certedef.c
来自「提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发」· C语言 代码 · 共 1,651 行 · 第 1/5 页
C
1,651 行
MKDESC( "extKeyUsage.ipsecTunnel (1 3 6 1 5 5 7 3 6)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x07" ), CRYPT_CERTINFO_EXTKEY_IPSECUSER,
MKDESC( "extKeyUsage.ipsecUser (1 3 6 1 5 5 7 3 7)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x08" ), CRYPT_CERTINFO_EXTKEY_TIMESTAMPING,
MKDESC( "extKeyUsage.timeStamping (1 3 6 1 5 5 7 3 8)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09" ), CRYPT_CERTINFO_EXTKEY_OCSPSIGNING,
MKDESC( "extKeyUsage.ocspSigning (1 3 6 1 5 5 7 3 9)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x05\x2B\x24\x08\x02\x01" ), CRYPT_CERTINFO_EXTKEY_DIRECTORYSERVICE,
MKDESC( "extKeyUsage.directoryService (1 3 36 8 2 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x04\x01" ), CRYPT_CERTINFO_EXTKEY_NS_SERVERGATEDCRYPTO,
MKDESC( "extKeyUsage.serverGatedCrypto (2 16 840 1 113730 4 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x0A\x60\x86\x48\x01\x86\xF8\x45\x01\x08\x01" ), CRYPT_CERTINFO_EXTKEY_VS_SERVERGATEDCRYPTO_CA,
MKDESC( "extKeyUsage.serverGatedCryptoCA (2 16 840 1 113733 1 8 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_OPTIONAL, 0, 0, 0, NULL },
/* netscape-cert-type:
OID = 2 16 840 1 113730 1 1
BITSTRING */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01" ), CRYPT_CERTINFO_NS_CERTTYPE,
MKDESC( "netscape-cert-type" )
BER_BITSTRING, 0,
FL_VALID_CERTREQ | FL_VALID_CERT, 0, CRYPT_NS_CERTTYPE_LAST, 0, NULL },
/* netscape-base-url:
OID = 2 16 840 1 113730 1 2
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x02" ), CRYPT_CERTINFO_NS_BASEURL,
MKDESC( "netscape-base-url" )
BER_STRING_IA5, 0,
FL_VALID_CERT, MIN_URL_SIZE, MAX_URL_SIZE, 0, ( void * ) checkHTTP },
/* netscape-revocation-url:
OID = 2 16 840 1 113730 1 3
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x03" ), CRYPT_CERTINFO_NS_REVOCATIONURL,
MKDESC( "netscape-revocation-url" )
BER_STRING_IA5, 0,
FL_VALID_CERT, MIN_URL_SIZE, MAX_URL_SIZE, 0, ( void * ) checkHTTP },
/* netscape-ca-revocation-url:
OID = 2 16 840 1 113730 1 3
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x04" ), CRYPT_CERTINFO_NS_CAREVOCATIONURL,
MKDESC( "netscape-ca-revocation-url" )
BER_STRING_IA5, 0,
FL_VALID_CERT, MIN_URL_SIZE, MAX_URL_SIZE, 0, ( void * ) checkHTTP },
/* c:
OID = 2 16 840 1 113730 11 7
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x07" ), CRYPT_CERTINFO_NS_CERTRENEWALURL,
MKDESC( "netscape-ca-revocation-url" )
BER_STRING_IA5, 0,
FL_VALID_CERT, MIN_URL_SIZE, MAX_URL_SIZE, 0, ( void * ) checkHTTP },
/* netscape-ca-policy-url:
OID = 2 16 840 1 113730 1 8
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x08" ), CRYPT_CERTINFO_NS_CAPOLICYURL,
MKDESC( "netscape-ca-policy-url" )
BER_STRING_IA5, 0,
FL_VALID_CERT, MIN_URL_SIZE, MAX_URL_SIZE, 0, ( void * ) checkHTTP },
/* netscape-ssl-server-name:
OID = 2 16 840 1 113730 1 12
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x0C" ), CRYPT_CERTINFO_NS_SSLSERVERNAME,
MKDESC( "netscape-ssl-server-name" )
BER_STRING_IA5, 0,
FL_VALID_CERTREQ | FL_VALID_CERT, MIN_DNS_SIZE, MAX_DNS_SIZE, 0, ( void * ) checkDNS },
/* netscape-comment:
OID = 2 16 840 1 113730 1 13
IA5String */
{ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x0D" ), CRYPT_CERTINFO_NS_COMMENT,
MKDESC( "netscape-comment" )
BER_STRING_IA5, 0,
FL_VALID_CERTREQ | FL_VALID_CERT, 1, 1024, 0, NULL },
/* hashedRootKey:
OID = 2 23 42 7 0
critical = TRUE
SEQUENCE {
rootKeyThumbprint DigestedData -- PKCS #7-type wrapper
} */
{ MKOID( "\x06\x04\x67\x2A\x07\x00" ), CRYPT_CERTINFO_SET_HASHEDROOTKEY,
MKDESC( "hashedRootKey" )
BER_SEQUENCE, 0,
FL_MORE | FL_CRITICAL | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "hashedRootKey.rootKeyThumbprint" )
FIELDTYPE_BLOB, 0, /* PKCS #7-type wrapper */
