]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/CertificateValues.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / CertificateValues.cpp
1 /*
2 * Copyright (c) 2002-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // CertificateValues.cpp
26 //
27 #include <security_keychain/Certificate.h>
28 #include <Security/oidscert.h>
29 #include <Security/oidsattr.h>
30 #include <Security/SecCertificate.h>
31 #include <Security/SecCertificatePriv.h>
32 #include "SecCertificateOIDs.h"
33 #include "CertificateValues.h"
34 #include "SecCertificateP.h"
35 #include "SecCertificatePrivP.h"
36 #include <CoreFoundation/CFNumber.h>
37 #include "SecCertificateP.h"
38
39 /* FIXME including SecCertificateInternalP.h here produces errors; investigate */
40 extern "C" CFDataRef SecCertificateCopyIssuerSequenceP(SecCertificateRefP certificate);
41 extern "C" CFDataRef SecCertificateCopySubjectSequenceP(SecCertificateRefP certificate);
42 extern "C" CFDictionaryRef SecCertificateCopyAttributeDictionaryP(SecCertificateRefP certificate);
43
44 extern "C" void appendPropertyP(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFTypeRef value);
45
46 extern const CFStringRef __nonnull kSecPropertyKeyType;
47 extern const CFStringRef __nonnull kSecPropertyKeyLabel;
48 extern const CFStringRef __nonnull kSecPropertyKeyLocalizedLabel;
49 extern const CFStringRef __nonnull kSecPropertyKeyValue;
50
51 extern const CFStringRef __nonnull kSecPropertyTypeData;
52 extern const CFStringRef __nonnull kSecPropertyTypeString;
53 extern const CFStringRef __nonnull kSecPropertyTypeURL;
54 extern const CFStringRef __nonnull kSecPropertyTypeDate;
55
56 CFStringRef kSecPropertyTypeArray = CFSTR("array");
57 CFStringRef kSecPropertyTypeNumber = CFSTR("number");
58
59
60 #pragma mark ---------- CertificateValues Implementation ----------
61
62 using namespace KeychainCore;
63
64 void addFieldValues(const void *key, const void *value, void *context);
65 void addPropertyToFieldValues(const void *value, void *context);
66 void filterFieldValues(const void *key, const void *value, void *context);
67 void validateKeys(const void *value, void *context);
68
69 CFDictionaryRef CertificateValues::mOIDRemap = NULL;
70
71 typedef struct FieldValueFilterContext
72 {
73 CFMutableDictionaryRef filteredValues;
74 CFArrayRef filterKeys;
75 } FieldValueFilterContext;
76
77 CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef),
78 mCertificateData(NULL)
79 {
80 if (mCertificateRef)
81 CFRetain(mCertificateRef);
82 }
83
84 CertificateValues::~CertificateValues() throw()
85 {
86 if (mCertificateData)
87 CFRelease(mCertificateData);
88 if (mCertificateRef)
89 CFRelease(mCertificateRef);
90 }
91
92 CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error)
93 {
94 if (keys)
95 {
96 if (CFGetTypeID(keys)!=CFArrayGetTypeID())
97 return NULL;
98 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys));
99 bool failed = false;
100 CFArrayApplyFunction(keys, range, validateKeys, &failed);
101 if (failed)
102 return NULL;
103 }
104
105 if (mCertificateData)
106 {
107 CFRelease(mCertificateData);
108 mCertificateData = NULL;
109 }
110 if (!mCertificateData)
111 {
112 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
113 if (!mCertificateData)
114 {
115 if (error) {
116 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
117 }
118 return NULL;
119 }
120 }
121
122 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
123 if (!certificateP)
124 {
125 if (error)
126 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
127 return NULL;
128 }
129
130 CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
131 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
132
133 // Return an array of CFStringRefs representing the common names in the certificates subject if any
134 CFArrayRef commonNames=SecCertificateCopyCommonNamesP(certificateP);
135 if (commonNames)
136 {
137 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
138 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), commonNames);
139 CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
140 CFRelease(commonNames);
141 CFRelease(additionalValues);
142 }
143
144 // These can exist in the subject alt name or in the subject
145 CFArrayRef dnsNames=SecCertificateCopyDNSNamesP(certificateP);
146 if (dnsNames)
147 {
148 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
