 311, 88, 2, 1)}, - (1, 3, 6, 1, 4, 1, 2428, 10, 1, 1): {'comment': 'UNINETT PCA', - 'description': 'UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 92 7C 0A 01 01', - 'name': 'UNINETT', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 2428, - 10, - 1, - 1)}, - (1, 3, 6, 1, 4, 1, 2712, 10): {'comment': 'ICE-TEL CA', - 'description': 'ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10)', - 'hexoid': '06 08 2B 06 01 04 01 95 18 0A', - 'name': 'ICE-TEL', - 'oid': (1, 3, 6, 1, 4, 1, 2712, 10)}, - (1, 3, 6, 1, 4, 1, 2786, 1, 1, 1): {'comment': 'ICE-TEL CA policy', - 'description': 'ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 95 62 01 01 01', - 'name': 'ICE-TEL', - 'oid': (1, 3, 6, 1, 4, 1, 2786, 1, 1, 1)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 1, 1): {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishECB (1 3 6 1 4 1 3029 1 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 01', - 'name': 'blowfishECB', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 1)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 1, 2): {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishCBC (1 3 6 1 4 1 3029 1 1 2)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 02', - 'name': 'blowfishCBC', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 2)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 1, 3): {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishCFB (1 3 6 1 4 1 3029 1 1 3)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 03', - 'name': 'blowfishCFB', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 3)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 1, 4): {'comment': 'cryptlib encryption algorithm', - 'description': 'blowfishOFB (1 3 6 1 4 1 3029 1 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 01 04', - 'name': 'blowfishOFB', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 1, 4)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1): {'comment': 'cryptlib public-key algorithm', - 'description': 'elgamal (1 3 6 1 4 1 3029 1 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 01 02 01', - 'name': 'elgamal', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1, 1): {'comment': 'cryptlib public-key algorithm', - 'description': 'elgamalWithSHA-1 (1 3 6 1 4 1 3029 1 2 1 1)', - 'hexoid': '06 0B 2B 06 01 04 01 97 55 01 02 01 01', - 'name': 'elgamalWithSHA-1', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 3029, - 1, - 2, - 1, - 1)}, - (1, 3, 6, 1, 4, 1, 3029, 1, 2, 1, 2): {'comment': 'cryptlib public-key algorithm', - 'description': 'elgamalWithRIPEMD-160 (1 3 6 1 4 1 3029 1 2 1 2)', - 'hexoid': '06 0B 2B 06 01 04 01 97 55 01 02 01 02', - 'name': 'elgamalWithRIPEMD-160', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 3029, - 1, - 2, - 1, - 2)}, - (1, 3, 6, 1, 4, 1, 3029, 3, 1, 1): {'comment': 'cryptlib attribute type', - 'description': 'cryptlibPresenceCheck (1 3 6 1 4 1 3029 3 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 01', - 'name': 'cryptlibPresenceCheck', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 1)}, - (1, 3, 6, 1, 4, 1, 3029, 3, 1, 2): {'comment': 'cryptlib attribute type', - 'description': 'pkiBoot (1 3 6 1 4 1 3029 3 1 2)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 02', - 'name': 'pkiBoot', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 2)}, - (1, 3, 6, 1, 4, 1, 3029, 3, 1, 4): {'comment': 'cryptlib attribute type', - 'description': 'crlExtReason (1 3 6 1 4 1 3029 3 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 04', - 'name': 'crlExtReason', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 4)}, - (1, 3, 6, 1, 4, 1, 3029, 3, 1, 5): {'comment': 'cryptlib attribute type', - 'description': 'keyFeatures (1 3 6 1 4 1 3029 3 1 5)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 03 01 05', - 'name': 'keyFeatures', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 3, 1, 5)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1): {'comment': 'cryptlib', - 'description': 'cryptlibContent (1 3 6 1 4 1 3029 4 1)', - 'hexoid': '06 09 2B 06 01 04 01 97 55 04 01', - 'name': 'cryptlibContent', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1, 1): {'comment': 'cryptlib content type', - 'description': 'cryptlibConfigData (1 3 6 1 4 1 3029 4 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 01', - 'name': 'cryptlibConfigData', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 1)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1, 2): {'comment': 'cryptlib content type', - 'description': 'cryptlibUserIndex (1 3 6 1 4 1 3029 4 1 2)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 02', - 'name': 'cryptlibUserIndex', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 2)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1, 3): {'comment': 'cryptlib content type', - 'description': 'cryptlibUserInfo (1 3 6 1 4 1 3029 4 1 3)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 03', - 'name': 'cryptlibUserInfo', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 3)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1, 4): {'comment': 'cryptlib content type', - 'description': 'rtcsRequest (1 3 6 1 4 1 3029 4 1 4)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 04', - 'name': 'rtcsRequest', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 4)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1, 5): {'comment': 'cryptlib content type', - 'description': 'rtcsResponse (1 3 6 1 4 1 3029 4 1 5)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 05', - 'name': 'rtcsResponse', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 5)}, - (1, 3, 6, 1, 4, 1, 3029, 4, 1, 6): {'comment': 'cryptlib content type', - 'description': 'rtcsResponseExt (1 3 6 1 4 1 3029 4 1 6)', - 'hexoid': '06 0A 2B 06 01 04 01 97 55 04 01 06', - 'name': 'rtcsResponseExt', - 'oid': (1, 3, 6, 1, 4, 1, 3029, 4, 1, 6)}, - (1, 3, 6, 1, 4, 1, 3029, 42, 11172, 1): {'comment': 'cryptlib special MPEG-of-cat OID', - 'description': 'mpeg-1 (1 3 6 1 4 1 3029 42 11172 1)', - 'hexoid': '06 0B 2B 06 01 04 01 97 55 2A D7 24 01', - 'name': 'mpeg-1', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 3029, - 42, - 11172, - 1)}, - (1, 3, 6, 1, 4, 1, 3029, 88, 89, 90, 90, 89): {'comment': 'cryptlib certificate policy', - 'description': 'xYZZY policyIdentifier (1 3 6 1 4 1 3029 88 89 90 90 89)', - 'hexoid': '06 0C 2B 06 01 04 01 97 55 58 59 5A 5A 59', - 'name': 'xYZZY', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 3029, - 88, - 89, - 90, - 90, - 89)}, - (1, 3, 6, 1, 4, 1, 3401, 8, 1, 1): {'comment': 'PGP key information', - 'description': 'pgpExtension (1 3 6 1 4 1 3401 8 1 1)', - 'hexoid': '06 0A 2B 06 01 04 01 9A 49 08 01 01', - 'name': 'pgpExtension', - 'oid': (1, 3, 6, 1, 4, 1, 3401, 8, 1, 1)}, - (1, 3, 6, 1, 4, 1, 3576, 7): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'eciaAscX12Edi (1 3 6 1 4 1 3576 7)', - 'hexoid': '06 08 2B 06 01 04 01 9B 78 07', - 'name': 'eciaAscX12Edi', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7)}, - (1, 3, 6, 1, 4, 1, 3576, 7, 1): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'plainEDImessage (1 3 6 1 4 1 3576 7 1)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 01', - 'name': 'plainEDImessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 1)}, - (1, 3, 6, 1, 4, 1, 3576, 7, 2): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'signedEDImessage (1 3 6 1 4 1 3576 7 2)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 02', - 'name': 'signedEDImessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 2)}, - (1, 3, 6, 1, 4, 1, 3576, 7, 5): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'integrityEDImessage (1 3 6 1 4 1 3576 7 5)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 05', - 'name': 'integrityEDImessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 5)}, - (1, 3, 6, 1, 4, 1, 3576, 7, 65): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'iaReceiptMessage (1 3 6 1 4 1 3576 7 65)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 41', - 'name': 'iaReceiptMessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 65)}, - (1, 3, 6, 1, 4, 1, 3576, 7, 97): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'iaStatusMessage (1 3 6 1 4 1 3576 7 97)', - 'hexoid': '06 09 2B 06 01 04 01 9B 78 07 61', - 'name': 'iaStatusMessage', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 7, 97)}, - (1, 3, 6, 1, 4, 1, 3576, 8): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'eciaEdifact (1 3 6 1 4 1 3576 8)', - 'hexoid': '06 08 2B 06 01 04 01 9B 78 08', - 'name': 'eciaEdifact', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 8)}, - (1, 3, 6, 1, 4, 1, 3576, 9): {'comment': 'TMN EDI for Interactive Agents', - 'description': 'eciaNonEdi (1 3 6 1 4 1 3576 9)', - 'hexoid': '06 08 2B 06 01 04 01 9B 78 09', - 'name': 'eciaNonEdi', - 'oid': (1, 3, 6, 1, 4, 1, 3576, 9)}, - (1, 3, 6, 1, 4, 1, 5472): {'comment': 'enterprise', - 'description': 'timeproof (1 3 6 1 4 1 5472)', - 'hexoid': '06 07 2B 06 01 04 01 AA 60', - 'name': 'timeproof', - 'oid': (1, 3, 6, 1, 4, 1, 5472)}, - (1, 3, 6, 1, 4, 1, 5472, 1): {'comment': 'timeproof', - 'description': 'tss (1 3 6 1 4 1 5472 1)', - 'hexoid': '06 08 2B 06 01 04 01 AA 60 01', - 'name': 'tss', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1)}, - (1, 3, 6, 1, 4, 1, 5472, 1, 1): {'comment': 'timeproof TSS', - 'description': 'tss80 (1 3 6 1 4 1 5472 1 1)', - 'hexoid': '06 09 2B 06 01 04 01 AA 60 01 01', - 'name': 'tss80', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1, 1)}, - (1, 3, 6, 1, 4, 1, 5472, 1, 2): {'comment': 'timeproof TSS', - 'description': 'tss380 (1 3 6 1 4 1 5472 1 2)', - 'hexoid': '06 09 2B 06 01 04 01 AA 60 01 02', - 'name': 'tss380', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1, 2)}, - (1, 3, 6, 1, 4, 1, 5472, 1, 3): {'comment': 'timeproof TSS', - 'description': 'tss400 (1 3 6 1 4 1 5472 1 3)', - 'hexoid': '06 09 2B 06 01 04 01 AA 60 01 03', - 'name': 'tss400', - 'oid': (1, 3, 6, 1, 4, 1, 5472, 1, 3)}, - (1, 3, 6, 1, 4, 1, 5770, 0, 3): {'comment': 'MEDePass', - 'description': 'secondaryPractices (1 3 6 1 4 1 5770 0 3)', - 'hexoid': '06 09 2B 06 01 04 01 AD 0A 00 03', - 'name': 'secondaryPractices', - 'oid': (1, 3, 6, 1, 4, 1, 5770, 0, 3)}, - (1, 3, 6, 1, 4, 1, 5770, 0, 4): {'comment': 'MEDePass', - 'description': 'physicianIdentifiers (1 3 6 1 4 1 5770 0 4)', - 'hexoid': '06 09 2B 06 01 04 01 AD 0A 00 04', - 'name': 'physicianIdentifiers', - 'oid': (1, 3, 6, 1, 4, 1, 5770, 0, 4)}, - (1, 3, 6, 1, 4, 1, 6449, 1, 2, 1, 3, 1): {'comment': 'Comodo CA', - 'description': 'comodoPolicy (1 3 6 1 4 1 6449 1 2 1 3 1)', - 'hexoid': '06 0C 2B 06 01 04 01 B2 31 01 02 01 03 01', - 'name': 'comodoPolicy', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 6449, - 1, - 2, - 1, - 3, - 1)}, - (1, 3, 6, 1, 4, 1, 6449, 1, 3, 5, 2): {'comment': 'Comodo CA', - 'description': 'comodoCertifiedDeliveryService (1 3 6 1 4 1 6449 1 3 5 2)', - 'hexoid': '06 0B 2B 06 01 04 01 B2 31 01 03 05 02', - 'name': 'comodoCertifiedDeliveryService', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 6449, - 1, - 3, - 5, - 2)}, - (1, 3, 6, 1, 4, 1, 8231, 1): {'comment': 'Chilean Government national unique roll number', - 'description': 'rolUnicoNacional (1 3 6 1 4 1 8231 1)', - 'hexoid': '06 08 2B 06 01 04 01 C0 27 01', - 'name': 'rolUnicoNacional', - 'oid': (1, 3, 6, 1, 4, 1, 8231, 1)}, - (1, 3, 6, 1, 4, 1, 8301, 3, 5): {'comment': 'TU Darmstadt ValidityModel', - 'description': 'validityModel (1 3 6 1 4 1 8301 3 5)', - 'hexoid': '06 09 2B 06 01 04 01 C0 6D 03 05', - 'name': 'validityModel', - 'oid': (1, 3, 6, 1, 4, 1, 8301, 3, 5)}, - (1, 3, 6, 1, 4, 1, 8301, 3, 5, 1): {'comment': 'TU Darmstadt ValidityModel', - 'description': 'validityModelChain (1 3 6 1 4 1 8301 3 5 1)', - 'hexoid': '06 0A 2B 06 01 04 01 C0 6D 03 05 01', - 'name': 'validityModelChain', - 'oid': (1, 3, 6, 1, 4, 1, 8301, 3, 5, 1)}, - (1, 3, 6, 1, 4, 1, 8301, 3, 5, 2): {'comment': 'ValidityModel', - 'description': 'validityModelShell (1 3 6 1 4 1 8301 3 5 2)', - 'hexoid': '06 0A 2B 06 01 04 01 C0 6D 03 05 02', - 'name': 'validityModelShell', - 'oid': (1, 3, 6, 1, 4, 1, 8301, 3, 5, 2)}, - (1, 3, 6, 1, 4, 1, 11591): {'comment': 'GNU Project (see http://www.gnupg.org/oids.html)', - 'description': 'gnu (1 3 6 1 4 1 11591)', - 'hexoid': '06 07 2B 06 01 04 01 DA 47', - 'name': 'gnu', - 'oid': (1, 3, 6, 1, 4, 1, 11591)}, - (1, 3, 6, 1, 4, 1, 11591, 1): {'comment': 'GNU Radius', - 'description': 'gnuRadius (1 3 6 1 4 1 11591 1)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 01', - 'name': 'gnuRadius', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 1)}, - (1, 3, 6, 1, 4, 1, 11591, 3): {'comment': 'GNU Radar', - 'description': 'gnuRadar (1 3 6 1 4 1 11591 3)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 03', - 'name': 'gnuRadar', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 3)}, - (1, 3, 6, 1, 4, 1, 11591, 12): {'comment': 'GNU digest algorithm', - 'description': 'gnuDigestAlgorithm (1 3 6 1 4 1 11591 12)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 0C', - 'name': 'gnuDigestAlgorithm', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 12)}, - (1, 3, 6, 1, 4, 1, 11591, 12, 2): {'comment': 'GNU digest algorithm', - 'description': 'tiger (1 3 6 1 4 1 11591 12 2)', - 'hexoid': '06 09 2B 06 01 04 01 DA 47 0C 02', - 'name': 'tiger', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 12, 2)}, - (1, 3, 6, 1, 4, 1, 11591, 13): {'comment': 'GNU encryption algorithm', - 'description': 'gnuEncryptionAlgorithm (1 3 6 1 4 1 11591 13)', - 'hexoid': '06 08 2B 06 01 04 01 DA 47 0D', - 'name': 'gnuEncryptionAlgorithm', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2): {'comment': 'GNU encryption algorithm', - 'description': 'serpent (1 3 6 1 4 1 11591 13 2)', - 'hexoid': '06 09 2B 06 01 04 01 DA 47 0D 02', - 'name': 'serpent', - 'oid': (1, 3, 6, 1, 4, 1, 11591, 13, 2)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 1): {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_ECB (1 3 6 1 4 1 11591 13 2 1)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 01', - 'name': 'serpent128_ECB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 1)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 2): {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_CBC (1 3 6 1 4 1 11591 13 2 2)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 02', - 'name': 'serpent128_CBC', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 2)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 3): {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_OFB (1 3 6 1 4 1 11591 13 2 3)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 03', - 'name': 'serpent128_OFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 3)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 4): {'comment': 'GNU encryption algorithm', - 'description': 'serpent128_CFB (1 3 6 1 4 1 11591 13 2 4)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 04', - 'name': 'serpent128_CFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 4)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 21): {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_ECB (1 3 6 1 4 1 11591 13 2 21)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 15', - 'name': 'serpent192_ECB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 21)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 22): {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_CBC (1 3 6 1 4 1 11591 13 2 22)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 16', - 'name': 'serpent192_CBC', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 22)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 23): {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_OFB (1 3 6 1 4 1 11591 13 2 23)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 17', - 'name': 'serpent192_OFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 23)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 24): {'comment': 'GNU encryption algorithm', - 'description': 'serpent192_CFB (1 3 6 1 4 1 11591 13 2 24)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 18', - 'name': 'serpent192_CFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 24)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 41): {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_ECB (1 3 6 1 4 1 11591 13 2 41)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 29', - 'name': 'serpent256_ECB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 41)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 42): {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_CBC (1 3 6 1 4 1 11591 13 2 42)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 2A', - 'name': 'serpent256_CBC', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 42)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 43): {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_OFB (1 3 6 1 4 1 11591 13 2 43)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 2B', - 'name': 'serpent256_OFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 43)}, - (1, 3, 6, 1, 4, 1, 11591, 13, 2, 44): {'comment': 'GNU encryption algorithm', - 'description': 'serpent256_CFB (1 3 6 1 4 1 11591 13 2 44)', - 'hexoid': '06 0A 2B 06 01 04 01 DA 47 0D 02 2C', - 'name': 'serpent256_CFB', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 11591, - 13, - 2, - 44)}, - (1, 3, 6, 1, 4, 1, 16334, 509, 1, 1): {'comment': 'Northrop Grumman extended key usage', - 'description': 'Northrop Grumman extKeyUsage? (1 3 6 1 4 1 16334 509 1 1)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 01 01', - 'name': 'Northrop', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 16334, - 509, - 1, - 1)}, - (1, 3, 6, 1, 4, 1, 16334, 509, 2, 1): {'comment': 'Northrop Grumman policy', - 'description': 'ngcClass1 (1 3 6 1 4 1 16334 509 2 1)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 02 01', - 'name': 'ngcClass1', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 16334, - 509, - 2, - 1)}, - (1, 3, 6, 1, 4, 1, 16334, 509, 2, 2): {'comment': 'Northrop Grumman policy', - 'description': 'ngcClass2 (1 3 6 1 4 1 16334 509 2 2)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 02 02', - 'name': 'ngcClass2', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 16334, - 509, - 2, - 2)}, - (1, 3, 6, 1, 4, 1, 16334, 509, 2, 3): {'comment': 'Northrop Grumman policy', - 'description': 'ngcClass3 (1 3 6 1 4 1 16334 509 2 3)', - 'hexoid': '06 0B 2B 06 01 04 01 FF 4E 83 7D 02 03', - 'name': 'ngcClass3', - 'oid': (1, - 3, - 6, - 1, - 4, - 1, - 16334, - 509, - 2, - 3)}, - (1, 3, 6, 1, 5, 5, 7): {'description': 'pkix (1 3 6 1 5 5 7)', - 'hexoid': '06 06 2B 06 01 05 05 07', - 'name': 'pkix', - 'oid': (1, 3, 6, 1, 5, 5, 7)}, - (1, 3, 6, 1, 5, 5, 7, 0, 12): {'comment': 'PKIX', - 'description': 'attributeCert (1 3 6 1 5 5 7 0 12)', - 'hexoid': '06 08 2B 06 01 05 05 07 00 0C', - 'name': 'attributeCert', - 'oid': (1, 3, 6, 1, 5, 5, 7, 0, 12)}, - (1, 3, 6, 1, 5, 5, 7, 1): {'comment': 'PKIX', - 'description': 'privateExtension (1 3 6 1 5 5 7 1)', - 'hexoid': '06 07 2B 06 01 05 05 07 01', - 'name': 'privateExtension', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1)}, - (1, 3, 6, 1, 5, 5, 7, 1, 1): {'comment': 'PKIX private extension', - 'description': 'authorityInfoAccess (1 3 6 1 5 5 7 1 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 01', - 'name': 'authorityInfoAccess', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 1)}, - (1, 3, 6, 1, 5, 5, 7, 1, 2): {'comment': 'PKIX private extension', - 'description': 'biometricInfo (1 3 6 1 5 5 7 1 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 02', - 'name': 'biometricInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 2)}, - (1, 3, 6, 1, 5, 5, 7, 1, 3): {'comment': 'PKIX private extension', - 'description': 'qcStatements (1 3 6 1 5 5 7 1 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 03', - 'name': 'qcStatements', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 3)}, - (1, 3, 6, 1, 5, 5, 7, 1, 4): {'comment': 'PKIX private extension', - 'description': 'acAuditIdentity (1 3 6 1 5 5 7 1 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 04', - 'name': 'acAuditIdentity', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 4)}, - (1, 3, 6, 1, 5, 5, 7, 1, 5): {'comment': 'PKIX private extension', - 'description': 'acTargeting (1 3 6 1 5 5 7 1 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 05', - 'name': 'acTargeting', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 5)}, - (1, 3, 6, 1, 5, 5, 7, 1, 6): {'comment': 'PKIX private extension', - 'description': 'acAaControls (1 3 6 1 5 5 7 1 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 06', - 'name': 'acAaControls', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 6)}, - (1, 3, 6, 1, 5, 5, 7, 1, 7): {'comment': 'PKIX private extension', - 'description': 'sbgp-ipAddrBlock (1 3 6 1 5 5 7 1 7)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 07', - 'name': 'sbgp-ipAddrBlock', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 7)}, - (1, 3, 6, 1, 5, 5, 7, 1, 8): {'comment': 'PKIX private extension', - 'description': 'sbgp-autonomousSysNum (1 3 6 1 5 5 7 1 8)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 08', - 'name': 'sbgp-autonomousSysNum', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 8)}, - (1, 3, 6, 1, 5, 5, 7, 1, 9): {'comment': 'PKIX private extension', - 'description': 'sbgp-routerIdentifier (1 3 6 1 5 5 7 1 9)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 09', - 'name': 'sbgp-routerIdentifier', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 9)}, - (1, 3, 6, 1, 5, 5, 7, 1, 10): {'comment': 'PKIX private extension', - 'description': 'acProxying (1 3 6 1 5 5 7 1 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 0A', - 'name': 'acProxying', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 10)}, - (1, 3, 6, 1, 5, 5, 7, 1, 11): {'comment': 'PKIX private extension', - 'description': 'subjectInfoAccess (1 3 6 1 5 5 7 1 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 0B', - 'name': 'subjectInfoAccess', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 11)}, - (1, 3, 6, 1, 5, 5, 7, 1, 12): {'comment': 'PKIX private extension', - 'description': 'logoType (1 3 6 1 5 5 7 1 12)', - 'hexoid': '06 08 2B 06 01 05 05 07 01 0C', - 'name': 'logoType', - 'oid': (1, 3, 6, 1, 5, 5, 7, 1, 12)}, - (1, 3, 6, 1, 5, 5, 7, 2): {'comment': 'PKIX', - 'description': 'policyQualifierIds (1 3 6 1 5 5 7 2)', - 'hexoid': '06 07 2B 06 01 05 05 07 02', - 'name': 'policyQualifierIds', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2)}, - (1, 3, 6, 1, 5, 5, 7, 2, 1): {'comment': 'PKIX policy qualifier', - 'description': 'cps (1 3 6 1 5 5 7 2 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 02 01', - 'name': 'cps', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2, 1)}, - (1, 3, 6, 1, 5, 5, 7, 2, 2): {'comment': 'PKIX policy qualifier', - 'description': 'unotice (1 3 6 1 5 5 7 2 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 02 02', - 'name': 'unotice', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2, 2)}, - (1, 3, 6, 1, 5, 5, 7, 2, 3): {'comment': 'PKIX policy qualifier', - 'description': 'textNotice (1 3 6 1 5 5 7 2 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 02 03', - 'name': 'textNotice', - 'oid': (1, 3, 6, 1, 5, 5, 7, 2, 3)}, - (1, 3, 6, 1, 5, 5, 7, 3): {'comment': 'PKIX', - 'description': 'keyPurpose (1 3 6 1 5 5 7 3)', - 'hexoid': '06 07 2B 06 01 05 05 07 03', - 'name': 'keyPurpose', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3)}, - (1, 3, 6, 1, 5, 5, 7, 3, 1): {'comment': 'PKIX key purpose', - 'description': 'serverAuth (1 3 6 1 5 5 7 3 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 01', - 'name': 'serverAuth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 1)}, - (1, 3, 6, 1, 5, 5, 7, 3, 2): {'comment': 'PKIX key purpose', - 'description': 'clientAuth (1 3 6 1 5 5 7 3 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 02', - 'name': 'clientAuth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 2)}, - (1, 3, 6, 1, 5, 5, 7, 3, 3): {'comment': 'PKIX key purpose', - 'description': 'codeSigning (1 3 6 1 5 5 7 3 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 03', - 'name': 'codeSigning', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 3)}, - (1, 3, 6, 1, 5, 5, 7, 3, 4): {'comment': 'PKIX key purpose', - 'description': 'emailProtection (1 3 6 1 5 5 7 3 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 04', - 'name': 'emailProtection', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 4)}, - (1, 3, 6, 1, 5, 5, 7, 3, 5): {'comment': 'PKIX key purpose', - 'description': 'ipsecEndSystem (1 3 6 1 5 5 7 3 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 05', - 'name': 'ipsecEndSystem', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 5)}, - (1, 3, 6, 1, 5, 5, 7, 3, 6): {'comment': 'PKIX key purpose', - 'description': 'ipsecTunnel (1 3 6 1 5 5 7 3 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 06', - 'name': 'ipsecTunnel', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 6)}, - (1, 3, 6, 1, 5, 5, 7, 3, 7): {'comment': 'PKIX key purpose', - 'description': 'ipsecUser (1 3 6 1 5 5 7 3 7)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 07', - 'name': 'ipsecUser', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 7)}, - (1, 3, 6, 1, 5, 5, 7, 3, 8): {'comment': 'PKIX key purpose', - 'description': 'timeStamping (1 3 6 1 5 5 7 3 8)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 08', - 'name': 'timeStamping', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 8)}, - (1, 3, 6, 1, 5, 5, 7, 3, 9): {'comment': 'PKIX key purpose', - 'description': 'ocspSigning (1 3 6 1 5 5 7 3 9)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 09', - 'name': 'ocspSigning', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 9)}, - (1, 3, 6, 1, 5, 5, 7, 3, 10): {'comment': 'PKIX key purpose', - 'description': 'dvcs (1 3 6 1 5 5 7 3 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0A', - 'name': 'dvcs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 10)}, - (1, 3, 6, 1, 5, 5, 7, 3, 11): {'comment': 'PKIX key purpose', - 'description': 'sbgpCertAAServerAuth (1 3 6 1 5 5 7 3 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0B', - 'name': 'sbgpCertAAServerAuth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 11)}, - (1, 3, 6, 1, 5, 5, 7, 3, 13): {'comment': 'PKIX key purpose', - 'description': 'eapOverPPP (1 3 6 1 5 5 7 3 13)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0D', - 'name': 'eapOverPPP', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 13)}, - (1, 3, 6, 1, 5, 5, 7, 3, 14): {'comment': 'PKIX key purpose', - 'description': 'wlanSSID (1 3 6 1 5 5 7 3 14)', - 'hexoid': '06 08 2B 06 01 05 05 07 03 0E', - 'name': 'wlanSSID', - 'oid': (1, 3, 6, 1, 5, 5, 7, 3, 14)}, - (1, 3, 6, 1, 5, 5, 7, 4): {'comment': 'PKIX', - 'description': 'cmpInformationTypes (1 3 6 1 5 5 7 4)', - 'hexoid': '06 07 2B 06 01 05 05 07 04', - 'name': 'cmpInformationTypes', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4)}, - (1, 3, 6, 1, 5, 5, 7, 4, 1): {'comment': 'PKIX CMP information', - 'description': 'caProtEncCert (1 3 6 1 5 5 7 4 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 01', - 'name': 'caProtEncCert', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 1)}, - (1, 3, 6, 1, 5, 5, 7, 4, 2): {'comment': 'PKIX CMP information', - 'description': 'signKeyPairTypes (1 3 6 1 5 5 7 4 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 02', - 'name': 'signKeyPairTypes', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 2)}, - (1, 3, 6, 1, 5, 5, 7, 4, 3): {'comment': 'PKIX CMP information', - 'description': 'encKeyPairTypes (1 3 6 1 5 5 7 4 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 03', - 'name': 'encKeyPairTypes', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 3)}, - (1, 3, 6, 1, 5, 5, 7, 4, 4): {'comment': 'PKIX CMP information', - 'description': 'preferredSymmAlg (1 3 6 1 5 5 7 4 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 04', - 'name': 'preferredSymmAlg', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 4)}, - (1, 3, 6, 1, 5, 5, 7, 4, 5): {'comment': 'PKIX CMP information', - 'description': 'caKeyUpdateInfo (1 3 6 1 5 5 7 4 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 05', - 'name': 'caKeyUpdateInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 5)}, - (1, 3, 6, 1, 5, 5, 7, 4, 6): {'comment': 'PKIX CMP information', - 'description': 'currentCRL (1 3 6 1 5 5 7 4 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 06', - 'name': 'currentCRL', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 6)}, - (1, 3, 6, 1, 5, 5, 7, 4, 7): {'comment': 'PKIX CMP information', - 'description': 'unsupportedOIDs (1 3 6 1 5 5 7 4 7)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 07', - 'name': 'unsupportedOIDs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 7)}, - (1, 3, 6, 1, 5, 5, 7, 4, 10): {'comment': 'PKIX CMP information', - 'description': 'keyPairParamReq (1 3 6 1 5 5 7 4 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0A', - 'name': 'keyPairParamReq', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 10)}, - (1, 3, 6, 1, 5, 5, 7, 4, 11): {'comment': 'PKIX CMP information', - 'description': 'keyPairParamRep (1 3 6 1 5 5 7 4 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0B', - 'name': 'keyPairParamRep', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 11)}, - (1, 3, 6, 1, 5, 5, 7, 4, 12): {'comment': 'PKIX CMP information', - 'description': 'revPassphrase (1 3 6 1 5 5 7 4 12)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0C', - 'name': 'revPassphrase', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 12)}, - (1, 3, 6, 1, 5, 5, 7, 4, 13): {'comment': 'PKIX CMP information', - 'description': 'implicitConfirm (1 3 6 1 5 5 7 4 13)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0D', - 'name': 'implicitConfirm', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 13)}, - (1, 3, 6, 1, 5, 5, 7, 4, 14): {'comment': 'PKIX CMP information', - 'description': 'confirmWaitTime (1 3 6 1 5 5 7 4 14)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0E', - 'name': 'confirmWaitTime', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 14)}, - (1, 3, 6, 1, 5, 5, 7, 4, 15): {'comment': 'PKIX CMP information', - 'description': 'origPKIMessage (1 3 6 1 5 5 7 4 15)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 0F', - 'name': 'origPKIMessage', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 15)}, - (1, 3, 6, 1, 5, 5, 7, 4, 16): {'comment': 'PKIX CMP information', - 'description': 'suppLangTags (1 3 6 1 5 5 7 4 16)', - 'hexoid': '06 08 2B 06 01 05 05 07 04 10', - 'name': 'suppLangTags', - 'oid': (1, 3, 6, 1, 5, 5, 7, 4, 16)}, - (1, 3, 6, 1, 5, 5, 7, 5): {'comment': 'PKIX', - 'description': 'crmfRegistration (1 3 6 1 5 5 7 5)', - 'hexoid': '06 07 2B 06 01 05 05 07 05', - 'name': 'crmfRegistration', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1): {'comment': 'PKIX CRMF registration', - 'description': 'regCtrl (1 3 6 1 5 5 7 5 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 05 01', - 'name': 'regCtrl', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 1): {'comment': 'PKIX CRMF registration control', - 'description': 'regToken (1 3 6 1 5 5 7 5 1 1)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 01', - 'name': 'regToken', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 1)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 2): {'comment': 'PKIX CRMF registration control', - 'description': 'authenticator (1 3 6 1 5 5 7 5 1 2)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 02', - 'name': 'authenticator', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 2)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 3): {'comment': 'PKIX CRMF registration control', - 'description': 'pkiPublicationInfo (1 3 6 1 5 5 7 5 1 3)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 03', - 'name': 'pkiPublicationInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 3)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 4): {'comment': 'PKIX CRMF registration control', - 'description': 'pkiArchiveOptions (1 3 6 1 5 5 7 5 1 4)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 04', - 'name': 'pkiArchiveOptions', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 4)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 5): {'comment': 'PKIX CRMF registration control', - 'description': 'oldCertID (1 3 6 1 5 5 7 5 1 5)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 05', - 'name': 'oldCertID', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 5)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 6): {'comment': 'PKIX CRMF registration control', - 'description': 'protocolEncrKey (1 3 6 1 5 5 7 5 1 6)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 06', - 'name': 'protocolEncrKey', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 6)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 7): {'comment': 'PKIX CRMF registration control', - 'description': 'altCertTemplate (1 3 6 1 5 5 7 5 1 7)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 07', - 'name': 'altCertTemplate', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 7)}, - (1, 3, 6, 1, 5, 5, 7, 5, 1, 8): {'comment': 'PKIX CRMF registration control', - 'description': 'wtlsTemplate (1 3 6 1 5 5 7 5 1 8)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 01 08', - 'name': 'wtlsTemplate', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 1, 8)}, - (1, 3, 6, 1, 5, 5, 7, 5, 2): {'comment': 'PKIX CRMF registration', - 'description': 'utf8Pairs (1 3 6 1 5 5 7 5 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 05 02', - 'name': 'utf8Pairs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 2)}, - (1, 3, 6, 1, 5, 5, 7, 5, 2, 1): {'comment': 'PKIX CRMF registration control', - 'description': 'utf8Pairs (1 3 6 1 5 5 7 5 2 1)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 02 01', - 'name': 'utf8Pairs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 2, 1)}, - (1, 3, 6, 1, 5, 5, 7, 5, 2, 2): {'comment': 'PKIX CRMF registration control', - 'description': 'certReq (1 3 6 1 5 5 7 5 2 2)', - 'hexoid': '06 09 2B 06 01 05 05 07 05 02 02', - 'name': 'certReq', - 'oid': (1, 3, 6, 1, 5, 5, 7, 5, 2, 2)}, - (1, 3, 6, 1, 5, 5, 7, 6): {'comment': 'PKIX', - 'description': 'algorithms (1 3 6 1 5 5 7 6)', - 'hexoid': '06 07 2B 06 01 05 05 07 06', - 'name': 'algorithms', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6)}, - (1, 3, 6, 1, 5, 5, 7, 6, 1): {'comment': 'PKIX algorithm', - 'description': 'des40 (1 3 6 1 5 5 7 6 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 01', - 'name': 'des40', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 1)}, - (1, 3, 6, 1, 5, 5, 7, 6, 2): {'comment': 'PKIX algorithm', - 'description': 'noSignature (1 3 6 1 5 5 7 6 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 02', - 'name': 'noSignature', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 2)}, - (1, 3, 6, 1, 5, 5, 7, 6, 3): {'comment': 'PKIX algorithm', - 'description': 'dh-sig-hmac-sha1 (1 3 6 1 5 5 7 6 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 03', - 'name': 'dh-sig-hmac-sha1', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 3)}, - (1, 3, 6, 1, 5, 5, 7, 6, 4): {'comment': 'PKIX algorithm', - 'description': 'dh-pop (1 3 6 1 5 5 7 6 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 06 04', - 'name': 'dh-pop', - 'oid': (1, 3, 6, 1, 5, 5, 7, 6, 4)}, - (1, 3, 6, 1, 5, 5, 7, 7): {'comment': 'PKIX', - 'description': 'cmcControls (1 3 6 1 5 5 7 7)', - 'hexoid': '06 07 2B 06 01 05 05 07 07', - 'name': 'cmcControls', - 'oid': (1, 3, 6, 1, 5, 5, 7, 7)}, - (1, 3, 6, 1, 5, 5, 7, 8): {'comment': 'PKIX', - 'description': 'otherNames (1 3 6 1 5 5 7 8)', - 'hexoid': '06 07 2B 06 01 05 05 07 08', - 'name': 'otherNames', - 'oid': (1, 3, 6, 1, 5, 5, 7, 8)}, - (1, 3, 6, 1, 5, 5, 7, 8, 1): {'comment': 'PKIX other name', - 'description': 'personalData (1 3 6 1 5 5 7 8 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 08 01', - 'name': 'personalData', - 'oid': (1, 3, 6, 1, 5, 5, 7, 8, 1)}, - (1, 3, 6, 1, 5, 5, 7, 8, 2): {'comment': 'PKIX other name', - 'description': 'userGroup (1 3 6 1 5 5 7 8 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 08 02', - 'name': 'userGroup', - 'oid': (1, 3, 6, 1, 5, 5, 7, 8, 2)}, - (1, 3, 6, 1, 5, 5, 7, 9): {'comment': 'PKIX qualified certificates', - 'description': 'personalData (1 3 6 1 5 5 7 9)', - 'hexoid': '06 07 2B 06 01 05 05 07 09', - 'name': 'personalData', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9)}, - (1, 3, 6, 1, 5, 5, 7, 9, 1): {'comment': 'PKIX personal data', - 'description': 'dateOfBirth (1 3 6 1 5 5 7 9 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 01', - 'name': 'dateOfBirth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 1)}, - (1, 3, 6, 1, 5, 5, 7, 9, 2): {'comment': 'PKIX personal data', - 'description': 'placeOfBirth (1 3 6 1 5 5 7 9 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 02', - 'name': 'placeOfBirth', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 2)}, - (1, 3, 6, 1, 5, 5, 7, 9, 3): {'comment': 'PKIX personal data', - 'description': 'gender (1 3 6 1 5 5 7 9 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 03', - 'name': 'gender', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 3)}, - (1, 3, 6, 1, 5, 5, 7, 9, 4): {'comment': 'PKIX personal data', - 'description': 'countryOfCitizenship (1 3 6 1 5 5 7 9 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 04', - 'name': 'countryOfCitizenship', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 4)}, - (1, 3, 6, 1, 5, 5, 7, 9, 5): {'comment': 'PKIX personal data', - 'description': 'countryOfResidence (1 3 6 1 5 5 7 9 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 09 05', - 'name': 'countryOfResidence', - 'oid': (1, 3, 6, 1, 5, 5, 7, 9, 5)}, - (1, 3, 6, 1, 5, 5, 7, 10): {'comment': 'PKIX', - 'description': 'attributeCertificate (1 3 6 1 5 5 7 10)', - 'hexoid': '06 07 2B 06 01 05 05 07 0A', - 'name': 'attributeCertificate', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10)}, - (1, 3, 6, 1, 5, 5, 7, 10, 1): {'comment': 'PKIX attribute certificate extension', - 'description': 'authenticationInfo (1 3 6 1 5 5 7 10 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 01', - 'name': 'authenticationInfo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 1)}, - (1, 3, 6, 1, 5, 5, 7, 10, 2): {'comment': 'PKIX attribute certificate extension', - 'description': 'accessIdentity (1 3 6 1 5 5 7 10 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 02', - 'name': 'accessIdentity', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 2)}, - (1, 3, 6, 1, 5, 5, 7, 10, 3): {'comment': 'PKIX attribute certificate extension', - 'description': 'chargingIdentity (1 3 6 1 5 5 7 10 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 03', - 'name': 'chargingIdentity', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 3)}, - (1, 3, 6, 1, 5, 5, 7, 10, 4): {'comment': 'PKIX attribute certificate extension', - 'description': 'group (1 3 6 1 5 5 7 10 4)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 04', - 'name': 'group', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 4)}, - (1, 3, 6, 1, 5, 5, 7, 10, 5): {'comment': 'PKIX attribute certificate extension', - 'description': 'role (1 3 6 1 5 5 7 10 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 05', - 'name': 'role', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 5)}, - (1, 3, 6, 1, 5, 5, 7, 10, 6): {'comment': 'PKIX attribute certificate extension', - 'description': 'encAttrs (1 3 6 1 5 5 7 10 6)', - 'hexoid': '06 08 2B 06 01 05 05 07 0A 06', - 'name': 'encAttrs', - 'oid': (1, 3, 6, 1, 5, 5, 7, 10, 6)}, - (1, 3, 6, 1, 5, 5, 7, 11): {'comment': 'PKIX qualified certificates', - 'description': 'personalData (1 3 6 1 5 5 7 11)', - 'hexoid': '06 07 2B 06 01 05 05 07 0B', - 'name': 'personalData', - 'oid': (1, 3, 6, 1, 5, 5, 7, 11)}, - (1, 3, 6, 1, 5, 5, 7, 11, 1): {'comment': 'PKIX qualified certificates', - 'description': 'pkixQCSyntax-v1 (1 3 6 1 5 5 7 11 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 0B 01', - 'name': 'pkixQCSyntax-v1', - 'oid': (1, 3, 6, 1, 5, 5, 7, 11, 1)}, - (1, 3, 6, 1, 5, 5, 7, 14, 2): {'comment': 'RPKI project', - 'description': 'id-cp-ipAddr-asNumber (1 3 6 1 5 5 7 14 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 0E 02', - 'name': 'id-cp-ipAddr-asNumber', - 'oid': (1, 3, 6, 1, 5, 5, 7, 14, 2)}, - (1, 3, 6, 1, 5, 5, 7, 20): {'comment': 'PKIX qualified certificates', - 'description': 'logo (1 3 6 1 5 5 7 20)', - 'hexoid': '06 07 2B 06 01 05 05 07 14', - 'name': 'logo', - 'oid': (1, 3, 6, 1, 5, 5, 7, 20)}, - (1, 3, 6, 1, 5, 5, 7, 20, 1): {'comment': 'PKIX', - 'description': 'logoLoyalty (1 3 6 1 5 5 7 20 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 14 01', - 'name': 'logoLoyalty', - 'oid': (1, 3, 6, 1, 5, 5, 7, 20, 1)}, - (1, 3, 6, 1, 5, 5, 7, 20, 2): {'comment': 'PKIX', - 'description': 'logoBackground (1 3 6 1 5 5 7 20 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 14 02', - 'name': 'logoBackground', - 'oid': (1, 3, 6, 1, 5, 5, 7, 20, 2)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1): {'comment': 'PKIX', - 'description': 'ocsp (1 3 6 1 5 5 7 48 1)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 01', - 'name': 'ocsp', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 1): {'comment': 'OCSP', - 'description': 'ocspBasic (1 3 6 1 5 5 7 48 1 1)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 01', - 'name': 'ocspBasic', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 1)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 2): {'comment': 'OCSP', - 'description': 'ocspNonce (1 3 6 1 5 5 7 48 1 2)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 02', - 'name': 'ocspNonce', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 2)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 3): {'comment': 'OCSP', - 'description': 'ocspCRL (1 3 6 1 5 5 7 48 1 3)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 03', - 'name': 'ocspCRL', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 3)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 4): {'comment': 'OCSP', - 'description': 'ocspResponse (1 3 6 1 5 5 7 48 1 4)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 04', - 'name': 'ocspResponse', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 4)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 5): {'comment': 'OCSP', - 'description': 'ocspNoCheck (1 3 6 1 5 5 7 48 1 5)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 05', - 'name': 'ocspNoCheck', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 5)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 6): {'comment': 'OCSP', - 'description': 'ocspArchiveCutoff (1 3 6 1 5 5 7 48 1 6)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 06', - 'name': 'ocspArchiveCutoff', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 6)}, - (1, 3, 6, 1, 5, 5, 7, 48, 1, 7): {'comment': 'OCSP', - 'description': 'ocspServiceLocator (1 3 6 1 5 5 7 48 1 7)', - 'hexoid': '06 09 2B 06 01 05 05 07 30 01 07', - 'name': 'ocspServiceLocator', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 1, 7)}, - (1, 3, 6, 1, 5, 5, 7, 48, 2): {'comment': 'PKIX subject/authority info access descriptor', - 'description': 'caIssuers (1 3 6 1 5 5 7 48 2)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 02', - 'name': 'caIssuers', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 2)}, - (1, 3, 6, 1, 5, 5, 7, 48, 3): {'comment': 'PKIX subject/authority info access descriptor', - 'description': 'timeStamping (1 3 6 1 5 5 7 48 3)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 03', - 'name': 'timeStamping', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 3)}, - (1, 3, 6, 1, 5, 5, 7, 48, 5): {'comment': 'PKIX subject/authority info access descriptor', - 'description': 'caRepository (1 3 6 1 5 5 7 48 5)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 05', - 'name': 'caRepository', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 5)}, - (1, 3, 6, 1, 5, 5, 7, 48, 9): {'comment': 'RPKI project', - 'description': 'id-ad-signedObjectRepository (1 3 6 1 5 5 7 48 9)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 09', - 'name': 'id-ad-signedObjectRepository', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 9)}, - (1, 3, 6, 1, 5, 5, 7, 48, 10): {'comment': 'RPKI project', - 'description': 'id-ad-rpkiManifest (1 3 6 1 5 5 7 48 10)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 0A', - 'name': 'id-ad-rpkiManifest', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 10)}, - (1, 3, 6, 1, 5, 5, 7, 48, 11): {'comment': 'RPKI project', - 'description': 'id-ad-signedObject (1 3 6 1 5 5 7 48 11)', - 'hexoid': '06 08 2B 06 01 05 05 07 30 0B', - 'name': 'id-ad-signedObject', - 'oid': (1, 3, 6, 1, 5, 5, 7, 48, 11)}, - (1, 3, 6, 1, 5, 5, 8, 1, 1): {'comment': 'ISAKMP HMAC algorithm', - 'description': 'hmacMD5 (1 3 6 1 5 5 8 1 1)', - 'hexoid': '06 08 2B 06 01 05 05 08 01 01', - 'name': 'hmacMD5', - 'oid': (1, 3, 6, 1, 5, 5, 8, 1, 1)}, - (1, 3, 6, 1, 5, 5, 8, 1, 2): {'comment': 'ISAKMP HMAC algorithm', - 'description': 'hmacSHA (1 3 6 1 5 5 8 1 2)', - 'hexoid': '06 08 2B 06 01 05 05 08 01 02', - 'name': 'hmacSHA', - 'oid': (1, 3, 6, 1, 5, 5, 8, 1, 2)}, - (1, 3, 6, 1, 5, 5, 8, 1, 3): {'comment': 'ISAKMP HMAC algorithm', - 'description': 'hmacTiger (1 3 6 1 5 5 8 1 3)', - 'hexoid': '06 08 2B 06 01 05 05 08 01 03', - 'name': 'hmacTiger', - 'oid': (1, 3, 6, 1, 5, 5, 8, 1, 3)}, - (1, 3, 6, 1, 5, 5, 8, 2, 2): {'comment': 'IKE ???', - 'description': 'iKEIntermediate (1 3 6 1 5 5 8 2 2)', - 'hexoid': '06 08 2B 06 01 05 05 08 02 02', - 'name': 'iKEIntermediate', - 'oid': (1, 3, 6, 1, 5, 5, 8, 2, 2)}, - (1, 3, 12, 2, 1011, 7, 1): {'comment': 'DASS algorithm', - 'description': 'decEncryptionAlgorithm (1 3 12 2 1011 7 1)', - 'hexoid': '06 07 2B 0C 02 87 73 07 01', - 'name': 'decEncryptionAlgorithm', - 'oid': (1, 3, 12, 2, 1011, 7, 1)}, - (1, 3, 12, 2, 1011, 7, 1, 2): {'comment': 'DASS encryption algorithm', - 'description': 'decDEA (1 3 12 2 1011 7 1 2)', - 'hexoid': '06 08 2B 0C 02 87 73 07 01 02', - 'name': 'decDEA', - 'oid': (1, 3, 12, 2, 1011, 7, 1, 2)}, - (1, 3, 12, 2, 1011, 7, 2): {'comment': 'DASS algorithm', - 'description': 'decHashAlgorithm (1 3 12 2 1011 7 2)', - 'hexoid': '06 07 2B 0C 02 87 73 07 02', - 'name': 'decHashAlgorithm', - 'oid': (1, 3, 12, 2, 1011, 7, 2)}, - (1, 3, 12, 2, 1011, 7, 2, 1): {'comment': 'DASS hash algorithm', - 'description': 'decMD2 (1 3 12 2 1011 7 2 1)', - 'hexoid': '06 08 2B 0C 02 87 73 07 02 01', - 'name': 'decMD2', - 'oid': (1, 3, 12, 2, 1011, 7, 2, 1)}, - (1, 3, 12, 2, 1011, 7, 2, 2): {'comment': 'DASS hash algorithm', - 'description': 'decMD4 (1 3 12 2 1011 7 2 2)', - 'hexoid': '06 08 2B 0C 02 87 73 07 02 02', - 'name': 'decMD4', - 'oid': (1, 3, 12, 2, 1011, 7, 2, 2)}, - (1, 3, 12, 2, 1011, 7, 3): {'comment': 'DASS algorithm', - 'description': 'decSignatureAlgorithm (1 3 12 2 1011 7 3)', - 'hexoid': '06 07 2B 0C 02 87 73 07 03', - 'name': 'decSignatureAlgorithm', - 'oid': (1, 3, 12, 2, 1011, 7, 3)}, - (1, 3, 12, 2, 1011, 7, 3, 1): {'comment': 'DASS signature algorithm', - 'description': 'decMD2withRSA (1 3 12 2 1011 7 3 1)', - 'hexoid': '06 08 2B 0C 02 87 73 07 03 01', - 'name': 'decMD2withRSA', - 'oid': (1, 3, 12, 2, 1011, 7, 3, 1)}, - (1, 3, 12, 2, 1011, 7, 3, 2): {'comment': 'DASS signature algorithm', - 'description': 'decMD4withRSA (1 3 12 2 1011 7 3 2)', - 'hexoid': '06 08 2B 0C 02 87 73 07 03 02', - 'name': 'decMD4withRSA', - 'oid': (1, 3, 12, 2, 1011, 7, 3, 2)}, - (1, 3, 12, 2, 1011, 7, 3, 3): {'comment': 'DASS signature algorithm', - 'description': 'decDEAMAC (1 3 12 2 1011 7 3 3)', - 'hexoid': '06 08 2B 0C 02 87 73 07 03 03', - 'name': 'decDEAMAC', - 'oid': (1, 3, 12, 2, 1011, 7, 3, 3)}, - (1, 3, 14, 2, 26, 5): {'comment': 'Unsure about this OID', - 'description': 'sha (1 3 14 2 26 5)', - 'hexoid': '06 05 2B 0E 02 1A 05', - 'name': 'sha', - 'oid': (1, 3, 14, 2, 26, 5)}, - (1, 3, 14, 3, 2, 1, 1): {'comment': 'X.509. Unsure about this OID', - 'description': 'rsa (1 3 14 3 2 1 1)', - 'hexoid': '06 06 2B 0E 03 02 01 01', - 'name': 'rsa', - 'oid': (1, 3, 14, 3, 2, 1, 1)}, - (1, 3, 14, 3, 2, 2): {'comment': 'Oddball OIW OID', - 'description': 'md4WitRSA (1 3 14 3 2 2)', - 'hexoid': '06 05 2B 0E 03 02 02', - 'name': 'md4WitRSA', - 'oid': (1, 3, 14, 3, 2, 2)}, - (1, 3, 14, 3, 2, 3): {'comment': 'Oddball OIW OID', - 'description': 'md5WithRSA (1 3 14 3 2 3)', - 'hexoid': '06 05 2B 0E 03 02 03', - 'name': 'md5WithRSA', - 'oid': (1, 3, 14, 3, 2, 3)}, - (1, 3, 14, 3, 2, 4): {'comment': 'Oddball OIW OID', - 'description': 'md4WithRSAEncryption (1 3 14 3 2 4)', - 'hexoid': '06 05 2B 0E 03 02 04', - 'name': 'md4WithRSAEncryption', - 'oid': (1, 3, 14, 3, 2, 4)}, - (1, 3, 14, 3, 2, 6): {'description': 'desECB (1 3 14 3 2 6)', - 'hexoid': '06 05 2B 0E 03 02 06', - 'name': 'desECB', - 'oid': (1, 3, 14, 3, 2, 6)}, - (1, 3, 14, 3, 2, 7): {'description': 'desCBC (1 3 14 3 2 7)', - 'hexoid': '06 05 2B 0E 03 02 07', - 'name': 'desCBC', - 'oid': (1, 3, 14, 3, 2, 7)}, - (1, 3, 14, 3, 2, 8): {'description': 'desOFB (1 3 14 3 2 8)', - 'hexoid': '06 05 2B 0E 03 02 08', - 'name': 'desOFB', - 'oid': (1, 3, 14, 3, 2, 8)}, - (1, 3, 14, 3, 2, 9): {'description': 'desCFB (1 3 14 3 2 9)', - 'hexoid': '06 05 2B 0E 03 02 09', - 'name': 'desCFB', - 'oid': (1, 3, 14, 3, 2, 9)}, - (1, 3, 14, 3, 2, 10): {'description': 'desMAC (1 3 14 3 2 10)', - 'hexoid': '06 05 2B 0E 03 02 0A', - 'name': 'desMAC', - 'oid': (1, 3, 14, 3, 2, 10)}, - (1, 3, 14, 3, 2, 11): {'comment': 'ISO 9796-2, also X9.31 Part 1', - 'description': 'rsaSignature (1 3 14 3 2 11)', - 'hexoid': '06 05 2B 0E 03 02 0B', - 'name': 'rsaSignature', - 'oid': (1, 3, 14, 3, 2, 11)}, - (1, 3, 14, 3, 2, 14): {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'mdc2WithRSASignature (1 3 14 3 2 14)', - 'hexoid': '06 05 2B 0E 03 02 0E', - 'name': 'mdc2WithRSASignature', - 'oid': (1, 3, 14, 3, 2, 14)}, - (1, 3, 14, 3, 2, 15): {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'shaWithRSASignature (1 3 14 3 2 15)', - 'hexoid': '06 05 2B 0E 03 02 0F', - 'name': 'shaWithRSASignature', - 'oid': (1, 3, 14, 3, 2, 15)}, - (1, 3, 14, 3, 2, 17): {'comment': 'Oddball OIW OID. Mode is ECB', - 'description': 'desEDE (1 3 14 3 2 17)', - 'hexoid': '06 05 2B 0E 03 02 11', - 'name': 'desEDE', - 'oid': (1, 3, 14, 3, 2, 17)}, - (1, 3, 14, 3, 2, 18): {'comment': 'Oddball OIW OID', - 'description': 'sha (1 3 14 3 2 18)', - 'hexoid': '06 05 2B 0E 03 02 12', - 'name': 'sha', - 'oid': (1, 3, 14, 3, 2, 18)}, - (1, 3, 14, 3, 2, 19): {'comment': 'Oddball OIW OID, DES-based hash, planned for X9.31 Part 2', - 'description': 'mdc-2 (1 3 14 3 2 19)', - 'hexoid': '06 05 2B 0E 03 02 13', - 'name': 'mdc-2', - 'oid': (1, 3, 14, 3, 2, 19)}, - (1, 3, 14, 3, 2, 22): {'comment': 'Oddball OIW OID', - 'description': 'rsaKeyTransport (1 3 14 3 2 22)', - 'hexoid': '06 05 2B 0E 03 02 16', - 'name': 'rsaKeyTransport', - 'oid': (1, 3, 14, 3, 2, 22)}, - (1, 3, 14, 3, 2, 23): {'comment': 'Oddball OIW OID', - 'description': 'keyed-hash-seal (1 3 14 3 2 23)', - 'hexoid': '06 05 2B 0E 03 02 17', - 'name': 'keyed-hash-seal', - 'oid': (1, 3, 14, 3, 2, 23)}, - (1, 3, 14, 3, 2, 24): {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'md2WithRSASignature (1 3 14 3 2 24)', - 'hexoid': '06 05 2B 0E 03 02 18', - 'name': 'md2WithRSASignature', - 'oid': (1, 3, 14, 3, 2, 24)}, - (1, 3, 14, 3, 2, 25): {'comment': 'Oddball OIW OID using 9796-2 padding rules', - 'description': 'md5WithRSASignature (1 3 14 3 2 25)', - 'hexoid': '06 05 2B 0E 03 02 19', - 'name': 'md5WithRSASignature', - 'oid': (1, 3, 14, 3, 2, 25)}, - (1, 3, 14, 3, 2, 26): {'comment': 'OIW', - 'description': 'sha1 (1 3 14 3 2 26)', - 'hexoid': '06 05 2B 0E 03 02 1A', - 'name': 'sha1', - 'oid': (1, 3, 14, 3, 2, 26)}, - (1, 3, 14, 3, 2, 27): {'comment': 'OIW. This OID may also be assigned as ripemd-160', - 'description': 'dsaWithSHA1 (1 3 14 3 2 27)', - 'hexoid': '06 05 2B 0E 03 02 1B', - 'name': 'dsaWithSHA1', - 'oid': (1, 3, 14, 3, 2, 27)}, - (1, 3, 14, 3, 2, 28): {'comment': 'OIW', - 'description': 'dsaWithCommonSHA1 (1 3 14 3 2 28)', - 'hexoid': '06 05 2B 0E 03 02 1C', - 'name': 'dsaWithCommonSHA1', - 'oid': (1, 3, 14, 3, 2, 28)}, - (1, 3, 14, 3, 2, 29): {'comment': 'Oddball OIW OID', - 'description': 'sha-1WithRSAEncryption (1 3 14 3 2 29)', - 'hexoid': '06 05 2B 0E 03 02 1D', - 'name': 'sha-1WithRSAEncryption', - 'oid': (1, 3, 14, 3, 2, 29)}, - (1, 3, 14, 3, 3, 1): {'comment': 'Oddball OIW OID', - 'description': 'simple-strong-auth-mechanism (1 3 14 3 3 1)', - 'hexoid': '06 05 2B 0E 03 03 01', - 'name': 'simple-strong-auth-mechanism', - 'oid': (1, 3, 14, 3, 3, 1)}, - (1, 3, 14, 7, 2, 1, 1): {'comment': 'Unsure about this OID', - 'description': 'ElGamal (1 3 14 7 2 1 1)', - 'hexoid': '06 06 2B 0E 07 02 01 01', - 'name': 'ElGamal', - 'oid': (1, 3, 14, 7, 2, 1, 1)}, - (1, 3, 14, 7, 2, 3, 1): {'comment': 'Unsure about this OID', - 'description': 'md2WithRSA (1 3 14 7 2 3 1)', - 'hexoid': '06 06 2B 0E 07 02 03 01', - 'name': 'md2WithRSA', - 'oid': (1, 3, 14, 7, 2, 3, 1)}, - (1, 3, 14, 7, 2, 3, 2): {'comment': 'Unsure about this OID', - 'description': 'md2WithElGamal (1 3 14 7 2 3 2)', - 'hexoid': '06 06 2B 0E 07 02 03 02', - 'name': 'md2WithElGamal', - 'oid': (1, 3, 14, 7, 2, 3, 2)}, - (1, 3, 36, 1): {'comment': 'Teletrust document', - 'description': 'document (1 3 36 1)', - 'hexoid': '06 03 2B 24 01', - 'name': 'document', - 'oid': (1, 3, 36, 1)}, - (1, 3, 36, 1, 1): {'comment': 'Teletrust document', - 'description': 'finalVersion (1 3 36 1 1)', - 'hexoid': '06 04 2B 24 01 01', - 'name': 'finalVersion', - 'oid': (1, 3, 36, 1, 1)}, - (1, 3, 36, 1, 2): {'comment': 'Teletrust document', - 'description': 'draft (1 3 36 1 2)', - 'hexoid': '06 04 2B 24 01 02', - 'name': 'draft', - 'oid': (1, 3, 36, 1, 2)}, - (1, 3, 36, 2): {'comment': 'Teletrust sio', - 'description': 'sio (1 3 36 2)', - 'hexoid': '06 03 2B 24 02', - 'name': 'sio', - 'oid': (1, 3, 36, 2)}, - (1, 3, 36, 2, 1): {'comment': 'Teletrust sio', - 'description': 'sedu (1 3 36 2 1)', - 'hexoid': '06 04 2B 24 02 01', - 'name': 'sedu', - 'oid': (1, 3, 36, 2, 1)}, - (1, 3, 36, 3): {'comment': 'Teletrust algorithm', - 'description': 'algorithm (1 3 36 3)', - 'hexoid': '06 03 2B 24 03', - 'name': 'algorithm', - 'oid': (1, 3, 36, 3)}, - (1, 3, 36, 3, 1): {'comment': 'Teletrust algorithm', - 'description': 'encryptionAlgorithm (1 3 36 3 1)', - 'hexoid': '06 04 2B 24 03 01', - 'name': 'encryptionAlgorithm', - 'oid': (1, 3, 36, 3, 1)}, - (1, 3, 36, 3, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'des (1 3 36 3 1 1)', - 'hexoid': '06 05 2B 24 03 01 01', - 'name': 'des', - 'oid': (1, 3, 36, 3, 1, 1)}, - (1, 3, 36, 3, 1, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'desECB_pad (1 3 36 3 1 1 1)', - 'hexoid': '06 06 2B 24 03 01 01 01', - 'name': 'desECB_pad', - 'oid': (1, 3, 36, 3, 1, 1, 1)}, - (1, 3, 36, 3, 1, 1, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'desECB_ISOpad (1 3 36 3 1 1 1 1)', - 'hexoid': '06 07 2B 24 03 01 01 01 01', - 'name': 'desECB_ISOpad', - 'oid': (1, 3, 36, 3, 1, 1, 1, 1)}, - (1, 3, 36, 3, 1, 1, 2, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'desCBC_pad (1 3 36 3 1 1 2 1)', - 'hexoid': '06 07 2B 24 03 01 01 02 01', - 'name': 'desCBC_pad', - 'oid': (1, 3, 36, 3, 1, 1, 2, 1)}, - (1, 3, 36, 3, 1, 1, 2, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'desCBC_ISOpad (1 3 36 3 1 1 2 1 1)', - 'hexoid': '06 08 2B 24 03 01 01 02 01 01', - 'name': 'desCBC_ISOpad', - 'oid': (1, 3, 36, 3, 1, 1, 2, 1, 1)}, - (1, 3, 36, 3, 1, 2): {'comment': 'Teletrust encryption algorithm', - 'description': 'idea (1 3 36 3 1 2)', - 'hexoid': '06 05 2B 24 03 01 02', - 'name': 'idea', - 'oid': (1, 3, 36, 3, 1, 2)}, - (1, 3, 36, 3, 1, 2, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaECB (1 3 36 3 1 2 1)', - 'hexoid': '06 06 2B 24 03 01 02 01', - 'name': 'ideaECB', - 'oid': (1, 3, 36, 3, 1, 2, 1)}, - (1, 3, 36, 3, 1, 2, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaECB_pad (1 3 36 3 1 2 1 1)', - 'hexoid': '06 07 2B 24 03 01 02 01 01', - 'name': 'ideaECB_pad', - 'oid': (1, 3, 36, 3, 1, 2, 1, 1)}, - (1, 3, 36, 3, 1, 2, 1, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaECB_ISOpad (1 3 36 3 1 2 1 1 1)', - 'hexoid': '06 08 2B 24 03 01 02 01 01 01', - 'name': 'ideaECB_ISOpad', - 'oid': (1, 3, 36, 3, 1, 2, 1, 1, 1)}, - (1, 3, 36, 3, 1, 2, 2): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCBC (1 3 36 3 1 2 2)', - 'hexoid': '06 06 2B 24 03 01 02 02', - 'name': 'ideaCBC', - 'oid': (1, 3, 36, 3, 1, 2, 2)}, - (1, 3, 36, 3, 1, 2, 2, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCBC_pad (1 3 36 3 1 2 2 1)', - 'hexoid': '06 07 2B 24 03 01 02 02 01', - 'name': 'ideaCBC_pad', - 'oid': (1, 3, 36, 3, 1, 2, 2, 1)}, - (1, 3, 36, 3, 1, 2, 2, 1, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1)', - 'hexoid': '06 08 2B 24 03 01 02 02 01 01', - 'name': 'ideaCBC_ISOpad', - 'oid': (1, 3, 36, 3, 1, 2, 2, 1, 1)}, - (1, 3, 36, 3, 1, 2, 3): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaOFB (1 3 36 3 1 2 3)', - 'hexoid': '06 06 2B 24 03 01 02 03', - 'name': 'ideaOFB', - 'oid': (1, 3, 36, 3, 1, 2, 3)}, - (1, 3, 36, 3, 1, 2, 4): {'comment': 'Teletrust encryption algorithm', - 'description': 'ideaCFB (1 3 36 3 1 2 4)', - 'hexoid': '06 06 2B 24 03 01 02 04', - 'name': 'ideaCFB', - 'oid': (1, 3, 36, 3, 1, 2, 4)}, - (1, 3, 36, 3, 1, 3): {'comment': 'Teletrust encryption algorithm', - 'description': 'des_3 (1 3 36 3 1 3)', - 'hexoid': '06 05 2B 24 03 01 03', - 'name': 'des_3', - 'oid': (1, 3, 36, 3, 1, 3)}, - (1, 3, 36, 3, 1, 3, 1, 1): {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3ECB_pad (1 3 36 3 1 3 1 1)', - 'hexoid': '06 07 2B 24 03 01 03 01 01', - 'name': 'des_3ECB_pad', - 'oid': (1, 3, 36, 3, 1, 3, 1, 1)}, - (1, 3, 36, 3, 1, 3, 1, 1, 1): {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1)', - 'hexoid': '06 08 2B 24 03 01 03 01 01 01', - 'name': 'des_3ECB_ISOpad', - 'oid': (1, 3, 36, 3, 1, 3, 1, 1, 1)}, - (1, 3, 36, 3, 1, 3, 2, 1): {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3CBC_pad (1 3 36 3 1 3 2 1)', - 'hexoid': '06 07 2B 24 03 01 03 02 01', - 'name': 'des_3CBC_pad', - 'oid': (1, 3, 36, 3, 1, 3, 2, 1)}, - (1, 3, 36, 3, 1, 3, 2, 1, 1): {'comment': 'Teletrust encryption algorithm. EDE triple DES', - 'description': 'des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1)', - 'hexoid': '06 08 2B 24 03 01 03 02 01 01', - 'name': 'des_3CBC_ISOpad', - 'oid': (1, 3, 36, 3, 1, 3, 2, 1, 1)}, - (1, 3, 36, 3, 1, 4): {'comment': 'Teletrust encryption algorithm', - 'description': 'rsaEncryption (1 3 36 3 1 4)', - 'hexoid': '06 05 2B 24 03 01 04', - 'name': 'rsaEncryption', - 'oid': (1, 3, 36, 3, 1, 4)}, - (1, 3, 36, 3, 1, 4, 512, 17): {'comment': 'Teletrust encryption algorithm', - 'description': 'rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17)', - 'hexoid': '06 08 2B 24 03 01 04 84 00 11', - 'name': 'rsaEncryptionWithlmod512expe17', - 'oid': (1, 3, 36, 3, 1, 4, 512, 17)}, - (1, 3, 36, 3, 1, 5): {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi-1 (1 3 36 3 1 5)', - 'hexoid': '06 05 2B 24 03 01 05', - 'name': 'bsi-1', - 'oid': (1, 3, 36, 3, 1, 5)}, - (1, 3, 36, 3, 1, 5, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi_1ECB_pad (1 3 36 3 1 5 1)', - 'hexoid': '06 06 2B 24 03 01 05 01', - 'name': 'bsi_1ECB_pad', - 'oid': (1, 3, 36, 3, 1, 5, 1)}, - (1, 3, 36, 3, 1, 5, 2): {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi_1CBC_pad (1 3 36 3 1 5 2)', - 'hexoid': '06 06 2B 24 03 01 05 02', - 'name': 'bsi_1CBC_pad', - 'oid': (1, 3, 36, 3, 1, 5, 2)}, - (1, 3, 36, 3, 1, 5, 2, 1): {'comment': 'Teletrust encryption algorithm', - 'description': 'bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1)', - 'hexoid': '06 07 2B 24 03 01 05 02 01', - 'name': 'bsi_1CBC_PEMpad', - 'oid': (1, 3, 36, 3, 1, 5, 2, 1)}, - (1, 3, 36, 3, 2): {'comment': 'Teletrust algorithm', - 'description': 'hashAlgorithm (1 3 36 3 2)', - 'hexoid': '06 04 2B 24 03 02', - 'name': 'hashAlgorithm', - 'oid': (1, 3, 36, 3, 2)}, - (1, 3, 36, 3, 2, 1): {'comment': 'Teletrust hash algorithm', - 'description': 'ripemd160 (1 3 36 3 2 1)', - 'hexoid': '06 05 2B 24 03 02 01', - 'name': 'ripemd160', - 'oid': (1, 3, 36, 3, 2, 1)}, - (1, 3, 36, 3, 2, 2): {'comment': 'Teletrust hash algorithm', - 'description': 'ripemd128 (1 3 36 3 2 2)', - 'hexoid': '06 05 2B 24 03 02 02', - 'name': 'ripemd128', - 'oid': (1, 3, 36, 3, 2, 2)}, - (1, 3, 36, 3, 2, 3): {'comment': 'Teletrust hash algorithm', - 'description': 'ripemd256 (1 3 36 3 2 3)', - 'hexoid': '06 05 2B 24 03 02 03', - 'name': 'ripemd256', - 'oid': (1, 3, 36, 3, 2, 3)}, - (1, 3, 36, 3, 2, 4): {'comment': 'Teletrust hash algorithm', - 'description': 'mdc2singleLength (1 3 36 3 2 4)', - 'hexoid': '06 05 2B 24 03 02 04', - 'name': 'mdc2singleLength', - 'oid': (1, 3, 36, 3, 2, 4)}, - (1, 3, 36, 3, 2, 5): {'comment': 'Teletrust hash algorithm', - 'description': 'mdc2doubleLength (1 3 36 3 2 5)', - 'hexoid': '06 05 2B 24 03 02 05', - 'name': 'mdc2doubleLength', - 'oid': (1, 3, 36, 3, 2, 5)}, - (1, 3, 36, 3, 3): {'comment': 'Teletrust algorithm', - 'description': 'signatureAlgorithm (1 3 36 3 3)', - 'hexoid': '06 04 2B 24 03 03', - 'name': 'signatureAlgorithm', - 'oid': (1, 3, 36, 3, 3)}, - (1, 3, 36, 3, 3, 1): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignature (1 3 36 3 3 1)', - 'hexoid': '06 05 2B 24 03 03 01', - 'name': 'rsaSignature', - 'oid': (1, 3, 36, 3, 3, 1)}, - (1, 3, 36, 3, 3, 1, 1): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1 (1 3 36 3 3 1 1)', - 'hexoid': '06 06 2B 24 03 03 01 01', - 'name': 'rsaSignatureWithsha1', - 'oid': (1, 3, 36, 3, 3, 1, 1)}, - (1, 3, 36, 3, 3, 1, 1, 512, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 02', - 'name': 'rsaSignatureWithsha1_l512_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 2)}, - (1, 3, 36, 3, 3, 1, 1, 512, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 03', - 'name': 