FL_MORE | FL_NONENCODING, 0, 0, 25,
"\x30\x2D\x02\x01\x00\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x30\x07\x06\x05\x67\x2A\x03\x00\x00" },
{ NULL, CRYPT_CERTINFO_SET_ROOTKEYTHUMBPRINT,
MKDESC( "hashedRootKey.rootKeyThumbprint.hashData" )
BER_OCTETSTRING, 0,
0, 20, 20, 0, NULL },
/* certificateType:
OID = 2 23 42 7 1
critical = TRUE
BIT STRING */
{ MKOID( "\x06\x04\x67\x2A\x07\x01" ), CRYPT_CERTINFO_SET_CERTIFICATETYPE,
MKDESC( "certificateType" )
BER_BITSTRING, 0,
FL_CRITICAL | FL_VALID_CERT | FL_VALID_CERTREQ, 0, CRYPT_SET_CERTTYPE_LAST, 0, NULL },
/* merchantData:
OID = 2 23 42 7 2
SEQUENCE {
merID SETString SIZE(1..30),
merAcquirerBIN NumericString SIZE(6),
merNameSeq SEQUENCE OF MerNames, -- SIZE (1)
merCountry INTEGER (1..999),
merAuthFlag BOOLEAN DEFAULT TRUE
}
MerNames ::= SEQUENCE {
language [ 0 ] VisibleString SIZE(1..35),
name [ 1 ] EXPLICIT SETString SIZE(1..50),
city [ 2 ] EXPLICIT SETString SIZE(1..50),
stateProvince [ 3 ] EXPLICIT SETString SIZE(1..50) OPTIONAL,
postalCode [ 4 ] EXPLICIT SETString SIZE(1..14) OPTIONAL,
countryName [ 5 ] EXPLICIT SETString SIZE(1..50)
} */
{ MKOID( "\x06\x04\x67\x2A\x07\x02" ), CRYPT_CERTINFO_SET_MERCHANTDATA,
MKDESC( "merchantData" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERID,
MKDESC( "merchantData.merID" )
BER_STRING_ISO646, 0,
FL_MORE, 1, 30, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERACQUIRERBIN,
MKDESC( "merchantData.merAcquirerBIN" )
BER_STRING_NUMERIC, 0,
FL_MORE, 6, 6, 0, NULL },
{ NULL, 0,
MKDESC( "merchantData.merNameSeq" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCHANTLANGUAGE,
MKDESC( "merchantData.merNameSeq.language" )
BER_STRING_ISO646, CTAG( 0 ),
FL_MORE, 1, 35, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCHANTNAME,
MKDESC( "merchantData.merNameSeq.name" )
BER_STRING_ISO646, CTAG( 1 ),
FL_MORE | FL_EXPLICIT, 1, 50, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCHANTCITY,
MKDESC( "merchantData.merNameSeq.city" )
BER_STRING_ISO646, CTAG( 2 ),
FL_MORE | FL_EXPLICIT, 1, 50, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCHANTSTATEPROVINCE,
MKDESC( "merchantData.merNameSeq.stateProvince" )
BER_STRING_ISO646, CTAG( 3 ),
FL_MORE | FL_EXPLICIT | FL_OPTIONAL, 1, 50, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCHANTPOSTALCODE,
MKDESC( "merchantData.merNameSeq.postalCode" )
BER_STRING_ISO646, CTAG( 4 ),
FL_MORE | FL_EXPLICIT | FL_OPTIONAL, 1, 50, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCHANTCOUNTRYNAME,
MKDESC( "merchantData.merNameSeq.countryName" )
BER_STRING_ISO646, CTAG( 5 ),
FL_MORE | FL_EXPLICIT | FL_SEQEND, 1, 50, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERCOUNTRY,
MKDESC( "merchantData.merCountry" )
BER_INTEGER, 0,
FL_MORE, 1, 999, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_MERAUTHFLAG,
MKDESC( "merchantData.merAuthFlag" )
BER_BOOLEAN, 0,
FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, FALSE, NULL },
/* certCardRequired
OID = 2 23 42 7 3
BOOLEAN */
{ MKOID( "\x06\x04\x67\x2A\x07\x03" ), CRYPT_CERTINFO_SET_CERTCARDREQUIRED,
MKDESC( "certCardRequired" )
BER_BOOLEAN, 0,
FL_VALID_CERT, FALSE, TRUE, 0, NULL },
/* tunneling:
OID = 2 23 42 7 4
SEQUENCE {
tunneling DEFAULT TRUE,
tunnelAlgIDs SEQUENCE OF OBJECT IDENTIFIER -- SIZE (1)
} */
{ MKOID( "\x06\x04\x67\x2A\x07\x04" ), CRYPT_CERTINFO_SET_TUNNELING,
MKDESC( "tunneling" )
BER_SEQUENCE, 0,
FL_MORE | FL_VALID_CERT | FL_VALID_CERTREQ, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_TUNNELINGFLAG,
MKDESC( "tunneling.tunneling" )
BER_BOOLEAN, 0,
FL_MORE | FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, TRUE, NULL },
{ NULL, 0,
MKDESC( "tunneling.tunnelingAlgIDs" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_TUNNELINGALGID,
MKDESC( "tunneling.tunnelingAlgIDs.tunnelingAlgID" )
BER_OBJECT_IDENTIFIER, 0,
0, 3, 32, 0, NULL },
