📄 certedef.c
字号:
FL_LEVEL_STANDARD | FL_VALID_CRL | FL_VALID_REVREQ /*Per-entry*/, sizeof( time_t ), sizeof( time_t ), 0, NULL },
/* deltaCRLIndicator:
OID = 2 5 29 27
critical = TRUE
INTEGER */
{ MKOID( "\x06\x03\x55\x1D\x1B" ), CRYPT_CERTINFO_DELTACRLINDICATOR,
MKDESC( "deltaCRLIndicator" )
BER_INTEGER, 0,
FL_CRITICAL | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CRL, 0, INT_MAX, 0, NULL },
/* issuingDistributionPoint:
OID = 2 5 29 28
critical = TRUE
SEQUENCE {
distributionPoint [ 0 ] {
fullName [ 0 ] { -- CHOICE { ... }
SEQUENCE OF GeneralName -- GeneralNames
}
} OPTIONAL,
onlyContainsUserCerts
[ 1 ] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts
[ 2 ] BOOLEAN DEFAULT FALSE,
onlySomeReasons [ 3 ] BITSTRING OPTIONAL,
indirectCRL [ 4 ] BOOLEAN DEFAULT FALSE
} */
{ MKOID( "\x06\x03\x55\x1D\x1C" ), CRYPT_CERTINFO_ISSUINGDISTRIBUTIONPOINT,
MKDESC( "issuingDistributionPoint" )
BER_SEQUENCE, 0,
FL_MORE | FL_CRITICAL | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CRL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "issuingDistributionPoint.distributionPoint" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "issuingDistributionPoint.distributionPoint.fullName" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "issuingDistributionPoint.distributionPoint.fullName.generalNames" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_ISSUINGDIST_FULLNAME,
MKDESC( "issuingDistributionPoint.distributionPoint.fullName.generalNames.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_3, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, CRYPT_CERTINFO_ISSUINGDIST_USERCERTSONLY,
MKDESC( "issuingDistributionPoint.onlyContainsUserCerts" )
BER_BOOLEAN, CTAG( 1 ),
FL_MORE | FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, FALSE, NULL },
{ NULL, CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY,
MKDESC( "issuingDistributionPoint.onlyContainsCACerts" )
BER_BOOLEAN, CTAG( 2 ),
FL_MORE | FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, FALSE, NULL },
{ NULL, CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY,
MKDESC( "issuingDistributionPoint.onlySomeReasons" )
BER_BITSTRING, CTAG( 3 ),
FL_MORE | FL_OPTIONAL, 0, CRYPT_CRLREASONFLAG_LAST, 0, NULL },
{ NULL, CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL,
MKDESC( "issuingDistributionPoint.indirectCRL" )
BER_BOOLEAN, CTAG( 4 ),
FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, FALSE, NULL },
/* certificateIssuer:
OID = 2 5 29 29
critical = TRUE
certificateIssuer SEQUENCE OF GeneralName */
{ MKOID( "\x06\x03\x55\x1D\x1D" ), FIELDID_FOLLOWS,
MKDESC( "certificateIssuer" )
BER_SEQUENCE, 0,
FL_MORE | FL_CRITICAL | FL_LEVEL_PKIX_FULL | FL_VALID_CRL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTIFICATEISSUER,
MKDESC( "certificateIssuer.generalNames" )
FIELDTYPE_SUBTYPED, 0,
FL_MULTIVALUED, 0, 0, 0, ( void * ) generalNameInfo },
/* nameConstraints
OID = 2 5 29 30
critical = TRUE
SEQUENCE {
permittedSubtrees [ 0 ] SEQUENCE OF {
SEQUENCE { GeneralName }
} OPTIONAL,
excludedSubtrees [ 1 ] SEQUENCE OF {
SEQUENCE { GeneralName }
} OPTIONAL,
} */
{ MKOID( "\x06\x03\x55\x1D\x1E" ), CRYPT_CERTINFO_NAMECONSTRAINTS,
MKDESC( "nameConstraints" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_FULL | FL_VALID_CERT | FL_VALID_ATTRCERT, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "nameConstraints.permittedSubtrees" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_SETOF | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "nameConstraints.permittedSubtrees.sequenceOf" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_PERMITTEDSUBTREES,
