Back to module index

Go to module by name

cryptography

cryptography.x509 (package)

This module has no docstring.

Classes

AccessDescription

access_location = <property object at 0x7f0567532360>
access_method = <property object at 0x7f0567532310>

AttributeNotFound

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

AuthorityInformationAccess

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>

AuthorityInformationAccessOID

CA_ISSUERS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.2, name=caIssuers)>
OCSP = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>

AuthorityKeyIdentifier

from_issuer_public_key(public_key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]) -> 'AuthorityKeyIdentifier'
from_issuer_subject_key_identifier(ski: 'SubjectKeyIdentifier') -> 'AuthorityKeyIdentifier'
authority_cert_issuer = <property object at 0x7f0567532040>
authority_cert_serial_number = <property object at 0x7f0567532090>
key_identifier = <property object at 0x7f0567522f90>
oid = <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>

BasicConstraints

ca = <property object at 0x7f0567532400>
oid = <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>
path_length = <property object at 0x7f0567532450>

CRLDistributionPoints

oid = <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>

CRLEntryExtensionOID

CERTIFICATE_ISSUER = <ObjectIdentifier(oid=2.5.29.29, name=certificateIssuer)>
CRL_REASON = <ObjectIdentifier(oid=2.5.29.21, name=cRLReason)>
INVALIDITY_DATE = <ObjectIdentifier(oid=2.5.29.24, name=invalidityDate)>

CRLNumber

crl_number = <property object at 0x7f0567522e50>
oid = <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>

CRLReason

oid = <ObjectIdentifier(oid=2.5.29.21, name=cRLReason)>
reason = <property object at 0x7f056797cae0>

Certificate

fingerprint(self, algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm) -> bytes


          Returns bytes using digest passed.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding) -> bytes


          Serializes the certificate to PEM or DER format.
        
public_key(self) -> Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]


          Returns the public key
        
extensions = <abc.abstractproperty object at 0x7f056751a4c0>

          Returns an Extensions object.
        
issuer = <abc.abstractproperty object at 0x7f05676564c0>

          Returns the issuer name object.
        
not_valid_after = <abc.abstractproperty object at 0x7f05676561c0>

          Not after time (represented as UTC datetime)
        
not_valid_before = <abc.abstractproperty object at 0x7f05675e9340>

          Not before time (represented as UTC datetime)
        
serial_number = <abc.abstractproperty object at 0x7f05675e9280>

          Returns certificate serial number
        
signature = <abc.abstractproperty object at 0x7f056751a5e0>

          Returns the signature bytes.
        
signature_algorithm_oid = <abc.abstractproperty object at 0x7f056751a460>

          Returns the ObjectIdentifier of the signature algorithm.
        
signature_hash_algorithm = <abc.abstractproperty object at 0x7f05676567c0>

          Returns a HashAlgorithm corresponding to the type of the digest signed
          in the certificate.
        
subject = <abc.abstractproperty object at 0x7f0567656520>

          Returns the subject name object.
        
tbs_certificate_bytes = <abc.abstractproperty object at 0x7f056751a880>

          Returns the tbsCertificate payload bytes as defined in RFC 5280.
        
version = <abc.abstractproperty object at 0x7f05675e92e0>

          Returns the certificate version
        

CertificateBuilder

add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool)


          Adds an X.509 extension to the certificate.
        
issuer_name(self, name: cryptography.x509.name.Name)


          Sets the CA's distinguished name.
        
not_valid_after(self, time: datetime.datetime)


          Sets the certificate expiration time.
        
not_valid_before(self, time: datetime.datetime)


          Sets the certificate activation time.
        
public_key(self, key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey])


          Sets the requestor's public key (as found in the signing request).
        
serial_number(self, number: int)


          Sets the certificate serial number.
        
sign(self, private_key: Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey], algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm, backend=None) -> cryptography.x509.base.Certificate


          Signs the certificate using the CA's private key.
        
subject_name(self, name: cryptography.x509.name.Name)


          Sets the requestor's distinguished name.
        