149 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
150 CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
151 CFRelease(dnsNames);
152 CFRelease(additionalValues);
153 }
154
155 CFArrayRef ipAddresses=SecCertificateCopyIPAddressesP(certificateP);
156 if (ipAddresses)
157 {
158 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
159 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), dnsNames);
160 CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
161 CFRelease(ipAddresses);
162 CFRelease(additionalValues);
163 }
164
165 // These can exist in the subject alt name or in the subject
166 CFArrayRef emailAddrs=SecCertificateCopyRFC822NamesP(certificateP);
167 if (emailAddrs)
168 {
169 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
170 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
171 CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
172 CFRelease(emailAddrs);
173 CFRelease(additionalValues);
174 }
175
176 CFAbsoluteTime notBefore = SecCertificateNotValidBeforeP(certificateP);
177 CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notBefore);
178 if (notBeforeRef)
179 {
180 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
181 appendPropertyP(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), notBeforeRef);
182 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
183 CFRelease(notBeforeRef);
184 CFRelease(additionalValues);
185 }
186
187 CFAbsoluteTime notAfter = SecCertificateNotValidAfterP(certificateP);
188 CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &notAfter);
189 if (notAfterRef)
190 {
191 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
192 appendPropertyP(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), notAfterRef);
193 CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
194 CFRelease(notAfterRef);
195 CFRelease(additionalValues);
196 }
197
198 SecKeyUsage keyUsage=SecCertificateGetKeyUsageP(certificateP);
199 CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage);
200 if (ku)
201 {
202 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
203 appendPropertyP(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), ku);
204 CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
205 CFRelease(ku);
206 CFRelease(additionalValues);
207 }
208
209 CFArrayRef ekus = SecCertificateCopyExtendedKeyUsageP(certificateP);
210 if (ekus)
211 {
212 CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
213 appendPropertyP(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), ekus);
214 CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
215 CFRelease(ekus);
216 CFRelease(additionalValues);
217 }
218
219 // Add all values from properties dictionary
220 CFArrayRef properties = SecCertificateCopyPropertiesP(certificateP);
221 if (properties)
222 {
223 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties));
224 CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues);
225 // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues);
226 CFRelease(properties);
227 }
228
229 CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent();
230 CFMutableArrayRef summaryProperties =
231 SecCertificateCopySummaryPropertiesP(certificateP, verifyTime);
232 if (summaryProperties)
233 {
234 CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties));
235 CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues);
236 // CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues);
237 // CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties);
238 CFRelease(summaryProperties);
239 }
240
241 if (certificateP)
242 CFRelease(certificateP);
243
244 if (keys==NULL)
245 return (CFDictionaryRef)fieldValues;
246
247 // Otherwise, we need to filter
248 CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
249 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
250
251 FieldValueFilterContext fvcontext;
252 fvcontext.filteredValues = filteredFieldValues;
253 fvcontext.filterKeys = keys;
254
255 CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext);
256
257 CFRelease(fieldValues);
258 return (CFDictionaryRef)filteredFieldValues;
259 }
260
261 void validateKeys(const void *value, void *context)
262 {
263 if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID()))
264 if (context)
265 *(bool *)context = true;
266 }
267
268 void filterFieldValues(const void *key, const void *value, void *context)
269 {
270 // each element of keys is a CFStringRef with an OID, e.g.
