+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- *
- * CertExtensions.h -- X.509 Cert Extensions as C structs
- */
-
-#ifndef _CERT_EXTENSIONS_H_
-#define _CERT_EXTENSIONS_H_
-
-#include <Security/cssmtype.h>
-
-/***
- *** Structs for declaring extension-specific data.
- ***/
-
-/*
- * GeneralName, used in AuthorityKeyID, SubjectAltName, and
- * IssuerAltName.
- *
- * For now, we just provide explicit support for the types which are
- * represented as IA5Strings, OIDs, and octet strings. Constructed types
- * such as EDIPartyName and x400Address are not explicitly handled
- * right now and must be encoded and decoded by the caller. (See exception
- * for Name and OtherName, below). In those cases the CE_GeneralName.name.Data field
- * represents the BER contents octets; CE_GeneralName.name.Length is the
- * length of the contents; the tag of the field is not needed - the BER
- * encoding uses context-specific implicit tagging. The berEncoded field
- * is set to CSSM_TRUE in these case. Simple types have berEncoded = CSSM_FALSE.
- *
- * In the case of a GeneralName in the form of a Name, we parse the Name
- * into a CSSM_X509_NAME and place a pointer to the CSSM_X509_NAME in the
- * CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to
- * sizeof(CSSM_X509_NAME). In this case berEncoded is false.
- *
- * In the case of a GeneralName in the form of a OtherName, we parse the fields
- * into a CE_OtherName and place a pointer to the CE_OtherName in the
- * CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to
- * sizeof(CE_OtherName). In this case berEncoded is false.
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * GeneralName ::= CHOICE {
- * otherName [0] OtherName
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER}
- *
- * OtherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- */
-typedef enum __CE_GeneralNameType {
- GNT_OtherName = 0,
- GNT_RFC822Name,
- GNT_DNSName,
- GNT_X400Address,
- GNT_DirectoryName,
- GNT_EdiPartyName,
- GNT_URI,
- GNT_IPAddress,
- GNT_RegisteredID
-} CE_GeneralNameType;
-
-typedef struct __CE_OtherName {
- CSSM_OID typeId;
- CSSM_DATA value; // unparsed, BER-encoded
-} CE_OtherName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_GeneralName {
- CE_GeneralNameType nameType; // GNT_RFC822Name, etc.
- CSSM_BOOL berEncoded;
- CSSM_DATA name;
-} CE_GeneralName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_GeneralNames {
- uint32 numNames;
- CE_GeneralName *generalName;
-} CE_GeneralNames DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- *
- * KeyIdentifier ::= OCTET STRING
- *
- * CSSM OID = CSSMOID_AuthorityKeyIdentifier
- */
-typedef struct __CE_AuthorityKeyID {
- CSSM_BOOL keyIdentifierPresent;
- CSSM_DATA keyIdentifier;
- CSSM_BOOL generalNamesPresent;
- CE_GeneralNames *generalNames;
- CSSM_BOOL serialNumberPresent;
- CSSM_DATA serialNumber;
-} CE_AuthorityKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
- * SubjectKeyIdentifier ::= KeyIdentifier
- *
- * CSSM OID = CSSMOID_SubjectKeyIdentifier
- */
-typedef CSSM_DATA CE_SubjectKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- * CSSM OID = CSSMOID_KeyUsage
- *
- */
-typedef uint16 CE_KeyUsage DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-#define CE_KU_DigitalSignature 0x8000
-#define CE_KU_NonRepudiation 0x4000
-#define CE_KU_KeyEncipherment 0x2000
-#define CE_KU_DataEncipherment 0x1000
-#define CE_KU_KeyAgreement 0x0800
-#define CE_KU_KeyCertSign 0x0400
-#define CE_KU_CRLSign 0x0200
-#define CE_KU_EncipherOnly 0x0100
-#define CE_KU_DecipherOnly 0x0080
-
-/*
- * id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 }
- *
- * -- reasonCode ::= { CRLReason }
- *
- * CRLReason ::= ENUMERATED {
- * unspecified (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6),
- * removeFromCRL (8) }
- *
- * CSSM OID = CSSMOID_CrlReason
- *
- */
-typedef uint32 CE_CrlReason DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-#define CE_CR_Unspecified 0
-#define CE_CR_KeyCompromise 1
-#define CE_CR_CACompromise 2
-#define CE_CR_AffiliationChanged 3
-#define CE_CR_Superseded 4
-#define CE_CR_CessationOfOperation 5
-#define CE_CR_CertificateHold 6
-#define CE_CR_RemoveFromCRL 8
-
-/*
- * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
- *
- * SubjectAltName ::= GeneralNames
- *
- * CSSM OID = CSSMOID_SubjectAltName
- *
- * GeneralNames defined above.