'rsaSignatureWithsha1_l512_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 3)}, - (1, 3, 36, 3, 3, 1, 1, 512, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 05', - 'name': 'rsaSignatureWithsha1_l512_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 5)}, - (1, 3, 36, 3, 3, 1, 1, 512, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 09', - 'name': 'rsaSignatureWithsha1_l512_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 9)}, - (1, 3, 36, 3, 3, 1, 1, 512, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 84 00 0B', - 'name': 'rsaSignatureWithsha1_l512_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 512, 11)}, - (1, 3, 36, 3, 3, 1, 1, 640, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 02', - 'name': 'rsaSignatureWithsha1_l640_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 2)}, - (1, 3, 36, 3, 3, 1, 1, 640, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 03', - 'name': 'rsaSignatureWithsha1_l640_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 3)}, - (1, 3, 36, 3, 3, 1, 1, 640, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 05', - 'name': 'rsaSignatureWithsha1_l640_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 5)}, - (1, 3, 36, 3, 3, 1, 1, 640, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 09', - 'name': 'rsaSignatureWithsha1_l640_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 9)}, - (1, 3, 36, 3, 3, 1, 1, 640, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 85 00 0B', - 'name': 'rsaSignatureWithsha1_l640_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 640, 11)}, - (1, 3, 36, 3, 3, 1, 1, 768, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 02', - 'name': 'rsaSignatureWithsha1_l768_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 2)}, - (1, 3, 36, 3, 3, 1, 1, 768, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 03', - 'name': 'rsaSignatureWithsha1_l768_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 3)}, - (1, 3, 36, 3, 3, 1, 1, 768, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 05', - 'name': 'rsaSignatureWithsha1_l768_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 5)}, - (1, 3, 36, 3, 3, 1, 1, 768, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 09', - 'name': 'rsaSignatureWithsha1_l768_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 9)}, - (1, 3, 36, 3, 3, 1, 1, 768, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 86 00 0B', - 'name': 'rsaSignatureWithsha1_l768_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 768, 11)}, - (1, 3, 36, 3, 3, 1, 1, 896, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 896 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 02', - 'name': 'rsaSignatureWithsha1_l896_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 2)}, - (1, 3, 36, 3, 3, 1, 1, 896, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 03', - 'name': 'rsaSignatureWithsha1_l896_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 3)}, - (1, 3, 36, 3, 3, 1, 1, 896, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 05', - 'name': 'rsaSignatureWithsha1_l896_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 5)}, - (1, 3, 36, 3, 3, 1, 1, 896, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 09', - 'name': 'rsaSignatureWithsha1_l896_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 9)}, - (1, 3, 36, 3, 3, 1, 1, 896, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 87 00 0B', - 'name': 'rsaSignatureWithsha1_l896_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 896, 11)}, - (1, 3, 36, 3, 3, 1, 1, 1024, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 02', - 'name': 'rsaSignatureWithsha1_l1024_l2', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 2)}, - (1, 3, 36, 3, 3, 1, 1, 1024, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 03', - 'name': 'rsaSignatureWithsha1_l1024_l3', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 3)}, - (1, 3, 36, 3, 3, 1, 1, 1024, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 05', - 'name': 'rsaSignatureWithsha1_l1024_l5', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 5)}, - (1, 3, 36, 3, 3, 1, 1, 1024, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 09', - 'name': 'rsaSignatureWithsha1_l1024_l9', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 9)}, - (1, 3, 36, 3, 3, 1, 1, 1024, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11)', - 'hexoid': '06 09 2B 24 03 03 01 01 88 00 0B', - 'name': 'rsaSignatureWithsha1_l1024_l11', - 'oid': (1, 3, 36, 3, 3, 1, 1, 1024, 11)}, - (1, 3, 36, 3, 3, 1, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160 (1 3 36 3 3 1 2)', - 'hexoid': '06 06 2B 24 03 03 01 02', - 'name': 'rsaSignatureWithripemd160', - 'oid': (1, 3, 36, 3, 3, 1, 2)}, - (1, 3, 36, 3, 3, 1, 2, 512, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 02', - 'name': 'rsaSignatureWithripemd160_l512_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 2)}, - (1, 3, 36, 3, 3, 1, 2, 512, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 03', - 'name': 'rsaSignatureWithripemd160_l512_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 3)}, - (1, 3, 36, 3, 3, 1, 2, 512, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 05', - 'name': 'rsaSignatureWithripemd160_l512_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 5)}, - (1, 3, 36, 3, 3, 1, 2, 512, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 09', - 'name': 'rsaSignatureWithripemd160_l512_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 9)}, - (1, 3, 36, 3, 3, 1, 2, 512, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 84 00 0B', - 'name': 'rsaSignatureWithripemd160_l512_l11', - 'oid': (1, 3, 36, 3, 3, 1, 2, 512, 11)}, - (1, 3, 36, 3, 3, 1, 2, 640, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 02', - 'name': 'rsaSignatureWithripemd160_l640_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 2)}, - (1, 3, 36, 3, 3, 1, 2, 640, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 03', - 'name': 'rsaSignatureWithripemd160_l640_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 3)}, - (1, 3, 36, 3, 3, 1, 2, 640, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 05', - 'name': 'rsaSignatureWithripemd160_l640_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 5)}, - (1, 3, 36, 3, 3, 1, 2, 640, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 09', - 'name': 'rsaSignatureWithripemd160_l640_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 9)}, - (1, 3, 36, 3, 3, 1, 2, 640, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 85 00 0B', - 'name': 'rsaSignatureWithripemd160_l640_l11', - 'oid': (1, 3, 36, 3, 3, 1, 2, 640, 11)}, - (1, 3, 36, 3, 3, 1, 2, 768, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 02', - 'name': 'rsaSignatureWithripemd160_l768_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 2)}, - (1, 3, 36, 3, 3, 1, 2, 768, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 03', - 'name': 'rsaSignatureWithripemd160_l768_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 3)}, - (1, 3, 36, 3, 3, 1, 2, 768, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 05', - 'name': 'rsaSignatureWithripemd160_l768_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 5)}, - (1, 3, 36, 3, 3, 1, 2, 768, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 09', - 'name': 'rsaSignatureWithripemd160_l768_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 9)}, - (1, 3, 36, 3, 3, 1, 2, 768, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 86 00 0B', - 'name': 'rsaSignatureWithripemd160_l768_l11', - 'oid': (1, 3, 36, 3, 3, 1, 2, 768, 11)}, - (1, 3, 36, 3, 3, 1, 2, 896, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 896 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 02', - 'name': 'rsaSignatureWithripemd160_l896_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 2)}, - (1, 3, 36, 3, 3, 1, 2, 896, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 03', - 'name': 'rsaSignatureWithripemd160_l896_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 3)}, - (1, 3, 36, 3, 3, 1, 2, 896, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 05', - 'name': 'rsaSignatureWithripemd160_l896_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 5)}, - (1, 3, 36, 3, 3, 1, 2, 896, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 09', - 'name': 'rsaSignatureWithripemd160_l896_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 9)}, - (1, 3, 36, 3, 3, 1, 2, 896, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 87 00 0B', - 'name': 'rsaSignatureWithripemd160_l896_l11', - 'oid': (1, 3, 36, 3, 3, 1, 2, 896, 11)}, - (1, 3, 36, 3, 3, 1, 2, 1024, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 02', - 'name': 'rsaSignatureWithripemd160_l1024_l2', - 'oid': (1, 3, 36, 3, 3, 1, 2, 1024, 2)}, - (1, 3, 36, 3, 3, 1, 2, 1024, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 03', - 'name': 'rsaSignatureWithripemd160_l1024_l3', - 'oid': (1, 3, 36, 3, 3, 1, 2, 1024, 3)}, - (1, 3, 36, 3, 3, 1, 2, 1024, 5): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 05', - 'name': 'rsaSignatureWithripemd160_l1024_l5', - 'oid': (1, 3, 36, 3, 3, 1, 2, 1024, 5)}, - (1, 3, 36, 3, 3, 1, 2, 1024, 9): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 09', - 'name': 'rsaSignatureWithripemd160_l1024_l9', - 'oid': (1, 3, 36, 3, 3, 1, 2, 1024, 9)}, - (1, 3, 36, 3, 3, 1, 2, 1024, 11): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11)', - 'hexoid': '06 09 2B 24 03 03 01 02 88 00 0B', - 'name': 'rsaSignatureWithripemd160_l1024_l11', - 'oid': (1, 3, 36, 3, 3, 1, 2, 1024, 11)}, - (1, 3, 36, 3, 3, 1, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3)', - 'hexoid': '06 06 2B 24 03 03 01 03', - 'name': 'rsaSignatureWithrimpemd128', - 'oid': (1, 3, 36, 3, 3, 1, 3)}, - (1, 3, 36, 3, 3, 1, 4): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4)', - 'hexoid': '06 06 2B 24 03 03 01 04', - 'name': 'rsaSignatureWithrimpemd256', - 'oid': (1, 3, 36, 3, 3, 1, 4)}, - (1, 3, 36, 3, 3, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSign (1 3 36 3 3 2)', - 'hexoid': '06 05 2B 24 03 03 02', - 'name': 'ecsieSign', - 'oid': (1, 3, 36, 3, 3, 2)}, - (1, 3, 36, 3, 3, 2, 1): {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithsha1 (1 3 36 3 3 2 1)', - 'hexoid': '06 06 2B 24 03 03 02 01', - 'name': 'ecsieSignWithsha1', - 'oid': (1, 3, 36, 3, 3, 2, 1)}, - (1, 3, 36, 3, 3, 2, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithripemd160 (1 3 36 3 3 2 2)', - 'hexoid': '06 06 2B 24 03 03 02 02', - 'name': 'ecsieSignWithripemd160', - 'oid': (1, 3, 36, 3, 3, 2, 2)}, - (1, 3, 36, 3, 3, 2, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithmd2 (1 3 36 3 3 2 3)', - 'hexoid': '06 06 2B 24 03 03 02 03', - 'name': 'ecsieSignWithmd2', - 'oid': (1, 3, 36, 3, 3, 2, 3)}, - (1, 3, 36, 3, 3, 2, 4): {'comment': 'Teletrust signature algorithm', - 'description': 'ecsieSignWithmd5 (1 3 36 3 3 2 4)', - 'hexoid': '06 06 2B 24 03 03 02 04', - 'name': 'ecsieSignWithmd5', - 'oid': (1, 3, 36, 3, 3, 2, 4)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 1): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 1)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 01', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 1)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 2): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 2)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 02', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 2)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 3): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 3)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 03', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 3)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 4): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 4)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 04', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 4)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 5): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 5)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 05', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 5)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 6): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 6)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 06', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 6)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 7): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 7)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 07', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 7)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 8): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 8)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 08', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 8)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 9): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 9)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 09', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 9)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 10): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 10)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 0A', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 10)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 11): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 11)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 0B', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 11)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 12): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 12)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 0C', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 12)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 13): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 13)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 0D', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 13)}, - (1, 3, 36, 3, 3, 2, 8, 1, 1, 14): {'comment': 'ECC Brainpool Standard Curves and Curve Generation', - 'description': 'brainpoolP224r1 (1 3 36 3 3 2 8 1 1 14)', - 'hexoid': '06 09 2B 24 03 03 02 08 01 01 0E', - 'name': 'brainpoolP224r1', - 'oid': (1, 3, 36, 3, 3, 2, 8, 1, 1, 14)}, - (1, 3, 36, 3, 4): {'comment': 'Teletrust algorithm', - 'description': 'signatureScheme (1 3 36 3 4)', - 'hexoid': '06 04 2B 24 03 04', - 'name': 'signatureScheme', - 'oid': (1, 3, 36, 3, 4)}, - (1, 3, 36, 3, 4, 1): {'comment': 'Teletrust signature scheme', - 'description': 'sigS_ISO9796-1 (1 3 36 3 4 1)', - 'hexoid': '06 05 2B 24 03 04 01', - 'name': 'sigS_ISO9796-1', - 'oid': (1, 3, 36, 3, 4, 1)}, - (1, 3, 36, 3, 4, 2): {'comment': 'Teletrust signature scheme', - 'description': 'sigS_ISO9796-2 (1 3 36 3 4 2)', - 'hexoid': '06 05 2B 24 03 04 02', - 'name': 'sigS_ISO9796-2', - 'oid': (1, 3, 36, 3, 4, 2)}, - (1, 3, 36, 3, 4, 2, 1): {'comment': 'Teletrust signature scheme. Unsure what this is supposed to be', - 'description': 'sigS_ISO9796-2Withred (1 3 36 3 4 2 1)', - 'hexoid': '06 06 2B 24 03 04 02 01', - 'name': 'sigS_ISO9796-2Withred', - 'oid': (1, 3, 36, 3, 4, 2, 1)}, - (1, 3, 36, 3, 4, 2, 2): {'comment': 'Teletrust signature scheme. Unsure what this is supposed to be', - 'description': 'sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2)', - 'hexoid': '06 06 2B 24 03 04 02 02', - 'name': 'sigS_ISO9796-2Withrsa', - 'oid': (1, 3, 36, 3, 4, 2, 2)}, - (1, 3, 36, 3, 4, 2, 3): {'comment': 'Teletrust signature scheme. 9796-2 with random number in padding field', - 'description': 'sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3)', - 'hexoid': '06 06 2B 24 03 04 02 03', - 'name': 'sigS_ISO9796-2Withrnd', - 'oid': (1, 3, 36, 3, 4, 2, 3)}, - (1, 3, 36, 4): {'comment': 'Teletrust attribute', - 'description': 'attribute (1 3 36 4)', - 'hexoid': '06 03 2B 24 04', - 'name': 'attribute', - 'oid': (1, 3, 36, 4)}, - (1, 3, 36, 5): {'comment': 'Teletrust policy', - 'description': 'policy (1 3 36 5)', - 'hexoid': '06 03 2B 24 05', - 'name': 'policy', - 'oid': (1, 3, 36, 5)}, - (1, 3, 36, 6): {'comment': 'Teletrust API', - 'description': 'api (1 3 36 6)', - 'hexoid': '06 03 2B 24 06', - 'name': 'api', - 'oid': (1, 3, 36, 6)}, - (1, 3, 36, 6, 1): {'comment': 'Teletrust API', - 'description': 'manufacturer-specific_api (1 3 36 6 1)', - 'hexoid': '06 04 2B 24 06 01', - 'name': 'manufacturer-specific_api', - 'oid': (1, 3, 36, 6, 1)}, - (1, 3, 36, 6, 1, 1): {'comment': 'Teletrust API', - 'description': 'utimaco-api (1 3 36 6 1 1)', - 'hexoid': '06 05 2B 24 06 01 01', - 'name': 'utimaco-api', - 'oid': (1, 3, 36, 6, 1, 1)}, - (1, 3, 36, 6, 2): {'comment': 'Teletrust API', - 'description': 'functionality-specific_api (1 3 36 6 2)', - 'hexoid': '06 04 2B 24 06 02', - 'name': 'functionality-specific_api', - 'oid': (1, 3, 36, 6, 2)}, - (1, 3, 36, 7): {'comment': 'Teletrust key management', - 'description': 'keymgmnt (1 3 36 7)', - 'hexoid': '06 03 2B 24 07', - 'name': 'keymgmnt', - 'oid': (1, 3, 36, 7)}, - (1, 3, 36, 7, 1): {'comment': 'Teletrust key management', - 'description': 'keyagree (1 3 36 7 1)', - 'hexoid': '06 04 2B 24 07 01', - 'name': 'keyagree', - 'oid': (1, 3, 36, 7, 1)}, - (1, 3, 36, 7, 1, 1): {'comment': 'Teletrust key management', - 'description': 'bsiPKE (1 3 36 7 1 1)', - 'hexoid': '06 05 2B 24 07 01 01', - 'name': 'bsiPKE', - 'oid': (1, 3, 36, 7, 1, 1)}, - (1, 3, 36, 7, 2): {'comment': 'Teletrust key management', - 'description': 'keytrans (1 3 36 7 2)', - 'hexoid': '06 04 2B 24 07 02', - 'name': 'keytrans', - 'oid': (1, 3, 36, 7, 2)}, - (1, 3, 36, 7, 2, 1): {'comment': 'Teletrust key management. 9796-2 with key stored in hash field', - 'description': 'encISO9796-2Withrsa (1 3 36 7 2 1)', - 'hexoid': '06 05 2B 24 07 02 01', - 'name': 'encISO9796-2Withrsa', - 'oid': (1, 3, 36, 7, 2, 1)}, - (1, 3, 36, 8, 1, 1): {'comment': 'Teletrust policy', - 'description': 'Teletrust SigGConform policyIdentifier (1 3 36 8 1 1)', - 'hexoid': '06 05 2B 24 08 01 01', - 'name': 'Teletrust', - 'oid': (1, 3, 36, 8, 1, 1)}, - (1, 3, 36, 8, 2, 1): {'comment': 'Teletrust extended key usage', - 'description': 'directoryService (1 3 36 8 2 1)', - 'hexoid': '06 05 2B 24 08 02 01', - 'name': 'directoryService', - 'oid': (1, 3, 36, 8, 2, 1)}, - (1, 3, 36, 8, 3, 1): {'comment': 'Teletrust attribute', - 'description': 'dateOfCertGen (1 3 36 8 3 1)', - 'hexoid': '06 05 2B 24 08 03 01', - 'name': 'dateOfCertGen', - 'oid': (1, 3, 36, 8, 3, 1)}, - (1, 3, 36, 8, 3, 2): {'comment': 'Teletrust attribute', - 'description': 'procuration (1 3 36 8 3 2)', - 'hexoid': '06 05 2B 24 08 03 02', - 'name': 'procuration', - 'oid': (1, 3, 36, 8, 3, 2)}, - (1, 3, 36, 8, 3, 3): {'comment': 'Teletrust attribute', - 'description': 'admission (1 3 36 8 3 3)', - 'hexoid': '06 05 2B 24 08 03 03', - 'name': 'admission', - 'oid': (1, 3, 36, 8, 3, 3)}, - (1, 3, 36, 8, 3, 4): {'comment': 'Teletrust attribute', - 'description': 'monetaryLimit (1 3 36 8 3 4)', - 'hexoid': '06 05 2B 24 08 03 04', - 'name': 'monetaryLimit', - 'oid': (1, 3, 36, 8, 3, 4)}, - (1, 3, 36, 8, 3, 5): {'comment': 'Teletrust attribute', - 'description': 'declarationOfMajority (1 3 36 8 3 5)', - 'hexoid': '06 05 2B 24 08 03 05', - 'name': 'declarationOfMajority', - 'oid': (1, 3, 36, 8, 3, 5)}, - (1, 3, 36, 8, 3, 6): {'comment': 'Teletrust attribute', - 'description': 'integratedCircuitCardSerialNumber (1 3 36 8 3 6)', - 'hexoid': '06 05 2B 24 08 03 06', - 'name': 'integratedCircuitCardSerialNumber', - 'oid': (1, 3, 36, 8, 3, 6)}, - (1, 3, 36, 8, 3, 7): {'comment': 'Teletrust attribute', - 'description': 'pKReference (1 3 36 8 3 7)', - 'hexoid': '06 05 2B 24 08 03 07', - 'name': 'pKReference', - 'oid': (1, 3, 36, 8, 3, 7)}, - (1, 3, 36, 8, 3, 8): {'comment': 'Teletrust attribute', - 'description': 'restriction (1 3 36 8 3 8)', - 'hexoid': '06 05 2B 24 08 03 08', - 'name': 'restriction', - 'oid': (1, 3, 36, 8, 3, 8)}, - (1, 3, 36, 8, 3, 9): {'comment': 'Teletrust attribute', - 'description': 'retrieveIfAllowed (1 3 36 8 3 9)', - 'hexoid': '06 05 2B 24 08 03 09', - 'name': 'retrieveIfAllowed', - 'oid': (1, 3, 36, 8, 3, 9)}, - (1, 3, 36, 8, 3, 10): {'comment': 'Teletrust attribute', - 'description': 'requestedCertificate (1 3 36 8 3 10)', - 'hexoid': '06 05 2B 24 08 03 0A', - 'name': 'requestedCertificate', - 'oid': (1, 3, 36, 8, 3, 10)}, - (1, 3, 36, 8, 3, 11): {'comment': 'Teletrust attribute', - 'description': 'namingAuthorities (1 3 36 8 3 11)', - 'hexoid': '06 05 2B 24 08 03 0B', - 'name': 'namingAuthorities', - 'oid': (1, 3, 36, 8, 3, 11)}, - (1, 3, 36, 8, 3, 11, 1): {'comment': 'Teletrust naming authorities', - 'description': 'rechtWirtschaftSteuern (1 3 36 8 3 11 1)', - 'hexoid': '06 06 2B 24 08 03 0B 01', - 'name': 'rechtWirtschaftSteuern', - 'oid': (1, 3, 36, 8, 3, 11, 1)}, - (1, 3, 36, 8, 3, 11, 1, 1): {'comment': 'Teletrust ProfessionInfo', - 'description': 'rechtsanwaeltin (1 3 36 8 3 11 1 1)', - 'hexoid': '06 07 2B 24 08 03 0B 01 01', - 'name': 'rechtsanwaeltin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 1)}, - (1, 3, 36, 8, 3, 11, 1, 2): {'comment': 'Teletrust ProfessionInfo', - 'description': 'rechtsanwalt (1 3 36 8 3 11 1 2)', - 'hexoid': '06 07 2B 24 08 03 0B 01 02', - 'name': 'rechtsanwalt', - 'oid': (1, 3, 36, 8, 3, 11, 1, 2)}, - (1, 3, 36, 8, 3, 11, 1, 3): {'comment': 'Teletrust ProfessionInfo', - 'description': 'rechtsBeistand (1 3 36 8 3 11 1 3)', - 'hexoid': '06 07 2B 24 08 03 0B 01 03', - 'name': 'rechtsBeistand', - 'oid': (1, 3, 36, 8, 3, 11, 1, 3)}, - (1, 3, 36, 8, 3, 11, 1, 4): {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBeraterin (1 3 36 8 3 11 1 4)', - 'hexoid': '06 07 2B 24 08 03 0B 01 04', - 'name': 'steuerBeraterin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 4)}, - (1, 3, 36, 8, 3, 11, 1, 5): {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBerater (1 3 36 8 3 11 1 5)', - 'hexoid': '06 07 2B 24 08 03 0B 01 05', - 'name': 'steuerBerater', - 'oid': (1, 3, 36, 8, 3, 11, 1, 5)}, - (1, 3, 36, 8, 3, 11, 1, 6): {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBevollmaechtigte (1 3 36 8 3 11 1 6)', - 'hexoid': '06 07 2B 24 08 03 0B 01 06', - 'name': 'steuerBevollmaechtigte', - 'oid': (1, 3, 36, 8, 3, 11, 1, 6)}, - (1, 3, 36, 8, 3, 11, 1, 7): {'comment': 'Teletrust ProfessionInfo', - 'description': 'steuerBevollmaechtigter (1 3 36 8 3 11 1 7)', - 'hexoid': '06 07 2B 24 08 03 0B 01 07', - 'name': 'steuerBevollmaechtigter', - 'oid': (1, 3, 36, 8, 3, 11, 1, 7)}, - (1, 3, 36, 8, 3, 11, 1, 8): {'comment': 'Teletrust ProfessionInfo', - 'description': 'notarin (1 3 36 8 3 11 1 8)', - 'hexoid': '06 07 2B 24 08 03 0B 01 08', - 'name': 'notarin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 8)}, - (1, 3, 36, 8, 3, 11, 1, 9): {'comment': 'Teletrust ProfessionInfo', - 'description': 'notar (1 3 36 8 3 11 1 9)', - 'hexoid': '06 07 2B 24 08 03 0B 01 09', - 'name': 'notar', - 'oid': (1, 3, 36, 8, 3, 11, 1, 9)}, - (1, 3, 36, 8, 3, 11, 1, 10): {'comment': 'Teletrust ProfessionInfo', - 'description': 'notarVertreterin (1 3 36 8 3 11 1 10)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0A', - 'name': 'notarVertreterin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 10)}, - (1, 3, 36, 8, 3, 11, 1, 11): {'comment': 'Teletrust ProfessionInfo', - 'description': 'notarVertreter (1 3 36 8 3 11 1 11)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0B', - 'name': 'notarVertreter', - 'oid': (1, 3, 36, 8, 3, 11, 1, 11)}, - (1, 3, 36, 8, 3, 11, 1, 12): {'comment': 'Teletrust ProfessionInfo', - 'description': 'notariatsVerwalterin (1 3 36 8 3 11 1 12)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0C', - 'name': 'notariatsVerwalterin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 12)}, - (1, 3, 36, 8, 3, 11, 1, 13): {'comment': 'Teletrust ProfessionInfo', - 'description': 'notariatsVerwalter (1 3 36 8 3 11 1 13)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0D', - 'name': 'notariatsVerwalter', - 'oid': (1, 3, 36, 8, 3, 11, 1, 13)}, - (1, 3, 36, 8, 3, 11, 1, 14): {'comment': 'Teletrust ProfessionInfo', - 'description': 'wirtschaftsPrueferin (1 3 36 8 3 11 1 14)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0E', - 'name': 'wirtschaftsPrueferin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 14)}, - (1, 3, 36, 8, 3, 11, 1, 15): {'comment': 'Teletrust ProfessionInfo', - 'description': 'wirtschaftsPruefer (1 3 36 8 3 11 1 15)', - 'hexoid': '06 07 2B 24 08 03 0B 01 0F', - 'name': 'wirtschaftsPruefer', - 'oid': (1, 3, 36, 8, 3, 11, 1, 15)}, - (1, 3, 36, 8, 3, 11, 1, 16): {'comment': 'Teletrust ProfessionInfo', - 'description': 'vereidigteBuchprueferin (1 3 36 8 3 11 1 16)', - 'hexoid': '06 07 2B 24 08 03 0B 01 10', - 'name': 'vereidigteBuchprueferin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 16)}, - (1, 3, 36, 8, 3, 11, 1, 17): {'comment': 'Teletrust ProfessionInfo', - 'description': 'vereidigterBuchpruefer (1 3 36 8 3 11 1 17)', - 'hexoid': '06 07 2B 24 08 03 0B 01 11', - 'name': 'vereidigterBuchpruefer', - 'oid': (1, 3, 36, 8, 3, 11, 1, 17)}, - (1, 3, 36, 8, 3, 11, 1, 18): {'comment': 'Teletrust ProfessionInfo', - 'description': 'patentAnwaeltin (1 3 36 8 3 11 1 18)', - 'hexoid': '06 07 2B 24 08 03 0B 01 12', - 'name': 'patentAnwaeltin', - 'oid': (1, 3, 36, 8, 3, 11, 1, 18)}, - (1, 3, 36, 8, 3, 11, 1, 19): {'comment': 'Teletrust ProfessionInfo', - 'description': 'patentAnwalt (1 3 36 8 3 11 1 19)', - 'hexoid': '06 07 2B 24 08 03 0B 01 13', - 'name': 'patentAnwalt', - 'oid': (1, 3, 36, 8, 3, 11, 1, 19)}, - (1, 3, 36, 8, 3, 13): {'comment': 'Teletrust OCSP attribute', - 'description': 'certHash (1 3 36 8 3 13)', - 'hexoid': '06 05 2B 24 08 03 0D', - 'name': 'certHash', - 'oid': (1, 3, 36, 8, 3, 13)}, - (1, 3, 36, 8, 3, 14): {'comment': 'Teletrust attribute', - 'description': 'nameAtBirth (1 3 36 8 3 14)', - 'hexoid': '06 05 2B 24 08 03 0E', - 'name': 'nameAtBirth', - 'oid': (1, 3, 36, 8, 3, 14)}, - (1, 3, 36, 8, 3, 15): {'comment': 'Teletrust attribute', - 'description': 'additionalInformation (1 3 36 8 3 15)', - 'hexoid': '06 05 2B 24 08 03 0F', - 'name': 'additionalInformation', - 'oid': (1, 3, 36, 8, 3, 15)}, - (1, 3, 36, 8, 4, 1): {'comment': 'Teletrust OtherName attribute', - 'description': 'personalData (1 3 36 8 4 1)', - 'hexoid': '06 05 2B 24 08 04 01', - 'name': 'personalData', - 'oid': (1, 3, 36, 8, 4, 1)}, - (1, 3, 36, 8, 4, 8): {'comment': 'Teletrust attribute certificate attribute', - 'description': 'restriction (1 3 36 8 4 8)', - 'hexoid': '06 05 2B 24 08 04 08', - 'name': 'restriction', - 'oid': (1, 3, 36, 8, 4, 8)}, - (1, 3, 36, 8, 5, 1, 1, 1): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaIndicateSHA1 (1 3 36 8 5 1 1 1)', - 'hexoid': '06 07 2B 24 08 05 01 01 01', - 'name': 'rsaIndicateSHA1', - 'oid': (1, 3, 36, 8, 5, 1, 1, 1)}, - (1, 3, 36, 8, 5, 1, 1, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaIndicateRIPEMD160 (1 3 36 8 5 1 1 2)', - 'hexoid': '06 07 2B 24 08 05 01 01 02', - 'name': 'rsaIndicateRIPEMD160', - 'oid': (1, 3, 36, 8, 5, 1, 1, 2)}, - (1, 3, 36, 8, 5, 1, 1, 3): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaWithSHA1 (1 3 36 8 5 1 1 3)', - 'hexoid': '06 07 2B 24 08 05 01 01 03', - 'name': 'rsaWithSHA1', - 'oid': (1, 3, 36, 8, 5, 1, 1, 3)}, - (1, 3, 36, 8, 5, 1, 1, 4): {'comment': 'Teletrust signature algorithm', - 'description': 'rsaWithRIPEMD160 (1 3 36 8 5 1 1 4)', - 'hexoid': '06 07 2B 24 08 05 01 01 04', - 'name': 'rsaWithRIPEMD160', - 'oid': (1, 3, 36, 8, 5, 1, 1, 4)}, - (1, 3, 36, 8, 5, 1, 2, 1): {'comment': 'Teletrust signature algorithm', - 'description': 'dsaExtended (1 3 36 8 5 1 2 1)', - 'hexoid': '06 07 2B 24 08 05 01 02 01', - 'name': 'dsaExtended', - 'oid': (1, 3, 36, 8, 5, 1, 2, 1)}, - (1, 3, 36, 8, 5, 1, 2, 2): {'comment': 'Teletrust signature algorithm', - 'description': 'dsaWithRIPEMD160 (1 3 36 8 5 1 2 2)', - 'hexoid': '06 07 2B 24 08 05 01 02 02', - 'name': 'dsaWithRIPEMD160', - 'oid': (1, 3, 36, 8, 5, 1, 2, 2)}, - (1, 3, 36, 8, 6, 1): {'comment': 'Teletrust signature attributes', - 'description': 'cert (1 3 36 8 6 1)', - 'hexoid': '06 05 2B 24 08 06 01', - 'name': 'cert', - 'oid': (1, 3, 36, 8, 6, 1)}, - (1, 3, 36, 8, 6, 2): {'comment': 'Teletrust signature attributes', - 'description': 'certRef (1 3 36 8 6 2)', - 'hexoid': '06 05 2B 24 08 06 02', - 'name': 'certRef', - 'oid': (1, 3, 36, 8, 6, 2)}, - (1, 3, 36, 8, 6, 3): {'comment': 'Teletrust signature attributes', - 'description': 'attrCert (1 3 36 8 6 3)', - 'hexoid': '06 05 2B 24 08 06 03', - 'name': 'attrCert', - 'oid': (1, 3, 36, 8, 6, 3)}, - (1, 3, 36, 8, 6, 4): {'comment': 'Teletrust signature attributes', - 'description': 'attrRef (1 3 36 8 6 4)', - 'hexoid': '06 05 2B 24 08 06 04', - 'name': 'attrRef', - 'oid': (1, 3, 36, 8, 6, 4)}, - (1, 3, 36, 8, 6, 5): {'comment': 'Teletrust signature attributes', - 'description': 'fileName (1 3 36 8 6 5)', - 'hexoid': '06 05 2B 24 08 06 05', - 'name': 'fileName', - 'oid': (1, 3, 36, 8, 6, 5)}, - (1, 3, 36, 8, 6, 6): {'comment': 'Teletrust signature attributes', - 'description': 'storageTime (1 3 36 8 6 6)', - 'hexoid': '06 05 2B 24 08 06 06', - 'name': 'storageTime', - 'oid': (1, 3, 36, 8, 6, 6)}, - (1, 3, 36, 8, 6, 7): {'comment': 'Teletrust signature attributes', - 'description': 'fileSize (1 3 36 8 6 7)', - 'hexoid': '06 05 2B 24 08 06 07', - 'name': 'fileSize', - 'oid': (1, 3, 36, 8, 6, 7)}, - (1, 3, 36, 8, 6, 8): {'comment': 'Teletrust signature attributes', - 'description': 'location (1 3 36 8 6 8)', - 'hexoid': '06 05 2B 24 08 06 08', - 'name': 'location', - 'oid': (1, 3, 36, 8, 6, 8)}, - (1, 3, 36, 8, 6, 9): {'comment': 'Teletrust signature attributes', - 'description': 'sigNumber (1 3 36 8 6 9)', - 'hexoid': '06 05 2B 24 08 06 09', - 'name': 'sigNumber', - 'oid': (1, 3, 36, 8, 6, 9)}, - (1, 3, 36, 8, 6, 10): {'comment': 'Teletrust signature attributes', - 'description': 'autoGen (1 3 36 8 6 10)', - 'hexoid': '06 05 2B 24 08 06 0A', - 'name': 'autoGen', - 'oid': (1, 3, 36, 8, 6, 10)}, - (1, 3, 36, 8, 7, 1, 1): {'comment': 'Teletrust presentation types', - 'description': 'ptAdobeILL (1 3 36 8 7 1 1)', - 'hexoid': '06 06 2B 24 08 07 01 01', - 'name': 'ptAdobeILL', - 'oid': (1, 3, 36, 8, 7, 1, 1)}, - (1, 3, 36, 8, 7, 1, 2): {'comment': 'Teletrust presentation types', - 'description': 'ptAmiPro (1 3 36 8 7 1 2)', - 'hexoid': '06 06 2B 24 08 07 01 02', - 'name': 'ptAmiPro', - 'oid': (1, 3, 36, 8, 7, 1, 2)}, - (1, 3, 36, 8, 7, 1, 3): {'comment': 'Teletrust presentation types', - 'description': 'ptAutoCAD (1 3 36 8 7 1 3)', - 'hexoid': '06 06 2B 24 08 07 01 03', - 'name': 'ptAutoCAD', - 'oid': (1, 3, 36, 8, 7, 1, 3)}, - (1, 3, 36, 8, 7, 1, 4): {'comment': 'Teletrust presentation types', - 'description': 'ptBinary (1 3 36 8 7 1 4)', - 'hexoid': '06 06 2B 24 08 07 01 04', - 'name': 'ptBinary', - 'oid': (1, 3, 36, 8, 7, 1, 4)}, - (1, 3, 36, 8, 7, 1, 5): {'comment': 'Teletrust presentation types', - 'description': 'ptBMP (1 3 36 8 7 1 5)', - 'hexoid': '06 06 2B 24 08 07 01 05', - 'name': 'ptBMP', - 'oid': (1, 3, 36, 8, 7, 1, 5)}, - (1, 3, 36, 8, 7, 1, 6): {'comment': 'Teletrust presentation types', - 'description': 'ptCGM (1 3 36 8 7 1 6)', - 'hexoid': '06 06 2B 24 08 07 01 06', - 'name': 'ptCGM', - 'oid': (1, 3, 36, 8, 7, 1, 6)}, - (1, 3, 36, 8, 7, 1, 7): {'comment': 'Teletrust presentation types', - 'description': 'ptCorelCRT (1 3 36 8 7 1 7)', - 'hexoid': '06 06 2B 24 08 07 01 07', - 'name': 'ptCorelCRT', - 'oid': (1, 3, 36, 8, 7, 1, 7)}, - (1, 3, 36, 8, 7, 1, 8): {'comment': 'Teletrust presentation types', - 'description': 'ptCorelDRW (1 3 36 8 7 1 8)', - 'hexoid': '06 06 2B 24 08 07 01 08', - 'name': 'ptCorelDRW', - 'oid': (1, 3, 36, 8, 7, 1, 8)}, - (1, 3, 36, 8, 7, 1, 9): {'comment': 'Teletrust presentation types', - 'description': 'ptCorelEXC (1 3 36 8 7 1 9)', - 'hexoid': '06 06 2B 24 08 07 01 09', - 'name': 'ptCorelEXC', - 'oid': (1, 3, 36, 8, 7, 1, 9)}, - (1, 3, 36, 8, 7, 1, 10): {'comment': 'Teletrust presentation types', - 'description': 'ptCorelPHT (1 3 36 8 7 1 10)', - 'hexoid': '06 06 2B 24 08 07 01 0A', - 'name': 'ptCorelPHT', - 'oid': (1, 3, 36, 8, 7, 1, 10)}, - (1, 3, 36, 8, 7, 1, 11): {'comment': 'Teletrust presentation types', - 'description': 'ptDraw (1 3 36 8 7 1 11)', - 'hexoid': '06 06 2B 24 08 07 01 0B', - 'name': 'ptDraw', - 'oid': (1, 3, 36, 8, 7, 1, 11)}, - (1, 3, 36, 8, 7, 1, 12): {'comment': 'Teletrust presentation types', - 'description': 'ptDVI (1 3 36 8 7 1 12)', - 'hexoid': '06 06 2B 24 08 07 01 0C', - 'name': 'ptDVI', - 'oid': (1, 3, 36, 8, 7, 1, 12)}, - (1, 3, 36, 8, 7, 1, 13): {'comment': 'Teletrust presentation types', - 'description': 'ptEPS (1 3 36 8 7 1 13)', - 'hexoid': '06 06 2B 24 08 07 01 0D', - 'name': 'ptEPS', - 'oid': (1, 3, 36, 8, 7, 1, 13)}, - (1, 3, 36, 8, 7, 1, 14): {'comment': 'Teletrust presentation types', - 'description': 'ptExcel (1 3 36 8 7 1 14)', - 'hexoid': '06 06 2B 24 08 07 01 0E', - 'name': 'ptExcel', - 'oid': (1, 3, 36, 8, 7, 1, 14)}, - (1, 3, 36, 8, 7, 1, 15): {'comment': 'Teletrust presentation types', - 'description': 'ptGEM (1 3 36 8 7 1 15)', - 'hexoid': '06 06 2B 24 08 07 01 0F', - 'name': 'ptGEM', - 'oid': (1, 3, 36, 8, 7, 1, 15)}, - (1, 3, 36, 8, 7, 1, 16): {'comment': 'Teletrust presentation types', - 'description': 'ptGIF (1 3 36 8 7 1 16)', - 'hexoid': '06 06 2B 24 08 07 01 10', - 'name': 'ptGIF', - 'oid': (1, 3, 36, 8, 7, 1, 16)}, - (1, 3, 36, 8, 7, 1, 17): {'comment': 'Teletrust presentation types', - 'description': 'ptHPGL (1 3 36 8 7 1 17)', - 'hexoid': '06 06 2B 24 08 07 01 11', - 'name': 'ptHPGL', - 'oid': (1, 3, 36, 8, 7, 1, 17)}, - (1, 3, 36, 8, 7, 1, 18): {'comment': 'Teletrust presentation types', - 'description': 'ptJPEG (1 3 36 8 7 1 18)', - 'hexoid': '06 06 2B 24 08 07 01 12', - 'name': 'ptJPEG', - 'oid': (1, 3, 36, 8, 7, 1, 18)}, - (1, 3, 36, 8, 7, 1, 19): {'comment': 'Teletrust presentation types', - 'description': 'ptKodak (1 3 36 8 7 1 19)', - 'hexoid': '06 06 2B 24 08 07 01 13', - 'name': 'ptKodak', - 'oid': (1, 3, 36, 8, 7, 1, 19)}, - (1, 3, 36, 8, 7, 1, 20): {'comment': 'Teletrust presentation types', - 'description': 'ptLaTeX (1 3 36 8 7 1 20)', - 'hexoid': '06 06 2B 24 08 07 01 14', - 'name': 'ptLaTeX', - 'oid': (1, 3, 36, 8, 7, 1, 20)}, - (1, 3, 36, 8, 7, 1, 21): {'comment': 'Teletrust presentation types', - 'description': 'ptLotus (1 3 36 8 7 1 21)', - 'hexoid': '06 06 2B 24 08 07 01 15', - 'name': 'ptLotus', - 'oid': (1, 3, 36, 8, 7, 1, 21)}, - (1, 3, 36, 8, 7, 1, 22): {'comment': 'Teletrust presentation types', - 'description': 'ptLotusPIC (1 3 36 8 7 1 22)', - 'hexoid': '06 06 2B 24 08 07 01 16', - 'name': 'ptLotusPIC', - 'oid': (1, 3, 36, 8, 7, 1, 22)}, - (1, 3, 36, 8, 7, 1, 23): {'comment': 'Teletrust presentation types', - 'description': 'ptMacPICT (1 3 36 8 7 1 23)', - 'hexoid': '06 06 2B 24 08 07 01 17', - 'name': 'ptMacPICT', - 'oid': (1, 3, 36, 8, 7, 1, 23)}, - (1, 3, 36, 8, 7, 1, 24): {'comment': 'Teletrust presentation types', - 'description': 'ptMacWord (1 3 36 8 7 1 24)', - 'hexoid': '06 06 2B 24 08 07 01 18', - 'name': 'ptMacWord', - 'oid': (1, 3, 36, 8, 7, 1, 24)}, - (1, 3, 36, 8, 7, 1, 25): {'comment': 'Teletrust presentation types', - 'description': 'ptMSWfD (1 3 36 8 7 1 25)', - 'hexoid': '06 06 2B 24 08 07 01 19', - 'name': 'ptMSWfD', - 'oid': (1, 3, 36, 8, 7, 1, 25)}, - (1, 3, 36, 8, 7, 1, 26): {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord (1 3 36 8 7 1 26)', - 'hexoid': '06 06 2B 24 08 07 01 1A', - 'name': 'ptMSWord', - 'oid': (1, 3, 36, 8, 7, 1, 26)}, - (1, 3, 36, 8, 7, 1, 27): {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord2 (1 3 36 8 7 1 27)', - 'hexoid': '06 06 2B 24 08 07 01 1B', - 'name': 'ptMSWord2', - 'oid': (1, 3, 36, 8, 7, 1, 27)}, - (1, 3, 36, 8, 7, 1, 28): {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord6 (1 3 36 8 7 1 28)', - 'hexoid': '06 06 2B 24 08 07 01 1C', - 'name': 'ptMSWord6', - 'oid': (1, 3, 36, 8, 7, 1, 28)}, - (1, 3, 36, 8, 7, 1, 29): {'comment': 'Teletrust presentation types', - 'description': 'ptMSWord8 (1 3 36 8 7 1 29)', - 'hexoid': '06 06 2B 24 08 07 01 1D', - 'name': 'ptMSWord8', - 'oid': (1, 3, 36, 8, 7, 1, 29)}, - (1, 3, 36, 8, 7, 1, 30): {'comment': 'Teletrust presentation types', - 'description': 'ptPDF (1 3 36 8 7 1 30)', - 'hexoid': '06 06 2B 24 08 07 01 1E', - 'name': 'ptPDF', - 'oid': (1, 3, 36, 8, 7, 1, 30)}, - (1, 3, 36, 8, 7, 1, 31): {'comment': 'Teletrust presentation types', - 'description': 'ptPIF (1 3 36 8 7 1 31)', - 'hexoid': '06 06 2B 24 08 07 01 1F', - 'name': 'ptPIF', - 'oid': (1, 3, 36, 8, 7, 1, 31)}, - (1, 3, 36, 8, 7, 1, 32): {'comment': 'Teletrust presentation types', - 'description': 'ptPostscript (1 3 36 8 7 1 32)', - 'hexoid': '06 06 2B 24 08 07 01 20', - 'name': 'ptPostscript', - 'oid': (1, 3, 36, 8, 7, 1, 32)}, - (1, 3, 36, 8, 7, 1, 33): {'comment': 'Teletrust presentation types', - 'description': 'ptRTF (1 3 36 8 7 1 33)', - 'hexoid': '06 06 2B 24 08 07 01 21', - 'name': 'ptRTF', - 'oid': (1, 3, 36, 8, 7, 1, 33)}, - (1, 3, 36, 8, 7, 1, 34): {'comment': 'Teletrust presentation types', - 'description': 'ptSCITEX (1 3 36 8 7 1 34)', - 'hexoid': '06 06 2B 24 08 07 01 22', - 'name': 'ptSCITEX', - 'oid': (1, 3, 36, 8, 7, 1, 34)}, - (1, 3, 36, 8, 7, 1, 35): {'comment': 'Teletrust presentation types', - 'description': 'ptTAR (1 3 36 8 7 1 35)', - 'hexoid': '06 06 2B 24 08 07 01 23', - 'name': 'ptTAR', - 'oid': (1, 3, 36, 8, 7, 1, 35)}, - (1, 3, 36, 8, 7, 1, 36): {'comment': 'Teletrust presentation types', - 'description': 'ptTarga (1 3 36 8 7 1 36)', - 'hexoid': '06 06 2B 24 08 07 01 24', - 'name': 'ptTarga', - 'oid': (1, 3, 36, 8, 7, 1, 36)}, - (1, 3, 36, 8, 7, 1, 37): {'comment': 'Teletrust presentation types', - 'description': 'ptTeX (1 3 36 8 7 1 37)', - 'hexoid': '06 06 2B 24 08 07 01 25', - 'name': 'ptTeX', - 'oid': (1, 3, 36, 8, 7, 1, 37)}, - (1, 3, 36, 8, 7, 1, 38): {'comment': 'Teletrust presentation types', - 'description': 'ptText (1 3 36 8 7 1 38)', - 'hexoid': '06 06 2B 24 08 07 01 26', - 'name': 'ptText', - 'oid': (1, 3, 36, 8, 7, 1, 38)}, - (1, 3, 36, 8, 7, 1, 39): {'comment': 'Teletrust presentation types', - 'description': 'ptTIFF (1 3 36 8 7 1 39)', - 'hexoid': '06 06 2B 24 08 07 01 27', - 'name': 'ptTIFF', - 'oid': (1, 3, 36, 8, 7, 1, 39)}, - (1, 3, 36, 8, 7, 1, 40): {'comment': 'Teletrust presentation types', - 'description': 'ptTIFF-FC (1 3 36 8 7 1 40)', - 'hexoid': '06 06 2B 24 08 07 01 28', - 'name': 'ptTIFF-FC', - 'oid': (1, 3, 36, 8, 7, 1, 40)}, - (1, 3, 36, 8, 7, 1, 41): {'comment': 'Teletrust presentation types', - 'description': 'ptUID (1 3 36 8 7 1 41)', - 'hexoid': '06 06 2B 24 08 07 01 29', - 'name': 'ptUID', - 'oid': (1, 3, 36, 8, 7, 1, 41)}, - (1, 3, 36, 8, 7, 1, 42): {'comment': 'Teletrust presentation types', - 'description': 'ptUUEncode (1 3 36 8 7 1 42)', - 'hexoid': '06 06 2B 24 08 07 01 2A', - 'name': 'ptUUEncode', - 'oid': (1, 3, 36, 8, 7, 1, 42)}, - (1, 3, 36, 8, 7, 1, 43): {'comment': 'Teletrust presentation types', - 'description': 'ptWMF (1 3 36 8 7 1 43)', - 'hexoid': '06 06 2B 24 08 07 01 2B', - 'name': 'ptWMF', - 'oid': (1, 3, 36, 8, 7, 1, 43)}, - (1, 3, 36, 8, 7, 1, 44): {'comment': 'Teletrust presentation types', - 'description': 'ptWordPerfect (1 3 36 8 7 1 44)', - 'hexoid': '06 06 2B 24 08 07 01 2C', - 'name': 'ptWordPerfect', - 'oid': (1, 3, 36, 8, 7, 1, 44)}, - (1, 3, 36, 8, 7, 1, 45): {'comment': 'Teletrust presentation types', - 'description': 'ptWPGrph (1 3 36 8 7 1 45)', - 'hexoid': '06 06 2B 24 08 07 01 2D', - 'name': 'ptWPGrph', - 'oid': (1, 3, 36, 8, 7, 1, 45)}, - (1, 3, 101, 1, 4): {'comment': 'Thawte', - 'description': 'thawte-ce (1 3 101 1 4)', - 'hexoid': '06 04 2B 65 01 04', - 'name': 'thawte-ce', - 'oid': (1, 3, 101, 1, 4)}, - (1, 3, 101, 1, 4, 1): {'comment': 'Thawte certificate extension', - 'description': 'strongExtranet (1 3 101 1 4 1)', - 'hexoid': '06 05 2B 65 01 04 01', - 'name': 'strongExtranet', - 'oid': (1, 3, 101, 1, 4, 1)}, - (1, 3, 132, 0, 1): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect163k1 (1 3 132 0 1)', - 'hexoid': '06 05 2B 81 04 00 01', - 'name': 'sect163k1', - 'oid': (1, 3, 132, 0, 1)}, - (1, 3, 132, 0, 2): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect163r1 (1 3 132 0 2)', - 'hexoid': '06 05 2B 81 04 00 02', - 'name': 'sect163r1', - 'oid': (1, 3, 132, 0, 2)}, - (1, 3, 132, 0, 3): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect239k1 (1 3 132 0 3)', - 'hexoid': '06 05 2B 81 04 00 03', - 'name': 'sect239k1', - 'oid': (1, 3, 132, 0, 3)}, - (1, 3, 132, 0, 4): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect113r1 (1 3 132 0 4)', - 'hexoid': '06 05 2B 81 04 00 04', - 'name': 'sect113r1', - 'oid': (1, 3, 132, 0, 4)}, - (1, 3, 132, 0, 5): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect113r2 (1 3 132 0 5)', - 'hexoid': '06 05 2B 81 04 00 05', - 'name': 'sect113r2', - 'oid': (1, 3, 132, 0, 5)}, - (1, 3, 132, 0, 6): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp112r1 (1 3 132 0 6)', - 'hexoid': '06 05 2B 81 04 00 06', - 'name': 'secp112r1', - 'oid': (1, 3, 132, 0, 6)}, - (1, 3, 132, 0, 7): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp112r2 (1 3 132 0 7)', - 'hexoid': '06 05 2B 81 04 00 07', - 'name': 'secp112r2', - 'oid': (1, 3, 132, 0, 7)}, - (1, 3, 132, 0, 8): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp160r1 (1 3 132 0 8)', - 'hexoid': '06 05 2B 81 04 00 08', - 'name': 'secp160r1', - 'oid': (1, 3, 132, 0, 8)}, - (1, 3, 132, 0, 9): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp160k1 (1 3 132 0 9)', - 'hexoid': '06 05 2B 81 04 00 09', - 'name': 'secp160k1', - 'oid': (1, 3, 132, 0, 9)}, - (1, 3, 132, 0, 10): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp256k1 (1 3 132 0 10)', - 'hexoid': '06 05 2B 81 04 00 0A', - 'name': 'secp256k1', - 'oid': (1, 3, 132, 0, 10)}, - (1, 3, 132, 0, 15): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect163r2 (1 3 132 0 15)', - 'hexoid': '06 05 2B 81 04 00 0F', - 'name': 'sect163r2', - 'oid': (1, 3, 132, 0, 15)}, - (1, 3, 132, 0, 16): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect283k1 (1 3 132 0 16)', - 'hexoid': '06 05 2B 81 04 00 10', - 'name': 'sect283k1', - 'oid': (1, 3, 132, 0, 16)}, - (1, 3, 132, 0, 17): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect283r1 (1 3 132 0 17)', - 'hexoid': '06 05 2B 81 04 00 11', - 'name': 'sect283r1', - 'oid': (1, 3, 132, 0, 17)}, - (1, 3, 132, 0, 22): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect131r1 (1 3 132 0 22)', - 'hexoid': '06 05 2B 81 04 00 16', - 'name': 'sect131r1', - 'oid': (1, 3, 132, 0, 22)}, - (1, 3, 132, 0, 23): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect131r2 (1 3 132 0 23)', - 'hexoid': '06 05 2B 81 04 00 17', - 'name': 'sect131r2', - 'oid': (1, 3, 132, 0, 23)}, - (1, 3, 132, 0, 24): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect193r1 (1 3 132 0 24)', - 'hexoid': '06 05 2B 81 04 00 18', - 'name': 'sect193r1', - 'oid': (1, 3, 132, 0, 24)}, - (1, 3, 132, 0, 25): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect193r2 (1 3 132 0 25)', - 'hexoid': '06 05 2B 81 04 00 19', - 'name': 'sect193r2', - 'oid': (1, 3, 132, 0, 25)}, - (1, 3, 132, 0, 26): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect233k1 (1 3 132 0 26)', - 'hexoid': '06 05 2B 81 04 00 1A', - 'name': 'sect233k1', - 'oid': (1, 3, 132, 0, 26)}, - (1, 3, 132, 0, 27): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect233r1 (1 3 132 0 27)', - 'hexoid': '06 05 2B 81 04 00 1B', - 'name': 'sect233r1', - 'oid': (1, 3, 132, 0, 27)}, - (1, 3, 132, 0, 28): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp128r1 (1 3 132 0 28)', - 'hexoid': '06 05 2B 81 04 00 1C', - 'name': 'secp128r1', - 'oid': (1, 3, 132, 0, 28)}, - (1, 3, 132, 0, 29): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp128r2 (1 3 132 0 29)', - 'hexoid': '06 05 2B 81 04 00 1D', - 'name': 'secp128r2', - 'oid': (1, 3, 132, 0, 29)}, - (1, 3, 132, 0, 30): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp160r2 (1 3 132 0 30)', - 'hexoid': '06 05 2B 81 04 00 1E', - 'name': 'secp160r2', - 'oid': (1, 3, 132, 0, 30)}, - (1, 3, 132, 0, 31): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp192k1 (1 3 132 0 31)', - 'hexoid': '06 05 2B 81 04 00 1F', - 'name': 'secp192k1', - 'oid': (1, 3, 132, 0, 31)}, - (1, 3, 132, 0, 32): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp224k1 (1 3 132 0 32)', - 'hexoid': '06 05 2B 81 04 00 20', - 'name': 'secp224k1', - 'oid': (1, 3, 132, 0, 32)}, - (1, 3, 132, 0, 33): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp224r1 (1 3 132 0 33)', - 'hexoid': '06 05 2B 81 04 00 21', - 'name': 'secp224r1', - 'oid': (1, 3, 132, 0, 33)}, - (1, 3, 132, 0, 34): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp384r1 (1 3 132 0 34)', - 'hexoid': '06 05 2B 81 04 00 22', - 'name': 'secp384r1', - 'oid': (1, 3, 132, 0, 34)}, - (1, 3, 132, 0, 35): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'secp521r1 (1 3 132 0 35)', - 'hexoid': '06 05 2B 81 04 00 23', - 'name': 'secp521r1', - 'oid': (1, 3, 132, 0, 35)}, - (1, 3, 132, 0, 36): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect409k1 (1 3 132 0 36)', - 'hexoid': '06 05 2B 81 04 00 24', - 'name': 'sect409k1', - 'oid': (1, 3, 132, 0, 36)}, - (1, 3, 132, 0, 37): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect409r1 (1 3 132 0 37)', - 'hexoid': '06 05 2B 81 04 00 25', - 'name': 'sect409r1', - 'oid': (1, 3, 132, 0, 37)}, - (1, 3, 132, 0, 38): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect571k1 (1 3 132 0 38)', - 'hexoid': '06 05 2B 81 04 00 26', - 'name': 'sect571k1', - 'oid': (1, 3, 132, 0, 38)}, - (1, 3, 132, 0, 39): {'comment': 'SECG (Certicom) named elliptic curve', - 'description': 'sect571r1 (1 3 132 0 39)', - 'hexoid': '06 05 2B 81 04 00 27', - 'name': 'sect571r1', - 'oid': (1, 3, 132, 0, 39)}, - (2, 5, 4, 0): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'objectClass (2 5 4 0)', - 'hexoid': '06 03 55 04 00', - 'name': 'objectClass', - 'oid': (2, 5, 4, 0)}, - (2, 5, 4, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'aliasedEntryName (2 5 4 1)', - 'hexoid': '06 03 55 04 01', - 'name': 'aliasedEntryName', - 'oid': (2, 5, 4, 1)}, - (2, 5, 4, 2): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'knowledgeInformation (2 5 4 2)', - 'hexoid': '06 03 55 04 02', - 'name': 'knowledgeInformation', - 'oid': (2, 5, 4, 2)}, - (2, 5, 4, 3): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'commonName (2 5 4 3)', - 'hexoid': '06 03 55 04 03', - 'name': 'commonName', - 'oid': (2, 5, 4, 3)}, - (2, 5, 4, 4): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'surname (2 5 4 4)', - 'hexoid': '06 03 55 04 04', - 'name': 'surname', - 'oid': (2, 5, 4, 4)}, - (2, 5, 4, 5): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'serialNumber (2 5 4 5)', - 'hexoid': '06 03 55 04 05', - 'name': 'serialNumber', - 'oid': (2, 5, 4, 5)}, - (2, 5, 4, 6): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'countryName (2 5 4 6)', - 'hexoid': '06 03 55 04 06', - 'name': 'countryName', - 'oid': (2, 5, 4, 6)}, - (2, 5, 4, 7): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'localityName (2 5 4 7)', - 'hexoid': '06 03 55 04 07', - 'name': 'localityName', - 'oid': (2, 5, 4, 7)}, - (2, 5, 4, 7, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveLocalityName (2 5 4 7 1)', - 'hexoid': '06 04 55 04 07 01', - 'name': 'collectiveLocalityName', - 'oid': (2, 5, 4, 7, 1)}, - (2, 5, 4, 8): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'stateOrProvinceName (2 5 4 8)', - 'hexoid': '06 03 55 04 08', - 'name': 'stateOrProvinceName', - 'oid': (2, 5, 4, 8)}, - (2, 5, 4, 8, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveStateOrProvinceName (2 5 4 8 1)', - 'hexoid': '06 04 55 04 08 01', - 'name': 'collectiveStateOrProvinceName', - 'oid': (2, 5, 4, 8, 1)}, - (2, 5, 4, 9): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'streetAddress (2 5 4 9)', - 'hexoid': '06 03 55 04 09', - 'name': 'streetAddress', - 'oid': (2, 5, 4, 9)}, - (2, 5, 4, 9, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveStreetAddress (2 5 4 9 1)', - 'hexoid': '06 04 55 04 09 01', - 'name': 'collectiveStreetAddress', - 'oid': (2, 5, 4, 9, 1)}, - (2, 5, 4, 10): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'organizationName (2 5 4 10)', - 'hexoid': '06 03 55 04 0A', - 'name': 'organizationName', - 'oid': (2, 5, 4, 10)}, - (2, 5, 4, 10, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveOrganizationName (2 5 4 10 1)', - 'hexoid': '06 04 55 04 0A 01', - 'name': 'collectiveOrganizationName', - 'oid': (2, 5, 4, 10, 1)}, - (2, 5, 4, 11): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'organizationalUnitName (2 5 4 11)', - 'hexoid': '06 03 55 04 0B', - 'name': 'organizationalUnitName', - 'oid': (2, 5, 4, 11)}, - (2, 5, 4, 11, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveOrganizationalUnitName (2 5 4 11 1)', - 'hexoid': '06 04 55 04 0B 01', - 'name': 'collectiveOrganizationalUnitName', - 'oid': (2, 5, 4, 11, 1)}, - (2, 5, 4, 12): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'title (2 5 4 12)', - 'hexoid': '06 03 55 04 0C', - 'name': 'title', - 'oid': (2, 5, 4, 12)}, - (2, 5, 4, 13): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'description (2 5 4 13)', - 'hexoid': '06 03 55 04 0D', - 'name': 'description', - 'oid': (2, 5, 4, 13)}, - (2, 5, 4, 14): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'searchGuide (2 5 4 14)', - 'hexoid': '06 03 55 04 0E', - 'name': 'searchGuide', - 'oid': (2, 5, 4, 14)}, - (2, 5, 4, 15): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'businessCategory (2 5 4 15)', - 'hexoid': '06 03 55 04 0F', - 'name': 'businessCategory', - 'oid': (2, 5, 4, 15)}, - (2, 5, 4, 16): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'postalAddress (2 5 4 16)', - 'hexoid': '06 03 55 04 10', - 'name': 'postalAddress', - 'oid': (2, 5, 4, 16)}, - (2, 5, 4, 16, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePostalAddress (2 5 4 16 1)', - 'hexoid': '06 04 55 04 10 01', - 'name': 'collectivePostalAddress', - 'oid': (2, 5, 4, 16, 1)}, - (2, 5, 4, 17): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'postalCode (2 5 4 17)', - 'hexoid': '06 03 55 04 11', - 'name': 'postalCode', - 'oid': (2, 5, 4, 17)}, - (2, 5, 4, 17, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePostalCode (2 5 4 17 1)', - 'hexoid': '06 04 55 04 11 01', - 'name': 'collectivePostalCode', - 'oid': (2, 5, 4, 17, 1)}, - (2, 5, 4, 18): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'postOfficeBox (2 5 4 18)', - 'hexoid': '06 03 55 04 12', - 'name': 'postOfficeBox', - 'oid': (2, 5, 4, 18)}, - (2, 5, 4, 18, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePostOfficeBox (2 5 4 18 1)', - 'hexoid': '06 04 55 04 12 01', - 'name': 'collectivePostOfficeBox', - 'oid': (2, 5, 4, 18, 1)}, - (2, 5, 4, 19): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'physicalDeliveryOfficeName (2 5 4 19)', - 'hexoid': '06 03 55 04 13', - 'name': 'physicalDeliveryOfficeName', - 'oid': (2, 5, 4, 19)}, - (2, 5, 4, 19, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectivePhysicalDeliveryOfficeName (2 5 4 19 1)', - 'hexoid': '06 04 55 04 13 01', - 'name': 'collectivePhysicalDeliveryOfficeName', - 'oid': (2, 5, 4, 19, 1)}, - (2, 5, 4, 20): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'telephoneNumber (2 5 4 20)', - 'hexoid': '06 03 55 04 14', - 'name': 'telephoneNumber', - 'oid': (2, 5, 4, 20)}, - (2, 5, 4, 20, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveTelephoneNumber (2 5 4 20 1)', - 'hexoid': '06 04 55 04 14 01', - 'name': 'collectiveTelephoneNumber', - 'oid': (2, 5, 4, 20, 1)}, - (2, 5, 4, 21): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'telexNumber (2 5 4 21)', - 'hexoid': '06 03 55 04 15', - 'name': 'telexNumber', - 'oid': (2, 5, 4, 21)}, - (2, 5, 4, 21, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveTelexNumber (2 5 4 21 1)', - 'hexoid': '06 04 55 04 15 01', - 'name': 'collectiveTelexNumber', - 'oid': (2, 5, 4, 21, 1)}, - (2, 5, 4, 22): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'teletexTerminalIdentifier (2 5 4 22)', - 'hexoid': '06 03 55 04 16', - 'name': 'teletexTerminalIdentifier', - 'oid': (2, 5, 4, 22)}, - (2, 5, 4, 22, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveTeletexTerminalIdentifier (2 5 4 22 1)', - 'hexoid': '06 04 55 04 16 01', - 'name': 'collectiveTeletexTerminalIdentifier', - 'oid': (2, 5, 4, 22, 1)}, - (2, 5, 4, 23): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'facsimileTelephoneNumber (2 5 4 23)', - 'hexoid': '06 03 55 04 17', - 'name': 'facsimileTelephoneNumber', - 'oid': (2, 5, 4, 23)}, - (2, 5, 4, 23, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveFacsimileTelephoneNumber (2 5 4 23 1)', - 'hexoid': '06 04 55 04 17 01', - 'name': 'collectiveFacsimileTelephoneNumber', - 'oid': (2, 5, 4, 23, 1)}, - (2, 5, 4, 24): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'x121Address (2 5 4 24)', - 'hexoid': '06 03 55 04 18', - 'name': 'x121Address', - 'oid': (2, 5, 4, 24)}, - (2, 5, 4, 25): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'internationalISDNNumber (2 5 4 25)', - 'hexoid': '06 03 55 04 19', - 'name': 'internationalISDNNumber', - 'oid': (2, 5, 4, 25)}, - (2, 5, 4, 25, 1): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'collectiveInternationalISDNNumber (2 5 4 25 1)', - 'hexoid': '06 04 55 04 19 01', - 'name': 'collectiveInternationalISDNNumber', - 'oid': (2, 5, 4, 25, 1)}, - (2, 5, 4, 26): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'registeredAddress (2 5 4 26)', - 'hexoid': '06 03 55 04 1A', - 'name': 'registeredAddress', - 'oid': (2, 5, 4, 26)}, - (2, 5, 4, 27): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'destinationIndicator (2 5 4 27)', - 'hexoid': '06 03 55 04 1B', - 'name': 'destinationIndicator', - 'oid': (2, 5, 4, 27)}, - (2, 5, 4, 28): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'preferredDeliveryMehtod (2 5 4 28)', - 'hexoid': '06 03 55 04 1C', - 'name': 'preferredDeliveryMehtod', - 'oid': (2, 5, 4, 28)}, - (2, 5, 4, 29): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'presentationAddress (2 5 4 29)', - 'hexoid': '06 03 55 04 1D', - 'name': 'presentationAddress', - 'oid': (2, 5, 4, 29)}, - (2, 5, 4, 30): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'supportedApplicationContext (2 5 4 30)', - 'hexoid': '06 03 55 04 1E', - 'name': 'supportedApplicationContext', - 'oid': (2, 5, 4, 30)}, - (2, 5, 4, 31): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'member (2 5 4 31)', - 'hexoid': '06 03 55 04 1F', - 'name': 'member', - 'oid': (2, 5, 4, 31)}, - (2, 5, 4, 32): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'owner (2 5 4 32)', - 'hexoid': '06 03 55 04 20', - 'name': 'owner', - 'oid': (2, 5, 4, 32)}, - (2, 5, 4, 33): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'roleOccupant (2 5 4 33)', - 'hexoid': '06 03 55 04 21', - 'name': 'roleOccupant', - 'oid': (2, 5, 4, 33)}, - (2, 5, 4, 34): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'seeAlso (2 5 4 34)', - 'hexoid': '06 03 55 04 22', - 'name': 'seeAlso', - 'oid': (2, 5, 4, 34)}, - (2, 5, 4, 35): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'userPassword (2 5 4 35)', - 'hexoid': '06 03 55 04 23', - 'name': 'userPassword', - 'oid': (2, 5, 4, 35)}, - (2, 5, 4, 36): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'userCertificate (2 5 4 36)', - 'hexoid': '06 03 55 04 24', - 'name': 'userCertificate', - 'oid': (2, 5, 4, 36)}, - (2, 5, 4, 37): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'caCertificate (2 5 4 37)', - 'hexoid': '06 03 55 04 25', - 'name': 'caCertificate', - 'oid': (2, 5, 4, 37)}, - (2, 5, 4, 38): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'authorityRevocationList (2 5 4 38)', - 'hexoid': '06 03 55 04 26', - 'name': 'authorityRevocationList', - 'oid': (2, 5, 4, 38)}, - (2, 5, 4, 39): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'certificateRevocationList (2 5 4 39)', - 'hexoid': '06 03 55 04 27', - 'name': 'certificateRevocationList', - 'oid': (2, 5, 4, 39)}, - (2, 5, 4, 40): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'crossCertificatePair (2 5 4 40)', - 'hexoid': '06 03 55 04 28', - 'name': 'crossCertificatePair', - 'oid': (2, 5, 4, 40)}, - (2, 5, 4, 41): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'name (2 5 4 41)', - 'hexoid': '06 03 55 04 29', - 'name': 'name', - 'oid': (2, 5, 4, 41)}, - (2, 5, 4, 42): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'givenName (2 5 4 42)', - 'hexoid': '06 03 55 04 2A', - 'name': 'givenName', - 'oid': (2, 5, 4, 42)}, - (2, 5, 4, 43): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'initials (2 5 4 43)', - 'hexoid': '06 03 55 04 2B', - 'name': 'initials', - 'oid': (2, 5, 4, 43)}, - (2, 5, 4, 44): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'generationQualifier (2 5 4 44)', - 'hexoid': '06 03 55 04 2C', - 'name': 'generationQualifier', - 'oid': (2, 5, 4, 44)}, - (2, 5, 4, 45): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'uniqueIdentifier (2 5 4 45)', - 'hexoid': '06 03 55 04 2D', - 'name': 'uniqueIdentifier', - 'oid': (2, 5, 4, 45)}, - (2, 5, 4, 46): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'dnQualifier (2 5 4 46)', - 'hexoid': '06 03 55 04 2E', - 'name': 'dnQualifier', - 'oid': (2, 5, 4, 46)}, - (2, 5, 4, 47): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'enhancedSearchGuide (2 5 4 47)', - 'hexoid': '06 03 55 04 2F', - 'name': 'enhancedSearchGuide', - 'oid': (2, 5, 4, 47)}, - (2, 5, 4, 48): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'protocolInformation (2 5 4 48)', - 'hexoid': '06 03 55 04 30', - 'name': 'protocolInformation', - 'oid': (2, 5, 4, 48)}, - (2, 5, 4, 49): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'distinguishedName (2 5 4 49)', - 'hexoid': '06 03 55 04 31', - 'name': 'distinguishedName', - 'oid': (2, 5, 4, 49)}, - (2, 5, 4, 50): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'uniqueMember (2 5 4 50)', - 'hexoid': '06 03 55 04 32', - 'name': 'uniqueMember', - 'oid': (2, 5, 4, 50)}, - (2, 5, 4, 51): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'houseIdentifier (2 5 4 51)', - 'hexoid': '06 03 55 04 33', - 'name': 'houseIdentifier', - 'oid': (2, 5, 4, 51)}, - (2, 5, 4, 52): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'supportedAlgorithms (2 5 4 52)', - 'hexoid': '06 03 55 04 34', - 'name': 'supportedAlgorithms', - 'oid': (2, 5, 4, 52)}, - (2, 5, 4, 53): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'deltaRevocationList (2 5 4 53)', - 'hexoid': '06 03 55 04 35', - 'name': 'deltaRevocationList', - 'oid': (2, 5, 4, 53)}, - (2, 5, 4, 54): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'dmdName (2 5 4 54)', - 'hexoid': '06 03 55 04 36', - 'name': 'dmdName', - 'oid': (2, 5, 4, 54)}, - (2, 5, 4, 55): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'clearance (2 5 4 55)', - 'hexoid': '06 03 55 04 37', - 'name': 'clearance', - 'oid': (2, 5, 4, 55)}, - (2, 5, 4, 56): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'defaultDirQop (2 5 4 56)', - 'hexoid': '06 03 55 04 38', - 'name': 'defaultDirQop', - 'oid': (2, 5, 4, 56)}, - (2, 5, 4, 57): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeIntegrityInfo (2 5 4 57)', - 'hexoid': '06 03 55 04 39', - 'name': 'attributeIntegrityInfo', - 'oid': (2, 5, 4, 57)}, - (2, 5, 4, 58): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeCertificate (2 5 4 58)', - 'hexoid': '06 03 55 04 3A', - 'name': 'attributeCertificate', - 'oid': (2, 5, 4, 58)}, - (2, 5, 4, 59): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeCertificateRevocationList (2 5 4 59)', - 'hexoid': '06 03 55 04 3B', - 'name': 'attributeCertificateRevocationList', - 'oid': (2, 5, 4, 59)}, - (2, 5, 4, 60): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'confKeyInfo (2 5 4 60)', - 'hexoid': '06 03 55 04 3C', - 'name': 'confKeyInfo', - 'oid': (2, 5, 4, 60)}, - (2, 5, 4, 61): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'aACertificate (2 5 4 61)', - 'hexoid': '06 03 55 04 3D', - 'name': 'aACertificate', - 'oid': (2, 5, 4, 61)}, - (2, 5, 4, 62): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeDescriptorCertificate (2 5 4 62)', - 'hexoid': '06 03 55 04 3E', - 'name': 'attributeDescriptorCertificate', - 'oid': (2, 5, 4, 62)}, - (2, 5, 4, 63): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'attributeAuthorityRevocationList (2 5 4 63)', - 'hexoid': '06 03 55 04 3F', - 'name': 'attributeAuthorityRevocationList', - 'oid': (2, 5, 4, 63)}, - (2, 5, 4, 64): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'familyInformation (2 5 4 64)', - 'hexoid': '06 03 55 04 40', - 'name': 'familyInformation', - 'oid': (2, 5, 4, 64)}, - (2, 5, 4, 65): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'pseudonym (2 5 4 65)', - 'hexoid': '06 03 55 04 41', - 'name': 'pseudonym', - 'oid': (2, 5, 4, 65)}, - (2, 5, 4, 66): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'communicationsService (2 5 4 66)', - 'hexoid': '06 03 55 04 42', - 'name': 'communicationsService', - 'oid': (2, 5, 4, 66)}, - (2, 5, 4, 67): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'communicationsNetwork (2 5 4 67)', - 'hexoid': '06 03 55 04 43', - 'name': 'communicationsNetwork', - 'oid': (2, 5, 4, 67)}, - (2, 5, 4, 68): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'certificationPracticeStmt (2 5 4 68)', - 'hexoid': '06 03 55 04 44', - 'name': 'certificationPracticeStmt', - 'oid': (2, 5, 4, 68)}, - (2, 5, 4, 69): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'certificatePolicy (2 5 4 69)', - 'hexoid': '06 03 55 04 45', - 'name': 'certificatePolicy', - 'oid': (2, 5, 4, 69)}, - (2, 5, 4, 70): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'pkiPath (2 5 4 70)', - 'hexoid': '06 03 55 04 46', - 'name': 'pkiPath', - 'oid': (2, 5, 4, 70)}, - (2, 5, 4, 71): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'privPolicy (2 5 4 71)', - 'hexoid': '06 03 55 04 47', - 'name': 'privPolicy', - 'oid': (2, 5, 4, 71)}, - (2, 5, 4, 72): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'role (2 5 4 72)', - 'hexoid': '06 03 55 04 48', - 'name': 'role', - 'oid': (2, 5, 4, 72)}, - (2, 5, 4, 73): {'comment': 'X.520 id-at (2 5 4)', - 'description': 