]> git.saurik.com Git - apple/security.git/blob - libsecurity_keychain/lib/CertificateValues.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.13.tar.gz
[apple/security.git] / libsecurity_keychain / lib / CertificateValues.cpp
1 /*
2 * Copyright (c) 2002-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // CertificateValues.cpp
26 //
27 #include <security_keychain/Certificate.h>
28 #include <Security/oidscert.h>
29 #include <Security/oidsattr.h>
30 #include <Security/SecCertificate.h>
31 #include <Security/SecCertificatePriv.h>
32 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
33 #include "SecCertificateOIDs.h"
34 #include "CertificateValues.h"
35 #include "SecCertificateP.h"
36 #include "SecCertificatePrivP.h"
37 #include <CoreFoundation/CFNumber.h>
38 #include "SecCertificateP.h"
39
40 extern "C" void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFTypeRef value);
41
42 extern CFStringRef kSecPropertyKeyType;
43 extern CFStringRef kSecPropertyKeyLabel;
44 extern CFStringRef kSecPropertyKeyLocalizedLabel;
45 extern CFStringRef kSecPropertyKeyValue;
46
47 extern CFStringRef kSecPropertyTypeData;
48 extern CFStringRef kSecPropertyTypeString;
49 extern CFStringRef kSecPropertyTypeURL;
50 extern CFStringRef kSecPropertyTypeDate;
51
52 CFStringRef kSecPropertyTypeArray = CFSTR("array");
53 CFStringRef kSecPropertyTypeNumber = CFSTR("number");
54
55
56 #pragma mark ---------- CertificateValues Implementation ----------
57
58 using namespace KeychainCore;
59
60 void addFieldValues(const void *key, const void *value, void *context);
61 void addPropertyToFieldValues(const void *value, void *context);
62 void filterFieldValues(const void *key, const void *value, void *context);
63 void validateKeys(const void *value, void *context);
64
65 CFDictionaryRef CertificateValues::mOIDRemap = NULL;
66
67 typedef struct FieldValueFilterContext
68 {
69 CFMutableDictionaryRef filteredValues;
70 CFArrayRef filterKeys;
71 } FieldValueFilterContext;
72
73 CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef),
74 mCertificateData(NULL)
75 {
76 if (mCertificateRef)
77 CFRetain(mCertificateRef);
78 }
79
80 CertificateValues::~CertificateValues() throw()
81 {
82 if (mCertificateData)
83 CFRelease(mCertificateData);
84 if (mCertificateRef)
85 CFRelease(mCertificateRef);
86 }
87
88 CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error)
89 {
90 if (keys)
91 {
92 if (CFGetTypeID(keys)!=CFArrayGetTypeID())
93 return NULL;
94 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys));
95 bool failed = false;
96 CFArrayApplyFunction(keys, range, validateKeys, &failed);
97 if (failed)
98 return NULL;
99 }
100
101 if (mCertificateData)
102 {
103 CFRelease(mCertificateData);
104 mCertificateData = NULL;
105 }
106 if (!mCertificateData)
107 {
108 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
109 if (!mCertificateData)
110 {
111 if (error) {
112 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
113 }
114 return NULL;
115 }
116 }
117
118 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
119 if (!certificateP)
120 {
121 if (error)
122 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
123 return NULL;
124 }
125
126 CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
127 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
128
129 // Return an array of CFStringRefs representing the common names in the certificates subject if any
130 CFArrayRef commonNames=SecCertificateCopyCommonNames(certificateP);
131 if (commonNames)
132 {
133 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
134 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), commonNames);
135 CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
136 CFRelease(commonNames);
137 CFRelease(additionalValues);
138 }
139
140 // These can exist in the subject alt name or in the subject
141 CFArrayRef dnsNames=SecCertificateCopyDNSNames(certificateP);
142 if (dnsNames)
143 {
144 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
145 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
146 CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
147 CFRelease(dnsNames);
148 CFRelease(additionalValues);
149 }
150
151 CFArrayRef ipAddresses=SecCertificateCopyIPAddresses(certificateP);
152 if (ipAddresses)
153 {
154 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
155 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), dnsNames);
156 CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
157 CFRelease(ipAddresses);
158 CFRelease(additionalValues);
159 }
160
161 // These can exist in the subject alt name or in the subject
162 CFArrayRef emailAddrs=SecCertificateCopyRFC822Names(certificateP);
163 if (emailAddrs)
164 {
165 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
166 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
167 CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
168 CFRelease(emailAddrs);
169 CFRelease(additionalValues);
170 }
171
172 CFAbsoluteTime notBefore = SecCertificateNotValidBefore(certificateP);
173 CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notBefore);
174 if (notBeforeRef)
175 {
176 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
177 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), notBeforeRef);