- */
-
-/*
- * id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId*
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- *
- * CSSM OID = CSSMOID_ExtendedKeyUsage
- */
-typedef struct __CE_ExtendedKeyUsage {
- uint32 numPurposes;
- CSSM_OID_PTR purposes; // in Intel pre-encoded format
-} CE_ExtendedKeyUsage;
-
-/*
- * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * CSSM OID = CSSMOID_BasicConstraints
- */
-typedef struct __CE_BasicConstraints {
- CSSM_BOOL cA;
- CSSM_BOOL pathLenConstraintPresent;
- uint32 pathLenConstraint;
-} CE_BasicConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * CertPolicyId ::= OBJECT IDENTIFIER
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * -- policyQualifierIds for Internet policy qualifiers
- *
- * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
- * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
- * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
- *
- * PolicyQualifierId ::=
- * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
- *
- * Qualifier ::= CHOICE {
- * cPSuri CPSuri,
- * userNotice UserNotice }
- *
- * CPSuri ::= IA5String
- *
- * UserNotice ::= SEQUENCE {
- * noticeRef NoticeReference OPTIONAL,
- * explicitText DisplayText OPTIONAL}
- *
- * NoticeReference ::= SEQUENCE {
- * organization DisplayText,
- * noticeNumbers SEQUENCE OF INTEGER }
- *
- * DisplayText ::= CHOICE {
- * visibleString VisibleString (SIZE (1..200)),
- * bmpString BMPString (SIZE (1..200)),
- * utf8String UTF8String (SIZE (1..200)) }
- *
- * CSSM OID = CSSMOID_CertificatePolicies
- *
- * We only support down to the level of Qualifier, and then only the CPSuri
- * choice. UserNotice is transmitted to and from this library as a raw
- * CSSM_DATA containing the BER-encoded UserNotice sequence.
- */
-
-typedef struct __CE_PolicyQualifierInfo {
- CSSM_OID policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE
- CSSM_DATA qualifier; // CSSMOID_QT_CPS: IA5String contents
- // CSSMOID_QT_UNOTICE : Sequence contents
-} CE_PolicyQualifierInfo DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_PolicyInformation {
- CSSM_OID certPolicyId;
- uint32 numPolicyQualifiers; // size of *policyQualifiers;
- CE_PolicyQualifierInfo *policyQualifiers;
-} CE_PolicyInformation DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_CertPolicies {
- uint32 numPolicies; // size of *policies;
- CE_PolicyInformation *policies;
-} CE_CertPolicies DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * netscape-cert-type, a bit string.
- *
- * CSSM OID = CSSMOID_NetscapeCertType
- *
- * Bit fields defined in oidsattr.h: CE_NCT_SSL_Client, etc.
- */
-typedef uint16 CE_NetscapeCertType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * CRLDistributionPoints.
- *
- * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }
- *
- * cRLDistributionPoints ::= {
- * CRLDistPointsSyntax }
- *
- * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
- *
- * NOTE: RFC 2459 claims that the tag for the optional DistributionPointName
- * is IMPLICIT as shown here, but in practice it is EXPLICIT. It has to be -
- * because the underlying type also uses an implicit tag for distinguish
- * between CHOICEs.
- *
- * DistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * reasons [1] ReasonFlags OPTIONAL,
- * cRLIssuer [2] GeneralNames OPTIONAL }
- *
- * DistributionPointName ::= CHOICE {
- * fullName [0] GeneralNames,
- * nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
- *
- * ReasonFlags ::= BIT STRING {
- * unused (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6) }
- *
- * CSSM OID = CSSMOID_CrlDistributionPoints
- */
-
-/*
- * Note that this looks similar to CE_CrlReason, but that's an enum and this
- * is an OR-able bit string.
- */
-typedef uint8 CE_CrlDistReasonFlags DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-#define CE_CD_Unspecified 0x80
-#define CE_CD_KeyCompromise 0x40
-#define CE_CD_CACompromise 0x20
-#define CE_CD_AffiliationChanged 0x10
-#define CE_CD_Superseded 0x08
-#define CE_CD_CessationOfOperation 0x04
-#define CE_CD_CertificateHold 0x02
-
-typedef enum __CE_CrlDistributionPointNameType {
- CE_CDNT_FullName,
- CE_CDNT_NameRelativeToCrlIssuer
-} CE_CrlDistributionPointNameType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_DistributionPointName {
- CE_CrlDistributionPointNameType nameType;
- union {
- CE_GeneralNames *fullName;
- CSSM_X509_RDN_PTR rdn;
- } dpn;
-} CE_DistributionPointName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * The top-level CRLDistributionPoint.
