1/*
2 * Copyright (c) 2000-2004,2008-2013 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25/*
26
27 File:      oidscert.cpp
28
29 Contains:  Object Identifiers for X509 Certificate Library
30
31 Copyright (c) 1999,2001-2004 Apple Computer, Inc. All Rights Reserved.
32
33 */
34
35#include "oidsbase.h"
36#include "oidscert.h"
37
38/* required until PR-3347430 Security/cdsa/cdsa/oidscert.h is checked
39 * into TOT - pending public API review */
40extern "C" {
41	extern const CSSM_OID CSSMOID_X509V1IssuerNameStd,
42		CSSMOID_X509V1SubjectNameStd;
43}
44
45static const uint8
46
47	/* Certificate OID Fields */
48	X509V3SignedCertificate[]					= {INTEL_X509V3_CERT_R08, 0},
49	X509V3SignedCertificateCStruct[]			= {INTEL_X509V3_CERT_R08, 0, INTEL_X509_C_DATATYPE},
50	X509V3Certificate[]							= {INTEL_X509V3_CERT_R08, 1},
51	X509V3CertificateCStruct[]					= {INTEL_X509V3_CERT_R08, 1, INTEL_X509_C_DATATYPE},
52	X509V1Version[]								= {INTEL_X509V3_CERT_R08, 2},
53	X509V1SerialNumber[]						= {INTEL_X509V3_CERT_R08, 3},
54	X509V1IssuerName[]							= {INTEL_X509V3_CERT_R08, 5},
55	X509V1IssuerNameCStruct[]					= {INTEL_X509V3_CERT_R08, 5, INTEL_X509_C_DATATYPE},
56	X509V1IssuerNameLDAP[]						= {INTEL_X509V3_CERT_R08, 5, INTEL_X509_LDAPSTRING_DATATYPE},
57	X509V1ValidityNotBefore[]					= {INTEL_X509V3_CERT_R08, 6},
58	X509V1ValidityNotAfter[]					= {INTEL_X509V3_CERT_R08, 7},
59	X509V1SubjectName[]							= {INTEL_X509V3_CERT_R08, 8},
60	X509V1SubjectNameCStruct[]					= {INTEL_X509V3_CERT_R08, 8, INTEL_X509_C_DATATYPE},
61	X509V1SubjectNameLDAP[]						= {INTEL_X509V3_CERT_R08, 8, INTEL_X509_LDAPSTRING_DATATYPE},
62	X509V1SubjectPublicKeyAlgorithm[]			= {INTEL_X509V3_CERT_R08, 9},
63	X509V1SubjectPublicKey[]					= {INTEL_X509V3_CERT_R08, 10},
64	X509V1CertificateIssuerUniqueId[]			= {INTEL_X509V3_CERT_R08, 11},
65	X509V1CertificateSubjectUniqueId[]			= {INTEL_X509V3_CERT_R08, 12},
66	X509V3CertificateExtensionStruct[]			= {INTEL_X509V3_CERT_R08, 13},
67	X509V3CertificateExtensionCStruct[]			= {INTEL_X509V3_CERT_R08, 13, INTEL_X509_C_DATATYPE},
68	X509V3CertificateNumberOfExtensions[]		= {INTEL_X509V3_CERT_R08, 14},
69	X509V3CertificateExtensionId[]				= {INTEL_X509V3_CERT_R08, 15},
70	X509V3CertificateExtensionCritical[]		= {INTEL_X509V3_CERT_R08, 16},
71	X509V3CertificateExtensionValue[]			= {INTEL_X509V3_CERT_R08, 17},
72	X509V1SubjectPublicKeyAlgorithmParameters[]	= {INTEL_X509V3_CERT_R08, 18},
73	X509V3CertificateExtensionType[]			= {INTEL_X509V3_CERT_R08, 19},
74	CSSMKeyStruct[]								= {INTEL_X509V3_CERT_R08, 20},
75	X509V1SubjectPublicKeyCStruct[]				= {INTEL_X509V3_CERT_R08, 20, INTEL_X509_C_DATATYPE},
76	X509V3CertificateExtensionsStruct[]			= {INTEL_X509V3_CERT_R08, 21},
77	X509V3CertificateExtensionsCStruct[]		= {INTEL_X509V3_CERT_R08, 21, INTEL_X509_C_DATATYPE},
78	X509V1SubjectNameStd[]						= {INTEL_X509V3_CERT_R08, 22},
79	X509V1IssuerNameStd[]						= {INTEL_X509V3_CERT_R08, 23},
80
81	/* Signature OID Fields */
82	X509V1SignatureStruct[]						= {INTEL_X509V3_SIGN_R08, 0},
83	X509V1SignatureCStruct[]					= {INTEL_X509V3_SIGN_R08, 0, INTEL_X509_C_DATATYPE},
