1/* 2 * Copyright (c) 2000-2004,2008-2013 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25/* 26 27 File: oidscert.cpp 28 29 Contains: Object Identifiers for X509 Certificate Library 30 31 Copyright (c) 1999,2001-2004 Apple Computer, Inc. All Rights Reserved. 32 33 */ 34 35#include "oidsbase.h" 36#include "oidscert.h" 37 38/* required until PR-3347430 Security/cdsa/cdsa/oidscert.h is checked 39 * into TOT - pending public API review */ 40extern "C" { 41 extern const CSSM_OID CSSMOID_X509V1IssuerNameStd, 42 CSSMOID_X509V1SubjectNameStd; 43} 44 45static const uint8 46 47 /* Certificate OID Fields */ 48 X509V3SignedCertificate[] = {INTEL_X509V3_CERT_R08, 0}, 49 X509V3SignedCertificateCStruct[] = {INTEL_X509V3_CERT_R08, 0, INTEL_X509_C_DATATYPE}, 50 X509V3Certificate[] = {INTEL_X509V3_CERT_R08, 1}, 51 X509V3CertificateCStruct[] = {INTEL_X509V3_CERT_R08, 1, INTEL_X509_C_DATATYPE}, 52 X509V1Version[] = {INTEL_X509V3_CERT_R08, 2}, 53 X509V1SerialNumber[] = {INTEL_X509V3_CERT_R08, 3}, 54 X509V1IssuerName[] = {INTEL_X509V3_CERT_R08, 5}, 55 X509V1IssuerNameCStruct[] = {INTEL_X509V3_CERT_R08, 5, INTEL_X509_C_DATATYPE}, 56 X509V1IssuerNameLDAP[] = {INTEL_X509V3_CERT_R08, 5, INTEL_X509_LDAPSTRING_DATATYPE}, 57 X509V1ValidityNotBefore[] = {INTEL_X509V3_CERT_R08, 6}, 58 X509V1ValidityNotAfter[] = {INTEL_X509V3_CERT_R08, 7}, 59 X509V1SubjectName[] = {INTEL_X509V3_CERT_R08, 8}, 60 X509V1SubjectNameCStruct[] = {INTEL_X509V3_CERT_R08, 8, INTEL_X509_C_DATATYPE}, 61 X509V1SubjectNameLDAP[] = {INTEL_X509V3_CERT_R08, 8, INTEL_X509_LDAPSTRING_DATATYPE}, 62 X509V1SubjectPublicKeyAlgorithm[] = {INTEL_X509V3_CERT_R08, 9}, 63 X509V1SubjectPublicKey[] = {INTEL_X509V3_CERT_R08, 10}, 64 X509V1CertificateIssuerUniqueId[] = {INTEL_X509V3_CERT_R08, 11}, 65 X509V1CertificateSubjectUniqueId[] = {INTEL_X509V3_CERT_R08, 12}, 66 X509V3CertificateExtensionStruct[] = {INTEL_X509V3_CERT_R08, 13}, 67 X509V3CertificateExtensionCStruct[] = {INTEL_X509V3_CERT_R08, 13, INTEL_X509_C_DATATYPE}, 68 X509V3CertificateNumberOfExtensions[] = {INTEL_X509V3_CERT_R08, 14}, 69 X509V3CertificateExtensionId[] = {INTEL_X509V3_CERT_R08, 15}, 70 X509V3CertificateExtensionCritical[] = {INTEL_X509V3_CERT_R08, 16}, 71 X509V3CertificateExtensionValue[] = {INTEL_X509V3_CERT_R08, 17}, 72 X509V1SubjectPublicKeyAlgorithmParameters[] = {INTEL_X509V3_CERT_R08, 18}, 73 X509V3CertificateExtensionType[] = {INTEL_X509V3_CERT_R08, 19}, 74 CSSMKeyStruct[] = {INTEL_X509V3_CERT_R08, 20}, 75 X509V1SubjectPublicKeyCStruct[] = {INTEL_X509V3_CERT_R08, 20, INTEL_X509_C_DATATYPE}, 76 X509V3CertificateExtensionsStruct[] = {INTEL_X509V3_CERT_R08, 21}, 77 X509V3CertificateExtensionsCStruct[] = {INTEL_X509V3_CERT_R08, 21, INTEL_X509_C_DATATYPE}, 78 X509V1SubjectNameStd[] = {INTEL_X509V3_CERT_R08, 22}, 79 X509V1IssuerNameStd[] = {INTEL_X509V3_CERT_R08, 23}, 80 81 /* Signature OID Fields */ 82 X509V1SignatureStruct[] = {INTEL_X509V3_SIGN_R08, 0}, 83 X509V1SignatureCStruct[] = {INTEL_X509V3_SIGN_R08, 0, INTEL_X509_C_DATATYPE}, 84 /* for the algorithm ID in the cert proper */ 85 X509V1SignatureAlgorithm[] = {INTEL_X509V3_SIGN_R08, 1}, 86 /* for the one in TBSCert */ 87 X509V1SignatureAlgorithmTBS[] = {INTEL_X509V3_SIGN_R08, 10}, 88 X509V1SignatureAlgorithmParameters[] = {INTEL_X509V3_SIGN_R08, 3}, 89 X509V1Signature[] = {INTEL_X509V3_SIGN_R08, 2}, 90 91 /* Extension OID Fields */ 92 SubjectSignatureBitmap[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 1}, 