'delegationPath (2 5 4 73)', - 'hexoid': '06 03 55 04 49', - 'name': 'delegationPath', - 'oid': (2, 5, 4, 73)}, - (2, 5, 6, 0): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'top (2 5 6 0)', - 'hexoid': '06 03 55 06 00', - 'name': 'top', - 'oid': (2, 5, 6, 0)}, - (2, 5, 6, 1): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'alias (2 5 6 1)', - 'hexoid': '06 03 55 06 01', - 'name': 'alias', - 'oid': (2, 5, 6, 1)}, - (2, 5, 6, 2): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'country (2 5 6 2)', - 'hexoid': '06 03 55 06 02', - 'name': 'country', - 'oid': (2, 5, 6, 2)}, - (2, 5, 6, 3): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'locality (2 5 6 3)', - 'hexoid': '06 03 55 06 03', - 'name': 'locality', - 'oid': (2, 5, 6, 3)}, - (2, 5, 6, 4): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organization (2 5 6 4)', - 'hexoid': '06 03 55 06 04', - 'name': 'organization', - 'oid': (2, 5, 6, 4)}, - (2, 5, 6, 5): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organizationalUnit (2 5 6 5)', - 'hexoid': '06 03 55 06 05', - 'name': 'organizationalUnit', - 'oid': (2, 5, 6, 5)}, - (2, 5, 6, 6): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'person (2 5 6 6)', - 'hexoid': '06 03 55 06 06', - 'name': 'person', - 'oid': (2, 5, 6, 6)}, - (2, 5, 6, 7): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organizationalPerson (2 5 6 7)', - 'hexoid': '06 03 55 06 07', - 'name': 'organizationalPerson', - 'oid': (2, 5, 6, 7)}, - (2, 5, 6, 8): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'organizationalRole (2 5 6 8)', - 'hexoid': '06 03 55 06 08', - 'name': 'organizationalRole', - 'oid': (2, 5, 6, 8)}, - (2, 5, 6, 9): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'groupOfNames (2 5 6 9)', - 'hexoid': '06 03 55 06 09', - 'name': 'groupOfNames', - 'oid': (2, 5, 6, 9)}, - (2, 5, 6, 10): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'residentialPerson (2 5 6 10)', - 'hexoid': '06 03 55 06 0A', - 'name': 'residentialPerson', - 'oid': (2, 5, 6, 10)}, - (2, 5, 6, 11): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'applicationProcess (2 5 6 11)', - 'hexoid': '06 03 55 06 0B', - 'name': 'applicationProcess', - 'oid': (2, 5, 6, 11)}, - (2, 5, 6, 12): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'applicationEntity (2 5 6 12)', - 'hexoid': '06 03 55 06 0C', - 'name': 'applicationEntity', - 'oid': (2, 5, 6, 12)}, - (2, 5, 6, 13): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'dSA (2 5 6 13)', - 'hexoid': '06 03 55 06 0D', - 'name': 'dSA', - 'oid': (2, 5, 6, 13)}, - (2, 5, 6, 14): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'device (2 5 6 14)', - 'hexoid': '06 03 55 06 0E', - 'name': 'device', - 'oid': (2, 5, 6, 14)}, - (2, 5, 6, 15): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'strongAuthenticationUser (2 5 6 15)', - 'hexoid': '06 03 55 06 0F', - 'name': 'strongAuthenticationUser', - 'oid': (2, 5, 6, 15)}, - (2, 5, 6, 16): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'certificateAuthority (2 5 6 16)', - 'hexoid': '06 03 55 06 10', - 'name': 'certificateAuthority', - 'oid': (2, 5, 6, 16)}, - (2, 5, 6, 17): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'groupOfUniqueNames (2 5 6 17)', - 'hexoid': '06 03 55 06 11', - 'name': 'groupOfUniqueNames', - 'oid': (2, 5, 6, 17)}, - (2, 5, 6, 21): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'pkiUser (2 5 6 21)', - 'hexoid': '06 03 55 06 15', - 'name': 'pkiUser', - 'oid': (2, 5, 6, 21)}, - (2, 5, 6, 22): {'comment': 'X.520 objectClass (2 5 6)', - 'description': 'pkiCA (2 5 6 22)', - 'hexoid': '06 03 55 06 16', - 'name': 'pkiCA', - 'oid': (2, 5, 6, 22)}, - (2, 5, 8): {'description': 'X.500-Algorithms (2 5 8)', - 'hexoid': '06 02 55 08', - 'name': 'X.500-Algorithms', - 'oid': (2, 5, 8)}, - (2, 5, 8, 1): {'description': 'X.500-Alg-Encryption (2 5 8 1)', - 'hexoid': '06 03 55 08 01', - 'name': 'X.500-Alg-Encryption', - 'oid': (2, 5, 8, 1)}, - (2, 5, 29, 9): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'subjectDirectoryAttributes (2 5 29 9)', - 'hexoid': '06 03 55 1D 09', - 'name': 'subjectDirectoryAttributes', - 'oid': (2, 5, 29, 9)}, - (2, 5, 29, 14): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'subjectKeyIdentifier (2 5 29 14)', - 'hexoid': '06 03 55 1D 0E', - 'name': 'subjectKeyIdentifier', - 'oid': (2, 5, 29, 14)}, - (2, 5, 29, 15): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'keyUsage (2 5 29 15)', - 'hexoid': '06 03 55 1D 0F', - 'name': 'keyUsage', - 'oid': (2, 5, 29, 15)}, - (2, 5, 29, 16): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'privateKeyUsagePeriod (2 5 29 16)', - 'hexoid': '06 03 55 1D 10', - 'name': 'privateKeyUsagePeriod', - 'oid': (2, 5, 29, 16)}, - (2, 5, 29, 17): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'subjectAltName (2 5 29 17)', - 'hexoid': '06 03 55 1D 11', - 'name': 'subjectAltName', - 'oid': (2, 5, 29, 17)}, - (2, 5, 29, 18): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'issuerAltName (2 5 29 18)', - 'hexoid': '06 03 55 1D 12', - 'name': 'issuerAltName', - 'oid': (2, 5, 29, 18)}, - (2, 5, 29, 19): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'basicConstraints (2 5 29 19)', - 'hexoid': '06 03 55 1D 13', - 'name': 'basicConstraints', - 'oid': (2, 5, 29, 19)}, - (2, 5, 29, 20): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'cRLNumber (2 5 29 20)', - 'hexoid': '06 03 55 1D 14', - 'name': 'cRLNumber', - 'oid': (2, 5, 29, 20)}, - (2, 5, 29, 21): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'cRLReason (2 5 29 21)', - 'hexoid': '06 03 55 1D 15', - 'name': 'cRLReason', - 'oid': (2, 5, 29, 21)}, - (2, 5, 29, 23): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'instructionCode (2 5 29 23)', - 'hexoid': '06 03 55 1D 17', - 'name': 'instructionCode', - 'oid': (2, 5, 29, 23)}, - (2, 5, 29, 24): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'invalidityDate (2 5 29 24)', - 'hexoid': '06 03 55 1D 18', - 'name': 'invalidityDate', - 'oid': (2, 5, 29, 24)}, - (2, 5, 29, 27): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'deltaCRLIndicator (2 5 29 27)', - 'hexoid': '06 03 55 1D 1B', - 'name': 'deltaCRLIndicator', - 'oid': (2, 5, 29, 27)}, - (2, 5, 29, 28): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'issuingDistributionPoint (2 5 29 28)', - 'hexoid': '06 03 55 1D 1C', - 'name': 'issuingDistributionPoint', - 'oid': (2, 5, 29, 28)}, - (2, 5, 29, 29): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'certificateIssuer (2 5 29 29)', - 'hexoid': '06 03 55 1D 1D', - 'name': 'certificateIssuer', - 'oid': (2, 5, 29, 29)}, - (2, 5, 29, 30): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'nameConstraints (2 5 29 30)', - 'hexoid': '06 03 55 1D 1E', - 'name': 'nameConstraints', - 'oid': (2, 5, 29, 30)}, - (2, 5, 29, 31): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'cRLDistributionPoints (2 5 29 31)', - 'hexoid': '06 03 55 1D 1F', - 'name': 'cRLDistributionPoints', - 'oid': (2, 5, 29, 31)}, - (2, 5, 29, 32): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'certificatePolicies (2 5 29 32)', - 'hexoid': '06 03 55 1D 20', - 'name': 'certificatePolicies', - 'oid': (2, 5, 29, 32)}, - (2, 5, 29, 32, 0): {'comment': 'X.509 certificatePolicies (2 5 29 32)', - 'description': 'anyPolicy (2 5 29 32 0)', - 'hexoid': '06 04 55 1D 20 00', - 'name': 'anyPolicy', - 'oid': (2, 5, 29, 32, 0)}, - (2, 5, 29, 33): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'policyMappings (2 5 29 33)', - 'hexoid': '06 03 55 1D 21', - 'name': 'policyMappings', - 'oid': (2, 5, 29, 33)}, - (2, 5, 29, 35): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'authorityKeyIdentifier (2 5 29 35)', - 'hexoid': '06 03 55 1D 23', - 'name': 'authorityKeyIdentifier', - 'oid': (2, 5, 29, 35)}, - (2, 5, 29, 36): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'policyConstraints (2 5 29 36)', - 'hexoid': '06 03 55 1D 24', - 'name': 'policyConstraints', - 'oid': (2, 5, 29, 36)}, - (2, 5, 29, 37): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'extKeyUsage (2 5 29 37)', - 'hexoid': '06 03 55 1D 25', - 'name': 'extKeyUsage', - 'oid': (2, 5, 29, 37)}, - (2, 5, 29, 37, 0): {'comment': 'X.509 extended key usage', - 'description': 'anyExtendedKeyUsage (2 5 29 37 0)', - 'hexoid': '06 04 55 1D 25 00', - 'name': 'anyExtendedKeyUsage', - 'oid': (2, 5, 29, 37, 0)}, - (2, 5, 29, 46): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'freshestCRL (2 5 29 46)', - 'hexoid': '06 03 55 1D 2E', - 'name': 'freshestCRL', - 'oid': (2, 5, 29, 46)}, - (2, 5, 29, 54): {'comment': 'X.509 id-ce (2 5 29)', - 'description': 'inhibitAnyPolicy (2 5 29 54)', - 'hexoid': '06 03 55 1D 36', - 'name': 'inhibitAnyPolicy', - 'oid': (2, 5, 29, 54)}, - (2, 16, 840, 1, 101, 2, 1, 1, 1): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 01', - 'name': 'sdnsSignatureAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 1)}, - (2, 16, 840, 1, 101, 2, 1, 1, 2): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1.', - 'description': 'fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 02', - 'name': 'fortezzaSignatureAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 2)}, - (2, 16, 840, 1, 101, 2, 1, 1, 3): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 03', - 'name': 'sdnsConfidentialityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 3)}, - (2, 16, 840, 1, 101, 2, 1, 1, 4): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm', - 'description': 'fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 04', - 'name': 'fortezzaConfidentialityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 4)}, - (2, 16, 840, 1, 101, 2, 1, 1, 5): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 05', - 'name': 'sdnsIntegrityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 5)}, - (2, 16, 840, 1, 101, 2, 1, 1, 6): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm', - 'description': 'fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 06', - 'name': 'fortezzaIntegrityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 6)}, - (2, 16, 840, 1, 101, 2, 1, 1, 7): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 07', - 'name': 'sdnsTokenProtectionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 7)}, - (2, 16, 840, 1, 101, 2, 1, 1, 8): {'comment': 'SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm', - 'description': 'fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 08', - 'name': 'fortezzaTokenProtectionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 8)}, - (2, 16, 840, 1, 101, 2, 1, 1, 9): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 09', - 'name': 'sdnsKeyManagementAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 9)}, - (2, 16, 840, 1, 101, 2, 1, 1, 10): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm', - 'description': 'fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0A', - 'name': 'fortezzaKeyManagementAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 10)}, - (2, 16, 840, 1, 101, 2, 1, 1, 11): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0B', - 'name': 'sdnsKMandSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 11)}, - (2, 16, 840, 1, 101, 2, 1, 1, 12): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm', - 'description': 'fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0C', - 'name': 'fortezzaKMandSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 12)}, - (2, 16, 840, 1, 101, 2, 1, 1, 13): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0D', - 'name': 'suiteASignatureAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 13)}, - (2, 16, 840, 1, 101, 2, 1, 1, 14): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0E', - 'name': 'suiteAConfidentialityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 14)}, - (2, 16, 840, 1, 101, 2, 1, 1, 15): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 0F', - 'name': 'suiteAIntegrityAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 15)}, - (2, 16, 840, 1, 101, 2, 1, 1, 16): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 10', - 'name': 'suiteATokenProtectionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 16)}, - (2, 16, 840, 1, 101, 2, 1, 1, 17): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 11', - 'name': 'suiteAKeyManagementAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 17)}, - (2, 16, 840, 1, 101, 2, 1, 1, 18): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'suiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 12', - 'name': 'suiteAKMandSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 18)}, - (2, 16, 840, 1, 101, 2, 1, 1, 19): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm', - 'description': 'fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 13', - 'name': 'fortezzaUpdatedSigAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 19)}, - (2, 16, 840, 1, 101, 2, 1, 1, 20): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms', - 'description': 'fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 14', - 'name': 'fortezzaKMandUpdSigAlgorithms', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 20)}, - (2, 16, 840, 1, 101, 2, 1, 1, 21): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm', - 'description': 'fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 15', - 'name': 'fortezzaUpdatedIntegAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 21)}, - (2, 16, 840, 1, 101, 2, 1, 1, 22): {'comment': 'SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm', - 'description': 'keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 16', - 'name': 'keyExchangeAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 22)}, - (2, 16, 840, 1, 101, 2, 1, 1, 23): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'fortezzaWrap80Algorithm (2 16 840 1 101 2 1 1 23)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 17', - 'name': 'fortezzaWrap80Algorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 23)}, - (2, 16, 840, 1, 101, 2, 1, 1, 24): {'comment': 'SDN.700 INFOSEC algorithms', - 'description': 'kEAKeyEncryptionAlgorithm (2 16 840 1 101 2 1 1 24)', - 'hexoid': '06 09 60 86 48 01 65 02 01 01 18', - 'name': 'kEAKeyEncryptionAlgorithm', - 'oid': (2, 16, 840, 1, 101, 2, 1, 1, 24)}, - (2, 16, 840, 1, 101, 2, 1, 2, 1): {'comment': 'SDN.700 INFOSEC format', - 'description': 'rfc822MessageFormat (2 16 840 1 101 2 1 2 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 01', - 'name': 'rfc822MessageFormat', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 1)}, - (2, 16, 840, 1, 101, 2, 1, 2, 2): {'comment': 'SDN.700 INFOSEC format', - 'description': 'emptyContent (2 16 840 1 101 2 1 2 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 02', - 'name': 'emptyContent', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 2)}, - (2, 16, 840, 1, 101, 2, 1, 2, 3): {'comment': 'SDN.700 INFOSEC format', - 'description': 'cspContentType (2 16 840 1 101 2 1 2 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 03', - 'name': 'cspContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 3)}, - (2, 16, 840, 1, 101, 2, 1, 2, 42): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspRev3ContentType (2 16 840 1 101 2 1 2 42)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 2A', - 'name': 'mspRev3ContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 42)}, - (2, 16, 840, 1, 101, 2, 1, 2, 48): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspContentType (2 16 840 1 101 2 1 2 48)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 30', - 'name': 'mspContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 48)}, - (2, 16, 840, 1, 101, 2, 1, 2, 49): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspRekeyAgentProtocol (2 16 840 1 101 2 1 2 49)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 31', - 'name': 'mspRekeyAgentProtocol', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 49)}, - (2, 16, 840, 1, 101, 2, 1, 2, 50): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspMMP (2 16 840 1 101 2 1 2 50)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 32', - 'name': 'mspMMP', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 50)}, - (2, 16, 840, 1, 101, 2, 1, 2, 66): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspRev3-1ContentType (2 16 840 1 101 2 1 2 66)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 42', - 'name': 'mspRev3-1ContentType', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 66)}, - (2, 16, 840, 1, 101, 2, 1, 2, 72): {'comment': 'SDN.700 INFOSEC format', - 'description': 'forwardedMSPMessageBodyPart (2 16 840 1 101 2 1 2 72)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 48', - 'name': 'forwardedMSPMessageBodyPart', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 72)}, - (2, 16, 840, 1, 101, 2, 1, 2, 73): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspForwardedMessageParameters (2 16 840 1 101 2 1 2 73)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 49', - 'name': 'mspForwardedMessageParameters', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 73)}, - (2, 16, 840, 1, 101, 2, 1, 2, 74): {'comment': 'SDN.700 INFOSEC format', - 'description': 'forwardedCSPMsgBodyPart (2 16 840 1 101 2 1 2 74)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 4A', - 'name': 'forwardedCSPMsgBodyPart', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 74)}, - (2, 16, 840, 1, 101, 2, 1, 2, 75): {'comment': 'SDN.700 INFOSEC format', - 'description': 'cspForwardedMessageParameters (2 16 840 1 101 2 1 2 75)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 4B', - 'name': 'cspForwardedMessageParameters', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 75)}, - (2, 16, 840, 1, 101, 2, 1, 2, 76): {'comment': 'SDN.700 INFOSEC format', - 'description': 'mspMMP2 (2 16 840 1 101 2 1 2 76)', - 'hexoid': '06 09 60 86 48 01 65 02 01 02 4C', - 'name': 'mspMMP2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 2, 76)}, - (2, 16, 840, 1, 101, 2, 1, 3, 1): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'sdnsSecurityPolicy (2 16 840 1 101 2 1 3 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 01', - 'name': 'sdnsSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 1)}, - (2, 16, 840, 1, 101, 2, 1, 3, 2): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'sdnsPRBAC (2 16 840 1 101 2 1 3 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 02', - 'name': 'sdnsPRBAC', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 2)}, - (2, 16, 840, 1, 101, 2, 1, 3, 3): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'mosaicPRBAC (2 16 840 1 101 2 1 3 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 03', - 'name': 'mosaicPRBAC', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 3)}, - (2, 16, 840, 1, 101, 2, 1, 3, 10): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'siSecurityPolicy (2 16 840 1 101 2 1 3 10)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0A', - 'name': 'siSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 10)}, - (2, 16, 840, 1, 101, 2, 1, 3, 11): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'genser (2 16 840 1 101 2 1 3 11)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0B', - 'name': 'genser', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 11)}, - (2, 16, 840, 1, 101, 2, 1, 3, 11, 3): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'genserSecurityCategories (2 16 840 1 101 2 1 3 11 3)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 03 0B 03', - 'name': 'genserSecurityCategories', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 11, - 3)}, - (2, 16, 840, 1, 101, 2, 1, 3, 11, 3, 0): {'comment': 'SDN.700 INFOSEC GENSER policy', - 'description': 'genserTagSetName (2 16 840 1 101 2 1 3 11 3 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0B 03 00', - 'name': 'genserTagSetName', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 11, - 3, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 3, 12): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'defaultSecurityPolicy (2 16 840 1 101 2 1 3 12)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0C', - 'name': 'defaultSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 12)}, - (2, 16, 840, 1, 101, 2, 1, 3, 13): {'comment': 'SDN.700 INFOSEC policy', - 'description': 'capcoMarkings (2 16 840 1 101 2 1 3 13)', - 'hexoid': '06 09 60 86 48 01 65 02 01 03 0D', - 'name': 'capcoMarkings', - 'oid': (2, 16, 840, 1, 101, 2, 1, 3, 13)}, - (2, 16, 840, 1, 101, 2, 1, 3, 13, 0): {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoSecurityCategories (2 16 840 1 101 2 1 3 13 0)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 03 0D 00', - 'name': 'capcoSecurityCategories', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 13, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 1): {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName1 (2 16 840 1 101 2 1 3 13 0 1)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 01', - 'name': 'capcoTagSetName1', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 13, - 0, - 1)}, - (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 2): {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName2 (2 16 840 1 101 2 1 3 13 0 2)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 02', - 'name': 'capcoTagSetName2', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 13, - 0, - 2)}, - (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 3): {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName3 (2 16 840 1 101 2 1 3 13 0 3)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 03', - 'name': 'capcoTagSetName3', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 13, - 0, - 3)}, - (2, 16, 840, 1, 101, 2, 1, 3, 13, 0, 4): {'comment': 'SDN.700 INFOSEC policy CAPCO markings', - 'description': 'capcoTagSetName4 (2 16 840 1 101 2 1 3 13 0 4)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 03 0D 00 04', - 'name': 'capcoTagSetName4', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 3, - 13, - 0, - 4)}, - (2, 16, 840, 1, 101, 2, 1, 5, 11): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mlReceiptPolicy (2 16 840 1 101 2 1 5 11)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0B', - 'name': 'mlReceiptPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 11)}, - (2, 16, 840, 1, 101, 2, 1, 5, 12): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mlMembership (2 16 840 1 101 2 1 5 12)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0C', - 'name': 'mlMembership', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 12)}, - (2, 16, 840, 1, 101, 2, 1, 5, 13): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mlAdministrators (2 16 840 1 101 2 1 5 13)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0D', - 'name': 'mlAdministrators', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 13)}, - (2, 16, 840, 1, 101, 2, 1, 5, 14): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'alid (2 16 840 1 101 2 1 5 14)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 0E', - 'name': 'alid', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 14)}, - (2, 16, 840, 1, 101, 2, 1, 5, 20): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'janUKMs (2 16 840 1 101 2 1 5 20)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 14', - 'name': 'janUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 20)}, - (2, 16, 840, 1, 101, 2, 1, 5, 21): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'febUKMs (2 16 840 1 101 2 1 5 21)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 15', - 'name': 'febUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 21)}, - (2, 16, 840, 1, 101, 2, 1, 5, 22): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'marUKMs (2 16 840 1 101 2 1 5 22)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 16', - 'name': 'marUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 22)}, - (2, 16, 840, 1, 101, 2, 1, 5, 23): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'aprUKMs (2 16 840 1 101 2 1 5 23)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 17', - 'name': 'aprUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 23)}, - (2, 16, 840, 1, 101, 2, 1, 5, 24): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'mayUKMs (2 16 840 1 101 2 1 5 24)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 18', - 'name': 'mayUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 24)}, - (2, 16, 840, 1, 101, 2, 1, 5, 25): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'junUKMs (2 16 840 1 101 2 1 5 25)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 19', - 'name': 'junUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 25)}, - (2, 16, 840, 1, 101, 2, 1, 5, 26): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'julUKMs (2 16 840 1 101 2 1 5 26)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1A', - 'name': 'julUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 26)}, - (2, 16, 840, 1, 101, 2, 1, 5, 27): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'augUKMs (2 16 840 1 101 2 1 5 27)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1B', - 'name': 'augUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 27)}, - (2, 16, 840, 1, 101, 2, 1, 5, 28): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sepUKMs (2 16 840 1 101 2 1 5 28)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1C', - 'name': 'sepUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 28)}, - (2, 16, 840, 1, 101, 2, 1, 5, 29): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'octUKMs (2 16 840 1 101 2 1 5 29)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1D', - 'name': 'octUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 29)}, - (2, 16, 840, 1, 101, 2, 1, 5, 30): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'novUKMs (2 16 840 1 101 2 1 5 30)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1E', - 'name': 'novUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 30)}, - (2, 16, 840, 1, 101, 2, 1, 5, 31): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'decUKMs (2 16 840 1 101 2 1 5 31)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 1F', - 'name': 'decUKMs', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 31)}, - (2, 16, 840, 1, 101, 2, 1, 5, 40): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'metaSDNSckl (2 16 840 1 101 2 1 5 40)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 28', - 'name': 'metaSDNSckl', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 40)}, - (2, 16, 840, 1, 101, 2, 1, 5, 41): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sdnsCKL (2 16 840 1 101 2 1 5 41)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 29', - 'name': 'sdnsCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 41)}, - (2, 16, 840, 1, 101, 2, 1, 5, 42): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'metaSDNSsignatureCKL (2 16 840 1 101 2 1 5 42)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2A', - 'name': 'metaSDNSsignatureCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 42)}, - (2, 16, 840, 1, 101, 2, 1, 5, 43): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sdnsSignatureCKL (2 16 840 1 101 2 1 5 43)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2B', - 'name': 'sdnsSignatureCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 43)}, - (2, 16, 840, 1, 101, 2, 1, 5, 44): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sdnsCertificateRevocationList (2 16 840 1 101 2 1 5 44)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2C', - 'name': 'sdnsCertificateRevocationList', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 44)}, - (2, 16, 840, 1, 101, 2, 1, 5, 46): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'fortezzaCKL (2 16 840 1 101 2 1 5 46)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2E', - 'name': 'fortezzaCKL', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 46)}, - (2, 16, 840, 1, 101, 2, 1, 5, 47): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'alExemptedAddressProcessor (2 16 840 1 101 2 1 5 47)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 2F', - 'name': 'alExemptedAddressProcessor', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 47)}, - (2, 16, 840, 1, 101, 2, 1, 5, 53): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'prbacInfo (2 16 840 1 101 2 1 5 53)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 35', - 'name': 'prbacInfo', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 53)}, - (2, 16, 840, 1, 101, 2, 1, 5, 54): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'prbacCAConstraints (2 16 840 1 101 2 1 5 54)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 36', - 'name': 'prbacCAConstraints', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 54)}, - (2, 16, 840, 1, 101, 2, 1, 5, 55): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'sigOrKMPrivileges (2 16 840 1 101 2 1 5 55)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 37', - 'name': 'sigOrKMPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 55)}, - (2, 16, 840, 1, 101, 2, 1, 5, 56): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'commPrivileges (2 16 840 1 101 2 1 5 56)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 38', - 'name': 'commPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 56)}, - (2, 16, 840, 1, 101, 2, 1, 5, 57): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'labeledAttribute (2 16 840 1 101 2 1 5 57)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 39', - 'name': 'labeledAttribute', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 57)}, - (2, 16, 840, 1, 101, 2, 1, 5, 59): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'secPolicyInformationFile (2 16 840 1 101 2 1 5 59)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 3B', - 'name': 'secPolicyInformationFile', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 59)}, - (2, 16, 840, 1, 101, 2, 1, 5, 60): {'comment': 'SDN.700 INFOSEC attributes', - 'description': 'cAClearanceConstraint (2 16 840 1 101 2 1 5 60)', - 'hexoid': '06 09 60 86 48 01 65 02 01 05 3C', - 'name': 'cAClearanceConstraint', - 'oid': (2, 16, 840, 1, 101, 2, 1, 5, 60)}, - (2, 16, 840, 1, 101, 2, 1, 7, 1): {'comment': 'SDN.700 INFOSEC extensions', - 'description': 'cspExtns (2 16 840 1 101 2 1 7 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 07 01', - 'name': 'cspExtns', - 'oid': (2, 16, 840, 1, 101, 2, 1, 7, 1)}, - (2, 16, 840, 1, 101, 2, 1, 7, 1, 0): {'comment': 'SDN.700 INFOSEC extensions', - 'description': 'cspCsExtn (2 16 840 1 101 2 1 7 1 0)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 07 01 00', - 'name': 'cspCsExtn', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 7, - 1, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 8, 1): {'comment': 'SDN.700 INFOSEC security category', - 'description': 'mISSISecurityCategories (2 16 840 1 101 2 1 8 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 08 01', - 'name': 'mISSISecurityCategories', - 'oid': (2, 16, 840, 1, 101, 2, 1, 8, 1)}, - (2, 16, 840, 1, 101, 2, 1, 8, 2): {'comment': 'SDN.700 INFOSEC security category', - 'description': 'standardSecurityLabelPrivileges (2 16 840 1 101 2 1 8 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 08 02', - 'name': 'standardSecurityLabelPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 8, 2)}, - (2, 16, 840, 1, 101, 2, 1, 10, 1): {'comment': 'SDN.700 INFOSEC privileges', - 'description': 'sigPrivileges (2 16 840 1 101 2 1 10 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0A 01', - 'name': 'sigPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 10, 1)}, - (2, 16, 840, 1, 101, 2, 1, 10, 2): {'comment': 'SDN.700 INFOSEC privileges', - 'description': 'kmPrivileges (2 16 840 1 101 2 1 10 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0A 02', - 'name': 'kmPrivileges', - 'oid': (2, 16, 840, 1, 101, 2, 1, 10, 2)}, - (2, 16, 840, 1, 101, 2, 1, 10, 3): {'comment': 'SDN.700 INFOSEC privileges', - 'description': 'namedTagSetPrivilege (2 16 840 1 101 2 1 10 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0A 03', - 'name': 'namedTagSetPrivilege', - 'oid': (2, 16, 840, 1, 101, 2, 1, 10, 3)}, - (2, 16, 840, 1, 101, 2, 1, 11, 1): {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'ukDemo (2 16 840 1 101 2 1 11 1)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 01', - 'name': 'ukDemo', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 1)}, - (2, 16, 840, 1, 101, 2, 1, 11, 2): {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass2 (2 16 840 1 101 2 1 11 2)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 02', - 'name': 'usDODClass2', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 2)}, - (2, 16, 840, 1, 101, 2, 1, 11, 3): {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usMediumPilot (2 16 840 1 101 2 1 11 3)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 03', - 'name': 'usMediumPilot', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 3)}, - (2, 16, 840, 1, 101, 2, 1, 11, 4): {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass4 (2 16 840 1 101 2 1 11 4)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 04', - 'name': 'usDODClass4', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 4)}, - (2, 16, 840, 1, 101, 2, 1, 11, 5): {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass3 (2 16 840 1 101 2 1 11 5)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 05', - 'name': 'usDODClass3', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 5)}, - (2, 16, 840, 1, 101, 2, 1, 11, 6): {'comment': 'SDN.700 INFOSEC certificate policy', - 'description': 'usDODClass5 (2 16 840 1 101 2 1 11 6)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0B 06', - 'name': 'usDODClass5', - 'oid': (2, 16, 840, 1, 101, 2, 1, 11, 6)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'testSecurityPolicy (2 16 840 1 101 2 1 12 0)', - 'hexoid': '06 09 60 86 48 01 65 02 01 0C 00', - 'name': 'testSecurityPolicy', - 'oid': (2, 16, 840, 1, 101, 2, 1, 12, 0)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 1): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1 (2 16 840 1 101 2 1 12 0 1)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 00 01', - 'name': 'tsp1', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 1)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1SecurityCategories (2 16 840 1 101 2 1 12 0 1 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 0C 00 01 00', - 'name': 'tsp1SecurityCategories', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 1, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0, 0): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1TagSetZero (2 16 840 1 101 2 1 12 0 1 0 0)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 01 00 00', - 'name': 'tsp1TagSetZero', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 1, - 0, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0, 1): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1TagSetOne (2 16 840 1 101 2 1 12 0 1 0 1)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 01 00 01', - 'name': 'tsp1TagSetOne', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 1, - 0, - 1)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 1, 0, 2): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp1TagSetTwo (2 16 840 1 101 2 1 12 0 1 0 2)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 01 00 02', - 'name': 'tsp1TagSetTwo', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 1, - 0, - 2)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 2): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2 (2 16 840 1 101 2 1 12 0 2)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 00 02', - 'name': 'tsp2', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 2)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2SecurityCategories (2 16 840 1 101 2 1 12 0 2 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 0C 00 02 00', - 'name': 'tsp2SecurityCategories', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 2, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0, 0): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2TagSetZero (2 16 840 1 101 2 1 12 0 2 0 0)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 02 00 00', - 'name': 'tsp2TagSetZero', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 2, - 0, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0, 1): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2TagSetOne (2 16 840 1 101 2 1 12 0 2 0 1)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 02 00 01', - 'name': 'tsp2TagSetOne', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 2, - 0, - 1)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 2, 0, 2): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tsp2TagSetTwo (2 16 840 1 101 2 1 12 0 2 0 2)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 02 00 02', - 'name': 'tsp2TagSetTwo', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 2, - 0, - 2)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 3): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafka (2 16 840 1 101 2 1 12 0 3)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 00 03', - 'name': 'kafka', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 3)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaSecurityCategories (2 16 840 1 101 2 1 12 0 3 0)', - 'hexoid': '06 0B 60 86 48 01 65 02 01 0C 00 03 00', - 'name': 'kafkaSecurityCategories', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 3, - 0)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0, 1): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaTagSetName1 (2 16 840 1 101 2 1 12 0 3 0 1)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 03 00 01', - 'name': 'kafkaTagSetName1', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 3, - 0, - 1)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0, 2): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaTagSetName2 (2 16 840 1 101 2 1 12 0 3 0 2)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 03 00 02', - 'name': 'kafkaTagSetName2', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 3, - 0, - 2)}, - (2, 16, 840, 1, 101, 2, 1, 12, 0, 3, 0, 3): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'kafkaTagSetName3 (2 16 840 1 101 2 1 12 0 3 0 3)', - 'hexoid': '06 0C 60 86 48 01 65 02 01 0C 00 03 00 03', - 'name': 'kafkaTagSetName3', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 0, - 3, - 0, - 3)}, - (2, 16, 840, 1, 101, 2, 1, 12, 1, 1): {'comment': 'SDN.700 INFOSEC test objects', - 'description': 'tcp1 (2 16 840 1 101 2 1 12 1 1)', - 'hexoid': '06 0A 60 86 48 01 65 02 01 0C 01 01', - 'name': 'tcp1', - 'oid': (2, - 16, - 840, - 1, - 101, - 2, - 1, - 12, - 1, - 1)}, - (2, 16, 840, 1, 101, 3, 2, 1, 3, 1): {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-Rudimentary policyIdentifier (2 16 840 1 101 3 2 1 3 1)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 01', - 'name': 'FBCA-Rudimentary', - 'oid': (2, - 16, - 840, - 1, - 101, - 3, - 2, - 1, - 3, - 1)}, - (2, 16, 840, 1, 101, 3, 2, 1, 3, 2): {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-Basic policyIdentifier (2 16 840 1 101 3 2 1 3 2)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 02', - 'name': 'FBCA-Basic', - 'oid': (2, - 16, - 840, - 1, - 101, - 3, - 2, - 1, - 3, - 2)}, - (2, 16, 840, 1, 101, 3, 2, 1, 3, 3): {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-Medium policyIdentifier (2 16 840 1 101 3 2 1 3 3)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 03', - 'name': 'FBCA-Medium', - 'oid': (2, - 16, - 840, - 1, - 101, - 3, - 2, - 1, - 3, - 3)}, - (2, 16, 840, 1, 101, 3, 2, 1, 3, 4): {'comment': 'Federal Bridge CA Policy', - 'description': 'FBCA-High policyIdentifier (2 16 840 1 101 3 2 1 3 4)', - 'hexoid': '06 0A 60 86 48 01 65 03 02 01 03 04', - 'name': 'FBCA-High', - 'oid': (2, - 16, - 840, - 1, - 101, - 3, - 2, - 1, - 3, - 4)}, - (2, 16, 840, 1, 101, 3, 4): {'comment': 'NIST Algorithm', - 'description': 'nistAlgorithm (2 16 840 1 101 3 4)', - 'hexoid': '06 07 60 86 48 01 65 03 04', - 'name': 'nistAlgorithm', - 'oid': (2, 16, 840, 1, 101, 3, 4)}, - (2, 16, 840, 1, 101, 3, 4, 1): {'comment': 'NIST Algorithm', - 'description': 'aes (2 16 840 1 101 3 4 1)', - 'hexoid': '06 08 60 86 48 01 65 03 04 01', - 'name': 'aes', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1)}, - (2, 16, 840, 1, 101, 3, 4, 1, 1): {'comment': 'NIST Algorithm', - 'description': 'aes128-ECB (2 16 840 1 101 3 4 1 1)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 01', - 'name': 'aes128-ECB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 1)}, - (2, 16, 840, 1, 101, 3, 4, 1, 2): {'comment': 'NIST Algorithm', - 'description': 'aes128-CBC (2 16 840 1 101 3 4 1 2)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 02', - 'name': 'aes128-CBC', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 2)}, - (2, 16, 840, 1, 101, 3, 4, 1, 3): {'comment': 'NIST Algorithm', - 'description': 'aes128-OFB (2 16 840 1 101 3 4 1 3)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 03', - 'name': 'aes128-OFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 3)}, - (2, 16, 840, 1, 101, 3, 4, 1, 4): {'comment': 'NIST Algorithm', - 'description': 'aes128-CFB (2 16 840 1 101 3 4 1 4)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 04', - 'name': 'aes128-CFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 4)}, - (2, 16, 840, 1, 101, 3, 4, 1, 21): {'comment': 'NIST Algorithm', - 'description': 'aes192-ECB (2 16 840 1 101 3 4 1 21)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 15', - 'name': 'aes192-ECB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 21)}, - (2, 16, 840, 1, 101, 3, 4, 1, 22): {'comment': 'NIST Algorithm', - 'description': 'aes192-CBC (2 16 840 1 101 3 4 1 22)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 16', - 'name': 'aes192-CBC', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 22)}, - (2, 16, 840, 1, 101, 3, 4, 1, 23): {'comment': 'NIST Algorithm', - 'description': 'aes192-OFB (2 16 840 1 101 3 4 1 23)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 17', - 'name': 'aes192-OFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 23)}, - (2, 16, 840, 1, 101, 3, 4, 1, 24): {'comment': 'NIST Algorithm', - 'description': 'aes192-CFB (2 16 840 1 101 3 4 1 24)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 18', - 'name': 'aes192-CFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 24)}, - (2, 16, 840, 1, 101, 3, 4, 1, 41): {'comment': 'NIST Algorithm', - 'description': 'aes256-ECB (2 16 840 1 101 3 4 1 41)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 29', - 'name': 'aes256-ECB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 41)}, - (2, 16, 840, 1, 101, 3, 4, 1, 42): {'comment': 'NIST Algorithm', - 'description': 'aes256-CBC (2 16 840 1 101 3 4 1 42)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 2A', - 'name': 'aes256-CBC', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 42)}, - (2, 16, 840, 1, 101, 3, 4, 1, 43): {'comment': 'NIST Algorithm', - 'description': 'aes256-OFB (2 16 840 1 101 3 4 1 43)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 2B', - 'name': 'aes256-OFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 43)}, - (2, 16, 840, 1, 101, 3, 4, 1, 44): {'comment': 'NIST Algorithm', - 'description': 'aes256-CFB (2 16 840 1 101 3 4 1 44)', - 'hexoid': '06 09 60 86 48 01 65 03 04 01 2C', - 'name': 'aes256-CFB', - 'oid': (2, 16, 840, 1, 101, 3, 4, 1, 44)}, - (2, 16, 840, 1, 101, 3, 4, 2): {'comment': 'NIST Algorithm', - 'description': 'hashAlgos (2 16 840 1 101 3 4 2)', - 'hexoid': '06 08 60 86 48 01 65 03 04 02', - 'name': 'hashAlgos', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2)}, - (2, 16, 840, 1, 101, 3, 4, 2, 1): {'comment': 'NIST Algorithm', - 'description': 'sha-256 (2 16 840 1 101 3 4 2 1)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 01', - 'name': 'sha-256', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 1)}, - (2, 16, 840, 1, 101, 3, 4, 2, 2): {'comment': 'NIST Algorithm', - 'description': 'sha-384 (2 16 840 1 101 3 4 2 2)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 02', - 'name': 'sha-384', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 2)}, - (2, 16, 840, 1, 101, 3, 4, 2, 3): {'comment': 'NIST Algorithm', - 'description': 'sha-512 (2 16 840 1 101 3 4 2 3)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 03', - 'name': 'sha-512', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 3)}, - (2, 16, 840, 1, 101, 3, 4, 2, 4): {'comment': 'NIST Algorithm', - 'description': 'sha-224 (2 16 840 1 101 3 4 2 4)', - 'hexoid': '06 09 60 86 48 01 65 03 04 02 04', - 'name': 'sha-224', - 'oid': (2, 16, 840, 1, 101, 3, 4, 2, 4)}, - (2, 16, 840, 1, 101, 3, 4, 3, 1): {'comment': 'NIST Algorithm', - 'description': 'dsaWithSha224 (2 16 840 1 101 3 4 3 1)', - 'hexoid': '06 09 60 86 48 01 65 03 04 03 01', - 'name': 'dsaWithSha224', - 'oid': (2, 16, 840, 1, 101, 3, 4, 3, 1)}, - (2, 16, 840, 1, 101, 3, 4, 3, 2): {'comment': 'NIST Algorithm', - 'description': 'dsaWithSha256 (2 16 840 1 101 3 4 3 2)', - 'hexoid': '06 09 60 86 48 01 65 03 04 03 02', - 'name': 'dsaWithSha256', - 'oid': (2, 16, 840, 1, 101, 3, 4, 3, 2)}, - (2, 16, 840, 1, 113719, 1, 2, 8): {'comment': 'Novell', - 'description': 'novellAlgorithm (2 16 840 1 113719 1 2 8)', - 'hexoid': '06 0A 60 86 48 01 86 F8 37 01 02 08', - 'name': 'novellAlgorithm', - 'oid': (2, 16, 840, 1, 113719, 1, 2, 8)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 22): {'comment': 'Novell encryption algorithm', - 'description': 'desCbcIV8 (2 16 840 1 113719 1 2 8 22)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 16', - 'name': 'desCbcIV8', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 22)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 23): {'comment': 'Novell encryption algorithm', - 'description': 'desCbcPadIV8 (2 16 840 1 113719 1 2 8 23)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 17', - 'name': 'desCbcPadIV8', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 23)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 24): {'comment': 'Novell encryption algorithm', - 'description': 'desEDE2CbcIV8 (2 16 840 1 113719 1 2 8 24)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 18', - 'name': 'desEDE2CbcIV8', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 24)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 25): {'comment': 'Novell encryption algorithm', - 'description': 'desEDE2CbcPadIV8 (2 16 840 1 113719 1 2 8 25)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 19', - 'name': 'desEDE2CbcPadIV8', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 25)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 26): {'comment': 'Novell encryption algorithm', - 'description': 'desEDE3CbcIV8 (2 16 840 1 113719 1 2 8 26)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1A', - 'name': 'desEDE3CbcIV8', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 26)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 27): {'comment': 'Novell encryption algorithm', - 'description': 'desEDE3CbcPadIV8 (2 16 840 1 113719 1 2 8 27)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1B', - 'name': 'desEDE3CbcPadIV8', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 27)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 28): {'comment': 'Novell encryption algorithm', - 'description': 'rc5CbcPad (2 16 840 1 113719 1 2 8 28)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1C', - 'name': 'rc5CbcPad', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 28)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 29): {'comment': 'Novell signature algorithm', - 'description': 'md2WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 29)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1D', - 'name': 'md2WithRSAEncryptionBSafe1', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 29)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 30): {'comment': 'Novell signature algorithm', - 'description': 'md5WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 30)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1E', - 'name': 'md5WithRSAEncryptionBSafe1', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 30)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 31): {'comment': 'Novell signature algorithm', - 'description': 'sha1WithRSAEncryptionBSafe1 (2 16 840 1 113719 1 2 8 31)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 1F', - 'name': 'sha1WithRSAEncryptionBSafe1', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 31)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 32): {'comment': 'Novell digest algorithm', - 'description': 'LMDigest (2 16 840 1 113719 1 2 8 32)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 20', - 'name': 'LMDigest', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 32)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 40): {'comment': 'Novell digest algorithm', - 'description': 'MD2 (2 16 840 1 113719 1 2 8 40)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 28', - 'name': 'MD2', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 40)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 50): {'comment': 'Novell digest algorithm', - 'description': 'MD5 (2 16 840 1 113719 1 2 8 50)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 32', - 'name': 'MD5', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 50)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 51): {'comment': 'Novell signature algorithm', - 'description': 'IKEhmacWithSHA1-RSA (2 16 840 1 113719 1 2 8 51)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 33', - 'name': 'IKEhmacWithSHA1-RSA', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 51)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 52): {'comment': 'Novell signature algorithm', - 'description': 'IKEhmacWithMD5-RSA (2 16 840 1 113719 1 2 8 52)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 34', - 'name': 'IKEhmacWithMD5-RSA', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 52)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 69): {'comment': 'Novell encryption algorithm', - 'description': 'rc2CbcPad (2 16 840 1 113719 1 2 8 69)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 45', - 'name': 'rc2CbcPad', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 69)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 82): {'comment': 'Novell digest algorithm', - 'description': 'SHA-1 (2 16 840 1 113719 1 2 8 82)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 52', - 'name': 'SHA-1', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 82)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 92): {'comment': 'Novell encryption algorithm', - 'description': 'rc2BSafe1Cbc (2 16 840 1 113719 1 2 8 92)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 5C', - 'name': 'rc2BSafe1Cbc', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 92)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 95): {'comment': 'Novell digest algorithm', - 'description': 'MD4 (2 16 840 1 113719 1 2 8 95)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 02 08 5F', - 'name': 'MD4', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 95)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 130): {'comment': 'Novell keyed hash', - 'description': 'MD4Packet (2 16 840 1 113719 1 2 8 130)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 02', - 'name': 'MD4Packet', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 130)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 131): {'comment': 'Novell encryption algorithm', - 'description': 'rsaEncryptionBsafe1 (2 16 840 1 113719 1 2 8 131)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 03', - 'name': 'rsaEncryptionBsafe1', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 131)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 132): {'comment': 'Novell encryption algorithm', - 'description': 'NWPassword (2 16 840 1 113719 1 2 8 132)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 04', - 'name': 'NWPassword', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 132)}, - (2, 16, 840, 1, 113719, 1, 2, 8, 133): {'comment': 'Novell encryption algorithm', - 'description': 'novellObfuscate-1 (2 16 840 1 113719 1 2 8 133)', - 'hexoid': '06 0C 60 86 48 01 86 F8 37 01 02 08 81 05', - 'name': 'novellObfuscate-1', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 2, - 8, - 133)}, - (2, 16, 840, 1, 113719, 1, 9): {'comment': 'Novell', - 'description': 'pki (2 16 840 1 113719 1 9)', - 'hexoid': '06 09 60 86 48 01 86 F8 37 01 09', - 'name': 'pki', - 'oid': (2, 16, 840, 1, 113719, 1, 9)}, - (2, 16, 840, 1, 113719, 1, 9, 4): {'comment': 'Novell PKI', - 'description': 'pkiAttributeType (2 16 840 1 113719 1 9 4)', - 'hexoid': '06 0A 60 86 48 01 86 F8 37 01 09 04', - 'name': 'pkiAttributeType', - 'oid': (2, 16, 840, 1, 113719, 1, 9, 4)}, - (2, 16, 840, 1, 113719, 1, 9, 4, 1): {'comment': 'Novell PKI attribute type', - 'description': 'securityAttributes (2 16 840 1 113719 1 9 4 1)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 09 04 01', - 'name': 'securityAttributes', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 9, - 4, - 1)}, - (2, 16, 840, 1, 113719, 1, 9, 4, 2): {'comment': 'Novell PKI attribute type', - 'description': 'relianceLimit (2 16 840 1 113719 1 9 4 2)', - 'hexoid': '06 0B 60 86 48 01 86 F8 37 01 09 04 02', - 'name': 'relianceLimit', - 'oid': (2, - 16, - 840, - 1, - 113719, - 1, - 9, - 4, - 2)}, - (2, 16, 840, 1, 113730, 1): {'comment': 'Netscape', - 'description': 'cert-extension (2 16 840 1 113730 1)', - 'hexoid': '06 08 60 86 48 01 86 F8 42 01', - 'name': 'cert-extension', - 'oid': (2, 16, 840, 1, 113730, 1)}, - (2, 16, 840, 1, 113730, 1, 1): {'comment': 'Netscape certificate extension', - 'description': 'netscape-cert-type (2 16 840 1 113730 1 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 01', - 'name': 'netscape-cert-type', - 'oid': (2, 16, 840, 1, 113730, 1, 1)}, - (2, 16, 840, 1, 113730, 1, 2): {'comment': 'Netscape certificate extension', - 'description': 'netscape-base-url (2 16 840 1 113730 1 2)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 02', - 'name': 'netscape-base-url', - 'oid': (2, 16, 840, 1, 113730, 1, 2)}, - (2, 16, 840, 1, 113730, 1, 3): {'comment': 'Netscape certificate extension', - 'description': 'netscape-revocation-url (2 16 840 1 113730 1 3)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 03', - 'name': 'netscape-revocation-url', - 'oid': (2, 16, 840, 1, 113730, 1, 3)}, - (2, 16, 840, 1, 113730, 1, 4): {'comment': 'Netscape certificate extension', - 'description': 'netscape-ca-revocation-url (2 16 840 1 113730 1 4)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 04', - 'name': 'netscape-ca-revocation-url', - 'oid': (2, 16, 840, 1, 113730, 1, 4)}, - (2, 16, 840, 1, 113730, 1, 7): {'comment': 'Netscape certificate extension', - 'description': 'netscape-cert-renewal-url (2 16 840 1 113730 1 7)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 07', - 'name': 'netscape-cert-renewal-url', - 'oid': (2, 16, 840, 1, 113730, 1, 7)}, - (2, 16, 840, 1, 113730, 1, 8): {'comment': 'Netscape certificate extension', - 'description': 'netscape-ca-policy-url (2 16 840 1 113730 1 8)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 08', - 'name': 'netscape-ca-policy-url', - 'oid': (2, 16, 840, 1, 113730, 1, 8)}, - (2, 16, 840, 1, 113730, 1, 9): {'comment': 'Netscape certificate extension', - 'description': 'HomePage-url (2 16 840 1 113730 1 9)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 09', - 'name': 'HomePage-url', - 'oid': (2, 16, 840, 1, 113730, 1, 9)}, - (2, 16, 840, 1, 113730, 1, 10): {'comment': 'Netscape certificate extension', - 'description': 'EntityLogo (2 16 840 1 113730 1 10)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0A', - 'name': 'EntityLogo', - 'oid': (2, 16, 840, 1, 113730, 1, 10)}, - (2, 16, 840, 1, 113730, 1, 11): {'comment': 'Netscape certificate extension', - 'description': 'UserPicture (2 16 840 1 113730 1 11)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0B', - 'name': 'UserPicture', - 'oid': (2, 16, 840, 1, 113730, 1, 11)}, - (2, 16, 840, 1, 113730, 1, 12): {'comment': 'Netscape certificate extension', - 'description': 'netscape-ssl-server-name (2 16 840 1 113730 1 12)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0C', - 'name': 'netscape-ssl-server-name', - 'oid': (2, 16, 840, 1, 113730, 1, 12)}, - (2, 16, 840, 1, 113730, 1, 13): {'comment': 'Netscape certificate extension', - 'description': 'netscape-comment (2 16 840 1 113730 1 13)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 01 0D', - 'name': 'netscape-comment', - 'oid': (2, 16, 840, 1, 113730, 1, 13)}, - (2, 16, 840, 1, 113730, 2): {'comment': 'Netscape', - 'description': 'data-type (2 16 840 1 113730 2)', - 'hexoid': '06 08 60 86 48 01 86 F8 42 02', - 'name': 'data-type', - 'oid': (2, 16, 840, 1, 113730, 2)}, - (2, 16, 840, 1, 113730, 2, 1): {'comment': 'Netscape data type', - 'description': 'dataGIF (2 16 840 1 113730 2 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 01', - 'name': 'dataGIF', - 'oid': (2, 16, 840, 1, 113730, 2, 1)}, - (2, 16, 840, 1, 113730, 2, 2): {'comment': 'Netscape data type', - 'description': 'dataJPEG (2 16 840 1 113730 2 2)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 02', - 'name': 'dataJPEG', - 'oid': (2, 16, 840, 1, 113730, 2, 2)}, - (2, 16, 840, 1, 113730, 2, 3): {'comment': 'Netscape data type', - 'description': 'dataURL (2 16 840 1 113730 2 3)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 03', - 'name': 'dataURL', - 'oid': (2, 16, 840, 1, 113730, 2, 3)}, - (2, 16, 840, 1, 113730, 2, 4): {'comment': 'Netscape data type', - 'description': 'dataHTML (2 16 840 1 113730 2 4)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 04', - 'name': 'dataHTML', - 'oid': (2, 16, 840, 1, 113730, 2, 4)}, - (2, 16, 840, 1, 113730, 2, 5): {'comment': 'Netscape data type', - 'description': 'certSequence (2 16 840 1 113730 2 5)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 05', - 'name': 'certSequence', - 'oid': (2, 16, 840, 1, 113730, 2, 5)}, - (2, 16, 840, 1, 113730, 2, 6): {'comment': 'Netscape certificate extension', - 'description': 'certURL (2 16 840 1 113730 2 6)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 02 06', - 'name': 'certURL', - 'oid': (2, 16, 840, 1, 113730, 2, 6)}, - (2, 16, 840, 1, 113730, 3): {'comment': 'Netscape', - 'description': 'directory (2 16 840 1 113730 3)', - 'hexoid': '06 08 60 86 48 01 86 F8 42 03', - 'name': 'directory', - 'oid': (2, 16, 840, 1, 113730, 3)}, - (2, 16, 840, 1, 113730, 3, 1): {'comment': 'Netscape directory', - 'description': 'ldapDefinitions (2 16 840 1 113730 3 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 03 01', - 'name': 'ldapDefinitions', - 'oid': (2, 16, 840, 1, 113730, 3, 1)}, - (2, 16, 840, 1, 113730, 3, 1, 1): {'comment': 'Netscape LDAP definitions', - 'description': 'carLicense (2 16 840 1 113730 3 1 1)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 01', - 'name': 'carLicense', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 1)}, - (2, 16, 840, 1, 113730, 3, 1, 2): {'comment': 'Netscape LDAP definitions', - 'description': 'departmentNumber (2 16 840 1 113730 3 1 2)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 02', - 'name': 'departmentNumber', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 2)}, - (2, 16, 840, 1, 113730, 3, 1, 3): {'comment': 'Netscape LDAP definitions', - 'description': 'employeeNumber (2 16 840 1 113730 3 1 3)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 03', - 'name': 'employeeNumber', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 3)}, - (2, 16, 840, 1, 113730, 3, 1, 4): {'comment': 'Netscape LDAP definitions', - 'description': 'employeeType (2 16 840 1 113730 3 1 4)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 01 04', - 'name': 'employeeType', - 'oid': (2, 16, 840, 1, 113730, 3, 1, 4)}, - (2, 16, 840, 1, 113730, 3, 2, 2): {'comment': 'Netscape LDAP definitions', - 'description': 'inetOrgPerson (2 16 840 1 113730 3 2 2)', - 'hexoid': '06 0A 60 86 48 01 86 F8 42 03 02 02', - 'name': 'inetOrgPerson', - 'oid': (2, 16, 840, 1, 113730, 3, 2, 2)}, - (2, 16, 840, 1, 113730, 4, 1): {'comment': 'Netscape', - 'description': 'serverGatedCrypto (2 16 840 1 113730 4 1)', - 'hexoid': '06 09 60 86 48 01 86 F8 42 04 01', - 'name': 'serverGatedCrypto', - 'oid': (2, 16, 840, 1, 113730, 4, 1)}, - (2, 16, 840, 1, 113733, 1): {'comment': 'Verisign extension', - 'description': 'pki (2 16 840 1 113733 1)', - 'hexoid': '06 08 60 86 48 01 86 F8 45 01', - 'name': 'pki', - 'oid': (2, 16, 840, 1, 113733, 1)}, - (2, 16, 840, 1, 113733, 1, 6, 3): {'comment': 'Verisign extension', - 'description': 'verisignCZAG (2 16 840 1 113733 1 6 3)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 03', - 'name': 'verisignCZAG', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 3)}, - (2, 16, 840, 1, 113733, 1, 6, 6): {'comment': 'Verisign extension', - 'description': 'verisignInBox (2 16 840 1 113733 1 6 6)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 06', - 'name': 'verisignInBox', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 6)}, - (2, 16, 840, 1, 113733, 1, 6, 11): {'comment': 'Verisign extension', - 'description': 'Unknown Verisign VPN extension (2 16 840 1 113733 1 6 11)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 0B', - 'name': 'Unknown', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 11)}, - (2, 16, 840, 1, 113733, 1, 6, 13): {'comment': 'Verisign extension', - 'description': 'Unknown Verisign VPN extension (2 16 840 1 113733 1 6 13)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 0D', - 'name': 'Unknown', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 13)}, - (2, 16, 840, 1, 113733, 1, 6, 15): {'comment': 'Verisign extension', - 'description': 'Verisign serverID (2 16 840 1 113733 1 6 15)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 06 0F', - 'name': 'Verisign', - 'oid': (2, 16, 840, 1, 113733, 1, 6, 15)}, - (2, 16, 840, 1, 113733, 1, 7, 1, 1): {'comment': 'Verisign policy', - 'description': 'Verisign policyIdentifier (2 16 840 1 113733 1 7 1 1)', - 'hexoid': '06 0B 60 86 48 01 86 F8 45 01 07 01 01', - 'name': 'Verisign', - 'oid': (2, - 16, - 840, - 1, - 