oidscert.cpp
1 /* 2 * Copyright (c) 2000-2004,2008-2015 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25 /* 26 27 File: oidscert.cpp 28 29 Contains: Object Identifiers for X509 Certificate Library 30 31 */ 32 33 #include "oidsbase.h" 34 #include "oidscert.h" 35 36 #pragma clang diagnostic push 37 #pragma clang diagnostic ignored "-Wunused-const-variable" 38 39 /* required until PR-3347430 Security/cdsa/cdsa/oidscert.h is checked 40 * into TOT - pending public API review */ 41 extern "C" { 42 extern const CSSM_OID CSSMOID_X509V1IssuerNameStd, 43 CSSMOID_X509V1SubjectNameStd; 44 } 45 46 static const uint8 47 48 /* Certificate OID Fields */ 49 X509V3SignedCertificate[] = {INTEL_X509V3_CERT_R08, 0}, 50 X509V3SignedCertificateCStruct[] = {INTEL_X509V3_CERT_R08, 0, INTEL_X509_C_DATATYPE}, 51 X509V3Certificate[] = {INTEL_X509V3_CERT_R08, 1}, 52 X509V3CertificateCStruct[] = {INTEL_X509V3_CERT_R08, 1, INTEL_X509_C_DATATYPE}, 53 X509V1Version[] = {INTEL_X509V3_CERT_R08, 2}, 54 X509V1SerialNumber[] = {INTEL_X509V3_CERT_R08, 3}, 55 X509V1IssuerName[] = {INTEL_X509V3_CERT_R08, 5}, 56 X509V1IssuerNameCStruct[] = {INTEL_X509V3_CERT_R08, 5, INTEL_X509_C_DATATYPE}, 57 X509V1IssuerNameLDAP[] = {INTEL_X509V3_CERT_R08, 5, INTEL_X509_LDAPSTRING_DATATYPE}, 58 X509V1ValidityNotBefore[] = {INTEL_X509V3_CERT_R08, 6}, 59 X509V1ValidityNotAfter[] = {INTEL_X509V3_CERT_R08, 7}, 60 X509V1SubjectName[] = {INTEL_X509V3_CERT_R08, 8}, 61 X509V1SubjectNameCStruct[] = {INTEL_X509V3_CERT_R08, 8, INTEL_X509_C_DATATYPE}, 62 X509V1SubjectNameLDAP[] = {INTEL_X509V3_CERT_R08, 8, INTEL_X509_LDAPSTRING_DATATYPE}, 63 X509V1SubjectPublicKeyAlgorithm[] = {INTEL_X509V3_CERT_R08, 9}, 64 X509V1SubjectPublicKey[] = {INTEL_X509V3_CERT_R08, 10}, 65 X509V1CertificateIssuerUniqueId[] = {INTEL_X509V3_CERT_R08, 11}, 66 X509V1CertificateSubjectUniqueId[] = {INTEL_X509V3_CERT_R08, 12}, 67 X509V3CertificateExtensionStruct[] = {INTEL_X509V3_CERT_R08, 13}, 68 X509V3CertificateExtensionCStruct[] = {INTEL_X509V3_CERT_R08, 13, INTEL_X509_C_DATATYPE}, 69 X509V3CertificateNumberOfExtensions[] = {INTEL_X509V3_CERT_R08, 14}, 70 X509V3CertificateExtensionId[] = {INTEL_X509V3_CERT_R08, 15}, 71 X509V3CertificateExtensionCritical[] = {INTEL_X509V3_CERT_R08, 16}, 72 X509V3CertificateExtensionValue[] = {INTEL_X509V3_CERT_R08, 17}, 73 X509V1SubjectPublicKeyAlgorithmParameters[] = {INTEL_X509V3_CERT_R08, 18}, 74 X509V3CertificateExtensionType[] = {INTEL_X509V3_CERT_R08, 19}, 75 CSSMKeyStruct[] = {INTEL_X509V3_CERT_R08, 20}, 76 X509V1SubjectPublicKeyCStruct[] = {INTEL_X509V3_CERT_R08, 20, INTEL_X509_C_DATATYPE}, 77 X509V3CertificateExtensionsStruct[] = {INTEL_X509V3_CERT_R08, 21}, 78 X509V3CertificateExtensionsCStruct[] = {INTEL_X509V3_CERT_R08, 21, INTEL_X509_C_DATATYPE}, 79 X509V1SubjectNameStd[] = {INTEL_X509V3_CERT_R08, 22}, 80 X509V1IssuerNameStd[] = {INTEL_X509V3_CERT_R08, 23}, 81 82 /* Signature OID Fields */ 83 X509V1SignatureStruct[] = {INTEL_X509V3_SIGN_R08, 0}, 84 X509V1SignatureCStruct[] = {INTEL_X509V3_SIGN_R08, 0, INTEL_X509_C_DATATYPE}, 85 /* for the algorithm ID in the cert proper */ 86 X509V1SignatureAlgorithm[] = {INTEL_X509V3_SIGN_R08, 