MKDESC( "nameConstraints.permittedSubtrees.sequenceOf.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, 0,
MKDESC( "nameConstraints.excludedSubtrees" )
BER_SEQUENCE, CTAG( 1 ),
FL_MORE | FL_SETOF | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "nameConstraints.excludedSubtrees.sequenceOf" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_EXCLUDEDSUBTREES,
MKDESC( "nameConstraints.excludedSubtrees.sequenceOf.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
/* cRLDistributionPoints:
OID = 2 5 29 31
SEQUENCE OF {
SEQUENCE {
distributionPoint
[ 0 ] { -- CHOICE { ... }
fullName [ 0 ] SEQUENCE OF GeneralName
} OPTIONAL,
reasons [ 1 ] BIT STRING OPTIONAL,
cRLIssuer [ 2 ] SEQUENCE OF GeneralName OPTIONAL
}
} */
{ MKOID( "\x06\x03\x55\x1D\x1F" ), CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT,
MKDESC( "cRLDistributionPoints" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_CERT | FL_VALID_ATTRCERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint.distributionPoint" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint.distributionPoint.fullName" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_SETOF, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CRLDIST_FULLNAME,
MKDESC( "cRLDistributionPoints.distributionPoint.distributionPoint.fullName.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, CRYPT_CERTINFO_CRLDIST_REASONS,
MKDESC( "cRLDistributionPoints.distributionPoint.reasons" )
BER_BITSTRING, CTAG( 1 ),
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED, 0, CRYPT_CRLREASONFLAG_LAST, 0, NULL },
{ NULL, 0,
MKDESC( "cRLDistributionPoints.distributionPoint.cRLIssuer" )
BER_SEQUENCE, CTAG( 2 ),
FL_MORE | FL_SETOF | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CRLDIST_CRLISSUER,
MKDESC( "cRLDistributionPoints.distributionPoint.cRLIssuer.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2, 0, 0, 0, ( void * ) generalNameInfo },
/* certificatePolicies:
OID = 2 5 29 32
SEQUENCE SIZE (1..64) OF {
SEQUENCE {
policyIdentifier OBJECT IDENTIFIER,
policyQualifiers SEQUENCE SIZE (1..64) OF {
SEQUENCE {
policyQualifierId
OBJECT IDENTIFIER,
qualifier ANY DEFINED BY policyQualifierID
} OPTIONAL
}
}
}
CPSuri ::= IA5String -- OID = cps
UserNotice ::= SEQUENCE { -- OID = unotice
noticeRef SEQUENCE {
organization VisibleString,
noticeNumbers SEQUENCE OF INTEGER -- SIZE (1)
} OPTIONAL,
explicitText VisibleString OPTIONAL
}
All draft versions of the PKIX profile (RFC 2459) had the
organisation as an IA5String, but the final RFC changed it to a
VisibleString, in order to kludge around this for the certs that use
an IA5String (which in practice means only Verisign, since no-one
else uses policy qualifiers), we allow both types but put the
VisibleString option first which means that it'll get used
preferentially when encoding */
{ MKOID( "\x06\x03\x55\x1D\x20" ), CRYPT_CERTINFO_CERTIFICATEPOLICIES,
MKDESC( "certificatePolicies" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICYID,
MKDESC( "certificatePolicies.policyInformation.policyIdentifier" )
BER_OBJECT_IDENTIFIER, 0,
FL_MORE | FL_MULTIVALUED, 3, 32, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01" ), 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier.cps (1 3 6 1 5 5 7 2 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_CPSURI,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.qualifier.cPSuri" )
BER_STRING_IA5, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL | FL_SEQEND_2, MIN_URL_SIZE, MAX_URL_SIZE, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02" ), 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier.unotice (1 3 6 1 5 5 7 2 2)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifier.userNotice" )
