X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_keychain/lib/CertificateValues.cpp?ds=inline diff --git a/Security/libsecurity_keychain/lib/CertificateValues.cpp b/Security/libsecurity_keychain/lib/CertificateValues.cpp new file mode 100644 index 00000000..098ae505 --- /dev/null +++ b/Security/libsecurity_keychain/lib/CertificateValues.cpp @@ -0,0 +1,610 @@ +/* + * Copyright (c) 2002-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// CertificateValues.cpp +// +#include +#include +#include +#include +#include +#include "SecCertificateOIDs.h" +#include "CertificateValues.h" +#include "SecCertificateP.h" +#include "SecCertificatePrivP.h" +#include +#include "SecCertificateP.h" + +/* FIXME including SecCertificateInternalP.h here produces errors; investigate */ +extern "C" CFDataRef SecCertificateCopyIssuerSequenceP(SecCertificateRefP certificate); +extern "C" CFDataRef SecCertificateCopySubjectSequenceP(SecCertificateRefP certificate); + +extern "C" void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFTypeRef value); + +extern CFStringRef kSecPropertyKeyType; +extern CFStringRef kSecPropertyKeyLabel; +extern CFStringRef kSecPropertyKeyLocalizedLabel; +extern CFStringRef kSecPropertyKeyValue; + +extern CFStringRef kSecPropertyTypeData; +extern CFStringRef kSecPropertyTypeString; +extern CFStringRef kSecPropertyTypeURL; +extern CFStringRef kSecPropertyTypeDate; + +CFStringRef kSecPropertyTypeArray = CFSTR("array"); +CFStringRef kSecPropertyTypeNumber = CFSTR("number"); + + +#pragma mark ---------- CertificateValues Implementation ---------- + +using namespace KeychainCore; + +void addFieldValues(const void *key, const void *value, void *context); +void addPropertyToFieldValues(const void *value, void *context); +void filterFieldValues(const void *key, const void *value, void *context); +void validateKeys(const void *value, void *context); + +CFDictionaryRef CertificateValues::mOIDRemap = NULL; + +typedef struct FieldValueFilterContext +{ + CFMutableDictionaryRef filteredValues; + CFArrayRef filterKeys; +} FieldValueFilterContext; + +CertificateValues::CertificateValues(SecCertificateRef certificateRef) : mCertificateRef(certificateRef), + mCertificateData(NULL) +{ + if (mCertificateRef) + CFRetain(mCertificateRef); +} + +CertificateValues::~CertificateValues() throw() +{ + if (mCertificateData) + CFRelease(mCertificateData); + if (mCertificateRef) + CFRelease(mCertificateRef); +} + +CFDictionaryRef CertificateValues::copyFieldValues(CFArrayRef keys, CFErrorRef *error) +{ + if (keys) + { + if (CFGetTypeID(keys)!=CFArrayGetTypeID()) + return NULL; + CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)keys)); + bool failed = false; + CFArrayApplyFunction(keys, range, validateKeys, &failed); + if (failed) + return NULL; + } + + if (mCertificateData) + { + CFRelease(mCertificateData); + mCertificateData = NULL; + } + if (!mCertificateData) + { + mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock + if (!mCertificateData) + { + if (error) { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL); + } + return NULL; + } + } + + SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData); + if (!certificateP) + { + if (error) + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL); + return NULL; + } + + CFMutableDictionaryRef fieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + // Return an array of CFStringRefs representing the common names in the certificates subject if any + CFArrayRef commonNames=SecCertificateCopyCommonNames(certificateP); + if (commonNames) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("CN"), commonNames); + CFDictionaryAddValue(fieldValues, kSecOIDCommonName, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(commonNames); + CFRelease(additionalValues); + } + + // These can exist in the subject alt name or in the subject + CFArrayRef dnsNames=SecCertificateCopyDNSNamesP(certificateP); + if (dnsNames) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames); + CFDictionaryAddValue(fieldValues, CFSTR("DNSNAMES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(dnsNames); + CFRelease(additionalValues); + } + + CFArrayRef ipAddresses=SecCertificateCopyIPAddresses(certificateP); + if (ipAddresses) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("IP"), dnsNames); + CFDictionaryAddValue(fieldValues, CFSTR("IPADDRESSES"), (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(ipAddresses); + CFRelease(additionalValues); + } + + // These can exist in the subject alt name or in the subject + CFArrayRef emailAddrs=SecCertificateCopyRFC822Names(certificateP); + if (emailAddrs) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("DNS"), dnsNames); + CFDictionaryAddValue(fieldValues, kSecOIDEmailAddress, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(emailAddrs); + CFRelease(additionalValues); + } + + CFAbsoluteTime notBefore = SecCertificateNotValidBeforeP(certificateP); + CFNumberRef notBeforeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, ¬Before); + if (notBeforeRef) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid Before"), notBeforeRef); + CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotBefore, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(notBeforeRef); + CFRelease(additionalValues); + } + + CFAbsoluteTime notAfter = SecCertificateNotValidAfterP(certificateP); + CFNumberRef notAfterRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, ¬After); + if (notAfterRef) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Not Valid After"), notAfterRef); + CFDictionaryAddValue(fieldValues, kSecOIDX509V1ValidityNotAfter, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(notAfterRef); + CFRelease(additionalValues); + } + + SecKeyUsage keyUsage=SecCertificateGetKeyUsage(certificateP); + CFNumberRef ku = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keyUsage); + if (ku) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeNumber, CFSTR("Key Usage"), ku); + CFDictionaryAddValue(fieldValues, kSecOIDKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(ku); + CFRelease(additionalValues); + } + + CFArrayRef ekus = SecCertificateCopyExtendedKeyUsage(certificateP); + if (ekus) + { + CFMutableArrayRef additionalValues = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + appendProperty(additionalValues, kSecPropertyTypeArray, CFSTR("Extended Key Usage"), ekus); + CFDictionaryAddValue(fieldValues, kSecOIDExtendedKeyUsage, (CFTypeRef)CFArrayGetValueAtIndex(additionalValues, 0)); + CFRelease(ekus); + CFRelease(additionalValues); + } + + // Add all values from properties