]> git.saurik.com Git - apple/security.git/blame - libsecurity_keychain/lib/CertificateValues.cpp
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_keychain / lib / CertificateValues.cpp
CommitLineData
b1ab9ed8
A		 1/*
2 * Copyright (c) 2002-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// CertificateValues.cpp
26//
27#include <security_keychain/Certificate.h>
28#include <Security/oidscert.h>
29#include <Security/oidsattr.h>
30#include <Security/SecCertificate.h>
31#include <Security/SecCertificatePriv.h>
32#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
33#include "SecCertificateOIDs.h"
34#include "CertificateValues.h"
35#include "SecCertificateP.h"
36#include "SecCertificatePrivP.h"
37#include <CoreFoundation/CFNumber.h>
38#include "SecCertificateP.h"
39
40extern "C" void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFTypeRef value);
41
42extern CFStringRef kSecPropertyKeyType;
43extern CFStringRef kSecPropertyKeyLabel;
44extern CFStringRef kSecPropertyKeyLocalizedLabel;
45extern CFStringRef kSecPropertyKeyValue;
46
47extern CFStringRef kSecPropertyTypeData;
48extern CFStringRef kSecPropertyTypeString;
49extern CFStringRef kSecPropertyTypeURL;
50extern CFStringRef kSecPropertyTypeDate;
51
52CFStringRef kSecPropertyTypeArray = CFSTR("array");
53CFStringRef kSecPropertyTypeNumber = CFSTR("number");
54
55
56#pragma mark ---------- CertificateValues Implementation ----------
57
58using namespace KeychainCore;
59
60void addFieldValues(const void *key, const void *value, void *context);
61void addPropertyToFieldValues(const void *value, void *context);
62void filterFieldValues(const void *key, const void *value, void *context);
63void validateKeys(const void *value, void *context);
64
65CFDictionaryRef CertificateValues::mOIDRemap = NULL;
66
67typedef struct FieldValueFilterContext
68{
69 CFMutableDictionaryRef filteredValues;
70 CFArrayRef filterKeys;
71} FieldValueFilterContext;
72
73CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef),
74 mCertificateData(NULL)
75{
76 if (mCertificateRef)
77 CFRetain(mCertificateRef);
78}
79
80CertificateValues::~CertificateValues() throw()
81{
82 if (mCertificateData)
83 CFRelease(mCertificateData);
84 if (mCertificateRef)
85 CFRelease(mCertificateRef);
86}
87
88CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error)
89{
90 if (keys)
91 {
92 if (CFGetTypeID(keys)!=CFArrayGetTypeID())
93 return NULL;
94 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys));
95 bool failed = false;
96 CFArrayApplyFunction(keys, range, validateKeys, &failed);
97 if (failed)
98 return NULL;
99 }
100
101 if (mCertificateData)
102 {
103 CFRelease(mCertificateData);
104 mCertificateData = NULL;
105 }
106 if (!mCertificateData)
107 {
108 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
109 if (!mCertificateData)
110 {
111 if (error) {
112 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
113 }
114 return NULL;
115 }
116 }
117
118 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
119 if (!certificateP)
120 {
121 if (error)
122 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
123 return NULL;
124 }
125
126 CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
127 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
128
129 // Return an array of CFStringRefs representing the common names in the certificates subject if any
130 CFArrayRef commonNames=SecCertificateCopyCommonNames(certificateP);
131 if (commonNames)
132 {
133 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
134 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), commonNames);
135 CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
136 CFRelease(commonNames);
137 CFRelease(additionalValues);
138 }
139
140 // These can exist in the subject alt name or in the subject
141 CFArrayRef dnsNames=SecCertificateCopyDNSNames(certificateP);
142 if (dnsNames)
143 {
144 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
145 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
146 CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
147 CFRelease(dnsNames);
148 CFRelease(additionalValues);
149 }
150
151 CFArrayRef ipAddresses=SecCertificateCopyIPAddresses(certificateP);
152 if (ipAddresses)
153 {
154 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
155 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), dnsNames);
156 CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
157 CFRelease(ipAddresses);
158 CFRelease(additionalValues);
159 }
160
161 // These can exist in the subject alt name or in the subject
162 CFArrayRef emailAddrs=SecCertificateCopyRFC822Names(certificateP);
163 if (emailAddrs)
164 {
165 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
166 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
167 CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
168 CFRelease(emailAddrs);
169 CFRelease(additionalValues);
170 }
171
172 CFAbsoluteTime notBefore = SecCertificateNotValidBefore(certificateP);
173 CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notBefore);
174 if (notBeforeRef)
175 {
176 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
177 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), notBeforeRef);