84	/* for the algorithm ID in the cert proper */
85	X509V1SignatureAlgorithm[]					= {INTEL_X509V3_SIGN_R08, 1},
86	/* for the one in TBSCert */
87	X509V1SignatureAlgorithmTBS[]				= {INTEL_X509V3_SIGN_R08, 10},
88	X509V1SignatureAlgorithmParameters[]		= {INTEL_X509V3_SIGN_R08, 3},
89	X509V1Signature[]							= {INTEL_X509V3_SIGN_R08, 2},
90
91	/* Extension OID Fields */
92	SubjectSignatureBitmap[]					= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 1},
93	SubjectPicture[]							= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 2},
94	SubjectEmailAddress[]						= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 3},
95	UseExemptions[]								= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 4};
96
97
98const CSSM_OID
99
100	/* Certificate OIDS */
101	CSSMOID_X509V3SignedCertificate  			= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V3SignedCertificate},
102	CSSMOID_X509V3SignedCertificateCStruct  	= {INTEL_X509V3_CERT_R08_LENGTH+2,
103													(uint8 *)X509V3SignedCertificateCStruct},
104	CSSMOID_X509V3Certificate  					= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V3Certificate},
105	CSSMOID_X509V3CertificateCStruct  			= {INTEL_X509V3_CERT_R08_LENGTH+2,  (uint8 *)X509V3CertificateCStruct},
106	CSSMOID_X509V1Version  						= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1Version},
107	CSSMOID_X509V1SerialNumber  				= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1SerialNumber},
108	CSSMOID_X509V1IssuerName  					= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1IssuerName},
109	CSSMOID_X509V1IssuerNameStd  				= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1IssuerNameStd},
110	CSSMOID_X509V1IssuerNameCStruct  			= {INTEL_X509V3_CERT_R08_LENGTH+2,  (uint8 *)X509V1IssuerNameCStruct},
111	CSSMOID_X509V1IssuerNameLDAP  				= {INTEL_X509V3_CERT_R08_LENGTH+2,  (uint8 *)X509V1IssuerNameLDAP},
112	CSSMOID_X509V1ValidityNotBefore  			= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1ValidityNotBefore},
113	CSSMOID_X509V1ValidityNotAfter  			= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1ValidityNotAfter},
114	CSSMOID_X509V1SubjectName  					= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1SubjectName},
115	CSSMOID_X509V1SubjectNameStd  				= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1SubjectNameStd},
116	CSSMOID_X509V1SubjectNameCStruct  			= {INTEL_X509V3_CERT_R08_LENGTH+2,  (uint8 *)X509V1SubjectNameCStruct},
117	CSSMOID_X509V1SubjectNameLDAP  				= {INTEL_X509V3_CERT_R08_LENGTH+2,  (uint8 *)X509V1SubjectNameLDAP},
118	CSSMOID_CSSMKeyStruct  						= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)CSSMKeyStruct},
119	CSSMOID_X509V1SubjectPublicKeyCStruct  		= {INTEL_X509V3_CERT_R08_LENGTH+2,
120													(uint8 *)X509V1SubjectPublicKeyCStruct},
121	CSSMOID_X509V1SubjectPublicKeyAlgorithm  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
122													(uint8 *)X509V1SubjectPublicKeyAlgorithm},
123	CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters = {INTEL_X509V3_CERT_R08_LENGTH+1,
124													(uint8 *)X509V1SubjectPublicKeyAlgorithmParameters},