dictionary + CFArrayRef properties = SecCertificateCopyProperties(certificateP); + if (properties) + { + CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)properties)); + CFArrayApplyFunction(properties, range, addPropertyToFieldValues, fieldValues); + // CFDictionaryApplyFunction(properties, addFieldValues, fieldValues); + CFRelease(properties); + } + + CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent(); + CFMutableArrayRef summaryProperties = + SecCertificateCopySummaryProperties(certificateP, verifyTime); + if (summaryProperties) + { + CFRange range = CFRangeMake(0, CFArrayGetCount((CFArrayRef)summaryProperties)); + CFArrayApplyFunction(summaryProperties, range, addPropertyToFieldValues, fieldValues); +// CFDictionaryApplyFunction(summaryProperties, addFieldValues, fieldValues); +// CFDictionaryAddValue(fieldValues, CFSTR("summaryProperties"), summaryProperties); + CFRelease(summaryProperties); + } + + if (certificateP) + CFRelease(certificateP); + + if (keys==NULL) + return (CFDictionaryRef)fieldValues; + + // Otherwise, we need to filter + CFMutableDictionaryRef filteredFieldValues=CFDictionaryCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + FieldValueFilterContext fvcontext; + fvcontext.filteredValues = filteredFieldValues; + fvcontext.filterKeys = keys; + + CFDictionaryApplyFunction(fieldValues, filterFieldValues, &fvcontext); + + CFRelease(fieldValues); + return (CFDictionaryRef)filteredFieldValues; +} + +void validateKeys(const void *value, void *context) +{ + if (value == NULL || (CFGetTypeID(value)!=CFStringGetTypeID())) + if (context) + *(bool *)context = true; +} + +void filterFieldValues(const void *key, const void *value, void *context) +{ + // each element of keys is a CFStringRef with an OID, e.g. + // CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12"); + + CFTypeRef fieldKey = (CFTypeRef)key; + if (fieldKey == NULL || (CFGetTypeID(fieldKey)!=CFStringGetTypeID()) || context==NULL) + return; + + FieldValueFilterContext *fvcontext = (FieldValueFilterContext *)context; + + CFRange range = CFRangeMake(0, CFArrayGetCount(fvcontext->filterKeys)); + CFIndex idx = CFArrayGetFirstIndexOfValue(fvcontext->filterKeys, range, fieldKey); + if (idx != kCFNotFound) + CFDictionaryAddValue(fvcontext->filteredValues, fieldKey, value); +} + +void addFieldValues(const void *key, const void *value, void *context) +{ + CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context; + CFDictionaryAddValue(fieldValues, key, value); +} + +void addPropertyToFieldValues(const void *value, void *context) +{ + CFMutableDictionaryRef fieldValues = (CFMutableDictionaryRef)context; + if (CFGetTypeID(value)==CFDictionaryGetTypeID()) + { + CFStringRef label = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyLabel); +#if 0 + CFStringRef typeD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyType); + CFTypeRef valueD = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)value, kSecPropertyKeyValue); +#endif + CFStringRef key = CertificateValues::remapLabelToKey(label); + if (key) + CFDictionaryAddValue(fieldValues, key, value); + } +} + +CFStringRef CertificateValues::remapLabelToKey(CFStringRef label) +{ + if (!label) + return NULL; + + if (!mOIDRemap) + { + CFTypeRef keys[] = + { + CFSTR("Subject