93 SubjectPicture[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 2}, 94 SubjectEmailAddress[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 3}, 95 UseExemptions[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 4}; 96 97 98const CSSM_OID 99 100 /* Certificate OIDS */ 101 CSSMOID_X509V3SignedCertificate = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V3SignedCertificate}, 102 CSSMOID_X509V3SignedCertificateCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 103 (uint8 *)X509V3SignedCertificateCStruct}, 104 CSSMOID_X509V3Certificate = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V3Certificate}, 105 CSSMOID_X509V3CertificateCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V3CertificateCStruct}, 106 CSSMOID_X509V1Version = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1Version}, 107 CSSMOID_X509V1SerialNumber = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SerialNumber}, 108 CSSMOID_X509V1IssuerName = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1IssuerName}, 109 CSSMOID_X509V1IssuerNameStd = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1IssuerNameStd}, 110 CSSMOID_X509V1IssuerNameCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1IssuerNameCStruct}, 111 CSSMOID_X509V1IssuerNameLDAP = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1IssuerNameLDAP}, 112 CSSMOID_X509V1ValidityNotBefore = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1ValidityNotBefore}, 113 CSSMOID_X509V1ValidityNotAfter = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1ValidityNotAfter}, 114 CSSMOID_X509V1SubjectName = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectName}, 115 CSSMOID_X509V1SubjectNameStd = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectNameStd}, 116 CSSMOID_X509V1SubjectNameCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1SubjectNameCStruct}, 117 CSSMOID_X509V1SubjectNameLDAP = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1SubjectNameLDAP}, 118 CSSMOID_CSSMKeyStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)CSSMKeyStruct}, 119 CSSMOID_X509V1SubjectPublicKeyCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 120 (uint8 *)X509V1SubjectPublicKeyCStruct}, 121 CSSMOID_X509V1SubjectPublicKeyAlgorithm = {INTEL_X509V3_CERT_R08_LENGTH+1, 122 (uint8 *)X509V1SubjectPublicKeyAlgorithm}, 123 CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters = {INTEL_X509V3_CERT_R08_LENGTH+1, 124 (uint8 *)X509V1SubjectPublicKeyAlgorithmParameters}, 125 CSSMOID_X509V1SubjectPublicKey = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectPublicKey}, 126 CSSMOID_X509V1CertificateIssuerUniqueId = {INTEL_X509V3_CERT_R08_LENGTH+1, 127 (uint8 *)X509V1CertificateIssuerUniqueId}, 128 CSSMOID_X509V1CertificateSubjectUniqueId = {INTEL_X509V3_CERT_R08_LENGTH+1, 129 (uint8 *)X509V1CertificateSubjectUniqueId}, 130 CSSMOID_X509V3CertificateExtensionsStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, 131 (uint8 *)X509V3CertificateExtensionsStruct}, 132 CSSMOID_X509V3CertificateExtensionsCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 133 (uint8 *)X509V3CertificateExtensionsCStruct}, 134 CSSMOID_X509V3CertificateNumberOfExtensions = {INTEL_X509V3_CERT_R08_LENGTH+1, 135 (uint8 *)X509V3CertificateNumberOfExtensions}, 136 CSSMOID_X509V3CertificateExtensionStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, 137 (uint8 *)X509V3CertificateExtensionStruct}, 138 