271 // const CFStringRef kSecOIDTitle = CFSTR("2.5.4.12");
272
273 CFTypeRef fieldKey = (CFTypeRef)key;
274 if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL)
275 return;
276
277 FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context;
278
279 CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys));
280 CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey);
281 if (idx != kCFNotFound)
282 CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value);
283 }
284
285 void addFieldValues(const void *key, const void *value, void *context)
286 {
287 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
288 CFDictionaryAddValue(fieldValues, key, value);
289 }
290
291 void addPropertyToFieldValues(const void *value, void *context)
292 {
293 CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
294 if (CFGetTypeID(value)==CFDictionaryGetTypeID())
295 {
296 CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel);
297 #if 0
298 CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType);
299 CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue);
300 #endif
301 CFStringRef key = CertificateValues::remapLabelToKey(label);
302 if (key)
303 CFDictionaryAddValue(fieldValues, key, value);
304 }
305 }
306
307 CFStringRef CertificateValues::remapLabelToKey(CFStringRef label)
308 {
309 if (!label)
310 return NULL;
311
312 if (!mOIDRemap)
313 {
314 CFTypeRef keys[] =
315 {
316 CFSTR("Subject Name"),
317 CFSTR("Normalized Subject Name"),
318 CFSTR("Issuer Name"),
319 CFSTR("Normalized Subject Name"),
320 CFSTR("Version"),
321 CFSTR("Serial Number"),
322 CFSTR("Signature Algorithm"),
323 CFSTR("Subject Unique ID"),
324 CFSTR("Issuer Unique ID"),
325 CFSTR("Public Key Algorithm"),
326 CFSTR("Public Key Data"),
327 CFSTR("Signature"),
328 CFSTR("Not Valid Before"),
329 CFSTR("Not Valid After"),
330 CFSTR("Expires")
331 };
332
333 CFTypeRef values[] =
334 {
335 kSecOIDX509V1SubjectName,
336 kSecOIDX509V1SubjectNameStd,
337 kSecOIDX509V1IssuerName,
338 kSecOIDX509V1IssuerNameStd,
339 kSecOIDX509V1Version,
340 kSecOIDX509V1SerialNumber,
341 kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS?
342 kSecOIDX509V1CertificateSubjectUniqueId,
343 kSecOIDX509V1CertificateIssuerUniqueId,
344 kSecOIDX509V1SubjectPublicKeyAlgorithm,
345 kSecOIDX509V1SubjectPublicKey,
346 kSecOIDX509V1Signature,
347 kSecOIDX509V1ValidityNotBefore,
348 kSecOIDX509V1ValidityNotAfter,
349 kSecOIDInvalidityDate
350 };
351
352 mOIDRemap = CFDictionaryCreate(NULL, keys, values,
353 (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks,
354 &kCFTypeDictionaryValueCallBacks);
355 }
356
357 CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label);
358
359 return result?(CFStringRef)result:label;
360 }
361
362 CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error)
363 {
364 CFDataRef result = NULL;
365 SecCertificateRefP certificateP = getSecCertificateRefP(error);
366
367 if (certificateP)
368 {
369 result = SecCertificateCopySerialNumberP(certificateP);
370 CFRelease(certificateP);
371 }
372 return result;
373 }
374
375 CFDataRef CertificateValues::copyNormalizedIssuerContent(CFErrorRef *error)
376 {
377 CFDataRef result = NULL;
378 SecCertificateRefP certificateP = getSecCertificateRefP(error);
379 if (certificateP)
380 {
381 result = SecCertificateCopyNormalizedIssuerSequenceP(certificateP);
382 CFRelease(certificateP);
383 }
384 return result;
385 }
386
387 CFDataRef CertificateValues::copyNormalizedSubjectContent(CFErrorRef *error)
388 {
389 CFDataRef result = NULL;
390 SecCertificateRefP certificateP = getSecCertificateRefP(error);
391 if (certificateP)
392 {
393 result = SecCertificateCopyNormalizedSubjectSequenceP(certificateP);
394 CFRelease(certificateP);
395 }
396 return result;
397 }
398
399 CFDataRef CertificateValues::copyIssuerSequence(CFErrorRef *error)
400 {
401 CFDataRef result = NULL;
402 SecCertificateRefP certificateP = getSecCertificateRefP(error);
403 if (certificateP)
404 {
405 result = SecCertificateCopyIssuerSequenceP(certificateP);
406 CFRelease(certificateP);
407 }
408 return result;
409 }
410
411 CFDataRef CertificateValues::copySubjectSequence(CFErrorRef *error)
412 {
413 CFDataRef result = NULL;
414 SecCertificateRefP certificateP = getSecCertificateRefP(error);
415 if (certificateP)
416 {
417 result = SecCertificateCopySubjectSequenceP(certificateP);
418 CFRelease(certificateP);
419 }
420 return result;
421 }
422
423 CFDictionaryRef CertificateValues::copyAttributeDictionary(CFErrorRef *error)
424 {
425 CFDictionaryRef result = NULL;
426 SecCertificateRefP certificateP = getSecCertificateRefP(error);
427 if (certificateP)
428 {
429 result = SecCertificateCopyAttributeDictionaryP(certificateP);
430 CFRelease(certificateP);
431 }
432 return result;
433 }
434
435 bool CertificateValues::isValid(CFAbsoluteTime verifyTime, CFErrorRef *error)
436 {
437 bool result = NULL;
438 SecCertificateRefP certificateP = getSecCertificateRefP(error);
439 if (certificateP)
440 {
441 result = SecCertificateIsValidP(certificateP, verifyTime);
442 CFRelease(certificateP);
443 }
444 return result;
445 }
446
447 CFAbsoluteTime CertificateValues::notValidBefore(CFErrorRef *error)
448 {
449 CFAbsoluteTime result = 0;