113733, - 1, - 7, - 1, - 1)}, - (2, 16, 840, 1, 113733, 1, 7, 1, 1, 1): {'comment': 'Verisign policy (obsolete)', - 'description': 'verisignCPSv1notice (2 16 840 1 113733 1 7 1 1 1)', - 'hexoid': '06 0C 60 86 48 01 86 F8 45 01 07 01 01 01', - 'name': 'verisignCPSv1notice', - 'oid': (2, - 16, - 840, - 1, - 113733, - 1, - 7, - 1, - 1, - 1)}, - (2, 16, 840, 1, 113733, 1, 7, 1, 1, 2): {'comment': 'Verisign policy (obsolete)', - 'description': 'verisignCPSv1nsi (2 16 840 1 113733 1 7 1 1 2)', - 'hexoid': '06 0C 60 86 48 01 86 F8 45 01 07 01 01 02', - 'name': 'verisignCPSv1nsi', - 'oid': (2, - 16, - 840, - 1, - 113733, - 1, - 7, - 1, - 1, - 2)}, - (2, 16, 840, 1, 113733, 1, 8, 1): {'comment': 'Verisign', - 'description': 'Verisign SGC CA? (2 16 840 1 113733 1 8 1)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 08 01', - 'name': 'Verisign', - 'oid': (2, 16, 840, 1, 113733, 1, 8, 1)}, - (2, 16, 840, 1, 113733, 1, 9): {'comment': 'Verisign PKI extension', - 'description': 'pkcs7Attribute (2 16 840 1 113733 1 9)', - 'hexoid': '06 09 60 86 48 01 86 F8 45 01 09', - 'name': 'pkcs7Attribute', - 'oid': (2, 16, 840, 1, 113733, 1, 9)}, - (2, 16, 840, 1, 113733, 1, 9, 2): {'comment': 'Verisign PKCS #7 attribute', - 'description': 'messageType (2 16 840 1 113733 1 9 2)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 02', - 'name': 'messageType', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 2)}, - (2, 16, 840, 1, 113733, 1, 9, 3): {'comment': 'Verisign PKCS #7 attribute', - 'description': 'pkiStatus (2 16 840 1 113733 1 9 3)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 03', - 'name': 'pkiStatus', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 3)}, - (2, 16, 840, 1, 113733, 1, 9, 4): {'comment': 'Verisign PKCS #7 attribute', - 'description': 'failInfo (2 16 840 1 113733 1 9 4)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 04', - 'name': 'failInfo', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 4)}, - (2, 16, 840, 1, 113733, 1, 9, 5): {'comment': 'Verisign PKCS #7 attribute', - 'description': 'senderNonce (2 16 840 1 113733 1 9 5)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 05', - 'name': 'senderNonce', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 5)}, - (2, 16, 840, 1, 113733, 1, 9, 6): {'comment': 'Verisign PKCS #7 attribute', - 'description': 'recipientNonce (2 16 840 1 113733 1 9 6)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 06', - 'name': 'recipientNonce', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 6)}, - (2, 16, 840, 1, 113733, 1, 9, 7): {'comment': 'Verisign PKCS #7 attribute', - 'description': 'transID (2 16 840 1 113733 1 9 7)', - 'hexoid': '06 0A 60 86 48 01 86 F8 45 01 09 07', - 'name': 'transID', - 'oid': (2, 16, 840, 1, 113733, 1, 9, 7)}, - (2, 23, 42, 0): {'comment': 'SET', - 'description': 'contentType (2 23 42 0)', - 'hexoid': '06 03 67 2A 00', - 'name': 'contentType', - 'oid': (2, 23, 42, 0)}, - (2, 23, 42, 0, 0): {'comment': 'SET contentType', - 'description': 'PANData (2 23 42 0 0)', - 'hexoid': '06 04 67 2A 00 00', - 'name': 'PANData', - 'oid': (2, 23, 42, 0, 0)}, - (2, 23, 42, 0, 1): {'comment': 'SET contentType', - 'description': 'PANToken (2 23 42 0 1)', - 'hexoid': '06 04 67 2A 00 01', - 'name': 'PANToken', - 'oid': (2, 23, 42, 0, 1)}, - (2, 23, 42, 0, 2): {'comment': 'SET contentType', - 'description': 'PANOnly (2 23 42 0 2)', - 'hexoid': '06 04 67 2A 00 02', - 'name': 'PANOnly', - 'oid': (2, 23, 42, 0, 2)}, - (2, 23, 42, 1): {'comment': 'SET', - 'description': 'msgExt (2 23 42 1)', - 'hexoid': '06 03 67 2A 01', - 'name': 'msgExt', - 'oid': (2, 23, 42, 1)}, - (2, 23, 42, 2): {'comment': 'SET', - 'description': 'field (2 23 42 2)', - 'hexoid': '06 03 67 2A 02', - 'name': 'field', - 'oid': (2, 23, 42, 2)}, - (2, 23, 42, 2, 0): {'comment': 'SET field', - 'description': 'fullName (2 23 42 2 0)', - 'hexoid': '06 04 67 2A 02 00', - 'name': 'fullName', - 'oid': (2, 23, 42, 2, 0)}, - (2, 23, 42, 2, 1): {'comment': 'SET field', - 'description': 'givenName (2 23 42 2 1)', - 'hexoid': '06 04 67 2A 02 01', - 'name': 'givenName', - 'oid': (2, 23, 42, 2, 1)}, - (2, 23, 42, 2, 2): {'comment': 'SET field', - 'description': 'familyName (2 23 42 2 2)', - 'hexoid': '06 04 67 2A 02 02', - 'name': 'familyName', - 'oid': (2, 23, 42, 2, 2)}, - (2, 23, 42, 2, 3): {'comment': 'SET field', - 'description': 'birthFamilyName (2 23 42 2 3)', - 'hexoid': '06 04 67 2A 02 03', - 'name': 'birthFamilyName', - 'oid': (2, 23, 42, 2, 3)}, - (2, 23, 42, 2, 4): {'comment': 'SET field', - 'description': 'placeName (2 23 42 2 4)', - 'hexoid': '06 04 67 2A 02 04', - 'name': 'placeName', - 'oid': (2, 23, 42, 2, 4)}, - (2, 23, 42, 2, 5): {'comment': 'SET field', - 'description': 'identificationNumber (2 23 42 2 5)', - 'hexoid': '06 04 67 2A 02 05', - 'name': 'identificationNumber', - 'oid': (2, 23, 42, 2, 5)}, - (2, 23, 42, 2, 6): {'comment': 'SET field', - 'description': 'month (2 23 42 2 6)', - 'hexoid': '06 04 67 2A 02 06', - 'name': 'month', - 'oid': (2, 23, 42, 2, 6)}, - (2, 23, 42, 2, 7): {'comment': 'SET field', - 'description': 'date (2 23 42 2 7)', - 'hexoid': '06 04 67 2A 02 07', - 'name': 'date', - 'oid': (2, 23, 42, 2, 7)}, - (2, 23, 42, 2, 8): {'comment': 'SET field', - 'description': 'address (2 23 42 2 8)', - 'hexoid': '06 04 67 2A 02 08', - 'name': 'address', - 'oid': (2, 23, 42, 2, 8)}, - (2, 23, 42, 2, 9): {'comment': 'SET field', - 'description': 'telephone (2 23 42 2 9)', - 'hexoid': '06 04 67 2A 02 09', - 'name': 'telephone', - 'oid': (2, 23, 42, 2, 9)}, - (2, 23, 42, 2, 10): {'comment': 'SET field', - 'description': 'amount (2 23 42 2 10)', - 'hexoid': '06 04 67 2A 02 0A', - 'name': 'amount', - 'oid': (2, 23, 42, 2, 10)}, - (2, 23, 42, 2, 11): {'comment': 'SET field', - 'description': 'accountNumber (2 23 42 2 11)', - 'hexoid': '06 04 67 2A 02 0B', - 'name': 'accountNumber', - 'oid': (2, 23, 42, 2, 11)}, - (2, 23, 42, 2, 12): {'comment': 'SET field', - 'description': 'passPhrase (2 23 42 2 12)', - 'hexoid': '06 04 67 2A 02 0C', - 'name': 'passPhrase', - 'oid': (2, 23, 42, 2, 12)}, - (2, 23, 42, 3): {'comment': 'SET', - 'description': 'attribute (2 23 42 3)', - 'hexoid': '06 03 67 2A 03', - 'name': 'attribute', - 'oid': (2, 23, 42, 3)}, - (2, 23, 42, 3, 0): {'comment': 'SET attribute', - 'description': 'cert (2 23 42 3 0)', - 'hexoid': '06 04 67 2A 03 00', - 'name': 'cert', - 'oid': (2, 23, 42, 3, 0)}, - (2, 23, 42, 3, 0, 0): {'comment': 'SET cert attribute', - 'description': 'rootKeyThumb (2 23 42 3 0 0)', - 'hexoid': '06 05 67 2A 03 00 00', - 'name': 'rootKeyThumb', - 'oid': (2, 23, 42, 3, 0, 0)}, - (2, 23, 42, 3, 0, 1): {'comment': 'SET cert attribute', - 'description': 'additionalPolicy (2 23 42 3 0 1)', - 'hexoid': '06 05 67 2A 03 00 01', - 'name': 'additionalPolicy', - 'oid': (2, 23, 42, 3, 0, 1)}, - (2, 23, 42, 4): {'comment': 'SET', - 'description': 'algorithm (2 23 42 4)', - 'hexoid': '06 03 67 2A 04', - 'name': 'algorithm', - 'oid': (2, 23, 42, 4)}, - (2, 23, 42, 5): {'comment': 'SET', - 'description': 'policy (2 23 42 5)', - 'hexoid': '06 03 67 2A 05', - 'name': 'policy', - 'oid': (2, 23, 42, 5)}, - (2, 23, 42, 5, 0): {'comment': 'SET policy', - 'description': 'root (2 23 42 5 0)', - 'hexoid': '06 04 67 2A 05 00', - 'name': 'root', - 'oid': (2, 23, 42, 5, 0)}, - (2, 23, 42, 6): {'comment': 'SET', - 'description': 'module (2 23 42 6)', - 'hexoid': '06 03 67 2A 06', - 'name': 'module', - 'oid': (2, 23, 42, 6)}, - (2, 23, 42, 7): {'comment': 'SET', - 'description': 'certExt (2 23 42 7)', - 'hexoid': '06 03 67 2A 07', - 'name': 'certExt', - 'oid': (2, 23, 42, 7)}, - (2, 23, 42, 7, 0): {'comment': 'SET cert extension', - 'description': 'hashedRootKey (2 23 42 7 0)', - 'hexoid': '06 04 67 2A 07 00', - 'name': 'hashedRootKey', - 'oid': (2, 23, 42, 7, 0)}, - (2, 23, 42, 7, 1): {'comment': 'SET cert extension', - 'description': 'certificateType (2 23 42 7 1)', - 'hexoid': '06 04 67 2A 07 01', - 'name': 'certificateType', - 'oid': (2, 23, 42, 7, 1)}, - (2, 23, 42, 7, 2): {'comment': 'SET cert extension', - 'description': 'merchantData (2 23 42 7 2)', - 'hexoid': '06 04 67 2A 07 02', - 'name': 'merchantData', - 'oid': (2, 23, 42, 7, 2)}, - (2, 23, 42, 7, 3): {'comment': 'SET cert extension', - 'description': 'cardCertRequired (2 23 42 7 3)', - 'hexoid': '06 04 67 2A 07 03', - 'name': 'cardCertRequired', - 'oid': (2, 23, 42, 7, 3)}, - (2, 23, 42, 7, 4): {'comment': 'SET cert extension', - 'description': 'tunneling (2 23 42 7 4)', - 'hexoid': '06 04 67 2A 07 04', - 'name': 'tunneling', - 'oid': (2, 23, 42, 7, 4)}, - (2, 23, 42, 7, 5): {'comment': 'SET cert extension', - 'description': 'setExtensions (2 23 42 7 5)', - 'hexoid': '06 04 67 2A 07 05', - 'name': 'setExtensions', - 'oid': (2, 23, 42, 7, 5)}, - (2, 23, 42, 7, 6): {'comment': 'SET cert extension', - 'description': 'setQualifier (2 23 42 7 6)', - 'hexoid': '06 04 67 2A 07 06', - 'name': 'setQualifier', - 'oid': (2, 23, 42, 7, 6)}, - (2, 23, 42, 8): {'comment': 'SET', - 'description': 'brand (2 23 42 8)', - 'hexoid': '06 03 67 2A 08', - 'name': 'brand', - 'oid': (2, 23, 42, 8)}, - (2, 23, 42, 8, 1): {'comment': 'SET brand', - 'description': 'IATA-ATA (2 23 42 8 1)', - 'hexoid': '06 04 67 2A 08 01', - 'name': 'IATA-ATA', - 'oid': (2, 23, 42, 8, 1)}, - (2, 23, 42, 8, 4): {'comment': 'SET brand', - 'description': 'VISA (2 23 42 8 4)', - 'hexoid': '06 04 67 2A 08 04', - 'name': 'VISA', - 'oid': (2, 23, 42, 8, 4)}, - (2, 23, 42, 8, 5): {'comment': 'SET brand', - 'description': 'MasterCard (2 23 42 8 5)', - 'hexoid': '06 04 67 2A 08 05', - 'name': 'MasterCard', - 'oid': (2, 23, 42, 8, 5)}, - (2, 23, 42, 8, 30): {'comment': 'SET brand', - 'description': 'Diners (2 23 42 8 30)', - 'hexoid': '06 04 67 2A 08 1E', - 'name': 'Diners', - 'oid': (2, 23, 42, 8, 30)}, - (2, 23, 42, 8, 34): {'comment': 'SET brand', - 'description': 'AmericanExpress (2 23 42 8 34)', - 'hexoid': '06 04 67 2A 08 22', - 'name': 'AmericanExpress', - 'oid': (2, 23, 42, 8, 34)}, - (2, 23, 42, 8, 6011): {'comment': 'SET brand', - 'description': 'Novus (2 23 42 8 6011)', - 'hexoid': '06 05 67 2A 08 AE 7B', - 'name': 'Novus', - 'oid': (2, 23, 42, 8, 6011)}, - (2, 23, 42, 9): {'comment': 'SET', - 'description': 'vendor (2 23 42 9)', - 'hexoid': '06 03 67 2A 09', - 'name': 'vendor', - 'oid': (2, 23, 42, 9)}, - (2, 23, 42, 9, 0): {'comment': 'SET vendor', - 'description': 'GlobeSet (2 23 42 9 0)', - 'hexoid': '06 04 67 2A 09 00', - 'name': 'GlobeSet', - 'oid': (2, 23, 42, 9, 0)}, - (2, 23, 42, 9, 1): {'comment': 'SET vendor', - 'description': 'IBM (2 23 42 9 1)', - 'hexoid': '06 04 67 2A 09 01', - 'name': 'IBM', - 'oid': (2, 23, 42, 9, 1)}, - (2, 23, 42, 9, 2): {'comment': 'SET vendor', - 'description': 'CyberCash (2 23 42 9 2)', - 'hexoid': '06 04 67 2A 09 02', - 'name': 'CyberCash', - 'oid': (2, 23, 42, 9, 2)}, - (2, 23, 42, 9, 3): {'comment': 'SET vendor', - 'description': 'Terisa (2 23 42 9 3)', - 'hexoid': '06 04 67 2A 09 03', - 'name': 'Terisa', - 'oid': (2, 23, 42, 9, 3)}, - (2, 23, 42, 9, 4): {'comment': 'SET vendor', - 'description': 'RSADSI (2 23 42 9 4)', - 'hexoid': '06 04 67 2A 09 04', - 'name': 'RSADSI', - 'oid': (2, 23, 42, 9, 4)}, - (2, 23, 42, 9, 5): {'comment': 'SET vendor', - 'description': 'VeriFone (2 23 42 9 5)', - 'hexoid': '06 04 67 2A 09 05', - 'name': 'VeriFone', - 'oid': (2, 23, 42, 9, 5)}, - (2, 23, 42, 9, 6): {'comment': 'SET vendor', - 'description': 'TrinTech (2 23 42 9 6)', - 'hexoid': '06 04 67 2A 09 06', - 'name': 'TrinTech', - 'oid': (2, 23, 42, 9, 6)}, - (2, 23, 42, 9, 7): {'comment': 'SET vendor', - 'description': 'BankGate (2 23 42 9 7)', - 'hexoid': '06 04 67 2A 09 07', - 'name': 'BankGate', - 'oid': (2, 23, 42, 9, 7)}, - (2, 23, 42, 9, 8): {'comment': 'SET vendor', - 'description': 'GTE (2 23 42 9 8)', - 'hexoid': '06 04 67 2A 09 08', - 'name': 'GTE', - 'oid': (2, 23, 42, 9, 8)}, - (2, 23, 42, 9, 9): {'comment': 'SET vendor', - 'description': 'CompuSource (2 23 42 9 9)', - 'hexoid': '06 04 67 2A 09 09', - 'name': 'CompuSource', - 'oid': (2, 23, 42, 9, 9)}, - (2, 23, 42, 9, 10): {'comment': 'SET vendor', - 'description': 'Griffin (2 23 42 9 10)', - 'hexoid': '06 04 67 2A 09 0A', - 'name': 'Griffin', - 'oid': (2, 23, 42, 9, 10)}, - (2, 23, 42, 9, 11): {'comment': 'SET vendor', - 'description': 'Certicom (2 23 42 9 11)', - 'hexoid': '06 04 67 2A 09 0B', - 'name': 'Certicom', - 'oid': (2, 23, 42, 9, 11)}, - (2, 23, 42, 9, 12): {'comment': 'SET vendor', - 'description': 'OSS (2 23 42 9 12)', - 'hexoid': '06 04 67 2A 09 0C', - 'name': 'OSS', - 'oid': (2, 23, 42, 9, 12)}, - (2, 23, 42, 9, 13): {'comment': 'SET vendor', - 'description': 'TenthMountain (2 23 42 9 13)', - 'hexoid': '06 04 67 2A 09 0D', - 'name': 'TenthMountain', - 'oid': (2, 23, 42, 9, 13)}, - (2, 23, 42, 9, 14): {'comment': 'SET vendor', - 'description': 'Antares (2 23 42 9 14)', - 'hexoid': '06 04 67 2A 09 0E', - 'name': 'Antares', - 'oid': (2, 23, 42, 9, 14)}, - (2, 23, 42, 9, 15): {'comment': 'SET vendor', - 'description': 'ECC (2 23 42 9 15)', - 'hexoid': '06 04 67 2A 09 0F', - 'name': 'ECC', - 'oid': (2, 23, 42, 9, 15)}, - (2, 23, 42, 9, 16): {'comment': 'SET vendor', - 'description': 'Maithean (2 23 42 9 16)', - 'hexoid': '06 04 67 2A 09 10', - 'name': 'Maithean', - 'oid': (2, 23, 42, 9, 16)}, - (2, 23, 42, 9, 17): {'comment': 'SET vendor', - 'description': 'Netscape (2 23 42 9 17)', - 'hexoid': '06 04 67 2A 09 11', - 'name': 'Netscape', - 'oid': (2, 23, 42, 9, 17)}, - (2, 23, 42, 9, 18): {'comment': 'SET vendor', - 'description': 'Verisign (2 23 42 9 18)', - 'hexoid': '06 04 67 2A 09 12', - 'name': 'Verisign', - 'oid': (2, 23, 42, 9, 18)}, - (2, 23, 42, 9, 19): {'comment': 'SET vendor', - 'description': 'BlueMoney (2 23 42 9 19)', - 'hexoid': '06 04 67 2A 09 13', - 'name': 'BlueMoney', - 'oid': (2, 23, 42, 9, 19)}, - (2, 23, 42, 9, 20): {'comment': 'SET vendor', - 'description': 'Lacerte (2 23 42 9 20)', - 'hexoid': '06 04 67 2A 09 14', - 'name': 'Lacerte', - 'oid': (2, 23, 42, 9, 20)}, - (2, 23, 42, 9, 21): {'comment': 'SET vendor', - 'description': 'Fujitsu (2 23 42 9 21)', - 'hexoid': '06 04 67 2A 09 15', - 'name': 'Fujitsu', - 'oid': (2, 23, 42, 9, 21)}, - (2, 23, 42, 9, 22): {'comment': 'SET vendor', - 'description': 'eLab (2 23 42 9 22)', - 'hexoid': '06 04 67 2A 09 16', - 'name': 'eLab', - 'oid': (2, 23, 42, 9, 22)}, - (2, 23, 42, 9, 23): {'comment': 'SET vendor', - 'description': 'Entrust (2 23 42 9 23)', - 'hexoid': '06 04 67 2A 09 17', - 'name': 'Entrust', - 'oid': (2, 23, 42, 9, 23)}, - (2, 23, 42, 9, 24): {'comment': 'SET vendor', - 'description': 'VIAnet (2 23 42 9 24)', - 'hexoid': '06 04 67 2A 09 18', - 'name': 'VIAnet', - 'oid': (2, 23, 42, 9, 24)}, - (2, 23, 42, 9, 25): {'comment': 'SET vendor', - 'description': 'III (2 23 42 9 25)', - 'hexoid': '06 04 67 2A 09 19', - 'name': 'III', - 'oid': (2, 23, 42, 9, 25)}, - (2, 23, 42, 9, 26): {'comment': 'SET vendor', - 'description': 'OpenMarket (2 23 42 9 26)', - 'hexoid': '06 04 67 2A 09 1A', - 'name': 'OpenMarket', - 'oid': (2, 23, 42, 9, 26)}, - (2, 23, 42, 9, 27): {'comment': 'SET vendor', - 'description': 'Lexem (2 23 42 9 27)', - 'hexoid': '06 04 67 2A 09 1B', - 'name': 'Lexem', - 'oid': (2, 23, 42, 9, 27)}, - (2, 23, 42, 9, 28): {'comment': 'SET vendor', - 'description': 'Intertrader (2 23 42 9 28)', - 'hexoid': '06 04 67 2A 09 1C', - 'name': 'Intertrader', - 'oid': (2, 23, 42, 9, 28)}, - (2, 23, 42, 9, 29): {'comment': 'SET vendor', - 'description': 'Persimmon (2 23 42 9 29)', - 'hexoid': '06 04 67 2A 09 1D', - 'name': 'Persimmon', - 'oid': (2, 23, 42, 9, 29)}, - (2, 23, 42, 9, 30): {'comment': 'SET vendor', - 'description': 'NABLE (2 23 42 9 30)', - 'hexoid': '06 04 67 2A 09 1E', - 'name': 'NABLE', - 'oid': (2, 23, 42, 9, 30)}, - (2, 23, 42, 9, 31): {'comment': 'SET vendor', - 'description': 'espace-net (2 23 42 9 31)', - 'hexoid': '06 04 67 2A 09 1F', - 'name': 'espace-net', - 'oid': (2, 23, 42, 9, 31)}, - (2, 23, 42, 9, 32): {'comment': 'SET vendor', - 'description': 'Hitachi (2 23 42 9 32)', - 'hexoid': '06 04 67 2A 09 20', - 'name': 'Hitachi', - 'oid': (2, 23, 42, 9, 32)}, - (2, 23, 42, 9, 33): {'comment': 'SET vendor', - 'description': 'Microsoft (2 23 42 9 33)', - 'hexoid': '06 04 67 2A 09 21', - 'name': 'Microsoft', - 'oid': (2, 23, 42, 9, 33)}, - (2, 23, 42, 9, 34): {'comment': 'SET vendor', - 'description': 'NEC (2 23 42 9 34)', - 'hexoid': '06 04 67 2A 09 22', - 'name': 'NEC', - 'oid': (2, 23, 42, 9, 34)}, - (2, 23, 42, 9, 35): {'comment': 'SET vendor', - 'description': 'Mitsubishi (2 23 42 9 35)', - 'hexoid': '06 04 67 2A 09 23', - 'name': 'Mitsubishi', - 'oid': (2, 23, 42, 9, 35)}, - (2, 23, 42, 9, 36): {'comment': 'SET vendor', - 'description': 'NCR (2 23 42 9 36)', - 'hexoid': '06 04 67 2A 09 24', - 'name': 'NCR', - 'oid': (2, 23, 42, 9, 36)}, - (2, 23, 42, 9, 37): {'comment': 'SET vendor', - 'description': 'e-COMM (2 23 42 9 37)', - 'hexoid': '06 04 67 2A 09 25', - 'name': 'e-COMM', - 'oid': (2, 23, 42, 9, 37)}, - (2, 23, 42, 9, 38): {'comment': 'SET vendor', - 'description': 'Gemplus (2 23 42 9 38)', - 'hexoid': '06 04 67 2A 09 26', - 'name': 'Gemplus', - 'oid': (2, 23, 42, 9, 38)}, - (2, 23, 42, 10): {'comment': 'SET', - 'description': 'national (2 23 42 10)', - 'hexoid': '06 03 67 2A 0A', - 'name': 'national', - 'oid': (2, 23, 42, 10)}, - (2, 23, 42, 10, 392): {'comment': 'SET national', - 'description': 'Japan (2 23 42 10 392)', - 'hexoid': '06 05 67 2A 0A 83 08', - 'name': 'Japan', - 'oid': (2, 23, 42, 10, 392)}} diff --git a/rpkid/rpki/POW/_simpledb.py b/rpkid/rpki/POW/_simpledb.py deleted file mode 100644 index 190e96be..00000000 --- a/rpkid/rpki/POW/_simpledb.py +++ /dev/null @@ -1,55 +0,0 @@ -#*****************************************************************************# -#* *# -#* Copyright (c) 2002, Peter Shannon *# -#* All rights reserved. *# -#* *# -#* Redistribution and use in source and binary forms, with or without *# -#* modification, are permitted provided that the following conditions *# -#* are met: *# -#* *# -#* * Redistributions of source code must retain the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer. *# -#* *# -#* * Redistributions in binary form must reproduce the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer in the documentation and/or other materials *# -#* provided with the distribution. *# -#* *# -#* * The name of the contributors may be used to endorse or promote *# -#* products derived from this software without specific prior *# -#* written permission. *# -#* *# -#* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS *# -#* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT *# -#* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS *# -#* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS *# -#* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *# -#* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *# -#* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, *# -#* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY *# -#* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT *# -#* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE *# -#* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *# -#* *# -#*****************************************************************************# - -import _oids, _objects, types - -class OidData(object): - def __init__(self): - self.oids = _oids.data - self.objs = _objects.data - - def obj2oid(self, obj): - if not self.objs.has_key(obj): - raise Exception, 'unknown object: %s' % obj - return tuple(self.objs[obj]['oid']) - - def oid2obj(self, oid): - if isinstance( oid, types.ListType ): - oid = tuple(oid) - if not self.oids.has_key(oid): - raise Exception, 'unknown oid %s' % `oid` - return self.oids[oid]['name'] - diff --git a/rpkid/rpki/POW/pkix.py b/rpkid/rpki/POW/pkix.py deleted file mode 100644 index e7d9dde1..00000000 --- a/rpkid/rpki/POW/pkix.py +++ /dev/null @@ -1,2087 +0,0 @@ -#*****************************************************************************# -#* *# -#* Copyright (c) 2002, Peter Shannon *# -#* All rights reserved. *# -#* *# -#* Redistribution and use in source and binary forms, with or without *# -#* modification, are permitted provided that the following conditions *# -#* are met: *# -#* *# -#* * Redistributions of source code must retain the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer. *# -#* *# -#* * Redistributions in binary form must reproduce the above *# -#* copyright notice, this list of conditions and the following *# -#* disclaimer in the documentation and/or other materials *# -#* provided with the distribution. *# -#* *# -#* * The name of the contributors may be used to endorse or promote *# -#* products derived from this software without specific prior *# -#* written permission. *# -#* *# -#* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS *# -#* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT *# -#* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS *# -#* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS *# -#* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *# -#* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *# -#* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, *# -#* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY *# -#* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT *# -#* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE *# -#* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *# -#* *# -#*****************************************************************************# - -import types, time, pprint, cStringIO, _der -from _simpledb import OidData as _OidData -from _der import * - -DEBUG = 0 - -_oidData = _OidData() -obj2oid = _oidData.obj2oid -oid2obj = _oidData.oid2obj - -_fragments = [] - -def _docset(): - return _der._docset() + _fragments - -#---------- crypto driver ----------# - -class CryptoDriver(object): - """Dispatcher for crypto calls. - - This module has very minimal dependencies on crypto code, as it's - almost entirely about ASN.1 encoding and decoding. Rather than - wiring in the handful of crypto calls, we dispatch them through - this driver. The default driver uses POW, but you can replace it - with any crypto package you like. - - This is a virtual class. You will have to subtype it. - """ - - def getOID(self, digestType): - """Convert a digest identifier into an OID. - - If the identifier we get is a tuple, we assume it's already an - OID and just return it. If the identifier is in the driver - identifier mapping table, we use that to return an OID. - Otherwise, we try mapping it via the name-to-OID database. - """ - if isinstance(digestType, tuple): - return digestType - if digestType in self.driver2OID: - return self.driver2OID[digestType] - return obj2oid(digestType) - - def sign(self, key, oid, plaintext): - """Sign something with an RSA key and a given digest algorithm.""" - raise NotImplementedError - - def verify(self, key, oid, plaintext, signature): - """Verify a signature.""" - raise NotImplementedError - - def toPublicDER(self, key): - """Get the DER representation of an RSA key.""" - raise NotImplementedError - - def fromPublicDER(self, der): - """Set the driver representation of an RSA key from DER.""" - raise NotImplementedError - -class POWCryptoDriver(CryptoDriver): - """Dispatcher for crypto calls using POW package.""" - - def __init__(self): - global POW - try: - import rpki.POW - POW = rpki.POW - except ImportError: - import POW - self.driver2OID = {} - for k, v in (("MD2_DIGEST", (1, 2, 840, 113549, 1, 1, 2)), # md2WithRSAEncryption - ("MD5_DIGEST", (1, 2, 840, 113549, 1, 1, 4)), # md5WithRSAEncryption - ("SHA_DIGEST", (1, 3, 14, 3, 2, 15)), # shaWithRSAEncryption - ("SHA1_DIGEST", (1, 2, 840, 113549, 1, 1, 5)), # sha1withRSAEncryption - ("RIPEMD160_DIGEST", (1, 2, 840, 113549, 1, 1, 6)), # ripemd160WithRSAEncryption - ("SHA256_DIGEST", (1, 2, 840, 113549, 1, 1, 11)), # sha256WithRSAEncryption - ("SHA384_DIGEST", (1, 2, 840, 113549, 1, 1, 12)), # sha384WithRSAEncryption - ("SHA512_DIGEST", (1, 2, 840, 113549, 1, 1, 13)), # sha512WithRSAEncryption - ): - try: - self.driver2OID[getattr(POW, k)] = v - except AttributeError: - pass - self.OID2driver = dict((v,k) for k,v in self.driver2OID.items()) - - def _digest(self, oid, plaintext): - digest = POW.Digest(self.OID2driver[oid]) - digest.update(plaintext) - return digest.digest() - - def sign(self, key, oid, plaintext): - return key.sign(self._digest(oid, plaintext), self.OID2driver[oid]) - - def verify(self, key, oid, plaintext, signature): - return key.verify(signature, self._digest(oid, plaintext), self.OID2driver[oid]) - - def toPublicDER(self, key): - return key.derWrite(POW.RSA_PUBLIC_KEY) - - def fromPublicDER(self, der): - return POW.derRead(POW.RSA_PUBLIC_KEY, der) - -_cryptoDriver = None # Don't touch this directly - -def setCryptoDriver(driver): - """Set crypto driver. - - The driver should be an instance of CryptoDriver. - """ - assert isinstance(driver, CryptoDriver) - global _cryptoDriver - _cryptoDriver = driver - -def getCryptoDriver(): - """Return the currently selected CryptoDriver instance. - - If no driver has been selected, instantiate the default POW driver. - """ - global _cryptoDriver - if _cryptoDriver is None: - setCryptoDriver(POWCryptoDriver()) - return _cryptoDriver - -#---------- crypto driver ----------# - -def _addFragment(frag): - global _fragments - _fragments.append(frag) - -_addFragment(''' -<modulefunction> - <header> - <name>utc2time</name> - <parameter>time</parameter> - </header> - <body> - <para> - This is a helper function for turning a UTCTime string into an - integer. It isn't built into the encoder since the various - functions which are used to manipulate the tm structure are - notoriously unreliable. - </para> - </body> -</modulefunction> -''') -def utc2time(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - t = time.strptime(val, '%y%m%d%H%M%SZ') - return int(time.mktime(t)) - -_addFragment(''' -<modulefunction> - <header> - <name>time2utc</name> - <parameter>time</parameter> - </header> - <body> - <para> - This is a helper function for turning an integer into a - UTCTime string. It isn't built into the encoder since the - various functions which are used to manipulate the tm structure - are notoriously unreliable. - </para> - </body> -</modulefunction> -''') -def time2utc(val): - 'numerical time value like time_t' - val = int(val) - t = time.gmtime(val) - return time.strftime('%y%m%d%H%M%SZ', t) - -_addFragment(''' -<modulefunction> - <header> - <name>gen2time</name> - <parameter>time</parameter> - </header> - <body> - <para> - This is a helper function for turning a GeneralizedTime string into an - integer. It isn't built into the encoder since the various - functions which are used to manipulate the tm structure are - notoriously unreliable. - </para> - </body> -</modulefunction> -''') -def gen2Time(val): - 'der encoded value not including tag or length' - if not isinstance(val, types.StringType): - raise DerError, 'argument should be a string' - t = time.strptime(val, '%Y%m%d%H%M%SZ') - return int(time.mktime(t)) - -_addFragment(''' -<modulefunction> - <header> - <name>time2gen</name> - <parameter>time</parameter> - </header> - <body> - <para> - This is a helper function for turning an integer into a - GeneralizedTime string. It isn't built into the encoder since the - various functions which are used to manipulate the tm structure - are notoriously unreliable. - </para> - </body> -</modulefunction> -''') -def time2gen(val): - 'numerical time value like time_t' - val = int(val) - t = time.gmtime(val) - return time.strftime('%Y%m%d%H%M%SZ', t) - -_addFragment(''' -<method> - <header> - <name>ip42oct</name> - <parameter>ip</parameter> - </header> - <body> - <para> - <parameter>ip</parameter> should be a list or tuple of integers, - from 0 to 256. - </para> - <example> - <title>Setting <classname>IpAddress</classname></title> - <programlisting> - ip = IpAddress() - ip.set( ip42oct(192, 168, 0, 231) ) - </programlisting> - </example> - </body> -</method> -''') -def ip42oct(val0, val1, val2, val3): - return chr(val0) + chr(val1) + chr(val2) + chr(val3) - -_addFragment(''' -<method> - <header> - <name>oct2ip4</name> - <parameter>val</parameter> - </header> - <body> - <para> - Returns a tuple of 4 integers, from 0 to 256. - </para> - </body> -</method> -''') -def oct2ip4(val): - if not isinstance(val, types.StringType) or len(val) != 4: - raise DerError, 'parameter should be string of 4 characters' - return ( ord(val[0]), ord(val[1]), ord(val[2]), ord(val[3]) ) - -#---------- certificate support ----------# -class TbsCertificate(Sequence): - def __init__(self, optional=0, default=''): - - self.version = Integer() - self.explicitVersion = Explicit( CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.version, 0, 'oAMCAQA=\n' ) - - self.serial = Integer() - self.signature = AlgorithmIdentifier() - self.issuer = Name() - self.subject = Name() - self.subjectPublicKeyInfo = SubjectPublicKeyInfo() - - self.validity = Validity() - - self.issuerUniqueID = BitString(1) - self.issuerUniqueID.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 1 ) - self.subjectUniqueID = BitString(1) - self.subjectUniqueID.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 2 ) - - self.extensions = Extensions() - self.explicitExtensions = Explicit( CLASS_CONTEXT, FORM_CONSTRUCTED, 3, self.extensions, 1 ) - - contents = [ - self.explicitVersion, - self.serial, - self.signature, - self.issuer, - self.validity, - self.subject, - self.subjectPublicKeyInfo, - self.issuerUniqueID, - self.subjectUniqueID, - self.explicitExtensions - ] - - Sequence.__init__(self, contents, optional, default) - -class Validity(Sequence): - def __init__(self, optional=0, default=''): - Time = lambda : Choice({ 'generalTime' : GeneralizedTime(), 'utcTime' : UtcTime() }) - self.notBefore = Time() - self.notAfter = Time() - contents = [self.notBefore, self.notAfter] - Sequence.__init__(self, contents, optional, default) - -# IA5String should not be allowed in DirectoryString, but old -# implementations (deprecated but not quite outlawed by RFC 3280) -# sometimes use it for EmailAddress attributes in subject names, which -# triggers decode failures here unless we violate RFC 3280 by allowing -# IA5String. Do not use, do not use, do not use. - -class DirectoryString(Choice): - def __init__(self, optional=0, default=''): - choices = { 'teletexString' : T61String(), - 'printableString' : PrintableString(), - 'universalString' : UniversalString(), - 'bmpString' : BmpString(), - 'utf8String' : Utf8String(), - 'ia5String' : IA5String() } - - Choice.__init__(self, choices, optional, default) - -class AttributeTypeAndValue(Sequence): - def __init__(self, optional=0, default=''): - self.type = Oid() - self.dirstr = DirectoryString() - contents = [ self.type, self.dirstr ] - Sequence.__init__(self, contents, optional, default) - -class RelativeDistinguishedName(SetOf): - def __init__(self, optional=0, default=''): - SetOf.__init__(self, AttributeTypeAndValue, optional, default) - -class Name(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, RelativeDistinguishedName, optional, default) - -class AlgorithmIdentifier(Sequence): - def __init__(self, optional=0, default=''): - self.algorithm = Oid() - self.parameters = Null() - contents = [self.algorithm, self.parameters] - Sequence.__init__(self, contents, optional, default) - -class SubjectPublicKeyInfo(Sequence): - def __init__(self, optional=0, default=''): - self.algorithmId = AlgorithmIdentifier() - self.subjectPublicKey = AltBitString() - contents = [ self.algorithmId, self.subjectPublicKey ] - Sequence.__init__(self, contents, optional, default) - -class Extensions(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, Extension, optional, default) - -_addFragment(''' -<class> - <header> - <name>Certificate</name> - <super>Sequence</super> - </header> - <body> - <example> - <title>Setting <classname>Certificate</classname></title> - <programlisting> - rsa = POW.Asymmetric() - cert = POW.pkix.Certificate() - cert.setVersion(1) - cert.setSerial(5) - - name = ( (( o2i('countryName'), ('printableString', 'GB') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Hertfordshire') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Client') ),) ) - - cert.setIssuer(name) - cert.setSubject(name) - - now = POW.pkix.time2gen( time.time() ) - then = POW.pkix.time2gen(time.time() + 60*60*24*365*12) - cert.setNotBefore( ('generalTime', now) ) - cert.setNotAfter( ( 'generalTime', then) ) - cert.setIssuerUniqueID((1,0,1,0)) - cert.setSubjectUniqueID((1,0,0,1)) - cert.sign(rsa, POW.MD5_DIGEST) - </programlisting> - </example> - </body> -</class> -''') - -class Certificate(Sequence): - - _addFragment(''' - <constructor> - <header> - <memberof>Certificate</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - self.tbs = TbsCertificate() - self.signatureAlgorithm = AlgorithmIdentifier() - self.signatureValue = AltBitString() - contents = [ self.tbs, self.signatureAlgorithm, self.signatureValue ] - Sequence.__init__(self, contents, optional, default) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setVersion</name> - <parameter>version</parameter> - </header> - <body> - <para> - This function sets an <classname>Integer</classname> object. 0 - indicates a version 1 certificate, 1 a version 2 certificate and 2 a - version 3 certificate. - </para> - </body> - </method> - ''') - def setVersion(self, version): - self.tbs.version.set(version) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getVersion</name> - </header> - <body> - <para> - This function returns whatever the version object is set to, - this should be 0, 1 or 2. - </para> - </body> - </method> - ''') - def getVersion(self): - return self.tbs.version.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setSerial</name> - <parameter>serial</parameter> - </header> - <body> - <para> - This function sets an <classname>Integer</classname> object. - No two certificates issued should ever have the same serial - number. - </para> - </body> - </method> - ''') - def setSerial(self, serial): - self.tbs.serial.set(serial) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getVersion</name> - </header> - <body> - <para> - This function returns whatever the serial object is set to. - </para> - </body> - </method> - ''') - def getSerial(self): - return self.tbs.serial.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setIssuer</name> - <parameter>names</parameter> - </header> - <body> - <para> - This function sets an <classname>Name</classname> object. - See <classname>Certificate</classname> class for an example. - </para> - </body> - </method> - ''') - def setIssuer(self, issuer): - self.tbs.issuer.set(issuer) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getIssuer</name> - </header> - <body> - <para> - This function returns a complex tuple containing other tuples. - </para> - </body> - </method> - ''') - def getIssuer(self): - return self.tbs.issuer.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setSubject</name> - <parameter>names</parameter> - </header> - <body> - <para> - This function sets an <classname>Name</classname> object. - See <classname>Certificate</classname> class for an example. - </para> - </body> - </method> - ''') - def setSubject(self, subject): - self.tbs.subject.set(subject) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getSubject</name> - </header> - <body> - <para> - This function returns a complex tuple containing other tuples. - </para> - </body> - </method> - ''') - def getSubject(self): - return self.tbs.subject.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setNotBefore</name> - <parameter>time</parameter> - </header> - <body> - <para> - This function sets a <classname>Choice</classname> object. - It can be either a <classname>GeneralTime</classname> or - <classname>UTCTime</classname> object. The functions - <function>gen2time</function>, <function>utc2time</function>, - <function>time2gen</function> and <function>time2utc</function> - can be used to convert to and from integer times and their - string representation. - </para> - <example> - <title><function>setNotBefore</function> method usage</title> - <programlisting> - cert = POW.pkix.Certificate() - now = POW.pkix.time2gen( time.time() ) - cert.setNotBefore( ('generalTime', now) ) - </programlisting> - </example> - </body> - </method> - ''') - def setNotBefore(self, nb): - self.tbs.validity.notBefore.set(nb) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getNotBefore</name> - </header> - <body> - <para> - This function returns a tuple indicating which type of time was - stored and its value. See <function>setNotBefore</function> for details. - </para> - </body> - </method> - ''') - def getNotBefore(self): - return self.tbs.validity.notBefore.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setNotAfter</name> - <parameter>time</parameter> - </header> - <body> - <para> - This function sets a <classname>Choice</classname> object. - See <function>setNotBefore</function> for details. - </para> - </body> - </method> - ''') - def setNotAfter(self, na): - self.tbs.validity.notAfter.set(na) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getNotAfter</name> - </header> - <body> - <para> - This function returns a tuple indicating which type of time was - stored and its value. See <function>setNotBefore</function> for details. - </para> - </body> - </method> - ''') - def getNotAfter(self): - return self.tbs.validity.notAfter.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setIssuerUniqueID</name> - <parameter>id</parameter> - </header> - <body> - <para> - This function sets a <classname>BitString</classname> object. - This is part of the X509v2 standard and is quite poorly - regarded in general, its use is not recommended. It is set - using the normal <classname>BitString</classname> method, that - is with a sequence of true/false objects. - </para> - </body> - </method> - ''') - def setIssuerUniqueID(self, id): - self.tbs.issuerUniqueID.set(id) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getIssuerUniqueID</name> - </header> - <body> - <para> - This function returns a tuple of integers, 1 or 0. - </para> - </body> - </method> - ''') - def getIssuerUniqueID(self): - return self.tbs.issuerUniqueID.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setSubjectUniqueID</name> - <parameter>id</parameter> - </header> - <body> - <para> - This function sets a <classname>BitString</classname> object. - This is part of the X509v2 standard and is quite poorly - regarded in general, its use is not recommended. It is set - using the normal <classname>BitString</classname> method, that - is with a sequence of true/false objects. - </para> - </body> - </method> - ''') - def setSubjectUniqueID(self, id): - self.tbs.subjectUniqueID.set(id) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getSubjectUniqueID</name> - </header> - <body> - <para> - This function returns a tuple of integers, 1 or 0. - </para> - </body> - </method> - ''') - def getSubjectUniqueID(self): - return self.tbs.subjectUniqueID.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>setExtensions</name> - <parameter>extns</parameter> - </header> - <body> - <para> - This method sets an <classname>Extensions</classname> object, - defined as SEQUENCE OF Extension. The parameter - <parameter>extns</parameter> should consist of a list or tuple - of values suitable to set an extension. See the extension - class for details. - </para> - </body> - </method> - ''') - def setExtensions(self, extns): - self.tbs.extensions.set(extns) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>getExtensions</name> - </header> - <body> - <para> - This function returns a tuple of - <classname>Extension</classname> values. See - <classname>Extension</classname> for details. - </para> - </body> - </method> - ''') - def getExtensions(self): - return self.tbs.extensions.get() - - def getExtension(self, oid): - for x in self.getExtensions(): - if x[0] == oid: - return x - return None - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>sign</name> - <parameter>rsa</parameter> - <parameter>digestType</parameter> - </header> - <body> - <para> - This function updates structured of the - <classname>Certificate</classname> and - <constant>tbs</constant> as appropriate and performs the - specified digest on the <constant>tbs</constant> and set - <constant>signedText</constant> to signed the digest. - </para> - </body> - </method> - ''') - def sign(self, rsa, digestType): - driver = getCryptoDriver() - oid = driver.getOID(digestType) - self.tbs.signature.set([oid, None]) - signedText = driver.sign(rsa, oid, self.tbs.toString()) - self.signatureAlgorithm.set([oid, None]) - self.signatureValue.set(signedText) - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>verify</name> - <parameter>rsa</parameter> - </header> - <body> - <para> - This function works out what kind of digest was used to - during signing, calculates the digest of - <constant>tbs</constant> and verifies the envelope using the - key. - </para> - </body> - </method> - ''') - def verify(self, rsa): - driver = getCryptoDriver() - oid = self.signatureAlgorithm.get()[0] - return driver.verify(rsa, oid, self.tbs.toString(), self.signatureValue.get()) - -#---------- certificate support ----------# -#---------- CRL ----------# - -class RevokedCertificate(Sequence): - def __init__(self, optional=0, default=''): - self.userCertificate = Integer() - self.revocationDate = Choice( { 'generalTime' : GeneralizedTime(), 'utcTime' : UtcTime() } ) - self.crlEntryExtensions = Extensions(1) - contents = [ self.userCertificate, self.revocationDate, self.crlEntryExtensions ] - Sequence.__init__(self, contents, optional, default) - -class RevokedCertificates(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, RevokedCertificate, optional, default) - -class TbsCertList(Sequence): - def __init__(self, optional=0, default=''): - self.version = Integer(1) - self.signature = AlgorithmIdentifier() - self.issuer = Name() - self.thisUpdate = Choice( { 'generalTime' : GeneralizedTime(), 'utcTime' : UtcTime() } ) - self.nextUpdate = Choice( { 'generalTime' : GeneralizedTime(), 'utcTime' : UtcTime() }, 1 ) - self.revokedCertificates = RevokedCertificates(1) - self.crlExtensions = Extensions() - self.explicitCrlExtensions = Explicit( CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.crlExtensions, 1 ) - contents = [ self.version, - self.signature, - self.issuer, - self.thisUpdate, - self.nextUpdate, - self.revokedCertificates, - self.explicitCrlExtensions ] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>CertificateList</name> - <super>Sequence</super> - </header> - <body> - <example> - <title>Setting <classname>CertificateList</classname></title> - <programlisting> - now = POW.pkix.time2gen( time.time() ) - then = POW.pkix.time2gen(time.time() + 60*60*24*365*12) - rsa = POW.Asymmetric() - - crl = POW.pkix.CertificateList() - crl.setThisUpdate( ('generalTime', now ) ) - - name = ( (( o2i('countryName'), ('printableString', 'GB') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Hertfordshire') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Client') ),) ) - - myRevocations = ( - (1, ('generalTime', now), ()), - (2, ('generalTime', now), ()), - (3, ('generalTime', now), (( o2i('cRLReason'), 0, 1),)) - ) - - crl.setIssuer(name) - crl.setRevokedCertificates( myRevocations ) - - crl.sign(rsa, POW.MD5_DIGEST) - </programlisting> - </example> - </body> -</class> -''') -class CertificateList(Sequence): - _addFragment(''' - <constructor> - <header> - <memberof>CertificateList</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - self.tbs = TbsCertList() - self.signatureAlgorithm = AlgorithmIdentifier() - self.signature = AltBitString() - contents = [self.tbs, self.signatureAlgorithm, self.signature] - Sequence.__init__(self, contents, optional, default) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>setVersion</name> - <parameter>version</parameter> - </header> - <body> - <para> - This function sets an <classname>Integer</classname> object. 0 - indicates a version 1 CRL, and 1 a version 2 CRL. - </para> - </body> - </method> - ''') - def setVersion(self, version): - self.tbs.version.set(version) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>getVersion</name> - </header> - <body> - <para> - This function returns whatever the version object is set to, - this should be 0, 1 or 2. - </para> - </body> - </method> - ''') - def getVersion(self): - return self.tbs.version.get() - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>setIssuer</name> - <parameter>names</parameter> - </header> - <body> - <para> - This function sets an <classname>Name</classname> object. - </para> - </body> - </method> - ''') - def setIssuer(self, issuer): - self.tbs.issuer.set(issuer) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>getIssuer</name> - </header> - <body> - <para> - This function returns a complex tuple containing other tuples. - </para> - </body> - </method> - ''') - def getIssuer(self): - return self.tbs.issuer.get() - - _addFragment(''' - <method> - <header> - <memberof>setThisUpdate</memberof> - <name>setNotBefore</name> - <parameter>time</parameter> - </header> - <body> - <para> - This function sets a <classname>Choice</classname> object. - It can be either a <classname>GeneralTime</classname> or - <classname>UTCTime</classname> object. The functions - <function>gen2time</function>, <function>utc2time</function>, - <function>time2gen</function> and <function>time2utc</function> - can be used to convert to and from integer times and their - string representation. - </para> - <example> - <title><function>setNotBefore</function> method usage</title> - <programlisting> - crl = POW.pkix.CertificateList() - now = POW.pkix.time2gen( time.time() ) - crl.setNotBefore( ('generalTime', now) ) - </programlisting> - </example> - </body> - </method> - ''') - def setThisUpdate(self, nu): - self.tbs.thisUpdate.set(nu) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>getThisUpdate</name> - </header> - <body> - <para> - This function returns a tuple containing two strings. The first - is either 'utcTime' or 'generalTime' and the second is the time - value as a string. - </para> - </body> - </method> - ''') - def getThisUpdate(self): - return self.tbs.thisUpdate.get() - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>setNextUpdate</name> - </header> - <body> - <para> - See set <function>setThisUpdate</function>. - </para> - </body> - </method> - ''') - def setNextUpdate(self, nu): - self.tbs.nextUpdate.set(nu) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>getNextUpdate</name> - </header> - <body> - <para> - See set <function>getThisUpdate</function>. - </para> - </body> - </method> - ''') - def getNextUpdate(self): - return self.tbs.nextUpdate.get() - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>setExtensions</name> - <parameter>extns</parameter> - </header> - <body> - <para> - This method sets an <classname>Extensions</classname> object, - defined as SEQUENCE OF Extension. The parameter - <parameter>extns</parameter> should consist of a list or tuple - of values suitable to set an extension. See the extension - class for details. - </para> - </body> - </method> - ''') - def setExtensions(self, extns): - self.tbs.crlExtensions.set(extns) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>getExtensions</name> - </header> - <body> - <para> - This function returns a tuple of - <classname>Extension</classname> values. See - <classname>Extension</classname> for details. - </para> - </body> - </method> - ''') - def getExtensions(self): - return self.tbs.crlExtensions.get() - - def getExtension(self, oid): - for x in self.getExtensions(): - if x[0] == oid: - return x - return None - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>setRevokedCertificates</name> - </header> - <body> - <para> - This function sets a sequence of - <classname>revokedCertificate</classname> objects. - This object is optional. See - <classname>CertificateList</classname> for an example of its - use. - </para> - </body> - </method> - ''') - def setRevokedCertificates(self, rc): - self.tbs.revokedCertificates.set(rc) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>getRevokedCertificates</name> - </header> - <body> - <para> - This function return a sequence of - <classname>revokedCertificate</classname> objects or None. - </para> - </body> - </method> - ''') - def getRevokedCertificates(self): - return self.tbs.revokedCertificates.get() - - _addFragment(''' - <method> - <header> - <memberof>Certificate</memberof> - <name>sign</name> - </header> - <body> - <para> - This function updates structured of the - <classname>certificateList</classname> and - <classname>tBSCertList</classname> as appropriate, performs the - specified digest on the <classname>tBSCertList</classname> and sets - <constant>signedValue</constant> to signed the digest. - </para> - </body> - </method> - ''') - def sign(self, rsa, digestType): - driver = getCryptoDriver() - oid = driver.getOID(digestType) - self.tbs.signature.set([oid, None]) - signedText = driver.sign(rsa, oid, self.tbs.toString()) - self.signatureAlgorithm.set([oid, None]) - self.signature.set(signedText) - - _addFragment(''' - <method> - <header> - <memberof>CertificateList</memberof> - <name>verify</name> - </header> - <body> - <para> - This function works out what kind of digest was used to during - signing, calculates the digest of - <classname>tBSCertList</classname> and verifies the - <constant>signedText</constant> using the key. - </para> - </body> - </method> - ''') - def verify(self, rsa): - driver = getCryptoDriver() - oid = self.signatureAlgorithm.get()[0] - return driver.verify(rsa, oid, self.tbs.toString(), self.signature.get()) - -#---------- CRL ----------# -#---------- PKCS10 ----------# - -# My ASN.1-foo (and perhaps this ASN.1 implementation) isn't quite up -# to X.501 or PKCS #10, so this is partly based on a dump of what -# OpenSSL generates, and doesn't handle attributes other than X.509v3 -# extensions. - -class PKCS10AttributeSet(SetOf): - def __init__(self, optional=0, default=''): - SetOf.__init__(self, Extensions, optional, default) - -class PKCS10AttributeChoice(Choice): - def __init__(self, optional=0, default=''): - choices = { 'single' : Extensions(), - 'set' : PKCS10AttributeSet() } - Choice.__init__(self, choices, optional, default) - -class PKCS10Attributes(Sequence): - def __init__(self, optional=1, default=''): - self.oid = Oid() - self.val = PKCS10AttributeChoice() - contents = [ self.oid, self.val ] - Sequence.__init__(self, contents, optional, default) - -class CertificationRequestInfo(Sequence): - def __init__(self, optional=0, default=''): - self.version = Integer() - self.subject = Name() - self.subjectPublicKeyInfo = SubjectPublicKeyInfo() - self.attributes = PKCS10Attributes() - self.explicitAttributes = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.attributes) - contents = [ self.version, self.subject, self.subjectPublicKeyInfo, self.explicitAttributes ] - Sequence.__init__(self, contents, optional, default) - -class CertificationRequest(Sequence): - def __init__(self, optional=0, default=''): - self.certificationRequestInfo = CertificationRequestInfo() - self.signatureAlgorithm = AlgorithmIdentifier() - self.signatureValue = AltBitString() - contents = [ self.certificationRequestInfo, self.signatureAlgorithm, self.signatureValue ] - Sequence.__init__(self, contents, optional, default) - - def sign(self, rsa, digestType): - driver = getCryptoDriver() - oid = driver.getOID(digestType) - self.certificationRequestInfo.subjectPublicKeyInfo.fromString(driver.toPublicDER(rsa)) - signedText = driver.sign(rsa, oid, self.certificationRequestInfo.toString()) - self.signatureAlgorithm.set([oid, None]) - self.signatureValue.set(signedText) - - def verify(self): - driver = getCryptoDriver() - oid = self.signatureAlgorithm.get()[0] - rsa = driver.fromPublicDER(self.certificationRequestInfo.subjectPublicKeyInfo.toString()) - return driver.verify(rsa, oid, self.certificationRequestInfo.toString(), self.signatureValue.get()) - - def getExtensions(self): - oid = self.certificationRequestInfo.attributes.oid.get() - if oid is None: - return () - if oid != (1, 2, 840, 113549, 1, 9, 14) or \ - self.certificationRequestInfo.attributes.val.choice != "set" or \ - len(self.certificationRequestInfo.attributes.val.choices["set"]) > 1: - raise DerError, "failed to understand X.501 Attribute encoding, sorry: %s" % self.get() - return self.certificationRequestInfo.attributes.val.choices["set"][0].get() - - def getExtension(self, oid): - for x in self.getExtensions(): - if x[0] == oid: - return x - return None - - def setExtensions(self, exts): - self.certificationRequestInfo.attributes.oid.set((1, 2, 840, 113549, 1, 9, 14)) - self.certificationRequestInfo.attributes.val.set(("set", [exts])) - -#---------- PKCS10 ----------# -#---------- GeneralNames object support ----------# -class OtherName(Sequence): - def __init__(self, optional=0, default=''): - self.typeId = Oid() - self.any = Any() - contents = [self.typeId, self.any] - Sequence.__init__(self, contents, optional, default) - -class EdiPartyName(Sequence): - def __init__(self, optional=0, default=''): - self.nameAssigner = DirectoryString() - self.partyName = DirectoryString() - self.explicitNameAssigner = Explicit( CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.nameAssigner, 1 ) - self.explicitPartyName = Explicit( CLASS_CONTEXT, FORM_CONSTRUCTED, 1, self.partyName ) - contents = [ self.explicitNameAssigner, self.explicitPartyName ] - Sequence.__init__(self, contents, optional, default) - -class IpAddress(OctetString): - pass - -class GeneralName(Choice): - def __init__(self, optional=0, default=''): - - otherName = OtherName() - otherName.implied( CLASS_CONTEXT, FORM_CONSTRUCTED, 0 ) - rfc822Name = IA5String() - rfc822Name.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 1 ) - dnsName = IA5String() - dnsName.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 2 ) - directoryName = Name() - explicitDirectoryName = Explicit( CLASS_CONTEXT, FORM_CONSTRUCTED, 4, directoryName) - ediPartyName = EdiPartyName() - ediPartyName.implied( CLASS_CONTEXT, FORM_CONSTRUCTED, 5 ) - uri = IA5String() - uri.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 6 ) - ipAddress = IpAddress() - ipAddress.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 7 ) - registeredId = Oid() - registeredId.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 8 ) - - choices = { 'otherName' : otherName , - 'rfc822Name' : rfc822Name , - 'dNSName' : dnsName , - 'directoryName' : explicitDirectoryName , - 'ediPartyName' : ediPartyName , - 'uri' : uri , - 'iPAddress' : ipAddress , - 'registeredId' : registeredId } - - Choice.__init__(self, choices, optional, default) - -class GeneralNames(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, GeneralName, optional, default) - -#---------- GeneralNames object support ----------# -#---------- X509v3 extensions ----------# - -_addFragment(''' -<class> - <header> - <name>BasicConstraints</name> - <super>Sequence</super> - </header> - <body> - <para> - This little extension has recently caused plenty of problems for - several large organisations. It consist of a - <classname>Boolean</classname> and an - <classname>Integer</classname>. The first indicates if the owner - is a CA, the second indicates how long a chain of CAs you should - trust which the subject of this certificate trusts. - </para> - <example> - <title>Setting <classname>BasicConstraints</classname></title> - <programlisting> - bc = BasicConstraints() - bc.set( (1, 1) ) - </programlisting> - </example> - </body> -</class> -''') -class BasicConstraints(Sequence): - _addFragment(''' - <constructor> - <header> - <memberof>BasicConstraints</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - self.ca = Boolean(0, 'AQEA\n') - self.pathLenConstraint = Integer(1) - contents = [self.ca, self.pathLenConstraint] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>KeyUsage</name> - <super>BitString</super> - </header> -</class> -''') -class KeyUsage(BitString): - pass - -_addFragment(''' -<class> - <header> - <name>SubjectAltName</name> - <super>GeneralNames</super> - </header> -</class> -''') -class SubjectAltName(GeneralNames): - pass - -_addFragment(''' -<class> - <header> - <name>IssuerAltName</name> - <super>GeneralNames</super> - </header> -</class> -''') -class IssuerAltName(GeneralNames): - pass - -_addFragment(''' -<class> - <header> - <name>SubjectKeyIdentifier</name> - <super>OctetString</super> - </header> -</class> -''') -class SubjectKeyIdentifier(OctetString): - pass - -_addFragment(''' -<class> - <header> - <name>AuthorityKeyIdentifier</name> - <super>Sequence</super> - </header> - <body> - <para> - </para> - <example> - <title>Setting <classname>AuthorityKeyIdentifier</classname></title> - <programlisting> - id = AuthorityKeyIdentifier() - authdigest = POW.Digest( POW.SHA1_DIGEST ) - authdigest.update(rsa.derWrite(POW.RSA_PUBLIC_KEY)) - keyHash = authdigest.digest() - id.set( (keyHash, None, None) ) - </programlisting> - </example> - </body> - -</class> -''') -class AuthorityKeyIdentifier(Sequence): - _addFragment(''' - <constructor> - <header> - <memberof>AuthorityKeyIdentifier</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - self.keyIdentifier = OctetString(1) - self.keyIdentifier.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 0 ) - self.authorityCertIssuer = GeneralNames(1) - self.authorityCertIssuer.implied( CLASS_CONTEXT, FORM_CONSTRUCTED, 1 ) - self.authorityCertSerialNumber = Integer(1) - self.authorityCertSerialNumber.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 2 ) - contents = [self.keyIdentifier, self.authorityCertIssuer, self.authorityCertSerialNumber] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>PrivateKeyUsagePeriod</name> - <super>Sequence</super> - </header> - <body> - <example> - <title>Setting <classname>PrivateKeyUsagePeriod</classname></title> - <programlisting> - period = PrivateKeyUsagePeriod() - period.set( ( time2gen( time.time() ), None) ) - </programlisting> - </example> - </body> -</class> -''') -class PrivateKeyUsagePeriod(Sequence): - _addFragment(''' - <constructor> - <header> - <memberof>PrivateKeyUsagePeriod</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - self.notBefore = GeneralizedTime() - self.notBefore.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 0 ) - self.notAfter = GeneralizedTime() - self.notAfter.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 1 ) - contents = [self.notBefore, self.notAfter] - Sequence.__init__(self, contents, optional, default) - -class DisplayText(Choice): - def __init__(self, optional=0, default=''): - choices = { 'visibleString' : VisibleString(), - 'bmpString' : BmpString(), - 'utf8String' : Utf8String() } - - Choice.__init__(self, choices, optional, default) - -class NoticeNumbers(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, Integer, optional, default) - -class NoticeReference(Sequence): - def __init__(self, optional=0, default=''): - self.organization = DisplayText() - self.noticeNumbers = NoticeNumbers() - contents = [self.organization, self.noticeNumbers] - Sequence.__init__(self, contents, optional, default) - -class UserNotice(Sequence): - def __init__(self, optional=0, default=''): - self.noticeRef = NoticeReference(1) - self.explicitText = DisplayText(1) - contents = [self.noticeRef, self.explicitText] - Sequence.__init__(self, contents, optional, default) - -class Qualifier(Choice): - def __init__(self, optional=0, default=''): - choices = { 'cPSuri' : IA5String(), - 'userNotice' : UserNotice() } - - Choice.__init__(self, choices, optional, default) - -class PolicyQualifierInfo(Sequence): - def __init__(self, optional=0, default=''): - self.policyQualifierId = Oid() - self.qualifier = Qualifier() - contents = [self.policyQualifierId, self.qualifier] - Sequence.__init__(self, contents, optional, default) - -class PolicyQualifiers(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, PolicyQualifierInfo, optional, default) - -class PolicyInformation(Sequence): - def __init__(self, optional=0, default=''): - self.policyIdentifier = Oid() - self.policyQualifiers = PolicyQualifiers(1) - contents = [self.policyIdentifier, self.policyQualifiers] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>CertificatePolicies</name> - <super>SequenceOf</super> - </header> - <body> - <example> - <title>Setting <classname>CertificatePolicies</classname></title> - <programlisting> - data = ( - ( o2i('id-cti-ets-proofOfReceipt'), ( - (o2i('cps'), ('cPSuri', 'http://www.p-s.org.uk/policies/policy1')), - (o2i('unotice'), ( 'userNotice', - ((('visibleString', 'The House'),(1,2,3)), - ('visibleString', 'We guarentee nothing')))), - )), - ( o2i('id-cti-ets-proofOfOrigin'), ( - (o2i('cps'), ('cPSuri', 'http://www.p-s.org.uk/policies/policy2')), - )) - ) - policies = CertificatePolicies() - policies.set( data ) - </programlisting> - </example> - </body> -</class> -''') -class CertificatePolicies(SequenceOf): - _addFragment(''' - <constructor> - <header> - <memberof>CertificatePolicies</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, PolicyInformation, optional, default) - -class DistributionPointName(Choice): - def __init__(self, optional=0, default=''): - fullName = GeneralNames() - fullName.implied( CLASS_CONTEXT, FORM_CONSTRUCTED, 0 ) - nameRelativeToCRLIssuer = RelativeDistinguishedName() - nameRelativeToCRLIssuer.implied( CLASS_CONTEXT, FORM_CONSTRUCTED, 1 ) - - choices = { 'fullName' : fullName, - 'nameRelativeToCRLIssuer ' : nameRelativeToCRLIssuer } - - Choice.