125	CSSMOID_X509V1SubjectPublicKey  			= {INTEL_X509V3_CERT_R08_LENGTH+1,  (uint8 *)X509V1SubjectPublicKey},
126	CSSMOID_X509V1CertificateIssuerUniqueId  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
127													(uint8 *)X509V1CertificateIssuerUniqueId},
128	CSSMOID_X509V1CertificateSubjectUniqueId  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
129													(uint8 *)X509V1CertificateSubjectUniqueId},
130	CSSMOID_X509V3CertificateExtensionsStruct  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
131													(uint8 *)X509V3CertificateExtensionsStruct},
132	CSSMOID_X509V3CertificateExtensionsCStruct  = {INTEL_X509V3_CERT_R08_LENGTH+2,
133													(uint8 *)X509V3CertificateExtensionsCStruct},
134	CSSMOID_X509V3CertificateNumberOfExtensions = {INTEL_X509V3_CERT_R08_LENGTH+1,
135													(uint8 *)X509V3CertificateNumberOfExtensions},
136	CSSMOID_X509V3CertificateExtensionStruct  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
137													(uint8 *)X509V3CertificateExtensionStruct},
138	CSSMOID_X509V3CertificateExtensionCStruct  	= {INTEL_X509V3_CERT_R08_LENGTH+2,
139													(uint8 *)X509V3CertificateExtensionCStruct},
140	CSSMOID_X509V3CertificateExtensionId  		= {INTEL_X509V3_CERT_R08_LENGTH+1,
141													(uint8 *)X509V3CertificateExtensionId},
142	CSSMOID_X509V3CertificateExtensionCritical  = {INTEL_X509V3_CERT_R08_LENGTH+1,
143													(uint8 *)X509V3CertificateExtensionCritical},
144	CSSMOID_X509V3CertificateExtensionType  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
145													(uint8 *)X509V3CertificateExtensionType},
146	CSSMOID_X509V3CertificateExtensionValue  	= {INTEL_X509V3_CERT_R08_LENGTH+1,
147													(uint8 *)X509V3CertificateExtensionValue},
148
149	/* Signature OID Fields */
150	CSSMOID_X509V1SignatureStruct  				= {INTEL_X509V3_SIGN_R08_LENGTH+1,  (uint8 *)X509V1SignatureStruct},
151	CSSMOID_X509V1SignatureCStruct  			= {INTEL_X509V3_SIGN_R08_LENGTH+2,  (uint8 *)X509V1SignatureCStruct},
152	CSSMOID_X509V1SignatureAlgorithm  			= {INTEL_X509V3_SIGN_R08_LENGTH+1,  (uint8 *)X509V1SignatureAlgorithm},
153	CSSMOID_X509V1SignatureAlgorithmTBS  		= {INTEL_X509V3_SIGN_R08_LENGTH+1,  (uint8 *)X509V1SignatureAlgorithmTBS},
154	CSSMOID_X509V1SignatureAlgorithmParameters 	= {INTEL_X509V3_SIGN_R08_LENGTH+1,
155													(uint8 *)X509V1SignatureAlgorithmParameters},
156	CSSMOID_X509V1Signature  					= {INTEL_X509V3_SIGN_R08_LENGTH+1,  (uint8 *)X509V1Signature},
157
158	/* Extension OID Fields */
159	CSSMOID_SubjectSignatureBitmap  			= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1,  (uint8 *)SubjectSignatureBitmap},
160	CSSMOID_SubjectPicture  					= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1,  (uint8 *)SubjectPicture},
161	CSSMOID_SubjectEmailAddress 				= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1,  (uint8 *)SubjectEmailAddress},
162	CSSMOID_UseExemptions  						= {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)UseExemptions};
163
164
165/***
166 *** Apple addenda.
167 ***/
168
169/*
170 * Standard Cert extensions.
