📄 certedef.c
字号:
} */
{ MKOID( "\x06\x04\x67\x2A\x07\x04" ), CRYPT_CERTINFO_SET_TUNNELING,
MKDESC( "tunneling" )
BER_SEQUENCE, 0,
FL_MORE | FL_LEVEL_PKIX_FULL | FL_VALID_CERT | FL_VALID_CERTREQ, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_TUNNELINGFLAG,
MKDESC( "tunneling.tunneling" )
BER_BOOLEAN, 0,
FL_MORE | FL_OPTIONAL | FL_DEFAULT, FALSE, TRUE, TRUE, NULL },
{ NULL, 0,
MKDESC( "tunneling.tunnelingAlgIDs" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_SET_TUNNELINGALGID,
MKDESC( "tunneling.tunnelingAlgIDs.tunnelingAlgID" )
BER_OBJECT_IDENTIFIER, 0,
FL_MULTIVALUED | FL_SEQEND, 3, 32, 0, NULL },
{ NULL, CRYPT_ERROR }
};
/* Subtable for encoding the holdInstructionCode */
STATIC_DATA const FAR_BSS ATTRIBUTE_INFO holdInstructionInfo[] = {
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x01" ), CRYPT_HOLDINSTRUCTION_NONE,
MKDESC( "holdInstructionCode.holdinstruction-none (1 2 840 10040 2 1)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x02" ), CRYPT_HOLDINSTRUCTION_CALLISSUER,
MKDESC( "holdInstructionCode.holdinstruction-callissuer (1 2 840 10040 2 2)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x03" ), CRYPT_HOLDINSTRUCTION_REJECT,
MKDESC( "holdInstructionCode.holdinstruction-reject (1 2 840 10040 2 3)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ MKOID( "\x06\x07\x2A\x86\x48\xCE\x38\x02\x04" ), CRYPT_HOLDINSTRUCTION_PICKUPTOKEN,
MKDESC( "holdInstructionCode.holdinstruction-pickupToken (1 2 840 10040 2 4)" )
FIELDTYPE_IDENTIFIER, 0,
FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_ERROR }
};
/****************************************************************************
* *
* GeneralName Definition *
* *
****************************************************************************/
/* Encoding and decoding of GeneralNames is performed with the following
subtable:
otherName [ 0 ] SEQUENCE {
type-id OBJECT IDENTIFIER,
value [ 0 ] EXPLICIT ANY DEFINED BY type-id
} OPTIONAL,
rfc822Name [ 1 ] IA5String OPTIONAL,
dNSName [ 2 ] IA5String OPTIONAL,
x400Address [ 3 ] ITU-BrainDamage OPTIONAL
directoryName [ 4 ] EXPLICIT Name OPTIONAL,
ediPartyName [ 5 ] SEQUENCE {
nameAssigner [ 0 ] EXPLICIT DirectoryString OPTIONAL,
partyName [ 1 ] EXPLICIT DirectoryString
} OPTIONAL,
uniformResourceIdentifier
[ 6 ] IA5String OPTIONAL,
iPAddress [ 7 ] OCTET STRING OPTIONAL,
registeredID [ 8 ] OBJECT IDENTIFIER OPTIONAL
ITU-Braindamge ::= SEQUENCE {
built-in-standard-attributes SEQUENCE {
country-name [ APPLICATION 1 ] CHOICE {
x121-dcc-code NumericString,
iso-3166-alpha2-code PrintableString
},
administration-domain-name
[ APPLICATION 2 ] CHOICE {
numeric NumericString,
printable PrintableString
},
network-address [ 0 ] NumericString OPTIONAL,
terminal-identifier [ 1 ] PrintableString OPTIONAL,
private-domain-name [ 2 ] CHOICE {
numeric NumericString,
printable PrintableString
} OPTIONAL,
organization-name [ 3 ] PrintableString OPTIONAL,
numeric-use-identifier [ 4 ] NumericString OPTIONAL,
personal-name [ 5 ] SET {
surname [ 0 ] PrintableString,
given-name [ 1 ] PrintableString,
initials [ 2 ] PrintableString,
generation-qualifier [ 3 ] PrintableString
} OPTIONAL,
organizational-unit-name [ 6 ] PrintableString OPTIONAL,
}
built-in-domain-defined-attributes SEQUENCE OF {
type PrintableString SIZE(1..64),
value PrintableString SIZE(1..64)
} OPTIONAL
extensionAttributes SET OF SEQUENCE {
extension-attribute-type [ 0 ] INTEGER,
extension-attribute-value [ 1 ] ANY DEFINED BY extension-attribute-type
} OPTIONAL
}
Needless to say, X.400 addresses aren't supported (for readers who've
never seen one before, now you know why they've been so enormously
successful).
Note the special-case encoding of the DirectoryName and EDIPartyName.