178 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
179 CFRelease(notBeforeRef);
180 CFRelease(additionalValues);
181 }
182
183 CFAbsoluteTime notAfter = SecCertificateNotValidAfter(certificateP);
184 CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notAfter);
185 if (notAfterRef)
186 {
187 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
188 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), notAfterRef);
189 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
190 CFRelease(notAfterRef);
191 CFRelease(additionalValues);
192 }
193
194 SecKeyUsage keyUsage=SecCertificateGetKeyUsage(certificateP);
195 CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage);
196 if (ku)
197 {
198 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
199 appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), ku);
200 CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
201 CFRelease(ku);
202 CFRelease(additionalValues);
203 }
204
205 CFArrayRef ekus = SecCertificateCopyExtendedKeyUsage(certificateP);
206 if (ekus)
207 {
208 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
209 appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), ekus);
210 CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
211 CFRelease(ekus);
212 CFRelease(additionalValues);
213 }
214
215 // Add all values from properties dictionary
216 CFArrayRef properties = SecCertificateCopyProperties(certificateP);
217 if (properties)
218 {
219 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties));
220 CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues);
221 // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues);
222 CFRelease(properties);
223 }
224
225 CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent();
226 CFMutableArrayRef summaryProperties =
227 SecCertificateCopySummaryProperties(certificateP, verifyTime);
228 if (summaryProperties)
229 {
230 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties));
231 CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues);
232 // CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues);
233 // CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties);
234 CFRelease(summaryProperties);
235 }
236
237 if (certificateP)
238 CFRelease(certificateP);
239
240 if (keys==NULL)
241 return (CFDictionaryRef)fieldValues;
242
243 // Otherwise, we need to filter
244 CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
245 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
246
247 FieldValueFilterContext fvcontext;
248 fvcontext.filteredValues = filteredFieldValues;
249 fvcontext.filterKeys = keys;
250
251 CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext);
252
253 CFRelease(fieldValues);
254 return (CFDictionaryRef)filteredFieldValues;
255 }
256
257 void validateKeys(const void *value, void *context)
258 {
259 if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID()))
260 if (context)
261 *(bool *)context = true;
262 }
263
264 void filterFieldValues(const void *key, const void *value, void *context)
265 {
266 // each element of keys is a CFStringRef with an OID, e.g.
267 // CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12");
268
269 CFTypeRef fieldKey = (CFTypeRef)key;
270 if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL)
271 return;
272
273 FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context;
274
275 CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys));
276 CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey);
277 if (idx != kCFNotFound)
278 CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value);
279 }
280
281 void addFieldValues(const void *key, const void *value, void *context)
282 {
283 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
284 CFDictionaryAddValue(fieldValues, key, value);
285 }
286
287 void addPropertyToFieldValues(const void *value, void *context)
288 {
289 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
290 if (CFGetTypeID(value)==CFDictionaryGetTypeID())
291 {
292 CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel);
293 #if 0
294 CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType);
295 CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue);
296 #endif
297 CFStringRef key = CertificateValues::remapLabelToKey(label);
298 if (key)
299 CFDictionaryAddValue(fieldValues, key, value);
300 }
301 }
302
303 CFStringRef CertificateValues::remapLabelToKey(CFStringRef label)
304 {
305 if (!label)
306 return NULL;
307
308 if (!mOIDRemap)
309 {
310 CFTypeRef keys[] =
311 {
312 CFSTR("Subject Name"),
313 CFSTR("Normalized Subject Name"),
314 CFSTR("Issuer Name"),
315 CFSTR("Normalized Subject Name"),
316 CFSTR("Version"),
317 CFSTR("Serial Number"),
318 CFSTR("Signature Algorithm"),
319 CFSTR("Subject Unique ID"),
320 CFSTR("Issuer Unique ID"),
321 CFSTR("Public Key Algorithm"),
322 CFSTR("Public Key Data"),
323 CFSTR("Signature"),
324 CFSTR("Not Valid Before"),
325 CFSTR("Not Valid After"),
326 CFSTR("Expires")
327 };
328
329 CFTypeRef values[] =
330 {
331 kSecOIDX509V1SubjectName,
332 kSecOIDX509V1SubjectNameStd,
333 kSecOIDX509V1IssuerName,
334 kSecOIDX509V1IssuerNameStd,
335 kSecOIDX509V1Version,
336 kSecOIDX509V1SerialNumber,
337 kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS?
