cryptacl.h
来自「提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发」· C头文件 代码 · 共 1,568 行 · 第 1/5 页
H
1,568 行
MKACL_EX( /* Cursor management: Relative pos in chain/CRL/OCSP object */
CRYPT_CERTINFO_CURRENT_CERTIFICATE, VALUE_NUMERIC,
/* The subtype flag is somewhat unusual since it includes as
an allowed subtype a cert, which doesn't have further cert
components. The reason for this is that when the chain is
created it's just a collection of certs, it isn't until all
of them are available that one can be marked the leaf cert
and its type changed to cert chain. Since an object's
subtype can't be changed after it's created, we have to allow
cursor movement commands to certs in case one of them is
really the leaf in a cert chain - it's because of the way the
leaf can act as both a cert and a cert chain. A pure cert
looks just like a one-cert chain, so there's no harm in
sending a movement command to a cert which isn't a chain
leaf */
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_CRL | ST_CERT_OCSP_REQ | \
ST_CERT_OCSP_RESP, ST_NONE, ACCESS_xWx_xWx, 0,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE_ALLOWEDVALUES, allowedCursorValues ),
MKACL_EX( /* Cursor management: Relative pos or abs.extension */
CRYPT_CERTINFO_CURRENT_EXTENSION, VALUE_NUMERIC,
ST_CERT_ANY, ST_NONE, ACCESS_RWx_RWx, 0,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE_ALLOWEDVALUES, allowedCursorValues ),
MKACL_EX( /* Cursor management: Relative pos or abs.field in extension */
CRYPT_CERTINFO_CURRENT_FIELD, VALUE_NUMERIC,
ST_CERT_ANY, ST_NONE, ACCESS_RWx_RWx, 0,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE_ALLOWEDVALUES, allowedCursorValues ),
MKACL_EX( /* Cursor management: Relative pos in multivalued field */
CRYPT_CERTINFO_CURRENT_COMPONENT, VALUE_NUMERIC,
ST_CERT_ANY, ST_NONE, ACCESS_RWx_RWx, 0,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE_ALLOWEDVALUES, allowedCursorValues ),
MKACL_N( /* Usage which cert is trusted for */
CRYPT_CERTINFO_TRUSTED_USAGE,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_RWD_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, CRYPT_KEYUSAGE_LAST ) ),
MKACL_B( /* Whether cert is implicitly trusted */
CRYPT_CERTINFO_TRUSTED_IMPLICIT,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_RWD_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* Serial number (read-only) */
CRYPT_CERTINFO_SERIALNUMBER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | ST_CERT_CRL, \
ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 32 ) ),
MKACL_O( /* Public key */
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_xxx_xWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_O( /* User certificate */
CRYPT_CERTINFO_USERCERTIFICATE,
ST_CERT_CERTCHAIN | ST_CERT_CRL | ST_CERT_REQ_CERT | ST_CERT_REQ_REV | \
ST_CERT_OCSP_REQ, ST_NONE, ACCESS_xxx_xWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_O( /* CA certificate */
CRYPT_CERTINFO_CACERTIFICATE,
ST_CERT_OCSP_REQ, ST_NONE, ACCESS_xxx_xWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* Issuer DN */
CRYPT_CERTINFO_ISSUERNAME,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_CRL | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_RWx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
MKACL_T( /* Cert valid from time */
CRYPT_CERTINFO_VALIDFROM,
ST_CERT_CERT | ST_CERT_REQ_CERT | ST_CERT_CERTCHAIN | \
ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* Cert valid to time */
CRYPT_CERTINFO_VALIDTO,
ST_CERT_CERT | ST_CERT_REQ_CERT | ST_CERT_CERTCHAIN | \
ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* Subject DN */
CRYPT_CERTINFO_SUBJECTNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_RWx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
MKACL_S( /* Issuer unique ID (read-only) */
CRYPT_CERTINFO_ISSUERUNIQUEID,
ST_CERT_CERT, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* Subject unique ID (read-only) */
CRYPT_CERTINFO_SUBJECTUNIQUEID,
ST_CERT_CERT, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, CRYPT_MAX_TEXTSIZE ) ),
MKACL_O( /* Cert.request (DN + public key) */
CRYPT_CERTINFO_CERTREQUEST,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT, ST_NONE, ACCESS_xxx_xWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* CRL current update time */
CRYPT_CERTINFO_THISUPDATE,
ST_CERT_CRL | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* CRL next update time */
CRYPT_CERTINFO_NEXTUPDATE,
ST_CERT_CRL | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* CRL cert revocation time */
CRYPT_CERTINFO_REVOCATIONDATE,