CertificateIssuer

get_values_for_type(self, type)
oid = <ObjectIdentifier(oid=2.5.29.29, name=certificateIssuer)>

CertificatePolicies

oid = <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>

CertificatePoliciesOID

ANY_POLICY = <ObjectIdentifier(oid=2.5.29.32.0, name=Unknown OID)>
CPS_QUALIFIER = <ObjectIdentifier(oid=1.3.6.1.5.5.7.2.1, name=id-qt-cps)>
CPS_USER_NOTICE = <ObjectIdentifier(oid=1.3.6.1.5.5.7.2.2, name=id-qt-unotice)>

CertificateRevocationList

fingerprint(self, algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm) -> bytes


          Returns bytes using digest passed.
        
get_revoked_certificate_by_serial_number(self, serial_number: int) -> Optional[cryptography.x509.base.RevokedCertificate]


          Returns an instance of RevokedCertificate or None if the serial_number
          is not in the CRL.
        
is_signature_valid(self, public_key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]) -> bool


          Verifies signature of revocation list against given public key.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding) -> bytes


          Serializes the CRL to PEM or DER format.
        
extensions = <abc.abstractproperty object at 0x7f056751abe0>

          Returns an Extensions object containing a list of CRL extensions.
        
issuer = <abc.abstractproperty object at 0x7f056751aac0>

          Returns the X509Name with the issuer of this CRL.
        
last_update = <abc.abstractproperty object at 0x7f056751ab80>

          Returns the date of last update for this CRL.
        
next_update = <abc.abstractproperty object at 0x7f056751ab20>

          Returns the date of next update for this CRL.
        
signature = <abc.abstractproperty object at 0x7f056751ac40>

          Returns the signature bytes.
        
signature_algorithm_oid = <abc.abstractproperty object at 0x7f056751aa60>

          Returns the ObjectIdentifier of the signature algorithm.
        
signature_hash_algorithm = <abc.abstractproperty object at 0x7f056751aa00>

          Returns a HashAlgorithm corresponding to the type of the digest signed
          in the certificate.
        
tbs_certlist_bytes = <abc.abstractproperty object at 0x7f056751aca0>

          Returns the tbsCertList payload bytes as defined in RFC 5280.
        

CertificateRevocationListBuilder

add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool)


          Adds an X.509 extension to the certificate revocation list.
        
add_revoked_certificate(self, revoked_certificate: cryptography.x509.base.RevokedCertificate)


          Adds a revoked certificate to the CRL.
        
issuer_name(self, issuer_name: cryptography.x509.name.Name)
last_update(self, last_update: datetime.datetime)
next_update(self, next_update: datetime.datetime)
sign(self, private_key: Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey], algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm, backend=None) -> cryptography.x509.base.CertificateRevocationList

CertificateSigningRequest

get_attribute_for_oid(self, oid: cryptography.hazmat._oid.ObjectIdentifier) -> bytes


          Get the attribute value for a given OID.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding) -> bytes


          Encodes the request to PEM or DER format.
        
public_key(self) -> Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]


          Returns the public key
        
extensions = <abc.abstractproperty object at 0x7f056751ae20>

          Returns the extensions in the signing request.
        
is_signature_valid = <abc.abstractproperty object at 0x7f056751af40>

          Verifies signature of signing request.
        
signature = <abc.abstractproperty object at 0x7f056751ae80>

          Returns the signature bytes.
        
signature_algorithm_oid = <abc.abstractproperty object at 0x7f056751adc0>

          Returns the ObjectIdentifier of the signature algorithm.
        
signature_hash_algorithm = <abc.abstractproperty object at 0x7f056751ad60>

          Returns a HashAlgorithm corresponding to the type of the digest signed
          in the certificate.
        
subject = <abc.abstractproperty object at 0x7f056751ad00>

          Returns the subject name object.
        
tbs_certrequest_bytes = <abc.abstractproperty object at 0x7f056751aee0>

          Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
          2986.
        

