]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/CertificateValues.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.31.2.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / CertificateValues.cpp
1 /*
2 * Copyright (c) 2002-2017 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // CertificateValues.cpp
26 //
27 #include <security_keychain/Certificate.h>
28 #include <Security/oidscert.h>
29 #include <Security/oidsattr.h>
30 #include <Security/SecCertificate.h>
31 #include <Security/SecCertificatePriv.h>
32 #include "SecCertificateOIDs.h"
33 #include "CertificateValues.h"
34 #include <CoreFoundation/CFNumber.h>
35
36 // SecCertificateInternal.h cannot be included in this file, due to its
37 // use of types which are not resolved in our macOS-only library.
38 //
39 extern "C" CFArrayRef SecCertificateCopyLegacyProperties(SecCertificateRef certificate);
40 extern "C" void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType,
41 CFStringRef label, CFStringRef localizedLabel, CFTypeRef value);
42
43 extern const CFStringRef __nonnull kSecPropertyKeyType;
44 extern const CFStringRef __nonnull kSecPropertyKeyLabel;
45 extern const CFStringRef __nonnull kSecPropertyKeyLocalizedLabel;
46 extern const CFStringRef __nonnull kSecPropertyKeyValue;
47
48 extern const CFStringRef __nonnull kSecPropertyTypeData;
49 extern const CFStringRef __nonnull kSecPropertyTypeString;
50 extern const CFStringRef __nonnull kSecPropertyTypeURL;
51 extern const CFStringRef __nonnull kSecPropertyTypeDate;
52
53 CFStringRef kSecPropertyTypeArray = CFSTR("array");
54 CFStringRef kSecPropertyTypeNumber = CFSTR("number");
55
56
57 #pragma mark ---------- CertificateValues Implementation ----------
58
59 using namespace KeychainCore;
60
61 void addFieldValues(const void *key, const void *value, void *context);
62 void addPropertyToFieldValues(const void *value, void *context);
63 void filterFieldValues(const void *key, const void *value, void *context);
64 void validateKeys(const void *value, void *context);
65
66 CFDictionaryRef CertificateValues::mOIDRemap = NULL;
67
68 typedef struct FieldValueFilterContext
69 {
70 CFMutableDictionaryRef filteredValues;
71 CFArrayRef filterKeys;
72 } FieldValueFilterContext;
73
74 CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef),
75 mCertificateData(NULL),
76 mCertificateProperties(NULL)
77 {
78 if (mCertificateRef)
79 CFRetain(mCertificateRef);
80 }
81
82 CertificateValues::~CertificateValues() throw()
83 {
84 if (mCertificateProperties)
85 CFRelease(mCertificateProperties);
86 if (mCertificateData)
87 CFRelease(mCertificateData);
88 if (mCertificateRef)
89 CFRelease(mCertificateRef);
90 }
91
92 CFArrayRef CertificateValues::copyPropertyValues(CFErrorRef *error)
93 {
94 if (!mCertificateProperties) {
95 mCertificateProperties = SecCertificateCopyLegacyProperties(mCertificateRef);
96 }
97 if (mCertificateProperties) {
98 CFRetain(mCertificateProperties);
99 }
100 else if (error) {
101 *error = CFErrorCreate(NULL,
102 kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
103 }
104 return mCertificateProperties;
105 }
106
107 CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error)
108 {
109 if (keys)
110 {
111 if (CFGetTypeID(keys)!=CFArrayGetTypeID())
112 return NULL;
113 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys));
114 bool failed = false;
115 CFArrayApplyFunction(keys, range, validateKeys, &failed);
116 if (failed)
117 return NULL;
118 }
119
120 if (mCertificateData)
121 {
122 CFRelease(mCertificateData);
123 mCertificateData = NULL;
124 }
125 if (!mCertificateData)
126 {
127 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
128 if (!mCertificateData)
129 {
130 if (error) {
131 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
132 }
133 return NULL;
134 }
135 }
136
137 SecCertificateRef certificate = SecCertificateCreateWithData(kCFAllocatorDefault, mCertificateData);
138 if (!certificate)
139 {
140 if (error)
141 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
142 return NULL;
143 }
144
145 CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
146 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
147
148 // Return an array of CFStringRefs representing the common names in the certificates subject if any
149 CFArrayRef commonNames=SecCertificateCopyCommonNames(certificate);
150 if (commonNames)
151 {
152 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
153 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), NULL, commonNames);
154 CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
155 CFRelease(commonNames);
156 CFRelease(additionalValues);