ST_CERT_CRL | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* OCSP revocation status */
CRYPT_CERTINFO_REVOCATIONSTATUS,
ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_OCSPSTATUS_NOTREVOKED, CRYPT_OCSPSTATUS_UNKNOWN ) ),
MKACL_S( /* Currently selected DN in string form */
CRYPT_CERTINFO_DN,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, MAX_ATTRIBUTE_SIZE ) ),
MKACL_S( /* PKI user ID */
CRYPT_CERTINFO_PKIUSER_ID,
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 17, 17 ) ),
MKACL_S( /* PKI user issue password */
CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD,
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 23, 23 ) ),
MKACL_S( /* PKI user revocation password */
CRYPT_CERTINFO_PKIUSER_REVPASSWORD ,
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 23, 23 ) )
MKACL_END()
};
static const ATTRIBUTE_ACL certNameACL[] = { /* Certificate: Name components */
MKACL_S( /* countryName */
CRYPT_CERTINFO_COUNTRYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, 2 ) ),
MKACL_S( /* stateOrProvinceName */
CRYPT_CERTINFO_STATEORPROVINCENAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* localityName */
CRYPT_CERTINFO_LOCALITYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* organizationName */
CRYPT_CERTINFO_ORGANIZATIONNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* organizationalUnitName */
CRYPT_CERTINFO_ORGANIZATIONALUNITNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* commonName */
CRYPT_CERTINFO_COMMONNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* otherName.typeID */
CRYPT_CERTINFO_OTHERNAME_TYPEID,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* otherName.value */
CRYPT_CERTINFO_OTHERNAME_VALUE,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* rfc822Name */
CRYPT_CERTINFO_RFC822NAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_RFC822_SIZE, MAX_RFC822_SIZE ) ),
MKACL_S( /* dNSName */
CRYPT_CERTINFO_DNSNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_DNS_SIZE, MAX_DNS_SIZE ) ),
MKACL_N( /* directoryName */
CRYPT_CERTINFO_DIRECTORYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_RWx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
MKACL_S( /* ediPartyName.nameAssigner */
CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* ediPartyName.partyName */
CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* uniformResourceIdentifier */
CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* iPAddress */
CRYPT_CERTINFO_IPADDRESS,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 4, 4 ) ),
MKACL_S( /* registeredID */
CRYPT_CERTINFO_REGISTEREDID,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) )
MKACL_END()
};
static const ATTRIBUTE_ACL certExtensionACL[] = { /* Certificate: Extensions */
/* 1 3 6 1 5 5 7 1 1 authorityInfoAccess */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_AUTHORITYINFOACCESS,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_OCSP,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_RWx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_RWx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_TIMESTAMPING,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_RWx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
/* 1 3 6 1 5 5 7 48 1 2 ocspNonce */
MKACL_S( /* nonce */
CRYPT_CERTINFO_OCSP_NONCE,
ST_CERT_OCSP_REQ | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
/* 1 3 6 1 5 5 7 48 1 5 ocspNoCheck */
MKACL_N( /* noCheck */
CRYPT_CERTINFO_OCSP_NOCHECK,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_UNUSED, CRYPT_UNUSED ) ),
/* 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff */
MKACL_T( /* archiveCutoff */
CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF,
ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 36 8 3 1 dateOfCertGen */
MKACL_T( /* dateOfCertGen */
CRYPT_CERTINFO_SIGG_DATEOFCERTGEN,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 36 8 3 2 procuration */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SIGG_PROCURATION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* country */
CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, 2 ) ),
MKACL_S( /* typeOfSubstitution */
CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
MKACL_N( /* signingFor.thirdPerson */
CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_RWx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
/* Write = select this attribute, value = CRYPT_UNUSED,
read = report whether attribute present */
RANGE_UNUSED ),
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?