CSSMOID_X509V3CertificateExtensionCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, 139 (uint8 *)X509V3CertificateExtensionCStruct}, 140 CSSMOID_X509V3CertificateExtensionId = {INTEL_X509V3_CERT_R08_LENGTH+1, 141 (uint8 *)X509V3CertificateExtensionId}, 142 CSSMOID_X509V3CertificateExtensionCritical = {INTEL_X509V3_CERT_R08_LENGTH+1, 143 (uint8 *)X509V3CertificateExtensionCritical}, 144 CSSMOID_X509V3CertificateExtensionType = {INTEL_X509V3_CERT_R08_LENGTH+1, 145 (uint8 *)X509V3CertificateExtensionType}, 146 CSSMOID_X509V3CertificateExtensionValue = {INTEL_X509V3_CERT_R08_LENGTH+1, 147 (uint8 *)X509V3CertificateExtensionValue}, 148 149 /* Signature OID Fields */ 150 CSSMOID_X509V1SignatureStruct = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureStruct}, 151 CSSMOID_X509V1SignatureCStruct = {INTEL_X509V3_SIGN_R08_LENGTH+2, (uint8 *)X509V1SignatureCStruct}, 152 CSSMOID_X509V1SignatureAlgorithm = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureAlgorithm}, 153 CSSMOID_X509V1SignatureAlgorithmTBS = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureAlgorithmTBS}, 154 CSSMOID_X509V1SignatureAlgorithmParameters = {INTEL_X509V3_SIGN_R08_LENGTH+1, 155 (uint8 *)X509V1SignatureAlgorithmParameters}, 156 CSSMOID_X509V1Signature = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1Signature}, 157 158 /* Extension OID Fields */ 159 CSSMOID_SubjectSignatureBitmap = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectSignatureBitmap}, 160 CSSMOID_SubjectPicture = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectPicture}, 161 CSSMOID_SubjectEmailAddress = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectEmailAddress}, 162 CSSMOID_UseExemptions = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)UseExemptions}; 163 164 165/*** 166 *** Apple addenda. 167 ***/ 168 169/* 170 * Standard Cert extensions. 171 */ 172static const uint8 173 OID_SubjectDirectoryAttributes[] = { OID_EXTENSION, 9 }, 174 OID_SubjectKeyIdentifier[] = { OID_EXTENSION, 14 }, 175 OID_KeyUsage[] = { OID_EXTENSION, 15 }, 176 OID_PrivateKeyUsagePeriod[] = { OID_EXTENSION, 16 }, 177 OID_SubjectAltName[] = { OID_EXTENSION, 17 }, 178 OID_IssuerAltName[] = { OID_EXTENSION, 18 }, 179 OID_BasicConstraints[] = { OID_EXTENSION, 19 }, 180 OID_CrlNumber[] = { OID_EXTENSION, 20 }, 181 OID_CrlReason[] = { OID_EXTENSION, 21 }, 182 OID_HoldInstructionCode[] = { OID_EXTENSION, 23 }, 183 OID_InvalidityDate[] = { OID_EXTENSION, 24 }, 184 OID_DeltaCrlIndicator[] = { OID_EXTENSION, 27 }, 185 OID_IssuingDistributionPoint[] = { OID_EXTENSION, 28 }, 186 OID_CertIssuer[] = { OID_EXTENSION, 29 }, 187 OID_NameConstraints[] = { OID_EXTENSION, 30 }, 188 OID_CrlDistributionPoints[] = { OID_EXTENSION, 31 }, 189 OID_CertificatePolicies[] = { OID_EXTENSION, 32 }, 190 OID_PolicyMappings[] = { OID_EXTENSION, 33 }, 191 OID_AuthorityKeyIdentifier[] = { OID_EXTENSION, 35 }, 192 OID_PolicyConstraints[] = { OID_EXTENSION, 36 }, 193 OID_ExtendedKeyUsage[] = { OID_EXTENSION, 37 }, 194 OID_InhibitAnyPolicy[] = { OID_EXTENSION, 54 }, 195 OID_AuthorityInfoAccess[] = { OID_PE, 1 }, 196 OID_BiometricInfo[] = { OID_PE, 2 }, 197 OID_QC_Statements[] = { OID_PE, 3 }, 198 OID_SubjectInfoAccess[] = { OID_PE, 11 }, 199 200 /* Individual OIDS appearing in an ExtendedKeyUsage extension */ 201 OID_ExtendedKeyUsageAny[] = { OID_EXTENSION, 37, 0 }, 202 OID_KP_ServerAuth[] = { OID_KP, 1 }, 203 OID_KP_ClientAuth[] = { OID_KP, 2 }, 204 OID_KP_ExtendedUseCodeSigning[] = { OID_KP, 3 }, 205 