450 SecCertificateRefP certificateP = getSecCertificateRefP(error);
451 if (certificateP)
452 {
453 result = SecCertificateNotValidBeforeP(certificateP);
454 CFRelease(certificateP);
455 }
456 return result;
457 }
458
459 CFAbsoluteTime CertificateValues::notValidAfter(CFErrorRef *error)
460 {
461 CFAbsoluteTime result = 0;
462 SecCertificateRefP certificateP = getSecCertificateRefP(error);
463 if (certificateP)
464 {
465 result = SecCertificateNotValidAfterP(certificateP);
466 CFRelease(certificateP);
467 }
468 return result;
469 }
470
471 SecCertificateRefP CertificateValues::getSecCertificateRefP(CFErrorRef *error)
472 {
473 // SecCertificateCopyData returns an object created with CFDataCreate, so we
474 // own it and must release it
475
476 if (mCertificateData)
477 {
478 CFRelease(mCertificateData);
479 mCertificateData = NULL;
480 }
481
482 mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
483 if (!mCertificateData && error)
484 {
485 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
486 return NULL;
487 }
488
489 SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
490 if (!certificateP && error)
491 {
492 *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
493 return NULL;
494 }
495
496 return certificateP;
497 }
498
499 #pragma mark ---------- OID Constants ----------
500
501 const CFStringRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3");
502 const CFStringRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1");
503 const CFStringRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1");
504 const CFStringRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1");
505 const CFStringRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3");
506 const CFStringRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2");
507 const CFStringRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4");
508 const CFStringRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4");
509 const CFStringRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6");
510 const CFStringRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0");
511 const CFStringRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0");
512 const CFStringRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1");
513 const CFStringRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1");
514 const CFStringRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2");
515 const CFStringRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1");
516 const CFStringRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2");
517 const CFStringRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3");
518 const CFStringRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7");
519 const CFStringRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1");
520 const CFStringRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35");
521 const CFStringRef kSecOIDBasicConstraints = CFSTR("2.5.29.19");
522 const CFStringRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2");
523 const CFStringRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20");
524 const CFStringRef kSecOIDCertIssuer = CFSTR("2.5.29.29");
525 const CFStringRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32");
526 const CFStringRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2");
527 const CFStringRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1");
528 const CFStringRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1");
529 const CFStringRef kSecOIDCommonName = CFSTR("2.5.4.3");
530 const CFStringRef kSecOIDCountryName = CFSTR("2.5.4.6");
531 const CFStringRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31");
532 const CFStringRef kSecOIDCrlNumber = CFSTR("2.5.29.20");
533 const CFStringRef kSecOIDCrlReason = CFSTR("2.5.29.21");
534 const CFStringRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3");
535 const CFStringRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2");
536 const CFStringRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2");
537 const CFStringRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1");
538 const CFStringRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2");
539 const CFStringRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27");
540 const CFStringRef kSecOIDDescription = CFSTR("2.5.4.13");
541 const CFStringRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2");
542 const CFStringRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1");
543 const CFStringRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4");
544 const CFStringRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37");
545 const CFStringRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0");
546 const CFStringRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3");
547 const CFStringRef kSecOIDGivenName = CFSTR("2.5.4.42");
548 const CFStringRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23");
549 const CFStringRef kSecOIDInvalidityDate = CFSTR("2.5.29.24");
550 const CFStringRef kSecOIDIssuerAltName = CFSTR("2.5.29.18");
551 const CFStringRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28");
552 const CFStringRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28");
553 const CFStringRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4");