Name"), + CFSTR("Normalized Subject Name"), + CFSTR("Issuer Name"), + CFSTR("Normalized Subject Name"), + CFSTR("Version"), + CFSTR("Serial Number"), + CFSTR("Signature Algorithm"), + CFSTR("Subject Unique ID"), + CFSTR("Issuer Unique ID"), + CFSTR("Public Key Algorithm"), + CFSTR("Public Key Data"), + CFSTR("Signature"), + CFSTR("Not Valid Before"), + CFSTR("Not Valid After"), + CFSTR("Expires") + }; + + CFTypeRef values[] = + { + kSecOIDX509V1SubjectName, + kSecOIDX509V1SubjectNameStd, + kSecOIDX509V1IssuerName, + kSecOIDX509V1IssuerNameStd, + kSecOIDX509V1Version, + kSecOIDX509V1SerialNumber, + kSecOIDX509V1SignatureAlgorithm, // or CSSMOID_X509V1SignatureAlgorithmTBS? + kSecOIDX509V1CertificateSubjectUniqueId, + kSecOIDX509V1CertificateIssuerUniqueId, + kSecOIDX509V1SubjectPublicKeyAlgorithm, + kSecOIDX509V1SubjectPublicKey, + kSecOIDX509V1Signature, + kSecOIDX509V1ValidityNotBefore, + kSecOIDX509V1ValidityNotAfter, + kSecOIDInvalidityDate + }; + + mOIDRemap = CFDictionaryCreate(NULL, keys, values, + (sizeof(keys) / sizeof(*keys)), &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + } + + CFTypeRef result = (CFTypeRef)CFDictionaryGetValue(mOIDRemap, label); + + return result?(CFStringRef)result:label; +} + +CFDataRef CertificateValues::copySerialNumber(CFErrorRef *error) +{ + CFDataRef result = NULL; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + + if (certificateP) + { + result = SecCertificateCopySerialNumberP(certificateP); + CFRelease(certificateP); + } + return result; +} + +CFDataRef CertificateValues::copyNormalizedIssuerContent(CFErrorRef *error) +{ + CFDataRef result = NULL; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateCopyNormalizedIssuerSequence(certificateP); + CFRelease(certificateP); + } + return result; +} + +CFDataRef CertificateValues::copyNormalizedSubjectContent(CFErrorRef *error) +{ + CFDataRef result = NULL; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateCopyNormalizedSubjectSequence(certificateP); + CFRelease(certificateP); + } + return result; +} + +CFDataRef CertificateValues::copyIssuerSequence(CFErrorRef *error) +{ + CFDataRef result = NULL; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateCopyIssuerSequenceP(certificateP); + CFRelease(certificateP); + } + return result; +} + +CFDataRef CertificateValues::copySubjectSequence(CFErrorRef *error) +{ + CFDataRef result = NULL; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateCopySubjectSequenceP(certificateP); + CFRelease(certificateP); + } + return result; +} + +bool CertificateValues::isValid(CFAbsoluteTime verifyTime, CFErrorRef *error) +{ + bool result = NULL; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateIsValidP(certificateP, verifyTime); + CFRelease(certificateP); + } + return result; +} + +CFAbsoluteTime CertificateValues::notValidBefore(CFErrorRef *error) +{ + CFAbsoluteTime result = 0; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateNotValidBeforeP(certificateP); + CFRelease(certificateP); + } + return result; +} + +CFAbsoluteTime CertificateValues::notValidAfter(CFErrorRef *error) +{ + CFAbsoluteTime result = 0; + SecCertificateRefP certificateP = getSecCertificateRefP(error); + if (certificateP) + { + result = SecCertificateNotValidAfterP(certificateP); + CFRelease(certificateP); + } + return