__init__(self, choices, optional, default) - -class DistributionPoint(Sequence): - def __init__(self, optional=0, default=''): - self.distributionPoint = DistributionPointName(1) - self.explicitDistributionPoint = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.distributionPoint) - self.reasons = BitString(1) - self.reasons.implied( CLASS_CONTEXT, FORM_PRIMITIVE, 1 ) - self.cRLIssuer = GeneralNames(1) - self.cRLIssuer.implied( CLASS_CONTEXT, FORM_CONSTRUCTED, 2 ) - contents = [self.explicitDistributionPoint, self.reasons, self.cRLIssuer] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>CRLDistrobutionPoints</name> - <super>SequenceOf</super> - </header> - <body> - <example> - <title>Setting <classname>CRLDistrobutionPoints</classname></title> - <programlisting> - n1 = ('directoryName', - ( (( o2i('countryName'), ('printableString', 'UK') ),), - (( o2i('stateOrProvinceName'), ('printableString', 'Herts') ),), - (( o2i('organizationName'), ('printableString', 'The House') ),), - (( o2i('commonName'), ('printableString', 'Shannon Works') ),) ) ) - - n2 = ('iPAddress', POW.pkix.ip42oct(192,168,100,51)) - - data = ( ( ('fullName',(n1, n2)), (1,1,1,1,1), (n1,) ), ) - points = CRLDistrobutionPoints() - points.set( data ) - </programlisting> - </example> - </body> -</class> -''') -class CRLDistributionPoints(SequenceOf): - _addFragment(''' - <constructor> - <header> - <memberof>CRLDistrobutionPoints</memberof> - <parameter>optional=0</parameter> - <parameter>default=''</parameter> - </header> - </constructor> - ''') - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, DistributionPoint, optional, default) - -_addFragment(''' -<class> - <header> - <name>CrlNumber</name> - <super>Integer</super> - </header> -</class> -''') -class CrlNumber(Integer): - pass - -_addFragment(''' -<class> - <header> - <name>DeltaCrlIndicator</name> - <super>Integer</super> - </header> -</class> -''') -class DeltaCrlIndicator(Integer): - pass - -_addFragment(''' -<class> - <header> - <name>InvalidityDate</name> - <super>GeneralizedTime</super> - </header> -</class> -''') -class InvalidityDate(GeneralizedTime): - pass - -_addFragment(''' -<class> - <header> - <name>CrlReason</name> - <super>Enum</super> - </header> -</class> -''') -class CrlReason(Enum): - pass - -_addFragment(''' -<class> - <header> - <name>IPAddressRange</name> - <super>Sequence</super> - </header> -</class> -''') -class IPAddressRange(Sequence): - def __init__(self, optional=0, default=''): - self.min = BitString() - self.max = BitString() - contents = [ self.min, self.max ] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>IPAddressOrRange</name> - <super>Choice</super> - </header> -</class> -''') -class IPAddressOrRange(Choice): - def __init__(self, optional=0, default=''): - choices = { 'addressPrefix' : BitString(), - 'addressRange' : IPAddressRange() } - Choice.__init__(self, choices, optional, default) - -_addFragment(''' -<class> - <header> - <name>IPAddressesOrRanges</name> - <super>SequenceOf</super> - </header> -</class> -''') -class IPAddressesOrRanges(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, IPAddressOrRange, optional, default) - -_addFragment(''' -<class> - <header> - <name>IPAddressChoice</name> - <super>Choice</super> - </header> -</class> -''') -class IPAddressChoice(Choice): - def __init__(self, optional=0, default=''): - choices = { 'inherit' : Null(), - 'addressesOrRanges' : IPAddressesOrRanges() } - Choice.__init__(self, choices, optional, default) - -_addFragment(''' -<class> - <header> - <name>IPAddressFamily</name> - <super>Sequence</super> - </header> -</class> -''') -class IPAddressFamily(Sequence): - def __init__(self, optional=0, default=''): - self.addressFamily = OctetString() - self.ipAddressChoice = IPAddressChoice() - contents = [ self.addressFamily, self.ipAddressChoice ] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>IPAddrBlocks</name> - <super>SequenceOf</super> - </header> - <body> - <para> - Implementation of RFC 3779 section 2.2.3. - </para> - </body> -</class> -''') -class IPAddrBlocks(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, IPAddressFamily, optional, default) - -_addFragment(''' -<class> - <header> - <name>ASRange</name> - <super>Sequence</super> - </header> -</class> -''') -class ASRange(Sequence): - def __init__(self, optional=0, default=''): - self.min = Integer() - self.max = Integer() - contents = [ self.min, self.max ] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>ASIdOrRange</name> - <super>Choice</super> - </header> -</class> -''') -class ASIdOrRange(Choice): - def __init__(self, optional=0, default=''): - choices = { 'id' : Integer(), - 'range' : ASRange() } - Choice.__init__(self, choices, optional, default) - -_addFragment(''' -<class> - <header> - <name>ASIdsOrRanges</name> - <super>SequenceOf</super> - </header> -</class> -''') -class ASIdsOrRanges(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, ASIdOrRange, optional, default) - -_addFragment(''' -<class> - <header> - <name>ASIdentifierChoice</name> - <super>Choice</super> - </header> -</class> -''') -class ASIdentifierChoice(Choice): - def __init__(self, optional=0, default=''): - choices = { 'inherit' : Null(), - 'asIdsOrRanges' : ASIdsOrRanges() } - Choice.__init__(self, choices, optional, default) - -_addFragment(''' -<class> - <header> - <name>ASIdentifiers</name> - <super>Sequence</super> - </header> - <body> - <para> - Implementation of RFC 3779 section 3.2.3. - </para> - </body> -</class> -''') -class ASIdentifiers(Sequence): - def __init__(self, optional=0, default=''): - # - # This is what we -should- be doing - #self.asnum = ASIdentifierChoice() - #self.rdi = ASIdentifierChoice() - #self.explicitAsnum = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.asnum, 1) - #self.explictRdi = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 1, self.rdi, 1) - #contents = [ self.explicitAsnum, self.explictRdi ] - # - # ...but it generates a spurious empty RDI clause, so try this instead - # since we know that we never use RDI anyway. - self.asnum = ASIdentifierChoice() - self.explicitAsnum = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.asnum, 1) - contents = [ self.explicitAsnum ] - # - Sequence.__init__(self, contents, optional, default) - - def set(self, values): - assert len(values) == 1 or (len(values) == 2 and values[1] is None) - Sequence.set(self, (values[0],)) - -_addFragment(''' -<class> - <header> - <name>AccessDescription</name> - <super>Sequence</super> - </header> -</class> -''') -class AccessDescription(Sequence): - def __init__(self, optional=0, default=''): - self.accessMethod = Oid() - self.accessLocation = GeneralName() - contents = [ self.accessMethod, self.accessLocation ] - Sequence.__init__(self, contents, optional, default) - -_addFragment(''' -<class> - <header> - <name>AuthorityInfoAccess</name> - <super>SequenceOf</super> - </header> - <body> - <para> - Implementation of RFC 3280 section 4.2.2.1. - </para> - </body> -</class> -''') -class AuthorityInfoAccess(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, AccessDescription, optional, default) - -_addFragment(''' -<class> - <header> - <name>SubjectInfoAccess</name> - <super>SequenceOf</super> - </header> - <body> - <para> - Implementation of RFC 3280 section 4.2.2.2. - </para> - </body> -</class> -''') -class SubjectInfoAccess(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, AccessDescription, optional, default) - -#---------- X509v3 extensions ----------# - -_addFragment(''' -<class> - <header> - <name>Extension</name> - <super>Sequence</super> - </header> - <body> - <para> - This class is a useful little object. It is set by passing three - values: an oid, an integer(a boolean really) and a value. The - boolean indicates if this extension is critical. The value is - used to set the extension once it has been created. The oid - is used to create the correct object which, to be fully supported it must - be one of these: - <simplelist> - <member><classname>basicConstraints</classname></member> - <member><classname>subjectAltName</classname></member> - <member><classname>issuerAltName</classname></member> - <member><classname>authorityKeyIdentifier</classname></member> - <member><classname>privateKeyUsagePeriod</classname></member> - <member><classname>certificatePolicies</classname></member> - <member><classname>cRLDistributionPoints</classname></member> - <member><classname>subjectKeyIdentifier</classname></member> - <member><classname>keyUsage</classname></member> - <member><classname>crlNumber</classname></member> - <member><classname>deltaCrlIndicator</classname></member> - <member><classname>invalidityDate</classname></member> - <member><classname>crlReason</classname></member> - </simplelist> - </para> - <example> - <title>Setting <classname>Extension</classname></title> - <programlisting> - extn = Extension() - email = ('rfc822Name', 'peter_shannon@yahoo.com') - extn.set( (obj2oid('subjectAltName'),1, (email,)) ) - </programlisting> - </example> - </body> -</class> -''') -class Extension(Sequence): - - classMap = { - (2, 5, 29, 19) : BasicConstraints, - (2, 5, 29, 17) : SubjectAltName, - (2, 5, 29, 18) : IssuerAltName, - (2, 5, 29, 35) : AuthorityKeyIdentifier, - (2, 5, 29, 16) : PrivateKeyUsagePeriod, - (2, 5, 29, 32) : CertificatePolicies, - (2, 5, 29, 31) : CRLDistributionPoints, - (2, 5, 29, 14) : SubjectKeyIdentifier, - (2, 5, 29, 15) : KeyUsage, - (2, 5, 29, 20) : CrlNumber, - (2, 5, 29, 27) : DeltaCrlIndicator, - (2, 5, 29, 24) : InvalidityDate, - (2, 5, 29, 21) : CrlReason, - (1, 3, 6, 1, 5, 5, 7, 1, 1) : AuthorityInfoAccess, - (1, 3, 6, 1, 5, 5, 7, 1, 7) : IPAddrBlocks, - (1, 3, 6, 1, 5, 5, 7, 1, 8) : ASIdentifiers, - (1, 3, 6, 1, 5, 5, 7, 1, 11) : SubjectInfoAccess, - } -# Missing -- fix later -# extendedKeyUsage -# privateKeyUsagePeriod -# policyMappings -# nameConstraints -# policyConstraints -# subjectDirectoryAttributes -# instructionCode -# issuingDistrobutionPoint - - def __init__(self, optional=0, default=''): - self.extnID = Oid() - self.critical = Boolean(0, 'AQEA') - self.extnValue = OctetString() - contents = [self.extnID, self.critical, self.extnValue] - Sequence.__init__(self, contents, optional, default) - - _addFragment(''' - <method> - <header> - <memberof>Extension</memberof> - <name>set</name> - <parameter>values</parameter> - </header> - <body> - <para> - <parameter>values</parameter> should be a sequence of three - values, the oid, critical marker and a value to set the - extension. If an unknown oid is passed to this function it - will raise an exception. <parameter>critical</parameter> is a - boolean. <parameter>value</parameter> will be used to set the - extension after it has been created. - </para> - </body> - </method> - ''') - def set(self, (oid, critical, val) ): - self.extnID.set( oid ) - self.critical.set( critical ) - - extnObj = None - if self.classMap.has_key(oid): - extnObj = self.classMap[oid]() - else: - if not (isinstance(oid, types.TupleType) or isinstance(oid, types.ListType)): - raise DerError, 'the oid should be specified as a sequence of integers' - else: - raise DerError, 'unknown object extension %s' % oid - - try: - extnObj.set( val ) - self.extnValue.set( extnObj.toString() ) - except DerError, e: - raise DerError, 'failed to set %s, with:\n\t%s\nresulting in:\n\t%s' % (oid, val, `e`) - - _addFragment(''' - <method> - <header> - <memberof>Extension</memberof> - <name>get</name> - </header> - <body> - <para> - There are several ways this function might fail to decode an - extension. Firstly if the extension was marked critical but if - the oid cannot be mapped to a class or If a failure occurs decoding the - <constant>extnValue</constant>, an exception will be raised. - If a failure occurred and the extension was not marked critical it - will return a tuple like this: <constant>(oid, critical, - ())</constant>. If no failures occur a tuple will be returned, - containg the oid, critical and extension values. - </para> - </body> - </method> - ''') - def get(self): - oid = self.extnID.get() - critical = self.critical.get() - - if self.classMap.has_key(oid): - extnObj = self.classMap[oid]() - else: - if critical: - raise DerError, 'failed to read critical extension %s' % str(oid) - else: - return (oid, critical, ()) - - try: - extnObj = self.classMap[oid]() - extnObj.fromString(self.extnValue.get()) - value = extnObj.get() - except: - if critical: - raise DerError, 'failed to read critical extension %s' % str(oid) - else: - return (oid, critical, ()) - - return (oid, critical, value) diff --git a/rpkid/rpki/adns.py b/rpkid/rpki/adns.py index a9d04c2a..736d793a 100644 --- a/rpkid/rpki/adns.py +++ b/rpkid/rpki/adns.py @@ -4,7 +4,7 @@ dnspython package. $Id$ -Copyright (C) 2010--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2010--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -34,8 +34,13 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import asyncore, socket, time, sys -import rpki.async, rpki.sundial, rpki.log +import asyncore +import socket +import time +import sys +import rpki.async +import rpki.sundial +import rpki.log try: import dns.resolver, dns.rdatatype, dns.rdataclass, dns.name, dns.message @@ -134,7 +139,7 @@ class query(object): self.qtype = qtype self.qclass = qclass self.start = time.time() - rpki.async.defer(self.go) + rpki.async.event_defer(self.go) def go(self): """ @@ -364,12 +369,12 @@ if __name__ == "__main__": e) if True: - for qtype in (dns.rdatatype.A, dns.rdatatype.AAAA, dns.rdatatype.HINFO): - test_query("subvert-rpki.hactrn.net", qtype) + for t in (dns.rdatatype.A, dns.rdatatype.AAAA, dns.rdatatype.HINFO): + test_query("subvert-rpki.hactrn.net", t) test_query("nonexistant.rpki.net") test_query("subvert-rpki.hactrn.net", qclass = dns.rdataclass.CH) - for host in ("subvert-rpki.hactrn.net", "nonexistant.rpki.net"): - test_getaddrinfo(host) + for h in ("subvert-rpki.hactrn.net", "nonexistant.rpki.net"): + test_getaddrinfo(h) rpki.async.event_loop() diff --git a/rpkid/rpki/async.py b/rpkid/rpki/async.py index 5eaa34f9..aee7770f 100644 --- a/rpkid/rpki/async.py +++ b/rpkid/rpki/async.py @@ -3,7 +3,7 @@ Utilities for event-driven programming. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -18,8 +18,13 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import asyncore, signal, traceback, gc, sys -import rpki.log, rpki.sundial +import asyncore +import signal +import traceback +import gc +import sys +import rpki.log +import rpki.sundial ExitNow = asyncore.ExitNow @@ -40,15 +45,24 @@ class iterator(object): to continue to the next item in the iteration. The termination callback receives no arguments. + + Special case for memory constrained cases: if keyword argument + pop_list is True, iterable must be a list, which is modified in + place, popping items off of it until it's empty. """ - def __init__(self, iterable, item_callback, done_callback, unwind_stack = True): + def __init__(self, iterable, item_callback, done_callback, unwind_stack = True, pop_list = False): + assert not pop_list or isinstance(iterable, list), "iterable must be a list when using pop_list" self.item_callback = item_callback - self.done_callback = done_callback + self.done_callback = done_callback if done_callback is not None else lambda: None self.caller_file, self.caller_line, self.caller_function = traceback.extract_stack(limit = 2)[0][0:3] self.unwind_stack = unwind_stack + self.pop_list = pop_list try: - self.iterator = iter(iterable) + if self.pop_list: + self.iterator = iterable + else: + self.iterator = iter(iterable) except (ExitNow, SystemExit): raise except Exception: @@ -57,13 +71,14 @@ class iterator(object): self.doit() def __repr__(self): - return ("<%s created at %s:%s %s at 0x%x>" % - (self.__class__.__name__, - self.caller_file, self.caller_line, self.caller_function, id(self))) + return rpki.log.log_repr(self, + "created at %s:%s" % (self.caller_file, + self.caller_line), + self.caller_function) def __call__(self): if self.unwind_stack: - defer(self.doit) + event_defer(self.doit) else: self.doit() @@ -73,25 +88,25 @@ class iterator(object): with the next iteration value, call the termination handler if the iterator signaled StopIteration. """ - try: - self.item_callback(self, self.iterator.next()) - except StopIteration: - if self.done_callback is not None: - self.done_callback() -class timer(object): - """ - Timer construct for event-driven code. It can be used in either of two ways: + try: + if self.pop_list: + val = self.iterator.pop(0) + else: + val = self.iterator.next() + except (IndexError, StopIteration): + self.done_callback() + else: + self.item_callback(self, val) - - As a virtual class, in which case the subclass should provide a - handler() method to receive the wakup event when the timer expires; or +## @var timer_queue +# Timer queue. - - By setting an explicit handler callback, either via the - constructor or the set_handler() method. +timer_queue = [] - Subclassing is probably more Pythonic, but setting an explict - handler turns out to be very convenient when combined with bound - methods to other objects. +class timer(object): + """ + Timer construct for event-driven code. """ ## @var gc_debug @@ -102,15 +117,9 @@ class timer(object): # Verbose chatter about timers being run. run_debug = False - ## @var queue - # Timer queue, shared by all timer instances (there can be only one queue). - queue = [] - def __init__(self, handler = None, errback = None): - if handler is not None: - self.set_handler(handler) - if errback is not None: - self.set_errback(errback) + self.set_handler(handler) + self.set_errback(errback) self.when = None if self.gc_debug: self.trace("Creating %r" % self) @@ -135,9 +144,9 @@ class timer(object): else: self.when = when assert isinstance(self.when, rpki.sundial.datetime), "%r: Expecting a datetime, got %r" % (self, self.when) - if self not in self.queue: - self.queue.append(self) - self.queue.sort(key = lambda x: x.when) + if self not in timer_queue: + timer_queue.append(self) + timer_queue.sort(key = lambda x: x.when) def __cmp__(self, other): return cmp(id(self), id(other)) @@ -154,7 +163,7 @@ class timer(object): self.trace("Canceling %r" % self) try: while True: - self.queue.remove(self) + timer_queue.remove(self) except ValueError: pass @@ -162,14 +171,7 @@ class timer(object): """ Test whether this timer is currently set. """ - return self in self.queue - - def handler(self): - """ - Handle a timer that has expired. This must either be overriden by - a subclass or set dynamically by set_handler(). - """ - raise NotImplementedError + return self in timer_queue def set_handler(self, handler): """ @@ -181,13 +183,6 @@ class timer(object): """ self.handler = handler - def errback(self, e): - """ - Error callback. May be overridden, or set with set_errback(). - """ - rpki.log.error("Unhandled exception from timer: %s" % e) - rpki.log.traceback() - def set_errback(self, errback): """ Set a timer's errback. Like set_handler(), for errbacks. @@ -199,17 +194,29 @@ class timer(object): """ Run the timer queue: for each timer whose call time has passed, pull the timer off the queue and call its handler() method. + + Comparisions are made against time at which this function was + called, so that even if new events keep getting scheduled, we'll + return to the I/O loop reasonably quickly. """ - while cls.queue and rpki.sundial.now() >= cls.queue[0].when: - t = cls.queue.pop(0) + now = rpki.sundial.now() + while timer_queue and now >= timer_queue[0].when: + t = timer_queue.pop(0) if cls.run_debug: rpki.log.debug("Running %r" % t) try: - t.handler() + if t.handler is not None: + t.handler() + else: + rpki.log.warn("Timer %r expired with no handler set" % t) except (ExitNow, SystemExit): raise except Exception, e: - t.errback(e) + if t.errback is not None: + t.errback(e) + else: + rpki.log.error("Unhandled exception from timer %r: %s" % (t, e)) + rpki.log.traceback() def __repr__(self): return rpki.log.log_repr(self, self.when, repr(self.handler)) @@ -224,12 +231,12 @@ class timer(object): the same units (argh!), and we're not doing anything that hair-triggered, so rounding up is simplest. """ - if not cls.queue: + if not timer_queue: return None now = rpki.sundial.now() - if now >= cls.queue[0].when: + if now >= timer_queue[0].when: return 0 - delay = cls.queue[0].when - now + delay = timer_queue[0].when - now seconds = delay.convert_to_seconds() if delay.microseconds: seconds += 1 @@ -242,40 +249,32 @@ class timer(object): queue content, but this way we can notify subclasses that provide their own cancel() method. """ - while cls.queue: - cls.queue.pop(0).cancel() - -## @var deferred_queue -# List to hold deferred actions. We used to do this with the timer -# queue, but that appears to confuse the garbage collector, and is -# overengineering for simple deferred actions in any case. - -deferred_queue = [] + while timer_queue: + timer_queue.pop(0).cancel() -def defer(thunk): +def _raiseExitNow(signum, frame): """ - Defer an action until the next pass through the event loop. + Signal handler for event_loop(). """ - deferred_queue.append(thunk) + raise ExitNow -def run_deferred(): +def exit_event_loop(): """ - Run deferred actions. + Force exit from event_loop(). """ - while deferred_queue: - try: - deferred_queue.pop(0)() - except (ExitNow, SystemExit): - raise - except Exception, e: - rpki.log.error("Unhandled exception from deferred action %s: %s" % (e.__class__.__name__, e)) - rpki.log.traceback() + raise ExitNow -def _raiseExitNow(signum, frame): +def event_defer(handler, delay = rpki.sundial.timedelta(seconds = 0)): """ - Signal handler for event_loop(). + Use a near-term (default: zero interval) timer to schedule an event + to run after letting the I/O system have a turn. """ - raise ExitNow + timer(handler).set(delay) + +## @var debug_event_timing +# Enable insanely verbose logging of event timing + +debug_event_timing = False def event_loop(catch_signals = (signal.SIGINT, signal.SIGTERM)): """ @@ -289,10 +288,11 @@ def event_loop(catch_signals = (signal.SIGINT, signal.SIGTERM)): old = signal.signal(sig, _raiseExitNow) if save_sigs: old_signal_handlers[sig] = old - while asyncore.socket_map or deferred_queue or timer.queue: - run_deferred() - asyncore.poll(timer.seconds_until_wakeup(), asyncore.socket_map) - run_deferred() + while asyncore.socket_map or timer_queue: + t = timer.seconds_until_wakeup() + if debug_event_timing: + rpki.log.debug("Dismissing to asyncore.poll(), t = %s, q = %r" % (t, timer_queue)) + asyncore.poll(t, asyncore.socket_map) timer.runq() if timer.gc_debug: gc.collect() @@ -359,10 +359,6 @@ class sync_wrapper(object): def __call__(self, *args, **kwargs): def thunk(): - """ - Deferred action to call the wrapped code once event system is - running. - """ try: self.func(self.cb, self.eb, *args, **kwargs) except ExitNow: @@ -370,7 +366,7 @@ class sync_wrapper(object): except Exception, e: self.eb(e) - defer(thunk) + event_defer(thunk) event_loop() if self.err is None: return self.res @@ -379,20 +375,6 @@ class sync_wrapper(object): else: raise self.err -def exit_event_loop(): - """ - Force exit from event_loop(). - """ - raise ExitNow - -def event_yield(handler, delay = rpki.sundial.timedelta(seconds = 2)): - """ - Use a near-term timer to schedule an event after letting the timer - and I/O systems run. - """ - t = timer(handler) - t.set(delay) - class gc_summary(object): """ Periodic summary of GC state, for tracking down memory bloat. diff --git a/rpkid/rpki/config.py b/rpkid/rpki/config.py index c954ad5f..cc5b6580 100644 --- a/rpkid/rpki/config.py +++ b/rpkid/rpki/config.py @@ -4,7 +4,7 @@ ConfigParser module. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -33,7 +33,9 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import ConfigParser, os, re +import ConfigParser +import os +import re ## @var default_filename # Default name of config file if caller doesn't specify one explictly. @@ -85,6 +87,8 @@ class parser(object): if default_dirname is not None: filenames.append("%s/%s" % (default_dirname, default_filename)) + f = fn = None + for fn in filenames: try: f = open(fn) @@ -128,7 +132,7 @@ class parser(object): section = self.default_section if self.cfg.has_option(section, option): matches.append((-1, self.get(option, section = section))) - for key, value in self.cfg.items(section): + for key in self.cfg.options(section): s = key.rsplit(".", 1) if len(s) == 2 and s[0] == option and s[1].isdigit(): matches.append((int(s[1]), self.get(option, section = section))) @@ -267,6 +271,16 @@ class parser(object): pass try: + rpki.x509.XML_CMS_object.check_inbound_schema = self.getboolean("check_inbound_schema") + except ConfigParser.NoOptionError: + pass + + try: + rpki.x509.XML_CMS_object.check_outbound_schema = self.getboolean("check_outbound_schema") + except ConfigParser.NoOptionError: + pass + + try: rpki.async.gc_summary(self.getint("gc_summary"), self.getint("gc_summary_threshold", 0)) except ConfigParser.NoOptionError: pass @@ -285,3 +299,10 @@ class parser(object): rpki.daemonize.pid_filename = self.get("pid_filename") except ConfigParser.NoOptionError: pass + + try: + rpki.x509.generate_insecure_debug_only_rsa_key = rpki.x509.insecure_debug_only_rsa_key_generator(*self.get("insecure-debug-only-rsa-key-db").split()) + except ConfigParser.NoOptionError: + pass + except: + rpki.log.warn("insecure-debug-only-rsa-key-db configured but initialization failed, check for corrupted database file") diff --git a/rpkid/rpki/csv_utils.py b/rpkid/rpki/csv_utils.py index f7eed414..30d07560 100644 --- a/rpkid/rpki/csv_utils.py +++ b/rpkid/rpki/csv_utils.py @@ -3,7 +3,7 @@ CSV utilities, moved here from myrpki.py. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -68,6 +68,12 @@ class csv_reader(object): fields += tuple(None for i in xrange(self.columns - len(fields))) yield fields + def __enter__(self): + return self + + def __exit__(self, _type, value, traceback): + self.file.close() + class csv_writer(object): """ Writer object for tab delimited text. We just use the stock CSV @@ -83,6 +89,12 @@ class csv_writer(object): self.file = open(self.renmwo, "w") self.writer = csv.writer(self.file, dialect = csv.get_dialect("excel-tab")) + def __enter__(self): + return self + + def __exit__(self, _type, value, traceback): + self.close() + def close(self): """ Close this writer. diff --git a/rpkid/rpki/exceptions.py b/rpkid/rpki/exceptions.py index 68ea3bf6..0f5dbc49 100644 --- a/rpkid/rpki/exceptions.py +++ b/rpkid/rpki/exceptions.py @@ -3,7 +3,7 @@ Exception definitions for RPKI modules. $Id$ -Copyright (C) 2009--2010 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above diff --git a/rpkid/rpki/ghostbuster.py b/rpkid/rpki/ghostbuster.py deleted file mode 100644 index 151a7cd0..00000000 --- a/rpkid/rpki/ghostbuster.py +++ /dev/null @@ -1,26 +0,0 @@ -# $Id$ -""" -Copyright (C) 2011 SPARTA, Inc. dba Cobham Analytic Solutions - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - - - -ASN.1 encoder/decoder for the Ghostbuster record, specified in -draft-ietf-sidr-ghostbusters. -""" - -from rpki.POW._der import * - -class Ghostbuster(OctetString): - pass diff --git a/rpkid/rpki/gui/app/forms.py b/rpkid/rpki/gui/app/forms.py index 80439b00..2166343a 100644 --- a/rpkid/rpki/gui/app/forms.py +++ b/rpkid/rpki/gui/app/forms.py @@ -23,7 +23,7 @@ from rpki.resource_set import (resource_range_as, resource_range_ipv4, from rpki.gui.app import models from rpki.exceptions import BadIPResource from rpki.gui.app.glue import str_to_resource_range -import rpki.ipaddrs +from rpki.POW import IPAddress class AddConfForm(forms.Form): @@ -190,11 +190,7 @@ class ROARequest(forms.Form): """ prefix = self.cleaned_data.get('prefix') if '/' not in prefix: - p = rpki.ipaddrs.parse(prefix) - - # rpki.ipaddrs.parse doesn't return a v?addr object, so can't - # introspect p.bits - bits = 32 if ':' not in prefix else 64 + p = IPAddress(prefix) # determine the first nonzero bit starting from the lsb and # subtract from the address size to find the closest classful @@ -203,7 +199,7 @@ class ROARequest(forms.Form): while (p != 0) and (p & 1) == 0: prefixlen = prefixlen + 1 p = p >> 1 - mask = bits - (8 * (prefixlen / 8)) + mask = p.bits - (8 * (prefixlen / 8)) prefix = prefix + '/' + str(mask) return str_to_resource_range(prefix) diff --git a/rpkid/rpki/gui/app/range_list.py b/rpkid/rpki/gui/app/range_list.py index fcfcfc24..21fd1f29 100755 --- a/rpkid/rpki/gui/app/range_list.py +++ b/rpkid/rpki/gui/app/range_list.py @@ -17,6 +17,7 @@ __version__ = '$Id$' import bisect import unittest + class RangeList(list): """A sorted list of ranges, which automatically merges adjacent ranges. @@ -36,35 +37,39 @@ class RangeList(list): # upper bound j = bisect.bisect_right(keys, v.max, lo=i) - # if the max value for the previous item is greater than v.min, include the previous item in the range to replace - # and use its min value. also include the previous item if the max value is 1 less than the min value for the - # inserted item - if i > 0 and self[i-1].max >= v.min - 1: + # if the max value for the previous item is greater than v.min, include + # the previous item in the range to replace and use its min value. + # also include the previous item if the max value is 1 less than the + # min value for the inserted item + if i > 0 and self[i - 1].max >= v.min - 1: i = i - 1 vmin = self[i].min else: vmin = v.min - # if the max value for the previous item is greater than the max value for the new item, use the previous item's max - if j > 0 and self[j-1].max > v.max: - vmax = self[j-1].max + # if the max value for the previous item is greater than the max value + # for the new item, use the previous item's max + if j > 0 and self[j - 1].max > v.max: + vmax = self[j - 1].max else: vmax = v.max - # if the max value for the new item is 1 less than the min value for the next item, combine into a single item - if j < len(self) and vmax+1 == self[j].min: + # if the max value for the new item is 1 less than the min value for + # the next item, combine into a single item + if j < len(self) and vmax + 1 == self[j].min: vmax = self[j].max - j = j+1 + j = j + 1 # replace the range with a new object covering the entire range - self[i:j] = [v.__class__(min=vmin, max=vmax)] + self[i:j] = [v.__class__(vmin, vmax)] def extend(self, args): for x in args: self.append(x) def difference(self, other): - """Return a RangeList object which contains ranges in this object which are not in "other".""" + """Return a RangeList object which contains ranges in this object which + are not in "other".""" it = iter(other) try: @@ -85,27 +90,30 @@ class RangeList(list): try: while xmin <= x.max: if xmin < cur.min: - r.append(x.__class__(min=V(xmin), - max=V(min(x.max,cur.min-1)))) - xmin = cur.max+1 + r.append(x.__class__(V(xmin), + V(min(x.max, cur.min - 1)))) + xmin = cur.max + 1 elif xmin == cur.min: - xmin = cur.max+1 - else: # xmin > cur.min + xmin = cur.max + 1 + else: # xmin > cur.min if xmin <= cur.max: - xmin = cur.max+1 - else: # xmin > cur.max + xmin = cur.max + 1 + else: # xmin > cur.max cur = it.next() except StopIteration: - r.append(x.__class__(min=V(xmin), max=x.max)) + r.append(x.__class__(V(xmin), x.max)) return r + class TestRangeList(unittest.TestCase): class MinMax(object): - def __init__(self, min, max): - self.min = min - self.max = max + datum_type = int + + def __init__(self, range_min, range_max): + self.min = range_min + self.max = range_max def __str__(self): return '(%d, %d)' % (self.min, self.max) @@ -117,12 +125,12 @@ class TestRangeList(unittest.TestCase): return self.min == other.min and self.max == other.max def setUp(self): - self.v1 = TestRangeList.MinMax(1,2) - self.v2 = TestRangeList.MinMax(4,5) - self.v3 = TestRangeList.MinMax(7,8) - self.v4 = TestRangeList.MinMax(3,4) - self.v5 = TestRangeList.MinMax(2,3) - self.v6 = TestRangeList.MinMax(1,10) + self.v1 = TestRangeList.MinMax(1, 2) + self.v2 = TestRangeList.MinMax(4, 5) + self.v3 = TestRangeList.MinMax(7, 8) + self.v4 = TestRangeList.MinMax(3, 4) + self.v5 = TestRangeList.MinMax(2, 3) + self.v6 = TestRangeList.MinMax(1, 10) def test_empty_append(self): s = RangeList() @@ -161,14 +169,14 @@ class TestRangeList(unittest.TestCase): s.append(self.v1) s.append(self.v5) self.assertTrue(len(s) == 1) - self.assertEqual(s[0], TestRangeList.MinMax(1,3)) + self.assertEqual(s[0], TestRangeList.MinMax(1, 3)) def test_combine_range(self): s = RangeList() s.append(self.v1) s.append(self.v4) self.assertTrue(len(s) == 1) - self.assertEqual(s[0], TestRangeList.MinMax(1,4)) + self.assertEqual(s[0], TestRangeList.MinMax(1, 4)) def test_append_subset(self): s = RangeList() @@ -189,7 +197,7 @@ class TestRangeList(unittest.TestCase): s.append(self.v4) s.append(self.v1) self.assertTrue(len(s) == 1) - self.assertEqual(s[0], TestRangeList.MinMax(1,4)) + self.assertEqual(s[0], TestRangeList.MinMax(1, 4)) def test_append_aggregate(self): s = RangeList() @@ -213,31 +221,31 @@ class TestRangeList(unittest.TestCase): def test_diff_middle(self): s1 = RangeList([self.v6]) s2 = RangeList([self.v3]) - self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(1,6), TestRangeList.MinMax(9, 10)])) + self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(1, 6), TestRangeList.MinMax(9, 10)])) def test_diff_overlap(self): s1 = RangeList([self.v2]) s2 = RangeList([self.v4]) - self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(5,5)])) + self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(5, 5)])) def test_diff_overlap2(self): s1 = RangeList([self.v2]) s2 = RangeList([self.v4]) - self.assertEqual(s2.difference(s1), RangeList([TestRangeList.MinMax(3,3)])) + self.assertEqual(s2.difference(s1), RangeList([TestRangeList.MinMax(3, 3)])) def test_diff_multi(self): - s1 = RangeList([TestRangeList.MinMax(1,2), TestRangeList.MinMax(4,5)]) - s2 = RangeList([TestRangeList.MinMax(4,4)]) - self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(1,2), TestRangeList.MinMax(5,5)])) + s1 = RangeList([TestRangeList.MinMax(1, 2), TestRangeList.MinMax(4, 5)]) + s2 = RangeList([TestRangeList.MinMax(4, 4)]) + self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(1, 2), TestRangeList.MinMax(5, 5)])) def test_diff_multi_overlap(self): - s1 = RangeList([TestRangeList.MinMax(1,2), TestRangeList.MinMax(3,4)]) - s2 = RangeList([TestRangeList.MinMax(2,3)]) + s1 = RangeList([TestRangeList.MinMax(1, 2), TestRangeList.MinMax(3, 4)]) + s2 = RangeList([TestRangeList.MinMax(2, 3)]) self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(1,1), TestRangeList.MinMax(4,4)])) def test_diff_multi_overlap2(self): s1 = RangeList([TestRangeList.MinMax(1,2), TestRangeList.MinMax(3,4), TestRangeList.MinMax(6,7)]) - s2 = RangeList([TestRangeList.MinMax(2,3), TestRangeList.MinMax(6,6)]) + s2 = RangeList([TestRangeList.MinMax(2, 3), TestRangeList.MinMax(6, 6)]) self.assertEqual(s1.difference(s2), RangeList([TestRangeList.MinMax(1,1), TestRangeList.MinMax(4,4), TestRangeList.MinMax(7,7)])) if __name__ == '__main__': diff --git a/rpkid/rpki/gui/app/views.py b/rpkid/rpki/gui/app/views.py index 835bf4a5..6de313e3 100644 --- a/rpkid/rpki/gui/app/views.py +++ b/rpkid/rpki/gui/app/views.py @@ -414,7 +414,7 @@ def child_edit(request, pk): if request.method == 'POST': form = form_class(request.POST, request.FILES) if form.is_valid(): - child.valid_until = sundial.datetime.fromdatetime(form.cleaned_data.get('valid_until')) + child.valid_until = sundial.datetime.from_datetime(form.cleaned_data.get('valid_until')) child.save() # remove AS & prefixes that are not selected in the form models.ChildASN.objects.filter(child=child).exclude(pk__in=form.cleaned_data.get('as_ranges')).delete() diff --git a/rpkid/rpki/gui/cacheview/models.py b/rpkid/rpki/gui/cacheview/models.py index 4be45b5c..f58cca33 100644 --- a/rpkid/rpki/gui/cacheview/models.py +++ b/rpkid/rpki/gui/cacheview/models.py @@ -20,7 +20,6 @@ import time from django.db import models -import rpki.ipaddrs import rpki.resource_set import rpki.gui.models diff --git a/rpkid/rpki/gui/cacheview/views.py b/rpkid/rpki/gui/cacheview/views.py index b75763fa..ffb04136 100644 --- a/rpkid/rpki/gui/cacheview/views.py +++ b/rpkid/rpki/gui/cacheview/views.py @@ -20,7 +20,7 @@ from django.shortcuts import get_object_or_404, redirect from rpki.gui.cacheview import models, forms, misc from rpki.gui.app.views import render from rpki.resource_set import resource_range_as -from rpki.ipaddrs import v4addr, v6addr +from rpki.POW import IPAddress # Create your views here. @@ -133,11 +133,7 @@ def query_view(request): prefix_list = [] for roa in roas: for pfx in roa.prefixes.all(): - if pfx.family == 4: - addr = v4addr(pfx.prefix.encode()) - elif pfx.family == 6: - addr = v6addr(pfx.prefix.encode()) - + addr = IPAddress(pfx.prefix.encode()) prefix_list.append((pfx, roa, addr)) prefix_list.sort(cmp=cmp_prefix) diff --git a/rpkid/rpki/gui/models.py b/rpkid/rpki/gui/models.py index 30879e44..0ea0924b 100644 --- a/rpkid/rpki/gui/models.py +++ b/rpkid/rpki/gui/models.py @@ -18,12 +18,10 @@ Common classes for reuse in apps. __version__ = '$Id$' -import struct - from django.db import models import rpki.resource_set -import rpki.ipaddrs +import rpki.POW from south.modelsinspector import add_introspection_rules @@ -36,17 +34,16 @@ class IPv6AddressField(models.Field): return 'binary(16)' def to_python(self, value): - if isinstance(value, rpki.ipaddrs.v6addr): + if isinstance(value, rpki.POW.IPAddress): return value - x = struct.unpack('!QQ', value) - return rpki.ipaddrs.v6addr((x[0] << 64) | x[1]) + return rpki.POW.IPAddress.fromBytes(value) def get_db_prep_value(self, value, connection, prepared): - return struct.pack('!QQ', (long(value) >> 64) & 0xFFFFFFFFFFFFFFFFL, long(value) & 0xFFFFFFFFFFFFFFFFL) + return value.toBytes() class IPv4AddressField(models.Field): - "Wrapper around rpki.ipaddrs.v4addr." + "Wrapper around rpki.POW.IPAddress." __metaclass__ = models.SubfieldBase @@ -54,9 +51,9 @@ class IPv4AddressField(models.Field): return 'int UNSIGNED' def to_python(self, value): - if isinstance(value, rpki.ipaddrs.v4addr): + if isinstance(value, rpki.POW.IPAddress): return value - return rpki.ipaddrs.v4addr(value) + return rpki.POW.IPAddress(value, version=4) def get_db_prep_value(self, value, connection, prepared): return long(value) @@ -97,10 +94,11 @@ class Prefix(models.Model): class Meta: abstract = True - + # default sort order reflects what "sh ip bgp" outputs ordering = ('prefix_min',) + class PrefixV4(Prefix): "IPv4 Prefix." @@ -112,6 +110,7 @@ class PrefixV4(Prefix): class Meta(Prefix.Meta): abstract = True + class PrefixV6(Prefix): "IPv6 Prefix." @@ -123,6 +122,7 @@ class PrefixV6(Prefix): class Meta(Prefix.Meta): abstract = True + class ASN(models.Model): """Represents a range of ASNs. diff --git a/rpkid/rpki/http.py b/rpkid/rpki/http.py index 244a9305..c3eae1fe 100644 --- a/rpkid/rpki/http.py +++ b/rpkid/rpki/http.py @@ -3,7 +3,7 @@ HTTP utilities, both client and server. $Id$ -Copyright (C) 2009-2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -82,11 +82,6 @@ enable_ipv6_servers = True # far too much of the world. enable_ipv6_clients = False -## @var use_adns -# Whether to use rpki.adns code. This is still experimental, so it's -# not (yet) enabled by default. -use_adns = False - ## @var have_ipv6 # Whether the current machine claims to support IPv6. Note that just # because the kernel supports it doesn't mean that the machine has @@ -95,6 +90,7 @@ use_adns = False # SRI-NIC.ARPA?" seems a bit dated...). Don't set this, it's set # automatically by probing using the socket() system call at runtime. try: + # pylint: disable=W0702,W0104 socket.socket(socket.AF_INET6).close() socket.IPPROTO_IPV6 socket.IPV6_V6ONLY @@ -103,6 +99,16 @@ except: else: have_ipv6 = True +## @var use_adns + +# Whether to use rpki.adns code. This is still experimental, so it's +# not (yet) enabled by default. +use_adns = False +try: + import rpki.adns +except ImportError: + pass + def supported_address_families(enable_ipv6): """ IP address families on which servers should listen, and to consider @@ -590,7 +596,7 @@ class http_listener(asyncore.dispatcher): asyncore.dispatcher.__init__(self) self.handlers = handlers try: - af, socktype, proto, canonname, sockaddr = addrinfo + af, socktype, proto, canonname, sockaddr = addrinfo # pylint: disable=W0612 self.create_socket(af, socktype) self.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: @@ -614,8 +620,8 @@ class http_listener(asyncore.dispatcher): stream for it and pass along all of our handler data. """ try: - s, client = self.accept() - self.log("Accepting connection from %s" % addr_to_string(client)) + s, c = self.accept() + self.log("Accepting connection from %s" % addr_to_string(c)) http_server(sock = s, handlers = self.handlers) except (rpki.async.ExitNow, SystemExit): raise @@ -669,7 +675,6 @@ class http_client(http_stream): self.log("Bypassing DNS for localhost") self.gotaddrinfo(localhost_addrinfo()) else: - import rpki.adns # This should move to start of file once we've decided to inflict it on all users families = supported_address_families(enable_ipv6_clients) self.log("Starting ADNS lookup for %s in families %r" % (self.host, families)) rpki.adns.getaddrinfo(self.gotaddrinfo, self.dns_error, self.host, families) @@ -804,7 +809,7 @@ class http_client(http_stream): if bad: try: raise rpki.exceptions.HTTPTimeout - except: + except: # pylint: disable=W0702 self.handle_error() else: self.queue.detach(self) @@ -829,7 +834,7 @@ class http_queue(object): log = log_method def __repr__(self): - return rpki.log.log_repr(self, "%s" % addr_to_string(self.hostport)) + return rpki.log.log_repr(self, addr_to_string(self.hostport)) def __init__(self, hostport): self.hostport = hostport @@ -886,7 +891,7 @@ class http_queue(object): self.log("Detaching client %r" % client_) self.client = None - def return_result(self, client, result, detach = False): + def return_result(self, client, result, detach = False): # pylint: disable=W0621 """ Client stream has returned a result, which we need to pass along to the original caller. Result may be either an HTTP response @@ -985,7 +990,7 @@ def client(msg, url, callback, errback): if debug_http: rpki.log.debug("Scheduling connection startup for %r" % request) - rpki.async.defer(client_queues[hostport].restart) + rpki.async.event_defer(client_queues[hostport].restart) def server(handlers, port, host = ""): """ diff --git a/rpkid/rpki/ipaddrs.py b/rpkid/rpki/ipaddrs.py index a192f92b..d096e1d4 100644 --- a/rpkid/rpki/ipaddrs.py +++ b/rpkid/rpki/ipaddrs.py @@ -13,7 +13,7 @@ once, here, thus avoiding a lot of duplicate code elsewhere. $Id$ -Copyright (C) 2009 Internet Systems Consortium ("ISC") +Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -52,6 +52,7 @@ class v4addr(long): """ bits = 32 + ipversion = 4 def __new__(cls, x): """ @@ -91,6 +92,7 @@ class v6addr(long): """ bits = 128 + ipversion = 6 def __new__(cls, x): """ diff --git a/rpkid/rpki/irdb/__init__.py b/rpkid/rpki/irdb/__init__.py index 3eb6fab7..64c9ee6c 100644 --- a/rpkid/rpki/irdb/__init__.py +++ b/rpkid/rpki/irdb/__init__.py @@ -4,7 +4,7 @@ Python package, so humor it. $Id$ -Copyright (C) 2011 Internet Systems Consortium ("ISC") +Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -19,5 +19,8 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ +# pylint: disable=W0401 + from rpki.irdb.models import * from rpki.irdb.zookeeper import Zookeeper +from rpki.irdb.router import DBContextRouter, database diff --git a/rpkid/rpki/irdb/models.py b/rpkid/rpki/irdb/models.py index 010ba635..1d3d70de 100644 --- a/rpkid/rpki/irdb/models.py +++ b/rpkid/rpki/irdb/models.py @@ -7,7 +7,7 @@ Django GUI code, so be careful. $Id$ -Copyright (C) 2011 Internet Systems Consortium ("ISC") +Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -22,12 +22,14 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ +# pylint: disable=W0232 + import django.db.models import rpki.x509 import rpki.sundial import rpki.resource_set -import rpki.ipaddrs import socket +import rpki.POW from south.modelsinspector import add_introspection_rules ## @var ip_version_choices @@ -65,7 +67,6 @@ class HandleField(django.db.models.CharField): kwargs["max_length"] = 120 django.db.models.CharField.__init__(self, *args, **kwargs) - class EnumField(django.db.models.PositiveSmallIntegerField): """ An enumeration type that uses strings in Python and small integers @@ -99,14 +100,14 @@ class SundialField(django.db.models.DateTimeField): def to_python(self, value): if isinstance(value, rpki.sundial.pydatetime.datetime): - return rpki.sundial.datetime.fromdatetime( + return rpki.sundial.datetime.from_datetime( django.db.models.DateTimeField.to_python(self, value)) else: return value def get_prep_value(self, value): if isinstance(value, rpki.sundial.datetime): - return value.to_sql() + return value.to_datetime() else: return value @@ -297,7 +298,7 @@ class CA(django.db.models.Model): return result def revoke(self, cert): - Revocations.objects.create( + Revocation.objects.create( issuer = self, revoked = rpki.sundial.now(), serial = cert.certificate.getSerial(), @@ -308,8 +309,7 @@ class CA(django.db.models.Model): def generate_crl(self): now = rpki.sundial.now() self.revocations.filter(expires__lt = now).delete() - revoked = [(r.serial, rpki.sundial.datetime.fromdatetime(r.revoked).toASN1tuple(), ()) - for r in self.revocations.all()] + revoked = [(r.serial, r.revoked) for r in self.revocations.all()] self.latest_crl = rpki.x509.CRL.generate( keypair = self.private_key, issuer = self.certificate, @@ -332,7 +332,7 @@ class ServerCA(CA): if self.certificate is not None: return self.certificate.getSubject() else: - return rpki.x509.X501DN("%s BPKI server CA" % socket.gethostname()) + return rpki.x509.X501DN.from_cn("%s BPKI server CA" % socket.gethostname()) class ResourceHolderCA(CA): handle = HandleField(unique = True) @@ -346,7 +346,7 @@ class ResourceHolderCA(CA): if self.certificate is not None: return self.certificate.getSubject() else: - return rpki.x509.X501DN("%s BPKI resource CA" % self.handle) + return rpki.x509.X501DN.from_cn("%s BPKI resource CA" % self.handle) class Certificate(django.db.models.Model): @@ -435,7 +435,8 @@ class ServerEE(EECertificate): @property def subject_name(self): - return rpki.x509.X501DN("%s BPKI %s EE" % (socket.gethostname(), self.get_purpose_display())) + return rpki.x509.X501DN.from_cn("%s BPKI %s EE" % (socket.gethostname(), + self.get_purpose_display())) class Referral(EECertificate): issuer = django.db.models.OneToOneField(ResourceHolderCA, related_name = "referral_certificate") @@ -443,7 +444,7 @@ class Referral(EECertificate): @property def subject_name(self): - return rpki.x509.X501DN("%s BPKI Referral EE" % self.issuer.handle) + return rpki.x509.X501DN.from_cn("%s BPKI Referral EE" % self.issuer.handle) class Turtle(django.db.models.Model): service_uri = django.db.models.CharField(max_length = 255) @@ -454,7 +455,7 @@ class Rootd(EECertificate, Turtle): @property def subject_name(self): - return rpki.x509.X501DN("%s BPKI rootd EE" % self.issuer.handle) + return rpki.x509.X501DN.from_cn("%s BPKI rootd EE" % self.issuer.handle) class BSC(Certificate): issuer = django.db.models.ForeignKey(ResourceHolderCA, related_name = "bscs") @@ -478,12 +479,22 @@ class Child(CrossCertification): @property def resource_bag(self): + child_asn = rpki.irdb.ChildASN.objects.raw(""" + SELECT * + FROM irdb_childasn + WHERE child_id = %s + """, [self.id]) + child_net = list(rpki.irdb.ChildNet.objects.raw(""" + SELECT * + FROM irdb_childnet + WHERE child_id = %s + """, [self.id])) asns = rpki.resource_set.resource_set_as.from_django( - (a.start_as, a.end_as) for a in self.asns.all()) + (a.start_as, a.end_as) for a in child_asn) ipv4 = rpki.resource_set.resource_set_ipv4.from_django( - (a.start_ip, a.end_ip) for a in self.address_ranges.filter(version = 'IPv4')) + (a.start_ip, a.end_ip) for a in child_net if a.version == "IPv4") ipv6 = rpki.resource_set.resource_set_ipv6.from_django( - (a.start_ip, a.end_ip) for a in self.address_ranges.filter(version = 'IPv6')) + (a.start_ip, a.end_ip) for a in child_net if a.version == "IPv6") return rpki.resource_set.resource_bag( valid_until = self.valid_until, asn = asns, v4 = ipv4, v6 = ipv6) @@ -556,9 +567,9 @@ class ROARequestPrefix(django.db.models.Model): def as_roa_prefix(self): if self.version == 'IPv4': - return rpki.resource_set.roa_prefix_ipv4(rpki.ipaddrs.v4addr(self.prefix), self.prefixlen, self.max_prefixlen) + return rpki.resource_set.roa_prefix_ipv4(rpki.POW.IPAddress(self.prefix), self.prefixlen, self.max_prefixlen) else: - return rpki.resource_set.roa_prefix_ipv6(rpki.ipaddrs.v6addr(self.prefix), self.prefixlen, self.max_prefixlen) + return rpki.resource_set.roa_prefix_ipv6(rpki.POW.IPAddress(self.prefix), self.prefixlen, self.max_prefixlen) def as_resource_range(self): return self.as_roa_prefix().to_resource_range() @@ -591,7 +602,6 @@ class Client(CrossCertification): class Meta: unique_together = ("issuer", "handle") - # for Django South -- these are just simple subclasses add_introspection_rules([], ('^rpki\.irdb\.models\.CertificateField', diff --git a/rpkid/rpki/irdb/router.py b/rpkid/rpki/irdb/router.py new file mode 100644 index 00000000..fad78b36 --- /dev/null +++ b/rpkid/rpki/irdb/router.py @@ -0,0 +1,95 @@ +""" +Django-style "Database router". + +For most programs, you don't need this. Django's normal mode of +behavior is to use a single SQL database for the IRDB, which is +normally what we want. For certain test scenarios, however, it's +useful to be able to use the same Django ORM models and managers with +multiple databases without having to complicate the interface by +passing database names everywhere. Using a database router +accomplishes this. + +$Id$ + +Copyright (C) 2012 Internet Systems Consortium ("ISC") + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +""" + +class DBContextRouter(object): + """ + A Django database router for use with multiple IRDBs. + + This router is designed to work in conjunction with the + rpki.irdb.database context handler (q.v.). + """ + + _app = "irdb" + + _database = None + + def db_for_read(self, model, **hints): + if model._meta.app_label == self._app: + return self._database + else: + return None + + def db_for_write(self, model, **hints): + if model._meta.app_label == self._app: + return self._database + else: + return None + + def allow_relation(self, obj1, obj2, **hints): + if self._database is None: + return None + elif obj1._meta.app_label == self._app and obj2._meta.app_label == self._app: + return True + else: + return None + + def allow_syncdb(self, db, model): + if db == self._database and model._meta.app_label == self._app: + return True + else: + return None + +class database(object): + """ + Context manager for use with DBContextRouter. Use thusly: + + with rpki.irdb.database("blarg"): + do_stuff() + + This binds IRDB operations to database blarg for the duration of + the call to do_stuff(), then restores the prior state. + """ + + def __init__(self, name, on_entry = None, on_exit = None): + if not isinstance(name, str): + raise ValueError("database name must be a string, not %r" % name) + self.name = name + self.on_entry = on_entry + self.on_exit = on_exit + + def __enter__(self): + if self.on_entry is not None: + self.on_entry() + self.former = DBContextRouter._database + DBContextRouter._database = self.name + + def __exit__(self, _type, value, traceback): + assert DBContextRouter._database is self.name + DBContextRouter._database = self.former + if self.on_exit is not None: + self.on_exit() diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py index 19bd55f7..9747bb30 100644 --- a/rpkid/rpki/irdb/zookeeper.py +++ b/rpkid/rpki/irdb/zookeeper.py @@ -18,17 +18,10 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import subprocess -import csv -import re +# pylint: disable=W0612 + import os -import getopt -import sys -import base64 -import time -import glob import copy -import warnings import rpki.config import rpki.cli import rpki.sundial @@ -45,10 +38,9 @@ import rpki.irdb import django.db.transaction from lxml.etree import (Element, SubElement, ElementTree, - fromstring as ElementFromString, - tostring as ElementToString) + tostring as ElementToString) -from rpki.csv_utils import (csv_reader, csv_writer, BadCSVSyntax) +from rpki.csv_utils import csv_reader @@ -96,24 +88,34 @@ class PEM_writer(object): """ Write PEM files to disk, keeping track of which ones we've already written and setting the file mode appropriately. + + Comparing the old file with what we're about to write serves no real + purpose except to calm users who find repeated messages about + writing the same file confusing. """ def __init__(self, logstream = None): self.wrote = set() self.logstream = logstream - def __call__(self, filename, obj): + def __call__(self, filename, obj, compare = True): filename = os.path.realpath(filename) if filename in self.wrote: return tempname = filename + pem = obj.get_PEM() if not filename.startswith("/dev/"): + try: + if compare and pem == open(filename, "r").read(): + return + except: # pylint: disable=W0702 + pass tempname += ".