CertificateSigningRequestBuilder

add_attribute(self, oid: cryptography.hazmat._oid.ObjectIdentifier, value: bytes)


          Adds an X.509 attribute with an OID and associated value.
        
add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool)


          Adds an X.509 extension to the certificate request.
        
sign(self, private_key: Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey], algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm, backend=None) -> cryptography.x509.base.CertificateSigningRequest


          Signs the request using the requestor's private key.
        
subject_name(self, name: cryptography.x509.name.Name)


          Sets the certificate requestor's distinguished name.
        

DNSName

value = <property object at 0x7f0567522860>

DeltaCRLIndicator

crl_number = <property object at 0x7f05675ebd60>
oid = <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>

DirectoryName

value = <property object at 0x7f05675229a0>

DistributionPoint

crl_issuer = <property object at 0x7f05675328b0>
full_name = <property object at 0x7f05675327c0>
reasons = <property object at 0x7f0567532860>
relative_name = <property object at 0x7f0567532810>

DuplicateExtension

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

ExtendedKeyUsage

oid = <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>

ExtendedKeyUsageOID

ANY_EXTENDED_KEY_USAGE = <ObjectIdentifier(oid=2.5.29.37.0, name=Unknown OID)>
CLIENT_AUTH = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clientAuth)>
CODE_SIGNING = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.3, name=codeSigning)>
EMAIL_PROTECTION = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.4, name=emailProtection)>
OCSP_SIGNING = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.9, name=OCSPSigning)>
SERVER_AUTH = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name=serverAuth)>
TIME_STAMPING = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.8, name=timeStamping)>

Extension

critical = <property object at 0x7f056797c860>
oid = <property object at 0x7f056797c810>
value = <property object at 0x7f056797c8b0>

ExtensionNotFound

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

ExtensionOID

AUTHORITY_INFORMATION_ACCESS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>
AUTHORITY_KEY_IDENTIFIER = <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>
BASIC_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>
CERTIFICATE_POLICIES = <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>
CRL_DISTRIBUTION_POINTS = <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>
CRL_NUMBER = <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>
DELTA_CRL_INDICATOR = <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>
EXTENDED_KEY_USAGE = <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>
FRESHEST_CRL = <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>
INHIBIT_ANY_POLICY = <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>
ISSUER_ALTERNATIVE_NAME = <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>
ISSUING_DISTRIBUTION_POINT = <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>
KEY_USAGE = <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>
NAME_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>
OCSP_NO_CHECK = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>
POLICY_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>
POLICY_MAPPINGS = <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>
PRECERT_POISON = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>
PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>
SIGNED_CERTIFICATE_TIMESTAMPS = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>
SUBJECT_ALTERNATIVE_NAME = <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>
SUBJECT_DIRECTORY_ATTRIBUTES = <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>
SUBJECT_INFORMATION_ACCESS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>
SUBJECT_KEY_IDENTIFIER = <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>
TLS_FEATURE = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>

ExtensionType

oid = <abc.abstractproperty object at 0x7f056760cd00>

          Returns the oid associated with the given extension type.
        

Extensions

get_extension_for_class(self, extclass) -> 'Extension'
get_extension_for_oid(self, oid: cryptography.hazmat._oid.ObjectIdentifier) -> 'Extension'

FreshestCRL

oid = <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>

GeneralName

value = <abc.abstractproperty object at 0x7f056750eac0>

          Return the value of the object
        

GeneralNames

get_values_for_type(self, type: Type[cryptography.x509.general_name.GeneralName])

IPAddress

value = <property object at 0x7f0567522bd0>

InhibitAnyPolicy

oid = <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>
skip_certs = <property object at 0x7f056797c310>

InvalidVersion

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

InvalidityDate

invalidity_date = <property object at 0x7f056797cb80>
oid = <ObjectIdentifier(oid=2.5.29.24, name=invalidityDate)>

IssuerAlternativeName

get_values_for_type(self, type)
oid = <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>