- * All fields are optional; NULL pointers indicate absence.
- */
-typedef struct __CE_CRLDistributionPoint {
- CE_DistributionPointName *distPointName;
- CSSM_BOOL reasonsPresent;
- CE_CrlDistReasonFlags reasons;
- CE_GeneralNames *crlIssuer;
-} CE_CRLDistributionPoint DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_CRLDistPointsSyntax {
- uint32 numDistPoints;
- CE_CRLDistributionPoint *distPoints;
-} CE_CRLDistPointsSyntax DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * Authority Information Access and Subject Information Access.
- *
- * CSSM OID = CSSMOID_AuthorityInfoAccess
- * CSSM OID = CSSMOID_SubjectInfoAccess
- *
- * SubjAuthInfoAccessSyntax ::=
- * SEQUENCE SIZE (1..MAX) OF AccessDescription
- *
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName }
- */
-typedef struct __CE_AccessDescription {
- CSSM_OID accessMethod;
- CE_GeneralName accessLocation;
-} CE_AccessDescription DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_AuthorityInfoAccess {
- uint32 numAccessDescriptions;
- CE_AccessDescription *accessDescriptions;
-} CE_AuthorityInfoAccess DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * Qualified Certificate Statement support, per RFC 3739.
- *
- * First, NameRegistrationAuthorities, a component of
- * SemanticsInformation; it's the same as a GeneralNames -
- * a sequence of GeneralName.
- */
-typedef CE_GeneralNames CE_NameRegistrationAuthorities DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * SemanticsInformation, identified as the qcType field
- * of a CE_QC_Statement for statementId value id-qcs-pkixQCSyntax-v2.
- * Both fields optional; at least one must be present.
- */
-typedef struct __CE_SemanticsInformation {
- CSSM_OID *semanticsIdentifier;
- CE_NameRegistrationAuthorities *nameRegistrationAuthorities;
-} CE_SemanticsInformation DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * One Qualified Certificate Statement.
- * The statementId OID is required; zero or one of {semanticsInfo,
- * otherInfo} can be valid, depending on the value of statementId.
- * For statementId id-qcs-pkixQCSyntax-v2 (CSSMOID_OID_QCS_SYNTAX_V2),
- * the semanticsInfo field may be present; otherwise, DER-encoded
- * information may be present in otherInfo. Both semanticsInfo and
- * otherInfo are optional.
- */
-typedef struct __CE_QC_Statement {
- CSSM_OID statementId;
- CE_SemanticsInformation *semanticsInfo;
- CSSM_DATA *otherInfo;
-} CE_QC_Statement DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * The top-level Qualified Certificate Statements extension.
- */
-typedef struct __CE_QC_Statements {
- uint32 numQCStatements;
- CE_QC_Statement *qcStatements;
-} CE_QC_Statements DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*** CRL extensions ***/
-
-/*
- * cRLNumber, an integer.
- *
- * CSSM OID = CSSMOID_CrlNumber
- */
-typedef uint32 CE_CrlNumber;
-
-/*
- * deltaCRLIndicator, an integer.
- *
- * CSSM OID = CSSMOID_DeltaCrlIndicator
- */
-typedef uint32 CE_DeltaCrl;
-
-/*
- * IssuingDistributionPoint
- *
- * id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
- *
- * issuingDistributionPoint ::= SEQUENCE {
- * distributionPoint [0] DistributionPointName OPTIONAL,
- * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- * onlySomeReasons [3] ReasonFlags OPTIONAL,
- * indirectCRL [4] BOOLEAN DEFAULT FALSE }
- *
- * CSSM OID = CSSMOID_IssuingDistributionPoint
- */
-typedef struct __CE_IssuingDistributionPoint {
- CE_DistributionPointName *distPointName; // optional
- CSSM_BOOL onlyUserCertsPresent;
- CSSM_BOOL onlyUserCerts;
- CSSM_BOOL onlyCACertsPresent;
- CSSM_BOOL onlyCACerts;
- CSSM_BOOL onlySomeReasonsPresent;
- CE_CrlDistReasonFlags onlySomeReasons;
- CSSM_BOOL indirectCrlPresent;
- CSSM_BOOL indirectCrl;
-} CE_IssuingDistributionPoint DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * NameConstraints
- *
- * id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- * BaseDistance ::= INTEGER (0..MAX)
- */
-typedef struct __CE_GeneralSubtree {
- CE_GeneralNames *base;
- uint32 minimum; // default=0
- CSSM_BOOL maximumPresent;
- uint32 maximum; // optional
-} CE_GeneralSubtree DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_GeneralSubtrees {
- uint32 numSubtrees;
- CE_GeneralSubtree *subtrees;
-} CE_GeneralSubtrees DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_NameConstraints {
- CE_GeneralSubtrees *permitted; // optional
- CE_GeneralSubtrees *excluded; // optional
-} CE_NameConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * PolicyMappings
- *
- * id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * Note that both issuer and subject policy OIDs are required,
- * and are stored by value in this structure.