OID_KP_EmailProtection[] = { OID_KP, 4 }, 206 OID_KP_TimeStamping[] = { OID_KP, 8 }, 207 OID_KP_OCSPSigning[] = { OID_KP, 9 }, 208 /* Kerberos PKINIT Extended Key Use values */ 209 OID_KERBv5_PKINIT_KP_CLIENT_AUTH[] = { OID_KERBv5_PKINIT, 4 }, 210 OID_KERBv5_PKINIT_KP_KDC[] = { OID_KERBv5_PKINIT, 5 }, 211 /* IPSec */ 212 OID_EKU_IPSec[] = { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x02, 0x02 }, 213 214 /* .mac Certificate Extended Key Use values */ 215 OID_DOTMAC_CERT_EXTENSION[] = { APPLE_DOTMAC_CERT_EXTEN_OID }, 216 OID_DOTMAC_CERT_IDENTITY[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 1 }, 217 OID_DOTMAC_CERT_EMAIL_SIGN[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 2 }, 218 OID_DOTMAC_CERT_EMAIL_ENCRYPT[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 3 }, 219 /* Other Apple extended key usage values */ 220 OID_APPLE_EKU_CODE_SIGNING[] = { APPLE_EKU_CODE_SIGNING }, 221 OID_APPLE_EKU_CODE_SIGNING_DEV[] = { APPLE_EKU_CODE_SIGNING, 1 }, 222 OID_APPLE_EKU_RESOURCE_SIGNING[] = { APPLE_EKU_CODE_SIGNING, 4 }, 223 OID_APPLE_EKU_ICHAT_SIGNING[] = { APPLE_EKU_OID, 2 }, 224 OID_APPLE_EKU_ICHAT_ENCRYPTION[] = { APPLE_EKU_OID, 3 }, 225 OID_APPLE_EKU_SYSTEM_IDENTITY[] = { APPLE_EKU_OID, 4 }, 226 OID_APPLE_EKU_PASSBOOK_SIGNING[] = { APPLE_EKU_OID, 14 }, 227 OID_APPLE_EKU_PROFILE_SIGNING[] = { APPLE_EKU_OID, 16 }, 228 OID_APPLE_EKU_QA_PROFILE_SIGNING[] = { APPLE_EKU_OID, 17 }, 229 /* Apple cert policies */ 230 OID_APPLE_CERT_POLICY[] = { APPLE_CERT_POLICIES, 1 }, 231 OID_DOTMAC_CERT_POLICY[] = { APPLE_CERT_POLICIES, 2 }, 232 OID_ADC_CERT_POLICY[] = { APPLE_CERT_POLICIES, 3 }, 233 OID_APPLE_CERT_POLICY_MACAPPSTORE[] = { APPLE_CERT_POLICIES_MACAPPSTORE }, 234 OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT[] = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT }, 235 OID_APPLE_CERT_POLICY_APPLEID[] = { APPLE_CERT_POLICIES_APPLEID }, 236 OID_APPLE_CERT_POLICY_APPLEID_SHARING[] = { APPLE_CERT_POLICIES_APPLEID_SHARING }, 237 OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING }, 238 OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING }, 239 240 /* Apple-specific extensions */ 241 OID_APPLE_EXTENSION[] = { APPLE_EXTENSION_OID }, 242 OID_APPLE_EXTENSION_CODE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING }, 243 OID_APPLE_EXTENSION_APPLE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 1 }, 244 OID_APPLE_EXTENSION_ADC_DEV_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 2 }, 245 OID_APPLE_EXTENSION_ADC_APPLE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 3 }, 246 OID_APPLE_EXTENSION_PASSBOOK_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 16 }, 247 OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT[] = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT }, 248 OID_APPLE_EXTENSION_INTERMEDIATE_MARKER[] = { APPLE_EXTENSION_INTERMEDIATE_MARKER }, 249 OID_APPLE_EXTENSION_WWDR_INTERMEDIATE[] = { APPLE_EXTENSION_WWDR_INTERMEDIATE }, 250 OID_APPLE_EXTENSION_ITMS_INTERMEDIATE[] = { APPLE_EXTENSION_ITMS_INTERMEDIATE }, 251 OID_APPLE_EXTENSION_AAI_INTERMEDIATE[] = { APPLE_EXTENSION_AAI_INTERMEDIATE }, 252 OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE[] = { APPLE_EXTENSION_APPLEID_INTERMEDIATE }, 253 OID_APPLE_EXTENSION_APPLEID_SHARING[] = { APPLE_EXTENSION_APPLEID_SHARING }, 254 OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE[] = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE }, 255 