IssuingDistributionPoint

full_name = <property object at 0x7f056797cdb0>
indirect_crl = <property object at 0x7f056797cf40>
oid = <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>
only_contains_attribute_certs = <property object at 0x7f056797cf90>
only_contains_ca_certs = <property object at 0x7f056797cea0>
only_contains_user_certs = <property object at 0x7f056797ce50>
only_some_reasons = <property object at 0x7f056797cef0>
relative_name = <property object at 0x7f056797ce00>

KeyUsage

content_commitment = <property object at 0x7f056797c450>
crl_sign = <property object at 0x7f056797c5e0>
data_encipherment = <property object at 0x7f056797c4f0>
decipher_only = <property object at 0x7f056797c680>
digital_signature = <property object at 0x7f056797c400>
encipher_only = <property object at 0x7f056797c630>
key_agreement = <property object at 0x7f056797c540>
key_cert_sign = <property object at 0x7f056797c590>
key_encipherment = <property object at 0x7f056797c4a0>
oid = <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>

Name

get_attributes_for_oid(self, oid) -> List[cryptography.x509.name.NameAttribute]
public_bytes(self, backend=None) -> bytes
rfc4514_string(self) -> str


          Format as RFC4514 Distinguished Name string.
          For example 'CN=foobar.com,O=Foo Corp,C=US'

          An X.509 name is a two-level structure: a list of sets of attributes.
          Each list element is separated by ',' and within each list element, set
          elements are separated by '+'. The latter is almost never used in
          real world certificates. According to RFC4514 section 2.1 the
          RDNSequence must be reversed when converting to string representation.
        
rdns = <property object at 0x7f0567522770>

NameAttribute

rfc4514_string(self) -> str


          Format as RFC4514 Distinguished Name string.

          Use short attribute name if available, otherwise fall back to OID
          dotted string.
        
oid = <property object at 0x7f056751d220>
value = <property object at 0x7f056751d270>

NameConstraints

excluded_subtrees = <property object at 0x7f056797c770>
oid = <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>
permitted_subtrees = <property object at 0x7f056797c720>

NameOID

BUSINESS_CATEGORY = <ObjectIdentifier(oid=2.5.4.15, name=businessCategory)>
COMMON_NAME = <ObjectIdentifier(oid=2.5.4.3, name=commonName)>
COUNTRY_NAME = <ObjectIdentifier(oid=2.5.4.6, name=countryName)>
DN_QUALIFIER = <ObjectIdentifier(oid=2.5.4.46, name=dnQualifier)>
DOMAIN_COMPONENT = <ObjectIdentifier(oid=0.9.2342.19200300.100.1.25, name=domainComponent)>
EMAIL_ADDRESS = <ObjectIdentifier(oid=1.2.840.113549.1.9.1, name=emailAddress)>
GENERATION_QUALIFIER = <ObjectIdentifier(oid=2.5.4.44, name=generationQualifier)>
GIVEN_NAME = <ObjectIdentifier(oid=2.5.4.42, name=givenName)>
INN = <ObjectIdentifier(oid=1.2.643.3.131.1.1, name=INN)>
JURISDICTION_COUNTRY_NAME = <ObjectIdentifier(oid=1.3.6.1.4.1.311.60.2.1.3, name=jurisdictionCountryName)>
JURISDICTION_LOCALITY_NAME = <ObjectIdentifier(oid=1.3.6.1.4.1.311.60.2.1.1, name=jurisdictionLocalityName)>
JURISDICTION_STATE_OR_PROVINCE_NAME = <ObjectIdentifier(oid=1.3.6.1.4.1.311.60.2.1.2, name=jurisdictionStateOrProvinceName)>
LOCALITY_NAME = <ObjectIdentifier(oid=2.5.4.7, name=localityName)>
OGRN = <ObjectIdentifier(oid=1.2.643.100.1, name=OGRN)>
ORGANIZATIONAL_UNIT_NAME = <ObjectIdentifier(oid=2.5.4.11, name=organizationalUnitName)>
ORGANIZATION_NAME = <ObjectIdentifier(oid=2.5.4.10, name=organizationName)>
POSTAL_ADDRESS = <ObjectIdentifier(oid=2.5.4.16, name=postalAddress)>
POSTAL_CODE = <ObjectIdentifier(oid=2.5.4.17, name=postalCode)>
PSEUDONYM = <ObjectIdentifier(oid=2.5.4.65, name=pseudonym)>
SERIAL_NUMBER = <ObjectIdentifier(oid=2.5.4.5, name=serialNumber)>
SNILS = <ObjectIdentifier(oid=1.2.643.100.3, name=SNILS)>
STATE_OR_PROVINCE_NAME = <ObjectIdentifier(oid=2.5.4.8, name=stateOrProvinceName)>
STREET_ADDRESS = <ObjectIdentifier(oid=2.5.4.9, name=streetAddress)>
SURNAME = <ObjectIdentifier(oid=2.5.4.4, name=surname)>
TITLE = <ObjectIdentifier(oid=2.5.4.12, name=title)>
UNSTRUCTURED_NAME = <ObjectIdentifier(oid=1.2.840.113549.1.9.2, name=unstructuredName)>
USER_ID = <ObjectIdentifier(oid=0.9.2342.19200300.100.1.1, name=userID)>
X500_UNIQUE_IDENTIFIER = <ObjectIdentifier(oid=2.5.4.45, name=x500UniqueIdentifier)>

