certedef.c
来自「提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发」· C语言 代码 · 共 1,651 行 · 第 1/5 页
C
1,651 行
/* certificateIssuer:
OID = 2 5 29 29
critical = TRUE
certificateIssuer SEQUENCE OF GeneralName -- GeneralNames */
{ MKOID( "\x06\x03\x55\x1D\x1D" ), 0,
MKDESC( "certificateIssuer" )
BER_SEQUENCE, 0,
FL_MORE | FL_CRITICAL | FL_VALID_CRL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTIFICATEISSUER,
MKDESC( "certificateIssuer.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_SEQEND, 0, 0, 0, ( void * ) generalNameInfo },
/* nameConstraints
OID = 2 5 29 30
critical = TRUE
SEQUENCE {
permittedSubtrees [ 0 ] SEQUENCE OF {
SEQUENCE { GeneralName }
} OPTIONAL,
excludedSubtrees [ 1 ] SEQUENCE OF {
SEQUENCE { GeneralName }
} OPTIONAL,
} */
{ MKOID( "\x06\x03\x55\x1D\x1E" ), CRYPT_CERTINFO_NAMECONSTRAINTS,
MKDESC( "nameConstraints" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT | FL_VALID_ATTRCERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "nameConstraints.permittedSubtrees" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "nameConstraints.permittedSubtrees.sequenceOf" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF_VARIABLE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_PERMITTEDSUBTREES,
MKDESC( "nameConstraints.permittedSubtrees.sequenceOf.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, 0,
MKDESC( "nameConstraints.excludedSubtrees" )
BER_SEQUENCE, CTAG( 1 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "nameConstraints.excludedSubtrees.sequenceOf" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF_VARIABLE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_EXCLUDEDSUBTREES,
MKDESC( "nameConstraints.excludedSubtrees.sequenceOf.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
/* cRLDistributionPoints:
OID = 2 5 29 31
SEQUENCE OF {
SEQUENCE {
distributionPoint
[ 0 ] { -- CHOICE { ... }
fullName [ 0 ] { -- SEQUENCE OF -- SIZE (1)
GeneralName
}
} OPTIONAL,
reasons [ 1 ] BIT STRING OPTIONAL,
cRLIssuer [ 2 ] SEQUENCE OF GeneralName OPTIONAL
}
} */
{ MKOID( "\x06\x03\x55\x1D\x1F" ), CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT,
MKDESC( "cRLDistributionPoints" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF_VARIABLE | FL_VALID_CERT | FL_VALID_ATTRCERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint.distributionPoint" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint.distributionPoint.fullName" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CRLDIST_FULLNAME,
MKDESC( "cRLDistributionPoints.distributionPoint.distributionPoint.fullName.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, CRYPT_CERTINFO_CRLDIST_REASONS,
MKDESC( "cRLDistributionPoints.distributionPoint.reasons" )
BER_BITSTRING, CTAG( 1 ),
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED, 0, CRYPT_CRLREASONFLAG_LAST, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint.cRLIssuer" )
BER_SEQUENCE, CTAG( 2 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CRLDIST_CRLISSUER,
MKDESC( "cRLDistributionPoints.distributionPoint.cRLIssuer.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_OPTIONAL | FL_MULTIVALUED, 0, 0, 0, ( void * ) generalNameInfo },
/* certificatePolicies:
OID = 2 5 29 32
SEQUENCE SIZE (1..64) OF { -- SIZE (1)
SEQUENCE {
policyIdentifier OBJECT IDENTIFIER,
policyQualifiers SEQUENCE SIZE (1..64) OF -- SIZE (1)
PolicyQualifierInfo OPTIONAL
}
}
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId OBJECT IDENTIFIER,
qualifier ANY DEFINED BY policyQualifierID
}