%s.tmp" % os.getpid() mode = 0400 if filename.endswith(".key") else 0444 if self.logstream is not None: self.logstream.write("Writing %s\n" % filename) f = os.fdopen(os.open(tempname, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, mode), "w") - f.write(obj.get_PEM()) + f.write(pem) f.close() if tempname != filename: os.rename(tempname, filename) @@ -174,6 +176,11 @@ class etree_wrapper(object): if self.msg is not None: logstream.write(self.msg + "\n") + @property + def file(self): + from cStringIO import StringIO + return StringIO(ElementToString(self.etree)) + class Zookeeper(object): @@ -218,7 +225,7 @@ class Zookeeper(object): if handle is None: raise MissingHandle - self.handle= handle + self.handle = handle def set_logstream(self, logstream): @@ -514,7 +521,7 @@ class Zookeeper(object): try: self.resource_ca.children.get(handle = child_handle).delete() except rpki.irdb.Child.DoesNotExist: - self.log("No such child \"%s\"" % arg) + self.log("No such child \"%s\"" % child_handle) @django.db.transaction.commit_on_success @@ -590,7 +597,7 @@ class Zookeeper(object): try: self.resource_ca.parents.get(handle = parent_handle).delete() except rpki.irdb.Parent.DoesNotExist: - self.log("No such parent \"%s\"" % arg) + self.log("No such parent \"%s\"" % parent_handle) @django.db.transaction.commit_on_success @@ -709,7 +716,7 @@ class Zookeeper(object): try: self.server_ca.clients.get(handle = client_handle).delete() except rpki.irdb.Client.DoesNotExist: - self.log("No such client \"%s\"" % arg) + self.log("No such client \"%s\"" % client_handle) @django.db.transaction.commit_on_success @@ -758,9 +765,9 @@ class Zookeeper(object): assert repository_handle is not None try: - self.resource_ca.repositories.get(handle = arg).delete() + self.resource_ca.repositories.get(handle = repository_handle).delete() except rpki.irdb.Repository.DoesNotExist: - self.log("No such repository \"%s\"" % arg) + self.log("No such repository \"%s\"" % repository_handle) @django.db.transaction.commit_on_success @@ -1062,11 +1069,63 @@ class Zookeeper(object): def synchronize(self, *handles_to_poke): """ Configure RPKI daemons with the data built up by the other - commands in this program. Most commands which modify the IRDB - should call this when they're done. + commands in this program. Commands which modify the IRDB and want + to whack everything into sync should call this when they're done, + but be warned that this can be slow with a lot of CAs. + + Any arguments given are handles of CAs which should be poked with a + <self run_now="yes"/> operation. + """ + + for ca in rpki.irdb.ResourceHolderCA.objects.all(): + self.synchronize_rpkid_one_ca_core(ca, ca.handle in handles_to_poke) + self.synchronize_pubd_core() + self.synchronize_rpkid_deleted_core() + + + @django.db.transaction.commit_on_success + def synchronize_ca(self, ca = None, poke = False): + """ + Synchronize one CA. Most commands which modify a CA should call + this. CA to synchronize defaults to the current resource CA. + """ + + if ca is None: + ca = self.resource_ca + self.synchronize_rpkid_one_ca_core(ca, poke) + + + @django.db.transaction.commit_on_success + def synchronize_deleted_ca(self): + """ + Delete CAs which are present in rpkid's database but not in the + IRDB. + """ + + self.synchronize_rpkid_deleted_core() + + + @django.db.transaction.commit_on_success + def synchronize_pubd(self): + """ + Synchronize pubd. Most commands which modify pubd should call this. + """ - Any arguments given are handles to be sent to rpkid at the end of - the synchronization run with a <self run_now="yes"/> operation. + self.synchronize_pubd_core() + + + def synchronize_rpkid_one_ca_core(self, ca, poke = False): + """ + Synchronize one CA. This is the core synchronization code. Don't + call this directly, instead call one of the methods that calls + this inside a Django commit wrapper. + + This method configures rpkid with data built up by the other + commands in this program. Most commands which modify IRDB values + related to rpkid should call this when they're done. + + If poke is True, we append a left-right run_now operation for this + CA to the end of whatever other commands this method generates. """ # We can use a single BSC for everything -- except BSC key @@ -1082,258 +1141,285 @@ class Zookeeper(object): self_regen_margin = self.cfg.getint("self_regen_margin", self_crl_interval / 4, section = myrpki_section) - # Make sure that pubd's BPKI CRL is up to date. + # See what rpkid already has on file for this entity. - if self.run_pubd: - self.call_pubd(rpki.publication.config_elt.make_pdu( - action = "set", - bpki_crl = self.server_ca.latest_crl)) + rpkid_reply = self.call_rpkid( + rpki.left_right.self_elt.make_pdu( action = "get", tag = "self", self_handle = ca.handle), + rpki.left_right.bsc_elt.make_pdu( action = "list", tag = "bsc", self_handle = ca.handle), + rpki.left_right.repository_elt.make_pdu(action = "list", tag = "repository", self_handle = ca.handle), + rpki.left_right.parent_elt.make_pdu( action = "list", tag = "parent", self_handle = ca.handle), + rpki.left_right.child_elt.make_pdu( action = "list", tag = "child", self_handle = ca.handle)) - for ca in rpki.irdb.ResourceHolderCA.objects.all(): + self_pdu = rpkid_reply[0] + bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) + repository_pdus = dict((x.repository_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.repository_elt)) + parent_pdus = dict((x.parent_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.parent_elt)) + child_pdus = dict((x.child_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.child_elt)) - # See what rpkid and pubd already have on file for this entity. - - if self.run_pubd: - pubd_reply = self.call_pubd(rpki.publication.client_elt.make_pdu(action = "list")) - client_pdus = dict((x.client_handle, x) for x in pubd_reply if isinstance(x, rpki.publication.client_elt)) - - rpkid_reply = self.call_rpkid( - rpki.left_right.self_elt.make_pdu( action = "get", tag = "self", self_handle = ca.handle), - rpki.left_right.bsc_elt.make_pdu( action = "list", tag = "bsc", self_handle = ca.handle), - rpki.left_right.repository_elt.make_pdu(action = "list", tag = "repository", self_handle = ca.handle), - rpki.left_right.parent_elt.make_pdu( action = "list", tag = "parent", self_handle = ca.handle), - rpki.left_right.child_elt.make_pdu( action = "list", tag = "child", self_handle = ca.handle)) - - self_pdu = rpkid_reply[0] - bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) - repository_pdus = dict((x.repository_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.repository_elt)) - parent_pdus = dict((x.parent_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.parent_elt)) - child_pdus = dict((x.child_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.child_elt)) - - pubd_query = [] - rpkid_query = [] - - self_cert, created = rpki.irdb.HostedCA.objects.get_or_certify( - issuer = self.server_ca, - hosted = ca) - - # There should be exactly one <self/> object per hosted entity, by definition - - if (isinstance(self_pdu, rpki.left_right.report_error_elt) or - self_pdu.crl_interval != self_crl_interval or - self_pdu.regen_margin != self_regen_margin or - self_pdu.bpki_cert != self_cert.certificate): - rpkid_query.append(rpki.left_right.self_elt.make_pdu( - action = "create" if isinstance(self_pdu, rpki.left_right.report_error_elt) else "set", - tag = "self", - self_handle = ca.handle, - bpki_cert = ca.certificate, - crl_interval = self_crl_interval, - regen_margin = self_regen_margin)) + rpkid_query = [] + + self_cert, created = rpki.irdb.HostedCA.objects.get_or_certify( + issuer = self.server_ca, + hosted = ca) + + # There should be exactly one <self/> object per hosted entity, by definition + + if (isinstance(self_pdu, rpki.left_right.report_error_elt) or + self_pdu.crl_interval != self_crl_interval or + self_pdu.regen_margin != self_regen_margin or + self_pdu.bpki_cert != self_cert.certificate): + rpkid_query.append(rpki.left_right.self_elt.make_pdu( + action = "create" if isinstance(self_pdu, rpki.left_right.report_error_elt) else "set", + tag = "self", + self_handle = ca.handle, + bpki_cert = ca.certificate, + crl_interval = self_crl_interval, + regen_margin = self_regen_margin)) + + # In general we only need one <bsc/> per <self/>. BSC objects + # are a little unusual in that the keypair and PKCS #10 + # subelement is generated by rpkid, so complete setup requires + # two round trips. + + bsc_pdu = bsc_pdus.pop(bsc_handle, None) + + if bsc_pdu is None: + rpkid_query.append(rpki.left_right.bsc_elt.make_pdu( + action = "create", + tag = "bsc", + self_handle = ca.handle, + bsc_handle = bsc_handle, + generate_keypair = "yes")) + + elif bsc_pdu.pkcs10_request is None: + rpkid_query.append(rpki.left_right.bsc_elt.make_pdu( + action = "set", + tag = "bsc", + self_handle = ca.handle, + bsc_handle = bsc_handle, + generate_keypair = "yes")) + + rpkid_query.extend(rpki.left_right.bsc_elt.make_pdu( + action = "destroy", self_handle = ca.handle, bsc_handle = b) for b in bsc_pdus) - # In general we only need one <bsc/> per <self/>. BSC objects - # are a little unusual in that the keypair and PKCS #10 - # subelement is generated by rpkid, so complete setup requires - # two round trips. + # If we've already got actions queued up, run them now, so we + # can finish setting up the BSC before anything tries to use it. + if rpkid_query: + rpkid_query.append(rpki.left_right.bsc_elt.make_pdu(action = "list", tag = "bsc", self_handle = ca.handle)) + rpkid_reply = self.call_rpkid(*rpkid_query) + bsc_pdus = dict((x.bsc_handle, x) + for x in rpkid_reply + if isinstance(x, rpki.left_right.bsc_elt) and x.action == "list") bsc_pdu = bsc_pdus.pop(bsc_handle, None) + self.check_error_report(rpkid_reply) + + rpkid_query = [] - if bsc_pdu is None: - rpkid_query.append(rpki.left_right.bsc_elt.make_pdu( - action = "create", - tag = "bsc", + assert bsc_pdu.pkcs10_request is not None + + bsc, created = rpki.irdb.BSC.objects.get_or_certify( + issuer = ca, + handle = bsc_handle, + pkcs10 = bsc_pdu.pkcs10_request) + + if bsc_pdu.signing_cert != bsc.certificate or bsc_pdu.signing_cert_crl != ca.latest_crl: + rpkid_query.append(rpki.left_right.bsc_elt.make_pdu( + action = "set", + tag = "bsc", + self_handle = ca.handle, + bsc_handle = bsc_handle, + signing_cert = bsc.certificate, + signing_cert_crl = ca.latest_crl)) + + # At present we need one <repository/> per <parent/>, not because + # rpkid requires that, but because pubd does. pubd probably should + # be fixed to support a single client allowed to update multiple + # trees, but for the moment the easiest way forward is just to + # enforce a 1:1 mapping between <parent/> and <repository/> objects + + for repository in ca.repositories.all(): + + repository_pdu = repository_pdus.pop(repository.handle, None) + + if (repository_pdu is None or + repository_pdu.bsc_handle != bsc_handle or + repository_pdu.peer_contact_uri != repository.service_uri or + repository_pdu.bpki_cert != repository.certificate): + rpkid_query.append(rpki.left_right.repository_elt.make_pdu( + action = "create" if repository_pdu is None else "set", + tag = repository.handle, self_handle = ca.handle, + repository_handle = repository.handle, bsc_handle = bsc_handle, - generate_keypair = "yes")) - - elif bsc_pdu.pkcs10_request is None: - rpkid_query.append(rpki.left_right.bsc_elt.make_pdu( - action = "set", - tag = "bsc", + peer_contact_uri = repository.service_uri, + bpki_cert = repository.certificate)) + + rpkid_query.extend(rpki.left_right.repository_elt.make_pdu( + action = "destroy", self_handle = ca.handle, repository_handle = r) for r in repository_pdus) + + # <parent/> setup code currently assumes 1:1 mapping between + # <repository/> and <parent/>, and further assumes that the handles + # for an associated pair are the identical (that is: + # parent.repository_handle == parent.parent_handle). + + for parent in ca.parents.all(): + + parent_pdu = parent_pdus.pop(parent.handle, None) + + if (parent_pdu is None or + parent_pdu.bsc_handle != bsc_handle or + parent_pdu.repository_handle != parent.handle or + parent_pdu.peer_contact_uri != parent.service_uri or + parent_pdu.sia_base != parent.repository.sia_base or + parent_pdu.sender_name != parent.child_handle or + parent_pdu.recipient_name != parent.parent_handle or + parent_pdu.bpki_cms_cert != parent.certificate): + rpkid_query.append(rpki.left_right.parent_elt.make_pdu( + action = "create" if parent_pdu is None else "set", + tag = parent.handle, self_handle = ca.handle, + parent_handle = parent.handle, bsc_handle = bsc_handle, - generate_keypair = "yes")) + repository_handle = parent.handle, + peer_contact_uri = parent.service_uri, + sia_base = parent.repository.sia_base, + sender_name = parent.child_handle, + recipient_name = parent.parent_handle, + bpki_cms_cert = parent.certificate)) - rpkid_query.extend(rpki.left_right.bsc_elt.make_pdu( - action = "destroy", self_handle = ca.handle, bsc_handle = b) for b in bsc_pdus) + try: - # If we've already got actions queued up, run them now, so we - # can finish setting up the BSC before anything tries to use it. + parent_pdu = parent_pdus.pop(ca.handle, None) + + if (parent_pdu is None or + parent_pdu.bsc_handle != bsc_handle or + parent_pdu.repository_handle != ca.handle or + parent_pdu.peer_contact_uri != ca.rootd.service_uri or + parent_pdu.sia_base != ca.rootd.repository.sia_base or + parent_pdu.sender_name != ca.handle or + parent_pdu.recipient_name != ca.handle or + parent_pdu.bpki_cms_cert != ca.rootd.certificate): + rpkid_query.append(rpki.left_right.parent_elt.make_pdu( + action = "create" if parent_pdu is None else "set", + tag = ca.handle, + self_handle = ca.handle, + parent_handle = ca.handle, + bsc_handle = bsc_handle, + repository_handle = ca.handle, + peer_contact_uri = ca.rootd.service_uri, + sia_base = ca.rootd.repository.sia_base, + sender_name = ca.handle, + recipient_name = ca.handle, + bpki_cms_cert = ca.rootd.certificate)) + + except rpki.irdb.Rootd.DoesNotExist: + pass - if rpkid_query: - rpkid_query.append(rpki.left_right.bsc_elt.make_pdu(action = "list", tag = "bsc", self_handle = ca.handle)) - rpkid_reply = self.call_rpkid(*rpkid_query) - bsc_pdus = dict((x.bsc_handle, x) - for x in rpkid_reply - if isinstance(x, rpki.left_right.bsc_elt) and x.action == "list") - bsc_pdu = bsc_pdus.pop(bsc_handle, None) - self.check_error_report(rpkid_reply) + rpkid_query.extend(rpki.left_right.parent_elt.make_pdu( + action = "destroy", self_handle = ca.handle, parent_handle = p) for p in parent_pdus) - rpkid_query = [] + # Children are simpler than parents, because they call us, so no URL + # to construct and figuring out what certificate to use is their + # problem, not ours. - assert bsc_pdu.pkcs10_request is not None + for child in ca.children.all(): - bsc, created = rpki.irdb.BSC.objects.get_or_certify( - issuer = ca, - handle = bsc_handle, - pkcs10 = bsc_pdu.pkcs10_request) + child_pdu = child_pdus.pop(child.handle, None) - if bsc_pdu.signing_cert != bsc.certificate or bsc_pdu.signing_cert_crl != ca.latest_crl: - rpkid_query.append(rpki.left_right.bsc_elt.make_pdu( - action = "set", - tag = "bsc", + if (child_pdu is None or + child_pdu.bsc_handle != bsc_handle or + child_pdu.bpki_cert != child.certificate): + rpkid_query.append(rpki.left_right.child_elt.make_pdu( + action = "create" if child_pdu is None else "set", + tag = child.handle, self_handle = ca.handle, + child_handle = child.handle, bsc_handle = bsc_handle, - signing_cert = bsc.certificate, - signing_cert_crl = ca.latest_crl)) - - # At present we need one <repository/> per <parent/>, not because - # rpkid requires that, but because pubd does. pubd probably should - # be fixed to support a single client allowed to update multiple - # trees, but for the moment the easiest way forward is just to - # enforce a 1:1 mapping between <parent/> and <repository/> objects - - for repository in ca.repositories.all(): - - repository_pdu = repository_pdus.pop(repository.handle, None) - - if (repository_pdu is None or - repository_pdu.bsc_handle != bsc_handle or - repository_pdu.peer_contact_uri != repository.service_uri or - repository_pdu.bpki_cert != repository.certificate): - rpkid_query.append(rpki.left_right.repository_elt.make_pdu( - action = "create" if repository_pdu is None else "set", - tag = repository.handle, - self_handle = ca.handle, - repository_handle = repository.handle, - bsc_handle = bsc_handle, - peer_contact_uri = repository.service_uri, - bpki_cert = repository.certificate)) - - rpkid_query.extend(rpki.left_right.repository_elt.make_pdu( - action = "destroy", self_handle = ca.handle, repository_handle = r) for r in repository_pdus) - - # <parent/> setup code currently assumes 1:1 mapping between - # <repository/> and <parent/>, and further assumes that the handles - # for an associated pair are the identical (that is: - # parent.repository_handle == parent.parent_handle). - - for parent in ca.parents.all(): - - parent_pdu = parent_pdus.pop(parent.handle, None) - - if (parent_pdu is None or - parent_pdu.bsc_handle != bsc_handle or - parent_pdu.repository_handle != parent.handle or - parent_pdu.peer_contact_uri != parent.service_uri or - parent_pdu.sia_base != parent.repository.sia_base or - parent_pdu.sender_name != parent.child_handle or - parent_pdu.recipient_name != parent.parent_handle or - parent_pdu.bpki_cms_cert != parent.certificate): - rpkid_query.append(rpki.left_right.parent_elt.make_pdu( - action = "create" if parent_pdu is None else "set", - tag = parent.handle, - self_handle = ca.handle, - parent_handle = parent.handle, - bsc_handle = bsc_handle, - repository_handle = parent.handle, - peer_contact_uri = parent.service_uri, - sia_base = parent.repository.sia_base, - sender_name = parent.child_handle, - recipient_name = parent.parent_handle, - bpki_cms_cert = parent.certificate)) + bpki_cert = child.certificate)) - try: + rpkid_query.extend(rpki.left_right.child_elt.make_pdu( + action = "destroy", self_handle = ca.handle, child_handle = c) for c in child_pdus) + + # If caller wants us to poke rpkid, add that to the very end of the message + + if poke: + rpkid_query.append(rpki.left_right.self_elt.make_pdu( + action = "set", self_handle = ca.handle, run_now = "yes")) + + # If we changed anything, ship updates off to rpkid + + if rpkid_query: + rpkid_reply = self.call_rpkid(*rpkid_query) + bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) + if bsc_handle in bsc_pdus and bsc_pdus[bsc_handle].pkcs10_request: + bsc_req = bsc_pdus[bsc_handle].pkcs10_request + self.check_error_report(rpkid_reply) - parent_pdu = parent_pdus.pop(ca.handle, None) - - if (parent_pdu is None or - parent_pdu.bsc_handle != bsc_handle or - parent_pdu.repository_handle != ca.handle or - parent_pdu.peer_contact_uri != ca.rootd.service_uri or - parent_pdu.sia_base != ca.rootd.repository.sia_base or - parent_pdu.sender_name != ca.handle or - parent_pdu.recipient_name != ca.handle or - parent_pdu.bpki_cms_cert != ca.rootd.certificate): - rpkid_query.append(rpki.left_right.parent_elt.make_pdu( - action = "create" if parent_pdu is None else "set", - tag = ca.handle, - self_handle = ca.handle, - parent_handle = ca.handle, - bsc_handle = bsc_handle, - repository_handle = ca.handle, - peer_contact_uri = ca.rootd.service_uri, - sia_base = ca.rootd.repository.sia_base, - sender_name = ca.handle, - recipient_name = ca.handle, - bpki_cms_cert = ca.rootd.certificate)) - - except rpki.irdb.Rootd.DoesNotExist: - pass - rpkid_query.extend(rpki.left_right.parent_elt.make_pdu( - action = "destroy", self_handle = ca.handle, parent_handle = p) for p in parent_pdus) + def synchronize_pubd_core(self): + """ + Configure pubd with data built up by the other commands in this + program. This is the core synchronization code. Don't call this + directly, instead call a methods that calls this inside a Django + commit wrapper. - # Children are simpler than parents, because they call us, so no URL - # to construct and figuring out what certificate to use is their - # problem, not ours. + This method configures pubd with data built up by the other + commands in this program. Commands which modify IRDB fields + related to pubd should call this when they're done. + """ - for child in ca.children.all(): + # If we're not running pubd, the rest of this is a waste of time - child_pdu = child_pdus.pop(child.handle, None) + if not self.run_pubd: + return + + # Make sure that pubd's BPKI CRL is up to date. - if (child_pdu is None or - child_pdu.bsc_handle != bsc_handle or - child_pdu.bpki_cert != child.certificate): - rpkid_query.append(rpki.left_right.child_elt.make_pdu( - action = "create" if child_pdu is None else "set", - tag = child.handle, - self_handle = ca.handle, - child_handle = child.handle, - bsc_handle = bsc_handle, - bpki_cert = child.certificate)) + self.call_pubd(rpki.publication.config_elt.make_pdu( + action = "set", + bpki_crl = self.server_ca.latest_crl)) - rpkid_query.extend(rpki.left_right.child_elt.make_pdu( - action = "destroy", self_handle = ca.handle, child_handle = c) for c in child_pdus) + # See what pubd already has on file - # Publication setup. + pubd_reply = self.call_pubd(rpki.publication.client_elt.make_pdu(action = "list")) + client_pdus = dict((x.client_handle, x) for x in pubd_reply if isinstance(x, rpki.publication.client_elt)) + pubd_query = [] - # Um, why are we doing this per resource holder? + # Check all clients - if self.run_pubd: + for client in self.server_ca.clients.all(): - for client in self.server_ca.clients.all(): + client_pdu = client_pdus.pop(client.handle, None) - client_pdu = client_pdus.pop(client.handle, None) + if (client_pdu is None or + client_pdu.base_uri != client.sia_base or + client_pdu.bpki_cert != client.certificate): + pubd_query.append(rpki.publication.client_elt.make_pdu( + action = "create" if client_pdu is None else "set", + client_handle = client.handle, + bpki_cert = client.certificate, + base_uri = client.sia_base)) - if (client_pdu is None or - client_pdu.base_uri != client.sia_base or - client_pdu.bpki_cert != client.certificate): - pubd_query.append(rpki.publication.client_elt.make_pdu( - action = "create" if client_pdu is None else "set", - client_handle = client.handle, - bpki_cert = client.certificate, - base_uri = client.sia_base)) + # Delete any unknown clients - pubd_query.extend(rpki.publication.client_elt.make_pdu( + pubd_query.extend(rpki.publication.client_elt.make_pdu( action = "destroy", client_handle = p) for p in client_pdus) - # If we changed anything, ship updates off to daemons + # If we changed anything, ship updates off to pubd - if rpkid_query: - rpkid_reply = self.call_rpkid(*rpkid_query) - bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt)) - if bsc_handle in bsc_pdus and bsc_pdus[bsc_handle].pkcs10_request: - bsc_req = bsc_pdus[bsc_handle].pkcs10_request - self.check_error_report(rpkid_reply) + if pubd_query: + pubd_reply = self.call_pubd(*pubd_query) + self.check_error_report(pubd_reply) - if pubd_query: - assert self.run_pubd - pubd_reply = self.call_pubd(*pubd_query) - self.check_error_report(pubd_reply) - # Clean up any <self/> objects rpkid might be holding that don't - # match a ResourceCA object. + def synchronize_rpkid_deleted_core(self): + """ + Remove any <self/> objects present in rpkid's database but not + present in the IRDB. This is the core synchronization code. + Don't call this directly, instead call a methods that calls this + inside a Django commit wrapper. + """ rpkid_reply = self.call_rpkid(rpki.left_right.self_elt.make_pdu(action = "list")) self.check_error_report(rpkid_reply) @@ -1345,11 +1431,6 @@ class Zookeeper(object): rpkid_query = [rpki.left_right.self_elt.make_pdu(action = "destroy", self_handle = handle) for handle in (self_handles - ca_handles)] - # Poke rpkid to run immediately for any requested handles. - - rpkid_query.extend(rpki.left_right.self_elt.make_pdu( - action = "set", self_handle = h, run_now = "yes") for h in handles_to_poke) - if rpkid_query: rpkid_reply = self.call_rpkid(*rpkid_query) self.check_error_report(rpkid_reply) diff --git a/rpkid/rpki/irdbd.py b/rpkid/rpki/irdbd.py index 592ad799..dafdaff9 100644 --- a/rpkid/rpki/irdbd.py +++ b/rpkid/rpki/irdbd.py @@ -42,7 +42,6 @@ import os import time import getopt import urlparse -import warnings import rpki.http import rpki.config import rpki.resource_set @@ -105,6 +104,8 @@ class main(object): try: q_pdu = None r_msg = rpki.left_right.msg.reply() + from django.db import connection + connection.cursor() # Reconnect to mysqld if necessary self.start_new_transaction() serverCA = rpki.irdb.ServerCA.objects.get() rpkid = serverCA.ee_certificates.get(purpose = "rpkid") @@ -142,7 +143,7 @@ class main(object): def __init__(self, **kwargs): - global rpki + global rpki # pylint: disable=W0602 os.environ["TZ"] = "UTC" time.tzset() @@ -190,7 +191,7 @@ class main(object): def main(self): - global rpki + global rpki # pylint: disable=W0602 from django.conf import settings startup_msg = self.cfg.get("startup-message", "") @@ -218,8 +219,8 @@ class main(object): "PORT" : "" }}, INSTALLED_APPS = ("rpki.irdb",),) - import rpki.irdb - + import rpki.irdb # pylint: disable=W0621 + # Entirely too much fun with read-only access to transactional databases. # # http://stackoverflow.com/questions/3346124/how-do-i-force-django-to-ignore-any-caches-and-reload-data diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py index b74b12b5..a7dca013 100644 --- a/rpkid/rpki/left_right.py +++ b/rpkid/rpki/left_right.py @@ -3,7 +3,7 @@ RPKI "left-right" protocol. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -32,24 +32,25 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions, rpki.xml_utils -import rpki.http, rpki.up_down, rpki.relaxng, rpki.sundial, rpki.log, rpki.roa -import rpki.publication, rpki.async +import rpki.resource_set +import rpki.x509 +import rpki.sql +import rpki.exceptions +import rpki.xml_utils +import rpki.http +import rpki.up_down +import rpki.relaxng +import rpki.sundial +import rpki.log +import rpki.publication +import rpki.async +import rpki.rpkid_tasks ## @var enforce_strict_up_down_xml_sender # Enforce strict checking of XML "sender" field in up-down protocol enforce_strict_up_down_xml_sender = False -## @var max_new_roas_at_once -# Upper limit on the number of ROAs we'll create in a single -# self_elt.update_roas() call. This is a bit of a kludge, and may be -# replaced with something more clever or general later; for the moment -# the goal is to avoid going totally compute bound when somebody -# throws 50,000 new ROA requests at us in a single batch. - -max_new_roas_at_once = 50 - class left_right_namespace(object): """ XML namespace parameters for left-right protocol. @@ -69,6 +70,7 @@ class data_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistent, left_right_name self_handle = None @property + @rpki.sql.cache_reference def self(self): """ Fetch self object to which this object links. @@ -76,6 +78,7 @@ class data_elt(rpki.xml_utils.data_elt, rpki.sql.sql_persistent, left_right_name return self_elt.sql_fetch(self.gctx, self.self_id) @property + @rpki.sql.cache_reference def bsc(self): """ Return BSC object to which this object links. @@ -149,9 +152,16 @@ class self_elt(data_elt): booleans = ("rekey", "reissue", "revoke", "run_now", "publish_world_now", "revoke_forgotten", "clear_replay_protection") - sql_template = rpki.sql.template("self", "self_id", "self_handle", - "use_hsm", "crl_interval", "regen_margin", - ("bpki_cert", rpki.x509.X509), ("bpki_glue", rpki.x509.X509)) + sql_template = rpki.sql.template( + "self", + "self_id", + "self_handle", + "use_hsm", + "crl_interval", + "regen_margin", + ("bpki_cert", rpki.x509.X509), + ("bpki_glue", rpki.x509.X509)) + handles = () use_hsm = False @@ -159,6 +169,10 @@ class self_elt(data_elt): regen_margin = None bpki_cert = None bpki_glue = None + cron_tasks = None + + def __repr__(self): + return rpki.log.log_repr(self) @property def bscs(self): @@ -306,11 +320,16 @@ class self_elt(data_elt): for ca in parent.cas: ca_detail = ca.active_ca_detail if ca_detail is not None: - q_msg.append(rpki.publication.crl_elt.make_publish(ca_detail.crl_uri, ca_detail.latest_crl)) - q_msg.append(rpki.publication.manifest_elt.make_publish(ca_detail.manifest_uri, ca_detail.latest_manifest)) - q_msg.extend(rpki.publication.certificate_elt.make_publish(c.uri, c.cert) for c in ca_detail.child_certs) - q_msg.extend(rpki.publication.roa_elt.make_publish(r.uri, r.roa) for r in ca_detail.roas if r.roa is not None) - q_msg.extend(rpki.publication.ghostbuster_elt.make_publish(g.uri, g.ghostbuster) for g in ca_detail.ghostbusters) + q_msg.append(rpki.publication.crl_elt.make_publish( + ca_detail.crl_uri, ca_detail.latest_crl)) + q_msg.append(rpki.publication.manifest_elt.make_publish( + ca_detail.manifest_uri, ca_detail.latest_manifest)) + q_msg.extend(rpki.publication.certificate_elt.make_publish( + c.uri, c.cert) for c in ca_detail.child_certs) + q_msg.extend(rpki.publication.roa_elt.make_publish( + r.uri, r.roa) for r in ca_detail.roas if r.roa is not None) + q_msg.extend(rpki.publication.ghostbuster_elt.make_publish( + g.uri, g.ghostbuster) for g in ca_detail.ghostbusters) parent.repository.call_pubd(iterator, eb, q_msg) rpki.async.iterator(self.parents, loop, cb) @@ -319,8 +338,12 @@ class self_elt(data_elt): """ Handle a left-right run_now action for this self. """ - rpki.log.debug("Forced immediate run of periodic actions for self %s[%d]" % (self.self_handle, self.self_id)) - self.cron(cb) + rpki.log.debug("Forced immediate run of periodic actions for self %s[%d]" % ( + self.self_handle, self.self_id)) + completion = rpki.rpkid_tasks.CompletionHandler(cb) + self.schedule_cron_tasks(completion) + assert completion.count > 0 + self.gctx.task_run() def serve_fetch_one_maybe(self): """ @@ -344,415 +367,22 @@ class self_elt(data_elt): """ return self.sql_fetch_all(self.gctx) - def cron(self, cb): - """ - Periodic tasks. - """ - - def one(): - self.gctx.checkpoint() - rpki.log.debug("Self %s[%d] polling parents" % (self.self_handle, self.self_id)) - self.client_poll(two) - - def two(): - self.gctx.checkpoint() - rpki.log.debug("Self %s[%d] updating children" % (self.self_handle, self.self_id)) - self.update_children(three) - - def three(): - self.gctx.checkpoint() - rpki.log.debug("Self %s[%d] updating ROAs" % (self.self_handle, self.self_id)) - self.update_roas(four) - - def four(): - self.gctx.checkpoint() - rpki.log.debug("Self %s[%d] updating Ghostbuster records" % (self.self_handle, self.self_id)) - self.update_ghostbusters(five) - - def five(): - self.gctx.checkpoint() - rpki.log.debug("Self %s[%d] regenerating CRLs and manifests" % (self.self_handle, self.self_id)) - self.regenerate_crls_and_manifests(six) - - def six(): - self.gctx.checkpoint() - self.gctx.sql.sweep() - self.gctx.sql.cache_clear_maybe() - cb() - - one() - - - def client_poll(self, callback): - """ - Run the regular client poll cycle with each of this self's parents - in turn. - """ - - rpki.log.trace() - - def parent_loop(parent_iterator, parent): - - def got_list(r_msg): - ca_map = dict((ca.parent_resource_class, ca) for ca in parent.cas) - self.gctx.checkpoint() - - def class_loop(class_iterator, rc): - - def class_update_failed(e): - rpki.log.traceback() - rpki.log.warn("Couldn't update class, skipping: %s" % e) - class_iterator() - - def class_create_failed(e): - rpki.log.traceback() - rpki.log.warn("Couldn't create class, skipping: %s" % e) - class_iterator() - - self.gctx.checkpoint() - if rc.class_name in ca_map: - ca = ca_map[rc.class_name] - del ca_map[rc.class_name] - ca.check_for_updates(parent, rc, class_iterator, class_update_failed) - else: - rpki.rpkid.ca_obj.create(parent, rc, class_iterator, class_create_failed) - - def class_done(): - - def ca_loop(iterator, ca): - self.gctx.checkpoint() - ca.delete(parent, iterator) - - def ca_done(): - self.gctx.checkpoint() - self.gctx.sql.sweep() - parent_iterator() - - rpki.async.iterator(ca_map.values(), ca_loop, ca_done) - - rpki.async.iterator(r_msg.payload.classes, class_loop, class_done) - - def list_failed(e): - rpki.log.traceback() - rpki.log.warn("Couldn't get resource class list from parent %r, skipping: %s (%r)" % (parent, e, e)) - parent_iterator() - - rpki.up_down.list_pdu.query(parent, got_list, list_failed) - - rpki.async.iterator(self.parents, parent_loop, callback) - - - def update_children(self, cb): - """ - Check for updated IRDB data for all of this self's children and - issue new certs as necessary. Must handle changes both in - resources and in expiration date. - """ - - rpki.log.trace() - now = rpki.sundial.now() - rsn = now + rpki.sundial.timedelta(seconds = self.regen_margin) - publisher = rpki.rpkid.publication_queue() - - def loop(iterator, child): - - def lose(e): - rpki.log.traceback() - rpki.log.warn("Couldn't update child %r, skipping: %s" % (child, e)) - iterator() - - def got_resources(irdb_resources): - try: - for child_cert in child_certs: - ca_detail = child_cert.ca_detail - ca = ca_detail.ca - if ca_detail.state == "active": - old_resources = child_cert.cert.get_3779resources() - new_resources = irdb_resources.intersection(old_resources).intersection(ca_detail.latest_ca_cert.get_3779resources()) - - if new_resources.empty(): - rpki.log.debug("Resources shrank to the null set, revoking and withdrawing child %s certificate SKI %s" % (child.child_handle, child_cert.cert.gSKI())) - child_cert.revoke(publisher = publisher) - ca_detail.generate_crl(publisher = publisher) - ca_detail.generate_manifest(publisher = publisher) - - elif old_resources != new_resources or (old_resources.valid_until < rsn and irdb_resources.valid_until > now): - rpki.log.debug("Need to reissue child %s certificate SKI %s" % (child.child_handle, child_cert.cert.gSKI())) - child_cert.reissue( - ca_detail = ca_detail, - resources = new_resources, - publisher = publisher) - - elif old_resources.valid_until < now: - rpki.log.debug("Child %s certificate SKI %s has expired: cert.valid_until %s, irdb.valid_until %s" - % (child.child_handle, child_cert.cert.gSKI(), old_resources.valid_until, irdb_resources.valid_until)) - child_cert.sql_delete() - publisher.withdraw(cls = rpki.publication.certificate_elt, uri = child_cert.uri, obj = child_cert.cert, repository = ca.parent.repository) - ca_detail.generate_manifest(publisher = publisher) - - except (SystemExit, rpki.async.ExitNow): - raise - except Exception, e: - self.gctx.checkpoint() - lose(e) - else: - self.gctx.checkpoint() - self.gctx.sql.sweep() - iterator() - - self.gctx.checkpoint() - self.gctx.sql.sweep() - child_certs = child.child_certs - if child_certs: - self.gctx.irdb_query_child_resources(child.self.self_handle, child.child_handle, got_resources, lose) - else: - iterator() - - def done(): - def lose(e): - rpki.log.traceback() - rpki.log.warn("Couldn't publish for %s, skipping: %s" % (self.self_handle, e)) - self.gctx.checkpoint() - cb() - self.gctx.checkpoint() - self.gctx.sql.sweep() - publisher.call_pubd(cb, lose) - - rpki.async.iterator(self.children, loop, done) - - - def regenerate_crls_and_manifests(self, cb): - """ - Generate new CRLs and manifests as necessary for all of this - self's CAs. Extracting nextUpdate from a manifest is hard at the - moment due to implementation silliness, so for now we generate a - new manifest whenever we generate a new CRL - - This method also cleans up tombstones left behind by revoked - ca_detail objects, since we're walking through the relevant - portions of the database anyway. + def schedule_cron_tasks(self, completion): """ - - rpki.log.trace() - now = rpki.sundial.now() - regen_margin = rpki.sundial.timedelta(seconds = self.regen_margin) - publisher = rpki.rpkid.publication_queue() - - for parent in self.parents: - for ca in parent.cas: - try: - for ca_detail in ca.revoked_ca_details: - if now > ca_detail.latest_crl.getNextUpdate(): - ca_detail.delete(ca = ca, publisher = publisher) - ca_detail = ca.active_ca_detail - if ca_detail is not None and now + regen_margin > ca_detail.latest_crl.getNextUpdate(): - ca_detail.generate_crl(publisher = publisher) - ca_detail.generate_manifest(publisher = publisher) - except (SystemExit, rpki.async.ExitNow): - raise - except Exception, e: - rpki.log.traceback() - rpki.log.warn("Couldn't regenerate CRLs and manifests for CA %r, skipping: %s" % (ca, e)) - - def lose(e): - rpki.log.traceback() - rpki.log.warn("Couldn't publish updated CRLs and manifests for self %r, skipping: %s" % (self.self_handle, e)) - self.gctx.checkpoint() - cb() - - self.gctx.checkpoint() - self.gctx.sql.sweep() - publisher.call_pubd(cb, lose) - - - def update_ghostbusters(self, cb): + Schedule periodic tasks. """ - Generate or update Ghostbuster records for this self. - This is heavily based on .update_roas(), and probably both of them - need refactoring. - """ - - parents = dict((p.parent_handle, p) for p in self.parents) - - def got_ghostbuster_requests(ghostbuster_requests): + if self.cron_tasks is None: + self.cron_tasks = ( + rpki.rpkid_tasks.PollParentTask(self), + rpki.rpkid_tasks.UpdateChildrenTask(self), + rpki.rpkid_tasks.UpdateROAsTask(self), + rpki.rpkid_tasks.UpdateGhostbustersTask(self), + rpki.rpkid_tasks.RegenerateCRLsAndManifestsTask(self)) - try: - self.gctx.checkpoint() - if self.gctx.sql.dirty: - rpki.log.warn("Unexpected dirty SQL cache, flushing") - self.gctx.sql.sweep() - - ghostbusters = {} - orphans = [] - for ghostbuster in self.ghostbusters: - k = (ghostbuster.ca_detail_id, ghostbuster.vcard) - if ghostbuster.ca_detail.state != "active" or k in ghostbusters: - orphans.append(ghostbuster) - else: - ghostbusters[k] = ghostbuster - - publisher = rpki.rpkid.publication_queue() - ca_details = set() - - seen = set() - for ghostbuster_request in ghostbuster_requests: - if ghostbuster_request.parent_handle not in parents: - rpki.log.warn("Unknown parent_handle %r in Ghostbuster request, skipping" % ghostbuster_request.parent_handle) - continue - k = (ghostbuster_request.parent_handle, ghostbuster_request.vcard) - if k in seen: - rpki.log.warn("Skipping duplicate Ghostbuster request %r" % ghostbuster_request) - continue - seen.add(k) - for ca in parents[ghostbuster_request.parent_handle].cas: - ca_detail = ca.active_ca_detail - if ca_detail is not None: - ghostbuster = ghostbusters.pop((ca_detail.ca_detail_id, ghostbuster_request.vcard), None) - if ghostbuster is None: - ghostbuster = rpki.rpkid.ghostbuster_obj(self.gctx, self.self_id, ca_detail.ca_detail_id, ghostbuster_request.vcard) - rpki.log.debug("Created new Ghostbuster request for %r" % ghostbuster_request.parent_handle) - else: - rpki.log.debug("Found existing Ghostbuster request for %r" % ghostbuster_request.parent_handle) - ghostbuster.update(publisher = publisher, fast = True) - ca_details.add(ca_detail) - - orphans.extend(ghostbusters.itervalues()) - for ghostbuster in orphans: - ca_details.add(ghostbuster.ca_detail) - ghostbuster.revoke(publisher = publisher, fast = True) - - for ca_detail in ca_details: - ca_detail.generate_crl(publisher = publisher) - ca_detail.generate_manifest(publisher = publisher) - - self.gctx.sql.sweep() - - def publication_failed(e): - rpki.log.traceback() - rpki.log.warn("Couldn't publish Ghostbuster updates for %s, skipping: %s" % (self.self_handle, e)) - self.gctx.checkpoint() - cb() - - self.gctx.checkpoint() - publisher.call_pubd(cb, publication_failed) - - except (SystemExit, rpki.async.ExitNow): - raise - except Exception, e: - rpki.log.traceback() - rpki.log.warn("Could not update Ghostbuster records for %s, skipping: %s" % (self.self_handle, e)) - cb() - - def ghostbuster_requests_failed(e): - rpki.log.traceback() - rpki.log.warn("Could not fetch Ghostbuster record requests for %s, skipping: %s" % (self.self_handle, e)) - cb() - - self.gctx.checkpoint() - self.gctx.sql.sweep() - self.gctx.irdb_query_ghostbuster_requests(self.self_handle, parents.iterkeys(), - got_ghostbuster_requests, ghostbuster_requests_failed) - - - def update_roas(self, cb): - """ - Generate or update ROAs for this self. - """ - - def got_roa_requests(roa_requests): - - self.gctx.checkpoint() - - if self.gctx.sql.dirty: - rpki.log.warn("Unexpected dirty SQL cache, flushing") - self.gctx.sql.sweep() - - roas = {} - orphans = [] - for roa in self.roas: - k = (roa.asn, str(roa.ipv4), str(roa.ipv6)) - if k not in roas: - roas[k] = roa - elif (roa.roa is not None and roa.cert is not None and roa.ca_detail is not None and roa.ca_detail.state == "active" and - (roas[k].roa is None or roas[k].cert is None or roas[k].ca_detail is None or roas[k].ca_detail.state != "active")): - orphans.append(roas[k]) - roas[k] = roa - else: - orphans.append(roa) - - publisher = rpki.rpkid.publication_queue() - ca_details = set() - seen = set() - - def loop(iterator, roa_request): - self.gctx.checkpoint() - try: - k = (roa_request.asn, str(roa_request.ipv4), str(roa_request.ipv6)) - if k in seen: - rpki.log.warn("Skipping duplicate ROA request %r" % roa_request) - else: - seen.add(k) - roa = roas.pop(k, None) - if roa is None: - roa = rpki.rpkid.roa_obj(self.gctx, self.self_id, roa_request.asn, roa_request.ipv4, roa_request.ipv6) - rpki.log.debug("Couldn't find existing ROA, created %r" % roa) - else: - rpki.log.debug("Found existing %r" % roa) - roa.update(publisher = publisher, fast = True) - ca_details.add(roa.ca_detail) - except (SystemExit, rpki.async.ExitNow): - raise - except Exception, e: - if not isinstance(e, rpki.exceptions.NoCoveringCertForROA): - rpki.log.traceback() - rpki.log.warn("Could not update %r, skipping: %s" % (roa, e)) - if max_new_roas_at_once is not None and publisher.size > max_new_roas_at_once: - self.gctx.sql.sweep() - self.gctx.checkpoint() - publisher.call_pubd(iterator, publication_failed) - else: - iterator() - - def publication_failed(e): - rpki.log.traceback() - rpki.log.warn("Couldn't publish for %s, skipping: %s" % (self.self_handle, e)) - self.gctx.checkpoint() - cb() - - def done(): - - orphans.extend(roas.itervalues()) - for roa in orphans: - try: - ca_details.add(roa.ca_detail) - roa.revoke(publisher = publisher, fast = True) - except (SystemExit, rpki.async.ExitNow): - raise - except Exception, e: - rpki.log.traceback() - rpki.log.warn("Could not revoke %r: %s" % (roa, e)) - - self.gctx.sql.sweep() - - for ca_detail in ca_details: - ca_detail.generate_crl(publisher = publisher) - ca_detail.generate_manifest(publisher = publisher) - - self.gctx.sql.sweep() - self.gctx.checkpoint() - publisher.call_pubd(cb, publication_failed) - - rpki.async.iterator(roa_requests, loop, done) - - def roa_requests_failed(e): - rpki.log.traceback() - rpki.log.warn("Could not fetch ROA requests for %s, skipping: %s" % (self.self_handle, e)) - cb() - - self.gctx.checkpoint() - self.gctx.sql.sweep() - self.gctx.irdb_query_roa_requests(self.self_handle, got_roa_requests, roa_requests_failed) + for task in self.cron_tasks: + self.gctx.task_add(task) + completion.register(task) class bsc_elt(data_elt): @@ -765,12 +395,17 @@ class bsc_elt(data_elt): elements = ("signing_cert", "signing_cert_crl", "pkcs10_request") booleans = ("generate_keypair",) - sql_template = rpki.sql.template("bsc", "bsc_id", "bsc_handle", - "self_id", "hash_alg", - ("private_key_id", rpki.x509.RSA), - ("pkcs10_request", rpki.x509.PKCS10), - ("signing_cert", rpki.x509.X509), - ("signing_cert_crl", rpki.x509.CRL)) + sql_template = rpki.sql.template( + "bsc", + "bsc_id", + "bsc_handle", + "self_id", + "hash_alg", + ("private_key_id", rpki.x509.RSA), + ("pkcs10_request", rpki.x509.PKCS10), + ("signing_cert", rpki.x509.X509), + ("signing_cert_crl", rpki.x509.CRL)) + handles = (("self", self_elt),) private_key_id = None @@ -778,6 +413,9 @@ class bsc_elt(data_elt): signing_cert = None signing_cert_crl = None + def __repr__(self): + return rpki.log.log_repr(self, self.bsc_handle) + @property def repositories(self): """ @@ -807,7 +445,7 @@ class bsc_elt(data_elt): if q_pdu.generate_keypair: assert q_pdu.key_type in (None, "rsa") and q_pdu.hash_alg in (None, "sha256") self.private_key_id = rpki.x509.RSA.generate(keylength = q_pdu.key_length or 2048) - self.pkcs10_request = rpki.x509.PKCS10.create(self.private_key_id) + self.pkcs10_request = rpki.x509.PKCS10.create(keypair = self.private_key_id) r_pdu.pkcs10_request = self.pkcs10_request data_elt.serve_pre_save_hook(self, q_pdu, r_pdu, cb, eb) @@ -821,18 +459,27 @@ class repository_elt(data_elt): elements = ("bpki_cert", "bpki_glue") booleans = ("clear_replay_protection",) - sql_template = rpki.sql.template("repository", "repository_id", "repository_handle", - "self_id", "bsc_id", "peer_contact_uri", - ("bpki_cert", rpki.x509.X509), - ("bpki_glue", rpki.x509.X509), - ("last_cms_timestamp", rpki.sundial.datetime)) + sql_template = rpki.sql.template( + "repository", + "repository_id", + "repository_handle", + "self_id", + "bsc_id", + "peer_contact_uri", + ("bpki_cert", rpki.x509.X509), + ("bpki_glue", rpki.x509.X509), + ("last_cms_timestamp", rpki.sundial.datetime)) - handles = (("self", self_elt), ("bsc", bsc_elt)) + handles = (("self", self_elt), + ("bsc", bsc_elt)) bpki_cert = None bpki_glue = None last_cms_timestamp = None + def __repr__(self): + return rpki.log.log_repr(self, self.repository_handle) + @property def parents(self): """ @@ -900,12 +547,14 @@ class repository_elt(data_elt): def done(r_der): try: + rpki.log.debug("Received response from pubd") r_cms = rpki.publication.cms_msg(DER = r_der) r_msg = r_cms.unwrap(bpki_ta_path) r_cms.check_replay_sql(self) for r_pdu in r_msg: handler = handlers.get(r_pdu.tag, self.default_pubd_handler) if handler: + rpki.log.debug("Calling pubd handler %r" % handler) handler(r_pdu) if len(q_msg) != len(r_msg): raise rpki.exceptions.BadPublicationReply, "Wrong number of response PDUs from pubd: sent %r, got %r" % (q_msg, r_msg) @@ -915,6 +564,7 @@ class repository_elt(data_elt): except Exception, e: errback(e) + rpki.log.debug("Sending request to pubd") rpki.http.client( url = self.peer_contact_uri, msg = q_der, @@ -937,21 +587,34 @@ class parent_elt(data_elt): elements = ("bpki_cms_cert", "bpki_cms_glue") booleans = ("rekey", "reissue", "revoke", "revoke_forgotten", "clear_replay_protection") - sql_template = rpki.sql.template("parent", "parent_id", "parent_handle", - "self_id", "bsc_id", "repository_id", - "peer_contact_uri", "sia_base", - "sender_name", "recipient_name", - ("bpki_cms_cert", rpki.x509.X509), - ("bpki_cms_glue", rpki.x509.X509), - ("last_cms_timestamp", rpki.sundial.datetime)) - - handles = (("self", self_elt), ("bsc", bsc_elt), ("repository", repository_elt)) + sql_template = rpki.sql.template( + "parent", + "parent_id", + "parent_handle", + "self_id", + "bsc_id", + "repository_id", + "peer_contact_uri", + "sia_base", + "sender_name", + "recipient_name", + ("bpki_cms_cert", rpki.x509.X509), + ("bpki_cms_glue", rpki.x509.X509), + ("last_cms_timestamp", rpki.sundial.datetime)) + + handles = (("self", self_elt), + ("bsc", bsc_elt), + ("repository", repository_elt)) bpki_cms_cert = None bpki_cms_glue = None last_cms_timestamp = None + def __repr__(self): + return rpki.log.log_repr(self, self.parent_handle) + @property + @rpki.sql.cache_reference def repository(self): """ Fetch repository object to which this parent object links. @@ -1170,18 +833,26 @@ class child_elt(data_elt): elements = ("bpki_cert", "bpki_glue") booleans = ("reissue", "clear_replay_protection") - sql_template = rpki.sql.template("child", "child_id", "child_handle", - "self_id", "bsc_id", - ("bpki_cert", rpki.x509.X509), - ("bpki_glue", rpki.x509.X509), - ("last_cms_timestamp", rpki.sundial.datetime)) + sql_template = rpki.sql.template( + "child", + "child_id", + "child_handle", + "self_id", + "bsc_id", + ("bpki_cert", rpki.x509.X509), + ("bpki_glue", rpki.x509.X509), + ("last_cms_timestamp", rpki.sundial.datetime)) - handles = (("self", self_elt), ("bsc", bsc_elt)) + handles = (("self", self_elt), + ("bsc", bsc_elt)) bpki_cert = None bpki_glue = None last_cms_timestamp = None + def __repr__(self): + return rpki.log.log_repr(self, self.child_handle) + def fetch_child_certs(self, ca_detail = None, ski = None, unique = False): """ Fetch all child_cert objects that link to this child object. @@ -1243,7 +914,9 @@ class child_elt(data_elt): raise rpki.exceptions.ClassNameUnknown, "Unknown class name %s" % class_name parent = ca.parent if self.self_id != parent.self_id: - raise rpki.exceptions.ClassNameMismatch, "Class name mismatch: child.self_id = %d, parent.self_id = %d" % (self.self_id, parent.self_id) + raise rpki.exceptions.ClassNameMismatch( + "Class name mismatch: child.self_id = %d, parent.self_id = %d" % ( + self.self_id, parent.self_id)) return ca def serve_destroy_hook(self, cb, eb): @@ -1276,6 +949,7 @@ class child_elt(data_elt): q_msg.payload.gctx = self.gctx if enforce_strict_up_down_xml_sender and q_msg.sender != str(self.child_id): raise rpki.exceptions.BadSender, "Unexpected XML sender %s" % q_msg.sender + self.gctx.sql.sweep() def done(r_msg): # @@ -1306,6 +980,9 @@ class list_resources_elt(rpki.xml_utils.base_elt, left_right_namespace): attributes = ("self_handle", "tag", "child_handle", "valid_until", "asn", "ipv4", "ipv6") valid_until = None + def __repr__(self): + return rpki.log.log_repr(self, self.self_handle, self.child_handle, self.asn, self.ipv4, self.ipv6) + def startElement(self, stack, name, attrs): """ Handle <list_resources/> element. This requires special handling @@ -1353,7 +1030,7 @@ class list_roa_requests_elt(rpki.xml_utils.base_elt, left_right_namespace): self.ipv6 = rpki.resource_set.roa_prefix_set_ipv6(self.ipv6) def __repr__(self): - return rpki.log.log_repr(self, self.asn, self.ipv4, self.ipv6) + return rpki.log.log_repr(self, self.self_handle, self.asn, self.ipv4, self.ipv6) class list_ghostbuster_requests_elt(rpki.xml_utils.text_elt, left_right_namespace): """ @@ -1366,6 +1043,8 @@ class list_ghostbuster_requests_elt(rpki.xml_utils.text_elt, left_right_namespac vcard = None + def __repr__(self): + return rpki.log.log_repr(self, self.self_handle, self.parent_handle) class list_published_objects_elt(rpki.xml_utils.text_elt, left_right_namespace): """ @@ -1379,6 +1058,9 @@ class list_published_objects_elt(rpki.xml_utils.text_elt, left_right_namespace): obj = None child_handle = None + def __repr__(self): + return rpki.log.log_repr(self, self.self_handle, self.child_handle, self.uri) + def serve_dispatch(self, r_msg, cb, eb): """ Handle a <list_published_objects/> query. The method name is a @@ -1417,6 +1099,9 @@ class list_received_resources_elt(rpki.xml_utils.base_elt, left_right_namespace) attributes = ("self_handle", "tag", "parent_handle", "notBefore", "notAfter", "uri", "sia_uri", "aia_uri", "asn", "ipv4", "ipv6") + def __repr__(self): + return rpki.log.log_repr(self, self.self_handle, self.parent_handle, self.uri, self.notAfter) + def serve_dispatch(self, r_msg, cb, eb): """ Handle a <list_received_resources/> query. The method name is a @@ -1460,6 +1145,9 @@ class report_error_elt(rpki.xml_utils.text_elt, left_right_namespace): error_text = None + def __repr__(self): + return rpki.log.log_repr(self, self.self_handle, self.error_code) + @classmethod def from_exception(cls, e, self_handle = None, tag = None): """ @@ -1502,7 +1190,8 @@ class msg(rpki.xml_utils.msg, left_right_namespace): def fail(e): if not isinstance(e, rpki.exceptions.NotFound): rpki.log.traceback() - r_msg.append(report_error_elt.from_exception(e, self_handle = q_pdu.self_handle, tag = q_pdu.tag)) + r_msg.append(report_error_elt.from_exception( + e, self_handle = q_pdu.self_handle, tag = q_pdu.tag)) cb(r_msg) try: diff --git a/rpkid/rpki/log.py b/rpkid/rpki/log.py index bc20e395..2b48cb6d 100644 --- a/rpkid/rpki/log.py +++ b/rpkid/rpki/log.py @@ -3,7 +3,7 @@ Logging facilities for RPKI libraries. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -32,9 +32,18 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import syslog, sys, os, time +import syslog +import sys +import os +import time import traceback as tb +try: + import setproctitle + have_setproctitle = True +except ImportError: + have_setproctitle = False + ## @var enable_trace # Whether call tracing is enabled. @@ -54,7 +63,22 @@ show_python_ids = False # Whether tracebacks are enabled globally. Individual classes and # modules may choose to override this. -enable_tracebacks = False +enable_tracebacks = True + +## @var use_setproctitle +# Whether to use setproctitle (if available) to change name shown for +# this process in ps listings (etc). + +use_setproctitle = True + +## @var proctitle_extra + +# Extra text to include in proctitle display. By default this is the +# tail of the current directory name, as this is often useful, but you +# can set it to something else if you like. If None or the empty +# string, the extra information field will be omitted from the proctitle. + +proctitle_extra = os.path.basename(os.getcwd()) tag = "" pid = 0 @@ -70,6 +94,11 @@ def init(ident = "rpki", flags = syslog.LOG_PID, facility = syslog.LOG_DAEMON): global tag, pid tag = ident pid = os.getpid() + if ident and have_setproctitle and use_setproctitle: + if proctitle_extra: + setproctitle.setproctitle("%s (%s)" % (ident, proctitle_extra)) + else: + setproctitle.setproctitle(ident) def set_trace(enable): """ @@ -115,13 +144,20 @@ def traceback(do_it = None): classes have their own controls for this, this lets us provide a unified interface). If no argument is specified, we use the global default value rpki.log.enable_tracebacks. + + Assertion failures generate backtraces unconditionally, on the + theory that (a) assertion failures are programming errors by + definition, and (b) it's often hard to figure out what's triggering + a particular assertion failure without the backtrace. """ if do_it is None: do_it = enable_tracebacks - if do_it: - assert sys.exc_info() != (None, None, None), "rpki.log.traceback() called without valid trace on stack, this is a programming error" + e = sys.exc_info()[1] + assert e is not None, "rpki.log.traceback() called without valid trace on stack! This should not happen." + + if do_it or isinstance(e, AssertionError): bt = tb.extract_stack(limit = 3) error("Exception caught in %s() at %s:%d called from %s:%d" % (bt[1][2], bt[1][0], bt[1][1], bt[0][0], bt[0][1])) bt = tb.format_exc() @@ -135,12 +171,21 @@ def log_repr(obj, *tokens): IDs as needed, includes self_handle when available. """ + # pylint: disable=W0702 words = ["%s.%s" % (obj.__class__.__module__, obj.__class__.__name__)] try: words.append("{%s}" % obj.self.self_handle) except: pass - words.extend(str(token) for token in tokens if token is not None and token != "") + for token in tokens: + if token is not None and token != "": + try: + assert token is not None + words.append(str(token)) + except: + debug("Failed to generate repr() string for object of type %r" % type(token)) + traceback() + words.append("???") if show_python_ids: words.append(" at %#x" % id(obj)) return "<" + " ".join(words) + ">" diff --git a/rpkid/rpki/manifest.py b/rpkid/rpki/manifest.py deleted file mode 100644 index f832ca20..00000000 --- a/rpkid/rpki/manifest.py +++ /dev/null @@ -1,54 +0,0 @@ -""" -Signed manifests. This is just the ASN.1 encoder, the rest is in -rpki.x509 with the rest of the DER_object code. - -Note that rpki.x509.SignedManifest implements the signed manifest; -the structures here are just the payload of the CMS eContent field. - -$Id$ - -Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -from rpki.POW._der import * - -class FileAndHash(Sequence): - def __init__(self, optional=0, default=''): - self.file = IA5String() - self.hash = AltBitString() - contents = [ self.file, self.hash ] - Sequence.__init__(self, contents, optional, default) - -class FilesAndHashes(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, FileAndHash, optional, default) - -class Manifest(Sequence): - def __init__(self, optional=0, default=''): - self.version = Integer() - self.explicitVersion = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.version, 0, 'oAMCAQA=') - self.manifestNumber = Integer() - self.thisUpdate = GeneralizedTime() - self.nextUpdate = GeneralizedTime() - self.fileHashAlg = Oid() - self.fileList = FilesAndHashes() - - contents = [ self.explicitVersion, - self.manifestNumber, - self.thisUpdate, - self.nextUpdate, - self.fileHashAlg, - self.fileList ] - Sequence.__init__(self, contents, optional, default) diff --git a/rpkid/rpki/mysql_import.py b/rpkid/rpki/mysql_import.py index ac2b580d..e7b54dde 100644 --- a/rpkid/rpki/mysql_import.py +++ b/rpkid/rpki/mysql_import.py @@ -16,7 +16,7 @@ object from this module. Looks kind of strange, but seems to work. $Id$ -Copyright (C) 2011 Internet Systems Consortium ("ISC") +Copyright (C) 2011-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -45,6 +45,8 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ +# pylint: disable=W0611 + from __future__ import with_statement import warnings @@ -59,3 +61,5 @@ else: import _mysql_exceptions warnings.simplefilter("error", _mysql_exceptions.Warning) + +import MySQLdb.converters diff --git a/rpkid/rpki/oids.py b/rpkid/rpki/oids.py index 2b8302aa..dc596f0b 100644 --- a/rpkid/rpki/oids.py +++ b/rpkid/rpki/oids.py @@ -3,7 +3,7 @@ OID database. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -92,8 +92,7 @@ def safe_name2oid(name): fields = name.split(".") if all(field.isdigit() for field in fields): return tuple(int(field) for field in fields) - else: - raise + raise def safe_oid2name(oid): """ @@ -104,4 +103,39 @@ def safe_oid2name(oid): try: return oid2name[oid] except KeyError: - return ".".join(str(field) for field in oid) + return oid2dotted(oid) + +def oid2dotted(oid): + """ + Convert OID to numeric (dotted decimal) format. + """ + + return ".".join(str(field) for field in oid) + +def dotted2oid(dotted): + """ + Convert dotted decimal format to OID tuple. + """ + + fields = dotted.split(".") + if all(field.isdigit() for field in fields): + return tuple(int(field) for field in fields) + raise ValueError("%r is not a dotted decimal OID" % dotted) + +def safe_name2dotted(name): + """ + Convert name to dotted decimal format. + """ + + return oid2dotted(safe_name2oid(name)) + +def safe_dotted2name(dotted): + """ + Convert dotted decimal to name if we know one, + otherwise just return dotted. + """ + + try: + return oid2name[dotted2oid(dotted)] + except KeyError: + return dotted diff --git a/rpkid/rpki/old_irdbd.py b/rpkid/rpki/old_irdbd.py index c63ce9e2..6cc6cb14 100644 --- a/rpkid/rpki/old_irdbd.py +++ b/rpkid/rpki/old_irdbd.py @@ -37,9 +37,19 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import sys, os, time, getopt, urlparse, warnings -import rpki.http, rpki.config, rpki.resource_set, rpki.relaxng -import rpki.exceptions, rpki.left_right, rpki.log, rpki.x509 +import sys +import os +import time +import getopt +import urlparse +import rpki.http +import rpki.config +import rpki.resource_set +import rpki.relaxng +import rpki.exceptions +import rpki.left_right +import rpki.log +import rpki.x509 from rpki.mysql_import import MySQLdb diff --git a/rpkid/rpki/pubd.py b/rpkid/rpki/pubd.py index 7a00c172..a6d8f83f 100644 --- a/rpkid/rpki/pubd.py +++ b/rpkid/rpki/pubd.py @@ -160,7 +160,6 @@ class main(object): rpki.log.trace() try: - self.sql.ping() self.handler_common(query, None, done, (self.bpki_ta, self.irbe_cert)) except (rpki.async.ExitNow, SystemExit): raise @@ -180,7 +179,6 @@ class main(object): rpki.log.trace() try: - self.sql.ping() match = self.client_url_regexp.search(path) if match is None: raise rpki.exceptions.BadContactURL, "Bad path: %s" % path diff --git a/rpkid/rpki/publication.py b/rpkid/rpki/publication.py index 07905601..975d5fc9 100644 --- a/rpkid/rpki/publication.py +++ b/rpkid/rpki/publication.py @@ -3,7 +3,7 @@ RPKI "publication" protocol. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -32,9 +32,18 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import os, errno -import rpki.resource_set, rpki.x509, rpki.sql, rpki.exceptions, rpki.xml_utils -import rpki.http, rpki.up_down, rpki.relaxng, rpki.sundial, rpki.log, rpki.roa +import os +import errno +import rpki.resource_set +import rpki.x509 +import rpki.sql +import rpki.exceptions +import rpki.xml_utils +import rpki.http +import rpki.up_down +import rpki.relaxng +import rpki.sundial +import rpki.log class publication_namespace(object): """ @@ -73,7 +82,10 @@ class config_elt(control_elt): element_name = "config" elements = ("bpki_crl",) - sql_template = rpki.sql.template("config", "config_id", ("bpki_crl", rpki.x509.CRL)) + sql_template = rpki.sql.template( + "config", + "config_id", + ("bpki_crl", rpki.x509.CRL)) wired_in_config_id = 1 @@ -120,10 +132,14 @@ class client_elt(control_elt): elements = ("bpki_cert", "bpki_glue") booleans = ("clear_replay_protection",) - sql_template = rpki.sql.template("client", "client_id", "client_handle", "base_uri", - ("bpki_cert", rpki.x509.X509), - ("bpki_glue", rpki.x509.X509), - ("last_cms_timestamp", rpki.sundial.datetime)) + sql_template = rpki.sql.template( + "client", + "client_id", + "client_handle", + "base_uri", + ("bpki_cert", rpki.x509.X509), + ("bpki_glue", rpki.x509.X509), + ("last_cms_timestamp", rpki.sundial.datetime)) base_uri = None bpki_cert = None @@ -189,7 +205,7 @@ class publication_object_elt(rpki.xml_utils.base_elt, publication_namespace): """ assert name == self.element_name, "Unexpected name %s, stack %s" % (name, stack) if text: - self.payload = self.payload_type(Base64 = text) + self.payload = self.payload_type(Base64 = text) # pylint: disable=E1102 stack.pop() def toXML(self): @@ -205,6 +221,7 @@ class publication_object_elt(rpki.xml_utils.base_elt, publication_namespace): """ Action dispatch handler. """ + # pylint: disable=E0203 try: if self.client is None: raise rpki.exceptions.BadQuery, "Client query received on control channel" diff --git a/rpkid/rpki/rcynic.py b/rpkid/rpki/rcynic.py index b05586ff..d6c00710 100644 --- a/rpkid/rpki/rcynic.py +++ b/rpkid/rpki/rcynic.py @@ -1,9 +1,7 @@ """ Prototype of an iterator class to parse the output of an rcynic run. -This script will almost certainly move to the library package once -it's stable. -Copyright (C) 2010-2011 Internet Systems Consortium ("ISC") +Copyright (C) 2010-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -18,9 +16,12 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -__revision__ = '$Id$' +__version__ = '$Id$' -import sys, os, rpki.x509, rpki.exceptions +import os +import rpki.x509 +import rpki.exceptions +import rpki.resource_set from xml.etree.ElementTree import ElementTree class UnknownObject(rpki.exceptions.RPKI_Exception): @@ -100,25 +101,18 @@ class rcynic_roa(rcynic_object): obj_class = rpki.x509.ROA - _afi_map = dict((cls.resource_set_type.afi, cls) - for cls in (rpki.resource_set.roa_prefix_set_ipv4, - rpki.resource_set.roa_prefix_set_ipv6)) - def __init__(self, filename, **kwargs): rcynic_object.__init__(self, filename, **kwargs) self.obj.extract() - self.asID = self.obj.get_content().asID.get() + self.asID = self.obj.get_POW().getASID() self.prefix_sets = [] - for fam in self.obj.get_content().ipAddrBlocks: - prefix_set = self._afi_map[fam.addressFamily.get()]() - addr_type = prefix_set.resource_set_type.range_type.datum_type - self.prefix_sets.append(prefix_set) - for addr in fam.addresses: - prefix = addr.address.get() - prefixlen = len(prefix) - prefix = addr_type(rpki.resource_set._bs2long(prefix, addr_type.bits, 0)) - maxprefixlen = addr.maxLength.get() - prefix_set.append(prefix_set.prefix_type(prefix, prefixlen, maxprefixlen)) + v4, v6 = self.obj.get_POW().getPrefixes() + if v4: + self.prefix_sets.append(rpki.resource_set.roa_prefix_set_ipv4([ + rpki.resource_set.roa_prefix_ipv4(long(p[0]), p[1], p[2]) for p in v4])) + if v6: + self.prefix_sets.append(rpki.resource_set.roa_prefix_set_ipv6([ + rpki.resource_set.roa_prefix_ipv6(long(p[0]), p[1], p[2]) for p in v6])) self.ee = rpki.x509.X509(POW = self.obj.get_POW().certs()[0]) self.notBefore = self.ee.getNotBefore() self.notAfter = self.ee.getNotAfter() @@ -180,7 +174,7 @@ class rcynic_file_iterator(object): self.rcynic_dir = os.path.join(rcynic_root, authenticated_subdir) def __iter__(self): - for root, dirs, files in os.walk(self.rcynic_dir): + for root, dirs, files in os.walk(self.rcynic_dir): # pylint: disable=W0612 for filename in files: filename = os.path.join(root, filename) ext = os.path.splitext(filename)[1] @@ -188,26 +182,26 @@ class rcynic_file_iterator(object): yield file_name_classes[ext](filename) class validation_status_element(object): - def __init__(self, *args, **kwargs): - self.attrs = [] - for k,v in kwargs.iteritems(): - setattr(self, k, v) - # attribute names are saved so that the __repr__ method can - # display the subset of attributes the user specified - self.attrs.append(k) - self._obj = None - - def get_obj(self): - if not self._obj: - self._obj = self.file_class(filename=self.filename, uri=self.uri) - return self._obj - - def __repr__(self): - v = [self.__class__.__name__, 'id=%s' % str(id(self))] - v.extend(['%s=%s' % (x, getattr(self, x)) for x in self.attrs]) - return '<%s>' % (' '.join(v),) - - obj = property(get_obj) + def __init__(self, *args, **kwargs): + self.attrs = [] + for k, v in kwargs.iteritems(): + setattr(self, k, v) + # attribute names are saved so that the __repr__ method can + # display the subset of attributes the user specified + self.attrs.append(k) + self._obj = None + + def get_obj(self): + if not self._obj: + self._obj = self.file_class(filename=self.filename, uri=self.uri) + return self._obj + + def __repr__(self): + v = [self.__class__.__name__, 'id=%s' % str(id(self))] + v.extend(['%s=%s' % (x, getattr(self, x)) for x in self.attrs]) + return '<%s>' % (' '.join(v),) + + obj = property(get_obj) class rcynic_xml_iterator(object): """ @@ -256,25 +250,26 @@ class rcynic_xml_iterator(object): # determine the path to this object if status == 'object_accepted': - d = self.authenticated_subdir + d = self.authenticated_subdir elif generation == 'backup': - d = self.authenticated_old_subdir + d = self.authenticated_old_subdir else: - d = self.unauthenticated_subdir + d = self.unauthenticated_subdir filename = os.path.join(d, self.uri_to_filename(uri)) ext = os.path.splitext(filename)[1] if ext in file_name_classes: - yield validation_status_element(timestamp=timestamp, generation=generation, uri=uri, - status=status, filename=filename, file_class=file_name_classes[ext]) + yield validation_status_element(timestamp = timestamp, generation = generation, + uri=uri, status = status, filename = filename, + file_class = file_name_classes[ext]) def label_iterator(xml_file): - """ - Returns an iterator which contains all defined labels from an rcynic XML - output file. Each item is a tuple of the form - (label, kind, description). - """ + """ + Returns an iterator which contains all defined labels from an rcynic XML + output file. Each item is a tuple of the form + (label, kind, description). + """ - for label in ElementTree(file=xml_file).find("labels"): - yield label.tag, label.get("kind"), label.text.strip() + for label in ElementTree(file=xml_file).find("labels"): + yield label.tag, label.get("kind"), label.text.strip() diff --git a/rpkid/rpki/relaxng.py b/rpkid/rpki/relaxng.py index c3f239d4..962858c7 100644 --- a/rpkid/rpki/relaxng.py +++ b/rpkid/rpki/relaxng.py @@ -4,7 +4,7 @@ import lxml.etree ## @var left_right ## Parsed RelaxNG left_right schema -left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> +left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: left-right-schema.rnc 4588 2012-07-06 19:43:56Z sra $ @@ -1037,7 +1037,7 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc ## @var up_down ## Parsed RelaxNG up_down schema -up_down = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> +up_down = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: up-down-schema.rnc 3913 2011-07-01 17:04:18Z sra $ @@ -1289,7 +1289,7 @@ up_down = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encodi ## @var publication ## Parsed RelaxNG publication schema -publication = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> +publication = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: publication-schema.rnc 4588 2012-07-06 19:43:56Z sra $ @@ -1879,7 +1879,7 @@ publication = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" en ## @var myrpki ## Parsed RelaxNG myrpki schema -myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?> +myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: myrpki.rnc 4430 2012-04-17 16:00:14Z sra $ diff --git a/rpkid/rpki/resource_set.py b/rpkid/rpki/resource_set.py index 0bc31ef2..f0d096d5 100644 --- a/rpkid/rpki/resource_set.py +++ b/rpkid/rpki/resource_set.py @@ -10,7 +10,7 @@ We also provide some basic set operations (union, intersection, etc). $Id$ -Copyright (C) 2009--2010 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -39,8 +39,11 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import re, math -import rpki.ipaddrs, rpki.oids, rpki.exceptions +import re +import math +import rpki.oids +import rpki.exceptions +import rpki.POW ## @var inherit_token # Token used to indicate inheritance in read and print syntax. @@ -61,20 +64,16 @@ class resource_range(object): directly. """ - def __init__(self, min, max): - """ - Initialize and sanity check a resource_range. - """ - assert min.__class__ is max.__class__, "Type mismatch, %r doesn't match %r" % (min.__class__, max.__class__) - assert min <= max, "Mis-ordered range: %s before %s" % (min, max) - self.min = min - self.max = max + def __init__(self, range_min, range_max): + assert range_min.__class__ is range_max.__class__, \ + "Type mismatch, %r doesn't match %r" % (range_min.__class__, range_max.__class__) + assert range_min <= range_max, "Mis-ordered range: %s before %s" % (range_min, range_max) + self.min = range_min + self.max = range_max def __cmp__(self, other): - """ - Compare two resource_range objects. - """ - assert self.__class__ is other.__class__, "Type mismatch, comparing %r with %r" % (self.__class__, other.__class__) + assert self.__class__ is other.__class__, \ + "Type mismatch, comparing %r with %r" % (self.__class__, other.