178 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
179 CFRelease(notBeforeRef);
180 CFRelease(additionalValues);
181 }
182
183 CFAbsoluteTime notAfter = SecCertificateNotValidAfter(certificateP);
184 CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notAfter);
185 if (notAfterRef)
186 {
187 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
188 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), notAfterRef);
189 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
190 CFRelease(notAfterRef);
191 CFRelease(additionalValues);
192 }
193
194 SecKeyUsage keyUsage=SecCertificateGetKeyUsage(certificateP);
195 CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage);
196 if (ku)
197 {
198 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
199 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), ku);
200 CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
201 CFRelease(ku);
202 CFRelease(additionalValues);
203 }
204
205 CFArrayRef ekus = SecCertificateCopyExtendedKeyUsage(certificateP);
206 if (ekus)
207 {
208 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
209 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), ekus);
210 CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
211 CFRelease(ekus);
212 CFRelease(additionalValues);
213 }
214
215 // Add all values from properties dictionary
216 CFArrayRef properties = SecCertificateCopyProperties(certificateP);
217 if (properties)
218 {
219 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties));
220 CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues);
221 // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues);
222 CFRelease(properties);
223 }
224
225 CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent();
226 CFMutableArrayRef summaryProperties =
227 SecCertificateCopySummaryProperties(certificateP, verifyTime);
228 if (summaryProperties)
229 {
230 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties));
231 CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues);
232// CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues);
233// CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties);
234 CFRelease(summaryProperties);
235 }
236
237 if (certificateP)
238 CFRelease(certificateP);
239
240 if (keys==NULL)
241 return (CFDictionaryRef)fieldValues;
242
243 // Otherwise, we need to filter
244 CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
245 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
246
247 FieldValueFilterContext fvcontext;
248 fvcontext.filteredValues = filteredFieldValues;
249 fvcontext.filterKeys = keys;
250
251 CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext);
252
253 CFRelease(fieldValues);
254 return (CFDictionaryRef)filteredFieldValues;
255}
256
257void validateKeys(const void *value, void *context)
258{
259 if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID()))
260 if (context)
261 *(bool *)context = true;
262}
263
264void filterFieldValues(const void *key, const void *value, void *context)
265{
266 // each element of keys is a CFStringRef with an OID, e.g.
267 // CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12");
268
269 CFTypeRef fieldKey = (CFTypeRef)key;
270 if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL)
271 return;
272
273 FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context;
274
275 CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys));
276 CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey);
277 if (idx != kCFNotFound)
278 CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value);
279}
280
281void addFieldValues(const void *key, const void *value, void *context)
282{
283 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
284 CFDictionaryAddValue(fieldValues, key, value);
285}
286
287void addPropertyToFieldValues(const void *value, void *context)
288{
289 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
290 if (CFGetTypeID(value)==CFDictionaryGetTypeID())
291 {
292 CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel);
293#if 0
294 CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType);
295 CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue);
296#endif
297 CFStringRef key = CertificateValues::remapLabelToKey(label);
298 if (key)
299 CFDictionaryAddValue(fieldValues, key, value);
300 }
301}
302
303CFStringRef CertificateValues::remapLabelToKey(CFStringRef label)
304{
305 if (!label)
306 return NULL;
307
308 if (!mOIDRemap)
309 {
310 CFTypeRef keys[] =
311 {
312 CFSTR("Subject Name"),
313 CFSTR("Normalized Subject Name"),
314 CFSTR("Issuer Name"),
315 CFSTR("Normalized Subject Name"),
316 CFSTR("Version"),
317 CFSTR("Serial Number"),
318 CFSTR("Signature Algorithm"),
319 CFSTR("Subject Unique ID"),
320 CFSTR("Issuer Unique ID"),
321 CFSTR("Public Key Algorithm"),
322 CFSTR("Public Key Data"),
323 CFSTR("Signature"),
324 CFSTR("Not Valid Before"),
325 CFSTR("Not Valid After"),
326 CFSTR("Expires")
327 };
328
329 CFTypeRef values[] =
330 {
331 kSecOIDX509V1SubjectName,
332 kSecOIDX509V1SubjectNameStd,
333 kSecOIDX509V1IssuerName,
334 kSecOIDX509V1IssuerNameStd,
335 kSecOIDX509V1Version,
336 kSecOIDX509V1SerialNumber,
337 kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS?