171 */
172static const uint8
173	OID_SubjectDirectoryAttributes[]	= { OID_EXTENSION, 9 },
174	OID_SubjectKeyIdentifier[] 		 	= { OID_EXTENSION, 14 },
175	OID_KeyUsage[]             		 	= { OID_EXTENSION, 15 },
176	OID_PrivateKeyUsagePeriod[] 	 	= { OID_EXTENSION, 16 },
177	OID_SubjectAltName[]       			= { OID_EXTENSION, 17 },
178	OID_IssuerAltName[]         		= { OID_EXTENSION, 18 },
179	OID_BasicConstraints[]      		= { OID_EXTENSION, 19 },
180	OID_CrlNumber[]             		= { OID_EXTENSION, 20 },
181	OID_CrlReason[]             		= { OID_EXTENSION, 21 },
182	OID_HoldInstructionCode[]   		= { OID_EXTENSION, 23 },
183	OID_InvalidityDate[]        		= { OID_EXTENSION, 24 },
184	OID_DeltaCrlIndicator[]     		= { OID_EXTENSION, 27 },
185	OID_IssuingDistributionPoint[]      = { OID_EXTENSION, 28 },
186	OID_CertIssuer[] 				    = { OID_EXTENSION, 29 },
187	OID_NameConstraints[]       		= { OID_EXTENSION, 30 },
188	OID_CrlDistributionPoints[] 		= { OID_EXTENSION, 31 },
189	OID_CertificatePolicies[]   		= { OID_EXTENSION, 32 },
190	OID_PolicyMappings[]        		= { OID_EXTENSION, 33 },
191	OID_AuthorityKeyIdentifier[]		= { OID_EXTENSION, 35 },
192	OID_PolicyConstraints[]     		= { OID_EXTENSION, 36 },
193	OID_ExtendedKeyUsage[] 				= { OID_EXTENSION, 37 },
194	OID_InhibitAnyPolicy[] 				= { OID_EXTENSION, 54 },
195	OID_AuthorityInfoAccess[]			= { OID_PE, 1 },
196	OID_BiometricInfo[]					= { OID_PE, 2 },
197	OID_QC_Statements[]					= { OID_PE, 3 },
198	OID_SubjectInfoAccess[]				= { OID_PE, 11 },
199
200	/* Individual OIDS appearing in an ExtendedKeyUsage extension */
201	OID_ExtendedKeyUsageAny[] 			= { OID_EXTENSION, 37, 0 },
202	OID_KP_ServerAuth[]					= { OID_KP, 1 },
203	OID_KP_ClientAuth[]					= { OID_KP, 2 },
204	OID_KP_ExtendedUseCodeSigning[]		= { OID_KP, 3 },
205	OID_KP_EmailProtection[]			= { OID_KP, 4 },
206	OID_KP_TimeStamping[]				= { OID_KP, 8 },
207	OID_KP_OCSPSigning[]				= { OID_KP, 9 },
208	/* Kerberos PKINIT Extended Key Use values */
209	OID_KERBv5_PKINIT_KP_CLIENT_AUTH[]	= { OID_KERBv5_PKINIT, 4 },
210	OID_KERBv5_PKINIT_KP_KDC[]			= { OID_KERBv5_PKINIT, 5 },
211	/* IPSec */
212	OID_EKU_IPSec[]						= { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x02, 0x02 },
213
214	/* .mac Certificate Extended Key Use values */
215	OID_DOTMAC_CERT_EXTENSION[]		= { APPLE_DOTMAC_CERT_EXTEN_OID },
216	OID_DOTMAC_CERT_IDENTITY[]		= { APPLE_DOTMAC_CERT_EXTEN_OID, 1 },
217	OID_DOTMAC_CERT_EMAIL_SIGN[]	= { APPLE_DOTMAC_CERT_EXTEN_OID, 2 },
218	OID_DOTMAC_CERT_EMAIL_ENCRYPT[]	= { APPLE_DOTMAC_CERT_EXTEN_OID, 3 },
219	/* Other Apple extended key usage values */
220	OID_APPLE_EKU_CODE_SIGNING[]		= { APPLE_EKU_CODE_SIGNING },
221	OID_APPLE_EKU_CODE_SIGNING_DEV[]	= { APPLE_EKU_CODE_SIGNING, 1 },
222	OID_APPLE_EKU_RESOURCE_SIGNING[]	= { APPLE_EKU_CODE_SIGNING, 4 },
223	OID_APPLE_EKU_ICHAT_SIGNING[]		= { APPLE_EKU_OID, 2 },
224	OID_APPLE_EKU_ICHAT_ENCRYPTION[]	= { APPLE_EKU_OID, 3 },
225	OID_APPLE_EKU_SYSTEM_IDENTITY[]		= { APPLE_EKU_OID, 4 },
226	OID_APPLE_EKU_PASSBOOK_SIGNING[]	= { APPLE_EKU_OID, 14 },
227	OID_APPLE_EKU_PROFILE_SIGNING[]		= { APPLE_EKU_OID, 16 },
228	OID_APPLE_EKU_QA_PROFILE_SIGNING[]	= { APPLE_EKU_OID, 17 },
229	/* Apple cert policies */
230	OID_APPLE_CERT_POLICY[]				= { APPLE_CERT_POLICIES, 1 },