__class__) return cmp(self.min, other.min) or cmp(self.max, other.max) class resource_range_as(resource_range): @@ -90,6 +89,11 @@ class resource_range_as(resource_range): datum_type = long + def __init__(self, range_min, range_max): + resource_range.__init__(self, + long(range_min) if isinstance(range_min, int) else range_min, + long(range_max) if isinstance(range_max, int) else range_max) + def __str__(self): """ Convert a resource_range_as to string format. @@ -99,15 +103,6 @@ class resource_range_as(resource_range): else: return str(self.min) + "-" + str(self.max) - def to_rfc3779_tuple(self): - """ - Convert a resource_range_as to tuple format for RFC 3779 ASN.1 encoding. - """ - if self.min == self.max: - return ("id", self.min) - else: - return ("range", (self.min, self.max)) - @classmethod def parse_str(cls, x): """ @@ -139,6 +134,11 @@ class resource_range_ip(resource_range): directly. """ + ## @var datum_type + # Type of underlying data (min and max). + + datum_type = rpki.POW.IPAddress + def prefixlen(self): """ Determine whether a resource_range_ip can be expressed as a @@ -148,7 +148,7 @@ class resource_range_ip(resource_range): mask = self.min ^ self.max if self.min & mask != 0: raise rpki.exceptions.MustBePrefix - prefixlen = self.datum_type.bits + prefixlen = self.min.bits while mask & 1: prefixlen -= 1 mask >>= 1 @@ -156,9 +156,6 @@ class resource_range_ip(resource_range): raise rpki.exceptions.MustBePrefix return prefixlen - # Backwards compatability, will go away at some point - _prefixlen = prefixlen - def __str__(self): """ Convert a resource_range_ip to string format. @@ -168,18 +165,6 @@ class resource_range_ip(resource_range): except rpki.exceptions.MustBePrefix: return str(self.min) + "-" + str(self.max) - def to_rfc3779_tuple(self): - """ - Convert a resource_range_ip to tuple format for RFC 3779 ASN.1 - encoding. - """ - try: - return ("addressPrefix", _long2bs(self.min, self.datum_type.bits, - prefixlen = self.prefixlen())) - except rpki.exceptions.MustBePrefix: - return ("addressRange", (_long2bs(self.min, self.datum_type.bits, strip = 0), - _long2bs(self.max, self.datum_type.bits, strip = 1))) - @classmethod def parse_str(cls, x): """ @@ -187,10 +172,10 @@ class resource_range_ip(resource_range): """ r = re_address_range.match(x) if r: - return cls(cls.datum_type(r.group(1)), cls.datum_type(r.group(2))) + return cls(rpki.POW.IPAddress(r.group(1)), rpki.POW.IPAddress(r.group(2))) r = re_prefix.match(x) if r: - return cls.make_prefix(cls.datum_type(r.group(1)), int(r.group(2))) + return cls.make_prefix(rpki.POW.IPAddress(r.group(1)), int(r.group(2))) raise rpki.exceptions.BadIPResource, 'Bad IP resource "%s"' % (x) @classmethod @@ -198,11 +183,11 @@ class resource_range_ip(resource_range): """ Construct a resource range corresponding to a prefix. """ - assert isinstance(prefix, cls.datum_type) and isinstance(prefixlen, (int, long)) - assert prefixlen >= 0 and prefixlen <= cls.datum_type.bits, "Nonsensical prefix length: %s" % prefixlen - mask = (1 << (cls.datum_type.bits - prefixlen)) - 1 + assert isinstance(prefix, rpki.POW.IPAddress) and isinstance(prefixlen, (int, long)) + assert prefixlen >= 0 and prefixlen <= prefix.bits, "Nonsensical prefix length: %s" % prefixlen + mask = (1 << (prefix.bits - prefixlen)) - 1 assert (prefix & mask) == 0, "Resource not in canonical form: %s/%s" % (prefix, prefixlen) - return cls(cls.datum_type(prefix), cls.datum_type(prefix | mask)) + return cls(prefix, rpki.POW.IPAddress(prefix | mask)) def chop_into_prefixes(self, result): """ @@ -213,19 +198,19 @@ class resource_range_ip(resource_range): self.prefixlen() result.append(self) except rpki.exceptions.MustBePrefix: - min = self.min - max = self.max - while max >= min: - bits = int(math.log(max - min + 1, 2)) + range_min = self.min + range_max = self.max + while range_max >= range_min: + bits = int(math.log(long(range_max - range_min + 1), 2)) while True: mask = ~(~0 << bits) - assert min + mask <= max - if min & mask == 0: + assert range_min + mask <= range_max + if range_min & mask == 0: break assert bits > 0 bits -= 1 - result.append(self.make_prefix(min, self.datum_type.bits - bits)) - min = self.datum_type(min + mask + 1) + result.append(self.make_prefix(range_min, range_min.bits - bits)) + range_min = range_min + mask + 1 @classmethod def from_strings(cls, a, b = None): @@ -234,54 +219,55 @@ class resource_range_ip(resource_range): """ if b is None: b = a - a = rpki.ipaddrs.parse(a) - b = rpki.ipaddrs.parse(b) - if a.__class__ is not b.__class__: + a = rpki.POW.IPAddress(a) + b = rpki.POW.IPAddress(b) + if a.version != b.version: raise TypeError if cls is resource_range_ip: - if isinstance(a, rpki.ipaddrs.v4addr): + if a.version == 4: return resource_range_ipv4(a, b) - if isinstance(a, rpki.ipaddrs.v6addr): + if a.version == 6: return resource_range_ipv6(a, b) - elif isinstance(a, cls.datum_type): + elif a.version == cls.version: return cls(a, b) - raise TypeError + else: + raise TypeError class resource_range_ipv4(resource_range_ip): """ Range of IPv4 addresses. """ - ## @var datum_type - # Type of underlying data (min and max). - - datum_type = rpki.ipaddrs.v4addr + version = 4 class resource_range_ipv6(resource_range_ip): """ Range of IPv6 addresses. """ - ## @var datum_type - # Type of underlying data (min and max). - - datum_type = rpki.ipaddrs.v6addr + version = 6 def _rsplit(rset, that): """ Utility function to split a resource range into two resource ranges. """ + this = rset.pop(0) - cell_type = type(this.min) - assert type(this) is type(that) and type(this.max) is cell_type and \ - type(that.min) is cell_type and type(that.max) is cell_type + + assert type(this) is type(that), "type(this) [%r] is not type(that) [%r]" % (type(this), type(that)) + + assert type(this.min) is type(that.min), "type(this.min) [%r] is not type(that.min) [%r]" % (type(this.min), type(that.min)) + assert type(this.min) is type(this.max), "type(this.min) [%r] is not type(this.max) [%r]" % (type(this.min), type(this.max)) + assert type(that.min) is type(that.max), "type(that.min) [%r] is not type(that.max) [%r]" % (type(that.min), type(that.max)) + if this.min < that.min: - rset.insert(0, type(this)(this.min, cell_type(that.min - 1))) + rset.insert(0, type(this)(this.min, type(that.min)(that.min - 1))) rset.insert(1, type(this)(that.min, this.max)) + else: assert this.max > that.max rset.insert(0, type(this)(this.min, that.max)) - rset.insert(1, type(this)(cell_type(that.max + 1), this.max)) + rset.insert(1, type(this)(type(that.max)(that.max + 1), this.max)) class resource_set(list): """ @@ -312,8 +298,6 @@ class resource_set(list): self.inherit = True elif isinstance(ini, str) and len(ini): self.extend(self.parse_str(s) for s in ini.split(",")) - elif isinstance(ini, tuple): - self.parse_rfc3779_tuple(ini) elif isinstance(ini, list): self.extend(ini) elif ini is not None and ini != "": @@ -418,16 +402,14 @@ class resource_set(list): this = set1.pop(0) that = set2.pop(0) assert type(this) is type(that) - if this.min < that.min: min = this.min - else: min = that.min - if this.max > that.max: max = this.max - else: max = that.max - result.append(type(this)(min, max)) - while set1 and set1[0].max <= max: - assert set1[0].min >= min + range_min = min(this.min, that.min) + range_max = max(this.max, that.max) + result.append(type(this)(range_min, range_max)) + while set1 and set1[0].max <= range_max: + assert set1[0].min >= range_min del set1[0] - while set2 and set2[0].max <= max: - assert set2[0].min >= min + while set2 and set2[0].max <= range_max: + assert set2[0].min >= range_min del set2[0] return type(self)(result) @@ -454,7 +436,7 @@ class resource_set(list): Set symmetric difference (XOR) for resource sets. """ com = self._comm(other) - return com[0].union(com[1]) + return com[0] | com[1] __xor__ = symmetric_difference @@ -467,20 +449,20 @@ class resource_set(list): if not self: return False if type(item) is type(self[0]): - min = item.min - max = item.max + range_min = item.min + range_max = item.max else: - min = item - max = item + range_min = item + range_max = item lo = 0 hi = len(self) while lo < hi: mid = (lo + hi) / 2 - if self[mid].max < max: + if self[mid].max < range_max: lo = mid + 1 else: hi = mid - return lo < len(self) and self[lo].min <= min and self[lo].max >= max + return lo < len(self) and self[lo].min <= range_min and self[lo].max >= range_max __contains__ = contains @@ -560,37 +542,6 @@ class resource_set_as(resource_set): range_type = resource_range_as - def parse_rfc3779_tuple(self, x): - """ - Parse ASN resource from tuple format generated by RFC 3779 ASN.1 - decoder. - """ - if x[0] == "asIdsOrRanges": - for aor in x[1]: - if aor[0] == "range": - min = aor[1][0] - max = aor[1][1] - else: - min = aor[1] - max = min - self.append(resource_range_as(min, max)) - else: - assert x[0] == "inherit" - self.inherit = True - - def to_rfc3779_tuple(self): - """ - Convert ASN resource set into tuple format used for RFC 3779 ASN.1 - encoding. - """ - self.canonize() - if self: - return ("asIdsOrRanges", tuple(a.to_rfc3779_tuple() for a in self)) - elif self.inherit: - return ("inherit", "") - else: - return None - class resource_set_ip(resource_set): """ (Generic) IP address resource set. @@ -599,24 +550,6 @@ class resource_set_ip(resource_set): directly. """ - def parse_rfc3779_tuple(self, x): - """ - Parse IP address resource sets from tuple format generated by RFC - 3779 ASN.1 decoder. - """ - if x[0] == "addressesOrRanges": - for aor in x[1]: - if aor[0] == "addressRange": - min = _bs2long(aor[1][0], self.range_type.datum_type.bits, 0) - max = _bs2long(aor[1][1], self.range_type.datum_type.bits, 1) - else: - min = _bs2long(aor[1], self.range_type.datum_type.bits, 0) - max = _bs2long(aor[1], self.range_type.datum_type.bits, 1) - self.append(self.range_type(self.range_type.datum_type(min), self.range_type.datum_type(max))) - else: - assert x[0] == "inherit" - self.inherit = True - def to_roa_prefix_set(self): """ Convert from a resource set to a ROA prefix set. @@ -628,19 +561,6 @@ class resource_set_ip(resource_set): self.roa_prefix_set_type.prefix_type(r.min, r.prefixlen()) for r in prefix_ranges]) - def to_rfc3779_tuple(self): - """ - Convert IP resource set into tuple format used by RFC 3779 ASN.1 - encoder. - """ - self.canonize() - if self: - return (self.afi, ("addressesOrRanges", tuple(a.to_rfc3779_tuple() for a in self))) - elif self.inherit: - return (self.afi, ("inherit", "")) - else: - return None - class resource_set_ipv4(resource_set_ip): """ IPv4 address resource set. @@ -651,11 +571,6 @@ class resource_set_ipv4(resource_set_ip): range_type = resource_range_ipv4 - ## @var afi - # Address Family Identifier value for IPv4. - - afi = "\x00\x01" - class resource_set_ipv6(resource_set_ip): """ IPv6 address resource set. @@ -666,44 +581,6 @@ class resource_set_ipv6(resource_set_ip): range_type = resource_range_ipv6 - ## @var afi - # Address Family Identifier value for IPv6. - - afi = "\x00\x02" - -def _bs2long(bs, addrlen, fill): - """ - Utility function to convert a bitstring (rpki.POW.pkix tuple - representation) into a Python long. - """ - x = 0L - for y in bs: - x = (x << 1) | y - for y in xrange(addrlen - len(bs)): - x = (x << 1) | fill - return x - -def _long2bs(number, addrlen, prefixlen = None, strip = None): - """ - Utility function to convert a Python long into a rpki.POW.pkix tuple - bitstring. This is a bit complicated because it supports the - fiendishly compact encoding used in RFC 3779. - """ - assert prefixlen is None or strip is None - bs = [] - while number: - bs.append(int(number & 1)) - number >>= 1 - if addrlen > len(bs): - bs.extend((0 for i in xrange(addrlen - len(bs)))) - bs.reverse() - if prefixlen is not None: - return tuple(bs[0:prefixlen]) - if strip is not None: - while bs and bs[-1] == strip: - bs.pop() - return tuple(bs) - class resource_bag(object): """ Container to simplify passing around the usual triple of ASN, IPv4, @@ -780,28 +657,21 @@ class resource_bag(object): v6 = resource_set_ipv6(",".join(v6s), allow_overlap) if v6s else None) @classmethod - def from_rfc3779_tuples(cls, exts): - """ - Build a resource_bag from intermediate form generated by RFC 3779 - ASN.1 decoder. - """ - asn = None - v4 = None - v6 = None - for x in exts: - if x[0] == rpki.oids.name2oid["sbgp-autonomousSysNum"]: - assert len(x[2]) == 1 or x[2][1] is None, "RDI not implemented: %s" % (str(x)) - assert asn is None - asn = resource_set_as(x[2][0]) - if x[0] == rpki.oids.name2oid["sbgp-ipAddrBlock"]: - for fam in x[2]: - if fam[0] == resource_set_ipv4.afi: - assert v4 is None - v4 = resource_set_ipv4(fam[1]) - if fam[0] == resource_set_ipv6.afi: - assert v6 is None - v6 = resource_set_ipv6(fam[1]) - return cls(asn, v4, v6) + def from_POW_rfc3779(cls, resources): + """ + Build a resource_bag from data returned by + rpki.POW.X509.getRFC3779(). + + The conversion to long for v4 and v6 is (intended to be) + temporary: in the long run, we should be using rpki.POW.IPAddress + rather than long here. + """ + asn = [resource_range_as(r[0], r[1]) for r in resources[0] or ()] + v4 = [resource_range_ipv4(r[0], r[1]) for r in resources[1] or ()] + v6 = [resource_range_ipv6(r[0], r[1]) for r in resources[2] or ()] + return cls(resource_set_as(asn) if asn else None, + resource_set_ipv4(v4) if v4 else None, + resource_set_ipv6(v6) if v6 else None) def empty(self): """ @@ -956,16 +826,13 @@ class roa_prefix(object): """ Return highest address covered by prefix. """ - t = self.range_type.datum_type - return t(self.prefix | ((1 << (t.bits - self.prefixlen)) - 1)) - - def to_roa_tuple(self): + return self.prefix | ((1 << (self.prefix.bits - self.prefixlen)) - 1) + + def to_POW_roa_tuple(self): """ - Convert a resource_range_ip to tuple format for ROA ASN.1 - encoding. + Convert a resource_range_ip to rpki.POW.ROA.setPrefixes() format. """ - return (_long2bs(self.prefix, self.range_type.datum_type.bits, prefixlen = self.prefixlen), - None if self.prefixlen == self.max_prefixlen else self.max_prefixlen) + return self.prefix, self.prefixlen, self.max_prefixlen @classmethod def parse_str(cls, x): @@ -974,20 +841,12 @@ class roa_prefix(object): """ r = re_prefix_with_maxlen.match(x) if r: - return cls(cls.range_type.datum_type(r.group(1)), int(r.group(2)), int(r.group(3))) + return cls(rpki.POW.IPAddress(r.group(1)), int(r.group(2)), int(r.group(3))) r = re_prefix.match(x) if r: - return cls(cls.range_type.datum_type(r.group(1)), int(r.group(2))) + return cls(rpki.POW.IPAddress(r.group(1)), int(r.group(2))) raise rpki.exceptions.BadROAPrefix, 'Bad ROA prefix "%s"' % (x) - @classmethod - def from_roa_tuple(cls, o): - """ - Convert from ROA ASN.1 tuple format. - """ - assert isinstance(o, (list, tuple)), 'argument must be either list or tuple' - return cls(cls.range_type.datum_type(_bs2long(o[0], cls.range_type.datum_type.bits, 0)), len(o[0]), o[1]) - class roa_prefix_ipv4(roa_prefix): """ IPv4 ROA prefix. @@ -1054,7 +913,7 @@ class roa_prefix_set(list): s.append(None) for p in self: s[0] = p.to_resource_range() - r = r.union(s) + r |= s return r @classmethod @@ -1070,7 +929,7 @@ class roa_prefix_set(list): """ sql.execute(query, args) - return cls([cls.prefix_type(cls.prefix_type.range_type.datum_type(x), int(y), int(z)) + return cls([cls.prefix_type(rpki.POW.IPAddress(x), int(y), int(z)) for (x, y, z) in sql.fetchall()]) @classmethod @@ -1082,20 +941,19 @@ class roa_prefix_set(list): max_prefixlen) triples. """ - return cls([cls.prefix_type(cls.prefix_type.range_type.datum_type(x), int(y), int(z)) + return cls([cls.prefix_type(rpki.POW.IPAddress(x), int(y), int(z)) for (x, y, z) in iterable]) - - def to_roa_tuple(self): + def to_POW_roa_tuple(self): """ - Convert ROA prefix set into tuple format used by ROA ASN.1 - encoder. This is a variation on the format used in RFC 3779. + Convert ROA prefix set to form used by rpki.POW.ROA.setPrefixes(). """ if self: - return (self.resource_set_type.afi, tuple(a.to_roa_tuple() for a in self)) + return tuple(a.to_POW_roa_tuple() for a in self) else: return None + class roa_prefix_set_ipv4(roa_prefix_set): """ Set of IPv4 ROA prefixes. diff --git a/rpkid/rpki/roa.py b/rpkid/rpki/roa.py deleted file mode 100644 index 51b141e1..00000000 --- a/rpkid/rpki/roa.py +++ /dev/null @@ -1,76 +0,0 @@ -""" -ROA (Route Origin Authorization). - -At the moment this is just the ASN.1 encoder. - -This corresponds to draft-ietf-sidr-roa-format, which is a work in -progress, so this may need updating later. - -$Id$ - -Copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - -draft-ietf-sidr-roa-format-03 2.1.3.2 specifies: - - RouteOriginAttestation ::= SEQUENCE { - version [0] INTEGER DEFAULT 0, - asID ASID, - ipAddrBlocks SEQUENCE OF ROAIPAddressFamily } - - ASID ::= INTEGER - - ROAIPAddressFamily ::= SEQUENCE { - addressFamily OCTET STRING (SIZE (2..3)), - addresses SEQUENCE OF ROAIPAddress } - - ROAIPAddress ::= SEQUENCE { - address IPAddress, - maxLength INTEGER OPTIONAL } - - IPAddress ::= BIT STRING -""" - -from rpki.POW._der import * - -class ROAIPAddress(Sequence): - def __init__(self, optional=0, default=''): - self.address = BitString() - self.maxLength = Integer(1) - contents = [ self.address, self.maxLength ] - Sequence.__init__(self, contents, optional, default) - -class ROAIPAddresses(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, ROAIPAddress, optional, default) - -class ROAIPAddressFamily(Sequence): - def __init__(self, optional=0, default=''): - self.addressFamily = OctetString() - self.addresses = ROAIPAddresses() - contents = [ self.addressFamily, self.addresses ] - Sequence.__init__(self, contents, optional, default) - -class ROAIPAddressFamilies(SequenceOf): - def __init__(self, optional=0, default=''): - SequenceOf.__init__(self, ROAIPAddressFamily, optional, default) - -class RouteOriginAttestation(Sequence): - def __init__(self, optional=0, default=''): - self.version = Integer() - self.explicitVersion = Explicit(CLASS_CONTEXT, FORM_CONSTRUCTED, 0, self.version, 0, 'oAMCAQA=') - self.asID = Integer() - self.ipAddrBlocks = ROAIPAddressFamilies() - contents = [ self.explicitVersion, self.asID, self.ipAddrBlocks ] - Sequence.__init__(self, contents, optional, default) diff --git a/rpkid/rpki/rootd.py b/rpkid/rpki/rootd.py index 75257a80..6da7081b 100644 --- a/rpkid/rpki/rootd.py +++ b/rpkid/rpki/rootd.py @@ -10,7 +10,7 @@ Usage: python rootd.py [ { -c | --config } configfile ] $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -186,7 +186,9 @@ class main(object): rpki.log.debug("No PKCS #10 request, can't generate subject certificate yet") return None resources = self.rpki_root_cert.get_3779resources() - rpki.log.info("Generating subject cert with resources " + str(resources)) + notAfter = now + self.rpki_subject_lifetime + rpki.log.info("Generating subject cert %s with resources %s, expires %s" % ( + self.rpki_base_uri + self.rpki_subject_cert, resources, notAfter)) req_key = pkcs10.getPublicKey() req_sia = pkcs10.get_SIA() self.next_serial_number() @@ -198,7 +200,7 @@ class main(object): aia = self.rpki_root_cert_uri, crldp = self.rpki_base_uri + self.rpki_root_crl, resources = resources, - notAfter = now + self.rpki_subject_lifetime) + notAfter = notAfter) self.set_subject_cert(subject_cert) self.generate_crl_and_manifest(now) return subject_cert @@ -227,8 +229,7 @@ class main(object): keypair = self.rpki_root_key, subject_key = manifest_keypair.get_RSApublic(), serial = self.serial_number, - sia = ((rpki.oids.name2oid["id-ad-signedObject"], - ("uri", self.rpki_base_uri + self.rpki_root_manifest)),), + sia = (None, None, self.rpki_base_uri + self.rpki_root_manifest), aia = self.rpki_root_cert_uri, crldp = self.rpki_base_uri + self.rpki_root_crl, resources = manifest_resources, @@ -247,7 +248,7 @@ class main(object): f.close() def revoke_subject_cert(self, now): - self.revoked.append((self.get_subject_cert().getSerial(), now.toASN1tuple(), ())) + self.revoked.append((self.get_subject_cert().getSerial(), now)) def compose_response(self, r_msg, pkcs10 = None): subject_cert = self.issue_subject_cert_maybe(pkcs10) @@ -297,8 +298,8 @@ class main(object): if self.crl_number is None: try: crl = rpki.x509.CRL(DER_file = os.path.join(self.rpki_root_dir, self.rpki_root_crl)) - self.crl_number = crl.get_POWpkix().getExtension(rpki.oids.name2oid["cRLNumber"])[2] - except: + self.crl_number = crl.getCRLNumber() + except: # pylint: disable=W0702 self.crl_number = 0 self.crl_number += 1 return self.crl_number @@ -372,12 +373,12 @@ class main(object): self.rpki_root_key = rpki.x509.RSA(Auto_update = self.cfg.get("rpki-root-key")) self.rpki_root_cert_file = self.cfg.get("rpki-root-cert") - self.rpki_root_cert_uri = self.cfg.get("rpki-root-cert-uri", self.rpki_base_uri + "Root.cer") + self.rpki_root_cert_uri = self.cfg.get("rpki-root-cert-uri", self.rpki_base_uri + "root.cer") - self.rpki_root_manifest = self.cfg.get("rpki-root-manifest", "Root.mft") - self.rpki_root_crl = self.cfg.get("rpki-root-crl", "Root.crl") - self.rpki_subject_cert = self.cfg.get("rpki-subject-cert", "Child.cer") - self.rpki_subject_pkcs10 = self.cfg.get("rpki-subject-pkcs10", "Child.pkcs10") + self.rpki_root_manifest = self.cfg.get("rpki-root-manifest", "root.mft") + self.rpki_root_crl = self.cfg.get("rpki-root-crl", "root.crl") + self.rpki_subject_cert = self.cfg.get("rpki-subject-cert", "child.cer") + self.rpki_subject_pkcs10 = self.cfg.get("rpki-subject-pkcs10", "child.pkcs10") self.rpki_subject_lifetime = rpki.sundial.timedelta.parse(self.cfg.get("rpki-subject-lifetime", "30d")) self.rpki_subject_regen = rpki.sundial.timedelta.parse(self.cfg.get("rpki-subject-regen", self.rpki_subject_lifetime.convert_to_seconds() / 2)) diff --git a/rpkid/rpki/rpkic.py b/rpkid/rpki/rpkic.py index 2849aa12..f00e15b5 100644 --- a/rpkid/rpki/rpkic.py +++ b/rpkid/rpki/rpkic.py @@ -39,16 +39,10 @@ PERFORMANCE OF THIS SOFTWARE. # modules, or anything that imports Django modules. Bottom line is # that we don't import such modules until we need them. -import csv -import re import os import getopt import sys -import base64 import time -import glob -import copy -import warnings import rpki.config import rpki.cli import rpki.sundial @@ -116,7 +110,7 @@ class main(rpki.cli.Cmd): rpki.cli.Cmd.__init__(self, self.argv) def read_config(self): - global rpki + global rpki # pylint: disable=W0602 cfg = rpki.config.parser(self.cfg_file, "myrpki") cfg.set_global_flags() @@ -137,7 +131,7 @@ class main(rpki.cli.Cmd): INSTALLED_APPS = ("rpki.irdb",), ) - import rpki.irdb + import rpki.irdb # pylint: disable=W0621 try: rpki.irdb.models.ca_certificate_lifetime = rpki.sundial.timedelta.parse( @@ -228,6 +222,7 @@ class main(rpki.cli.Cmd): self.zoo.update_bpki() self.zoo.write_bpki_files() + self.zoo.synchronize() def do_configure_child(self, arg): @@ -252,7 +247,7 @@ class main(rpki.cli.Cmd): r, child_handle = self.zoo.configure_child(argv[0], child_handle) r.save("%s.%s.parent-response.xml" % (self.zoo.handle, child_handle), sys.stdout) - self.zoo.synchronize() + self.zoo.synchronize_ca() def do_delete_child(self, arg): @@ -262,7 +257,7 @@ class main(rpki.cli.Cmd): try: self.zoo.delete_child(arg) - self.zoo.synchronize() + self.zoo.synchronize_ca() except rpki.irdb.Child.DoesNotExist: print "No such child \"%s\"" % arg @@ -309,7 +304,7 @@ class main(rpki.cli.Cmd): try: self.zoo.delete_parent(arg) - self.zoo.synchronize() + self.zoo.synchronize_ca() except rpki.irdb.Parent.DoesNotExist: print "No such parent \"%s\"" % arg @@ -324,7 +319,7 @@ class main(rpki.cli.Cmd): try: self.zoo.delete_rootd() - self.zoo.synchronize() + self.zoo.synchronize_ca() except rpki.irdb.Rootd.DoesNotExist: print "No associated rootd" @@ -355,7 +350,7 @@ class main(rpki.cli.Cmd): r.save("%s.repository-response.xml" % client_handle.replace("/", "."), sys.stdout) try: - self.zoo.synchronize() + self.zoo.synchronize_pubd() except rpki.irdb.Repository.DoesNotExist: pass @@ -367,7 +362,7 @@ class main(rpki.cli.Cmd): try: self.zoo.delete_publication_client(arg).delete() - self.zoo.synchronize() + self.zoo.synchronize_pubd() except rpki.irdb.Client.DoesNotExist: print "No such client \"%s\"" % arg @@ -396,7 +391,7 @@ class main(rpki.cli.Cmd): raise BadCommandSyntax, "Need to specify filename for repository.xml on command line" self.zoo.configure_repository(argv[0], parent_handle) - self.zoo.synchronize() + self.zoo.synchronize_ca() def do_delete_repository(self, arg): """ @@ -408,7 +403,7 @@ class main(rpki.cli.Cmd): try: self.zoo.delete_repository(arg) - self.zoo.synchronize() + self.zoo.synchronize_ca() except rpki.irdb.Repository.DoesNotExist: print "No such repository \"%s\"" % arg @@ -422,7 +417,7 @@ class main(rpki.cli.Cmd): """ self.zoo.delete_self() - self.zoo.synchronize() + self.zoo.synchronize_deleted_ca() def do_renew_child(self, arg): @@ -441,7 +436,9 @@ class main(rpki.cli.Cmd): raise BadCommandSyntax, "Need to specify child handle" self.zoo.renew_children(argv[0], valid_until) - self.zoo.synchronize(self.zoo.handle) + self.zoo.synchronize_ca() + if self.autosync: + self.zoo.run_rpkid_now() def complete_renew_child(self, *args): return self.irdb_handle_complete(self.zoo.resource_ca.children, *args) @@ -463,7 +460,9 @@ class main(rpki.cli.Cmd): raise BadCommandSyntax, "Unexpected arguments" self.zoo.renew_children(None, valid_until) - self.zoo.synchronize(self.zoo.handle) + self.zoo.synchronize_ca() + if self.autosync: + self.zoo.run_rpkid_now() def do_load_prefixes(self, arg): @@ -478,7 +477,7 @@ class main(rpki.cli.Cmd): self.zoo.load_prefixes(argv[0], True) if self.autosync: - self.zoo.synchronize(self.zoo.handle) + self.zoo.run_rpkid_now() def do_show_child_resources(self, arg): @@ -513,7 +512,7 @@ class main(rpki.cli.Cmd): self.zoo.load_asns(argv[0], True) if self.autosync: - self.zoo.synchronize(self.zoo.handle) + self.zoo.run_rpkid_now() def do_load_roa_requests(self, arg): @@ -528,7 +527,7 @@ class main(rpki.cli.Cmd): self.zoo.load_roa_requests(argv[0]) if self.autosync: - self.zoo.synchronize(self.zoo.handle) + self.zoo.run_rpkid_now() def do_synchronize(self, arg): @@ -542,7 +541,7 @@ class main(rpki.cli.Cmd): if arg: raise BadCommandSyntax("Unexpected argument(s): %r" % arg) - self.zoo.synchronize(self.zoo.handle) + self.zoo.synchronize() def do_force_publication(self, arg): diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py index f3fc38fa..42671f7f 100644 --- a/rpkid/rpki/rpkid.py +++ b/rpkid/rpki/rpkid.py @@ -42,7 +42,6 @@ import os import time import getopt import sys -import lxml.etree import re import random import rpki.resource_set @@ -57,6 +56,7 @@ import rpki.relaxng import rpki.log import rpki.async import rpki.daemonize +import rpki.rpkid_tasks class main(object): """ @@ -73,6 +73,8 @@ class main(object): self.foreground = False self.irdbd_cms_timestamp = None self.irbe_cms_timestamp = None + self.task_current = None + self.task_queue = [] opts, argv = getopt.getopt(sys.argv[1:], "c:dfhp:?", ["config=", "debug", "foreground", "help", "profile="]) @@ -135,11 +137,17 @@ class main(object): self.publication_kludge_base = self.cfg.get("publication-kludge-base", "publication/") + # Icky hack to let Iain do some testing quickly, should go away + # once we sort out whether we can make this change permanent. + + self.merge_publication_directories = self.cfg.getboolean("merge_publication_directories", + False) + self.use_internal_cron = self.cfg.getboolean("use-internal-cron", True) self.initial_delay = random.randint(self.cfg.getint("initial-delay-min", 10), self.cfg.getint("initial-delay-max", 120)) - + # Should be much longer in production self.cron_period = rpki.sundial.timedelta(seconds = self.cfg.getint("cron-period", 120)) self.cron_keepalive = rpki.sundial.timedelta(seconds = self.cfg.getint("cron-keepalive", 0)) @@ -269,7 +277,6 @@ class main(object): cb(200, body = reply) try: - self.sql.ping() q_cms = rpki.left_right.cms_msg(DER = query) q_msg = q_cms.unwrap((self.bpki_ta, self.irbe_cert)) self.irbe_cms_timestamp = q_cms.check_replay(self.irbe_cms_timestamp) @@ -296,7 +303,6 @@ class main(object): cb(200, body = reply) try: - self.sql.ping() match = self.up_down_url_regexp.search(path) if match is None: raise rpki.exceptions.BadContactURL, "Bad URL path received in up_down_handler(): %s" % path @@ -323,6 +329,38 @@ class main(object): if force or self.cron_timeout is not None: self.cron_timeout = rpki.sundial.now() + self.cron_keepalive + def task_add(self, task): + """ + Add a task to the scheduler task queue, unless it's already queued. + """ + if task not in self.task_queue: + rpki.log.debug("Adding %r to task queue" % task) + self.task_queue.append(task) + return True + else: + rpki.log.debug("Task %r was already in the task queue" % task) + return False + + def task_next(self): + """ + Pull next task from the task queue and put it the deferred event + queue (we don't want to run it directly, as that could eventually + blow out our call stack). + """ + try: + self.task_current = self.task_queue.pop(0) + except IndexError: + self.task_current = None + else: + rpki.async.event_defer(self.task_current) + + def task_run(self): + """ + Run first task on the task queue, unless one is running already. + """ + if self.task_current is None: + self.task_next() + def cron(self, cb = None): """ Periodic tasks. @@ -330,53 +368,42 @@ class main(object): rpki.log.trace() - def loop(iterator, s): - self.checkpoint() - s.cron(iterator) + now = rpki.sundial.now() + + rpki.log.debug("Starting cron run") def done(): self.sql.sweep() self.cron_timeout = None rpki.log.info("Finished cron run started at %s" % now) - if not self.use_internal_cron: + if cb is not None: cb() - def lose(e): - self.cron_timeout = None - if self.use_internal_cron: - rpki.log.traceback() - else: - raise - - try: - now = rpki.sundial.now() - - assert self.use_internal_cron or self.cron_timeout is None - - if self.use_internal_cron: + completion = rpki.rpkid_tasks.CompletionHandler(done) + for s in rpki.left_right.self_elt.sql_fetch_all(self): + s.schedule_cron_tasks(completion) + nothing_queued = completion.count == 0 - if self.cron_timeout is not None and self.cron_timeout < now: - rpki.log.warn("cron keepalive threshold %s has expired, breaking lock" % self.cron_timeout) - self.cron_timeout = None + assert self.use_internal_cron or self.cron_timeout is None - when = now + self.cron_period - rpki.log.debug("Scheduling next cron run at %s" % when) - self.cron_timer.set(when) + if self.cron_timeout is not None and self.cron_timeout < now: + rpki.log.warn("cron keepalive threshold %s has expired, breaking lock" % self.cron_timeout) + self.cron_timeout = None - if self.cron_timeout is not None: - rpki.log.warn("cron already running, keepalive will expire at %s" % self.cron_timeout) - return + if self.use_internal_cron: + when = now + self.cron_period + rpki.log.debug("Scheduling next cron run at %s" % when) + self.cron_timer.set(when) - self.sql.ping() + if self.cron_timeout is None: self.checkpoint(self.use_internal_cron) - rpki.async.iterator(rpki.left_right.self_elt.sql_fetch_all(self), loop, done) + self.task_run() - except (rpki.async.ExitNow, SystemExit): - self.cron_timeout = None - raise + elif self.use_internal_cron: + rpki.log.warn("cron already running, keepalive will expire at %s" % self.cron_timeout) - except Exception, e: - lose(e) + if nothing_queued: + done() def cronjob_handler(self, query, path, cb): """ @@ -391,6 +418,7 @@ class main(object): if self.use_internal_cron: cb(500, reason = "Running cron internally") else: + rpki.log.debug("Starting externally triggered cron") self.cron(done) class ca_obj(rpki.sql.sql_persistent): @@ -403,15 +431,22 @@ class ca_obj(rpki.sql.sql_persistent): "ca_id", "last_crl_sn", ("next_crl_update", rpki.sundial.datetime), - "last_issued_sn", "last_manifest_sn", + "last_issued_sn", + "last_manifest_sn", ("next_manifest_update", rpki.sundial.datetime), - "sia_uri", "parent_id", "parent_resource_class") + "sia_uri", + "parent_id", + "parent_resource_class") last_crl_sn = 0 last_issued_sn = 0 last_manifest_sn = 0 + def __repr__(self): + return rpki.log.log_repr(self, repr(self.parent), self.parent_resource_class) + @property + @rpki.sql.cache_reference def parent(self): """ Fetch parent object to which this CA object links. @@ -447,6 +482,13 @@ class ca_obj(rpki.sql.sql_persistent): return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND state = 'deprecated'", (self.ca_id,)) @property + def active_or_deprecated_ca_details(self): + """ + Fetch active and deprecated ca_details for this CA, if any. + """ + return ca_detail_obj.sql_fetch_where(self.gctx, "ca_id = %s AND (state = 'active' OR state = 'deprecated')", (self.ca_id,)) + + @property def revoked_ca_details(self): """ Fetch revoked ca_details for this CA, if any. @@ -473,7 +515,11 @@ class ca_obj(rpki.sql.sql_persistent): sia_uri = parent.sia_base if not sia_uri.endswith("/"): raise rpki.exceptions.BadURISyntax, "SIA URI must end with a slash: %s" % sia_uri - return sia_uri + str(self.ca_id) + "/" + # With luck this can go away sometime soon. + if self.gctx.merge_publication_directories: + return sia_uri + else: + return sia_uri + str(self.ca_id) + "/" def check_for_updates(self, parent, rc, cb, eb): """ @@ -588,6 +634,7 @@ class ca_obj(rpki.sql.sql_persistent): callback = cb, errback = eb) + rpki.log.debug("Sending issue request to %r from %r" % (parent, self.create)) rpki.up_down.issue_pdu.query(parent, self, ca_detail, done, eb) def delete(self, parent, callback): @@ -663,6 +710,7 @@ class ca_obj(rpki.sql.sql_persistent): callback = cb, errback = eb) + rpki.log.debug("Sending issue request to %r from %r" % (parent, self.rekey)) rpki.up_down.issue_pdu.query(parent, self, new_detail, done, eb) def revoke(self, cb, eb, revoke_all = False): @@ -716,6 +764,11 @@ class ca_detail_obj(rpki.sql.sql_persistent): crl_published = None manifest_published = None latest_ca_cert = None + latest_crl = None + latest_manifest = None + + def __repr__(self): + return rpki.log.log_repr(self, repr(self.ca), self.state, self.ca_cert_uri) def sql_decode(self, vals): """ @@ -726,6 +779,7 @@ class ca_detail_obj(rpki.sql.sql_persistent): assert self.manifest_public_key is None or self.manifest_private_key_id is None or self.manifest_public_key.get_DER() == self.manifest_private_key_id.get_public_DER() @property + @rpki.sql.cache_reference def ca(self): """ Fetch CA object to which this ca_detail links. @@ -815,14 +869,10 @@ class ca_detail_obj(rpki.sql.sql_persistent): child_cert.reissue(ca_detail = self, publisher = publisher) for roa in predecessor.roas: roa.regenerate(publisher = publisher) - - # Need to do something to regenerate ghostbusters here? - # Yes, I suspect so, since presumably we want the ghostbuster to - # be issued by the new ca_detail at this point. But check code. - - if predecessor.ghostbusters: - rpki.log.warn("Probably should be regenerating Ghostbusters %r here" % ghostbuster) - + for ghostbuster in predecessor.ghostbusters: + ghostbuster.regenerate(publisher = publisher) + predecessor.generate_crl(publisher = publisher) + predecessor.generate_manifest(publisher = publisher) publisher.call_pubd(callback, errback) @@ -898,10 +948,7 @@ class ca_detail_obj(rpki.sql.sql_persistent): nextUpdate = rpki.sundial.now() if self.latest_manifest is not None: - try: - self.latest_manifest.get_content() - except rpki.exceptions.CMSContentNotSet: - self.latest_manifest.extract() + self.latest_manifest.extract_if_needed() nextUpdate = nextUpdate.later(self.latest_manifest.getNextUpdate()) if self.latest_crl is not None: @@ -942,7 +989,10 @@ class ca_detail_obj(rpki.sql.sql_persistent): """ def issued(issue_response): - self.latest_ca_cert = issue_response.payload.classes[0].certs[0].cert + new_ca_cert = issue_response.payload.classes[0].certs[0].cert + if self.latest_ca_cert != new_ca_cert: + self.latest_ca_cert = new_ca_cert + self.sql_mark_dirty() new_resources = self.latest_ca_cert.get_3779resources() publisher = publication_queue() @@ -952,11 +1002,12 @@ class ca_detail_obj(rpki.sql.sql_persistent): if sia_uri_changed or child_resources.oversized(new_resources): child_cert.reissue( ca_detail = self, - resources = child_resources.intersection(new_resources), + resources = child_resources & new_resources, publisher = publisher) publisher.call_pubd(callback, errback) + rpki.log.debug("Sending issue request to %r from %r" % (parent, self.update)) rpki.up_down.issue_pdu.query(parent, ca, self, issued, errback) @classmethod @@ -994,7 +1045,6 @@ class ca_detail_obj(rpki.sql.sql_persistent): notAfter = self.latest_ca_cert.getNotAfter(), is_ca = False) - def generate_manifest_cert(self): """ Generate a new manifest certificate for this ca_detail. @@ -1005,7 +1055,7 @@ class ca_detail_obj(rpki.sql.sql_persistent): ca = self.ca, resources = resources, subject_key = self.manifest_public_key, - sia = ((rpki.oids.name2oid["id-ad-signedObject"], ("uri", self.manifest_uri)),)) + sia = (None, None, self.manifest_uri)) def issue(self, ca, child, subject_key, sia, resources, publisher, child_cert = None): """ @@ -1015,6 +1065,8 @@ class ca_detail_obj(rpki.sql.sql_persistent): containing the newly issued cert. """ + self.check_failed_publication(publisher) + assert child_cert is None or child_cert.child_id == child.child_id cert = self.latest_ca_cert.issue( @@ -1036,6 +1088,7 @@ class ca_detail_obj(rpki.sql.sql_persistent): rpki.log.debug("Created new child_cert %r" % child_cert) else: child_cert.cert = cert + del child_cert.ca_detail child_cert.ca_detail_id = self.ca_detail_id rpki.log.debug("Reusing existing child_cert %r" % child_cert) @@ -1058,6 +1111,8 @@ class ca_detail_obj(rpki.sql.sql_persistent): new CRL is needed. """ + self.check_failed_publication(publisher) + ca = self.ca parent = ca.parent crl_interval = rpki.sundial.timedelta(seconds = parent.self.crl_interval) @@ -1071,7 +1126,7 @@ class ca_detail_obj(rpki.sql.sql_persistent): if now > revoked_cert.expires + crl_interval: revoked_cert.sql_delete() else: - certlist.append((revoked_cert.serial, revoked_cert.revoked.toASN1tuple(), ())) + certlist.append((revoked_cert.serial, revoked_cert.revoked)) certlist.sort() self.latest_crl = rpki.x509.CRL.generate( @@ -1100,22 +1155,30 @@ class ca_detail_obj(rpki.sql.sql_persistent): Generate a new manifest for this ca_detail. """ + self.check_failed_publication(publisher) + ca = self.ca parent = ca.parent crl_interval = rpki.sundial.timedelta(seconds = parent.self.crl_interval) now = rpki.sundial.now() + uri = self.manifest_uri if nextUpdate is None: nextUpdate = now + crl_interval if self.latest_manifest_cert is None or self.latest_manifest_cert.getNotAfter() < nextUpdate: + rpki.log.debug("Generating EE certificate for %s" % uri) self.generate_manifest_cert() + rpki.log.debug("Latest CA cert notAfter %s, new %s EE notAfter %s" % ( + self.latest_ca_cert.getNotAfter(), uri, self.latest_manifest_cert.getNotAfter())) + rpki.log.debug("Constructing manifest object list for %s" % uri) objs = [(self.crl_uri_tail, self.latest_crl)] objs.extend((c.uri_tail, c.cert) for c in self.child_certs) objs.extend((r.uri_tail, r.roa) for r in self.roas if r.roa is not None) objs.extend((g.uri_tail, g.ghostbuster) for g in self.ghostbusters) + rpki.log.debug("Building manifest object %s" % uri) self.latest_manifest = rpki.x509.SignedManifest.build( serial = ca.next_manifest_number(), thisUpdate = now, @@ -1124,10 +1187,11 @@ class ca_detail_obj(rpki.sql.sql_persistent): keypair = self.manifest_private_key_id, certs = self.latest_manifest_cert) + rpki.log.debug("Manifest generation took %s" % (rpki.sundial.now() - now)) self.manifest_published = rpki.sundial.now() self.sql_mark_dirty() - publisher.publish(cls = rpki.publication.manifest_elt, uri = self.manifest_uri, obj = self.latest_manifest, repository = parent.repository, + publisher.publish(cls = rpki.publication.manifest_elt, uri = uri, obj = self.latest_manifest, repository = parent.repository, handler = self.manifest_published_callback) def manifest_published_callback(self, pdu): @@ -1144,6 +1208,7 @@ class ca_detail_obj(rpki.sql.sql_persistent): """ publisher = publication_queue() + self.check_failed_publication(publisher) for roa in self.roas: roa.regenerate(publisher, fast = True) for ghostbuster in self.ghostbusters: @@ -1152,6 +1217,48 @@ class ca_detail_obj(rpki.sql.sql_persistent): child_cert.reissue(self, publisher, force = True) publisher.call_pubd(cb, eb) + def check_failed_publication(self, publisher): + """ + Check for failed publication of objects issued by this ca_detail. + + All publishable objects have timestamp fields recording time of + last attempted publication, and callback methods which clear these + timestamps once publication has succeeded. Our task here is to + look for objects issued by this ca_detail which have timestamps + set (indicating that they have not been published) and for which + the timestamps are not very recent (for some definition of very + recent -- intent is to allow a bit of slack in case pubd is just + being slow). In such cases, we want to retry publication. + + As an optimization, we can probably just check the manifest and + CRL; if these are up to date we probably don't need to check other + objects (which would involve several more SQL queries). Not sure + yet whether this optimization is worthwhile. + + At the moment, we only check CRL and manifest, full stop. This + should be expanded to check other objects, but that would take + longer and I have a user who needs this fix today. + """ + + stale = rpki.sundial.now() - rpki.sundial.timedelta(seconds = 60) + repository = self.ca.parent.repository + + if self.latest_crl is not None and self.crl_published is not None and self.crl_published < stale: + rpki.log.debug("Retrying publication for %s" % self.crl_uri) + publisher.publish(cls = rpki.publication.crl_elt, + uri = self.crl_uri, + obj = self.latest_crl, + repository = repository, + handler = self.crl_published_callback) + + if self.latest_manifest is not None and self.manifest_published is not None and self.manifest_published < stale: + rpki.log.debug("Retrying publication for %s" % self.manifest_uri) + publisher.publish(cls = rpki.publication.manifest_elt, + uri = self.manifest_uri, + obj = self.latest_manifest, + repository = repository, + handler = self.manifest_published_callback) + class child_cert_obj(rpki.sql.sql_persistent): """ Certificate that has been issued to a child. @@ -1166,6 +1273,9 @@ class child_cert_obj(rpki.sql.sql_persistent): "ski", ("published", rpki.sundial.datetime)) + def __repr__(self): + return rpki.log.log_repr(self, self.uri) + def __init__(self, gctx = None, child_id = None, ca_detail_id = None, cert = None): """ Initialize a child_cert_obj. @@ -1180,19 +1290,28 @@ class child_cert_obj(rpki.sql.sql_persistent): self.sql_mark_dirty() @property + @rpki.sql.cache_reference def child(self): """ Fetch child object to which this child_cert object links. """ return rpki.left_right.child_elt.sql_fetch(self.gctx, self.child_id) - + @property + @rpki.sql.cache_reference def ca_detail(self): """ Fetch ca_detail object to which this child_cert object links. """ return ca_detail_obj.sql_fetch(self.gctx, self.ca_detail_id) + @ca_detail.deleter + def ca_detail(self): + try: + del self._ca_detail + except AttributeError: + pass + @property def uri_tail(self): """ @@ -1353,6 +1472,9 @@ class revoked_cert_obj(rpki.sql.sql_persistent): ("revoked", rpki.sundial.datetime), ("expires", rpki.sundial.datetime)) + def __repr__(self): + return rpki.log.log_repr(self, repr(self.ca_detail), self.serial, self.revoked) + def __init__(self, gctx = None, serial = None, revoked = None, expires = None, ca_detail_id = None): """ Initialize a revoked_cert_obj. @@ -1367,6 +1489,7 @@ class revoked_cert_obj(rpki.sql.sql_persistent): self.sql_mark_dirty() @property + @rpki.sql.cache_reference def ca_detail(self): """ Fetch ca_detail object to which this revoked_cert_obj links. @@ -1406,6 +1529,7 @@ class roa_obj(rpki.sql.sql_persistent): published = None @property + @rpki.sql.cache_reference def self(self): """ Fetch self object to which this roa_obj links. @@ -1413,12 +1537,20 @@ class roa_obj(rpki.sql.sql_persistent): return rpki.left_right.self_elt.sql_fetch(self.gctx, self.self_id) @property + @rpki.sql.cache_reference def ca_detail(self): """ Fetch ca_detail object to which this roa_obj links. """ return rpki.rpkid.ca_detail_obj.sql_fetch(self.gctx, self.ca_detail_id) + @ca_detail.deleter + def ca_detail(self): + try: + del self._ca_detail + except AttributeError: + pass + def sql_fetch_hook(self): """ Extra SQL fetch actions for roa_obj -- handle prefix lists. @@ -1569,12 +1701,13 @@ class roa_obj(rpki.sql.sql_persistent): resources = rpki.resource_set.resource_bag(v4 = v4, v6 = v6) keypair = rpki.x509.RSA.generate() + del self.ca_detail self.ca_detail_id = ca_detail.ca_detail_id self.cert = ca_detail.issue_ee( ca = ca, resources = resources, subject_key = keypair.get_RSApublic(), - sia = ((rpki.oids.name2oid["id-ad-signedObject"], ("uri", self.uri_from_key(keypair))),)) + sia = (None, None, self.uri_from_key(keypair))) self.roa = rpki.x509.ROA.build(self.asn, self.ipv4, self.ipv6, keypair, (self.cert,)) self.published = rpki.sundial.now() self.sql_store() @@ -1685,7 +1818,11 @@ class ghostbuster_obj(rpki.sql.sql_persistent): published = None vcard = None + def __repr__(self): + return rpki.log.log_repr(self, self.uri) + @property + @rpki.sql.cache_reference def self(self): """ Fetch self object to which this ghostbuster_obj links. @@ -1693,6 +1830,7 @@ class ghostbuster_obj(rpki.sql.sql_persistent): return rpki.left_right.self_elt.sql_fetch(self.gctx, self.self_id) @property + @rpki.sql.cache_reference def ca_detail(self): """ Fetch ca_detail object to which this ghostbuster_obj links. @@ -1748,7 +1886,7 @@ class ghostbuster_obj(rpki.sql.sql_persistent): ca = ca, resources = resources, subject_key = keypair.get_RSApublic(), - sia = ((rpki.oids.name2oid["id-ad-signedObject"], ("uri", self.uri_from_key(keypair))),)) + sia = (None, None, self.uri_from_key(keypair))) self.ghostbuster = rpki.x509.Ghostbuster.build(self.vcard, keypair, (self.cert,)) self.published = rpki.sundial.now() self.sql_store() @@ -1879,6 +2017,7 @@ class publication_queue(object): def call_pubd(self, cb, eb): def loop(iterator, rid): + rpki.log.debug("Calling pubd[%r]" % self.repositories[rid]) self.repositories[rid].call_pubd(iterator, eb, self.msgs[rid], self.handlers) def done(): self.clear() @@ -1888,3 +2027,7 @@ class publication_queue(object): @property def size(self): return sum(len(self.msgs[rid]) for rid in self.repositories) + + def empty(self): + assert (not self.msgs) == (self.size == 0) + return not self.msgs diff --git a/rpkid/rpki/rpkid_tasks.py b/rpkid/rpki/rpkid_tasks.py new file mode 100644 index 00000000..79eb3c2b --- /dev/null +++ b/rpkid/rpki/rpkid_tasks.py @@ -0,0 +1,574 @@ +""" +rpkid task objects. Split out from rpki.left_right and rpki.rpkid +because interactions with rpkid scheduler were getting too complicated. + +$Id$ + +Copyright (C) 2012 Internet Systems Consortium ("ISC") + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +""" + +import rpki.log +import rpki.rpkid +import rpki.async +import rpki.up_down +import rpki.sundial +import rpki.publication +import rpki.exceptions + +class CompletionHandler(object): + """ + Track one or more scheduled rpkid tasks and execute a callback when + the last of them terminates. + """ + + ## @var debug + # Debug logging. + + debug = False + + def __init__(self, cb): + self.cb = cb + self.tasks = set() + + def register(self, task): + if self.debug: + rpki.log.debug("Completion handler %r registering task %r" % (self, task)) + self.tasks.add(task) + task.register_completion(self.done) + + def done(self, task): + try: + self.tasks.remove(task) + except KeyError: + rpki.log.warn("Completion handler %r called with unregistered task %r, blundering onwards" % (self, task)) + else: + if self.debug: + rpki.log.debug("Completion handler %r called with registered task %r" % (self, task)) + if not self.tasks: + if self.debug: + rpki.log.debug("Completion handler %r finished, calling %r" % (self, self.cb)) + self.cb() + + @property + def count(self): + return len(self.tasks) + + +class AbstractTask(object): + """ + Abstract base class for rpkid scheduler task objects. This just + handles the scheduler hooks, real work starts in self.start. + + NB: This assumes that the rpki.rpkid.rpkid.task_* methods have been + rewritten to expect instances of subclasses of this class, rather + than expecting thunks to be wrapped up in the older version of this + class. Rewrite, rewrite, remove this comment when done, OK! + """ + + ## @var timeslice + # How long before a task really should consider yielding the CPU to + # let something else run. + + timeslice = rpki.sundial.timedelta(seconds = 15) + + def __init__(self, s, description = None): + self.self = s + self.description = description + self.completions = [] + self.continuation = None + self.due_date = None + self.clear() + + def __repr__(self): + return rpki.log.log_repr(self, self.description) + + def register_completion(self, completion): + self.completions.append(completion) + + def exit(self): + while self.completions: + self.completions.pop(0)(self) + self.clear() + self.due_date = None + self.self.gctx.task_next() + + def postpone(self, continuation): + self.continuation = continuation + self.due_date = None + self.self.gctx.task_add(self) + self.self.gctx.task_next() + + def __call__(self): + self.due_date = rpki.sundial.now() + self.timeslice + if self.continuation is None: + rpki.log.debug("Running task %r" % self) + self.clear() + self.start() + else: + rpki.log.debug("Restarting task %r at %r" % (self, self.continuation)) + continuation = self.continuation + self.continuation = None + continuation() + + @property + def overdue(self): + return rpki.sundial.now() > self.due_date + + def __getattr__(self, name): + return getattr(self.self, name) + + def start(self): + raise NotImplementedError + + def clear(self): + pass + + +class PollParentTask(AbstractTask): + """ + Run the regular client poll cycle with each of this self's + parents, in turn. + """ + + def clear(self): + self.parent_iterator = None + self.parent = None + self.ca_map = None + self.class_iterator = None + + def start(self): + rpki.log.trace() + self.gctx.checkpoint() + rpki.log.debug("Self %s[%d] polling parents" % (self.self_handle, self.self_id)) + rpki.async.iterator(self.parents, self.parent_loop, self.exit) + + def parent_loop(self, parent_iterator, parent): + self.parent_iterator = parent_iterator + self.parent = parent + rpki.up_down.list_pdu.query(parent, self.got_list, self.list_failed) + + def got_list(self, r_msg): + self.ca_map = dict((ca.parent_resource_class, ca) for ca in self.parent.cas) + self.gctx.checkpoint() + rpki.async.iterator(r_msg.payload.classes, self.class_loop, self.class_done) + + def list_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't get resource class list from parent %r, skipping: %s (%r)" % ( + self.parent, e, e)) + self.parent_iterator() + + def class_loop(self, class_iterator, rc): + self.gctx.checkpoint() + self.class_iterator = class_iterator + try: + ca = self.ca_map.pop(rc.class_name) + except KeyError: + rpki.rpkid.ca_obj.create(self.parent, rc, class_iterator, self.class_create_failed) + else: + ca.check_for_updates(self.parent, rc, class_iterator, self.class_update_failed) + + def class_update_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't update class, skipping: %s" % e) + self.class_iterator() + + def class_create_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't create class, skipping: %s" % e) + self.class_iterator() + + def class_done(self): + rpki.async.iterator(self.ca_map.values(), self.ca_loop, self.ca_done) + + def ca_loop(self, iterator, ca): + self.gctx.checkpoint() + ca.delete(self.parent, iterator) + + def ca_done(self): + self.gctx.checkpoint() + self.gctx.sql.sweep() + self.parent_iterator() + + +class UpdateChildrenTask(AbstractTask): + """ + Check for updated IRDB data for all of this self's children and + issue new certs as necessary. Must handle changes both in + resources and in expiration date. + """ + + def clear(self): + self.now = None + self.rsn = None + self.publisher = None + self.iterator = None + self.child = None + self.child_certs = None + + def start(self): + rpki.log.trace() + self.gctx.checkpoint() + rpki.log.debug("Self %s[%d] updating children" % (self.self_handle, self.self_id)) + self.now = rpki.sundial.now() + self.rsn = self.now + rpki.sundial.timedelta(seconds = self.regen_margin) + self.publisher = rpki.rpkid.publication_queue() + rpki.async.iterator(self.children, self.loop, self.done) + + def loop(self, iterator, child): + self.gctx.checkpoint() + self.gctx.sql.sweep() + self.iterator = iterator + self.child = child + self.child_certs = child.child_certs + if self.overdue: + self.publisher.call_pubd(lambda: self.postpone(self.do_child), self.publication_failed) + else: + self.do_child() + + def do_child(self): + if self.child_certs: + self.gctx.irdb_query_child_resources(self.child.self.self_handle, self.child.child_handle, self.got_resources, self.lose) + else: + self.iterator() + + def lose(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't update child %r, skipping: %s" % (self.child, e)) + self.iterator() + + def got_resources(self, irdb_resources): + try: + for child_cert in self.child_certs: + ca_detail = child_cert.ca_detail + ca = ca_detail.ca + if ca_detail.state == "active": + old_resources = child_cert.cert.get_3779resources() + new_resources = old_resources & irdb_resources & ca_detail.latest_ca_cert.get_3779resources() + + if new_resources.empty(): + rpki.log.debug("Resources shrank to the null set, revoking and withdrawing child %s certificate SKI %s" % (self.child.child_handle, child_cert.cert.gSKI())) + child_cert.revoke(publisher = self.publisher) + ca_detail.generate_crl(publisher = self.publisher) + ca_detail.generate_manifest(publisher = self.publisher) + + elif old_resources != new_resources or (old_resources.valid_until < self.rsn and irdb_resources.valid_until > self.now): + rpki.log.debug("Need to reissue child %s certificate SKI %s" % (self.child.child_handle, child_cert.cert.gSKI())) + child_cert.reissue( + ca_detail = ca_detail, + resources = new_resources, + publisher = self.publisher) + + elif old_resources.valid_until < self.now: + rpki.log.debug("Child %s certificate SKI %s has expired: cert.valid_until %s, irdb.valid_until %s" + % (self.child.child_handle, child_cert.cert.gSKI(), old_resources.valid_until, irdb_resources.valid_until)) + child_cert.sql_delete() + self.publisher.withdraw(cls = rpki.publication.certificate_elt, uri = child_cert.uri, obj = child_cert.cert, repository = ca.parent.repository) + ca_detail.generate_manifest(publisher = self.publisher) + + except (SystemExit, rpki.async.ExitNow): + raise + except Exception, e: + self.gctx.checkpoint() + self.lose(e) + else: + self.gctx.checkpoint() + self.gctx.sql.sweep() + self.iterator() + + def done(self): + self.gctx.checkpoint() + self.gctx.sql.sweep() + self.publisher.call_pubd(self.exit, self.publication_failed) + + def publication_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't publish for %s, skipping: %s" % (self.self_handle, e)) + self.gctx.checkpoint() + self.exit() + + +class UpdateROAsTask(AbstractTask): + """ + Generate or update ROAs for this self. + """ + + def clear(self): + self.orphans = None + self.updates = None + self.publisher = None + self.ca_details = None + self.count = None + + def start(self): + rpki.log.trace() + self.gctx.checkpoint() + self.gctx.sql.sweep() + rpki.log.debug("Self %s[%d] updating ROAs" % (self.self_handle, self.self_id)) + + rpki.log.debug("Issuing query for ROA requests") + self.gctx.irdb_query_roa_requests(self.self_handle, self.got_roa_requests, self.roa_requests_failed) + + def got_roa_requests(self, roa_requests): + self.gctx.checkpoint() + rpki.log.debug("Received response to query for ROA requests") + + if self.gctx.sql.dirty: + rpki.log.warn("Unexpected dirty SQL cache, flushing") + self.gctx.sql.sweep() + + roas = {} + seen = set() + self.orphans = [] + self.updates = [] + self.publisher = rpki.rpkid.publication_queue() + self.ca_details = set() + + for roa in self.roas: + k = (roa.asn, str(roa.ipv4), str(roa.ipv6)) + if k not in roas: + roas[k] = roa + elif (roa.roa is not None and roa.cert is not None and roa.ca_detail is not None and roa.ca_detail.state == "active" and + (roas[k].roa is None or roas[k].cert is None or roas[k].ca_detail is None or roas[k].ca_detail.state != "active")): + self.orphans.append(roas[k]) + roas[k] = roa + else: + self.orphans.append(roa) + + for roa_request in roa_requests: + k = (roa_request.asn, str(roa_request.ipv4), str(roa_request.ipv6)) + if k in seen: + rpki.log.warn("Skipping duplicate ROA request %r" % roa_request) + else: + seen.add(k) + roa = roas.pop(k, None) + if roa is None: + roa = rpki.rpkid.roa_obj(self.gctx, self.self_id, roa_request.asn, roa_request.ipv4, roa_request.ipv6) + rpki.log.debug("Couldn't find existing ROA, created %r" % roa) + else: + rpki.log.debug("Found existing %r" % roa) + self.updates.append(roa) + + self.orphans.extend(roas.itervalues()) + + if self.overdue: + self.postpone(self.begin_loop) + else: + self.begin_loop() + + def begin_loop(self): + self.count = 0 + rpki.async.iterator(self.updates, self.loop, self.done, pop_list = True) + + def loop(self, iterator, roa): + self.gctx.checkpoint() + try: + roa.update(publisher = self.publisher, fast = True) + self.ca_details.add(roa.ca_detail) + self.gctx.sql.sweep() + except (SystemExit, rpki.async.ExitNow): + raise + except rpki.exceptions.NoCoveringCertForROA: + rpki.log.warn("No covering certificate for %r, skipping" % roa) + except Exception, e: + rpki.log.traceback() + rpki.log.warn("Could not update %r, skipping: %s" % (roa, e)) + self.count += 1 + if self.overdue: + self.publish(lambda: self.postpone(iterator)) + else: + iterator() + + def publish(self, done): + if not self.publisher.empty(): + for ca_detail in self.ca_details: + rpki.log.debug("Generating new CRL for %r" % ca_detail) + ca_detail.generate_crl(publisher = self.publisher) + rpki.log.debug("Generating new manifest for %r" % ca_detail) + ca_detail.generate_manifest(publisher = self.publisher) + self.ca_details.clear() + self.gctx.sql.sweep() + self.gctx.checkpoint() + self.publisher.call_pubd(done, self.publication_failed) + + def publication_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't publish for %s, skipping: %s" % (self.self_handle, e)) + self.gctx.checkpoint() + self.exit() + + def done(self): + for roa in self.orphans: + try: + self.ca_details.add(roa.ca_detail) + roa.revoke(publisher = self.publisher, fast = True) + except (SystemExit, rpki.async.ExitNow): + raise + except Exception, e: + rpki.log.traceback() + rpki.log.warn("Could not revoke %r: %s" % (roa, e)) + self.gctx.sql.sweep() + self.gctx.checkpoint() + self.publish(self.exit) + + def roa_requests_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Could not fetch ROA requests for %s, skipping: %s" % (self.self_handle, e)) + self.exit() + + +class UpdateGhostbustersTask(AbstractTask): + """ + Generate or update Ghostbuster records for this self. + + This was originally based on the ROA update code. It's possible + that both could benefit from refactoring, but at this point the + potential scaling issues for ROAs completely dominate structure of + the ROA code, and aren't relevant here unless someone is being + exceptionally silly. + """ + + def start(self): + rpki.log.trace() + self.gctx.checkpoint() + rpki.log.debug("Self %s[%d] updating Ghostbuster records" % (self.self_handle, self.self_id)) + + self.gctx.irdb_query_ghostbuster_requests(self.self_handle, + (p.parent_handle for p in self.parents), + self.got_ghostbuster_requests, + self.ghostbuster_requests_failed) + + def got_ghostbuster_requests(self, ghostbuster_requests): + + try: + self.gctx.checkpoint() + if self.gctx.sql.dirty: + rpki.log.warn("Unexpected dirty SQL cache, flushing") + self.gctx.sql.sweep() + + ghostbusters = {} + orphans = [] + publisher = rpki.rpkid.publication_queue() + ca_details = set() + seen = set() + + parents = dict((p.parent_handle, p) for p in self.parents) + + for ghostbuster in self.ghostbusters: + k = (ghostbuster.ca_detail_id, ghostbuster.vcard) + if ghostbuster.ca_detail.state != "active" or k in ghostbusters: + orphans.append(ghostbuster) + else: + ghostbusters[k] = ghostbuster + + for ghostbuster_request in ghostbuster_requests: + if ghostbuster_request.parent_handle not in parents: + rpki.log.warn("Unknown parent_handle %r in Ghostbuster request, skipping" % ghostbuster_request.parent_handle) + continue + k = (ghostbuster_request.parent_handle, ghostbuster_request.vcard) + if k in seen: + rpki.log.warn("Skipping duplicate Ghostbuster request %r" % ghostbuster_request) + continue + seen.add(k) + for ca in parents[ghostbuster_request.parent_handle].cas: + ca_detail = ca.active_ca_detail + if ca_detail is not None: + ghostbuster = ghostbusters.pop((ca_detail.ca_detail_id, ghostbuster_request.vcard), None) + if ghostbuster is None: + ghostbuster = rpki.rpkid.ghostbuster_obj(self.gctx, self.self_id, ca_detail.ca_detail_id, ghostbuster_request.vcard) + rpki.log.debug("Created new Ghostbuster request for %r" % ghostbuster_request.parent_handle) + else: + rpki.log.debug("Found existing Ghostbuster request for %r" % ghostbuster_request.parent_handle) + ghostbuster.update(publisher = publisher, fast = True) + ca_details.add(ca_detail) + + orphans.extend(ghostbusters.itervalues()) + for ghostbuster in orphans: + ca_details.add(ghostbuster.ca_detail) + ghostbuster.revoke(publisher = publisher, fast = True) + + for ca_detail in ca_details: + ca_detail.generate_crl(publisher = publisher) + ca_detail.generate_manifest(publisher = publisher) + + self.gctx.sql.sweep() + + self.gctx.checkpoint() + publisher.call_pubd(self.exit, self.publication_failed) + + except (SystemExit, rpki.async.ExitNow): + raise + except Exception, e: + rpki.log.traceback() + rpki.log.warn("Could not update Ghostbuster records for %s, skipping: %s" % (self.self_handle, e)) + self.exit() + + def publication_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't publish Ghostbuster updates for %s, skipping: %s" % (self.self_handle, e)) + self.gctx.checkpoint() + self.exit() + + def ghostbuster_requests_failed(self, e): + rpki.log.traceback() + rpki.log.warn("Could not fetch Ghostbuster record requests for %s, skipping: %s" % (self.self_handle, e)) + self.exit() + +class RegenerateCRLsAndManifestsTask(AbstractTask): + """ + Generate new CRLs and manifests as necessary for all of this self's + CAs. Extracting nextUpdate from a manifest is hard at the moment + due to implementation silliness, so for now we generate a new + manifest whenever we generate a new CRL + + This code also cleans up tombstones left behind by revoked ca_detail + objects, since we're walking through the relevant portions of the + database anyway. + """ + + def start(self): + rpki.log.trace() + self.gctx.checkpoint() + rpki.log.debug("Self %s[%d] regenerating CRLs and manifests" % (self.self_handle, self.self_id)) + + now = rpki.sundial.now() + regen_margin = rpki.sundial.timedelta(seconds = self.regen_margin) + publisher = rpki.rpkid.publication_queue() + + for parent in self.parents: + for ca in parent.cas: + try: + for ca_detail in ca.revoked_ca_details: + if now > ca_detail.latest_crl.getNextUpdate(): + ca_detail.delete(ca = ca, publisher = publisher) + for ca_detail in ca.active_or_deprecated_ca_details: + if now + regen_margin > ca_detail.latest_crl.getNextUpdate(): + ca_detail.generate_crl(publisher = publisher) + ca_detail.generate_manifest(publisher = publisher) + except (SystemExit, rpki.async.ExitNow): + raise + except Exception, e: + rpki.log.traceback() + rpki.log.warn("Couldn't regenerate CRLs and manifests for CA %r, skipping: %s" % (ca, e)) + + self.gctx.checkpoint() + self.gctx.sql.sweep() + publisher.call_pubd(self.exit, self.lose) + + def lose(self, e): + rpki.log.traceback() + rpki.log.warn("Couldn't publish updated CRLs and manifests for self %r, skipping: %s" % (self.self_handle, e)) + self.gctx.checkpoint() + self.exit() diff --git a/rpkid/rpki/sql.py b/rpkid/rpki/sql.py index 14d1e1fb..d4426680 100644 --- a/rpkid/rpki/sql.py +++ b/rpkid/rpki/sql.py @@ -3,7 +3,7 @@ SQL interface code. $Id$ -Copyright (C) 2009 Internet Systems Consortium ("ISC") +Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -32,19 +32,26 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ +import weakref + from rpki.mysql_import import (MySQLdb, _mysql_exceptions) -import rpki.x509, rpki.resource_set, rpki.sundial, rpki.log +import rpki.x509 +import rpki.resource_set +import rpki.sundial +import rpki.log class session(object): """ SQL session layer. """ - ## @var clear_threshold - # Size above which .cache_clear_maybe() should clear the cache. + ## @var ping_threshold + # Timeout after which we should issue a ping command before the real + # one. Intent is to keep the MySQL connection alive without pinging + # before every single command. - clear_threshold = 5000 + ping_threshold = rpki.sundial.timedelta(seconds = 60) def __init__(self, cfg): @@ -52,15 +59,24 @@ class session(object): self.database = cfg.get("sql-database") self.password = cfg.get("sql-password") - self.cache = {} + self.conv = MySQLdb.converters.conversions.copy() + self.conv.update({ + rpki.sundial.datetime : MySQLdb.converters.DateTime2literal, + MySQLdb.converters.FIELD_TYPE.DATETIME : rpki.sundial.datetime.DateTime_or_None }) + + self.cache = weakref.WeakValueDictionary() self.dirty = set() self.connect() def connect(self): - self.db = MySQLdb.connect(user = self.username, db = self.database, passwd = self.password) + self.db = MySQLdb.connect(user = self.username, + db = self.database, + passwd = self.password, + conv = self.conv) self.cur = self.db.cursor() self.db.autocommit(True) + self.timestamp = rpki.sundial.now() def close(self): if self.cur: @@ -70,11 +86,12 @@ class session(object): self.db.close() self.db = None - def ping(self): - return self.db.ping(True) - def _wrap_execute(self, func, query, args): try: + now = rpki.sundial.now() + if now > self.timestamp + self.ping_threshold: + self.db.ping(True) + self.timestamp = now return func(query, args) except _mysql_exceptions.MySQLError: if self.dirty: @@ -95,19 +112,13 @@ class session(object): def cache_clear(self): """ - Clear the object cache. + Clear the SQL object cache. Shouldn't be necessary now that the + cache uses weak references, but should be harmless. """ rpki.log.debug("Clearing SQL cache") self.assert_pristine() self.cache.clear() - def cache_clear_maybe(self): - """ - Clear the object cache if its size is above clear_threshold. - """ - if len(self.cache) >= self.clear_threshold: - self.cache_clear() - def assert_pristine(self): """ Assert that there are no dirty objects in the cache. @@ -173,7 +184,7 @@ class sql_persistent(object): sql_debug = False @classmethod - def sql_fetch(cls, gctx, id): + def sql_fetch(cls, gctx, id): # pylint: disable=W0622 """ Fetch one object from SQL, based on its primary key. @@ -309,7 +320,7 @@ class sql_persistent(object): Delete this object from SQL. """ if self.sql_in_db: - id = getattr(self, self.sql_template.index) + id = getattr(self, self.sql_template.index) # pylint: disable=W0622 if self.sql_debug: rpki.log.debug("sql_fetch_delete(%r, %r)" % (self.sql_template.delete, id)) self.sql_delete_hook() @@ -371,3 +382,32 @@ class sql_persistent(object): """ pass + +def cache_reference(func): + """ + Decorator for use with property methods which just do an SQL lookup based on an ID. + Check for an existing reference to the object, just return that if we find it, + otherwise perform the SQL lookup. + + Not 100% certain this is a good idea, but I //think// it should work well with the + current weak reference SQL cache, so long as we create no circular references. + So don't do that. + """ + + attr_name = "_" + func.