338 kSecOIDX509V1CertificateSubjectUniqueId,
339 kSecOIDX509V1CertificateIssuerUniqueId,
340 kSecOIDX509V1SubjectPublicKeyAlgorithm,
341 kSecOIDX509V1SubjectPublicKey,
342 kSecOIDX509V1Signature,
343 kSecOIDX509V1ValidityNotBefore,
344 kSecOIDX509V1ValidityNotAfter,
345 kSecOIDInvalidityDate
346 };
347
348 mOIDRemap = CFDictionaryCreate(NULL, keys, values,
349 (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks,
350 &kCFTypeDictionaryValueCallBacks);
351 }
352
353 CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label);
354
355 return result?(CFStringRef)result:label;
356 }
357
358 CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error)
359 {
360 CFDataRef result = NULL;
361 SecCertificateRefP certificateP = getSecCertificateRefP(error);
362
363 if (certificateP)
364 {
365 result = SecCertificateCopySerialNumberP(certificateP);
366 CFRelease(certificateP);
367 }
368 return result;
369 }
370
371 CFDataRef CertificateValues::getNormalizedIssuerContent(CFErrorRef *error)
372 {
373 // We wrap with SecDERItemCopySequence, since SecItemCopyMatching expects it
374 CFDataRef result = NULL;
375 SecCertificateRefP certificateP = getSecCertificateRefP(error);
376 if (certificateP)
377 {
378 result = SecCertificateGetNormalizedIssuer(certificateP);
379 CFRelease(certificateP);
380 }
381 return result;
382 }
383
384 CFDataRef CertificateValues::getNormalizedSubjectContent(CFErrorRef *error)
385 {
386 // We wrap with SecDERItemCopySequence, since SecItemCopyMatching expects it
387 CFDataRef result = NULL;
388 SecCertificateRefP certificateP = getSecCertificateRefP(error);
389 if (certificateP)
390 {
391 result = SecCertificateGetNormalizedSubject(certificateP);
392 CFRelease(certificateP);
393 }
394 return result;
395 }
396
397 bool CertificateValues::SecCertificateIsValidX(CFAbsoluteTime verifyTime, CFErrorRef *error)
398 {
399 // We wrap with SecDERItemCopySequence, since SecItemCopyMatching expects it
400 bool result = NULL;
401 SecCertificateRefP certificateP = getSecCertificateRefP(error);
402 if (certificateP)
403 {
404 result = SecCertificateIsValid(certificateP, verifyTime);
405 CFRelease(certificateP);
406 }
407 return result;
408 }
409
410 SecCertificateRefP CertificateValues::getSecCertificateRefP(CFErrorRef *error)
411 {
412 // SecCertificateCopyData returns an object created with CFDataCreate, so we
413 // own it and must release it
414
415 if (mCertificateData)
416 {
417 CFRelease(mCertificateData);
418 mCertificateData = NULL;
419 }
420
421 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
422 if (!mCertificateData && error)
423 {
424 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
425 return NULL;
426 }
427
428 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
429 if (!certificateP && error)
430 {
431 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
432 return NULL;
433 }
434
435 return certificateP;
436 }
437
438 #pragma mark ---------- OID Constants ----------
439
440 CFTypeRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3");
441 CFTypeRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1");
442 CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1");
443 CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1");
444 CFTypeRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3");
445 CFTypeRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2");
446 CFTypeRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4");
447 CFTypeRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4");
448 CFTypeRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6");
449 CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0");
450 CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0");
451 CFTypeRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1");
452 CFTypeRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1");
453 CFTypeRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2");
454 CFTypeRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1");
455 CFTypeRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2");
456 CFTypeRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3");
457 CFTypeRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7");
458 CFTypeRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1");
459 CFTypeRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35");
460 CFTypeRef kSecOIDBasicConstraints = CFSTR("2.5.29.19");
461 CFTypeRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2");
462 CFTypeRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20");
463 CFTypeRef kSecOIDCertIssuer = CFSTR("2.5.29.29");
464 CFTypeRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32");
465 CFTypeRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2");
466 CFTypeRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1");
467 CFTypeRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1");
468 CFTypeRef kSecOIDCommonName = CFSTR("2.5.4.3");
469 CFTypeRef kSecOIDCountryName = CFSTR("2.5.4.6");
470 CFTypeRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31");
471 CFTypeRef kSecOIDCrlNumber = CFSTR("2.5.29.20");
472 CFTypeRef kSecOIDCrlReason = CFSTR("2.5.29.21");
473 CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3");
474 CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2");
475 CFTypeRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2");
476 CFTypeRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1");
477 CFTypeRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2");
478 CFTypeRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27");