554 const CFStringRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5");
555 const CFStringRef kSecOIDKeyUsage = CFSTR("2.5.29.15");
556 const CFStringRef kSecOIDLocalityName = CFSTR("2.5.4.7");
557 const CFStringRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3");
558 const CFStringRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3");
559 const CFStringRef kSecOIDNameConstraints = CFSTR("2.5.29.30");
560 const CFStringRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5");
561 const CFStringRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1");
562 const CFStringRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1");
563 const CFStringRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9");
564 const CFStringRef kSecOIDOrganizationName = CFSTR("2.5.4.10");
565 const CFStringRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11");
566 const CFStringRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36");
567 const CFStringRef kSecOIDPolicyMappings = CFSTR("2.5.29.33");
568 const CFStringRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16");
569 const CFStringRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3");
570 const CFStringRef kSecOIDSerialNumber = CFSTR("2.5.4.5");
571 const CFStringRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1");
572 const CFStringRef kSecOIDStateProvinceName = CFSTR("2.5.4.8");
573 const CFStringRef kSecOIDStreetAddress = CFSTR("2.5.4.9");
574 const CFStringRef kSecOIDSubjectAltName = CFSTR("2.5.29.17");
575 const CFStringRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9");
576 const CFStringRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3");
577 const CFStringRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11");
578 const CFStringRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14");
579 const CFStringRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2");
580 const CFStringRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1");
581 const CFStringRef kSecOIDSurname = CFSTR("2.5.4.4");
582 const CFStringRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8");
583 const CFStringRef kSecOIDTitle = CFSTR("2.5.4.12");
584 const CFStringRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4");
585 const CFStringRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11");
586 const CFStringRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12");
587 const CFStringRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5");
588 const CFStringRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1");
589 const CFStringRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2");
590 const CFStringRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23");
591 const CFStringRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3");
592 const CFStringRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2");
593 const CFStringRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1");
594 const CFStringRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3");
595 const CFStringRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10");
596 const CFStringRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1");
597 const CFStringRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0");
598 const CFStringRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8");
599 const CFStringRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1");
600 const CFStringRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2");
601 const CFStringRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22");
602 const CFStringRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10");
603 const CFStringRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9");
604 const CFStringRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18");
605 const CFStringRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1");
606 const CFStringRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7");
607 const CFStringRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6");
608 const CFStringRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2");
609 const CFStringRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1");
610 const CFStringRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1");
611 const CFStringRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1");
612 const CFStringRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16");
613 const CFStringRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15");
614 const CFStringRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13");
615 const CFStringRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19");
616 const CFStringRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17");
617 const CFStringRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1");
618 const CFStringRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21");
619 const CFStringRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14");
620 const CFStringRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0");
621 const CFStringRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1");
622 const CFStringRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7");
623
mirror of Security