# 13. `example_oids_catalog.py` — `synta.oids` constant groups
[← Example index](index.md) · [example_oids_catalog.py on Codeberg](https://codeberg.org/abbra/synta/src/branch/main/examples/example_oids_catalog.py)
Bindings: every constant in `synta.oids` and `synta.oids.attr`,
plus the helper functions `identify_signature_algorithm`,
`identify_public_key_algorithm`.
- Print algorithm OIDs (RSA, EC, EdDSA, ML-DSA, ML-KEM).
- Print hash OIDs (SHA-2, SHA-3).
- Print SLH-DSA OIDs.
- Print prefix OIDs and demonstrate `components()`-based prefix matching.
- Print X.509v3 extension OIDs.
- Print EKU OIDs.
- Print PKINIT OIDs.
- Print MS PKI OIDs.
- Print all nine PKCS#9 attribute OIDs (`PKCS9_EMAIL_ADDRESS`, `PKCS9_CONTENT_TYPE`,
`PKCS9_MESSAGE_DIGEST`, `PKCS9_SIGNING_TIME`, `PKCS9_COUNTERSIGNATURE`,
`PKCS9_CHALLENGE_PASSWORD`, `PKCS9_EXTENSION_REQUEST`, `PKCS9_FRIENDLY_NAME`,
`PKCS9_LOCAL_KEY_ID`).
- Print every `synta.oids.attr` DN attribute OID with its RFC 4514 label.
## Source
```python
#!/usr/bin/env python3
"""
Example 12: synta.oids constant groups.
Demonstrates: every constant in synta.oids and synta.oids.attr,
plus the oids helper functions identify_signature_algorithm,
identify_public_key_algorithm. Includes PKCS#9 attribute OIDs
(PKCS9_EMAIL_ADDRESS, PKCS9_CONTENT_TYPE, PKCS9_MESSAGE_DIGEST,
PKCS9_SIGNING_TIME, PKCS9_COUNTERSIGNATURE, PKCS9_CHALLENGE_PASSWORD,
PKCS9_EXTENSION_REQUEST, PKCS9_FRIENDLY_NAME, PKCS9_LOCAL_KEY_ID).
"""
import synta
import synta.oids as oids
import synta.oids.attr as attr
def section(title):
print(f"\n{'─' * 60}\n{title}\n{'─' * 60}")
def demo_algorithm_oids():
section("Algorithm OIDs — signature and public-key algorithms")
alg_oids = [
("RSA_ENCRYPTION", oids.RSA_ENCRYPTION),
("RSA", oids.RSA),
("MD5_WITH_RSA", oids.MD5_WITH_RSA),
("SHA1_WITH_RSA", oids.SHA1_WITH_RSA),
("SHA256_WITH_RSA", oids.SHA256_WITH_RSA),
("SHA384_WITH_RSA", oids.SHA384_WITH_RSA),
("SHA512_WITH_RSA", oids.SHA512_WITH_RSA),
("EC_PUBLIC_KEY", oids.EC_PUBLIC_KEY),
("ECDSA", oids.ECDSA),
("ECDSA_WITH_SHA1", oids.ECDSA_WITH_SHA1),
("ECDSA_WITH_SHA256", oids.ECDSA_WITH_SHA256),
("ECDSA_WITH_SHA384", oids.ECDSA_WITH_SHA384),
("ECDSA_WITH_SHA512", oids.ECDSA_WITH_SHA512),
("EC_CURVE_P256", oids.EC_CURVE_P256),
("EC_CURVE_P384", oids.EC_CURVE_P384),
("EC_CURVE_P521", oids.EC_CURVE_P521),
("EC_CURVE_SECP256K1",oids.EC_CURVE_SECP256K1),
("ED25519", oids.ED25519),
("ED448", oids.ED448),
("ML_DSA_44", oids.ML_DSA_44),
("ML_DSA_65", oids.ML_DSA_65),
("ML_DSA_87", oids.ML_DSA_87),
("ML_KEM_512", oids.ML_KEM_512),
("ML_KEM_768", oids.ML_KEM_768),
("ML_KEM_1024", oids.ML_KEM_1024),
]
for name, oid in alg_oids:
print(f" {name:25} {oid}")
def demo_hash_oids():
section("Hash OIDs — SHA-2 and SHA-3 families")
hash_oids = [
("SHA224", oids.SHA224),
("SHA256", oids.SHA256),
("SHA384", oids.SHA384),
("SHA512", oids.SHA512),
("SHA512_224", oids.SHA512_224),
("SHA512_256", oids.SHA512_256),
("SHA3_224", oids.SHA3_224),