BER_SEQUENCE, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef" )
BER_SEQUENCE, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.organization" )
BER_STRING_ISO646, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, 1, 200, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION, /* Backwards-compat.kludge */
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.organization (Kludge)" )
BER_STRING_IA5, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, 1, 200, 0, NULL },
{ NULL, 0,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.noticeNumbers" )
BER_SEQUENCE, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.noticeRef.noticeNumbers" )
BER_INTEGER, 0,
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL | FL_SEQEND_2, 1, 1024, 0, NULL },
{ NULL, CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT,
MKDESC( "certificatePolicies.policyInformation.policyQualifiers.userNotice.explicitText" )
BER_STRING_ISO646, 0,
FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND, 1, 200, 0, NULL },
/* policyMappings:
OID = 2 5 29 33
SEQUENCE SIZE (1..MAX) OF {
SEQUENCE {
issuerDomainPolicy OBJECT IDENTIFIER,
subjectDomainPolicy OBJECT IDENTIFIER
}
} */
{ MKOID( "\x06\x03\x55\x1D\x21" ), CRYPT_CERTINFO_POLICYMAPPINGS,
MKDESC( "policyMappings" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_FULL | FL_VALID_CERT | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "policyMappings.sequenceOf" )
BER_SEQUENCE, 0,
FL_MORE, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_ISSUERDOMAINPOLICY,
MKDESC( "policyMappings.sequenceOf.issuerDomainPolicy" )
BER_OBJECT_IDENTIFIER, 0,
FL_MORE | FL_MULTIVALUED, 3, 32, 0, NULL },
{ NULL, CRYPT_CERTINFO_SUBJECTDOMAINPOLICY,
MKDESC( "policyMappings.sequenceOf.subjectDomainPolicy" )
BER_OBJECT_IDENTIFIER, 0,
FL_MULTIVALUED | FL_SEQEND_3, 3, 32, 0, NULL },
/* authorityKeyIdentifier:
OID = 2 5 29 35
SEQUENCE {
keyIdentifier [ 0 ] OCTET STRING OPTIONAL,
authorityCertIssuer -- Neither or both
[ 1 ] SEQUENCE OF GeneralName OPTIONAL
authorityCertSerialNumber -- of these must
[ 2 ] INTEGER OPTIONAL -- be present
}
Although the serialNumber should be an integer, it's really an
integer equivalent of an octet string hole so we call it an octet
string to make sure it gets handled appropriately */
{ MKOID( "\x06\x03\x55\x1D\x23" ), CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER,
MKDESC( "authorityKeyIdentifier" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT | FL_VALID_CRL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER,
MKDESC( "authorityKeyIdentifier.keyIdentifier" )
BER_OCTETSTRING, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 1, 64, 0, NULL },
{ NULL, 0,
MKDESC( "authorityKeyIdentifier.authorityCertIssuer" )
BER_SEQUENCE, CTAG( 1 ),
FL_MORE | FL_SETOF | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_AUTHORITY_CERTISSUER,
MKDESC( "authorityKeyIdentifier.authorityCertIssuer.generalName" )
FIELDTYPE_SUBTYPED, 0,
FL_MORE | FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND, 0, 0, 0, ( void * ) generalNameInfo },
{ NULL, CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER,
MKDESC( "authorityKeyIdentifier.authorityCertSerialNumber" )
BER_OCTETSTRING, CTAG( 2 ), /* Actually an INTEGER hole */
FL_OPTIONAL, 1, 64, 0, NULL },
/* policyConstraints:
OID = 2 5 29 36
SEQUENCE {
requireExplicitPolicy [ 0 ] INTEGER OPTIONAL,
inhibitPolicyMapping [ 1 ] INTEGER OPTIONAL
} */
{ MKOID( "\x06\x03\x55\x1D\x24" ), CRYPT_CERTINFO_POLICYCONSTRAINTS,
MKDESC( "policyConstraints" )
BER_SEQUENCE, 0,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -