-/*
- * Copyright (c) 2002-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// CertificateValues.cpp
-//
-#include <security_keychain/Certificate.h>
-#include <Security/oidscert.h>
-#include <Security/oidsattr.h>
-#include <Security/SecCertificate.h>
-#include <Security/SecCertificatePriv.h>
-#include "SecCertificateOIDs.h"
-#include "CertificateValues.h"
-#include "SecCertificateP.h"
-#include "SecCertificatePrivP.h"
-#include <CoreFoundation/CFNumber.h>
-#include "SecCertificateP.h"
-
-/* FIXME including SecCertificateInternalP.h here produces errors; investigate */
-extern "C" CFDataRef SecCertificateCopyIssuerSequenceP(SecCertificateRefP certificate);
-extern "C" CFDataRef SecCertificateCopySubjectSequenceP(SecCertificateRefP certificate);
-
-extern "C" void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFTypeRef value);
-
-extern CFStringRef kSecPropertyKeyType;
-extern CFStringRef kSecPropertyKeyLabel;
-extern CFStringRef kSecPropertyKeyLocalizedLabel;
-extern CFStringRef kSecPropertyKeyValue;
-
-extern CFStringRef kSecPropertyTypeData;
-extern CFStringRef kSecPropertyTypeString;
-extern CFStringRef kSecPropertyTypeURL;
-extern CFStringRef kSecPropertyTypeDate;
-
-CFStringRef kSecPropertyTypeArray = CFSTR("array");
-CFStringRef kSecPropertyTypeNumber = CFSTR("number");
-
-
-#pragma mark ---------- CertificateValues Implementation ----------
-
-using namespace KeychainCore;
-
-void addFieldValues(const void *key, const void *value, void *context);
-void addPropertyToFieldValues(const void *value, void *context);
-void filterFieldValues(const void *key, const void *value, void *context);
-void validateKeys(const void *value, void *context);
-
-CFDictionaryRef CertificateValues::mOIDRemap = NULL;
-
-typedef struct FieldValueFilterContext
-{
- CFMutableDictionaryRef filteredValues;
- CFArrayRef filterKeys;
-} FieldValueFilterContext;
-
-CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef),
- mCertificateData(NULL)
-{
- if (mCertificateRef)
- CFRetain(mCertificateRef);
-}
-
-CertificateValues::~CertificateValues() throw()
-{
- if (mCertificateData)
- CFRelease(mCertificateData);
- if (mCertificateRef)
- CFRelease(mCertificateRef);
-}
-
-CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error)
-{
- if (keys)
- {
- if (CFGetTypeID(keys)!=CFArrayGetTypeID())
- return NULL;
- CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys));
- bool failed = false;
- CFArrayApplyFunction(keys, range, validateKeys, &failed);
- if (failed)
- return NULL;
- }
-
- if (mCertificateData)
- {
- CFRelease(mCertificateData);
- mCertificateData = NULL;
- }
- if (!mCertificateData)
- {
- mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
- if (!mCertificateData)
- {
- if (error) {
- *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
- }
- return NULL;
- }
- }
-
- SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
- if (!certificateP)
- {
- if (error)
- *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
- return NULL;
- }
-
- CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
-
- // Return an array of CFStringRefs representing the common names in the certificates subject if any
- CFArrayRef commonNames=SecCertificateCopyCommonNames(certificateP);
- if (commonNames)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), commonNames);
- CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(commonNames);
- CFRelease(additionalValues);
- }
-
- // These can exist in the subject alt name or in the subject
- CFArrayRef dnsNames=SecCertificateCopyDNSNamesP(certificateP);
- if (dnsNames)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
- CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(dnsNames);
- CFRelease(additionalValues);
- }
-
- CFArrayRef ipAddresses=SecCertificateCopyIPAddresses(certificateP);
- if (ipAddresses)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), dnsNames);
- CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(ipAddresses);
- CFRelease(additionalValues);
- }
-
- // These can exist in the subject alt name or in the subject
- CFArrayRef emailAddrs=SecCertificateCopyRFC822Names(certificateP);
- if (emailAddrs)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames);
- CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(emailAddrs);
- CFRelease(additionalValues);
- }
-
- CFAbsoluteTime notBefore = SecCertificateNotValidBeforeP(certificateP);
- CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, ¬Before);
- if (notBeforeRef)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), notBeforeRef);
- CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(notBeforeRef);
