📄 attr_acl.c
字号:
MKACL_B( /* onlyContainsCACerts */
CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* onlySomeReasons */
CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CRLREASONFLAG_UNUSED, CRYPT_CRLREASONFLAG_LAST - 1 ) ),
MKACL_B( /* indirectCRL */
CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 2 5 29 29 certificateIssuer */
MKACL_N( /* certificateIssuer */
CRYPT_CERTINFO_CERTIFICATEISSUER,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 2 5 29 30 nameConstraints */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_NAMECONSTRAINTS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* permittedSubtrees */
CRYPT_CERTINFO_PERMITTEDSUBTREES,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* excludedSubtrees */
CRYPT_CERTINFO_EXCLUDEDSUBTREES,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 2 5 29 31 cRLDistributionPoint */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* distributionPointName.fullName */
CRYPT_CERTINFO_CRLDIST_FULLNAME,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* reasons */
CRYPT_CERTINFO_CRLDIST_REASONS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CRLREASONFLAG_UNUSED, CRYPT_CRLREASONFLAG_LAST - 1 ) ),
MKACL_N( /* cRLIssuer */
CRYPT_CERTINFO_CRLDIST_CRLISSUER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT | \
ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 2 5 29 32 certificatePolicies */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_CERTIFICATEPOLICIES,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* policyInformation.policyIdentifier */
CRYPT_CERTINFO_CERTPOLICYID,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
MKACL_S( /* policyInformation.policyQualifiers.qualifier.cPSuri */
CRYPT_CERTINFO_CERTPOLICY_CPSURI,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.organization */
CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 200 ) ),
MKACL_N( /* policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.noticeNumbers */
CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 1024 ) ),
MKACL_S( /* policyInformation.policyQualifiers.qualifier.userNotice.explicitText */
CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 200 ) ),
/* 2 5 29 33 policyMappings */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_POLICYMAPPINGS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* policyMappings.issuerDomainPolicy */
CRYPT_CERTINFO_ISSUERDOMAINPOLICY,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
MKACL_S( /* policyMappings.subjectDomainPolicy */
CRYPT_CERTINFO_SUBJECTDOMAINPOLICY,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
/* 2 5 29 35 authorityKeyIdentifier */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* keyIdentifier */
CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
MKACL_N( /* authorityCertIssuer */
CRYPT_CERTINFO_AUTHORITY_CERTISSUER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_S( /* authorityCertSerialNumber */
CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 32 ) ),
/* 2 5 29 36 policyConstraints */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_POLICYCONSTRAINTS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* policyConstraints.requireExplicitPolicy */
CRYPT_CERTINFO_REQUIREEXPLICITPOLICY,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 64 ) ),
MKACL_N( /* policyConstraints.inhibitPolicyMapping */
CRYPT_CERTINFO_INHIBITPOLICYMAPPING,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 64 ) ),
/* 2 5 29 37 extKeyUsage */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_EXTKEYUSAGE,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* individualCodeSigning */
CRYPT_CERTINFO_EXTKEY_MS_INDIVIDUALCODESIGNING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* commercialCodeSigning */
CRYPT_CERTINFO_EXTKEY_MS_COMMERCIALCODESIGNING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* certTrustListSigning */
CRYPT_CERTINFO_EXTKEY_MS_CERTTRUSTLISTSIGNING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* timeStampSigning */
CRYPT_CERTINFO_EXTKEY_MS_TIMESTAMPSIGNING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* serverGatedCrypto */
CRYPT_CERTINFO_EXTKEY_MS_SERVERGATEDCRYPTO,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* encrypedFileSystem */
CRYPT_CERTINFO_EXTKEY_MS_ENCRYPTEDFILESYSTEM,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* serverAuth */
CRYPT_CERTINFO_EXTKEY_SERVERAUTH,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* clientAuth */
CRYPT_CERTINFO_EXTKEY_CLIENTAUTH,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* codeSigning */
CRYPT_CERTINFO_EXTKEY_CODESIGNING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* emailProtection */
CRYPT_CERTINFO_EXTKEY_EMAILPROTECTION,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* ipsecEndSystem */
CRYPT_CERTINFO_EXTKEY_IPSECENDSYSTEM,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* ipsecTunnel */
CRYPT_CERTINFO_EXTKEY_IPSECTUNNEL,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* ipsecUser */
CRYPT_CERTINFO_EXTKEY_IPSECUSER,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* timeStamping */
CRYPT_CERTINFO_EXTKEY_TIMESTAMPING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* ocspSigning */
CRYPT_CERTINFO_EXTKEY_OCSPSIGNING,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* directoryService */
CRYPT_CERTINFO_EXTKEY_DIRECTORYSERVICE,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* anyExtendedKeyUsage */
/* This extension exists solely as a bugfix for a circular
definition in the PKIX RFC and introduces a number of further
problems, to avoid falling into this rathole we don't allow
the creation of certs with this usage type */
CRYPT_CERTINFO_EXTKEY_ANYKEYUSAGE,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* serverGatedCrypto */
CRYPT_CERTINFO_EXTKEY_NS_SERVERGATEDCRYPTO,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* serverGatedCrypto CA */
CRYPT_CERTINFO_EXTKEY_VS_SERVERGATEDCRYPTO_CA,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 2 5 29 46 freshestCRL */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_FRESHESTCRL,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* distributionPointName.fullName */
CRYPT_CERTINFO_FRESHESTCRL_FULLNAME,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* reasons */
CRYPT_CERTINFO_FRESHESTCRL_REASONS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CRLREASONFLAG_UNUSED, CRYPT_CRLREASONFLAG_LAST - 1 ) ),
MKACL_N( /* cRLIssuer */
CRYPT_CERTINFO_FRESHESTCRL_CRLISSUER,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_ATTRCERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 2 5 29 54 inhibitAnyPolicy */
MKACL_N( /* inhibitAnyPolicy */
CRYPT_CERTINFO_INHIBITANYPOLICY,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 64 ) ),
/* 2 16 840 1 113730 1 x Netscape extensions (obsolete) */
MKACL_N( /* netscape-cert-type */
/* This attribute can't normally be set, however when creating a
template of disallowed attributes to apply to an about-to-be-
issued cert we need to be able to set it to mask out any
attributes of this type that may have come in via a cert
request */
CRYPT_CERTINFO_NS_CERTTYPE,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_SPECIAL_Rxx_RWx_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_NS_CERTTYPE_SSLCLIENT, CRYPT_NS_CERTTYPE_LAST - 1 ) ),
MKACL_S( /* netscape-base-url */
CRYPT_CERTINFO_NS_BASEURL,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* netscape-revocation-url */
CRYPT_CERTINFO_NS_REVOCATIONURL,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* netscape-ca-revocation-url */
CRYPT_CERTINFO_NS_CAREVOCATIONURL,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* netscape-cert-renewal-url */
CRYPT_CERTINFO_NS_CERTRENEWALURL,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* netscape-ca-policy-url */
CRYPT_CERTINFO_NS_CAPOLICYURL,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* netscape-ssl-server-name */
CRYPT_CERTINFO_NS_SSLSERVERNAME,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
MKACL_S( /* netscape-comment */
CRYPT_CERTINFO_NS_COMMENT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, MAX_ATTRIBUTE_SIZE ) ),
/* 2 23 42 7 0 SET hashedRootKey */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SET_HASHEDROOTKEY,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFIC⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -