Lines Matching defs:?f
6 * This file contains Original Code and/or Modifications of Original Code
9 * compliance with the License. Please obtain a copy of the License at
70 #if 0
89 DERItem _signature; /* The content of the sig bit string. */
94 DERItem _issuer; /* Sequence of RDN. */
97 DERItem _subject; /* Sequence of RDN. */
98 DERAlgorithmId _algId; /* oid and params of _pubKeyDER. */
99 DERItem _pubKeyDER; /* contents of bit string */
103 #if 0
104 /* Known extensions if the certificate contains them,
109 several that have the same subject name. If the extension is not
110 present, its value is calculated by performing a SHA-1 hash of the
130 /* If InhibitAnyPolicy extension is not present or invalid UINT32_MAX,
131 value of the SkipCerts field of the InhibitAnyPolicy extension
135 /* If KeyUsage extension is not present this is 0, otherwise it's
136 the value of the extension. */
139 /* OCTECTS of SubjectKeyIdentifier extensions KeyIdentifier.
140 Length = 0 if not present. */
143 /* OCTECTS of AuthorityKeyIdentifier extensions KeyIdentifier.
144 Length = 0 if not present. */
147 _authorityKeyIdentifierSerialNumber have non zero length if present.
152 /* Subject alt name extension, if present. Not malloced, it's just a
158 /* Array of CFURLRefs containing the URI values of crlDistributionPoints. */
161 /* Array of CFURLRefs containing the URI values of accessLocations of each
166 /* Array of CFURLRefs containing the URI values of accessLocations of each
219 /* Forward declartions of static functions. */
220 static CFStringRef SecCertificateDescribe(CFTypeRef cf);
221 static void SecCertificateDestroy(CFTypeRef cf);
226 static CFStringRef SecCertificateDescribe(CFTypeRef cf) {
227 SecCertificateRefP certificate = (SecCertificateRefP)cf;
234 static void SecCertificateDestroy(CFTypeRef cf) {
235 SecCertificateRefP certificate = (SecCertificateRefP)cf;
236 if (certificate->_certificatePolicies.policies)
242 if (certificate->_extensions) {
259 if (cert1 == cert2)
261 if (!cert2 || cert1->_der.length != cert2->_der.length)
266 /* Hash of the certificate is der length + signature length + last 4 bytes
267 of signature. */
268 static CFHashCode SecCertificateHash(CFTypeRef cf) {
269 SecCertificateRefP certificate = (SecCertificateRefP)cf;
280 #if 1
360 if (status)
461 /* name is the content of an OID. */
498 if (!parseGeneralNameContentProperty(generalNameContent.tag,
509 if (generalNames)
552 if (status)
572 if (status)
586 if (DERDecodeItem(x501Name, &x501NameContent) ||
629 if (len > 1) {
637 if (value & mask) {
673 if (basicConstraints.pathLenConstraint.length != 0) {
742 if (policies)
755 #if 0
792 if (mappings)
827 if (sdps) {
866 if (akid.keyIdentifier.length) {
869 if (akid.authorityCertIssuer.length ||
893 if (pc.requireExplicitPolicy.length) {
899 if (pc.inhibitPolicyMapping.length) {
971 if (DEROidCompare(&ad.accessMethod, &oidAdOCSP))
973 else if (DEROidCompare(&ad.accessMethod, &oidAdCAIssuer))
982 #if 0
993 if (url) {
994 if (!*urls)
1034 /* Dictionary key callback calculating the hash of a DERItem. */
1072 which can parse the extension of the type given. */
1116 /* Given the contents of an X.501 Name return the contents of a normalized
1133 /* Offset relative to base of current rdn set tag. */
1139 /* Length of the tag and length of the current rdn. */
1142 /* Copy the tag and length of the RDN. */
1148 /* Always points to tag of current atv sequence. */
1150 /* Offset relative to base of current atv sequence tag. */
1154 /* Length of the tag and length of the current atv. */
1157 /* Copy the tag and length of the atv and the atv itself. */
1178 substrings of one or more consecutive white space characters to a
1180 if (value.tag == ASN1_PRINTABLE_STRING) {
1181 /* Offset relative to base of current value tag. */
1195 if (isblank(ch)) {
1196 if (lastWasBlank) {
1201 if (valueCurrentLocation > valueLocation) {
1208 if ('a' <= ch && ch <= 'z') {
1215 /* Finally if lastWasBlank remove the trailing space. */
1216 if (lastWasBlank && valueCurrentLocation > valueLocation) {
1222 /* Number of bytes by which the length should be shorted. */
1224 if (lengthDiff == 0) {
1235 /* Step 1 fix up length of value. */
1236 /* Length of value tag and length minus the tag. */
1240 /* Add the length of the tag back in. */
1243 if (valueLLDiff) {
1244 /* The size of the length field changed, let's slide
1253 /* Step 2 fix up length of the enclosing ATV Sequence. */
1258 /* Add the length of the tag back in. */
1261 if (atvLLDiff) {
1262 /* The size of the length field changed, let's slide
1272 /* Step 3 fix up length of enclosing RDN Set. */
1277 /* Add the length of the tag back in. */
1280 if (rdnLLDiff) {
1281 /* The size of the length field changed, let's slide
1314 certificate->_der is a caller provided data of any length (might be 0).