("SHA3_256", oids.SHA3_256),
("SHA3_384", oids.SHA3_384),
("SHA3_512", oids.SHA3_512),
("SHAKE128", oids.SHAKE128),
("SHAKE256", oids.SHAKE256),
]
for name, oid in hash_oids:
print(f" {name:12} {oid}")
def demo_slh_dsa_oids():
section("SLH-DSA OIDs (FIPS 205, NIST post-quantum)")
slh_oids = [
("SLH_DSA_SHA2_128S", oids.SLH_DSA_SHA2_128S),
("SLH_DSA_SHA2_128F", oids.SLH_DSA_SHA2_128F),
("SLH_DSA_SHA2_192S", oids.SLH_DSA_SHA2_192S),
("SLH_DSA_SHA2_192F", oids.SLH_DSA_SHA2_192F),
("SLH_DSA_SHA2_256S", oids.SLH_DSA_SHA2_256S),
("SLH_DSA_SHA2_256F", oids.SLH_DSA_SHA2_256F),
("SLH_DSA_SHAKE_128S", oids.SLH_DSA_SHAKE_128S),
("SLH_DSA_SHAKE_128F", oids.SLH_DSA_SHAKE_128F),
("SLH_DSA_SHAKE_192S", oids.SLH_DSA_SHAKE_192S),
("SLH_DSA_SHAKE_192F", oids.SLH_DSA_SHAKE_192F),
("SLH_DSA_SHAKE_256S", oids.SLH_DSA_SHAKE_256S),
("SLH_DSA_SHAKE_256F", oids.SLH_DSA_SHAKE_256F),
]
for name, oid in slh_oids:
print(f" {name:22} {oid}")
def demo_extension_oids():
section("X.509v3 extension OIDs (RFC 5280 / 2.5.29.*)")
ext_oids = [
("SUBJECT_KEY_IDENTIFIER", oids.SUBJECT_KEY_IDENTIFIER),
("KEY_USAGE", oids.KEY_USAGE),
("SUBJECT_ALT_NAME", oids.SUBJECT_ALT_NAME),
("ISSUER_ALT_NAME", oids.ISSUER_ALT_NAME),
("BASIC_CONSTRAINTS", oids.BASIC_CONSTRAINTS),
("CRL_DISTRIBUTION_POINTS", oids.CRL_DISTRIBUTION_POINTS),
("CERTIFICATE_POLICIES", oids.CERTIFICATE_POLICIES),
("AUTHORITY_KEY_IDENTIFIER",oids.AUTHORITY_KEY_IDENTIFIER),
("EXTENDED_KEY_USAGE", oids.EXTENDED_KEY_USAGE),
("AUTHORITY_INFO_ACCESS", oids.AUTHORITY_INFO_ACCESS),
("CT_PRECERT_SCTS", oids.CT_PRECERT_SCTS),
]
for name, oid in ext_oids:
print(f" {name:27} {oid}")
def demo_eku_oids():
section("Extended Key Usage (EKU) OIDs")
eku_oids = [
("KP_SERVER_AUTH", oids.KP_SERVER_AUTH),
("KP_CLIENT_AUTH", oids.KP_CLIENT_AUTH),
("KP_CODE_SIGNING", oids.KP_CODE_SIGNING),
("KP_EMAIL_PROTECTION", oids.KP_EMAIL_PROTECTION),
("KP_TIME_STAMPING", oids.KP_TIME_STAMPING),
("KP_OCSP_SIGNING", oids.KP_OCSP_SIGNING),
("ANY_EXTENDED_KEY_USAGE", oids.ANY_EXTENDED_KEY_USAGE),
]
for name, oid in eku_oids:
print(f" {name:25} {oid}")
def demo_pkinit_oids():
section("PKINIT OIDs (RFC 4556 + RFC 8636)")
pkinit_oids = [
("PKINIT_SAN", oids.PKINIT_SAN),
("PKINIT_KP_CLIENT_AUTH", oids.PKINIT_KP_CLIENT_AUTH),
("PKINIT_KP_KDC", oids.PKINIT_KP_KDC),
("PKINIT_AUTH_DATA", oids.PKINIT_AUTH_DATA),
("PKINIT_DHKEY_DATA", oids.PKINIT_DHKEY_DATA),
("PKINIT_RKEY_DATA", oids.PKINIT_RKEY_DATA),
("PKINIT_KDF", oids.PKINIT_KDF),
("PKINIT_KDF_SHA1", oids.PKINIT_KDF_SHA1),
("PKINIT_KDF_SHA256", oids.PKINIT_KDF_SHA256),
("PKINIT_KDF_SHA384", oids.PKINIT_KDF_SHA384),
("PKINIT_KDF_SHA512", oids.PKINIT_KDF_SHA512),
]
for name, oid in pkinit_oids:
print(f" {name:25} {oid}")
def demo_ms_pki_oids():
section("Microsoft PKI OIDs (AD CS)")
ms_oids = [
("MS_SAN_UPN", oids.MS_SAN_UPN),
("MS_CERTIFICATE_TEMPLATE_NAME", oids.MS_CERTIFICATE_TEMPLATE_NAME),
("MS_CERTIFICATE_TEMPLATE", oids.MS_CERTIFICATE_TEMPLATE),
("MS_KP_SMARTCARD_LOGON", oids.MS_KP_SMARTCARD_LOGON),