CPSuri ::= IA5String -- OID = cps
UserNotice ::= SEQUENCE { -- OID = unotice
noticeRef SEQUENCE {
organization VisibleString,
noticeNumbers SEQUENCE OF INTEGER
} OPTIONAL,
explicitText VisibleString OPTIONAL
}
All draft versions of the PKIX profile had the organization as an
IA5String, but the final RFC changed it to a VisibleString, in order
to kludge around this for the certs which use an IA5String (which in
practice means only Verisign, since noone else uses policy
qualifiers), we allow both types but put the VisibleString option
first which means it'll get used preferentially when encoding */
{ MKOID( "\x06\x03\x55\x1D\x20" ), CRYPT_CERTINFO_CERTIFICATEPOLICIES,
MKDESC( "certificatePolicies" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICYID,
MKDESC( "certificatePolicies.policyInformation.policyIdentifier" )
BER_OBJECT_IDENTIFIER, 0,
FL_MORE, 3, 32, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF_FIXED | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01" ), 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier.cps (1 3 6 1 5 5 7 2 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_CPSURI,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.qualifier.cPSuri" )
BER_STRING_IA5, 0,
FL_MORE | FL_OPTIONAL | FL_SEQEND, MIN_URL_SIZE, MAX_URL_SIZE, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02" ), 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier.unotice (1 3 6 1 5 5 7 2 2)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier.userNotice" )
BER_SEQUENCE, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef" )
BER_SEQUENCE, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.organization" )
BER_STRING_ISO646, 0,
FL_MORE | FL_OPTIONAL, 1, 200, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION, /* Backwards-compat.kludge */
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.organization (Kludge)" )
BER_STRING_IA5, 0,
FL_MORE | FL_OPTIONAL, 1, 200, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.noticeNumbers" )
BER_SEQUENCE, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.noticeNumbers" )
BER_INTEGER, 0,
FL_MORE | FL_OPTIONAL | FL_SEQEND_2, 1, 1024, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.explicitText" )
BER_STRING_ISO646, 0,
FL_OPTIONAL, 1, 200, 0, NULL },
/* policyMappings:
OID = 2 5 29 33
SEQUENCE SIZE (1..MAX) OF { -- SIZE (1)
SEQUENCE {
issuerDomainPolicy OBJECT IDENTIFIER,
subjectDomainPolicy OBJECT IDENTIFIER
}
} */
{ MKOID( "\x06\x03\x55\x1D\x21" ), CRYPT_CERTINFO_POLICYMAPPINGS,
MKDESC( "policyMappings" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "policyMappings.sequenceOf" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_ISSUERDOMAINPOLICY,
MKDESC( "policyMappings.sequenceOf.issuerDomainPolicy" )
BER_OBJECT_IDENTIFIER, 0,
FL_MORE, 3, 32, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTDOMAINPOLICY,
MKDESC( "policyMappings.sequenceOf.subjectDomainPolicy" )
BER_OBJECT_IDENTIFIER, 0,
0, 3, 32, 0, NULL },
/* authorityKeyIdentifier:
OID = 2 5 29 35
SEQUENCE {
keyIdentifier [ 0 ] OCTET STRING OPTIONAL,
authorityCertIssuer
[ 1 ] { -- SEQUENCE OF
GeneralName
} OPTIONAL, -- Neither or both
authorityCertSerialNumber -- of these must
[ 2 ] INTEGER OPTIONAL -- be present
}
Although the serialNumber should be an integer, it's really an
integer equivalent of an octet string hole so we call it an octet
string to make sure it gets handled appropriately */
{ MKOID( "\x06\x03\x55\x1D\x23" ), CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER,