{ NULL, CRYPT_ERROR }
};
/* Subtable for encoding the holdInstructionCode */
static const ATTRIBUTE_INFO FAR_BSS holdInstructionInfo[] = {
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x01" ), CRYPT_HOLDINSTRUCTION_NONE,
MKDESC( "holdInstructionCode.holdinstruction-none (1 2 840 10040 2 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL | FL_RO, 0, 0, 0, NULL },
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x02" ), CRYPT_HOLDINSTRUCTION_CALLISSUER,
MKDESC( "holdInstructionCode.holdinstruction-callissuer (1 2 840 10040 2 2)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x03" ), CRYPT_HOLDINSTRUCTION_REJECT,
MKDESC( "holdInstructionCode.holdinstruction-reject (1 2 840 10040 2 3)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x04" ), CRYPT_HOLDINSTRUCTION_PICKUPTOKEN,
MKDESC( "holdInstructionCode.holdinstruction-pickupToken (1 2 840 10040 2 4)" )
FIELDTYPE_IDENTIFIER, 0,
FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_ERROR }
};
/****************************************************************************
* *
* GeneralName Definition *
* *
****************************************************************************/
/* Encoding and decoding of GeneralNames is performed with the following
subtable:
otherName [ 0 ] SEQUENCE OPTIONAL {
type-id OBJECT IDENTIFIER,
value [ 0 ] EXPLICIT ANY DEFINED BY type-id
},
rfc822Name [ 1 ] IA5String OPTIONAL,
dNSName [ 2 ] IA5String OPTIONAL,
x400Address [ 3 ] ITU-BrainDamage OPTIONAL
directoryName [ 4 ] EXPLICIT Name OPTIONAL,
ediPartyName [ 5 ] SEQUENCE OPTIONAL {
nameAssigner [ 0 ] PrintableString OPTIONAL,
partyName [ 1 ] PrintableString
},
uniformResourceIdentifier
[ 6 ] IA5String OPTIONAL,
iPAddress [ 7 ] OCTET STRING SIZE(4) OPTIONAL,
registeredID [ 8 ] OBJECT IDENTIFIER OPTIONAL
ITU-Braindamge ::= SEQUENCE {
built-in-standard-attributes SEQUENCE {
country-name [ APPLICATION 1 ] CHOICE {
x121-dcc-code NumericString,
iso-3166-alpha2-code PrintableString
},
administration-domain-name
[ APPLICATION 2 ] CHOICE {
numeric NumericString,
printable PrintableString
},
network-address [ 0 ] NumericString OPTIONAL,
terminal-identifier [ 1 ] PrintableString OPTIONAL,
private-domain-name [ 2 ] CHOICE {
numeric NumericString,
printable PrintableString
} OPTIONAL,
organization-name [ 3 ] PrintableString OPTIONAL,
numeric-use-identifier [ 4 ] NumericString OPTIONAL,
personal-name [ 5 ] SET {
surname [ 0 ] PrintableString,
given-name [ 1 ] PrintableString,
initials [ 2 ] PrintableString,
generation-qualifier [ 3 ] PrintableString
} OPTIONAL,
organizational-unit-name [ 6 ] PrintableString OPTIONAL,
}
built-in-domain-defined-attributes SEQUENCE OF { -- SIZE (1)
type PrintableString SIZE(1..64),
value PrintableString SIZE(1..64)
} OPTIONAL
extensionAttributes SET OF SEQUENCE { -- SIZE (1)
extension-attribute-type [ 0 ] INTEGER,
extension-attribute-value [ 1 ] ANY DEFINED BY extension-attribute-type
} OPTIONAL
}
Needless to say, X.400 addresses aren't supported (for readers who've
never seen one before, now you know why they've been so enormously
successful).
Note the special-case encoding of the DirectoryName. This is required
because a Name is actually a CHOICE { RDNSequence }, and if the tagging
were implicit then there'd be no way to tell which of the CHOICE options
was being used:
directoryName [ 4 ] Name OPTIONAL
becomes:
directoryName [ 4 ] CHOICE { RDNSequence } OPTIONAL
which, if implicit tagging is used, would replace the RDNSequence tag with
the [4] tag, making it impossible to determine which of the Name choices
was used (actually there's only one possibility and it's unlikely that
there'll ever be more, but that's what the encoding rules require - X.208,
section 26.7c) */
static const ATTRIBUTE_INFO FAR_BSS generalNameInfo[] = {
{ NULL, 0,
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?