1343 of the params field. */
1349 /* The contents of signedCert.sig is a bit string whose contents
1359 if (tbsCert.version.length) {
1423 /* The contents of pubKeyInfo.pubKey is a bit string whose contents
1429 /* The contents of tbsCert.issuerID is a bit string. */
1432 /* The contents of tbsCert.subjectID is a bit string. */
1436 if (tbsCert.extensions.length) {
1446 #if 0
1476 /* Put some upper limit on the number of extentions allowed. */
1504 if (parser) {
1507 } else if (certificate->_extensions[ix].critical) {
1536 if (result) {
1542 if (!SecCertificateParse(result)) {
1558 /* @@@ End of placeholder. */
1561 der_certificate is a caller provided data of any length (might be 0), only
1562 its cf type has been checked.
1570 if (result) {
1575 if (!SecCertificateParse(result)) {
1586 if (certificate->_der_data) {
1592 #if 0
1593 /* FIXME: If we wish to cache result we need to lock the certificate.
1594 Also this create 2 copies of the certificate data which is somewhat
1621 support OIDs where the length of the dotted decimal (see [RFC 2252],
1636 if (oid->length == 0) {
1640 if (oid->length > MAX_OID_SIZE) {
1648 // has only 3 nodes (40*x + y). However if x = joint-iso-itu-t(2) then
1652 if (x > 2)
1654 // Handle special case for large y if x = 2
1665 /* A max number of 20 values is allowed. */
1666 if (!(oid->data[x] & 0x80))
1677 if (oid->length == 0) {
1691 if (CFEqual(oidKey, name)) {
1701 4 digit hex strings for ipv6. Return NULL if the passed in IP doesn't
1702 have a length of exactly 4 or 16 octects. */
1709 if (ip->length == 4) {
1713 } else if (ip->length == 16) {
1726 #if 0
1742 if (label) {
1796 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
1797 true if the date was valid and properly decoded, also return the result in
1802 if (length == 0)
1829 if (tag == ASN1_UTC_TIME) {
1830 if (!isUtcLength)
1832 } else if (tag == ASN1_GENERALIZED_TIME) {
1833 if (isUtcLength)
1840 /* Check that all characters are digits, except if localized the timezone
1841 indicator or if not localized the 'Z' at the end. */
1844 if (!(isdigit(cp[ix]))) {
1845 if ((isLocalized && ix == length - 5 &&
1856 if (isUtcLength) {
1858 if (year < 50) {
1861 } else if (year < 70) {
1875 if (noSeconds) {
1882 if (isLocalized) {
1897 if (!CFGregorianDateIsValid(gdate, kCFGregorianAllUnits))
1901 if (!timeZone)
1912 if (absTime == NULL_TIME)
1919 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
1920 true if the date was valid and properly decoded, also return the result in
1926 if (dateChoice->length == 0)
1930 if (DERDecodeItem(dateChoice, &decoded))
1964 if (!derDateContentGetAbsoluteTime(tag, dateContent, &absTime)) {
1984 if (value) {
1996 if (url) {
2010 if (drtn || decoded.tag != ASN1_IA5_STRING) {
2031 if (algorithm->params.length) {
2032 if (algorithm->params.length == 2 &&
2053 if (ix == 0)
2081 if (length && string->data[length - 1] == 0) {
2082 /* Don't mess with the length of UTF16 strings though. */
2083 if (encoding != kCFStringEncodingUTF16)
2087 if (!length && printableOnly)
2095 if (result)
2104 is, the sign bit in the DER encoding of the INTEGER value MUST be
2105 zero - this can be done by adding a leading (leftmost) `00'H octet if
2107 string of octets and an integer value.