338 kSecOIDX509V1CertificateSubjectUniqueId,
339 kSecOIDX509V1CertificateIssuerUniqueId,
340 kSecOIDX509V1SubjectPublicKeyAlgorithm,
341 kSecOIDX509V1SubjectPublicKey,
342 kSecOIDX509V1Signature,
343 kSecOIDX509V1ValidityNotBefore,
344 kSecOIDX509V1ValidityNotAfter,
345 kSecOIDInvalidityDate
346 };
347
348 mOIDRemap = CFDictionaryCreate(NULL, keys, values,
349 (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks,
350 &kCFTypeDictionaryValueCallBacks);
351 }
352
353 CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label);
354
355 return result?(CFStringRef)result:label;
356}
357
358CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error)
359{
360 CFDataRef result = NULL;
361 SecCertificateRefP certificateP = getSecCertificateRefP(error);
362
363 if (certificateP)
364 {
365 result = SecCertificateCopySerialNumberP(certificateP);
366 CFRelease(certificateP);
367 }
368 return result;
369}
370
371CFDataRef CertificateValues::getNormalizedIssuerContent(CFErrorRef *error)
372{
373 // We wrap with SecDERItemCopySequence, since SecItemCopyMatching expects it
374 CFDataRef result = NULL;
375 SecCertificateRefP certificateP = getSecCertificateRefP(error);
376 if (certificateP)
377 {
378 result = SecCertificateGetNormalizedIssuer(certificateP);
379 CFRelease(certificateP);
380 }
381 return result;
382}
383
384CFDataRef CertificateValues::getNormalizedSubjectContent(CFErrorRef *error)
385{
386 // We wrap with SecDERItemCopySequence, since SecItemCopyMatching expects it
387 CFDataRef result = NULL;
388 SecCertificateRefP certificateP = getSecCertificateRefP(error);
389 if (certificateP)
390 {
391 result = SecCertificateGetNormalizedSubject(certificateP);
392 CFRelease(certificateP);
393 }
394 return result;
395}
396
397bool CertificateValues::SecCertificateIsValidX(CFAbsoluteTime verifyTime, CFErrorRef *error)
398{
399 // We wrap with SecDERItemCopySequence, since SecItemCopyMatching expects it
400 bool result = NULL;
401 SecCertificateRefP certificateP = getSecCertificateRefP(error);
402 if (certificateP)
403 {
404 result = SecCertificateIsValid(certificateP, verifyTime);
405 CFRelease(certificateP);
406 }
407 return result;
408}
409
410SecCertificateRefP CertificateValues::getSecCertificateRefP(CFErrorRef *error)
411{
412 // SecCertificateCopyData returns an object created with CFDataCreate, so we
413 // own it and must release it
414
415 if (mCertificateData)
416 {
417 CFRelease(mCertificateData);
418 mCertificateData = NULL;
419 }
420
421 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
422 if (!mCertificateData && error)
423 {
424 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
425 return NULL;
426 }
427
428 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
429 if (!certificateP && error)
430 {
431 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
432 return NULL;
433 }
434
435 return certificateP;
436}
437
438#pragma mark ---------- OID Constants ----------
439
440CFTypeRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3");
441CFTypeRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1");
442CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1");
443CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1");
444CFTypeRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3");
445CFTypeRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2");
446CFTypeRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4");
447CFTypeRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4");
448CFTypeRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6");
449CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0");
450CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0");
451CFTypeRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1");
452CFTypeRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1");
453CFTypeRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2");
454CFTypeRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1");
455CFTypeRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2");
456CFTypeRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3");
457CFTypeRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7");
458CFTypeRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1");
459CFTypeRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35");
460CFTypeRef kSecOIDBasicConstraints = CFSTR("2.5.29.19");
461CFTypeRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2");
462CFTypeRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20");
463CFTypeRef kSecOIDCertIssuer = CFSTR("2.5.29.29");
464CFTypeRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32");
465CFTypeRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2");
466CFTypeRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1");
467CFTypeRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1");
468CFTypeRef kSecOIDCommonName = CFSTR("2.5.4.3");
469CFTypeRef kSecOIDCountryName = CFSTR("2.5.4.6");
470CFTypeRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31");
471CFTypeRef kSecOIDCrlNumber = CFSTR("2.5.29.20");
472CFTypeRef kSecOIDCrlReason = CFSTR("2.5.29.21");
473CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3");
474CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2");
475CFTypeRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2");
476CFTypeRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1");
477CFTypeRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2");
478CFTypeRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27");
