]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/CertificateValues.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.10.29.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / CertificateValues.cpp
1 /*
2 * Copyright (c) 2002-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // CertificateValues.cpp
26 //
27 #include <security_keychain/Certificate.h>
28 #include <Security/oidscert.h>
29 #include <Security/oidsattr.h>
30 #include <Security/SecCertificate.h>
31 #include <Security/SecCertificatePriv.h>
32 #include "SecCertificateOIDs.h"
33 #include "CertificateValues.h"
34 #include "SecCertificateP.h"
35 #include "SecCertificatePrivP.h"
36 #include <CoreFoundation/CFNumber.h>
37 #include "SecCertificateP.h"
38
39 /* FIXME including SecCertificateInternalP.h here produces errors; investigate */
40 extern "C" CFDataRef SecCertificateCopyIssuerSequenceP(SecCertificateRefP certificate);
41 extern "C" CFDataRef SecCertificateCopySubjectSequenceP(SecCertificateRefP certificate);
42
43 extern "C" void appendPropertyP(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFTypeRef value);
44
45 extern const CFStringRef __nonnull kSecPropertyKeyType;
46 extern const CFStringRef __nonnull kSecPropertyKeyLabel;
47 extern const CFStringRef __nonnull kSecPropertyKeyLocalizedLabel;
48 extern const CFStringRef __nonnull kSecPropertyKeyValue;
49
50 extern const CFStringRef __nonnull kSecPropertyTypeData;
51 extern const CFStringRef __nonnull kSecPropertyTypeString;
52 extern const CFStringRef __nonnull kSecPropertyTypeURL;
53 extern const CFStringRef __nonnull kSecPropertyTypeDate;
54
55 CFStringRef kSecPropertyTypeArray = CFSTR("array");
56 CFStringRef kSecPropertyTypeNumber = CFSTR("number");
57
58
59 #pragma mark ---------- CertificateValues Implementation ----------
60
61 using namespace KeychainCore;
62
63 void addFieldValues(const void *key, const void *value, void *context);
64 void addPropertyToFieldValues(const void *value, void *context);
65 void filterFieldValues(const void *key, const void *value, void *context);
66 void validateKeys(const void *value, void *context);
67
68 CFDictionaryRef CertificateValues::mOIDRemap = NULL;
69
70 typedef struct FieldValueFilterContext
71 {
72 CFMutableDictionaryRef filteredValues;
73 CFArrayRef filterKeys;
74 } FieldValueFilterContext;
75
76 CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef),
77 mCertificateData(NULL)
78 {
79 if (mCertificateRef)
80 CFRetain(mCertificateRef);
81 }
82
83 CertificateValues::~CertificateValues() throw()
84 {
85 if (mCertificateData)
86 CFRelease(mCertificateData);
87 if (mCertificateRef)
88 CFRelease(mCertificateRef);
89 }
90
91 CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error)
92 {
93 if (keys)
94 {
95 if (CFGetTypeID(keys)!=CFArrayGetTypeID())
96 return NULL;
97 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys));
98 bool failed = false;
99 CFArrayApplyFunction(keys, range, validateKeys, &failed);
100 if (failed)
101 return NULL;
102 }
103
104 if (mCertificateData)
105 {
106 CFRelease(mCertificateData);
107 mCertificateData = NULL;
108 }
109 if (!mCertificateData)
110 {
111 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
112 if (!mCertificateData)
113 {
114 if (error) {
115 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
116 }
117 return NULL;
118 }
119 }
120
121 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
122 if (!certificateP)
123 {
124 if (error)
125 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
126 return NULL;
127 }
128
129 CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
130 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
131
132 // Return an array of CFStringRefs representing the common names in the certificates subject if any
133 CFArrayRef commonNames=SecCertificateCopyCommonNamesP(certificateP);
134 if (commonNames)
135 {
136 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
137 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), commonNames);
138 CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
139 CFRelease(commonNames);
140 CFRelease(additionalValues);
141 }
142
143 // These can exist in the subject alt name or in the subject
144 CFArrayRef dnsNames=SecCertificateCopyDNSNamesP(certificateP);
145 if (dnsNames)
146 {
147 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
148 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
149 CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
150 CFRelease(dnsNames);
151 CFRelease(additionalValues);
152 }
153
154 CFArrayRef ipAddresses=SecCertificateCopyIPAddressesP(certificateP);
155 if (ipAddresses)
156 {
157 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
158 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), dnsNames);
159 CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
160 CFRelease(ipAddresses);
161 CFRelease(additionalValues);
162 }
163
164 // These can exist in the subject alt name or in the subject
165 CFArrayRef emailAddrs=SecCertificateCopyRFC822NamesP(certificateP);
166 if (emailAddrs)
167 {
168 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
169 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
170 CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
171 CFRelease(emailAddrs);
172 CFRelease(additionalValues);
173 }
174
175 CFAbsoluteTime notBefore = SecCertificateNotValidBeforeP(certificateP);
176 CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notBefore);