231	OID_DOTMAC_CERT_POLICY[]			= { APPLE_CERT_POLICIES, 2 },
232	OID_ADC_CERT_POLICY[]				= { APPLE_CERT_POLICIES, 3 },
233	OID_APPLE_CERT_POLICY_MACAPPSTORE[] = { APPLE_CERT_POLICIES_MACAPPSTORE },
234	OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT[] = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT },
235	OID_APPLE_CERT_POLICY_APPLEID[] = { APPLE_CERT_POLICIES_APPLEID },
236	OID_APPLE_CERT_POLICY_APPLEID_SHARING[] = { APPLE_CERT_POLICIES_APPLEID_SHARING },
237	OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING },
238	OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING },
239
240    /* Apple-specific extensions */
241    OID_APPLE_EXTENSION[]				= { APPLE_EXTENSION_OID },
242    OID_APPLE_EXTENSION_CODE_SIGNING[]		= { APPLE_EXTENSION_CODE_SIGNING },
243    OID_APPLE_EXTENSION_APPLE_SIGNING[]		= { APPLE_EXTENSION_CODE_SIGNING, 1 },
244    OID_APPLE_EXTENSION_ADC_DEV_SIGNING[]	= { APPLE_EXTENSION_CODE_SIGNING, 2 },
245    OID_APPLE_EXTENSION_ADC_APPLE_SIGNING[]	= { APPLE_EXTENSION_CODE_SIGNING, 3 },
246    OID_APPLE_EXTENSION_PASSBOOK_SIGNING[]	= { APPLE_EXTENSION_CODE_SIGNING, 16 },
247	OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT[] = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT },
248	OID_APPLE_EXTENSION_INTERMEDIATE_MARKER[] = { APPLE_EXTENSION_INTERMEDIATE_MARKER },
249	OID_APPLE_EXTENSION_WWDR_INTERMEDIATE[] = { APPLE_EXTENSION_WWDR_INTERMEDIATE },
250	OID_APPLE_EXTENSION_ITMS_INTERMEDIATE[] = { APPLE_EXTENSION_ITMS_INTERMEDIATE },
251	OID_APPLE_EXTENSION_AAI_INTERMEDIATE[] = { APPLE_EXTENSION_AAI_INTERMEDIATE },
252	OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE[] = { APPLE_EXTENSION_APPLEID_INTERMEDIATE },
253	OID_APPLE_EXTENSION_APPLEID_SHARING[]   = { APPLE_EXTENSION_APPLEID_SHARING },
254	OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE[] = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE },
255	OID_APPLE_EXTENSION_ESCROW_SERVICE[] = { APPLE_EXTENSION_ESCROW_SERVICE }
256;
257
258#define OID_PKCS_CE_LENGTH	OID_EXTENSION_LENGTH + 1
259
260const CSSM_OID
261CSSMOID_SubjectDirectoryAttributes = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectDirectoryAttributes},
262CSSMOID_SubjectKeyIdentifier 	= { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectKeyIdentifier},
263CSSMOID_KeyUsage  				= { OID_PKCS_CE_LENGTH, (uint8 *)OID_KeyUsage},
264CSSMOID_PrivateKeyUsagePeriod  	= { OID_PKCS_CE_LENGTH, (uint8 *)OID_PrivateKeyUsagePeriod},
265CSSMOID_SubjectAltName  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectAltName},
266CSSMOID_IssuerAltName  			= { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuerAltName},
267CSSMOID_BasicConstraints  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_BasicConstraints},
268CSSMOID_CrlNumber  				= { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlNumber},
269CSSMOID_CrlReason  				= { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlReason},
270CSSMOID_HoldInstructionCode  	= { OID_PKCS_CE_LENGTH, (uint8 *)OID_HoldInstructionCode},
271CSSMOID_InvalidityDate  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_InvalidityDate},
272CSSMOID_DeltaCrlIndicator  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_DeltaCrlIndicator},
273CSSMOID_IssuingDistributionPoint = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint},