1}, 87 /* for the one in TBSCert */ 88 X509V1SignatureAlgorithmTBS[] = {INTEL_X509V3_SIGN_R08, 10}, 89 X509V1SignatureAlgorithmParameters[] = {INTEL_X509V3_SIGN_R08, 3}, 90 X509V1Signature[] = {INTEL_X509V3_SIGN_R08, 2}, 91 92 /* Extension OID Fields */ 93 SubjectSignatureBitmap[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 1}, 94 SubjectPicture[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 2}, 95 SubjectEmailAddress[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 3}, 96 UseExemptions[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 4}; 97 98 99 const CSSM_OID 100 101 /* Certificate OIDS */ 102 CSSMOID_X509V3SignedCertificate = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V3SignedCertificate}, 103 CSSMOID_X509V3SignedCertificateCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 104 (uint8 *)X509V3SignedCertificateCStruct}, 105 CSSMOID_X509V3Certificate = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V3Certificate}, 106 CSSMOID_X509V3CertificateCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V3CertificateCStruct}, 107 CSSMOID_X509V1Version = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1Version}, 108 CSSMOID_X509V1SerialNumber = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SerialNumber}, 109 CSSMOID_X509V1IssuerName = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1IssuerName}, 110 CSSMOID_X509V1IssuerNameStd = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1IssuerNameStd}, 111 CSSMOID_X509V1IssuerNameCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1IssuerNameCStruct}, 112 CSSMOID_X509V1IssuerNameLDAP = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1IssuerNameLDAP}, 113 CSSMOID_X509V1ValidityNotBefore = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1ValidityNotBefore}, 114 CSSMOID_X509V1ValidityNotAfter = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1ValidityNotAfter}, 115 CSSMOID_X509V1SubjectName = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectName}, 116 CSSMOID_X509V1SubjectNameStd = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectNameStd}, 117 CSSMOID_X509V1SubjectNameCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1SubjectNameCStruct}, 118 CSSMOID_X509V1SubjectNameLDAP = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1SubjectNameLDAP}, 119 CSSMOID_CSSMKeyStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)CSSMKeyStruct}, 120 CSSMOID_X509V1SubjectPublicKeyCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 121 (uint8 *)X509V1SubjectPublicKeyCStruct}, 122 CSSMOID_X509V1SubjectPublicKeyAlgorithm = {INTEL_X509V3_CERT_R08_LENGTH+1, 123 (uint8 *)X509V1SubjectPublicKeyAlgorithm}, 124 CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters = {INTEL_X509V3_CERT_R08_LENGTH+1, 125 (uint8 *)X509V1SubjectPublicKeyAlgorithmParameters}, 126 CSSMOID_X509V1SubjectPublicKey = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectPublicKey}, 127 CSSMOID_X509V1CertificateIssuerUniqueId = {INTEL_X509V3_CERT_R08_LENGTH+1, 128 (uint8 *)X509V1CertificateIssuerUniqueId}, 129 CSSMOID_X509V1CertificateSubjectUniqueId = {INTEL_X509V3_CERT_R08_LENGTH+1, 130 (uint8 *)X509V1CertificateSubjectUniqueId}, 131 CSSMOID_X509V3CertificateExtensionsStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, 132 (uint8 *)X509V3CertificateExtensionsStruct}, 133 CSSMOID_X509V3CertificateExtensionsCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 134 (uint8 *)X509V3CertificateExtensionsCStruct}, 135 CSSMOID_X509V3CertificateNumberOfExtensions = {INTEL_X509V3_CERT_R08_LENGTH+1, 136 (uint8 *)X509V3CertificateNumberOfExtensions}, 137 CSSMOID_X509V3CertificateExtensionStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, 138 (uint8 *)X509V3CertificateExtensionStruct}, 139 CSSMOID_X509V3CertificateExtensionCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 140 (uint8 *)X509V3CertificateExtensionCStruct}, 141 CSSMOID_X509V3CertificateExtensionId = {INTEL_X509V3_CERT_R08_LENGTH+1, 142 (uint8 *)X509V3CertificateExtensionId}, 143 CSSMOID_X509V3CertificateExtensionCritical = {INTEL_X509V3_CERT_R08_LENGTH+1, 144 (uint8 *)X509V3CertificateExtensionCritical}, 145 CSSMOID_X509V3CertificateExtensionType = {INTEL_X509V3_CERT_R08_LENGTH+1, 146 (uint8 *)X509V3CertificateExtensionType}, 147 CSSMOID_X509V3CertificateExtensionValue = {INTEL_X509V3_CERT_R08_LENGTH+1, 148 (uint8 *)X509V3CertificateExtensionValue}, 149 150 /* Signature OID Fields */ 151 CSSMOID_X509V1SignatureStruct = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureStruct}, 152 CSSMOID_X509V1SignatureCStruct = {INTEL_X509V3_SIGN_R08_LENGTH+2, (uint8 *)X509V1SignatureCStruct}, 153 CSSMOID_X509V1SignatureAlgorithm = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureAlgorithm}, 154 CSSMOID_X509V1SignatureAlgorithmTBS = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureAlgorithmTBS}, 155 CSSMOID_X509V1SignatureAlgorithmParameters = {INTEL_X509V3_SIGN_R08_LENGTH+1, 156 (uint8 *)X509V1SignatureAlgorithmParameters}, 157 CSSMOID_X509V1Signature = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1Signature}, 158 159 /* Extension OID Fields */ 160 CSSMOID_SubjectSignatureBitmap = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectSignatureBitmap}, 161 CSSMOID_SubjectPicture = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectPicture}, 162 CSSMOID_SubjectEmailAddress = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectEmailAddress}, 163 CSSMOID_UseExemptions = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)UseExemptions}; 164 165 166 /*** 167 *** Apple addenda. 168 ***/ 169 170 /* 171 * Standard Cert extensions. 172 */ 173 static const uint8 174 OID_SubjectDirectoryAttributes[] = { OID_EXTENSION, 9 }, 175 OID_SubjectKeyIdentifier[] = { OID_EXTENSION, 14 }, 176 OID_KeyUsage[] = { OID_EXTENSION, 15 }, 177 OID_PrivateKeyUsagePeriod[] = { OID_EXTENSION, 16 }, 178 OID_SubjectAltName[] = { OID_EXTENSION, 17 }, 179 OID_IssuerAltName[] = { OID_EXTENSION, 18 }, 180 OID_BasicConstraints[] = { OID_EXTENSION, 19 }, 181 OID_CrlNumber[] = { OID_EXTENSION, 20 }, 182 OID_CrlReason[] = { OID_EXTENSION, 21 }, 183 OID_HoldInstructionCode[] = { OID_EXTENSION, 23 }, 184 OID_InvalidityDate[] = { OID_EXTENSION, 24 }, 185 OID_DeltaCrlIndicator[] = { OID_EXTENSION, 27 }, 186 OID_IssuingDistributionPoint[] = { OID_EXTENSION, 28 }, 187 OID_CertIssuer[] = { OID_EXTENSION, 29 }, 188 OID_NameConstraints[] = { OID_EXTENSION, 30 }, 189 OID_CrlDistributionPoints[] = { OID_EXTENSION, 31 }, 190 OID_CertificatePolicies[] = { OID_EXTENSION, 32 }, 191 OID_PolicyMappings[] = { OID_EXTENSION, 33 }, 192 OID_AuthorityKeyIdentifier[] = { OID_EXTENSION, 35 }, 193 OID_PolicyConstraints[] = { OID_EXTENSION, 36 }, 194 OID_ExtendedKeyUsage[] = { OID_EXTENSION, 37 }, 195 OID_InhibitAnyPolicy[] = { OID_EXTENSION, 54 }, 196 OID_AuthorityInfoAccess[] = { OID_PE, 1 }, 197 OID_BiometricInfo[] = { OID_PE, 2 }, 198 OID_QC_Statements[] = { OID_PE, 3 }, 199 OID_SubjectInfoAccess[] = { OID_PE, 11 }, 200 201 /* Individual OIDS appearing in an ExtendedKeyUsage extension */ 202 OID_ExtendedKeyUsageAny[] = { OID_EXTENSION, 37, 0 }, 203 OID_KP_ServerAuth[] = { OID_KP, 1 }, 204 OID_KP_ClientAuth[] = { OID_KP, 2 }, 205 OID_KP_ExtendedUseCodeSigning[] = { OID_KP, 3 }, 206 OID_KP_EmailProtection[] = { OID_KP, 4 }, 207 OID_KP_TimeStamping[] = { OID_KP, 8 }, 208 OID_KP_OCSPSigning[] = { OID_KP, 9 }, 209 /* Kerberos PKINIT Extended Key Use values */ 210 OID_KERBv5_PKINIT_KP_CLIENT_AUTH[] = { OID_KERBv5_PKINIT, 4 }, 211 OID_KERBv5_PKINIT_KP_KDC[] = { OID_KERBv5_PKINIT, 5 }, 212 /* IPSec */ 213 OID_EKU_IPSec[] = { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x02, 0x02 }, 214 215 /* .mac Certificate Extended Key Use values */ 216 OID_DOTMAC_CERT_EXTENSION[] = { APPLE_DOTMAC_CERT_EXTEN_OID }, 217 OID_DOTMAC_CERT_IDENTITY[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 1 }, 218 OID_DOTMAC_CERT_EMAIL_SIGN[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 2 }, 219 OID_DOTMAC_CERT_EMAIL_ENCRYPT[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 3 }, 220 /* Other Apple extended key usage values */ 221 OID_APPLE_EKU_CODE_SIGNING[] = { APPLE_EKU_CODE_SIGNING }, 222 OID_APPLE_EKU_CODE_SIGNING_DEV[] = { APPLE_EKU_CODE_SIGNING, 1 }, 223 OID_APPLE_EKU_RESOURCE_SIGNING[] = { APPLE_EKU_CODE_SIGNING, 4 }, 224 OID_APPLE_EKU_ICHAT_SIGNING[] = { APPLE_EKU_OID, 2 }, 225 OID_APPLE_EKU_ICHAT_ENCRYPTION[] = { APPLE_EKU_OID, 3 }, 226 OID_APPLE_EKU_SYSTEM_IDENTITY[] = { APPLE_EKU_OID, 4 }, 227 OID_APPLE_EKU_PASSBOOK_SIGNING[] = { APPLE_EKU_OID, 14 }, 228 OID_APPLE_EKU_PROFILE_SIGNING[] = { APPLE_EKU_OID, 16 }, 229 OID_APPLE_EKU_QA_PROFILE_SIGNING[] = { APPLE_EKU_OID, 17 }, 230 /* Apple cert policies */ 231 OID_APPLE_CERT_POLICY[] = { APPLE_CERT_POLICIES, 1 }, 232 OID_DOTMAC_CERT_POLICY[] = { APPLE_CERT_POLICIES, 2 }, 233 OID_ADC_CERT_POLICY[] = { APPLE_CERT_POLICIES, 3 }, 234 OID_APPLE_CERT_POLICY_MACAPPSTORE[] = { APPLE_CERT_POLICIES_MACAPPSTORE }, 235 OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT[] = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT }, 236 OID_APPLE_CERT_POLICY_APPLEID[] = { APPLE_CERT_POLICIES_APPLEID }, 237 OID_APPLE_CERT_POLICY_APPLEID_SHARING[] = { APPLE_CERT_POLICIES_APPLEID_SHARING }, 238 OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING }, 239 OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING }, 240 241 /* Apple-specific extensions */ 242 OID_APPLE_EXTENSION[] = { APPLE_EXTENSION_OID }, 243 OID_APPLE_EXTENSION_CODE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING }, 244 OID_APPLE_EXTENSION_APPLE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 1 }, 245 OID_APPLE_EXTENSION_ADC_DEV_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 2 }, 246 OID_APPLE_EXTENSION_ADC_APPLE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 3 }, 247 OID_APPLE_EXTENSION_PASSBOOK_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 16 }, 248 OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT[] = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT }, 249 OID_APPLE_EXTENSION_INTERMEDIATE_MARKER[] = { APPLE_EXTENSION_INTERMEDIATE_MARKER }, 250 OID_APPLE_EXTENSION_WWDR_INTERMEDIATE[] = { APPLE_EXTENSION_WWDR_INTERMEDIATE }, 251 OID_APPLE_EXTENSION_ITMS_INTERMEDIATE[] = { APPLE_EXTENSION_ITMS_INTERMEDIATE }, 252 OID_APPLE_EXTENSION_AAI_INTERMEDIATE[] = { APPLE_EXTENSION_AAI_INTERMEDIATE }, 253 OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE[] = { APPLE_EXTENSION_APPLEID_INTERMEDIATE }, 254 OID_APPLE_EXTENSION_APPLEID_SHARING[] = { APPLE_EXTENSION_APPLEID_SHARING }, 255 OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE[] = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE }, 256 OID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION[] = { APPLE_EXTENSION_DEVELOPER_AUTHENTICATION }, 257 OID_APPLE_EXTENSION_SERVER_AUTHENTICATION[] = { APPLE_EXTENSION_SERVER_AUTHENTICATION }, 258 OID_APPLE_EXTENSION_ESCROW_SERVICE[] = { APPLE_EXTENSION_ESCROW_SERVICE }, 259 OID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING[] = { APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING } 260 ; 261 262 #define OID_PKCS_CE_LENGTH OID_EXTENSION_LENGTH + 1 263 264 const CSSM_OID 265 CSSMOID_SubjectDirectoryAttributes = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectDirectoryAttributes}, 266 CSSMOID_SubjectKeyIdentifier = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectKeyIdentifier}, 267 CSSMOID_KeyUsage = { OID_PKCS_CE_LENGTH, (uint8 *)OID_KeyUsage}, 268 CSSMOID_PrivateKeyUsagePeriod = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PrivateKeyUsagePeriod}, 269 CSSMOID_SubjectAltName = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectAltName}, 270 CSSMOID_IssuerAltName = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuerAltName}, 271 CSSMOID_BasicConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_BasicConstraints}, 272 CSSMOID_CrlNumber = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlNumber}, 273 CSSMOID_CrlReason = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlReason}, 274 CSSMOID_HoldInstructionCode = { OID_PKCS_CE_LENGTH, (uint8 *)OID_HoldInstructionCode}, 275 CSSMOID_InvalidityDate = { OID_PKCS_CE_LENGTH, (uint8 *)OID_InvalidityDate}, 276 CSSMOID_DeltaCrlIndicator = { OID_PKCS_CE_LENGTH, (uint8 *)OID_DeltaCrlIndicator}, 277 CSSMOID_IssuingDistributionPoint = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint}, 278 /* for backwards compatibility... */ 279 CSSMOID_IssuingDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint}, 280 CSSMOID_CertIssuer = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertIssuer}, 281 CSSMOID_NameConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_NameConstraints}, 282 CSSMOID_CrlDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlDistributionPoints}, 283 CSSMOID_CertificatePolicies = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertificatePolicies}, 284 CSSMOID_PolicyMappings = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyMappings}, 285 CSSMOID_PolicyConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyConstraints}, 286 CSSMOID_AuthorityKeyIdentifier = { OID_PKCS_CE_LENGTH, (uint8 *)OID_AuthorityKeyIdentifier}, 287 CSSMOID_ExtendedKeyUsage = { OID_PKCS_CE_LENGTH, (uint8 *)OID_ExtendedKeyUsage}, 288 CSSMOID_InhibitAnyPolicy = { OID_PKCS_CE_LENGTH, (uint8 *)OID_InhibitAnyPolicy}, 289 CSSMOID_AuthorityInfoAccess = { OID_PE_LENGTH+1, (uint8 *)OID_AuthorityInfoAccess}, 290 CSSMOID_BiometricInfo = { OID_PE_LENGTH+1, (uint8 *)OID_BiometricInfo}, 291 CSSMOID_QC_Statements = { OID_PE_LENGTH+1, (uint8 *)OID_QC_Statements}, 292 CSSMOID_SubjectInfoAccess = { OID_PE_LENGTH+1, (uint8 *)OID_SubjectInfoAccess}, 293 CSSMOID_ExtendedKeyUsageAny = { OID_PKCS_CE_LENGTH+1, (uint8 *)OID_ExtendedKeyUsageAny}, 294 CSSMOID_ServerAuth = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ServerAuth}, 295 CSSMOID_ClientAuth = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ClientAuth}, 296 CSSMOID_ExtendedUseCodeSigning = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ExtendedUseCodeSigning}, 297 CSSMOID_EmailProtection = { OID_KP_LENGTH+1, (uint8 *)OID_KP_EmailProtection}, 298 CSSMOID_TimeStamping = { OID_KP_LENGTH+1, (uint8 *)OID_KP_TimeStamping}, 299 CSSMOID_OCSPSigning = { OID_KP_LENGTH+1, (uint8 *)OID_KP_OCSPSigning}, 300 CSSMOID_KERBv5_PKINIT_KP_CLIENT_AUTH = { OID_KERBv5_PKINIT_LEN + 1, 301 (uint8 *)OID_KERBv5_PKINIT_KP_CLIENT_AUTH }, 302 CSSMOID_KERBv5_PKINIT_KP_KDC = { OID_KERBv5_PKINIT_LEN + 1, 303 (uint8 *)OID_KERBv5_PKINIT_KP_KDC }, 304 CSSMOID_EKU_IPSec = { 8, (uint8 *)OID_EKU_IPSec }, 305 CSSMOID_DOTMAC_CERT_EXTENSION = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH, 306 (uint8 *)OID_DOTMAC_CERT_EXTENSION }, 307 CSSMOID_DOTMAC_CERT_IDENTITY = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1, 308 (uint8 *)OID_DOTMAC_CERT_IDENTITY }, 309 CSSMOID_DOTMAC_CERT_EMAIL_SIGN = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1, 310 (uint8 *)OID_DOTMAC_CERT_EMAIL_SIGN }, 311 CSSMOID_DOTMAC_CERT_EMAIL_ENCRYPT = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1, 312 (uint8 *)OID_DOTMAC_CERT_EMAIL_ENCRYPT }, 313 CSSMOID_APPLE_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1, 314 (uint8 *)OID_APPLE_CERT_POLICY }, 315 CSSMOID_DOTMAC_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1, 316 (uint8 *)OID_DOTMAC_CERT_POLICY }, 317 CSSMOID_ADC_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1, 318 (uint8 *)OID_ADC_CERT_POLICY }, 319 CSSMOID_MACAPPSTORE_CERT_POLICY = { APPLE_CERT_POLICIES_MACAPPSTORE_LENGTH, 320 (uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE }, 321 CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT_LENGTH, 322 (uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT }, 323 CSSMOID_APPLEID_CERT_POLICY = { APPLE_CERT_POLICIES_APPLEID_LENGTH, 324 (uint8 *)OID_APPLE_CERT_POLICY_APPLEID }, 325 CSSMOID_APPLEID_SHARING_CERT_POLICY = { APPLE_CERT_POLICIES_APPLEID_SHARING_LENGTH, 326 (uint8 *)OID_APPLE_CERT_POLICY_APPLEID_SHARING }, 327 CSSMOID_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING_LENGTH, 328 (uint8 *)OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING }, 329 CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING_LENGTH, 330 (uint8 *)OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING }, 331 CSSMOID_APPLE_EKU_CODE_SIGNING = { APPLE_EKU_CODE_SIGNING_LENGTH, 332 (uint8 *)OID_APPLE_EKU_CODE_SIGNING }, 333 CSSMOID_APPLE_EKU_CODE_SIGNING_DEV = { APPLE_EKU_CODE_SIGNING_LENGTH + 1, 334 (uint8 *)OID_APPLE_EKU_CODE_SIGNING_DEV }, 335 CSSMOID_APPLE_EKU_RESOURCE_SIGNING = { APPLE_EKU_CODE_SIGNING_LENGTH + 1, 336 (uint8 *)OID_APPLE_EKU_RESOURCE_SIGNING }, 337 CSSMOID_APPLE_EKU_ICHAT_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 338 (uint8 *)OID_APPLE_EKU_ICHAT_SIGNING }, 339 CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION = { APPLE_EKU_OID_LENGTH + 1, 340 (uint8 *)OID_APPLE_EKU_ICHAT_ENCRYPTION }, 341 CSSMOID_APPLE_EKU_SYSTEM_IDENTITY = { APPLE_EKU_OID_LENGTH + 1, 342 (uint8 *)OID_APPLE_EKU_SYSTEM_IDENTITY }, 343 CSSMOID_APPLE_EKU_PASSBOOK_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 344 (uint8 *)OID_APPLE_EKU_PASSBOOK_SIGNING }, 345 CSSMOID_APPLE_EKU_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 346 (uint8 *)OID_APPLE_EKU_PROFILE_SIGNING }, 347 CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 348 (uint8 *)OID_APPLE_EKU_QA_PROFILE_SIGNING }, 349 CSSMOID_APPLE_EXTENSION = { APPLE_EXTENSION_OID_LENGTH, 350 (uint8 *)OID_APPLE_EXTENSION }, 351 CSSMOID_APPLE_EXTENSION_CODE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH, 352 (uint8 *)OID_APPLE_EXTENSION_CODE_SIGNING }, 353 CSSMOID_APPLE_EXTENSION_APPLE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1, 354 (uint8 *)OID_APPLE_EXTENSION_APPLE_SIGNING }, 355 CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 2, 356 (uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING }, 357 CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 3, 358 (uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING }, 359 CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1, 360 (uint8 *)OID_APPLE_EXTENSION_PASSBOOK_SIGNING }, 361 CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT_LENGTH, 362 (uint8 *)OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT }, 363 CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER = { APPLE_EXTENSION_INTERMEDIATE_MARKER_LENGTH, 364 (uint8 *)OID_APPLE_EXTENSION_INTERMEDIATE_MARKER }, 365 CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE = { APPLE_EXTENSION_WWDR_INTERMEDIATE_LENGTH, 366 (uint8 *)OID_APPLE_EXTENSION_WWDR_INTERMEDIATE }, 367 CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE = { APPLE_EXTENSION_ITMS_INTERMEDIATE_LENGTH, 368 (uint8 *)OID_APPLE_EXTENSION_ITMS_INTERMEDIATE }, 369 CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE = { APPLE_EXTENSION_AAI_INTERMEDIATE_LENGTH, 