result; +} + +SecCertificateRefP CertificateValues::getSecCertificateRefP(CFErrorRef *error) +{ + // SecCertificateCopyData returns an object created with CFDataCreate, so we + // own it and must release it + + if (mCertificateData) + { + CFRelease(mCertificateData); + mCertificateData = NULL; + } + + mCertificateData = SecCertificateCopyData(mCertificateRef); // OK to call, no big lock + if (!mCertificateData && error) + { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateRef, NULL); + return NULL; + } + + SecCertificateRefP certificateP = SecCertificateCreateWithDataP(kCFAllocatorDefault, mCertificateData); + if (!certificateP && error) + { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificateGroup, NULL); + return NULL; + } + + return certificateP; +} + +#pragma mark ---------- OID Constants ---------- + +CFTypeRef kSecOIDADC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.3"); +CFTypeRef kSecOIDAPPLE_CERT_POLICY = CFSTR("1.2.840.113635.100.5.1"); +CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING = CFSTR("1.2.840.113635.100.4.1"); +CFTypeRef kSecOIDAPPLE_EKU_CODE_SIGNING_DEV = CFSTR("1.2.840.113635.100.4.1.1"); +CFTypeRef kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION = CFSTR("1.2.840.113635.100.4.3"); +CFTypeRef kSecOIDAPPLE_EKU_ICHAT_SIGNING = CFSTR("1.2.840.113635.100.4.2"); +CFTypeRef kSecOIDAPPLE_EKU_RESOURCE_SIGNING = CFSTR("1.2.840.113635.100.4.1.4"); +CFTypeRef kSecOIDAPPLE_EKU_SYSTEM_IDENTITY = CFSTR("1.2.840.113635.100.4.4"); +CFTypeRef kSecOIDAPPLE_EXTENSION = CFSTR("1.2.840.113635.100.6"); +CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0.0"); +CFTypeRef kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING = CFSTR("1.2.840.113635.100.6.1.2.0"); +CFTypeRef kSecOIDAPPLE_EXTENSION_APPLE_SIGNING = CFSTR("1.2.840.113635.100.6.1.1"); +CFTypeRef kSecOIDAPPLE_EXTENSION_CODE_SIGNING = CFSTR("1.2.840.113635.100.6.1"); +CFTypeRef kSecOIDAPPLE_EXTENSION_INTERMEDIATE_MARKER = CFSTR("1.2.840.113635.100.6.2"); +CFTypeRef kSecOIDAPPLE_EXTENSION_WWDR_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.1"); +CFTypeRef kSecOIDAPPLE_EXTENSION_ITMS_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.2"); +CFTypeRef kSecOIDAPPLE_EXTENSION_AAI_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.3"); +CFTypeRef kSecOIDAPPLE_EXTENSION_APPLEID_INTERMEDIATE = CFSTR("1.2.840.113635.100.6.2.7"); +CFTypeRef kSecOIDAuthorityInfoAccess = CFSTR("1.3.6.1.5.5.7.1.1"); +CFTypeRef kSecOIDAuthorityKeyIdentifier = CFSTR("2.5.29.35"); +CFTypeRef kSecOIDBasicConstraints = CFSTR("2.5.29.19"); +CFTypeRef kSecOIDBiometricInfo = CFSTR("1.3.6.1.5.5.7.1.2"); +CFTypeRef kSecOIDCSSMKeyStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20"); +CFTypeRef kSecOIDCertIssuer = CFSTR("2.5.29.29"); +CFTypeRef kSecOIDCertificatePolicies = CFSTR("2.5.29.32"); +CFTypeRef kSecOIDClientAuth = CFSTR("1.3.6.1.5.5.7.3.2"); +CFTypeRef kSecOIDCollectiveStateProvinceName = CFSTR("2.5.4.8.1"); +CFTypeRef kSecOIDCollectiveStreetAddress = CFSTR("2.5.4.9.1"); +CFTypeRef kSecOIDCommonName = CFSTR("2.5.4.3"); +CFTypeRef kSecOIDCountryName = CFSTR("2.5.4.6"); +CFTypeRef kSecOIDCrlDistributionPoints = CFSTR("2.5.29.31"); +CFTypeRef kSecOIDCrlNumber = CFSTR("2.5.29.20"); +CFTypeRef kSecOIDCrlReason = CFSTR("2.5.29.21"); +CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT = CFSTR("1.2.840.113635.100.3.2.3"); +CFTypeRef kSecOIDDOTMAC_CERT_EMAIL_SIGN = CFSTR("1.2.840.113635.100.3.2.2"); +CFTypeRef kSecOIDDOTMAC_CERT_EXTENSION = CFSTR("1.2.840.113635.100.3.2"); +CFTypeRef kSecOIDDOTMAC_CERT_IDENTITY = CFSTR("1.2.840.113635.100.3.2.1"); +CFTypeRef kSecOIDDOTMAC_CERT_POLICY = CFSTR("1.2.840.113635.100.5.2"); +CFTypeRef kSecOIDDeltaCrlIndicator = CFSTR("2.5.29.27"); +CFTypeRef kSecOIDDescription = CFSTR("2.5.4.13"); +CFTypeRef kSecOIDEKU_IPSec = CFSTR("1.3.6.1.5.5.8.2.2"); +CFTypeRef kSecOIDEmailAddress = CFSTR("1.2.840.113549.1.9.1"); +CFTypeRef kSecOIDEmailProtection = CFSTR("1.3.6.1.5.5.7.3.4"); +CFTypeRef kSecOIDExtendedKeyUsage = CFSTR("2.5.29.37"); +CFTypeRef kSecOIDExtendedKeyUsageAny = CFSTR("2.5.29.37.0"); +CFTypeRef kSecOIDExtendedUseCodeSigning = CFSTR("1.3.6.1.5.5.7.3.3"); +CFTypeRef kSecOIDGivenName = CFSTR("2.5.4.42"); +CFTypeRef kSecOIDHoldInstructionCode = CFSTR("2.5.29.23"); +CFTypeRef kSecOIDInvalidityDate = CFSTR("2.5.29.24"); +CFTypeRef kSecOIDIssuerAltName = CFSTR("2.5.29.18"); +CFTypeRef kSecOIDIssuingDistributionPoint = CFSTR("2.5.29.28"); +CFTypeRef kSecOIDIssuingDistributionPoints = CFSTR("2.5.29.28"); +CFTypeRef kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH = CFSTR("1.3.6.1.5.2.3.4"); +CFTypeRef kSecOIDKERBv5_PKINIT_KP_KDC = CFSTR("1.3.6.1.5.2.3.5"); +CFTypeRef kSecOIDKeyUsage = CFSTR("2.5.29.15"); +CFTypeRef kSecOIDLocalityName = CFSTR("2.5.4.7"); +CFTypeRef kSecOIDMS_NTPrincipalName = CFSTR("1.3.6.1.4.1.311.20.2.3"); +CFTypeRef kSecOIDMicrosoftSGC = CFSTR("1.3.6.1.4.1.311.10.3.3"); +CFTypeRef kSecOIDNameConstraints = CFSTR("2.5.29.30"); +CFTypeRef kSecOIDNetscapeCertSequence = CFSTR("2.16.840.1.113730.2.5"); +CFTypeRef kSecOIDNetscapeCertType = CFSTR("2.16.840.1.113730.1.1"); +CFTypeRef kSecOIDNetscapeSGC = CFSTR("2.16.840.1.113730.4.1"); +CFTypeRef kSecOIDOCSPSigning = CFSTR("1.3.6.1.5.5.7.3.9"); +CFTypeRef kSecOIDOrganizationName = CFSTR("2.5.4.10"); +CFTypeRef kSecOIDOrganizationalUnitName = CFSTR("2.5.4.11"); +CFTypeRef kSecOIDPolicyConstraints = CFSTR("2.5.29.36"); +CFTypeRef kSecOIDPolicyMappings = CFSTR("2.5.29.33"); +CFTypeRef kSecOIDPrivateKeyUsagePeriod = CFSTR("2.5.29.16"); +CFTypeRef kSecOIDQC_Statements = CFSTR("1.3.6.1.5.5.7.1.3"); +CFTypeRef kSecOIDSerialNumber = CFSTR("2.5.4.5"); +CFTypeRef kSecOIDServerAuth = CFSTR("1.3.6.1.5.5.7.3.1"); +CFTypeRef kSecOIDStateProvinceName = CFSTR("2.5.4.8"); +CFTypeRef kSecOIDStreetAddress = CFSTR("2.5.4.9"); +CFTypeRef kSecOIDSubjectAltName = CFSTR("2.5.29.17"); +CFTypeRef kSecOIDSubjectDirectoryAttributes = CFSTR("2.5.29.9"); +CFTypeRef kSecOIDSubjectEmailAddress = CFSTR("2.16.840.1.113741.2.1.1.1.50.3"); +CFTypeRef kSecOIDSubjectInfoAccess = CFSTR("1.3.6.1.5.5.7.1.11"); +CFTypeRef kSecOIDSubjectKeyIdentifier = CFSTR("2.5.29.14"); +CFTypeRef kSecOIDSubjectPicture = CFSTR("2.16.840.1.113741.2.1.1.1.50.2"); +CFTypeRef kSecOIDSubjectSignatureBitmap = CFSTR("2.16.840.1.113741.2.1.1.1.50.1"); +CFTypeRef kSecOIDSurname = CFSTR("2.5.4.4"); +CFTypeRef kSecOIDTimeStamping = CFSTR("1.3.6.1.5.5.7.3.8"); +CFTypeRef kSecOIDTitle = CFSTR("2.5.4.12"); +CFTypeRef kSecOIDUseExemptions = CFSTR("2.16.840.1.113741.2.1.1.1.50.4"); +CFTypeRef