274/* for backwards compatibility... */
275CSSMOID_IssuingDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint},
276CSSMOID_CertIssuer				= { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertIssuer},
277CSSMOID_NameConstraints  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_NameConstraints},
278CSSMOID_CrlDistributionPoints  	= { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlDistributionPoints},
279CSSMOID_CertificatePolicies  	= { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertificatePolicies},
280CSSMOID_PolicyMappings  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyMappings},
281CSSMOID_PolicyConstraints  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyConstraints},
282CSSMOID_AuthorityKeyIdentifier  = { OID_PKCS_CE_LENGTH, (uint8 *)OID_AuthorityKeyIdentifier},
283CSSMOID_ExtendedKeyUsage  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_ExtendedKeyUsage},
284CSSMOID_InhibitAnyPolicy  		= { OID_PKCS_CE_LENGTH, (uint8 *)OID_InhibitAnyPolicy},
285CSSMOID_AuthorityInfoAccess		= { OID_PE_LENGTH+1, (uint8 *)OID_AuthorityInfoAccess},
286CSSMOID_BiometricInfo			= { OID_PE_LENGTH+1, (uint8 *)OID_BiometricInfo},
287CSSMOID_QC_Statements			= { OID_PE_LENGTH+1, (uint8 *)OID_QC_Statements},
288CSSMOID_SubjectInfoAccess		= { OID_PE_LENGTH+1, (uint8 *)OID_SubjectInfoAccess},
289CSSMOID_ExtendedKeyUsageAny		= { OID_PKCS_CE_LENGTH+1, (uint8 *)OID_ExtendedKeyUsageAny},
290CSSMOID_ServerAuth				= { OID_KP_LENGTH+1, (uint8 *)OID_KP_ServerAuth},
291CSSMOID_ClientAuth				= { OID_KP_LENGTH+1, (uint8 *)OID_KP_ClientAuth},
292CSSMOID_ExtendedUseCodeSigning	= { OID_KP_LENGTH+1, (uint8 *)OID_KP_ExtendedUseCodeSigning},
293CSSMOID_EmailProtection			= { OID_KP_LENGTH+1, (uint8 *)OID_KP_EmailProtection},
294CSSMOID_TimeStamping			= { OID_KP_LENGTH+1, (uint8 *)OID_KP_TimeStamping},
295CSSMOID_OCSPSigning				= { OID_KP_LENGTH+1, (uint8 *)OID_KP_OCSPSigning},
296CSSMOID_KERBv5_PKINIT_KP_CLIENT_AUTH = { OID_KERBv5_PKINIT_LEN + 1,
297										(uint8 *)OID_KERBv5_PKINIT_KP_CLIENT_AUTH },
298CSSMOID_KERBv5_PKINIT_KP_KDC		= { OID_KERBv5_PKINIT_LEN + 1,
299										(uint8 *)OID_KERBv5_PKINIT_KP_KDC },
300CSSMOID_EKU_IPSec					= { 8, (uint8 *)OID_EKU_IPSec },
301CSSMOID_DOTMAC_CERT_EXTENSION		= { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH,
302										(uint8 *)OID_DOTMAC_CERT_EXTENSION },
303CSSMOID_DOTMAC_CERT_IDENTITY		= { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1,
304										(uint8 *)OID_DOTMAC_CERT_IDENTITY },
305CSSMOID_DOTMAC_CERT_EMAIL_SIGN		= { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1,
306										(uint8 *)OID_DOTMAC_CERT_EMAIL_SIGN },
307CSSMOID_DOTMAC_CERT_EMAIL_ENCRYPT	= { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1,
308										(uint8 *)OID_DOTMAC_CERT_EMAIL_ENCRYPT },
309CSSMOID_APPLE_CERT_POLICY			= { APPLE_CERT_POLICIES_LENGTH + 1,
310										(uint8 *)OID_APPLE_CERT_POLICY },
311CSSMOID_DOTMAC_CERT_POLICY			= { APPLE_CERT_POLICIES_LENGTH + 1,
312										(uint8 *)OID_DOTMAC_CERT_POLICY },
313CSSMOID_ADC_CERT_POLICY				= { APPLE_CERT_POLICIES_LENGTH + 1,
314										(uint8 *)OID_ADC_CERT_POLICY },
315CSSMOID_MACAPPSTORE_CERT_POLICY		= { APPLE_CERT_POLICIES_MACAPPSTORE_LENGTH,
316										(uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE },
317CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY	= { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT_LENGTH,
318										(uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT },
319CSSMOID_APPLEID_CERT_POLICY			= { APPLE_CERT_POLICIES_APPLEID_LENGTH,
320										(uint8 *)OID_APPLE_CERT_POLICY_APPLEID },
321CSSMOID_APPLEID_SHARING_CERT_POLICY	= { APPLE_CERT_POLICIES_APPLEID_SHARING_LENGTH,
322										(uint8 *)OID_APPLE_CERT_POLICY_APPLEID_SHARING },
323CSSMOID_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING_LENGTH,
324										(uint8 *)OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING },
325CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY	= { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING_LENGTH,
326										(uint8 *)OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING },
327CSSMOID_APPLE_EKU_CODE_SIGNING		= { APPLE_EKU_CODE_SIGNING_LENGTH,
328										(uint8 *)OID_APPLE_EKU_CODE_SIGNING },
329CSSMOID_APPLE_EKU_CODE_SIGNING_DEV	= { APPLE_EKU_CODE_SIGNING_LENGTH + 1,
330										(uint8 *)OID_APPLE_EKU_CODE_SIGNING_DEV },
331CSSMOID_APPLE_EKU_RESOURCE_SIGNING	= { APPLE_EKU_CODE_SIGNING_LENGTH + 1,
332										(uint8 *)OID_APPLE_EKU_RESOURCE_SIGNING },
333CSSMOID_APPLE_EKU_ICHAT_SIGNING		= { APPLE_EKU_OID_LENGTH + 1,
334										(uint8 *)OID_APPLE_EKU_ICHAT_SIGNING },
335CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION	= { APPLE_EKU_OID_LENGTH + 1,
336										(uint8 *)OID_APPLE_EKU_ICHAT_ENCRYPTION },
337CSSMOID_APPLE_EKU_SYSTEM_IDENTITY	= { APPLE_EKU_OID_LENGTH + 1,
338										(uint8 *)OID_APPLE_EKU_SYSTEM_IDENTITY },
339CSSMOID_APPLE_EKU_PASSBOOK_SIGNING	= { APPLE_EKU_OID_LENGTH + 1,
340										(uint8 *)OID_APPLE_EKU_PASSBOOK_SIGNING },
341CSSMOID_APPLE_EKU_PROFILE_SIGNING	= { APPLE_EKU_OID_LENGTH + 1,
342										(uint8 *)OID_APPLE_EKU_PROFILE_SIGNING },
343CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING	= { APPLE_EKU_OID_LENGTH + 1,
344										(uint8 *)OID_APPLE_EKU_QA_PROFILE_SIGNING },
345CSSMOID_APPLE_EXTENSION				= { APPLE_EXTENSION_OID_LENGTH,
346										(uint8 *)OID_APPLE_EXTENSION },
347CSSMOID_APPLE_EXTENSION_CODE_SIGNING		= { APPLE_EXTENSION_CODE_SIGNING_LENGTH,
348												(uint8 *)OID_APPLE_EXTENSION_CODE_SIGNING },
349CSSMOID_APPLE_EXTENSION_APPLE_SIGNING		= { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1,
350												(uint8 *)OID_APPLE_EXTENSION_APPLE_SIGNING },
351CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING		= { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 2,
352												(uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING },
353CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING	= { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 3,
354												(uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING },
355CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING	= { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1,
356												(uint8 *)OID_APPLE_EXTENSION_PASSBOOK_SIGNING },
357CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT    = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT_LENGTH,
358												(uint8 *)OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT },
359CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER   = { APPLE_EXTENSION_INTERMEDIATE_MARKER_LENGTH,