157 }
158
159 // These can exist in the subject alt name or in the subject
160 CFArrayRef dnsNames=SecCertificateCopyDNSNames(certificate);
161 if (dnsNames)
162 {
163 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
164 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), NULL, dnsNames);
165 CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
166 CFRelease(dnsNames);
167 CFRelease(additionalValues);
168 }
169
170 CFArrayRef ipAddresses=SecCertificateCopyIPAddresses(certificate);
171 if (ipAddresses)
172 {
173 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
174 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), NULL, dnsNames);
175 CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
176 CFRelease(ipAddresses);
177 CFRelease(additionalValues);
178 }
179
180 // These can exist in the subject alt name or in the subject
181 CFArrayRef emailAddrs=SecCertificateCopyRFC822Names(certificate);
182 if (emailAddrs)
183 {
184 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
185 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), NULL, dnsNames);
186 CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
187 CFRelease(emailAddrs);
188 CFRelease(additionalValues);
189 }
190
191 CFAbsoluteTime notBefore = SecCertificateNotValidBefore(certificate);
192 CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notBefore);
193 if (notBeforeRef)
194 {
195 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
196 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), NULL, notBeforeRef);
197 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
198 CFRelease(notBeforeRef);
199 CFRelease(additionalValues);
200 }
201
202 CFAbsoluteTime notAfter = SecCertificateNotValidAfter(certificate);
203 CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notAfter);
204 if (notAfterRef)
205 {
206 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
207 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), NULL, notAfterRef);
208 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
209 CFRelease(notAfterRef);
210 CFRelease(additionalValues);
211 }
212
213 SecKeyUsage keyUsage=SecCertificateGetKeyUsage(certificate);
214 CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage);
215 if (ku)
216 {
217 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
218 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), NULL, ku);
219 CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
220 CFRelease(ku);
221 CFRelease(additionalValues);
222 }
223
224 CFArrayRef ekus = SecCertificateCopyExtendedKeyUsage(certificate);
225 if (ekus)
226 {
227 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
228 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), NULL, ekus);
229 CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
230 CFRelease(ekus);
231 CFRelease(additionalValues);
232 }
233
234 // Add all values from properties dictionary
235 CFArrayRef properties = copyPropertyValues(NULL);
236 if (properties)
237 {
238 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties));
239 CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues);
240 // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues);
241 CFRelease(properties);
242 }
243
244 CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent();
245 CFMutableArrayRef summaryProperties =
246 SecCertificateCopySummaryProperties(certificate, verifyTime);
247 if (summaryProperties)
248 {
249 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties));
250 CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues);
251 // CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues);
252 // CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties);
253 CFRelease(summaryProperties);
254 }
255
256 if (certificate)
257 CFRelease(certificate);
258
259 if (keys==NULL)
260 return (CFDictionaryRef)fieldValues;
261
262 // Otherwise, we need to filter
263 CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
264 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
265
266 FieldValueFilterContext fvcontext;
267 fvcontext.filteredValues = filteredFieldValues;
268 fvcontext.filterKeys = keys;
269
270 CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext);
271
272 CFRelease(fieldValues);
273 return (CFDictionaryRef)filteredFieldValues;
274 }
275
276 void validateKeys(const void *value, void *context)
277 {
278 if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID()))
279 if (context)
280 *(bool *)context = true;
281 }
282
283 void filterFieldValues(const void *key, const void *value, void *context)
284 {
285 // each element of keys is a CFStringRef with an OID, e.g.