370 (uint8 *)OID_APPLE_EXTENSION_AAI_INTERMEDIATE }, 371 CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE = { APPLE_EXTENSION_APPLEID_INTERMEDIATE_LENGTH, 372 (uint8 *)OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE }, 373 CSSMOID_APPLE_EXTENSION_APPLEID_SHARING = { APPLE_EXTENSION_APPLEID_SHARING_LENGTH + 1, 374 (uint8 *)OID_APPLE_EXTENSION_APPLEID_SHARING }, 375 CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE_LENGTH, 376 (uint8 *)OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE }, 377 CSSMOID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION= { APPLE_EXTENSION_DEVELOPER_AUTHENTICATION_LENGTH, 378 (uint8 *)OID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION }, 379 CSSMOID_APPLE_EXTENSION_SERVER_AUTHENTICATION = { APPLE_EXTENSION_SERVER_AUTHENTICATION_LENGTH, 380 (uint8 *)OID_APPLE_EXTENSION_SERVER_AUTHENTICATION }, 381 CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE = { APPLE_EXTENSION_ESCROW_SERVICE_LENGTH + 1, 382 (uint8 *)OID_APPLE_EXTENSION_ESCROW_SERVICE }, 383 CSSMOID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 384 (uint8 *)OID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING } 385 ; 386 387 /* Apple Intermediate Marker OIDs */ 388 #define APPLE_CERT_EXT_INTERMEDIATE_MARKER APPLE_CERT_EXT, 2 389 /* Apple Apple ID Intermediate Marker */ 390 #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 3 391 /* 392 * Apple Apple ID Intermediate Marker (New subCA, no longer shared with push notification server cert issuer 393 * 394 * appleCertificateExtensionAppleIDIntermediate ::= 395 * { appleCertificateExtensionIntermediateMarker 7 } 396 * { 1 2 840 113635 100 6 2 7 } 397 */ 398 #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 7 399 400 /* 401 * Netscape extensions. 402 * 403 * netscape-cert-type OBJECT IDENTIFIER ::= 404 * { 2 16 840 1 113730 1 1 } 405 * 406 * BER = 06 08 60 86 48 01 86 F8 42 01 01 407 */ 408 static const uint8 OID_NetscapeCertType[] = {NETSCAPE_CERT_EXTEN, 1}; 409 const CSSM_OID CSSMOID_NetscapeCertType = 410 {NETSCAPE_CERT_EXTEN_LENGTH + 1, (uint8 *)OID_NetscapeCertType}; 411 412 /* 413 * netscape-cert-sequence ::= { 2 16 840 1 113730 2 5 } 414 * 415 * BER = 06 09 60 86 48 01 86 F8 42 02 05 416 */ 417 static const uint8 OID_NetscapeCertSequence[] = { NETSCAPE_BASE_OID, 2, 5 }; 418 const CSSM_OID CSSMOID_NetscapeCertSequence = 419 { NETSCAPE_BASE_OID_LEN + 2, (uint8 *)OID_NetscapeCertSequence }; 420 421 /* 422 * Netscape version of ServerGatedCrypto ExtendedKeyUse. 423 * OID { 2 16 840 1 113730 4 1 } 424 */ 425 static const uint8 OID_Netscape_SGC[] = {NETSCAPE_CERT_POLICY, 1}; 426 const CSSM_OID CSSMOID_NetscapeSGC = 427 {NETSCAPE_CERT_POLICY_LENGTH + 1, (uint8 *)OID_Netscape_SGC}; 428 429 /* 430 * Microsoft version of ServerGatedCrypto ExtendedKeyUse. 431 * OID { 1 3 6 1 4 1 311 10 3 3 } 432 */ 433 static const uint8 OID_Microsoft_SGC[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x03}; 434 const CSSM_OID CSSMOID_MicrosoftSGC = 435 {10, (uint8 *)OID_Microsoft_SGC}; 436 437 /* 438 * .mac Certificate Extended Key Use values. 439 */ 440 441 #pragma clang diagnostic pop