360												(uint8 *)OID_APPLE_EXTENSION_INTERMEDIATE_MARKER },
361CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE     = { APPLE_EXTENSION_WWDR_INTERMEDIATE_LENGTH,
362												(uint8 *)OID_APPLE_EXTENSION_WWDR_INTERMEDIATE },
363CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE     = { APPLE_EXTENSION_ITMS_INTERMEDIATE_LENGTH,
364												(uint8 *)OID_APPLE_EXTENSION_ITMS_INTERMEDIATE },
365CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE      = { APPLE_EXTENSION_AAI_INTERMEDIATE_LENGTH,
366												(uint8 *)OID_APPLE_EXTENSION_AAI_INTERMEDIATE },
367CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE    = { APPLE_EXTENSION_APPLEID_INTERMEDIATE_LENGTH,
368												(uint8 *)OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE },
369CSSMOID_APPLE_EXTENSION_APPLEID_SHARING         = { APPLE_EXTENSION_APPLEID_SHARING_LENGTH + 1,
370												(uint8 *)OID_APPLE_EXTENSION_APPLEID_SHARING },
371CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE    = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE_LENGTH,
372												(uint8 *)OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE },
373CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE          = { APPLE_EXTENSION_ESCROW_SERVICE_LENGTH + 1,
374												(uint8 *)OID_APPLE_EXTENSION_ESCROW_SERVICE }
375;
376
377/* Apple Intermediate Marker OIDs */
378#define APPLE_CERT_EXT_INTERMEDIATE_MARKER APPLE_CERT_EXT, 2
379/* Apple Apple ID Intermediate Marker */
380#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 3
381/*
382 *  Apple Apple ID Intermediate Marker (New subCA, no longer shared with push notification server cert issuer
383 *
384 *  appleCertificateExtensionAppleIDIntermediate ::=
385 *    { appleCertificateExtensionIntermediateMarker 7 }
386 *    { 1 2 840 113635 100 6 2 7 }
387 */
388#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 7
389
390/*
391 * Netscape extensions.
392 *
393 *  netscape-cert-type OBJECT IDENTIFIER ::=
394 * 		{ 2 16 840 1 113730 1 1 }
395 *
396 *	BER = 06 08 60 86 48 01 86 F8 42 01 01
397 */
398static const uint8 	OID_NetscapeCertType[] 		= {NETSCAPE_CERT_EXTEN, 1};
399const CSSM_OID	CSSMOID_NetscapeCertType 	=
400	{NETSCAPE_CERT_EXTEN_LENGTH + 1, (uint8 *)OID_NetscapeCertType};
401
402/*
403 * netscape-cert-sequence ::= { 2 16 840 1 113730 2 5 }
404 *
405 * BER = 06 09 60 86 48 01 86 F8 42 02 05
406 */
407static const uint8  OID_NetscapeCertSequence[]  =  { NETSCAPE_BASE_OID, 2, 5 };
408const CSSM_OID CSSMOID_NetscapeCertSequence		=
409	{ NETSCAPE_BASE_OID_LEN + 2, (uint8 *)OID_NetscapeCertSequence };
410
411/*
412 * Netscape version of ServerGatedCrypto ExtendedKeyUse.
413 * OID { 2 16 840 1 113730 4 1 }
414 */
415static const uint8 OID_Netscape_SGC[] = {NETSCAPE_CERT_POLICY, 1};
416const CSSM_OID CSSMOID_NetscapeSGC 	=
417	{NETSCAPE_CERT_POLICY_LENGTH + 1, (uint8 *)OID_Netscape_SGC};
418
419/*
420 * Microsoft version of ServerGatedCrypto ExtendedKeyUse.
421 * OID { 1 3 6 1 4 1 311 10 3 3 }
422 */
423static const uint8 OID_Microsoft_SGC[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x03};
424const CSSM_OID CSSMOID_MicrosoftSGC 	=
425	{10, (uint8 *)OID_Microsoft_SGC};
426
427/*
428 * .mac Certificate Extended Key Use values.
429 */
430