This is required because (for the DirectoryName) a Name is actually a
CHOICE { RDNSequence }, and if the tagging were implicit then there'd be
no way to tell which of the CHOICE options was being used:
directoryName [ 4 ] Name OPTIONAL
becomes:
directoryName [ 4 ] CHOICE { RDNSequence } OPTIONAL
which, if implicit tagging is used, would replace the RDNSequence tag with
the [4] tag, making it impossible to determine which of the Name choices
was used (actually there's only one possibility and it's unlikely that
there'll ever be more, but that's what the encoding rules require - X.208,
section 26.7c).
The same applies to the EDIPartyName, this is a DirectoryString which is
a CHOICE of several possible string types. The end result is that:
[ 0 ] DirectoryString
ends up looking like:
[ 0 ] SEQUENCE {
option1 PrintableString OPTIONAL,
option2 T61String OPTIONAL,
option3 UTF8String OPTIONAL,
option4 BMPString OPTIONAL
} */
STATIC_DATA const FAR_BSS ATTRIBUTE_INFO generalNameInfo[] = {
{ NULL, 0,
MKDESC( "generalName.otherName" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_OTHERNAME_TYPEID,
MKDESC( "generalName.otherName.type-id" )
BER_OBJECT_IDENTIFIER, 0,
FL_MORE | FL_OPTIONAL, 3, 32, 0, NULL },
{ NULL, CRYPT_CERTINFO_OTHERNAME_VALUE,
MKDESC( "generalName.otherName.value" )
FIELDTYPE_BLOB, CTAG( 0 ),
FL_MORE | FL_OPTIONAL | FL_EXPLICIT | FL_SEQEND, 3, 512, 0, NULL },
{ NULL, CRYPT_CERTINFO_RFC822NAME,
MKDESC( "generalName.rfc822Name" )
BER_STRING_IA5, CTAG( 1 ),
FL_MORE | FL_OPTIONAL, MIN_RFC822_SIZE, MAX_RFC822_SIZE, 0, ( void * ) checkRFC822 },
{ NULL, CRYPT_CERTINFO_DNSNAME,
MKDESC( "generalName.dNSName" )
BER_STRING_IA5, CTAG( 2 ),
FL_MORE | FL_OPTIONAL, MIN_DNS_SIZE, MAX_DNS_SIZE, 0, ( void * ) checkDNS },
{ NULL, 0,
MKDESC( "generalName.directoryName" )
BER_SEQUENCE, CTAG( 4 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, CRYPT_CERTINFO_DIRECTORYNAME,
MKDESC( "generalName.directoryName.name" )
FIELDTYPE_DN, BER_SEQUENCE,
FL_MORE | FL_OPTIONAL | FL_SEQEND_1, 0, 0, 0, ( void * ) checkDirectoryName },
{ NULL, 0,
MKDESC( "generalName.ediPartyName" )
BER_SEQUENCE, CTAG( 5 ),
FL_MORE | FL_OPTIONAL, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "generalName.ediPartyName.nameAssigner" )
BER_SEQUENCE, CTAG( 0 ),
FL_MORE | FL_OPTIONAL, 1, CRYPT_MAX_TEXTSIZE, 0, NULL },
{ NULL, CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER,
MKDESC( "generalName.ediPartyName.nameAssigner.directoryName" )
BER_STRING_PRINTABLE, 0,
FL_MORE | FL_OPTIONAL, 1, CRYPT_MAX_TEXTSIZE, 0, NULL },
{ NULL, CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER,
MKDESC( "generalName.ediPartyName.nameAssigner.directoryName" )
BER_STRING_T61, 0,
FL_MORE | FL_OPTIONAL | FL_SEQEND, 1, CRYPT_MAX_TEXTSIZE, 0, NULL },
{ NULL, 0,
MKDESC( "generalName.ediPartyName.partyName" )
BER_SEQUENCE, CTAG( 1 ),
FL_MORE, 1, CRYPT_MAX_TEXTSIZE, 0, NULL },
{ NULL, CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME,
MKDESC( "generalName.ediPartyName.partyName.directoryName" )
BER_STRING_PRINTABLE, 0,
FL_MORE | FL_OPTIONAL, 1, CRYPT_MAX_TEXTSIZE, 0, NULL },
{ NULL, CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME,
MKDESC( "generalName.ediPartyName.partyName.directoryName" )
BER_STRING_T61, 0,
FL_MORE | FL_OPTIONAL | FL_SEQEND_2, 1, CRYPT_MAX_TEXTSIZE, 0, NULL },
{ NULL, CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER,
MKDESC( "generalName.uniformResourceIdentifier" )
BER_STRING_IA5, CTAG( 6 ),
FL_MORE | FL_OPTIONAL, MIN_DNS_SIZE, MAX_DNS_SIZE, 0, ( void * ) checkURL },
{ NULL, CRYPT_CERTINFO_IPADDRESS,
MKDESC( "generalName.iPAddress" )
BER_OCTETSTRING, CTAG( 7 ),
FL_MORE | FL_OPTIONAL, 4, 4, 0, NULL },
{ NULL, CRYPT_CERTINFO_REGISTEREDID,
MKDESC( "generalName.registeredID" )
BER_OBJECT_IDENTIFIER, CTAG( 8 ),
FL_OPTIONAL, 3, 32, 0, NULL },
{ NULL, CRYPT_ERROR }