2122 if (length == 0 || length > 8)
2182 if (drtn) {
2201 if (rdnIX > 0) {
2202 /* If there is more than one value pair we create a subsection for the
2207 if (rdnIX == 1) {
2221 of appending to that directly we append to the array inside the
2231 if (label) {
2246 if (status) {
2257 When parsing the subject here are some tips for a short name of the cert.
2263 of the subject. This MAY be in the subject's preferred
2267 understand the nature of the name presented in commonName,
2268 complying applications MAY have to examine present values of the
2278 if (status) {
2291 if (status) {
2317 if (drtn) {
2336 if (len > 1) {
2347 if (value & mask) {
2348 if (didOne) {
2378 #if 0
2405 if ((extnValue->length != 4 && extnValue->length != 5) ||
2415 if (extnValue->length == 5)
2433 if (usage & mask) {
2434 if (didOne) {
2475 if (pkup.notBefore.length) {
2479 if (pkup.notAfter.length) {
2494 if (string) {
2518 if (value_string)
2609 if (appendGeneralNameContentProperty(properties, generalNameContent.tag,
2628 if (!appendGeneralNameContentProperty(properties,
2669 if (basicConstraints.pathLenConstraint.length != 0) {
2718 if (dp.distributionPoint.length) {
2722 if (distributionPointName.tag ==
2727 } else if (distributionPointName.tag ==
2738 if (dp.reasons.length) {
2745 CFSTR("Cessation Of Operation"),
2754 if (dp.cRLIssuer.length) {
2770 /* Decode a sequence of integers into a comma separated list of ints. */
2784 if (value) {
2792 if (value) {
2798 /* DROPTHOUGH if !value. */
2825 if (pi.policyQualifiers.length == 0)
2847 if (DEROidCompare(&oidQtCps, &pqi.policyQualifierID)) {
2852 } else if (DEROidCompare(&oidQtUNotice, &pqi.policyQualifierID)) {
2860 if (un.noticeRef.length) {
2873 if (un.explicitText.length) {
2925 if (akid.keyIdentifier.length) {
2929 if (akid.authorityCertIssuer.length ||
2963 if (pc.requireExplicitPolicy.length) {
2967 if (pc.inhibitPolicyMapping.length) {
3064 #if 0
3070 * The list of Qualified Cert Statement statementIds we understand, even though
3071 * we don't actually do anything with them; if these are found in a Qualified
3153 #if 1
3156 if (extnID->length == oidSubjectKeyIdentifier.length &&
3207 } else if (extnID->length == oidAuthorityInfoAccess.length &&
3224 } else if (DEROidCompare(extnID, &oidNetscapeCertType)) {
3231 if (!handeled) {
3233 if (appendPrintableDERSequence(properties, CFSTR("Data"), extnValue)) {
3242 if (DEROidCompare(extnID, &oidSubjectKeyIdentifier)) {
3244 } else if (DEROidCompare(extnID, &oidKeyUsage)) {
3246 } else if (DEROidCompare(extnID, &oidPrivateKeyUsagePeriod)) {
3248 } else if (DEROidCompare(extnID, &oidSubjectAltName)) {
3250 } else if (DEROidCompare(extnID, &oidIssuerAltName)) {
3252 } else if (DEROidCompare(extnID, &oidBasicConstraints)) {
3254 } else if (DEROidCompare(extnID, &oidCrlDistributionPoints)) {
3256 } else if (DEROidCompare(extnID, &oidCertificatePolicies)) {
3258 } else if (DEROidCompare(extnID, &oidAuthorityKeyIdentifier)) {
3260 } else if (DEROidCompare(extnID, &oidPolicyConstraints)) {
3262 } else if (DEROidCompare(extnID, &oidExtendedKeyUsage)) {
3264 } else if (DEROidCompare(extnID, &oidAuthorityInfoAccess)) {
3266 } else if (DEROidCompare(extnID, &oidSubjectInfoAccess)) {
3268 } else if (DEROidCompare(extnID, &oidNetscapeCertType)) {
3270 #if 0
3271 } else if (DEROidCompare(extnID, &oidEntrustVersInfo)) {
3276 if (appendPrintableDERSequence(properties, CFSTR("Data"), extnValue)) {
3289 /* Different types of summary types from least desired to most desired. */
3309 if (DEROidCompare(type, &oidCommonName)) {
3312 if ((value->length == sizeof(tfm) + 1) &&