177 if (notBeforeRef)
178 {
179 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
180 appendPropertyP(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), notBeforeRef);
181 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
182 CFRelease(notBeforeRef);
183 CFRelease(additionalValues);
184 }
185
186 CFAbsoluteTime notAfter = SecCertificateNotValidAfterP(certificateP);
187 CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notAfter);
188 if (notAfterRef)
189 {
190 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
191 appendPropertyP(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), notAfterRef);
192 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
193 CFRelease(notAfterRef);
194 CFRelease(additionalValues);
195 }
196
197 SecKeyUsage keyUsage=SecCertificateGetKeyUsageP(certificateP);
198 CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage);
199 if (ku)
200 {
201 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
202 appendPropertyP(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), ku);
203 CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
204 CFRelease(ku);
205 CFRelease(additionalValues);
206 }
207
208 CFArrayRef ekus = SecCertificateCopyExtendedKeyUsageP(certificateP);
209 if (ekus)
210 {
211 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
212 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), ekus);
213 CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
214 CFRelease(ekus);
215 CFRelease(additionalValues);
216 }
217
218 // Add all values from properties dictionary
219 CFArrayRef properties = SecCertificateCopyPropertiesP(certificateP);
220 if (properties)
221 {
222 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties));
223 CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues);
224 // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues);
225 CFRelease(properties);
226 }
227
228 CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent();
229 CFMutableArrayRef summaryProperties =
230 SecCertificateCopySummaryPropertiesP(certificateP, verifyTime);
231 if (summaryProperties)
232 {
233 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties));
234 CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues);
235 // CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues);
236 // CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties);
237 CFRelease(summaryProperties);
238 }
239
240 if (certificateP)
241 CFRelease(certificateP);
242
243 if (keys==NULL)
244 return (CFDictionaryRef)fieldValues;
245
246 // Otherwise, we need to filter
247 CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
248 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
249
250 FieldValueFilterContext fvcontext;
251 fvcontext.filteredValues = filteredFieldValues;
252 fvcontext.filterKeys = keys;
253
254 CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext);
255
256 CFRelease(fieldValues);
257 return (CFDictionaryRef)filteredFieldValues;
258 }
259
260 void validateKeys(const void *value, void *context)
261 {
262 if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID()))
263 if (context)
264 *(bool *)context = true;
265 }
266
267 void filterFieldValues(const void *key, const void *value, void *context)
268 {
269 // each element of keys is a CFStringRef with an OID, e.g.
270 // const CFStringRef kSecOIDTitle = CFSTR("2.5.4.12");
271
272 CFTypeRef fieldKey = (CFTypeRef)key;
273 if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL)
274 return;
275
276 FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context;
277
278 CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys));
279 CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey);
280 if (idx != kCFNotFound)
281 CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value);
282 }
283
284 void addFieldValues(const void *key, const void *value, void *context)
285 {
286 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
287 CFDictionaryAddValue(fieldValues, key, value);
288 }
289
290 void addPropertyToFieldValues(const void *value, void *context)
291 {
292 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
293 if (CFGetTypeID(value)==CFDictionaryGetTypeID())
294 {
295 CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel);
296 #if 0
297 CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType);
298 CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue);
299 #endif
300 CFStringRef key = CertificateValues::remapLabelToKey(label);
301 if (key)
302 CFDictionaryAddValue(fieldValues, key, value);
303 }
304 }
305
306 CFStringRef CertificateValues::remapLabelToKey(CFStringRef label)
307 {
308 if (!label)
309 return NULL;
310
311 if (!mOIDRemap)
312 {
313 CFTypeRef keys[] =
314 {
315 CFSTR("Subject Name"),
316 CFSTR("Normalized Subject Name"),
317 CFSTR("Issuer Name"),
318 CFSTR("Normalized Subject Name"),
319 CFSTR("Version"),
320 CFSTR("Serial Number"),
321 CFSTR("Signature Algorithm"),
322 CFSTR("Subject Unique ID"),
323 CFSTR("Issuer Unique ID"),
324 CFSTR("Public Key Algorithm"),
325 CFSTR("Public Key Data"),
326 CFSTR("Signature"),
327 CFSTR("Not Valid Before"),
328 CFSTR("Not Valid After"),
329 CFSTR("Expires")
330 };
331
332 CFTypeRef values[] =
333 {
334 kSecOIDX509V1SubjectName,
335 kSecOIDX509V1SubjectNameStd,
336 kSecOIDX509V1IssuerName,
337 kSecOIDX509V1IssuerNameStd,
338 kSecOIDX509V1Version,
339 kSecOIDX509V1SerialNumber,
340 kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS?
341 kSecOIDX509V1CertificateSubjectUniqueId,
342 kSecOIDX509V1CertificateIssuerUniqueId,
343 kSecOIDX509V1SubjectPublicKeyAlgorithm,
344 kSecOIDX509V1SubjectPublicKey,
345 kSecOIDX509V1Signature,
346 kSecOIDX509V1ValidityNotBefore,
347 kSecOIDX509V1ValidityNotAfter,
348 kSecOIDInvalidityDate
349 };
350
351 mOIDRemap = CFDictionaryCreate(NULL, keys, values,
352 (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks,
353 &kCFTypeDictionaryValueCallBacks);
354 }
355
356 CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label);
357
358 return result?(CFStringRef)result:label;
359 }
360
361 CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error)
362 {
363 CFDataRef result = NULL;
364 SecCertificateRefP certificateP = getSecCertificateRefP(error);
365
366 if (certificateP)
367 {
368 result = SecCertificateCopySerialNumberP(certificateP);
369 CFRelease(certificateP);
370 }
371 return result;
372 }
373
374 CFDataRef CertificateValues::copyNormalizedIssuerContent(CFErrorRef *error)
375 {
376 CFDataRef result = NULL;
377 SecCertificateRefP certificateP = getSecCertificateRefP(error);
378 if (certificateP)
379 {
380 result = SecCertificateCopyNormalizedIssuerSequenceP(certificateP);
381 CFRelease(certificateP);
382 }
383 return result;
384 }
385
386 CFDataRef CertificateValues::copyNormalizedSubjectContent(CFErrorRef *error)
387 {
388 CFDataRef result = NULL;
389 SecCertificateRefP certificateP = getSecCertificateRefP(error);
390 if (certificateP)
391 {
392 result = SecCertificateCopyNormalizedSubjectSequenceP(certificateP);
393 CFRelease(certificateP);
394 }
395 return result;
396 }
397
398 CFDataRef CertificateValues::copyIssuerSequence(CFErrorRef *error)
399 {
400 CFDataRef result = NULL;
401 SecCertificateRefP certificateP = getSecCertificateRefP(error);
402 if (certificateP)
403 {
404 result = SecCertificateCopyIssuerSequenceP(certificateP);
405 CFRelease(certificateP);
406 }
407 return result;
408 }
409
410 CFDataRef CertificateValues::copySubjectSequence(CFErrorRef *error)
411 {
412 CFDataRef result = NULL;
413 SecCertificateRefP certificateP = getSecCertificateRefP(error);
414 if (certificateP)
415 {
416 result = SecCertificateCopySubjectSequenceP(certificateP);
417 CFRelease(certificateP);
418 }
419 return result;
420 }
421
422 bool CertificateValues::isValid(CFAbsoluteTime verifyTime, CFErrorRef *error)
423 {
424 bool result = NULL;
425 SecCertificateRefP certificateP = getSecCertificateRefP(error);
426 if (certificateP)
427 {
428 result = SecCertificateIsValidP(certificateP, verifyTime);
429 CFRelease(certificateP);
430 }
431 return result;
432 }
433
434 CFAbsoluteTime CertificateValues::notValidBefore(CFErrorRef *error)
435 {
436 CFAbsoluteTime result = 0;
437 SecCertificateRefP certificateP = getSecCertificateRefP(error);
438 if (certificateP)
439 {
440 result = SecCertificateNotValidBeforeP(certificateP);
441 CFRelease(certificateP);
442 }
443 return result;
444 }
445
446 CFAbsoluteTime CertificateValues::notValidAfter(CFErrorRef *error)
447 {
448 CFAbsoluteTime result = 0;
449 SecCertificateRefP certificateP = getSecCertificateRefP(error);
450 if (certificateP)
451 {
452 result = SecCertificateNotValidAfterP(certificateP);
453 CFRelease(certificateP);
454 }
455 return result;
456 }
457
458 SecCertificateRefP CertificateValues::getSecCertificateRefP(CFErrorRef *error)
459 {
460 // SecCertificateCopyData returns an object created with CFDataCreate, so we
461 // own it and must release it
462
463 if (mCertificateData)
464 {
465 CFRelease(mCertificateData);
466 mCertificateData = NULL;
467 }
468
469 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
470 if (!mCertificateData && error)
471 {
472 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
473 return NULL;
474 }
475
476 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
477 if (!certificateP && error)
478 {
479 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
480 return NULL;
481 }
482
483 return certificateP;
484 }
485
486 #pragma mark ---------- OID Constants ----------
487
488 const CFStringRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3");
489 const CFStringRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1");
490 const CFStringRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1");
491 const CFStringRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1");
492 const CFStringRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3");
493 const CFStringRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2");
494 const CFStringRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4");
495 const CFStringRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4");
496 const CFStringRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6");
497 const CFStringRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0");
498 const CFStringRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0");
499 const CFStringRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1");
500 const CFStringRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1");
501 const CFStringRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2");
502 const CFStringRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1");
503 const CFStringRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2");
504 const CFStringRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3");
505 const CFStringRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7");
506 const CFStringRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1");
507 const CFStringRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35");
508 const CFStringRef kSecOIDBasicConstraints = CFSTR("2.5.29.19");
509 const CFStringRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2");
510 const CFStringRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20");
511 const CFStringRef kSecOIDCertIssuer = CFSTR("2.5.29.29");
512 const CFStringRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32");
513 const CFStringRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2");
514 const CFStringRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1");
515 const CFStringRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1");
516 const CFStringRef kSecOIDCommonName = CFSTR("2.5.4.3");
517 const CFStringRef kSecOIDCountryName = CFSTR("2.5.4.6");
518 const CFStringRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31");
519 const CFStringRef kSecOIDCrlNumber = CFSTR("2.5.29.20");
520 const CFStringRef kSecOIDCrlReason = CFSTR("2.5.29.21");
521 const CFStringRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3");