286 // const CFStringRef kSecOIDTitle = CFSTR("2.5.4.12");
287
288 CFTypeRef fieldKey = (CFTypeRef)key;
289 if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL)
290 return;
291
292 FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context;
293
294 CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys));
295 CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey);
296 if (idx != kCFNotFound)
297 CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value);
298 }
299
300 void addFieldValues(const void *key, const void *value, void *context)
301 {
302 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
303 CFDictionaryAddValue(fieldValues, key, value);
304 }
305
306 void addPropertyToFieldValues(const void *value, void *context)
307 {
308 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
309 if (CFGetTypeID(value)==CFDictionaryGetTypeID())
310 {
311 CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel);
312 #if 0
313 CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType);
314 CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue);
315 #endif
316 CFStringRef key = CertificateValues::remapLabelToKey(label);
317 if (key)
318 CFDictionaryAddValue(fieldValues, key, value);
319 }
320 }
321
322 CFStringRef CertificateValues::remapLabelToKey(CFStringRef label)
323 {
324 if (!label)
325 return NULL;
326
327 if (!mOIDRemap)
328 {
329 CFTypeRef keys[] =
330 {
331 CFSTR("Subject Name"),
332 CFSTR("Normalized Subject Name"),
333 CFSTR("Issuer Name"),
334 CFSTR("Normalized Subject Name"),
335 CFSTR("Version"),
336 CFSTR("Serial Number"),
337 CFSTR("Signature Algorithm"),
338 CFSTR("Subject Unique ID"),
339 CFSTR("Issuer Unique ID"),
340 CFSTR("Public Key Algorithm"),
341 CFSTR("Public Key Data"),
342 CFSTR("Signature"),
343 CFSTR("Not Valid Before"),
344 CFSTR("Not Valid After"),
345 CFSTR("Expires")
346 };
347
348 CFTypeRef values[] =
349 {
350 kSecOIDX509V1SubjectName,
351 kSecOIDX509V1SubjectNameStd,
352 kSecOIDX509V1IssuerName,
353 kSecOIDX509V1IssuerNameStd,
354 kSecOIDX509V1Version,
355 kSecOIDX509V1SerialNumber,
356 kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS?
357 kSecOIDX509V1CertificateSubjectUniqueId,
358 kSecOIDX509V1CertificateIssuerUniqueId,
359 kSecOIDX509V1SubjectPublicKeyAlgorithm,
360 kSecOIDX509V1SubjectPublicKey,
361 kSecOIDX509V1Signature,
362 kSecOIDX509V1ValidityNotBefore,
363 kSecOIDX509V1ValidityNotAfter,
364 kSecOIDInvalidityDate
365 };
366
367 mOIDRemap = CFDictionaryCreate(NULL, keys, values,
368 (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks,
369 &kCFTypeDictionaryValueCallBacks);
370 }
371
372 CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label);
373
374 return result?(CFStringRef)result:label;
375 }
376
377 CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error)
378 {
379 CFDataRef result = NULL;
380 SecCertificateRef certificate = copySecCertificateRef(error);
381
382 if (certificate)
383 {
384 result = SecCertificateCopySerialNumberData(certificate, error);
385 CFRelease(certificate);
386 }
387 return result;
388 }
389
390 CFDataRef CertificateValues::copyNormalizedIssuerContent(CFErrorRef *error)
391 {
392 CFDataRef result = NULL;
393 SecCertificateRef certificate = copySecCertificateRef(error);
394 if (certificate)
395 {
396 // this matches the behavior on OS X prior to 10.12, where
397 // normalized content was actually returned as a sequence.
398
399 result = SecCertificateCopyNormalizedIssuerSequence(certificate);
400 CFRelease(certificate);
401 }
402 return result;
403 }
404
405 CFDataRef CertificateValues::copyNormalizedSubjectContent(CFErrorRef *error)
406 {
407 CFDataRef result = NULL;
408 SecCertificateRef certificate = copySecCertificateRef(error);
409 if (certificate)
410 {
411 // this matches the behavior on OS X prior to 10.12, where
412 // normalized content was actually returned as a sequence.