3317 } else if (DEROidCompare(type, &oidOrganizationalUnitName)) {
3319 } else if (DEROidCompare(type, &oidOrganizationName)) {
3321 } else if (DEROidCompare(type, &oidDescription)) {
3322 if (!summary->description) {
3331 /* Use the first field we encounter of the highest priority type. */
3332 if (summary->type < stype) {
3333 if (!string) {
3337 if (string) {
3352 /* If we found a description and a common name we change the summary to
3354 if (summary.description) {
3355 if (summary.type == kSummaryTypeCommonName) {
3364 if (!summary.summary) {
3365 /* If we didn't find a suitable printable string in the subject at all, we try
3368 if (!names) {
3369 /* If we didn't find any email addresses in the certificate, we try finding
3373 if (names) {
3386 /* If we found a description and a common name we change the summary to
3388 if (summary.description) {
3389 if (summary.type == kSummaryTypeCommonName) {
3406 #if 0
3409 if (earliest > certificate->_notAfter)
3422 #if 0
3425 if (latest < certificate->_notBefore)
3460 if (ssummary) {
3465 #if 0
3472 /* Let see if this certificate is currently valid. */
3477 if (verifyTime > certificate->_notAfter) {
3482 } else if (certificate->_notBefore > verifyTime) {
3490 if (verifyTime > last) {
3495 } else if (verifyTime < first) {
3515 if (!certificate->_properties) {
3527 #if 0
3529 if (certificate->_normalizedSubject) {
3549 #if 0
3568 if (certificate->_serialNum.length) {
3574 #if 0
3588 if (certificate->_subjectUniqueID.length) {
3592 if (certificate->_issuerUniqueID.length) {
3627 if (certificate->_serialNumber) {
3687 #if 0
3691 if (status) {
3700 #if 0
3703 if (!signatureCheckOnly) {
3707 /* If present we should check issuerID against the issuer subjectID. */
3709 /* If we have an AuthorityKeyIdentifier extension that has a keyIdentifier
3712 If we have a authorityCertSerialNumber we can use that for chaining.
3713 If we have a authorityCertIssuer we can use that? (or not) */
3722 if (normalizedIssuer && normalizedIssuerSubject &&
3730 /* Get the encodedDigestInfo from the digest of the subject's TBSCert */
3736 if (DEROidCompare(&certificate->_tbsSigAlg.oid, &oidSha1Rsa)) {
3739 } else if(DEROidCompare(&certificate->_tbsSigAlg.oid, &oidMd5Rsa)) {
3742 } else if(DEROidCompare(&certificate->_tbsSigAlg.oid, &oidMd2Rsa)) {
3749 if (crtn) {
3758 if (status) {
3769 if (certificate->_parent) {
3770 /* Setting a certificates issuer twice is only allowed if the new
3775 #if 0
3781 if (!status) {
3782 if (CFEqual(certificate, issuer)) {
3799 if (certificate->_isSelfSigned == kSecSelfSignedUnknown) {
3808 /* Return true iff we were able to set our own parent from one of the
3809 certificates in other_certificates, return false otherwise. If
3819 if (_SecCertificateSetParent(certificate, candidate,
3826 /* Lookup the parent of certificate in the keychain and set it. */
3828 /* FIXME: Search for things other than just subject of our issuer if we
3849 if (status) {
3867 if (certificate->_parent == NULL) {
3868 if (SecCertificateIsSelfSigned(certificate))
3870 if (!other_certificates ||
3873 if (!SecCertificateFindParent(certificate))
3885 if (gnType == GNT_IPAddress) {
3888 if (string) {
3900 if (!certificate->_subjectAltName)
3907 if (status || CFArrayGetCount(ipAddresses) == 0) {
3917 if (gnType == GNT_DNSName) {
3921 if (string) {
3931 /* Return true if the passed in string matches the
3950 <letter> ::= any one of the 52 alphabetic characters A through Z in
3953 <digit> ::= any one of the ten digits 0 through 9
3976 if (ch == '.') {
3983 } else if (('A' <= ch && ch <= 'Z') || ('a' <= ch && ch <= 'z') ||