MKDESC( "authorityKeyIdentifier" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT | FL_VALID_CRL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER,
MKDESC( "authorityKeyIdentifier.keyIdentifier" )
BER_OCTETSTRING, CTAG( 0 ),
FL_MORE | FL_OPTIONAL | FL_RO, 1, 64, 0, NULL },
{ NULL, 0,
MKDESC( "authorityKeyIdentifier.authorityCertIssuer" )
BER_SEQUENCE, CTAG( 1 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_AUTHORITY_CERTISSUER,
MKDESC( "authorityKeyIdentifier.authorityCertIssuer.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_RO | FL_SEQEND, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER,
MKDESC( "authorityKeyIdentifier.authorityCertSerialNumber" )
BER_OCTETSTRING, CTAG( 2 ), /* Actually an INTEGER hole */
FL_OPTIONAL | FL_RO, 1, 64, 0, NULL },
/* policyConstraints:
OID = 2 5 29 36
SEQUENCE {
requireExplicitPolicy [ 0 ] INTEGER OPTIONAL,
inhibitPolicyMapping [ 1 ] INTEGER OPTIONAL
} */
{ MKOID( "\x06\x03\x55\x1D\x24" ), CRYPT_CERTINFO_POLICYCONSTRAINTS,
MKDESC( "policyConstraints" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_REQUIREEXPLICITPOLICY,
MKDESC( "policyConstraints.requireExplicitPolicy" )
BER_INTEGER, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 0, 64, 0, NULL },
{ NULL, CRYPT_CERTINFO_INHIBITPOLICYMAPPING,
MKDESC( "policyConstraints.inhibitPolicyMapping" )
BER_INTEGER, CTAG( 1 ),
FL_OPTIONAL, 0, 64, 0, NULL },
/* extKeyUsage:
OID = 2 5 29 37
SEQUENCE {
oidInstance1 OPTIONAL,
oidInstance2 OPTIONAL,
...
oidInstanceN OPTIONAL
} */
{ MKOID( "\x06\x03\x55\x1D\x25" ), CRYPT_CERTINFO_EXTKEYUSAGE,
MKDESC( "extKeyUsage" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERTREQ | FL_VALID_CERT, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x15" ), CRYPT_CERTINFO_EXTKEY_MS_INDIVIDUALCODESIGNING,
MKDESC( "extKeyUsage.individualCodeSigning (1 3 6 1 4 1 311 2 1 21)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x16" ), CRYPT_CERTINFO_EXTKEY_MS_COMMERCIALCODESIGNING,
MKDESC( "extKeyUsage.commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x01" ), CRYPT_CERTINFO_EXTKEY_MS_CERTTRUSTLISTSIGNING,
MKDESC( "extKeyUsage.certTrustListSigning (1 3 6 1 4 1 311 10 3 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x02" ), CRYPT_CERTINFO_EXTKEY_MS_TIMESTAMPSIGNING,
MKDESC( "extKeyUsage.timeStampSigning (1 3 6 1 4 1 311 10 3 2)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03" ), CRYPT_CERTINFO_EXTKEY_MS_SERVERGATEDCRYPTO,
MKDESC( "extKeyUsage.serverGatedCrypto (1 3 6 1 4 1 311 10 3 3)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x04" ), CRYPT_CERTINFO_EXTKEY_MS_ENCRYPTEDFILESYSTEM,
MKDESC( "extKeyUsage.encrypedFileSystem (1 3 6 1 4 1 311 10 3 4)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01" ), CRYPT_CERTINFO_EXTKEY_SERVERAUTH,
MKDESC( "extKeyUsage.serverAuth (1 3 6 1 5 5 7 3 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02" ), CRYPT_CERTINFO_EXTKEY_CLIENTAUTH,
MKDESC( "extKeyUsage.clientAuth (1 3 6 1 5 5 7 3 2)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x03" ), CRYPT_CERTINFO_EXTKEY_CODESIGNING,
MKDESC( "extKeyUsage.codeSigning (1 3 6 1 5 5 7 3 3)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x04" ), CRYPT_CERTINFO_EXTKEY_EMAILPROTECTION,
MKDESC( "extKeyUsage.emailProtection (1 3 6 1 5 5 7 3 4)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x05" ), CRYPT_CERTINFO_EXTKEY_IPSECENDSYSTEM,
MKDESC( "extKeyUsage.ipsecEndSystem (1 3 6 1 5 5 7 3 5)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x06" ), CRYPT_CERTINFO_EXTKEY_IPSECTUNNEL,
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?