- */
-typedef struct __CE_PolicyMapping {
- CSSM_OID issuerDomainPolicy;
- CSSM_OID subjectDomainPolicy;
-} CE_PolicyMapping DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_PolicyMappings {
- uint32 numPolicyMappings;
- CE_PolicyMapping *policyMappings;
-} CE_PolicyMappings DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * PolicyConstraints
- *
- * id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * SkipCerts ::= INTEGER (0..MAX)
- */
-typedef struct __CE_PolicyConstraints {
- CSSM_BOOL requireExplicitPolicyPresent;
- uint32 requireExplicitPolicy; // optional
- CSSM_BOOL inhibitPolicyMappingPresent;
- uint32 inhibitPolicyMapping; // optional
-} CE_PolicyConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * InhibitAnyPolicy, an integer.
- *
- * CSSM OID = CSSMOID_InhibitAnyPolicy
- */
-typedef uint32 CE_InhibitAnyPolicy DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-/*
- * An enumerated list identifying one of the above per-extension
- * structs.
- */
-typedef enum __CE_DataType {
- DT_AuthorityKeyID, // CE_AuthorityKeyID
- DT_SubjectKeyID, // CE_SubjectKeyID
- DT_KeyUsage, // CE_KeyUsage
- DT_SubjectAltName, // implies CE_GeneralName
- DT_IssuerAltName, // implies CE_GeneralName
- DT_ExtendedKeyUsage, // CE_ExtendedKeyUsage
- DT_BasicConstraints, // CE_BasicConstraints
- DT_CertPolicies, // CE_CertPolicies
- DT_NetscapeCertType, // CE_NetscapeCertType
- DT_CrlNumber, // CE_CrlNumber
- DT_DeltaCrl, // CE_DeltaCrl
- DT_CrlReason, // CE_CrlReason
- DT_CrlDistributionPoints, // CE_CRLDistPointsSyntax
- DT_IssuingDistributionPoint,// CE_IssuingDistributionPoint
- DT_AuthorityInfoAccess, // CE_AuthorityInfoAccess
- DT_Other, // unknown, raw data as a CSSM_DATA
- DT_QC_Statements, // CE_QC_Statements
- DT_NameConstraints, // CE_NameConstraints
- DT_PolicyMappings, // CE_PolicyMappings
- DT_PolicyConstraints, // CE_PolicyConstraints
- DT_InhibitAnyPolicy // CE_InhibitAnyPolicy
-} CE_DataType;
-
-/*
- * One unified representation of all the cert and CRL extensions we know about.
- */
-typedef union {
- CE_AuthorityKeyID authorityKeyID;
- CE_SubjectKeyID subjectKeyID;
- CE_KeyUsage keyUsage;
- CE_GeneralNames subjectAltName;
- CE_GeneralNames issuerAltName;
- CE_ExtendedKeyUsage extendedKeyUsage;
- CE_BasicConstraints basicConstraints;
- CE_CertPolicies certPolicies;
- CE_NetscapeCertType netscapeCertType;
- CE_CrlNumber crlNumber;
- CE_DeltaCrl deltaCrl;
- CE_CrlReason crlReason;
- CE_CRLDistPointsSyntax crlDistPoints;
- CE_IssuingDistributionPoint issuingDistPoint;
- CE_AuthorityInfoAccess authorityInfoAccess;
- CE_QC_Statements qualifiedCertStatements;
- CE_NameConstraints nameConstraints;
- CE_PolicyMappings policyMappings;
- CE_PolicyConstraints policyConstraints;
- CE_InhibitAnyPolicy inhibitAnyPolicy;
- CSSM_DATA rawData; // unknown, not decoded
-} CE_Data DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-typedef struct __CE_DataAndType {
- CE_DataType type;
- CE_Data extension;
- CSSM_BOOL critical;
-} CE_DataAndType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
-
-#endif /* _CERT_EXTENSIONS_H_ */
projects / apple / security.git / blobdiff