479CFTypeRef kSecOIDDescription = CFSTR("2.5.4.13");
480CFTypeRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2");
481CFTypeRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1");
482CFTypeRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4");
483CFTypeRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37");
484CFTypeRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0");
485CFTypeRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3");
486CFTypeRef kSecOIDGivenName = CFSTR("2.5.4.42");
487CFTypeRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23");
488CFTypeRef kSecOIDInvalidityDate = CFSTR("2.5.29.24");
489CFTypeRef kSecOIDIssuerAltName = CFSTR("2.5.29.18");
490CFTypeRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28");
491CFTypeRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28");
492CFTypeRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4");
493CFTypeRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5");
494CFTypeRef kSecOIDKeyUsage = CFSTR("2.5.29.15");
495CFTypeRef kSecOIDLocalityName = CFSTR("2.5.4.7");
496CFTypeRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3");
497CFTypeRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3");
498CFTypeRef kSecOIDNameConstraints = CFSTR("2.5.29.30");
499CFTypeRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5");
500CFTypeRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1");
501CFTypeRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1");
502CFTypeRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9");
503CFTypeRef kSecOIDOrganizationName = CFSTR("2.5.4.10");
504CFTypeRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11");
505CFTypeRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36");
506CFTypeRef kSecOIDPolicyMappings = CFSTR("2.5.29.33");
507CFTypeRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16");
508CFTypeRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3");
509CFTypeRef kSecOIDSerialNumber = CFSTR("2.5.4.5");
510CFTypeRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1");
511CFTypeRef kSecOIDStateProvinceName = CFSTR("2.5.4.8");
512CFTypeRef kSecOIDStreetAddress = CFSTR("2.5.4.9");
513CFTypeRef kSecOIDSubjectAltName = CFSTR("2.5.29.17");
514CFTypeRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9");
515CFTypeRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3");
516CFTypeRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11");
517CFTypeRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14");
518CFTypeRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2");
519CFTypeRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1");
520CFTypeRef kSecOIDSurname = CFSTR("2.5.4.4");
521CFTypeRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8");
522CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12");
523CFTypeRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4");
524CFTypeRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11");
525CFTypeRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12");
526CFTypeRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5");
527CFTypeRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1");
528CFTypeRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2");
529CFTypeRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23");
530CFTypeRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3");
531CFTypeRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2");
532CFTypeRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1");
533CFTypeRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3");
534CFTypeRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10");
535CFTypeRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1");
536CFTypeRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0");
537CFTypeRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8");
538CFTypeRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1");
539CFTypeRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2");
540CFTypeRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22");
541CFTypeRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10");
542CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9");
543CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18");
544CFTypeRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1");
545CFTypeRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7");
546CFTypeRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6");
547CFTypeRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2");
548CFTypeRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1");
549CFTypeRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1");
550CFTypeRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1");
551CFTypeRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16");
552CFTypeRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15");
553CFTypeRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13");
554CFTypeRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19");
555CFTypeRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17");
556CFTypeRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1");
557CFTypeRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21");
558CFTypeRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14");
559CFTypeRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0");
560CFTypeRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1");
561CFTypeRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7");
562
mirror of Security