kSecOIDX509V1CertificateIssuerUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.11"); +CFTypeRef kSecOIDX509V1CertificateSubjectUniqueId = CFSTR("2.16.840.1.113741.2.1.1.1.12"); +CFTypeRef kSecOIDX509V1IssuerName = CFSTR("2.16.840.1.113741.2.1.1.1.5"); +CFTypeRef kSecOIDX509V1IssuerNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.5.1"); +CFTypeRef kSecOIDX509V1IssuerNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.5.2"); +CFTypeRef kSecOIDX509V1IssuerNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.23"); +CFTypeRef kSecOIDX509V1SerialNumber = CFSTR("2.16.840.1.113741.2.1.1.1.3"); +CFTypeRef kSecOIDX509V1Signature = CFSTR("2.16.840.1.113741.2.1.3.2.2"); +CFTypeRef kSecOIDX509V1SignatureAlgorithm = CFSTR("2.16.840.1.113741.2.1.3.2.1"); +CFTypeRef kSecOIDX509V1SignatureAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.3.2.3"); +CFTypeRef kSecOIDX509V1SignatureAlgorithmTBS = CFSTR("2.16.840.1.113741.2.1.3.2.10"); +CFTypeRef kSecOIDX509V1SignatureCStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0.1"); +CFTypeRef kSecOIDX509V1SignatureStruct = CFSTR("2.16.840.1.113741.2.1.3.2.0"); +CFTypeRef kSecOIDX509V1SubjectName = CFSTR("2.16.840.1.113741.2.1.1.1.8"); +CFTypeRef kSecOIDX509V1SubjectNameCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.8.1"); +CFTypeRef kSecOIDX509V1SubjectNameLDAP = CFSTR("2.16.840.1.113741.2.1.1.1.8.2"); +CFTypeRef kSecOIDX509V1SubjectNameStd = CFSTR("2.16.840.1.113741.2.1.1.1.22"); +CFTypeRef kSecOIDX509V1SubjectPublicKey = CFSTR("2.16.840.1.113741.2.1.1.1.10"); +CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithm = CFSTR("2.16.840.1.113741.2.1.1.1.9"); +CFTypeRef kSecOIDX509V1SubjectPublicKeyAlgorithmParameters = CFSTR("2.16.840.1.113741.2.1.1.1.18"); +CFTypeRef kSecOIDX509V1SubjectPublicKeyCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.20.1"); +CFTypeRef kSecOIDX509V1ValidityNotAfter = CFSTR("2.16.840.1.113741.2.1.1.1.7"); +CFTypeRef kSecOIDX509V1ValidityNotBefore = CFSTR("2.16.840.1.113741.2.1.1.1.6"); +CFTypeRef kSecOIDX509V1Version = CFSTR("2.16.840.1.113741.2.1.1.1.2"); +CFTypeRef kSecOIDX509V3Certificate = CFSTR("2.16.840.1.113741.2.1.1.1.1"); +CFTypeRef kSecOIDX509V3CertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.1.1"); +CFTypeRef kSecOIDX509V3CertificateExtensionCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13.1"); +CFTypeRef kSecOIDX509V3CertificateExtensionCritical = CFSTR("2.16.840.1.113741.2.1.1.1.16"); +CFTypeRef kSecOIDX509V3CertificateExtensionId = CFSTR("2.16.840.1.113741.2.1.1.1.15"); +CFTypeRef kSecOIDX509V3CertificateExtensionStruct = CFSTR("2.16.840.1.113741.2.1.1.1.13"); +CFTypeRef kSecOIDX509V3CertificateExtensionType = CFSTR("2.16.840.1.113741.2.1.1.1.19"); +CFTypeRef kSecOIDX509V3CertificateExtensionValue = CFSTR("2.16.840.1.113741.2.1.1.1.17"); +CFTypeRef kSecOIDX509V3CertificateExtensionsCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21.1"); +CFTypeRef kSecOIDX509V3CertificateExtensionsStruct = CFSTR("2.16.840.1.113741.2.1.1.1.21"); +CFTypeRef kSecOIDX509V3CertificateNumberOfExtensions = CFSTR("2.16.840.1.113741.2.1.1.1.14"); +CFTypeRef kSecOIDX509V3SignedCertificate = CFSTR("2.16.840.1.113741.2.1.1.1.0"); +CFTypeRef kSecOIDX509V3SignedCertificateCStruct = CFSTR("2.16.840.1.113741.2.1.1.1.0.1"); +CFTypeRef kSecOIDSRVName = CFSTR("1.3.6.1.5.5.7.8.7"); +