3986 } else if ('0' <= ch && ch <= '9') {
3987 #if 0
3996 } else if (ch == '-') {
4021 if (DEROidCompare(type, &oidCommonName)) {
4024 if (string) {
4025 if (isDNSName(string)) {
4046 if (certificate->_subjectAltName) {
4052 If a subjectAltName extension of type dNSName is present, that MUST
4054 field in the Subject field of the certificate MUST be used. Although
4055 the use of the Common Name is existing practice, it is deprecated and
4059 This implies that if we found 1 or more DNSNames in the
4060 subjectAltName, we should not use the Common Name of the subject as
4063 if (!status && CFArrayGetCount(dnsNames) == 0) {
4067 if (status || CFArrayGetCount(dnsNames) == 0) {
4077 if (gnType == GNT_RFC822Name) {
4081 if (string) {
4094 if (DEROidCompare(type, &oidEmailAddress)) {
4097 if (string) {
4112 if (certificate->_subjectAltName) {
4116 if (!status) {
4120 if (status || CFArrayGetCount(rfc822Names) == 0) {
4130 if (DEROidCompare(type, &oidCommonName)) {
4133 if (string) {
4149 if (status || CFArrayGetCount(commonNames) == 0) {
4159 if (DEROidCompare(type, &oidOrganizationName)) {
4162 if (string) {
4178 if (status || CFArrayGetCount(organization) == 0) {
4187 if (certificate->_basicConstraints.present)
4195 if (certificate->_policyConstraints.present)
4208 if (certificate->_certificatePolicies.present)
4222 if (gnType == GNT_OtherName) {
4228 if (DEROidCompare(&on.typeIdentifier, &oidMSNTPrincipalName)) {
4247 if (certificate->_subjectAltName) {
4251 if (status || CFArrayGetCount(ntPrincipalNames) == 0) {
4272 /* Prepend a + if this is not the first RDN in an RDN set.
4273 Otherwise prepend a , if this is not the first RDN. */
4274 if (rdnIX > 0)
4276 else if (CFStringGetLength(string)) {
4283 #if 0 // represent all labels as oids
4284 if (DEROidCompare(type, &oidCommonName)) {
4286 } else if (DEROidCompare(type, &oidLocalityName)) {
4288 } else if (DEROidCompare(type, &oidStateOrProvinceName)) {
4290 } else if (DEROidCompare(type, &oidOrganizationName)) {
4292 } else if (DEROidCompare(type, &oidOrganizationalUnitName)) {
4294 } else if (DEROidCompare(type, &oidCountryName)) {
4296 #if 0
4297 } else if (DEROidCompare(type, &oidStreetAddress)) {
4299 } else if (DEROidCompare(type, &oidDomainComponent)) {
4301 } else if (DEROidCompare(type, &oidUserID)) {
4313 if (!oid)
4316 if (raw) {
4318 a space or "#" character occurring at the beginning of the string
4319 a space character occurring at the end of the string
4320 one of the characters ",", "+", """, "\", "<", ">" or ";"
4328 if (ch < 0x20) {
4330 } else if (ch == ',' || ch == '+' || ch == '"' || ch == '\\' ||
4357 if (status || CFStringGetLength(string) == 0) {
4367 if (CFStringGetLength(string) != 0)
4370 if (!DEROidCompare(type, &oidOrganizationName))
4375 if (!raw)
4387 if (status || CFStringGetLength(string) == 0) {
4434 #if 0
4438 if (DEROidCompare(&algId->oid, &oidRsa)) {
4450 if (!certificate->_sha1Digest) {
4462 if (issuer) {
4480 if (NULL == iosCertRef)
4491 if (!certificate->_authorityKeyID &&
4502 if (!certificate->_subjectKeyID &&
4530 /* Since the _subject field is the content of the subject and not the
4565 #if 0
4577 if (label)
4579 if (alias)
4584 if (skid)
4620 if (authorityKeyID) {
4624 if (SecCertificateVersion(certificate) >= 3) {
4648 if (extn->extnID.length == oidExtendedKeyUsage.length &&
4661 if (oid) {
4686 if (!begin || !end)
4690 if (base64_length) {
4708 /* Return an array of CFDataRefs from an array of SecCertificateRefPs. */
4723 if (data && CFGetTypeID(data) == CFDataGetTypeID()) {
4725 if (certificate) {
4733 certificates (ok) is a caller provided array, only its cf type has