479 CFTypeRef kSecOIDDescription = CFSTR("2.5.4.13");
480 CFTypeRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2");
481 CFTypeRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1");
482 CFTypeRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4");
483 CFTypeRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37");
484 CFTypeRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0");
485 CFTypeRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3");
486 CFTypeRef kSecOIDGivenName = CFSTR("2.5.4.42");
487 CFTypeRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23");
488 CFTypeRef kSecOIDInvalidityDate = CFSTR("2.5.29.24");
489 CFTypeRef kSecOIDIssuerAltName = CFSTR("2.5.29.18");
490 CFTypeRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28");
491 CFTypeRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28");
492 CFTypeRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4");
493 CFTypeRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5");
494 CFTypeRef kSecOIDKeyUsage = CFSTR("2.5.29.15");
495 CFTypeRef kSecOIDLocalityName = CFSTR("2.5.4.7");
496 CFTypeRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3");
497 CFTypeRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3");
498 CFTypeRef kSecOIDNameConstraints = CFSTR("2.5.29.30");
499 CFTypeRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5");
500 CFTypeRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1");
501 CFTypeRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1");
502 CFTypeRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9");
503 CFTypeRef kSecOIDOrganizationName = CFSTR("2.5.4.10");
504 CFTypeRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11");
505 CFTypeRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36");
506 CFTypeRef kSecOIDPolicyMappings = CFSTR("2.5.29.33");
507 CFTypeRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16");
508 CFTypeRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3");
509 CFTypeRef kSecOIDSerialNumber = CFSTR("2.5.4.5");
510 CFTypeRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1");
511 CFTypeRef kSecOIDStateProvinceName = CFSTR("2.5.4.8");
512 CFTypeRef kSecOIDStreetAddress = CFSTR("2.5.4.9");
513 CFTypeRef kSecOIDSubjectAltName = CFSTR("2.5.29.17");
514 CFTypeRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9");
515 CFTypeRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3");
516 CFTypeRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11");
517 CFTypeRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14");
518 CFTypeRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2");
519 CFTypeRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1");
520 CFTypeRef kSecOIDSurname = CFSTR("2.5.4.4");
521 CFTypeRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8");
522 CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12");
523 CFTypeRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4");
524 CFTypeRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11");
525 CFTypeRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12");
526 CFTypeRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5");
527 CFTypeRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1");
528 CFTypeRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2");
529 CFTypeRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23");
530 CFTypeRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3");
531 CFTypeRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2");
532 CFTypeRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1");
533 CFTypeRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3");
534 CFTypeRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10");
535 CFTypeRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1");
536 CFTypeRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0");
537 CFTypeRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8");
538 CFTypeRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1");
539 CFTypeRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2");
540 CFTypeRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22");
541 CFTypeRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10");
542 CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9");
543 CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18");
544 CFTypeRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1");
545 CFTypeRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7");
546 CFTypeRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6");
547 CFTypeRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2");
548 CFTypeRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1");
549 CFTypeRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1");
550 CFTypeRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1");
551 CFTypeRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16");
552 CFTypeRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15");
553 CFTypeRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13");
554 CFTypeRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19");
555 CFTypeRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17");
556 CFTypeRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1");
557 CFTypeRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21");
558 CFTypeRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14");
559 CFTypeRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0");
560 CFTypeRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1");
561 CFTypeRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7");
562
mirror of Security