- CFRelease(additionalValues);
- }
-
- CFAbsoluteTime notAfter = SecCertificateNotValidAfterP(certificateP);
- CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, ¬After);
- if (notAfterRef)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), notAfterRef);
- CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(notAfterRef);
- CFRelease(additionalValues);
- }
-
- SecKeyUsage keyUsage=SecCertificateGetKeyUsage(certificateP);
- CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage);
- if (ku)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), ku);
- CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(ku);
- CFRelease(additionalValues);
- }
-
- CFArrayRef ekus = SecCertificateCopyExtendedKeyUsage(certificateP);
- if (ekus)
- {
- CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
- appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), ekus);
- CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0));
- CFRelease(ekus);
- CFRelease(additionalValues);
- }
-
- // Add all values from properties dictionary
- CFArrayRef properties = SecCertificateCopyProperties(certificateP);
- if (properties)
- {
- CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties));
- CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues);
- // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues);
- CFRelease(properties);
- }
-
- CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent();
- CFMutableArrayRef summaryProperties =
- SecCertificateCopySummaryProperties(certificateP, verifyTime);
- if (summaryProperties)
- {
- CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties));
- CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues);
-// CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues);
-// CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties);
- CFRelease(summaryProperties);
- }
-
- if (certificateP)
- CFRelease(certificateP);
-
- if (keys==NULL)
- return (CFDictionaryRef)fieldValues;
-
- // Otherwise, we need to filter
- CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
-
- FieldValueFilterContext fvcontext;
- fvcontext.filteredValues = filteredFieldValues;
- fvcontext.filterKeys = keys;
-
- CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext);
-
- CFRelease(fieldValues);
- return (CFDictionaryRef)filteredFieldValues;
-}
-
-void validateKeys(const void *value, void *context)
-{
- if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID()))
- if (context)
- *(bool *)context = true;
-}
-
-void filterFieldValues(const void *key, const void *value, void *context)
-{
- // each element of keys is a CFStringRef with an OID, e.g.
- // CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12");
-
- CFTypeRef fieldKey = (CFTypeRef)key;
- if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL)
- return;
-
- FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context;
-
- CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys));
- CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey);
- if (idx != kCFNotFound)
- CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value);
-}
-
-void addFieldValues(const void *key, const void *value, void *context)
-{
- CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
- CFDictionaryAddValue(fieldValues, key, value);
-}
-
-void addPropertyToFieldValues(const void *value, void *context)
-{
- CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context;
- if (CFGetTypeID(value)==CFDictionaryGetTypeID())
- {
- CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel);
-#if 0
- CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType);
- CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue);
-#endif
- CFStringRef key = CertificateValues::remapLabelToKey(label);
- if (key)
- CFDictionaryAddValue(fieldValues, key, value);
- }
-}
-
-CFStringRef CertificateValues::remapLabelToKey(CFStringRef label)
-{
- if (!label)
- return NULL;
-
- if (!mOIDRemap)
- {
- CFTypeRef keys[] =
- {
- CFSTR("Subject Name"),
- CFSTR("Normalized Subject Name"),
- CFSTR("Issuer Name"),
- CFSTR("Normalized Subject Name"),
- CFSTR("Version"),
- CFSTR("Serial Number"),
- CFSTR("Signature Algorithm"),
- CFSTR("Subject Unique ID"),
- CFSTR("Issuer Unique ID"),
- CFSTR("Public Key Algorithm"),
- CFSTR("Public Key Data"),
- CFSTR("Signature"),
- CFSTR("Not Valid Before"),
- CFSTR("Not Valid After"),
- CFSTR("Expires")
- };
-
- CFTypeRef values[] =
- {
- kSecOIDX509V1SubjectName,
- kSecOIDX509V1SubjectNameStd,
- kSecOIDX509V1IssuerName,
- kSecOIDX509V1IssuerNameStd,
- kSecOIDX509V1Version,
- kSecOIDX509V1SerialNumber,
- kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS?