413
414 result = SecCertificateCopyNormalizedSubjectSequence(certificate);
415 CFRelease(certificate);
416 }
417 return result;
418 }
419
420 CFDataRef CertificateValues::copyIssuerSequence(CFErrorRef *error)
421 {
422 CFDataRef result = NULL;
423 SecCertificateRef certificate = copySecCertificateRef(error);
424 if (certificate)
425 {
426 result = SecCertificateCopyIssuerSequence(certificate);
427 CFRelease(certificate);
428 }
429 return result;
430 }
431
432 CFDataRef CertificateValues::copySubjectSequence(CFErrorRef *error)
433 {
434 CFDataRef result = NULL;
435 SecCertificateRef certificate = copySecCertificateRef(error);
436 if (certificate)
437 {
438 result = SecCertificateCopySubjectSequence(certificate);
439 CFRelease(certificate);
440 }
441 return result;
442 }
443
444 CFStringRef CertificateValues::copyIssuerSummary(CFErrorRef *error)
445 {
446 CFStringRef result = NULL;
447 SecCertificateRef certificate = copySecCertificateRef(error);
448 if (certificate)
449 {
450 result = SecCertificateCopyIssuerSummary(certificate);
451 CFRelease(certificate);
452 }
453 return result;
454 }
455
456 CFStringRef CertificateValues::copySubjectSummary(CFErrorRef *error)
457 {
458 CFStringRef result = NULL;
459 SecCertificateRef certificate = copySecCertificateRef(error);
460 if (certificate)
461 {
462 result = SecCertificateCopySubjectSummary(certificate);
463 CFRelease(certificate);
464 }
465 return result;
466 }
467
468 CFDictionaryRef CertificateValues::copyAttributeDictionary(CFErrorRef *error)
469 {
470 CFDictionaryRef result = NULL;
471 SecCertificateRef certificate = copySecCertificateRef(error);
472 if (certificate)
473 {
474 result = SecCertificateCopyAttributeDictionary(certificate);
475 CFRelease(certificate);
476 }
477 return result;
478 }
479
480 bool CertificateValues::isValid(CFAbsoluteTime verifyTime, CFErrorRef *error)
481 {
482 bool result = NULL;
483 SecCertificateRef certificate = copySecCertificateRef(error);
484 if (certificate)
485 {
486 result = SecCertificateIsValid(certificate, verifyTime);
487 CFRelease(certificate);
488 }
489 return result;
490 }
491
492 CFAbsoluteTime CertificateValues::notValidBefore(CFErrorRef *error)
493 {
494 CFAbsoluteTime result = 0;
495 SecCertificateRef certificate = copySecCertificateRef(error);
496 if (certificate)
497 {
498 result = SecCertificateNotValidBefore(certificate);
499 CFRelease(certificate);
500 }
501 return result;
502 }
503
504 CFAbsoluteTime CertificateValues::notValidAfter(CFErrorRef *error)
505 {
506 CFAbsoluteTime result = 0;
507 SecCertificateRef certificate = copySecCertificateRef(error);
508 if (certificate)
509 {
510 result = SecCertificateNotValidAfter(certificate);
511 CFRelease(certificate);
512 }
513 return result;
514 }
515
516 SecCertificateRef CertificateValues::copySecCertificateRef(CFErrorRef *error)
517 {
518 // SecCertificateCopyData returns an object created with CFDataCreate, so we
519 // own it and must release it
520
521 if (mCertificateData)
522 {
523 CFRelease(mCertificateData);
524 mCertificateData = NULL;
525 }
526
527 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
528 if (!mCertificateData)
529 {
530 if (error)
531 {
532 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
533 }
534 return NULL;
535 }
536
537 SecCertificateRef certificate = SecCertificateCreateWithData(kCFAllocatorDefault, mCertificateData);
538 if (!certificate)
539 {
540 if (error)
541 {
542 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
543 }
544 return NULL;
545 }
546
547 return certificate;
548 }
549
550 #pragma mark ---------- OID Constants ----------
551
552 const CFStringRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3");
553 const CFStringRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1");
554 const CFStringRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1");
555 const CFStringRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1");
556 const CFStringRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3");
557 const CFStringRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2");
558 const CFStringRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4");
559 const CFStringRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4");
560 const CFStringRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6");
561 const CFStringRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0");
562 const CFStringRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0");
563 const CFStringRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1");
564 const CFStringRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1");
565 const CFStringRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2");
566 const CFStringRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1");
567 const CFStringRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2");
568 const CFStringRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3");
569 const CFStringRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7");
570 const CFStringRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1");
571 const CFStringRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35");
572 const CFStringRef kSecOIDBasicConstraints = CFSTR("2.5.29.19");
573 const CFStringRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2");
574 const CFStringRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20");
575 const CFStringRef kSecOIDCertIssuer = CFSTR("2.5.29.29");
576 const CFStringRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32");
577 const CFStringRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2");
578 const CFStringRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1");
579 const CFStringRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1");
580 const CFStringRef kSecOIDCommonName = CFSTR("2.5.4.3");
581 const CFStringRef kSecOIDCountryName = CFSTR("2.5.4.6");
582 const CFStringRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31");
583 const CFStringRef kSecOIDCrlNumber = CFSTR("2.5.29.20");
584 const CFStringRef kSecOIDCrlReason = CFSTR("2.5.29.21");
585 const CFStringRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3");
586 const CFStringRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2");
587 const CFStringRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2");
588 const CFStringRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1");