__name__ + + def wrapped(self): + try: + value = getattr(self, attr_name) + assert value is not None + except AttributeError: + value = func(self) + if value is not None: + setattr(self, attr_name, value) + return value + + wrapped.__name__ = func.__name__ + wrapped.__doc__ = func.__doc__ + wrapped.__dict__.update(func.__dict__) + + return wrapped diff --git a/rpkid/rpki/sundial.py b/rpkid/rpki/sundial.py index dc322b96..95a44142 100644 --- a/rpkid/rpki/sundial.py +++ b/rpkid/rpki/sundial.py @@ -15,7 +15,7 @@ inspection of the datetime module, to wit: $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -72,58 +72,6 @@ class datetime(pydatetime.datetime): return int(self.strftime("%s")) @classmethod - def fromUTCTime(cls, x): - """ - Convert from ASN.1 UTCTime. - """ - x = str(x) - return cls.fromGeneralizedTime(("19" if x[0] >= "5" else "20") + x) - - def toUTCTime(self): - """ - Convert to ASN.1 UTCTime. - """ - return self.strftime("%y%m%d%H%M%SZ") - - @classmethod - def fromGeneralizedTime(cls, x): - """ - Convert from ASN.1 GeneralizedTime. - """ - return cls.strptime(x, "%Y%m%d%H%M%SZ") - - def toGeneralizedTime(self): - """ - Convert to ASN.1 GeneralizedTime. - """ - return self.strftime("%Y%m%d%H%M%SZ") - - @classmethod - def fromASN1tuple(cls, x): - """ - Convert from ASN.1 tuple representation. - """ - assert isinstance(x, tuple) and len(x) == 2 and x[0] in ("utcTime", "generalTime") - if x[0] == "utcTime": - return cls.fromUTCTime(x[1]) - else: - return cls.fromGeneralizedTime(x[1]) - - ## @var PKIX_threshhold - # Threshold specified in RFC 3280 for switchover from UTCTime to GeneralizedTime. - - PKIX_threshhold = pydatetime.datetime(2050, 1, 1) - - def toASN1tuple(self): - """ - Convert to ASN.1 tuple representation. - """ - if self < self.PKIX_threshhold: - return "utcTime", self.toUTCTime() - else: - return "generalTime", self.toGeneralizedTime() - - @classmethod def fromXMLtime(cls, x): """ Convert from XML time representation. @@ -143,13 +91,24 @@ class datetime(pydatetime.datetime): return self.toXMLtime() @classmethod - def fromdatetime(cls, x): + def from_datetime(cls, x): """ Convert a datetime.datetime object into this subclass. This is whacky due to the weird constructors for datetime. """ return cls.combine(x.date(), x.time()) + def to_datetime(self): + """ + Convert to a datetime.datetime object. In most cases this + shouldn't be necessary, but convincing SQL interfaces to use + subclasses of datetime can be hard. + """ + return pydatetime.datetime(year = self.year, month = self.month, day = self.day, + hour = self.hour, minute = self.minute, second = self.second, + microsecond = 0, tzinfo = None) + + @classmethod def fromOpenSSL(cls, x): """ @@ -165,22 +124,13 @@ class datetime(pydatetime.datetime): """ Convert from SQL storage format. """ - return cls.fromdatetime(x) + return cls.from_datetime(x) def to_sql(self): """ Convert to SQL storage format. - - There's something whacky going on in the MySQLdb module, it throws - range errors when storing a derived type into a DATETIME column. - Investigate some day, but for now brute force this by copying the - relevant fields into a datetime.datetime for MySQLdb's - consumption. - """ - return pydatetime.datetime(year = self.year, month = self.month, day = self.day, - hour = self.hour, minute = self.minute, second = self.second, - microsecond = 0, tzinfo = None) + return self.to_datetime() def later(self, other): """ @@ -199,6 +149,24 @@ class datetime(pydatetime.datetime): def __rsub__(self, y): return _cast(pydatetime.datetime.__rsub__(self, y)) def __sub__(self, y): return _cast(pydatetime.datetime.__sub__(self, y)) + @classmethod + def DateTime_or_None(cls, s): + """ + MySQLdb converter. Parse as this class if we can, let the default + MySQLdb DateTime_or_None() converter deal with failure cases. + """ + + for sep in " T": + d, _, t = s.partition(sep) + if t: + try: + return cls(*[int(x) for x in d.split("-") + t.split(":")]) + except: + break + + from rpki.mysql_import import MySQLdb + return MySQLdb.times.DateTime_or_None(s) + class timedelta(pydatetime.timedelta): """ Timedelta with text parsing. This accepts two input formats: @@ -297,7 +265,7 @@ def _cast(x): Cast result of arithmetic operations back into correct subtype. """ if isinstance(x, pydatetime.datetime): - return datetime.fromdatetime(x) + return datetime.from_datetime(x) if isinstance(x, pydatetime.timedelta): return timedelta.fromtimedelta(x) return x @@ -309,9 +277,6 @@ if __name__ == "__main__": print "str: ", t print "repr: ", repr(t) print "seconds since epoch:", t.strftime("%s") - print "UTCTime: ", t.toUTCTime() - print "GeneralizedTime: ", t.toGeneralizedTime() - print "ASN1tuple: ", t.toASN1tuple() print "XMLtime: ", t.toXMLtime() print diff --git a/rpkid/rpki/up_down.py b/rpkid/rpki/up_down.py index 1562e8e8..cea4e27f 100644 --- a/rpkid/rpki/up_down.py +++ b/rpkid/rpki/up_down.py @@ -3,7 +3,7 @@ RPKI "up-down" protocol. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -260,7 +260,7 @@ class list_pdu(base_elt): if not ca_detail: rpki.log.debug("No active ca_detail, can't issue to %s" % child.child_handle) continue - resources = ca_detail.latest_ca_cert.get_3779resources().intersection(irdb_resources) + resources = ca_detail.latest_ca_cert.get_3779resources() & irdb_resources if resources.empty(): rpki.log.debug("No overlap between received resources and what child %s should get ([%s], [%s])" % (child.child_handle, ca_detail.latest_ca_cert.get_3779resources(), irdb_resources)) continue @@ -384,7 +384,7 @@ class issue_pdu(base_elt): if irdb_resources.valid_until < rpki.sundial.now(): raise rpki.exceptions.IRDBExpired, "IRDB entry for child %s expired %s" % (child.child_handle, irdb_resources.valid_until) - resources = irdb_resources.intersection(ca_detail.latest_ca_cert.get_3779resources()) + resources = irdb_resources & ca_detail.latest_ca_cert.get_3779resources() req_key = self.pkcs10.getPublicKey() req_sia = self.pkcs10.get_SIA() child_cert = child.fetch_child_certs(ca_detail = ca_detail, ski = req_key.get_SKI(), unique = True) @@ -434,11 +434,13 @@ class issue_pdu(base_elt): Send an "issue" request to parent associated with ca. """ assert ca_detail is not None and ca_detail.state in ("pending", "active") - sia = ((rpki.oids.name2oid["id-ad-caRepository"], ("uri", ca.sia_uri)), - (rpki.oids.name2oid["id-ad-rpkiManifest"], ("uri", ca_detail.manifest_uri))) self = cls() self.class_name = ca.parent_resource_class - self.pkcs10 = rpki.x509.PKCS10.create_ca(ca_detail.private_key_id, sia) + self.pkcs10 = rpki.x509.PKCS10.create( + keypair = ca_detail.private_key_id, + is_ca = True, + caRepository = ca.sia_uri, + rpkiManifest = ca_detail.manifest_uri) rpki.log.info('Sending "issue" request to parent %s' % parent.parent_handle) parent.query_up_down(self, callback, errback) @@ -630,7 +632,7 @@ class message_pdu(base_elt): """ Convert a message PDU to a string. """ - lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "UTF-8") + return lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "UTF-8") def serve_top_level(self, child, callback): """ diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 92194a96..6f28e6f7 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -13,7 +13,7 @@ some of the nasty details. This involves a lot of format conversion. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -43,10 +43,21 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import rpki.POW, rpki.POW.pkix, base64, lxml.etree, os, subprocess, sys -import email.mime.application, email.utils, mailbox, time -import rpki.exceptions, rpki.resource_set, rpki.oids, rpki.sundial -import rpki.manifest, rpki.roa, rpki.log, rpki.async, rpki.ghostbuster +import rpki.POW +import base64 +import lxml.etree +import os +import subprocess +import email.mime.application +import email.utils +import mailbox +import time +import rpki.exceptions +import rpki.resource_set +import rpki.oids +import rpki.sundial +import rpki.log +import rpki.async import rpki.relaxng def base64_with_linebreaks(der): @@ -58,17 +69,6 @@ def base64_with_linebreaks(der): n = len(b) return "\n" + "\n".join(b[i : min(i + 64, n)] for i in xrange(0, n, 64)) + "\n" -def calculate_SKI(public_key_der): - """ - Calculate the SKI value given the DER representation of a public - key, which requires first peeling the ASN.1 wrapper off the key. - """ - k = rpki.POW.pkix.SubjectPublicKeyInfo() - k.fromString(public_key_der) - d = rpki.POW.Digest(rpki.POW.SHA1_DIGEST) - d.update(k.subjectPublicKey.get()) - return d.digest() - class PEM_converter(object): """ Convert between DER and PEM encodings for various kinds of ASN.1 data. @@ -107,6 +107,18 @@ class PEM_converter(object): """ return self.b + base64_with_linebreaks(der) + self.e + "\n" +def first_rsync_uri(xia): + """ + Find first rsync URI in a sequence of AIA or SIA URIs. + Returns the URI if found, otherwise None. + """ + + if xia is not None: + for uri in xia: + if uri.startswith("rsync://"): + return uri + return None + def _find_xia_uri(extension, name): """ Find a rsync URI in an SIA or AIA extension. @@ -126,22 +138,17 @@ class X501DN(object): Class to hold an X.501 Distinguished Name. This is nothing like a complete implementation, just enough for our - purposes. POW has one interface to this, POW.pkix has another. In - terms of completeness in the Python representation, the POW.pkix - representation is much closer to right, but the whole thing is a - horrible mess. - - See RFC 5280 4.1.2.4 for the ASN.1 details. In brief: + purposes. See RFC 5280 4.1.2.4 for the ASN.1 details. In brief: - - A DN is a SEQUENCE of RDNs. + - A DN is a SEQUENCE OF RDNs. - - A RDN is a set of AttributeAndValues; in practice, multi-value + - A RDN is a SET OF AttributeAndValues; in practice, multi-value RDNs are rare, so an RDN is almost always a set with a single element. - - An AttributeAndValue is an OID and a value, where a whole bunch - of things including both syntax and semantics of the value are - determined by the OID. + - An AttributeAndValue is a SEQUENCE consisting of a OID and a + value, where a whole bunch of things including both syntax and + semantics of the value are determined by the OID. - The value is some kind of ASN.1 string; there are far too many encoding options options, most of which are either strongly @@ -157,37 +164,43 @@ class X501DN(object): BPKI certificates should (we hope) follow the general PKIX guideline but the ones we construct ourselves are likely to be relatively simple. - - The main purpose of this class is to hide as much as possible of - this mess from code that has to work with these wretched things. """ - def __init__(self, ini = None, **kwargs): - assert ini is None or not kwargs - if len(kwargs) == 1 and "CN" in kwargs: - ini = kwargs.pop("CN") - if isinstance(ini, (str, unicode)): - self.dn = (((rpki.oids.name2oid["commonName"], ("printableString", ini)),),) - elif isinstance(ini, tuple): - self.dn = ini - elif kwargs: - raise NotImplementedError("Sorry, I haven't implemented keyword arguments yet") - elif ini is not None: - raise TypeError("Don't know how to interpret %r as an X.501 DN" % (ini,), ini) - def __str__(self): - return "".join("/" + "+".join("%s=%s" % (rpki.oids.safe_oid2name(a[0]), a[1][1]) + return "".join("/" + "+".join("%s=%s" % (rpki.oids.safe_dotted2name(a[0]), a[1]) for a in rdn) for rdn in self.dn) def __cmp__(self, other): return cmp(self.dn, other.dn) - def get_POWpkix(self): - return self.dn + def __repr__(self): + return rpki.log.log_repr(self, str(self)) + + def _debug(self): + if False: + import traceback + for chunk in traceback.format_stack(limit = 5): + for line in chunk.splitlines(): + rpki.log.debug("== %s" % line) + rpki.log.debug("++ %r %r" % (self, self.dn)) + + @classmethod + def from_cn(cls, s): + assert isinstance(s, (str, unicode)) + self = cls() + self.dn = (((rpki.oids.safe_name2dotted("commonName"), s),),) + return self + + @classmethod + def from_POW(cls, t): + assert isinstance(t, tuple) + self = cls() + self.dn = t + return self def get_POW(self): - raise NotImplementedError("Sorry, I haven't written the conversion to POW format yet") + return self.dn class DER_object(object): """ @@ -368,57 +381,66 @@ class DER_object(object): Get the AKI extension from this object. Only works for subclasses that support getExtension(). """ - aki = (self.get_POWpkix().getExtension(rpki.oids.name2oid["authorityKeyIdentifier"]) or ((), 0, None))[2] - return aki[0] if isinstance(aki, tuple) else aki + return self.get_POW().getAKI() def get_SKI(self): """ Get the SKI extension from this object. Only works for subclasses that support getExtension(). """ - return (self.get_POWpkix().getExtension(rpki.oids.name2oid["subjectKeyIdentifier"]) or ((), 0, None))[2] + return self.get_POW().getSKI() def get_SIA(self): """ Get the SIA extension from this object. Only works for subclasses - that support getExtension(). + that support getSIA(). """ - return (self.get_POWpkix().getExtension(rpki.oids.name2oid["subjectInfoAccess"]) or ((), 0, None))[2] + return self.get_POW().getSIA() def get_sia_directory_uri(self): """ Get SIA directory (id-ad-caRepository) URI from this object. - Only works for subclasses that support getExtension(). + Only works for subclasses that support getSIA(). """ - return _find_xia_uri(self.get_SIA(), "id-ad-caRepository") + sia = self.get_POW().getSIA() + return None if sia is None else first_rsync_uri(sia[0]) def get_sia_manifest_uri(self): """ Get SIA manifest (id-ad-rpkiManifest) URI from this object. - Only works for subclasses that support getExtension(). + Only works for subclasses that support getSIA(). + """ + sia = self.get_POW().getSIA() + return None if sia is None else first_rsync_uri(sia[1]) + + def get_sia_object_uri(self): + """ + Get SIA object (id-ad-signedObject) URI from this object. + Only works for subclasses that support getSIA(). """ - return _find_xia_uri(self.get_SIA(), "id-ad-rpkiManifest") + sia = self.get_POW().getSIA() + return None if sia is None else first_rsync_uri(sia[2]) def get_AIA(self): """ Get the SIA extension from this object. Only works for subclasses - that support getExtension(). + that support getAIA(). """ - return (self.get_POWpkix().getExtension(rpki.oids.name2oid["authorityInfoAccess"]) or ((), 0, None))[2] + return self.get_POW().getAIA() def get_aia_uri(self): """ Get AIA (id-ad-caIssuers) URI from this object. - Only works for subclasses that support getExtension(). + Only works for subclasses that support getAIA(). """ - return _find_xia_uri(self.get_AIA(), "id-ad-caIssuers") + return first_rsync_uri(self.get_POW().getAIA()) def get_basicConstraints(self): """ Get the basicConstraints extension from this object. Only works for subclasses that support getExtension(). """ - return (self.get_POWpkix().getExtension(rpki.oids.name2oid["basicConstraints"]) or ((), 0, None))[2] + return self.get_POW().getBasicConstraints() def is_CA(self): """ @@ -426,14 +448,13 @@ class DER_object(object): extension and its cA value is true. """ basicConstraints = self.get_basicConstraints() - return basicConstraints and basicConstraints[0] != 0 + return basicConstraints is not None and basicConstraints[0] def get_3779resources(self): """ - Get RFC 3779 resources as rpki.resource_set objects. Only works - for subclasses that support getExtensions(). + Get RFC 3779 resources as rpki.resource_set objects. """ - resources = rpki.resource_set.resource_bag.from_rfc3779_tuples(self.get_POWpkix().getExtensions()) + resources = rpki.resource_set.resource_bag.from_POW_rfc3779(self.get_POW().getRFC3779()) try: resources.valid_until = self.getNotAfter() except AttributeError: @@ -486,7 +507,7 @@ class DER_object(object): d.update(self.get_DER()) return "%s %s %s" % (uri, self.creation_timestamp, "".join(("%02X" % ord(b) for b in d.digest()))) - except: + except: # pylint: disable=W0702 return uri class X509(DER_object): @@ -500,7 +521,7 @@ class X509(DER_object): have to care about this implementation nightmare. """ - formats = ("DER", "POW", "POWpkix") + formats = ("DER", "POW") pem_converter = PEM_converter("CERTIFICATE") def get_DER(self): @@ -513,9 +534,6 @@ class X509(DER_object): if self.POW: self.DER = self.POW.derWrite() return self.get_DER() - if self.POWpkix: - self.DER = self.POWpkix.toString() - return self.get_DER() raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" def get_POW(self): @@ -523,44 +541,33 @@ class X509(DER_object): Get the rpki.POW value of this certificate. """ self.check() - if not self.POW: - self.POW = rpki.POW.derRead(rpki.POW.X509_CERTIFICATE, self.get_DER()) + if not self.POW: # pylint: disable=E0203 + self.POW = rpki.POW.X509.derRead(self.get_DER()) return self.POW - def get_POWpkix(self): - """ - Get the rpki.POW.pkix value of this certificate. - """ - self.check() - if not self.POWpkix: - cert = rpki.POW.pkix.Certificate() - cert.fromString(self.get_DER()) - self.POWpkix = cert - return self.POWpkix - def getIssuer(self): """ Get the issuer of this certificate. """ - return X501DN(self.get_POWpkix().getIssuer()) + return X501DN.from_POW(self.get_POW().getIssuer()) def getSubject(self): """ Get the subject of this certificate. """ - return X501DN(self.get_POWpkix().getSubject()) + return X501DN.from_POW(self.get_POW().getSubject()) def getNotBefore(self): """ Get the inception time of this certificate. """ - return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().tbs.validity.notBefore.get()) + return self.get_POW().getNotBefore() def getNotAfter(self): """ Get the expiration time of this certificate. """ - return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().tbs.validity.notAfter.get()) + return self.get_POW().getNotAfter() def getSerial(self): """ @@ -572,7 +579,13 @@ class X509(DER_object): """ Extract the public key from this certificate. """ - return RSApublic(DER = self.get_POWpkix().tbs.subjectPublicKeyInfo.toString()) + return RSApublic(POW = self.get_POW().getPublicKey()) + + def get_SKI(self): + """ + Get the SKI extension from this object. + """ + return self.get_POW().getSKI() def expired(self): """ @@ -600,7 +613,7 @@ class X509(DER_object): resources = resources, is_ca = is_ca, aki = self.get_SKI(), - issuer_name = self.get_POWpkix().getSubject()) + issuer_name = self.getSubject()) @classmethod @@ -611,6 +624,7 @@ class X509(DER_object): """ ski = subject_key.get_SKI() + if cn is None: cn = "".join(("%02X" % ord(i) for i in ski)) @@ -626,11 +640,11 @@ class X509(DER_object): resources = resources, is_ca = True, aki = ski, - issuer_name = (((rpki.oids.name2oid["commonName"], ("printableString", cn)),),)) + issuer_name = X501DN.from_cn(cn)) - @staticmethod - def _issue(keypair, subject_key, serial, sia, aia, crldp, notAfter, + @classmethod + def _issue(cls, keypair, subject_key, serial, sia, aia, crldp, notAfter, cn, resources, is_ca, aki, issuer_name): """ Common code to issue an RPKI certificate. @@ -642,58 +656,50 @@ class X509(DER_object): if cn is None: cn = "".join(("%02X" % ord(i) for i in ski)) - # if notAfter is None: notAfter = now + rpki.sundial.timedelta(days = 30) + cert = rpki.POW.X509() - cert = rpki.POW.pkix.Certificate() cert.setVersion(2) cert.setSerial(serial) - cert.setIssuer(issuer_name) - cert.setSubject((((rpki.oids.name2oid["commonName"], ("printableString", cn)),),)) - cert.setNotBefore(now.toASN1tuple()) - cert.setNotAfter(notAfter.toASN1tuple()) - cert.tbs.subjectPublicKeyInfo.fromString(subject_key.get_DER()) - - exts = [ ["subjectKeyIdentifier", False, ski], - ["authorityKeyIdentifier", False, (aki, (), None)], - ["certificatePolicies", True, ((rpki.oids.name2oid["id-cp-ipAddr-asNumber"], ()),)] ] - + cert.setIssuer(issuer_name.get_POW()) + cert.setSubject(X501DN.from_cn(cn).get_POW()) + cert.setNotBefore(now) + cert.setNotAfter(notAfter) + cert.setPublicKey(subject_key.get_POW()) + cert.setSKI(ski) + cert.setAKI(aki) + cert.setCertificatePolicies((POWify_OID("id-cp-ipAddr-asNumber"),)) if crldp is not None: - exts.append(["cRLDistributionPoints", False, ((("fullName", (("uri", crldp),)), None, ()),)]) + cert.setCRLDP((crldp,)) if aia is not None: - exts.append(["authorityInfoAccess", False, ((rpki.oids.name2oid["id-ad-caIssuers"], ("uri", aia)),)]) + cert.setAIA((aia,)) if is_ca: - exts.append(["basicConstraints", True, (1, None)]) - exts.append(["keyUsage", True, (0, 0, 0, 0, 0, 1, 1)]) - else: - exts.append(["keyUsage", True, (1,)]) + cert.setBasicConstraints(True, None) + cert.setKeyUsage(frozenset(("keyCertSign", "cRLSign"))) - if sia is not None: - exts.append(["subjectInfoAccess", False, sia]) else: - assert not is_ca + cert.setKeyUsage(frozenset(("digitalSignature",))) - # This next bit suggests that perhaps .to_rfc3779_tuple() should - # be raising an exception when there are no resources rather than - # returning None. Maybe refactor later. + assert sia is not None or not is_ca - if resources is not None: - r = resources.asn.to_rfc3779_tuple() - if r is not None: - exts.append(["sbgp-autonomousSysNum", True, (r, None)]) - r = [x for x in (resources.v4.to_rfc3779_tuple(), resources.v6.to_rfc3779_tuple()) if x is not None] - if r: - exts.append(["sbgp-ipAddrBlock", True, r]) + if sia is not None: + caRepository, rpkiManifest, signedObject = sia + cert.setSIA( + (caRepository,) if isinstance(caRepository, str) else caRepository, + (rpkiManifest,) if isinstance(rpkiManifest, str) else rpkiManifest, + (signedObject,) if isinstance(signedObject, str) else signedObject) - for x in exts: - x[0] = rpki.oids.name2oid[x[0]] - cert.setExtensions(exts) + if resources is not None: + cert.setRFC3779( + asn = ((r.min, r.max) for r in resources.asn), + ipv4 = ((rpki.POW.IPAddress(r.min, 4), rpki.POW.IPAddress(r.max, 4)) for r in resources.v4), + ipv6 = ((rpki.POW.IPAddress(r.min, 6), rpki.POW.IPAddress(r.max, 6)) for r in resources.v6)) cert.sign(keypair.get_POW(), rpki.POW.SHA256_DIGEST) - return X509(POWpkix = cert) + return cls(POW = cert) def bpki_cross_certify(self, keypair, source_cert, serial, notAfter, now = None, pathLenConstraint = 0): @@ -764,27 +770,21 @@ class X509(DER_object): assert pathLenConstraint is None or (isinstance(pathLenConstraint, (int, long)) and pathLenConstraint >= 0) - extensions = [ - (rpki.oids.name2oid["subjectKeyIdentifier" ], False, subject_key.get_SKI())] - if issuer_key != subject_key: - extensions.append( - (rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer_key.get_SKI(), (), None))) - if is_ca: - extensions.append( - (rpki.oids.name2oid["basicConstraints" ], True, (1, pathLenConstraint))) - - cert = rpki.POW.pkix.Certificate() + cert = rpki.POW.X509() cert.setVersion(2) cert.setSerial(serial) - cert.setIssuer(issuer_name.get_POWpkix()) - cert.setSubject(subject_name.get_POWpkix()) - cert.setNotBefore(now.toASN1tuple()) - cert.setNotAfter(notAfter.toASN1tuple()) - cert.tbs.subjectPublicKeyInfo.fromString(subject_key.get_DER()) - cert.setExtensions(extensions) + cert.setIssuer(issuer_name.get_POW()) + cert.setSubject(subject_name.get_POW()) + cert.setNotBefore(now) + cert.setNotAfter(notAfter) + cert.setPublicKey(subject_key.get_POW()) + cert.setSKI(subject_key.get_POW().calculateSKI()) + if issuer_key != subject_key: + cert.setAKI(issuer_key.get_POW().calculateSKI()) + if is_ca: + cert.setBasicConstraints(True, pathLenConstraint) cert.sign(keypair.get_POW(), rpki.POW.SHA256_DIGEST) - - return cls(POWpkix = cert) + return cls(POW = cert) @classmethod def normalize_chain(cls, chain): @@ -807,15 +807,27 @@ class X509(DER_object): """ return self.getNotBefore() - class PKCS10(DER_object): """ Class to hold a PKCS #10 request. """ - formats = ("DER", "POWpkix") + formats = ("DER", "POW") pem_converter = PEM_converter("CERTIFICATE REQUEST") - + + ## @var expected_ca_keyUsage + # KeyUsage extension flags expected for CA requests. + + expected_ca_keyUsage = frozenset(("keyCertSign", "cRLSign")) + + ## @var allowed_extensions + # Extensions allowed by RPKI profile. + + allowed_extensions = frozenset(rpki.oids.safe_name2dotted(name) + for name in ("basicConstraints", + "keyUsage", + "subjectInfoAccess")) + def get_DER(self): """ Get the DER value of this certification request. @@ -823,33 +835,31 @@ class PKCS10(DER_object): self.check() if self.DER: return self.DER - if self.POWpkix: - self.DER = self.POWpkix.toString() + if self.POW: + self.DER = self.POW.derWrite() return self.get_DER() raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" - def get_POWpkix(self): + def get_POW(self): """ - Get the rpki.POW.pkix value of this certification request. + Get the rpki.POW value of this certification request. """ self.check() - if not self.POWpkix: - req = rpki.POW.pkix.CertificationRequest() - req.fromString(self.get_DER()) - self.POWpkix = req - return self.POWpkix + if not self.POW: # pylint: disable=E0203 + self.POW = rpki.POW.PKCS10.derRead(self.get_DER()) + return self.POW def getSubject(self): """ Extract the subject name from this certification request. """ - return X501DN(self.get_POWpkix().certificationRequestInfo.subject.get()) + return X501DN.from_POW(self.get_POW().getSubject()) def getPublicKey(self): """ Extract the public key from this certification request. """ - return RSApublic(DER = self.get_POWpkix().certificationRequestInfo.subjectPublicKeyInfo.toString()) + return RSApublic(POW = self.get_POW().getPublicKey()) def check_valid_rpki(self): """ @@ -866,72 +876,129 @@ class PKCS10(DER_object): RPKI profile only allows EKU for EE certificates. """ - if not self.get_POWpkix().verify(): + if not self.get_POW().verify(): raise rpki.exceptions.BadPKCS10, "Signature check failed" - if self.get_POWpkix().certificationRequestInfo.version.get() != 0: - raise rpki.exceptions.BadPKCS10, \ - "Bad version number %s" % self.get_POWpkix().certificationRequestInfo.version + ver = self.get_POW().getVersion() - if rpki.oids.oid2name.get(self.get_POWpkix().signatureAlgorithm.algorithm.get()) != "sha256WithRSAEncryption": - raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % self.get_POWpkix().signatureAlgorithm + if ver != 0: + raise rpki.exceptions.BadPKCS10, "Bad version number %s" % ver - exts = dict((rpki.oids.oid2name.get(oid, oid), value) - for (oid, critical, value) in self.get_POWpkix().getExtensions()) + alg = rpki.oids.safe_dotted2name(self.get_POW().getSignatureAlgorithm()) - if any(oid not in ("basicConstraints", "keyUsage", "subjectInfoAccess") for oid in exts): - raise rpki.exceptions.BadExtension, "Forbidden extension(s) in certificate request" + if alg != "sha256WithRSAEncryption": + raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % alg - if "basicConstraints" not in exts or not exts["basicConstraints"][0]: + bc = self.get_POW().getBasicConstraints() + + if bc is None or not bc[0]: raise rpki.exceptions.BadPKCS10, "Request for EE certificate not allowed here" - if exts["basicConstraints"][1] is not None: + if bc[1] is not None: raise rpki.exceptions.BadPKCS10, "basicConstraints must not specify Path Length" - if "keyUsage" in exts and (not exts["keyUsage"][5] or not exts["keyUsage"][6]): - raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints" + ku = self.get_POW().getKeyUsage() - sias = dict((rpki.oids.oid2name.get(oid, oid), value[1]) - for oid, value in exts.get("subjectInfoAccess", ()) - if value[0] == "uri" and value[1].startswith("rsync://")) + if ku is not None and self.expected_ca_keyUsage != ku: + raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints: %r" % ku - for oid in ("id-ad-caRepository", "id-ad-rpkiManifest"): - if oid not in sias: - raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA %s" % oid + if any(oid not in self.allowed_extensions + for oid in self.get_POW().getExtensionOIDs()): + raise rpki.exceptions.BadExtension, "Forbidden extension(s) in certificate request" - if not sias["id-ad-caRepository"].endswith("/"): - raise rpki.exceptions.BadPKCS10, "Certificate request id-ad-caRepository does not end with slash: %r" % sias["id-ad-caRepository"] + sias = self.get_POW().getSIA() - if sias["id-ad-rpkiManifest"].endswith("/"): - raise rpki.exceptions.BadPKCS10, "Certificate request id-ad-rpkiManifest ends with slash: %r" % sias["id-ad-rpkiManifest"] + if sias is None: + raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA extension" - @classmethod - def create_ca(cls, keypair, sia = None): - """ - Create a new request for a given keypair, including given SIA value. - """ - exts = [["basicConstraints", True, (1, None)], - ["keyUsage", True, (0, 0, 0, 0, 0, 1, 1)]] - if sia is not None: - exts.append(["subjectInfoAccess", False, sia]) - for x in exts: - x[0] = rpki.oids.name2oid[x[0]] - return cls.create(keypair, exts) + caRepository, rpkiManifest, signedObject = sias + + if signedObject: + raise rpki.exceptions.BadPKCS10, "CA certificate request has SIA id-ad-signedObject" + + if not caRepository: + raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA id-ad-caRepository" + + if not any(uri.startswith("rsync://") for uri in caRepository): + raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-caRepository contains no rsync URIs" + + if not rpkiManifest: + raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA id-ad-rpkiManifest" + + if not any(uri.startswith("rsync://") for uri in rpkiManifest): + raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-rpkiManifest contains no rsync URIs" + + if any(uri.startswith("rsync://") and not uri.endswith("/") for uri in caRepository): + raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-caRepository does not end with slash" + + if any(uri.startswith("rsync://") and uri.endswith("/") for uri in rpkiManifest): + raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-rpkiManifest ends with slash" @classmethod - def create(cls, keypair, exts = None): + def create(cls, keypair, exts = None, is_ca = False, + caRepository = None, rpkiManifest = None, signedObject = None): """ - Create a new request for a given keypair, including given extensions. + Create a new request for a given keypair. """ + + assert exts is None, "Old calling sequence to rpki.x509.PKCS10.create()" + cn = "".join(("%02X" % ord(i) for i in keypair.get_SKI())) - req = rpki.POW.pkix.CertificationRequest() - req.certificationRequestInfo.version.set(0) - req.certificationRequestInfo.subject.set((((rpki.oids.name2oid["commonName"], - ("printableString", cn)),),)) - if exts is not None: - req.setExtensions(exts) + + if isinstance(caRepository, str): + caRepository = (caRepository,) + + if isinstance(rpkiManifest, str): + rpkiManifest = (rpkiManifest,) + + if isinstance(signedObject, str): + signedObject = (signedObject,) + + req = rpki.POW.PKCS10() + req.setVersion(0) + req.setSubject(X501DN.from_cn(cn).get_POW()) + req.setPublicKey(keypair.get_POW()) + + if is_ca: + req.setBasicConstraints(True, None) + req.setKeyUsage(cls.expected_ca_keyUsage) + + if caRepository or rpkiManifest or signedObject: + req.setSIA(caRepository, rpkiManifest, signedObject) + req.sign(keypair.get_POW(), rpki.POW.SHA256_DIGEST) - return cls(POWpkix = req) + return cls(POW = req) + +## @var generate_insecure_debug_only_rsa_key +# Debugging hack to let us save throwaway RSA keys from one debug +# session to the next. DO NOT USE THIS IN PRODUCTION. + +generate_insecure_debug_only_rsa_key = None + +class insecure_debug_only_rsa_key_generator(object): + + def __init__(self, filename, keyno = 0): + try: + try: + import gdbm as dbm_du_jour + except ImportError: + import dbm as dbm_du_jour + self.keyno = long(keyno) + self.filename = filename + self.db = dbm_du_jour.open(filename, "c") + except: + rpki.log.warn("insecure_debug_only_rsa_key_generator initialization FAILED, hack inoperative") + raise + + def __call__(self): + k = str(self.keyno) + try: + v = rpki.POW.Asymmetric.derReadPrivate(self.db[k]) + except KeyError: + v = rpki.POW.Asymmetric(rpki.POW.RSA_CIPHER, 2048) + self.db[k] = v.derWritePrivate() + self.keyno += 1 + return v class RSA(DER_object): """ @@ -949,7 +1016,7 @@ class RSA(DER_object): if self.DER: return self.DER if self.POW: - self.DER = self.POW.derWrite(rpki.POW.RSA_PRIVATE_KEY) + self.DER = self.POW.derWritePrivate() return self.get_DER() raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" @@ -958,8 +1025,8 @@ class RSA(DER_object): Get the rpki.POW value of this keypair. """ self.check() - if not self.POW: - self.POW = rpki.POW.derRead(rpki.POW.RSA_PRIVATE_KEY, self.get_DER()) + if not self.POW: # pylint: disable=E0203 + self.POW = rpki.POW.Asymmetric.derReadPrivate(self.get_DER()) return self.POW @classmethod @@ -969,19 +1036,22 @@ class RSA(DER_object): """ if not quiet: rpki.log.debug("Generating new %d-bit RSA key" % keylength) - return cls(POW = rpki.POW.Asymmetric(rpki.POW.RSA_CIPHER, keylength)) + if generate_insecure_debug_only_rsa_key is not None: + return cls(POW = generate_insecure_debug_only_rsa_key()) + else: + return cls(POW = rpki.POW.Asymmetric(rpki.POW.RSA_CIPHER, keylength)) def get_public_DER(self): """ Get the DER encoding of the public key from this keypair. """ - return self.get_POW().derWrite(rpki.POW.RSA_PUBLIC_KEY) + return self.get_POW().derWritePublic() def get_SKI(self): """ Calculate the SKI of this keypair. """ - return calculate_SKI(self.get_public_DER()) + return self.get_POW().calculateSKI() def get_RSApublic(self): """ @@ -1005,7 +1075,7 @@ class RSApublic(DER_object): if self.DER: return self.DER if self.POW: - self.DER = self.POW.derWrite(rpki.POW.RSA_PUBLIC_KEY) + self.DER = self.POW.derWritePublic() return self.get_DER() raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" @@ -1014,15 +1084,15 @@ class RSApublic(DER_object): Get the rpki.POW value of this public key. """ self.check() - if not self.POW: - self.POW = rpki.POW.derRead(rpki.POW.RSA_PUBLIC_KEY, self.get_DER()) + if not self.POW: # pylint: disable=E0203 + self.POW = rpki.POW.Asymmetric.derReadPublic(self.get_DER()) return self.POW def get_SKI(self): """ Calculate the SKI of this public key. """ - return calculate_SKI(self.get_DER()) + return self.get_POW().calculateSKI() def POWify_OID(oid): """ @@ -1036,21 +1106,13 @@ def POWify_OID(oid): class CMS_object(DER_object): """ - Class to hold a CMS-wrapped object. - - CMS-wrapped objects are a little different from the other DER_object - types because the signed object is CMS wrapping inner content that's - also ASN.1, and due to our current minimal support for CMS we can't - just handle this as a pretty composite object. So, for now anyway, - a CMS_object is the outer CMS wrapped object so that the usual DER - and PEM operations do the obvious things, and the inner content is - handle via separate methods. + Abstract class to hold a CMS object. """ formats = ("DER", "POW") - other_clear = ("content",) econtent_oid = POWify_OID("id-data") pem_converter = PEM_converter("CMS") + POW_class = rpki.POW.CMS ## @var dump_on_verify_failure # Set this to True to get dumpasn1 dumps of ASN.1 on CMS verify failures. @@ -1109,30 +1171,15 @@ class CMS_object(DER_object): Get the rpki.POW value of this CMS_object. """ self.check() - if not self.POW: - self.POW = rpki.POW.derRead(rpki.POW.CMS_MESSAGE, self.get_DER()) + if not self.POW: # pylint: disable=E0203 + self.POW = self.POW_class.derRead(self.get_DER()) return self.POW - def get_content(self): - """ - Get the inner content of this CMS_object. - """ - if self.content is None: - raise rpki.exceptions.CMSContentNotSet, "Inner content of CMS object %r is not set" % self - return self.content - - def set_content(self, content): - """ - Set the (inner) content of this CMS_object, clearing the wrapper. - """ - self.clear() - self.content = content - def get_signingTime(self): """ Extract signingTime from CMS signed attributes. """ - return rpki.sundial.datetime.fromGeneralizedTime(self.get_POW().signingTime()) + return self.get_POW().signingTime() def verify(self, ta): """ @@ -1145,18 +1192,21 @@ class CMS_object(DER_object): raise except Exception: if self.print_on_der_error: - rpki.log.debug("Problem parsing DER CMS message, might not really be DER: %r" % self.get_DER()) + rpki.log.debug("Problem parsing DER CMS message, might not really be DER: %r" % + self.get_DER()) raise rpki.exceptions.UnparsableCMSDER if cms.eContentType() != self.econtent_oid: - raise rpki.exceptions.WrongEContentType, "Got CMS eContentType %s, expected %s" % (cms.eContentType(), self.econtent_oid) + raise rpki.exceptions.WrongEContentType, "Got CMS eContentType %s, expected %s" % ( + cms.eContentType(), self.econtent_oid) certs = [X509(POW = x) for x in cms.certs()] crls = [CRL(POW = c) for c in cms.crls()] if self.debug_cms_certs: for x in certs: - rpki.log.debug("Received CMS cert issuer %s subject %s SKI %s" % (x.getIssuer(), x.getSubject(), x.hSKI())) + rpki.log.debug("Received CMS cert issuer %s subject %s SKI %s" % ( + x.getIssuer(), x.getSubject(), x.hSKI())) for c in crls: rpki.log.debug("Received CMS CRL issuer %r" % (c.getIssuer(),)) @@ -1168,43 +1218,52 @@ class CMS_object(DER_object): for x in X509.normalize_chain(ta): if self.debug_cms_certs: - rpki.log.debug("CMS trusted cert issuer %s subject %s SKI %s" % (x.getIssuer(), x.getSubject(), x.hSKI())) + rpki.log.debug("CMS trusted cert issuer %s subject %s SKI %s" % ( + x.getIssuer(), x.getSubject(), x.hSKI())) if x.getNotAfter() < now: - raise rpki.exceptions.TrustedCMSCertHasExpired("Trusted CMS certificate has expired", "%s (%s)" % (x.getSubject(), x.hSKI())) + raise rpki.exceptions.TrustedCMSCertHasExpired("Trusted CMS certificate has expired", + "%s (%s)" % (x.getSubject(), x.hSKI())) if not x.is_CA(): if trusted_ee is None: trusted_ee = x else: - raise rpki.exceptions.MultipleCMSEECert("Multiple CMS EE certificates", *("%s (%s)" % (x.getSubject(), x.hSKI()) for x in ta if not x.is_CA())) + raise rpki.exceptions.MultipleCMSEECert("Multiple CMS EE certificates", *("%s (%s)" % ( + x.getSubject(), x.hSKI()) for x in ta if not x.is_CA())) store.addTrust(x.get_POW()) if trusted_ee: if self.debug_cms_certs: - rpki.log.debug("Trusted CMS EE cert issuer %s subject %s SKI %s" % (trusted_ee.getIssuer(), trusted_ee.getSubject(), trusted_ee.hSKI())) + rpki.log.debug("Trusted CMS EE cert issuer %s subject %s SKI %s" % ( + trusted_ee.getIssuer(), trusted_ee.getSubject(), trusted_ee.hSKI())) if len(certs) > 1 or (len(certs) == 1 and (certs[0].getSubject() != trusted_ee.getSubject() or certs[0].getPublicKey() != trusted_ee.getPublicKey())): - raise rpki.exceptions.UnexpectedCMSCerts("Unexpected CMS certificates", *("%s (%s)" % (x.getSubject(), x.hSKI()) for x in certs)) + raise rpki.exceptions.UnexpectedCMSCerts("Unexpected CMS certificates", *("%s (%s)" % ( + x.getSubject(), x.hSKI()) for x in certs)) if crls: - raise rpki.exceptions.UnexpectedCMSCRLs("Unexpected CRLs", *("%s (%s)" % (c.getIssuer(), c.hAKI()) for c in crls)) + raise rpki.exceptions.UnexpectedCMSCRLs("Unexpected CRLs", *("%s (%s)" % ( + c.getIssuer(), c.hAKI()) for c in crls)) else: untrusted_ee = [x for x in certs if not x.is_CA()] if len(untrusted_ee) < 1: raise rpki.exceptions.MissingCMSEEcert if len(untrusted_ee) > 1 or (not self.allow_extra_certs and len(certs) > len(untrusted_ee)): - raise rpki.exceptions.UnexpectedCMSCerts("Unexpected CMS certificates", *("%s (%s)" % (x.getSubject(), x.hSKI()) for x in certs)) + raise rpki.exceptions.UnexpectedCMSCerts("Unexpected CMS certificates", *("%s (%s)" % ( + x.getSubject(), x.hSKI()) for x in certs)) if len(crls) < 1: if self.require_crls: raise rpki.exceptions.MissingCMSCRL else: rpki.log.warn("MISSING CMS CRL! Ignoring per self.require_crls setting") if len(crls) > 1 and not self.allow_extra_crls: - raise rpki.exceptions.UnexpectedCMSCRLs("Unexpected CRLs", *("%s (%s)" % (c.getIssuer(), c.hAKI()) for c in crls)) + raise rpki.exceptions.UnexpectedCMSCRLs("Unexpected CRLs", *("%s (%s)" % ( + c.getIssuer(), c.hAKI()) for c in crls)) for x in certs: if x.getNotAfter() < now: - raise rpki.exceptions.CMSCertHasExpired("CMS certificate has expired", "%s (%s)" % (x.getSubject(), x.hSKI())) + raise rpki.exceptions.CMSCertHasExpired("CMS certificate has expired", "%s (%s)" % ( + x.getSubject(), x.hSKI())) try: content = cms.verify(store) @@ -1221,8 +1280,7 @@ class CMS_object(DER_object): rpki.log.warn(line) raise rpki.exceptions.CMSVerificationFailed, "CMS verification failed" - self.decode(content) - return self.get_content() + return content def extract(self): """ @@ -1245,12 +1303,13 @@ class CMS_object(DER_object): raise rpki.exceptions.UnparsableCMSDER if cms.eContentType() != self.econtent_oid: - raise rpki.exceptions.WrongEContentType, "Got CMS eContentType %s, expected %s" % (cms.eContentType(), self.econtent_oid) + raise rpki.exceptions.WrongEContentType, "Got CMS eContentType %s, expected %s" % ( + cms.eContentType(), self.econtent_oid) - content = cms.verify(rpki.POW.X509Store(), None, rpki.POW.CMS_NOCRL | rpki.POW.CMS_NO_SIGNER_CERT_VERIFY | rpki.POW.CMS_NO_ATTR_VERIFY | rpki.POW.CMS_NO_CONTENT_VERIFY) + return cms.verify(rpki.POW.X509Store(), None, + (rpki.POW.CMS_NOCRL | rpki.POW.CMS_NO_SIGNER_CERT_VERIFY | + rpki.POW.CMS_NO_ATTR_VERIFY | rpki.POW.CMS_NO_CONTENT_VERIFY)) - self.decode(content) - return self.get_content() def sign(self, keypair, certs, crls = None, no_certs = False): """ @@ -1272,21 +1331,17 @@ class CMS_object(DER_object): crls = (crls,) if self.debug_cms_certs: - rpki.log.debug("Signing with cert issuer %s subject %s SKI %s" % (cert.getIssuer(), cert.getSubject(), cert.hSKI())) + rpki.log.debug("Signing with cert issuer %s subject %s SKI %s" % ( + cert.getIssuer(), cert.getSubject(), cert.hSKI())) for i, c in enumerate(certs): - rpki.log.debug("Additional cert %d issuer %s subject %s SKI %s" % (i, c.getIssuer(), c.getSubject(), c.hSKI())) - - cms = rpki.POW.CMS() + rpki.log.debug("Additional cert %d issuer %s subject %s SKI %s" % ( + i, c.getIssuer(), c.getSubject(), c.hSKI())) - cms.sign(cert.get_POW(), - keypair.get_POW(), - self.encode(), - [x.get_POW() for x in certs], - [c.get_POW() for c in crls], - self.econtent_oid, - rpki.POW.CMS_NOCERTS if no_certs else 0) - - self.POW = cms + self._sign(cert.get_POW(), + keypair.get_POW(), + [x.get_POW() for x in certs], + [c.get_POW() for c in crls], + rpki.POW.CMS_NOCERTS if no_certs else 0) @property def creation_timestamp(self): @@ -1296,24 +1351,92 @@ class CMS_object(DER_object): return self.get_signingTime() -class DER_CMS_object(CMS_object): +class Wrapped_CMS_object(CMS_object): """ - Class to hold CMS objects with DER-based content. + Abstract class to hold CMS objects wrapping non-DER content (eg, XML + or VCard). + + CMS-wrapped objects are a little different from the other DER_object + types because the signed object is CMS wrapping some other kind of + inner content. A Wrapped_CMS_object is the outer CMS wrapped object + so that the usual DER and PEM operations do the obvious things, and + the inner content is handle via separate methods. """ - def encode(self): + other_clear = ("content",) + + def get_content(self): """ - Encode inner content for signing. + Get the inner content of this Wrapped_CMS_object. """ - return self.get_content().toString() + if self.content is None: + raise rpki.exceptions.CMSContentNotSet, "Inner content of CMS object %r is not set" % self + return self.content - def decode(self, der): + def set_content(self, content): + """ + Set the (inner) content of this Wrapped_CMS_object, clearing the wrapper. """ - Decode DER and set inner content. + self.clear() + self.content = content + + def verify(self, ta): + """ + Verify CMS wrapper and store inner content. + """ + + self.decode(CMS_object.verify(self, ta)) + return self.get_content() + + def extract(self): + """ + Extract and store inner content from CMS wrapper without verifying + the CMS. + + DANGER WILL ROBINSON!!! + + Do not use this method on unvalidated data. Use the verify() + method instead. + + If you don't understand this warning, don't use this method. """ - obj = self.content_class() - obj.fromString(der) - self.content = obj + + self.decode(CMS_object.extract(self)) + return self.get_content() + + def _sign(self, cert, keypair, certs, crls, flags): + """ + Internal method to call POW to do CMS signature. This is split + out from the .sign() API method to handle differences in how + different CMS-based POW classes handle the inner content. + """ + + cms = self.POW_class() + cms.sign(cert, keypair, self.encode(), certs, crls, self.econtent_oid, flags) + self.POW = cms + + +class DER_CMS_object(CMS_object): + """ + Abstract class for CMS-based objects with DER-encoded content + handled by C-level subclasses of rpki.POW.CMS. + """ + + def _sign(self, cert, keypair, certs, crls, flags): + self.get_POW().sign(cert, keypair, certs, crls, self.econtent_oid, flags) + + + def extract_if_needed(self): + """ + Extract inner content if needed. See caveats for .extract(), do + not use unless you really know what you are doing. + """ + + try: + self.get_POW().getVersion() + except rpki.POW.NotVerifiedError: + self.extract() + class SignedManifest(DER_CMS_object): """ @@ -1321,41 +1444,43 @@ class SignedManifest(DER_CMS_object): """ pem_converter = PEM_converter("RPKI MANIFEST") - content_class = rpki.manifest.Manifest econtent_oid = POWify_OID("id-ct-rpkiManifest") + POW_class = rpki.POW.Manifest def getThisUpdate(self): """ Get thisUpdate value from this manifest. """ - return rpki.sundial.datetime.fromGeneralizedTime(self.get_content().thisUpdate.get()) + return self.get_POW().getThisUpdate() def getNextUpdate(self): """ Get nextUpdate value from this manifest. """ - return rpki.sundial.datetime.fromGeneralizedTime(self.get_content().nextUpdate.get()) + return self.get_POW().getNextUpdate() @classmethod def build(cls, serial, thisUpdate, nextUpdate, names_and_objs, keypair, certs, version = 0): """ Build a signed manifest. """ - self = cls() + filelist = [] for name, obj in names_and_objs: d = rpki.POW.Digest(rpki.POW.SHA256_DIGEST) d.update(obj.get_DER()) filelist.append((name.rpartition("/")[2], d.digest())) filelist.sort(key = lambda x: x[0]) - m = rpki.manifest.Manifest() - m.version.set(version) - m.manifestNumber.set(serial) - m.thisUpdate.set(thisUpdate.toGeneralizedTime()) - m.nextUpdate.set(nextUpdate.toGeneralizedTime()) - m.fileHashAlg.set(rpki.oids.name2oid["id-sha256"]) - m.fileList.set(filelist) - self.set_content(m) + + obj = cls.POW_class() + obj.setVersion(version) + obj.setManifestNumber(serial) + obj.setThisUpdate(thisUpdate) + obj.setNextUpdate(nextUpdate) + obj.setAlgorithm(POWify_OID(rpki.oids.name2oid["id-sha256"])) + obj.addFiles(filelist) + + self = cls(POW = obj) self.sign(keypair, certs) return self @@ -1365,31 +1490,23 @@ class ROA(DER_CMS_object): """ pem_converter = PEM_converter("ROUTE ORIGIN ATTESTATION") - content_class = rpki.roa.RouteOriginAttestation econtent_oid = POWify_OID("id-ct-routeOriginAttestation") + POW_class = rpki.POW.ROA @classmethod def build(cls, asn, ipv4, ipv6, keypair, certs, version = 0): """ Build a ROA. """ - try: - self = cls() - r = rpki.roa.RouteOriginAttestation() - r.version.set(version) - r.asID.set(asn) - r.ipAddrBlocks.set((a.to_roa_tuple() for a in (ipv4, ipv6) if a)) - self.set_content(r) - self.sign(keypair, certs) - return self - except rpki.POW.pkix.DerError, e: - rpki.log.debug("Encoding error while generating ROA %r: %s" % (self, e)) - rpki.log.debug("ROA inner content: %r" % (r.get(),)) - raise - - _afi_map = dict((cls.resource_set_type.afi, cls) - for cls in (rpki.resource_set.roa_prefix_set_ipv4, - rpki.resource_set.roa_prefix_set_ipv6)) + ipv4 = ipv4.to_POW_roa_tuple() if ipv4 else None + ipv6 = ipv6.to_POW_roa_tuple() if ipv6 else None + obj = cls.POW_class() + obj.setVersion(version) + obj.setASID(asn) + obj.setPrefixes(ipv4 = ipv4, ipv6 = ipv6) + self = cls(POW = obj) + self.sign(keypair, certs) + return self def tracking_data(self, uri): """ @@ -1398,42 +1515,25 @@ class ROA(DER_CMS_object): """ msg = DER_CMS_object.tracking_data(self, uri) try: - if self.content is None: + try: + self.get_POW().getVersion() + except rpki.POW.NotVerifiedError: self.extract() - roa = self.get_content() - asn = roa.asID.get() - prefix_sets = {} - for fam in roa.ipAddrBlocks: - afi = fam.addressFamily.get() - prefix_sets[afi] = prefix_set = self._afi_map[afi]() - addr_type = prefix_set.resource_set_type.range_type.datum_type - for addr in fam.addresses: - prefix = addr.address.get() - prefixlen = len(prefix) - prefix = addr_type(rpki.resource_set._bs2long(prefix, addr_type.bits, 0)) - maxprefixlen = addr.maxLength.get() - prefix_set.append(prefix_set.prefix_type(prefix, prefixlen, maxprefixlen)) - msg = "%s %s %s" % (msg, asn, - ",".join(str(prefix_sets[i]) for i in sorted(prefix_sets))) - except: + asn = self.get_POW().getASID() + text = [] + for prefixes in self.get_POW().getPrefixes(): + if prefixes is not None: + for prefix, prefixlen, maxprefixlen in prefixes: + if maxprefixlen is None or prefixlen == maxprefixlen: + text.append("%s/%s" % (prefix, prefixlen)) + else: + text.append("%s/%s-%s" % (prefix, prefixlen, maxprefixlen)) + text.sort() + msg = "%s %s %s" % (msg, asn, ",".join(text)) + except: # pylint: disable=W0702 pass return msg -class Ghostbuster(DER_CMS_object): - """ - Class to hold a signed Ghostbuster record. - """ - - content_class = rpki.ghostbuster.Ghostbuster - - @classmethod - def build(cls, vcard, keypair, certs): - self = cls() - gbr = content_class(vcard) - self.set_content(gbr) - self.sign(keypair, certs) - return self - class DeadDrop(object): """ Dead-drop utility for storing copies of CMS messages for debugging or @@ -1465,7 +1565,7 @@ class DeadDrop(object): rpki.log.warn("Could not write to mailbox %s: %e" % (self.name, e)) self.warned = True -class XML_CMS_object(CMS_object): +class XML_CMS_object(Wrapped_CMS_object): """ Class to hold CMS-wrapped XML protocol data. """ @@ -1484,11 +1584,24 @@ class XML_CMS_object(CMS_object): dump_inbound_cms = None + ## @var check_inbound_schema + # If set, perform RelaxNG schema check on inbound messages. + + check_inbound_schema = True + + ## @var check_outbound_schema + # If set, perform RelaxNG schema check on outbound messages. + + check_outbound_schema = False + def encode(self): """ Encode inner content for signing. """ - return lxml.etree.tostring(self.get_content(), pretty_print = True, encoding = self.encoding, xml_declaration = True) + return lxml.etree.tostring(self.get_content(), + pretty_print = True, + encoding = self.encoding, + xml_declaration = True) def decode(self, xml): """ @@ -1500,7 +1613,10 @@ class XML_CMS_object(CMS_object): """ Pretty print XML content of this message. """ - return lxml.etree.tostring(self.get_content(), pretty_print = True, encoding = self.encoding, xml_declaration = True) + return lxml.etree.tostring(self.get_content(), + pretty_print = True, + encoding = self.encoding, + xml_declaration = True) def schema_check(self): """ @@ -1531,7 +1647,8 @@ class XML_CMS_object(CMS_object): self.set_content(msg) else: self.set_content(msg.toXML()) - self.schema_check() + if self.check_outbound_schema: + self.schema_check() self.sign(keypair, certs, crls) if self.dump_outbound_cms: self.dump_outbound_cms.dump(self) @@ -1544,11 +1661,12 @@ class XML_CMS_object(CMS_object): if self.dump_inbound_cms: self.dump_inbound_cms.dump(self) self.verify(ta) - self.schema_check() + if self.check_inbound_schema: + self.schema_check() if self.saxify is None: return self.get_content() else: - return self.saxify(self.get_content()) + return self.saxify(self.get_content()) # pylint: disable=E1102 def check_replay(self, timestamp): """ @@ -1583,7 +1701,7 @@ class SignedReferral(XML_CMS_object): schema = rpki.relaxng.myrpki saxify = None -class Ghostbuster(CMS_object): +class Ghostbuster(Wrapped_CMS_object): """ Class to hold Ghostbusters record (CMS-wrapped VCard). This is quite minimal because we treat the VCard as an opaque byte string @@ -1623,7 +1741,7 @@ class CRL(DER_object): Class to hold a Certificate Revocation List. """ - formats = ("DER", "POW", "POWpkix") + formats = ("DER", "POW") pem_converter = PEM_converter("X509 CRL") def get_DER(self): @@ -1636,9 +1754,6 @@ class CRL(DER_object): if self.POW: self.DER = self.POW.derWrite() return self.get_DER() - if self.POWpkix: - self.DER = self.POWpkix.toString() - return self.get_DER() raise rpki.exceptions.DERObjectConversionError, "No conversion path to DER available" def get_POW(self): @@ -1646,56 +1761,49 @@ class CRL(DER_object): Get the rpki.POW value of this CRL. """ self.check() - if not self.POW: - self.POW = rpki.POW.derRead(rpki.POW.X509_CRL, self.get_DER()) + if not self.POW: # pylint: disable=E0203 + self.POW = rpki.POW.CRL.derRead(self.get_DER()) return self.POW - def get_POWpkix(self): - """ - Get the rpki.POW.pkix value of this CRL. - """ - self.check() - if not self.POWpkix: - crl = rpki.POW.pkix.CertificateList() - crl.fromString(self.get_DER()) - self.POWpkix = crl - return self.POWpkix - def getThisUpdate(self): """ Get thisUpdate value from this CRL. """ - return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().getThisUpdate()) + return self.get_POW().getThisUpdate() def getNextUpdate(self): """ Get nextUpdate value from this CRL. """ - return rpki.sundial.datetime.fromASN1tuple(self.get_POWpkix().getNextUpdate()) + return self.get_POW().getNextUpdate() def getIssuer(self): """ Get issuer value of this CRL. """ - return X501DN(self.get_POWpkix().getIssuer()) + return X501DN.from_POW(self.get_POW().getIssuer()) + + def getCRLNumber(self): + """ + Get CRL Number value for this CRL. + """ + return self.get_POW().getCRLNumber() @classmethod - def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1, digestType = "sha256WithRSAEncryption"): + def generate(cls, keypair, issuer, serial, thisUpdate, nextUpdate, revokedCertificates, version = 1): """ Generate a new CRL. """ - crl = rpki.POW.pkix.CertificateList() + crl = rpki.POW.CRL() crl.setVersion(version) - crl.setIssuer(issuer.get_POWpkix().getSubject()) - crl.setThisUpdate(thisUpdate.toASN1tuple()) - crl.setNextUpdate(nextUpdate.toASN1tuple()) - if revokedCertificates: - crl.setRevokedCertificates(revokedCertificates) - crl.setExtensions( - ((rpki.oids.name2oid["authorityKeyIdentifier"], False, (issuer.get_SKI(), (), None)), - (rpki.oids.name2oid["cRLNumber"], False, serial))) - crl.sign(keypair.get_POW(), digestType) - return cls(POWpkix = crl) + crl.setIssuer(issuer.getSubject().get_POW()) + crl.setThisUpdate(thisUpdate) + crl.setNextUpdate(nextUpdate) + crl.setAKI(issuer.get_SKI()) + crl.setCRLNumber(serial) + crl.addRevocations(revokedCertificates) + crl.sign(keypair.get_POW()) + return cls(POW = crl) @property def creation_timestamp(self): diff --git a/rpkid/rpki/xml_utils.py b/rpkid/rpki/xml_utils.py index 27c1f1e6..156d0e48 100644 --- a/rpkid/rpki/xml_utils.py +++ b/rpkid/rpki/xml_utils.py @@ -3,7 +3,7 @@ XML utilities. $Id$ -Copyright (C) 2009-2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009-2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -206,7 +206,7 @@ class base_elt(object): """ Convert a base_elt object to string format. """ - lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "us-ascii") + return lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "us-ascii") @classmethod def make_pdu(cls, **kargs): @@ -451,7 +451,7 @@ class msg(list): """ Convert msg object to string. """ - lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "us-ascii") + return lxml.etree.tostring(self.toXML(), pretty_print = True, encoding = "us-ascii") def toXML(self): """ |