- kSecOIDX509V1CertificateSubjectUniqueId,
- kSecOIDX509V1CertificateIssuerUniqueId,
- kSecOIDX509V1SubjectPublicKeyAlgorithm,
- kSecOIDX509V1SubjectPublicKey,
- kSecOIDX509V1Signature,
- kSecOIDX509V1ValidityNotBefore,
- kSecOIDX509V1ValidityNotAfter,
- kSecOIDInvalidityDate
- };
-
- mOIDRemap = CFDictionaryCreate(NULL, keys, values,
- (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks,
- &kCFTypeDictionaryValueCallBacks);
- }
-
- CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label);
-
- return result?(CFStringRef)result:label;
-}
-
-CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error)
-{
- CFDataRef result = NULL;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
-
- if (certificateP)
- {
- result = SecCertificateCopySerialNumberP(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-CFDataRef CertificateValues::copyNormalizedIssuerContent(CFErrorRef *error)
-{
- CFDataRef result = NULL;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateCopyNormalizedIssuerSequence(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-CFDataRef CertificateValues::copyNormalizedSubjectContent(CFErrorRef *error)
-{
- CFDataRef result = NULL;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateCopyNormalizedSubjectSequence(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-CFDataRef CertificateValues::copyIssuerSequence(CFErrorRef *error)
-{
- CFDataRef result = NULL;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateCopyIssuerSequenceP(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-CFDataRef CertificateValues::copySubjectSequence(CFErrorRef *error)
-{
- CFDataRef result = NULL;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateCopySubjectSequenceP(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-bool CertificateValues::isValid(CFAbsoluteTime verifyTime, CFErrorRef *error)
-{
- bool result = NULL;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateIsValidP(certificateP, verifyTime);
- CFRelease(certificateP);
- }
- return result;
-}
-
-CFAbsoluteTime CertificateValues::notValidBefore(CFErrorRef *error)
-{
- CFAbsoluteTime result = 0;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateNotValidBeforeP(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-CFAbsoluteTime CertificateValues::notValidAfter(CFErrorRef *error)
-{
- CFAbsoluteTime result = 0;
- SecCertificateRefP certificateP = getSecCertificateRefP(error);
- if (certificateP)
- {
- result = SecCertificateNotValidAfterP(certificateP);
- CFRelease(certificateP);
- }
- return result;
-}
-
-SecCertificateRefP CertificateValues::getSecCertificateRefP(CFErrorRef *error)
-{
- // SecCertificateCopyData returns an object created with CFDataCreate, so we
- // own it and must release it
-
- if (mCertificateData)
- {
- CFRelease(mCertificateData);
- mCertificateData = NULL;
- }
-
- mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock
- if (!mCertificateData && error)
- {
- *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL);
- return NULL;
- }
-
- SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData);
- if (!certificateP && error)
- {
- *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL);
- return NULL;
- }
-
- return certificateP;
-}
-
-#pragma mark ---------- OID Constants ----------
-
-CFTypeRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3");
-CFTypeRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1");
-CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1");
-CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1");
-CFTypeRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3");
-CFTypeRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2");
-CFTypeRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4");
-CFTypeRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4");
-CFTypeRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6");
-CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0");
-CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0");
-CFTypeRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1");
-CFTypeRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1");
-CFTypeRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2");
-CFTypeRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1");
-CFTypeRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2");
-CFTypeRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3");
-CFTypeRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7");
-CFTypeRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1");
-CFTypeRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35");
-CFTypeRef kSecOIDBasicConstraints = CFSTR("2.5.29.19");
-CFTypeRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2");
-CFTypeRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20");
-CFTypeRef kSecOIDCertIssuer = CFSTR("2.5.29.29");
-CFTypeRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32");
-CFTypeRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2");
-CFTypeRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1");
-CFTypeRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1");
-CFTypeRef kSecOIDCommonName = CFSTR("2.5.4.3");
-CFTypeRef kSecOIDCountryName = CFSTR("2.5.4.6");
-CFTypeRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31");
-CFTypeRef kSecOIDCrlNumber = CFSTR("2.5.29.20");
-CFTypeRef kSecOIDCrlReason = CFSTR("2.5.29.21");
-CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3");
-CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2");
-CFTypeRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2");
-CFTypeRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1");
-CFTypeRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2");
-CFTypeRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27");
-CFTypeRef kSecOIDDescription = CFSTR("2.5.4.13");
-CFTypeRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2");
-CFTypeRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1");
-CFTypeRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4");
-CFTypeRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37");
-CFTypeRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0");
-CFTypeRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3");
-CFTypeRef kSecOIDGivenName = CFSTR("2.5.4.42");
-CFTypeRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23");
-CFTypeRef kSecOIDInvalidityDate = CFSTR("2.5.29.24");
-CFTypeRef kSecOIDIssuerAltName = CFSTR("2.5.29.18");
-CFTypeRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28");
-CFTypeRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28");
-CFTypeRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4");
-CFTypeRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5");
-CFTypeRef kSecOIDKeyUsage = CFSTR("2.5.29.15");
-CFTypeRef kSecOIDLocalityName = CFSTR("2.5.4.7");
-CFTypeRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3");
-CFTypeRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3");
-CFTypeRef kSecOIDNameConstraints = CFSTR("2.5.29.30");
-CFTypeRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5");
-CFTypeRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1");
-CFTypeRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1");
-CFTypeRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9");
-CFTypeRef kSecOIDOrganizationName = CFSTR("2.5.4.10");
-CFTypeRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11");
-CFTypeRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36");
-CFTypeRef kSecOIDPolicyMappings = CFSTR("2.5.29.33");
-CFTypeRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16");
-CFTypeRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3");
-CFTypeRef kSecOIDSerialNumber = CFSTR("2.5.4.5");
-CFTypeRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1");
-CFTypeRef kSecOIDStateProvinceName = CFSTR("2.5.4.8");
-CFTypeRef kSecOIDStreetAddress = CFSTR("2.5.4.9");
-CFTypeRef kSecOIDSubjectAltName = CFSTR("2.5.29.17");
-CFTypeRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9");
-CFTypeRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3");
-CFTypeRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11");
-CFTypeRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14");
-CFTypeRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2");
-CFTypeRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1");
-CFTypeRef kSecOIDSurname = CFSTR("2.5.4.4");
-CFTypeRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8");
-CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12");
-CFTypeRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4");
-CFTypeRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11");
-CFTypeRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12");
-CFTypeRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5");
-CFTypeRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1");
-CFTypeRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2");
-CFTypeRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23");
-CFTypeRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3");
-CFTypeRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2");
-CFTypeRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1");
-CFTypeRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3");
-CFTypeRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10");
-CFTypeRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1");
-CFTypeRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0");
-CFTypeRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8");
-CFTypeRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1");
-CFTypeRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2");
-CFTypeRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22");
-CFTypeRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10");
-CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9");
-CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18");
-CFTypeRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1");
-CFTypeRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7");
-CFTypeRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6");
-CFTypeRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2");
-CFTypeRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1");
-CFTypeRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1");
-CFTypeRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1");
-CFTypeRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16");
-CFTypeRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15");
-CFTypeRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13");
-CFTypeRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19");
-CFTypeRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17");
-CFTypeRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1");
-CFTypeRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21");
-CFTypeRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14");
-CFTypeRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0");
-CFTypeRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1");
-CFTypeRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7");
-
projects / apple / security.git / blobdiff