NoticeReference

notice_numbers = <property object at 0x7f056797c040>
organization = <property object at 0x7f0567532f90>

OCSPNoCheck

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>

OCSPNonce

nonce = <property object at 0x7f056797cd10>
oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.2, name=OCSPNonce)>

ObjectIdentifier

dotted_string = <property object at 0x7f056766aae0>

OtherName

type_id = <property object at 0x7f0567522c70>
value = <property object at 0x7f0567522cc0>

PolicyConstraints

inhibit_policy_mapping = <property object at 0x7f05675329a0>
oid = <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>
require_explicit_policy = <property object at 0x7f0567532950>

PolicyInformation

policy_identifier = <property object at 0x7f0567532cc0>
policy_qualifiers = <property object at 0x7f0567532d10>

PrecertPoison

oid = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>

PrecertificateSignedCertificateTimestamps

oid = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>

RFC822Name

value = <property object at 0x7f05675a04a0>

ReasonFlags

An enumeration.
aa_compromise = <ReasonFlags.aa_compromise: 'aACompromise'>
affiliation_changed = <ReasonFlags.affiliation_changed: 'affiliationChanged'>
ca_compromise = <ReasonFlags.ca_compromise: 'cACompromise'>
certificate_hold = <ReasonFlags.certificate_hold: 'certificateHold'>
cessation_of_operation = <ReasonFlags.cessation_of_operation: 'cessationOfOperation'>
key_compromise = <ReasonFlags.key_compromise: 'keyCompromise'>
name = <types.DynamicClassAttribute object at 0x7f0567f3eb80>
  The name of the Enum member.
privilege_withdrawn = <ReasonFlags.privilege_withdrawn: 'privilegeWithdrawn'>
remove_from_crl = <ReasonFlags.remove_from_crl: 'removeFromCRL'>
superseded = <ReasonFlags.superseded: 'superseded'>
unspecified = <ReasonFlags.unspecified: 'unspecified'>
value = <types.DynamicClassAttribute object at 0x7f0567f3ebb0>
  The value of the Enum member.

RegisteredID

value = <property object at 0x7f0567522a40>

RelativeDistinguishedName

get_attributes_for_oid(self, oid) -> List[cryptography.x509.name.NameAttribute]
rfc4514_string(self) -> str


          Format as RFC4514 Distinguished Name string.

          Within each RDN, attributes are joined by '+', although that is rarely
          used in certificates.
        

RevokedCertificate

extensions = <abc.abstractproperty object at 0x7f056751a9a0>

          Returns an Extensions object containing a list of Revoked extensions.
        
revocation_date = <abc.abstractproperty object at 0x7f056751a940>

          Returns the date of when this certificate was revoked.
        
serial_number = <abc.abstractproperty object at 0x7f056751a8e0>

          Returns the serial number of the revoked certificate.
        