589 const CFStringRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2");
590 const CFStringRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27");
591 const CFStringRef kSecOIDDescription = CFSTR("2.5.4.13");
592 const CFStringRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2");
593 const CFStringRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1");
594 const CFStringRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4");
595 const CFStringRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37");
596 const CFStringRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0");
597 const CFStringRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3");
598 const CFStringRef kSecOIDGivenName = CFSTR("2.5.4.42");
599 const CFStringRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23");
600 const CFStringRef kSecOIDInvalidityDate = CFSTR("2.5.29.24");
601 const CFStringRef kSecOIDIssuerAltName = CFSTR("2.5.29.18");
602 const CFStringRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28");
603 const CFStringRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28");
604 const CFStringRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4");
605 const CFStringRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5");
606 const CFStringRef kSecOIDKeyUsage = CFSTR("2.5.29.15");
607 const CFStringRef kSecOIDLocalityName = CFSTR("2.5.4.7");
608 const CFStringRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3");
609 const CFStringRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3");
610 const CFStringRef kSecOIDNameConstraints = CFSTR("2.5.29.30");
611 const CFStringRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5");
612 const CFStringRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1");
613 const CFStringRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1");
614 const CFStringRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9");
615 const CFStringRef kSecOIDOrganizationName = CFSTR("2.5.4.10");
616 const CFStringRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11");
617 const CFStringRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36");
618 const CFStringRef kSecOIDPolicyMappings = CFSTR("2.5.29.33");
619 const CFStringRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16");
620 const CFStringRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3");
621 const CFStringRef kSecOIDSerialNumber = CFSTR("2.5.4.5");
622 const CFStringRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1");
623 const CFStringRef kSecOIDStateProvinceName = CFSTR("2.5.4.8");
624 const CFStringRef kSecOIDStreetAddress = CFSTR("2.5.4.9");
625 const CFStringRef kSecOIDSubjectAltName = CFSTR("2.5.29.17");
626 const CFStringRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9");
627 const CFStringRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3");
628 const CFStringRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11");
629 const CFStringRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14");
630 const CFStringRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2");
631 const CFStringRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1");
632 const CFStringRef kSecOIDSurname = CFSTR("2.5.4.4");
633 const CFStringRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8");
634 const CFStringRef kSecOIDTitle = CFSTR("2.5.4.12");
635 const CFStringRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4");
636 const CFStringRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11");
637 const CFStringRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12");
638 const CFStringRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5");
639 const CFStringRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1");
640 const CFStringRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2");
641 const CFStringRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23");
642 const CFStringRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3");
643 const CFStringRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2");
644 const CFStringRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1");
645 const CFStringRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3");
646 const CFStringRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10");
647 const CFStringRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1");
648 const CFStringRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0");
649 const CFStringRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8");
650 const CFStringRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1");
651 const CFStringRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2");
652 const CFStringRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22");
653 const CFStringRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10");
654 const CFStringRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9");
655 const CFStringRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18");
656 const CFStringRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1");
657 const CFStringRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7");
658 const CFStringRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6");
659 const CFStringRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2");
660 const CFStringRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1");
661 const CFStringRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1");
662 const CFStringRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1");
663 const CFStringRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16");
664 const CFStringRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15");
665 const CFStringRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13");
666 const CFStringRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19");
667 const CFStringRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17");
668 const CFStringRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1");
669 const CFStringRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21");
670 const CFStringRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14");
671 const CFStringRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0");
672 const CFStringRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1");
673 const CFStringRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7");
674
mirror of Security