OID_APPLE_EXTENSION_ESCROW_SERVICE[] = { APPLE_EXTENSION_ESCROW_SERVICE } 256; 257 258#define OID_PKCS_CE_LENGTH OID_EXTENSION_LENGTH + 1 259 260const CSSM_OID 261CSSMOID_SubjectDirectoryAttributes = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectDirectoryAttributes}, 262CSSMOID_SubjectKeyIdentifier = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectKeyIdentifier}, 263CSSMOID_KeyUsage = { OID_PKCS_CE_LENGTH, (uint8 *)OID_KeyUsage}, 264CSSMOID_PrivateKeyUsagePeriod = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PrivateKeyUsagePeriod}, 265CSSMOID_SubjectAltName = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectAltName}, 266CSSMOID_IssuerAltName = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuerAltName}, 267CSSMOID_BasicConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_BasicConstraints}, 268CSSMOID_CrlNumber = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlNumber}, 269CSSMOID_CrlReason = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlReason}, 270CSSMOID_HoldInstructionCode = { OID_PKCS_CE_LENGTH, (uint8 *)OID_HoldInstructionCode}, 271CSSMOID_InvalidityDate = { OID_PKCS_CE_LENGTH, (uint8 *)OID_InvalidityDate}, 272CSSMOID_DeltaCrlIndicator = { OID_PKCS_CE_LENGTH, (uint8 *)OID_DeltaCrlIndicator}, 273CSSMOID_IssuingDistributionPoint = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint}, 274/* for backwards compatibility... */ 275CSSMOID_IssuingDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint}, 276CSSMOID_CertIssuer = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertIssuer}, 277CSSMOID_NameConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_NameConstraints}, 278CSSMOID_CrlDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlDistributionPoints}, 279CSSMOID_CertificatePolicies = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertificatePolicies}, 280CSSMOID_PolicyMappings = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyMappings}, 281CSSMOID_PolicyConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyConstraints}, 282CSSMOID_AuthorityKeyIdentifier = { OID_PKCS_CE_LENGTH, (uint8 *)OID_AuthorityKeyIdentifier}, 283CSSMOID_ExtendedKeyUsage = { OID_PKCS_CE_LENGTH, (uint8 *)OID_ExtendedKeyUsage}, 284CSSMOID_InhibitAnyPolicy = { OID_PKCS_CE_LENGTH, (uint8 *)OID_InhibitAnyPolicy}, 285CSSMOID_AuthorityInfoAccess = { OID_PE_LENGTH+1, (uint8 *)OID_AuthorityInfoAccess}, 286CSSMOID_BiometricInfo = { OID_PE_LENGTH+1, (uint8 *)OID_BiometricInfo}, 287CSSMOID_QC_Statements = { OID_PE_LENGTH+1, (uint8 *)OID_QC_Statements}, 288CSSMOID_SubjectInfoAccess = { OID_PE_LENGTH+1, (uint8 *)OID_SubjectInfoAccess}, 289CSSMOID_ExtendedKeyUsageAny = { OID_PKCS_CE_LENGTH+1, (uint8 *)OID_ExtendedKeyUsageAny}, 290CSSMOID_ServerAuth = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ServerAuth}, 291CSSMOID_ClientAuth = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ClientAuth}, 292CSSMOID_ExtendedUseCodeSigning = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ExtendedUseCodeSigning}, 293CSSMOID_EmailProtection = { OID_KP_LENGTH+1, (uint8 *)OID_KP_EmailProtection}, 294CSSMOID_TimeStamping = { OID_KP_LENGTH+1, (uint8 *)OID_KP_TimeStamping}, 295CSSMOID_OCSPSigning = { OID_KP_LENGTH+1, (uint8 *)OID_KP_OCSPSigning}, 296CSSMOID_KERBv5_PKINIT_KP_CLIENT_AUTH = { OID_KERBv5_PKINIT_LEN + 1, 297 (uint8 *)OID_KERBv5_PKINIT_KP_CLIENT_AUTH }, 298CSSMOID_KERBv5_PKINIT_KP_KDC = { OID_KERBv5_PKINIT_LEN + 1, 299 (uint8 *)OID_KERBv5_PKINIT_KP_KDC }, 300CSSMOID_EKU_IPSec = { 8, (uint8 *)OID_EKU_IPSec }, 301CSSMOID_DOTMAC_CERT_EXTENSION = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH, 302 (uint8 *)OID_DOTMAC_CERT_EXTENSION }, 303CSSMOID_DOTMAC_CERT_IDENTITY = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1, 304 (uint8 *)OID_DOTMAC_CERT_IDENTITY }, 305CSSMOID_DOTMAC_CERT_EMAIL_SIGN = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1, 306 (uint8 *)OID_DOTMAC_CERT_EMAIL_SIGN }, 307CSSMOID_DOTMAC_CERT_EMAIL_ENCRYPT = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1, 308 (uint8 *)OID_DOTMAC_CERT_EMAIL_ENCRYPT }, 309CSSMOID_APPLE_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1, 310 (uint8 *)OID_APPLE_CERT_POLICY }, 311CSSMOID_DOTMAC_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1, 312 (uint8 *)OID_DOTMAC_CERT_POLICY }, 313CSSMOID_ADC_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1, 314 (uint8 *)OID_ADC_CERT_POLICY }, 315CSSMOID_MACAPPSTORE_CERT_POLICY = { APPLE_CERT_POLICIES_MACAPPSTORE_LENGTH, 316 (uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE }, 317CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT_LENGTH, 318 (uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT }, 319CSSMOID_APPLEID_CERT_POLICY = { APPLE_CERT_POLICIES_APPLEID_LENGTH, 320 (uint8 *)OID_APPLE_CERT_POLICY_APPLEID }, 321CSSMOID_APPLEID_SHARING_CERT_POLICY = { APPLE_CERT_POLICIES_APPLEID_SHARING_LENGTH, 322 (uint8 *)OID_APPLE_CERT_POLICY_APPLEID_SHARING }, 323CSSMOID_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING_LENGTH, 324 (uint8 *)OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING }, 325CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING_LENGTH, 326 (uint8 *)OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING }, 327CSSMOID_APPLE_EKU_CODE_SIGNING = { APPLE_EKU_CODE_SIGNING_LENGTH, 328 (uint8 *)OID_APPLE_EKU_CODE_SIGNING }, 329CSSMOID_APPLE_EKU_CODE_SIGNING_DEV = { APPLE_EKU_CODE_SIGNING_LENGTH + 1, 330 (uint8 *)OID_APPLE_EKU_CODE_SIGNING_DEV }, 331CSSMOID_APPLE_EKU_RESOURCE_SIGNING = { APPLE_EKU_CODE_SIGNING_LENGTH + 1, 332 (uint8 *)OID_APPLE_EKU_RESOURCE_SIGNING }, 333CSSMOID_APPLE_EKU_ICHAT_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 334 (uint8 *)OID_APPLE_EKU_ICHAT_SIGNING }, 335CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION = { APPLE_EKU_OID_LENGTH + 1, 336 (uint8 *)OID_APPLE_EKU_ICHAT_ENCRYPTION }, 337CSSMOID_APPLE_EKU_SYSTEM_IDENTITY = { APPLE_EKU_OID_LENGTH + 1, 338 (uint8 *)OID_APPLE_EKU_SYSTEM_IDENTITY }, 339CSSMOID_APPLE_EKU_PASSBOOK_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 340 (uint8 *)OID_APPLE_EKU_PASSBOOK_SIGNING }, 341CSSMOID_APPLE_EKU_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 342 (uint8 *)OID_APPLE_EKU_PROFILE_SIGNING }, 343CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1, 344 (uint8 *)OID_APPLE_EKU_QA_PROFILE_SIGNING }, 345CSSMOID_APPLE_EXTENSION = { APPLE_EXTENSION_OID_LENGTH, 346 (uint8 *)OID_APPLE_EXTENSION }, 347CSSMOID_APPLE_EXTENSION_CODE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH, 348 (uint8 *)OID_APPLE_EXTENSION_CODE_SIGNING }, 349CSSMOID_APPLE_EXTENSION_APPLE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1, 350 (uint8 *)OID_APPLE_EXTENSION_APPLE_SIGNING }, 351CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 2, 352 (uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING }, 353CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 3, 354 (uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING }, 355CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1, 356 (uint8 *)OID_APPLE_EXTENSION_PASSBOOK_SIGNING }, 357CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT_LENGTH, 358 (uint8 *)OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT }, 359CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER = { APPLE_EXTENSION_INTERMEDIATE_MARKER_LENGTH, 360 (uint8 *)OID_APPLE_EXTENSION_INTERMEDIATE_MARKER }, 361CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE = { APPLE_EXTENSION_WWDR_INTERMEDIATE_LENGTH, 362 (uint8 *)OID_APPLE_EXTENSION_WWDR_INTERMEDIATE }, 363CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE = { APPLE_EXTENSION_ITMS_INTERMEDIATE_LENGTH, 364 (uint8 *)OID_APPLE_EXTENSION_ITMS_INTERMEDIATE }, 365CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE = { APPLE_EXTENSION_AAI_INTERMEDIATE_LENGTH, 366 (uint8 *)OID_APPLE_EXTENSION_AAI_INTERMEDIATE }, 367CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE = { APPLE_EXTENSION_APPLEID_INTERMEDIATE_LENGTH, 368 (uint8 *)OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE }, 369CSSMOID_APPLE_EXTENSION_APPLEID_SHARING = { APPLE_EXTENSION_APPLEID_SHARING_LENGTH + 1, 370 (uint8 *)OID_APPLE_EXTENSION_APPLEID_SHARING }, 371CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE_LENGTH, 372 (uint8 *)OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE }, 373CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE = { APPLE_EXTENSION_ESCROW_SERVICE_LENGTH + 1, 374 (uint8 *)OID_APPLE_EXTENSION_ESCROW_SERVICE } 375; 376 377/* Apple Intermediate Marker OIDs */ 378#define APPLE_CERT_EXT_INTERMEDIATE_MARKER APPLE_CERT_EXT, 2 379/* Apple Apple ID Intermediate Marker */ 380#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 3 381/* 382 * Apple Apple ID Intermediate Marker (New subCA, no longer shared with push notification server cert issuer 383 * 384 * appleCertificateExtensionAppleIDIntermediate ::= 385 * { appleCertificateExtensionIntermediateMarker 7 } 386 * { 1 2 840 113635 100 6 2 7 } 387 */ 388#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 7 389 390/* 391 * Netscape extensions. 392 * 393 * netscape-cert-type OBJECT IDENTIFIER ::= 394 * { 2 16 840 1 113730 1 1 } 395 * 396 * BER = 06 08 60 86 48 01 86 F8 42 01 01 397 */ 398static const uint8 OID_NetscapeCertType[] = {NETSCAPE_CERT_EXTEN, 1}; 399const CSSM_OID CSSMOID_NetscapeCertType = 400 {NETSCAPE_CERT_EXTEN_LENGTH + 1, (uint8 *)OID_NetscapeCertType}; 401 402/* 403 * netscape-cert-sequence ::= { 2 16 840 1 113730 2 5 } 404 * 405 * BER = 06 09 60 86 48 01 86 F8 42 02 05 406 */ 407static const uint8 OID_NetscapeCertSequence[] = { NETSCAPE_BASE_OID, 2, 5 }; 408const CSSM_OID CSSMOID_NetscapeCertSequence = 409 { NETSCAPE_BASE_OID_LEN + 2, (uint8 *)OID_NetscapeCertSequence }; 410 411/* 412 * Netscape version of ServerGatedCrypto ExtendedKeyUse. 413 * OID { 2 16 840 1 113730 4 1 } 414 */ 415static const uint8 OID_Netscape_SGC[] = {NETSCAPE_CERT_POLICY, 1}; 416const CSSM_OID CSSMOID_NetscapeSGC = 417 {NETSCAPE_CERT_POLICY_LENGTH + 1, (uint8 *)OID_Netscape_SGC}; 418 419/* 420 * Microsoft version of ServerGatedCrypto ExtendedKeyUse. 421 * OID { 1 3 6 1 4 1 311 10 3 3 } 422 */ 423static const uint8 OID_Microsoft_SGC[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x03}; 424const CSSM_OID CSSMOID_MicrosoftSGC = 425 {10, (uint8 *)OID_Microsoft_SGC}; 426 427/* 428 * .mac Certificate Extended Key Use values. 429 */ 430