RevokedCertificateBuilder

add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool)
build(self, backend=None) -> cryptography.x509.base.RevokedCertificate
revocation_date(self, time: datetime.datetime)
serial_number(self, number: int)

SignatureAlgorithmOID

DSA_WITH_SHA1 = <ObjectIdentifier(oid=1.2.840.10040.4.3, name=dsa-with-sha1)>
DSA_WITH_SHA224 = <ObjectIdentifier(oid=2.16.840.1.101.3.4.3.1, name=dsa-with-sha224)>
DSA_WITH_SHA256 = <ObjectIdentifier(oid=2.16.840.1.101.3.4.3.2, name=dsa-with-sha256)>
ECDSA_WITH_SHA1 = <ObjectIdentifier(oid=1.2.840.10045.4.1, name=ecdsa-with-SHA1)>
ECDSA_WITH_SHA224 = <ObjectIdentifier(oid=1.2.840.10045.4.3.1, name=ecdsa-with-SHA224)>
ECDSA_WITH_SHA256 = <ObjectIdentifier(oid=1.2.840.10045.4.3.2, name=ecdsa-with-SHA256)>
ECDSA_WITH_SHA384 = <ObjectIdentifier(oid=1.2.840.10045.4.3.3, name=ecdsa-with-SHA384)>
ECDSA_WITH_SHA512 = <ObjectIdentifier(oid=1.2.840.10045.4.3.4, name=ecdsa-with-SHA512)>
ED25519 = <ObjectIdentifier(oid=1.3.101.112, name=ed25519)>
ED448 = <ObjectIdentifier(oid=1.3.101.113, name=ed448)>
GOSTR3410_2012_WITH_3411_2012_256 = <ObjectIdentifier(oid=1.2.643.7.1.1.3.2, name=GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit))>
GOSTR3410_2012_WITH_3411_2012_512 = <ObjectIdentifier(oid=1.2.643.7.1.1.3.3, name=GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit))>
GOSTR3411_94_WITH_3410_2001 = <ObjectIdentifier(oid=1.2.643.2.2.3, name=GOST R 34.11-94 with GOST R 34.10-2001)>
RSASSA_PSS = <ObjectIdentifier(oid=1.2.840.113549.1.1.10, name=RSASSA-PSS)>
RSA_WITH_MD5 = <ObjectIdentifier(oid=1.2.840.113549.1.1.4, name=md5WithRSAEncryption)>
RSA_WITH_SHA1 = <ObjectIdentifier(oid=1.2.840.113549.1.1.5, name=sha1WithRSAEncryption)>
RSA_WITH_SHA224 = <ObjectIdentifier(oid=1.2.840.113549.1.1.14, name=sha224WithRSAEncryption)>
RSA_WITH_SHA256 = <ObjectIdentifier(oid=1.2.840.113549.1.1.11, name=sha256WithRSAEncryption)>
RSA_WITH_SHA384 = <ObjectIdentifier(oid=1.2.840.113549.1.1.12, name=sha384WithRSAEncryption)>
RSA_WITH_SHA512 = <ObjectIdentifier(oid=1.2.840.113549.1.1.13, name=sha512WithRSAEncryption)>

SignedCertificateTimestamps

oid = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>

SubjectAlternativeName

get_values_for_type(self, type)
oid = <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>

SubjectInformationAccess

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>

SubjectKeyIdentifier

from_public_key(public_key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]) -> 'SubjectKeyIdentifier'
digest = <property object at 0x7f0567532130>
oid = <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>

TLSFeature

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>

TLSFeatureType

An enumeration.
name = <types.DynamicClassAttribute object at 0x7f0567f3eb80>
  The name of the Enum member.
status_request = <TLSFeatureType.status_request: 5>
status_request_v2 = <TLSFeatureType.status_request_v2: 17>
value = <types.DynamicClassAttribute object at 0x7f0567f3ebb0>
  The value of the Enum member.

UniformResourceIdentifier

value = <property object at 0x7f0567522900>

UnrecognizedExtension

oid = <property object at 0x7f056798b090>
value = <property object at 0x7f056798b0e0>

UnsupportedGeneralNameType

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

UserNotice

explicit_text = <property object at 0x7f0567532ea0>
notice_reference = <property object at 0x7f0567532e50>

Version

An enumeration.
name = <types.DynamicClassAttribute object at 0x7f0567f3eb80>
  The name of the Enum member.
v1 = <Version.v1: 0>
v3 = <Version.v3: 2>
value = <types.DynamicClassAttribute object at 0x7f0567f3ebb0>
  The value of the Enum member.

Functions

load_der_x509_certificate

load_der_x509_certificate(data: bytes, backend=None) -> cryptography.x509.base.Certificate

load_der_x509_crl

load_der_x509_crl(data: bytes, backend=None) -> cryptography.x509.base.CertificateRevocationList

load_der_x509_csr

load_der_x509_csr(data: bytes, backend=None) -> cryptography.x509.base.CertificateSigningRequest

load_pem_x509_certificate

load_pem_x509_certificate(data: bytes, backend=None) -> cryptography.x509.base.Certificate

load_pem_x509_crl

load_pem_x509_crl(data: bytes, backend=None) -> cryptography.x509.base.CertificateRevocationList

load_pem_x509_csr

load_pem_x509_csr(data: bytes, backend=None) -> cryptography.x509.base.CertificateSigningRequest