("MS_NTDS_REPLICATION", oids.MS_NTDS_REPLICATION),
]
for name, oid in ms_oids:
print(f" {name:32} {oid}")
def demo_pkcs9_oids():
section("PKCS#9 attribute OIDs (RFC 2985 / RFC 5652 / RFC 2986 / RFC 7292)")
pkcs9_oids = [
("PKCS9_EMAIL_ADDRESS", oids.PKCS9_EMAIL_ADDRESS),
("PKCS9_CONTENT_TYPE", oids.PKCS9_CONTENT_TYPE),
("PKCS9_MESSAGE_DIGEST", oids.PKCS9_MESSAGE_DIGEST),
("PKCS9_SIGNING_TIME", oids.PKCS9_SIGNING_TIME),
("PKCS9_COUNTERSIGNATURE", oids.PKCS9_COUNTERSIGNATURE),
("PKCS9_CHALLENGE_PASSWORD", oids.PKCS9_CHALLENGE_PASSWORD),
("PKCS9_EXTENSION_REQUEST", oids.PKCS9_EXTENSION_REQUEST),
("PKCS9_FRIENDLY_NAME", oids.PKCS9_FRIENDLY_NAME),
("PKCS9_LOCAL_KEY_ID", oids.PKCS9_LOCAL_KEY_ID),
]
for name, oid in pkcs9_oids:
print(f" {name:27} {oid}")
def demo_attr_oids():
section("DN attribute OIDs (synta.oids.attr)")
attr_oids = [
("COMMON_NAME", attr.COMMON_NAME, "CN"),
("COUNTRY", attr.COUNTRY, "C"),
("STATE", attr.STATE, "ST"),
("LOCALITY", attr.LOCALITY, "L"),
("ORGANIZATION", attr.ORGANIZATION, "O"),
("ORG_UNIT", attr.ORG_UNIT, "OU"),
("ORG_IDENTIFIER", attr.ORG_IDENTIFIER, "OI"),
("STREET", attr.STREET, "STREET"),
("SURNAME", attr.SURNAME, "SN"),
("GIVEN_NAME", attr.GIVEN_NAME, "GN"),
("INITIALS", attr.INITIALS, "initials"),
("TITLE", attr.TITLE, "title"),
("SERIAL_NUMBER", attr.SERIAL_NUMBER, "serialNumber"),
("EMAIL_ADDRESS", attr.EMAIL_ADDRESS, "emailAddress"),
("USER_ID", attr.USER_ID, "UID"),
("DOMAIN_COMPONENT", attr.DOMAIN_COMPONENT, "DC"),
]
for name, oid, label in attr_oids:
print(f" {label:14} {name:20} {oid}")
def demo_helper_functions():
section("Helper functions — identify_signature_algorithm, identify_public_key_algorithm")
sig_oids = [
oids.SHA256_WITH_RSA,
oids.ECDSA_WITH_SHA256,
oids.ED25519,
oids.ML_DSA_44,
oids.SLH_DSA_SHA2_128S,
]
for oid in sig_oids:
name = oids.identify_signature_algorithm(oid)
print(f" identify_signature_algorithm({oid}) → {name!r}")
pubkey_oids = [
oids.RSA_ENCRYPTION,
oids.EC_PUBLIC_KEY,
oids.ED25519,
oids.ML_DSA_65,
]
for oid in pubkey_oids:
name = oids.identify_public_key_algorithm(oid)
print(f" identify_public_key_algorithm({oid}) → {name!r}")
def demo_components_prefix_matching():
section("components() — prefix matching with tuples")
# Check that PKINIT OIDs share the 1.3.6.1.5.2 arc
pkinit_prefix = (1, 3, 6, 1, 5, 2)
for name in ("PKINIT_SAN", "PKINIT_KP_CLIENT_AUTH", "PKINIT_KP_KDC"):
oid = getattr(oids, name)
comps = tuple(oid.components())
is_pkinit = comps[:len(pkinit_prefix)] == pkinit_prefix
print(f" {name}: starts with {pkinit_prefix} → {is_pkinit}")
def main():
print("=" * 60)
print("Example 12: synta.oids constant catalog")
print("=" * 60)
demo_algorithm_oids()
demo_hash_oids()
demo_slh_dsa_oids()
demo_extension_oids()
demo_eku_oids()
demo_pkinit_oids()
demo_ms_pki_oids()
demo_pkcs9_oids()
demo_attr_oids()
demo_helper_functions()
demo_components_prefix_matching()
print("\nAll OID catalog examples completed.")
if __name__ == "__main__":
main()
```