522 const CFStringRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2");
523 const CFStringRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2");
524 const CFStringRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1");
525 const CFStringRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2");
526 const CFStringRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27");
527 const CFStringRef kSecOIDDescription = CFSTR("2.5.4.13");
528 const CFStringRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2");
529 const CFStringRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1");
530 const CFStringRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4");
531 const CFStringRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37");
532 const CFStringRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0");
533 const CFStringRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3");
534 const CFStringRef kSecOIDGivenName = CFSTR("2.5.4.42");
535 const CFStringRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23");
536 const CFStringRef kSecOIDInvalidityDate = CFSTR("2.5.29.24");
537 const CFStringRef kSecOIDIssuerAltName = CFSTR("2.5.29.18");
538 const CFStringRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28");
539 const CFStringRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28");
540 const CFStringRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4");
541 const CFStringRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5");
542 const CFStringRef kSecOIDKeyUsage = CFSTR("2.5.29.15");
543 const CFStringRef kSecOIDLocalityName = CFSTR("2.5.4.7");
544 const CFStringRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3");
545 const CFStringRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3");
546 const CFStringRef kSecOIDNameConstraints = CFSTR("2.5.29.30");
547 const CFStringRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5");
548 const CFStringRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1");
549 const CFStringRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1");
550 const CFStringRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9");
551 const CFStringRef kSecOIDOrganizationName = CFSTR("2.5.4.10");
552 const CFStringRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11");
553 const CFStringRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36");
554 const CFStringRef kSecOIDPolicyMappings = CFSTR("2.5.29.33");
555 const CFStringRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16");
556 const CFStringRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3");
557 const CFStringRef kSecOIDSerialNumber = CFSTR("2.5.4.5");
558 const CFStringRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1");
559 const CFStringRef kSecOIDStateProvinceName = CFSTR("2.5.4.8");
560 const CFStringRef kSecOIDStreetAddress = CFSTR("2.5.4.9");
561 const CFStringRef kSecOIDSubjectAltName = CFSTR("2.5.29.17");
562 const CFStringRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9");
563 const CFStringRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3");
564 const CFStringRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11");
565 const CFStringRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14");
566 const CFStringRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2");
567 const CFStringRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1");
568 const CFStringRef kSecOIDSurname = CFSTR("2.5.4.4");
569 const CFStringRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8");
570 const CFStringRef kSecOIDTitle = CFSTR("2.5.4.12");
571 const CFStringRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4");
572 const CFStringRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11");
573 const CFStringRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12");
574 const CFStringRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5");
575 const CFStringRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1");
576 const CFStringRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2");
577 const CFStringRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23");
578 const CFStringRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3");
579 const CFStringRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2");
580 const CFStringRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1");
581 const CFStringRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3");
582 const CFStringRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10");
583 const CFStringRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1");
584 const CFStringRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0");
585 const CFStringRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8");
586 const CFStringRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1");
587 const CFStringRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2");
588 const CFStringRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22");
589 const CFStringRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10");
590 const CFStringRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9");
591 const CFStringRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18");
592 const CFStringRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1");
593 const CFStringRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7");
594 const CFStringRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6");
595 const CFStringRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2");
596 const CFStringRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1");
597 const CFStringRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1");
598 const CFStringRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1");
599 const CFStringRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16");
600 const CFStringRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15");
601 const CFStringRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13");
602 const CFStringRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19");
603 const CFStringRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17");
604 const CFStringRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1");
605 const CFStringRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21");
606 const CFStringRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14");
607 const CFStringRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0");
608 const CFStringRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1");
609 const CFStringRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7");
610
mirror of Security