📄 cryptacl.h
字号:
CRYPT_CERTINFO_CERTREQUEST,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT, ST_NONE, ACCESS_xxx_xWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ), &objectCertRequest ),
MKACL_T( /* CRL/OCSP current-update time */
CRYPT_CERTINFO_THISUPDATE,
ST_CERT_CRL | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* CRL/OCSP next-update time */
CRYPT_CERTINFO_NEXTUPDATE,
ST_CERT_CRL | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* CRL/RTCS/OCSP cert-revocation time */
CRYPT_CERTINFO_REVOCATIONDATE,
ST_CERT_CRL | ST_CERT_RTCS_RESP | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* OCSP revocation status */
CRYPT_CERTINFO_REVOCATIONSTATUS,
ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_OCSPSTATUS_NOTREVOKED, CRYPT_OCSPSTATUS_UNKNOWN ) ),
MKACL_N( /* RTCS certificate status */
CRYPT_CERTINFO_CERTSTATUS,
ST_CERT_RTCS_RESP, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CERTSTATUS_VALID, CRYPT_CERTSTATUS_UNKNOWN ) ),
MKACL_S( /* Currently selected DN in string form */
CRYPT_CERTINFO_DN,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, MAX_ATTRIBUTE_SIZE ) ),
MKACL_S( /* PKI user ID */
CRYPT_CERTINFO_PKIUSER_ID,
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 17, 17 ) ),
MKACL_S( /* PKI user issue password */
CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD,
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 23, 23 ) ),
MKACL_S( /* PKI user revocation password */
CRYPT_CERTINFO_PKIUSER_REVPASSWORD,
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_xxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 23, 23 ) )
MKACL_END()
};
/* Certificate: Name components */
static const FAR_BSS ATTRIBUTE_ACL certNameACL[] = {
MKACL_S( /* countryName */
CRYPT_CERTINFO_COUNTRYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, 2 ) ),
MKACL_WCS( /* stateOrProvinceName */
CRYPT_CERTINFO_STATEORPROVINCENAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
MKACL_WCS( /* localityName */
CRYPT_CERTINFO_LOCALITYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
MKACL_WCS( /* organizationName */
CRYPT_CERTINFO_ORGANIZATIONNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_WCS( /* organizationalUnitName */
CRYPT_CERTINFO_ORGANIZATIONALUNITNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_WCS( /* commonName */
CRYPT_CERTINFO_COMMONNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL | \
ST_CERT_OCSP_RESP | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* otherName.typeID */
CRYPT_CERTINFO_OTHERNAME_TYPEID,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* otherName.value */
CRYPT_CERTINFO_OTHERNAME_VALUE,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* rfc822Name */
CRYPT_CERTINFO_RFC822NAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_RFC822_SIZE, MAX_RFC822_SIZE ) ),
MKACL_S( /* dNSName */
CRYPT_CERTINFO_DNSNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_DNS_SIZE, MAX_DNS_SIZE ) ),
MKACL_N( /* directoryName */
CRYPT_CERTINFO_DIRECTORYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_S( /* ediPartyName.nameAssigner */
CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* ediPartyName.partyName */
CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
MKACL_S( /* uniformResourceIdentifier */
CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_EX( /* iPAddress */
CRYPT_CERTINFO_IPADDRESS, ATTRIBUTE_VALUE_STRING,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD, 0,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE_ALLOWEDVALUES, allowedIPAddressSizes ),
MKACL_S( /* registeredID */
CRYPT_CERTINFO_REGISTEREDID,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) )
MKACL_END()
};
/* Certificate: Extensions */
static const FAR_BSS ATTRIBUTE_ACL certExtensionACL[] = {
/* 1 2 840 113549 1 9 7 challengePassword. This is here even though it's
a CMS attribute because SCEP stuffs it into PKCS #10 requests */
MKACL_S( /* nonce */
CRYPT_CERTINFO_CHALLENGEPASSWORD,
ST_CERT_CERTREQ, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
/* 1 3 6 1 4 1 3029 3 1 4 cRLExtReason */
MKACL_N( /* cRLExtReason */
CRYPT_CERTINFO_CRLEXTREASON,
ST_CERT_CRL | ST_CERT_REQ_REV, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CRLREASON_UNSPECIFIED, CRYPT_CRLEXTREASON_LAST - 1 ) ),
/* 1 3 6 1 4 1 3029 3 1 5 keyFeatures */
MKACL_N( /* keyFeatures */
CRYPT_CERTINFO_KEYFEATURES,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 7 ) ),
/* 1 3 6 1 5 5 7 1 1 authorityInfoAccess */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_AUTHORITYINFOACCESS,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_RTCS,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_OCSP,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_TIMESTAMPING,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 6 1 5 5 7 48 1 2 ocspNonce */
MKACL_S( /* nonce */
CRYPT_CERTINFO_OCSP_NONCE,
ST_CERT_OCSP_REQ | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
/* 1 3 6 1 5 5 7 48 1 4 ocspAcceptableResponses */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_OCSP_RESPONSE,
ST_CERT_OCSP_REQ, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* OCSP standard response */
CRYPT_CERTINFO_OCSP_RESPONSE_OCSP,
ST_CERT_OCSP_REQ, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 6 1 5 5 7 48 1 5 ocspNoCheck */
MKACL_N( /* noCheck */
CRYPT_CERTINFO_OCSP_NOCHECK,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_UNUSED, CRYPT_UNUSED ) ),
/* 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff */
MKACL_T( /* archiveCutoff */
CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF,
ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 6 1 5 5 7 48 1 11 subjectInfoAccess */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SUBJECTINFOACCESS,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 36 8 3 1 dateOfCertGen */
MKACL_T( /* dateOfCertGen */
CRYPT_CERTINFO_SIGG_DATEOFCERTGEN,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 36 8 3 2 procuration */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SIGG_PROCURATION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* country */
CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, 2 ) ),
MKACL_S( /* typeOfSubstitution */
CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
MKACL_N( /* signingFor.thirdPerson */
CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 36 8 3 4 monetaryLimit */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SIGG_MONETARYLIMIT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* currency */
CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 3 ) ),
MKACL_N( /* amount */
CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 255 ) ),
MKACL_N( /* exponent */
CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 255 ) ),
/* 1 3 36 8 3 8 restriction */
MKACL_S( /* restriction */
CRYPT_CERTINFO_SIGG_RESTRICTION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
/* 1 3 101 1 4 1 strongExtranet */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_STRONGEXTRANET,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* sxNetIDList.sxNetID.zone */
CRYPT_CERTINFO_STRONGEXTRANET_ZONE,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, RANGE_MAX ) ),
MKACL_S( /* sxNetIDList.sxNetID.id */
CRYPT_CERTINFO_STRONGEXTRANET_ID,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
/* 2 5 29 9 subjectDirectoryAttributes */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* attribute.type */
CRYPT_CERTINFO_SUBJECTDIR_TYPE,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
MKACL_S( /* attribute.values */
CRYPT_CERTINFO_SUBJECTDIR_VALUES,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -