webpki-roots 0.20.0

Mozilla's CA root certificates for use with webpki
Documentation
# -*- coding: utf-8 -*-
import binascii

# Agence Nationale de la Securite des Systemes d'Information (ANSSI)
ANSSI_SUBJECT_DN = (
    b"\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" b"FR"
    b"\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06" b"France"
    b"\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" b"Paris"
    b"\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07" b"PM/SGDN"
    b"\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05" b"DCSSI"
    b"\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05" b"IGC/A"
    b"\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
    b"\x16\x14" b"igca@sgdn.pm.gouv.fr"
    )

ANSSI_NAME_CONSTRAINTS = (
    b"\xa0\x5f"
    b"\x30\x5D\xA0\x5B"
    b"\x30\x05\x82\x03" b".fr"
    b"\x30\x05\x82\x03" b".gp"
    b"\x30\x05\x82\x03" b".gf"
    b"\x30\x05\x82\x03" b".mq"
    b"\x30\x05\x82\x03" b".re"
    b"\x30\x05\x82\x03" b".yt"
    b"\x30\x05\x82\x03" b".pm"
    b"\x30\x05\x82\x03" b".bl"
    b"\x30\x05\x82\x03" b".mf"
    b"\x30\x05\x82\x03" b".wf"
    b"\x30\x05\x82\x03" b".pf"
    b"\x30\x05\x82\x03" b".nc"
    b"\x30\x05\x82\x03" b".tf"
    )

# TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
TUBITAK1_SUBJECT_DN = (
    b"\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02" b"TR"
    b"\x31\x18\x30\x16\x06\x03\x55\x04\x07\x13\x0f" b"Gebze - Kocaeli"
    b"\x31\x42\x30\x40\x06\x03\x55\x04\x0a\x13\x39" b"Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK"
    b"\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24" b"Kamu Sertifikasyon Merkezi - Kamu SM"
    b"\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d" b"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
    )

TUBITAK1_NAME_CONSTRAINTS = (
    b"\xa0\x67"
    b"\x30\x65\xa0\x63"
    b"\x30\x09\x82\x07" b".gov.tr"
    b"\x30\x09\x82\x07" b".k12.tr"
    b"\x30\x09\x82\x07" b".pol.tr"
    b"\x30\x09\x82\x07" b".mil.tr"
    b"\x30\x09\x82\x07" b".tsk.tr"
    b"\x30\x09\x82\x07" b".kep.tr"
    b"\x30\x09\x82\x07" b".bel.tr"
    b"\x30\x09\x82\x07" b".edu.tr"
    b"\x30\x09\x82\x07" b".org.tr"
    )

name_constraints = {
    TUBITAK1_SUBJECT_DN: TUBITAK1_NAME_CONSTRAINTS,
    ANSSI_SUBJECT_DN: ANSSI_NAME_CONSTRAINTS
}


def get_imposed_name_constraints(subject):
    """
    For the given certificate subject name, return a
    name constraints encoding which will be applied
    to that certificate.  Return None to apply
    no constraints.

    Data returned by this function is sourced from:

    https://hg.mozilla.org/projects/nss/file/tip/lib/certdb/genname.c

    Such that webpki-roots implements the same policy in this
    respect as the Mozilla root program.
    """

    return name_constraints.get(binascii.a2b_hex(subject), None)