random_serial_number

random_serial_number() -> int

Other members

OID_ANY_POLICY = <ObjectIdentifier(oid=2.5.29.32.0, name=Unknown OID)>
OID_AUTHORITY_INFORMATION_ACCESS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>
OID_AUTHORITY_KEY_IDENTIFIER = <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>
OID_BASIC_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>
OID_CA_ISSUERS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.2, name=caIssuers)>
OID_CERTIFICATE_ISSUER = <ObjectIdentifier(oid=2.5.29.29, name=certificateIssuer)>
OID_CERTIFICATE_POLICIES = <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>
OID_CLIENT_AUTH = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clientAuth)>
OID_CODE_SIGNING = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.3, name=codeSigning)>
OID_COMMON_NAME = <ObjectIdentifier(oid=2.5.4.3, name=commonName)>
OID_COUNTRY_NAME = <ObjectIdentifier(oid=2.5.4.6, name=countryName)>
OID_CPS_QUALIFIER = <ObjectIdentifier(oid=1.3.6.1.5.5.7.2.1, name=id-qt-cps)>
OID_CPS_USER_NOTICE = <ObjectIdentifier(oid=1.3.6.1.5.5.7.2.2, name=id-qt-unotice)>
OID_CRL_DISTRIBUTION_POINTS = <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>
OID_CRL_REASON = <ObjectIdentifier(oid=2.5.29.21, name=cRLReason)>
OID_DN_QUALIFIER = <ObjectIdentifier(oid=2.5.4.46, name=dnQualifier)>
OID_DOMAIN_COMPONENT = <ObjectIdentifier(oid=0.9.2342.19200300.100.1.25, name=domainComponent)>
OID_DSA_WITH_SHA1 = <ObjectIdentifier(oid=1.2.840.10040.4.3, name=dsa-with-sha1)>
OID_DSA_WITH_SHA224 = <ObjectIdentifier(oid=2.16.840.1.101.3.4.3.1, name=dsa-with-sha224)>
OID_DSA_WITH_SHA256 = <ObjectIdentifier(oid=2.16.840.1.101.3.4.3.2, name=dsa-with-sha256)>
OID_ECDSA_WITH_SHA1 = <ObjectIdentifier(oid=1.2.840.10045.4.1, name=ecdsa-with-SHA1)>
OID_ECDSA_WITH_SHA224 = <ObjectIdentifier(oid=1.2.840.10045.4.3.1, name=ecdsa-with-SHA224)>
OID_ECDSA_WITH_SHA256 = <ObjectIdentifier(oid=1.2.840.10045.4.3.2, name=ecdsa-with-SHA256)>
OID_ECDSA_WITH_SHA384 = <ObjectIdentifier(oid=1.2.840.10045.4.3.3, name=ecdsa-with-SHA384)>
OID_ECDSA_WITH_SHA512 = <ObjectIdentifier(oid=1.2.840.10045.4.3.4, name=ecdsa-with-SHA512)>
OID_EMAIL_ADDRESS = <ObjectIdentifier(oid=1.2.840.113549.1.9.1, name=emailAddress)>
OID_EMAIL_PROTECTION = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.4, name=emailProtection)>
OID_EXTENDED_KEY_USAGE = <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>
OID_FRESHEST_CRL = <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>
OID_GENERATION_QUALIFIER = <ObjectIdentifier(oid=2.5.4.44, name=generationQualifier)>
OID_GIVEN_NAME = <ObjectIdentifier(oid=2.5.4.42, name=givenName)>
OID_INHIBIT_ANY_POLICY = <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>
OID_INVALIDITY_DATE = <ObjectIdentifier(oid=2.5.29.24, name=invalidityDate)>
OID_ISSUER_ALTERNATIVE_NAME = <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>
OID_KEY_USAGE = <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>
OID_LOCALITY_NAME = <ObjectIdentifier(oid=2.5.4.7, name=localityName)>
OID_NAME_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>
OID_OCSP = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1, name=OCSP)>
OID_OCSP_NO_CHECK = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>
OID_OCSP_SIGNING = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.9, name=OCSPSigning)>
OID_ORGANIZATIONAL_UNIT_NAME = <ObjectIdentifier(oid=2.5.4.11, name=organizationalUnitName)>
OID_ORGANIZATION_NAME = <ObjectIdentifier(oid=2.5.4.10, name=organizationName)>
OID_POLICY_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>
OID_POLICY_MAPPINGS = <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>
OID_PSEUDONYM = <ObjectIdentifier(oid=2.5.4.65, name=pseudonym)>
OID_RSASSA_PSS = <ObjectIdentifier(oid=1.2.840.113549.1.1.10, name=RSASSA-PSS)>
OID_RSA_WITH_MD5 = <ObjectIdentifier(oid=1.2.840.113549.1.1.4, name=md5WithRSAEncryption)>
OID_RSA_WITH_SHA1 = <ObjectIdentifier(oid=1.2.840.113549.1.1.5, name=sha1WithRSAEncryption)>
OID_RSA_WITH_SHA224 = <ObjectIdentifier(oid=1.2.840.113549.1.1.14, name=sha224WithRSAEncryption)>
OID_RSA_WITH_SHA256 = <ObjectIdentifier(oid=1.2.840.113549.1.1.11, name=sha256WithRSAEncryption)>
OID_RSA_WITH_SHA384 = <ObjectIdentifier(oid=1.2.840.113549.1.1.12, name=sha384WithRSAEncryption)>
OID_RSA_WITH_SHA512 = <ObjectIdentifier(oid=1.2.840.113549.1.1.13, name=sha512WithRSAEncryption)>
OID_SERIAL_NUMBER = <ObjectIdentifier(oid=2.5.4.5, name=serialNumber)>
OID_SERVER_AUTH = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name=serverAuth)>
OID_STATE_OR_PROVINCE_NAME = <ObjectIdentifier(oid=2.5.4.8, name=stateOrProvinceName)>
OID_SUBJECT_ALTERNATIVE_NAME = <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>
OID_SUBJECT_DIRECTORY_ATTRIBUTES = <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>
OID_SUBJECT_INFORMATION_ACCESS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>
OID_SUBJECT_KEY_IDENTIFIER = <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>
OID_SURNAME = <ObjectIdentifier(oid=2.5.4.4, name=surname)>
OID_TIME_STAMPING = <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.8, name=timeStamping)>
OID_TITLE = <ObjectIdentifier(oid=2.5.4.12, name=title)>

Modules

base

certificate_transparency

extensions

general_name

name

ocsp

oid