};
/****************************************************************************
* *
* CMS Attribute Definitions *
* *
****************************************************************************/
/* CMS attributes are encoded using the following table */
static const FAR_BSS ATTRIBUTE_INFO cmsAttributeInfo[] = {
/* contentType:
OID = 1 2 840 113549 1 9 3
OBJECT IDENTIFIER */
{ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03" ), CRYPT_CERTINFO_CMS_CONTENTTYPE,
MKDESC( "contentType" )
FIELDTYPE_CHOICE, 0,
0, CRYPT_CONTENT_DATA, CRYPT_CONTENT_LAST, 0, ( void * ) contentTypeInfo },
/* messageDigest:
OID = 1 2 840 113549 1 9 4
OCTET STRING */
{ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x04" ), CRYPT_CERTINFO_CMS_MESSAGEDIGEST,
MKDESC( "messageDigest" )
BER_OCTETSTRING, 0,
0, 16, CRYPT_MAX_HASHSIZE, 0, NULL },
/* signingTime:
OID = 1 2 840 113549 1 9 5
CHOICE {
utcTime UTCTime, -- Up to 2049
generalizedTime GeneralizedTime
} */
{ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x05" ), CRYPT_CERTINFO_CMS_SIGNINGTIME,
MKDESC( "signingTime" )
BER_TIME_UTC, 0,
0, sizeof( time_t ), sizeof( time_t ), 0, NULL },
/* counterSignature:
OID = 1 2 840 113549 1 9 6
CHOICE {
utcTime UTCTime, -- Up to 2049
generalizedTime GeneralizedTime
}
This field isn't an authenticated attribute so it isn't used */
{ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x06" ), CRYPT_CERTINFO_CMS_COUNTERSIGNATURE,
MKDESC( "counterSignature" )
-1, 0,
0, 0, 0, 0, NULL },
/* sMIMECapabilities:
OID = 1 2 840 113549 1 9 15
SEQUENCE OF {
SEQUENCE {
capabilityID OBJECT IDENTIFIER,
parameters ANY DEFINED BY capabilityID
}
} */
{ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0F" ), CRYPT_CERTINFO_CMS_SMIMECAPABILITIES,
MKDESC( "sMIMECapabilities" )
BER_SEQUENCE, 0,
FL_MORE | FL_SETOF, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability (des-EDE3-CBC)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x03\x07" ), CRYPT_CERTINFO_CMS_SMIMECAP_3DES,
MKDESC( "sMIMECapabilities.capability.des-EDE3-CBC" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_NONENCODING | FL_SEQEND, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability (aes128-CBC)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x02" ), CRYPT_CERTINFO_CMS_SMIMECAP_AES,
MKDESC( "sMIMECapabilities.capability.aes128-CBC" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_NONENCODING | FL_SEQEND, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability (cast5CBC)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0A" ), CRYPT_CERTINFO_CMS_SMIMECAP_CAST128,
MKDESC( "sMIMECapabilities.capability.cast5CBC" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_NONENCODING, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability.cast5CBC.parameter" )
FIELDTYPE_BLOB, 0, /* 128-bit key */
FL_MORE | FL_NONENCODING | FL_SEQEND, 0, 0, 4, "\x02\x02\x00\x80" },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability (ideaCBC)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x0B\x2B\x06\x01\x04\x01\x81\x3C\x07\x01\x01\x02" ), CRYPT_CERTINFO_CMS_SMIMECAP_IDEA,
MKDESC( "sMIMECapabilities.capability.ideaCBC (Ascom Tech variant)" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_NONENCODING | FL_SEQEND, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability (rc2CBC)" )
BER_SEQUENCE, 0,
FL_MORE | FL_IDENTIFIER, 0, 0, 0, NULL },
{ MKOID( "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x03\x02" ), CRYPT_CERTINFO_CMS_SMIMECAP_RC2,
MKDESC( "sMIMECapabilities.capability.rc2CBC" )
FIELDTYPE_IDENTIFIER, 0,
FL_MORE | FL_NONENCODING, 0, 0, 0, NULL },
{ NULL, 0,
MKDESC( "sMIMECapabilities.capability.rc2CBC.parameters" )
FIELDTYPE_BLOB, 0, /* 128-bit key */
FL_MORE | FL_NONENCODING | FL_SEQEND, 0, 0, 4, "\x02\x02\x00\x80" },
{ NULL, 0,
MKDE⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -