📄 attr_acl.c
字号:
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_AUTHORITYINFO_CRLS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 6 1 5 5 7 1 2 biometricInfo */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_BIOMETRICINFO,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* biometricData.typeOfData */
CRYPT_CERTINFO_BIOMETRICINFO_TYPE,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 1 ) ),
MKACL_S( /* biometricData.hashAlgorithm */
CRYPT_CERTINFO_BIOMETRICINFO_HASHALGO,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
MKACL_S( /* biometricData.dataHash */
CRYPT_CERTINFO_BIOMETRICINFO_HASH,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 16, CRYPT_MAX_HASHSIZE ) ),
MKACL_S( /* biometricData.sourceDataUri */
CRYPT_CERTINFO_BIOMETRICINFO_URL,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( MIN_URL_SIZE, MAX_URL_SIZE ) ),
/* 1 3 6 1 5 5 7 1 3 qcStatements */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_QCSTATEMENT,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* qcStatement.statementInfo.semanticsIdentifier */
CRYPT_CERTINFO_QCSTATEMENT_SEMANTICS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
MKACL_N( /* qcStatement.statementInfo.nameRegistrationAuthorities */
/* This is a GeneralName selector so it can't be written to directly */
CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 6 1 5 5 7 48 1 2 ocspNonce */
MKACL_S( /* nonce */
CRYPT_CERTINFO_OCSP_NONCE,
ST_CERT_OCSP_REQ | ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
/* 1 3 6 1 5 5 7 48 1 4 ocspAcceptableResponses */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_OCSP_RESPONSE,
ST_CERT_OCSP_REQ, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* OCSP standard response */
CRYPT_CERTINFO_OCSP_RESPONSE_OCSP,
ST_CERT_OCSP_REQ, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 6 1 5 5 7 48 1 5 ocspNoCheck */
MKACL_N( /* noCheck */
CRYPT_CERTINFO_OCSP_NOCHECK,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_UNUSED, CRYPT_UNUSED ) ),
/* 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff */
MKACL_T( /* archiveCutoff */
CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF,
ST_CERT_OCSP_RESP, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 6 1 5 5 7 48 1 11 subjectInfoAccess. The values are GeneralName
selectors so the ACL doesn't allow writes, since they can only be
used to select the GeneralName that's written to */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SUBJECTINFOACCESS,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_N( /* accessDescription.accessLocation */
CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
ST_CERT_CERT | ST_CERT_CERTCHAIN | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 36 8 3 1 dateOfCertGen */
MKACL_T( /* dateOfCertGen */
CRYPT_CERTINFO_SIGG_DATEOFCERTGEN,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 1 3 36 8 3 2 procuration */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SIGG_PROCURATION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* country */
CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 2, 2 ) ),
MKACL_S( /* typeOfSubstitution */
CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
MKACL_N( /* signingFor.thirdPerson */
CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 1 3 36 8 3 4 monetaryLimit */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SIGG_MONETARYLIMIT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* currency */
CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 3 ) ),
MKACL_N( /* amount */
CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 255 ) ),
MKACL_N( /* exponent */
CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 255 ) ),
/* 1 3 36 8 3 8 restriction */
MKACL_S( /* restriction */
CRYPT_CERTINFO_SIGG_RESTRICTION,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 128 ) ),
/* 1 3 101 1 4 1 strongExtranet */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_STRONGEXTRANET,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* sxNetIDList.sxNetID.zone */
CRYPT_CERTINFO_STRONGEXTRANET_ZONE,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, RANGE_MAX ) ),
MKACL_S( /* sxNetIDList.sxNetID.id */
CRYPT_CERTINFO_STRONGEXTRANET_ID,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
/* 2 5 29 9 subjectDirectoryAttributes */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_S( /* attribute.type */
CRYPT_CERTINFO_SUBJECTDIR_TYPE,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 3, 32 ) ),
MKACL_S( /* attribute.values */
CRYPT_CERTINFO_SUBJECTDIR_VALUES,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_Rxx,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, MAX_ATTRIBUTE_SIZE ) ),
/* 2 5 29 14 subjectKeyIdentifier */
MKACL_S( /* subjectKeyIdentifier */
CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 1, 64 ) ),
/* 2 5 29 15 keyUsage */
MKACL_N( /* keyUsage */
CRYPT_CERTINFO_KEYUSAGE,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_KEYUSAGE_NONE + 1, CRYPT_KEYUSAGE_LAST + 1 ) ),
/* 2 5 29 16 privateKeyUsagePeriod */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_PRIVATEKEYUSAGEPERIOD,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* notBefore */
CRYPT_CERTINFO_PRIVATEKEY_NOTBEFORE,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_T( /* notBefore */
CRYPT_CERTINFO_PRIVATEKEY_NOTAFTER,
ST_CERT_CERT | ST_CERT_CERTCHAIN, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 2 5 29 17 subjectAltName */
MKACL_N( /* subjectAltName */
CRYPT_CERTINFO_SUBJECTALTNAME,
ST_CERT_ANY_CERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 2 5 29 18 issuerAltName */
MKACL_N( /* issuerAltName */
CRYPT_CERTINFO_ISSUERALTNAME,
ST_CERT_ANY_CERT, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
/* 2 5 29 19 basicConstraints */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_BASICCONSTRAINTS,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* cA */
CRYPT_CERTINFO_CA,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* pathLenConstraint */
CRYPT_CERTINFO_PATHLENCONSTRAINT,
ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | ST_CERT_PKIUSER, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, 64 ) ),
/* 2 5 29 20 cRLNumber */
MKACL_N( /* cRLNumber */
CRYPT_CERTINFO_CRLNUMBER,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, RANGE_MAX ) ),
/* 2 5 29 21 cRLReason */
MKACL_N( /* cRLReason */
/* We allow a range up to the last extended reason because the cert-
handling code transparently maps one to the other to provide the
illusion of a unified crlReason attribute */
CRYPT_CERTINFO_CRLREASON,
ST_CERT_CRL | ST_CERT_REQ_REV, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CRLREASON_UNSPECIFIED, CRYPT_CRLEXTREASON_LAST - 1 ) ),
/* 2 5 29 23 holdInstructionCode */
MKACL_N( /* holdInstructionCode */
CRYPT_CERTINFO_HOLDINSTRUCTIONCODE,
ST_CERT_CRL | ST_CERT_REQ_REV, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_HOLDINSTRUCTION_NONE + 1, CRYPT_HOLDINSTRUCTION_LAST - 1 ) ),
/* 2 5 29 24 invalidityDate */
MKACL_T( /* invalidityDate */
CRYPT_CERTINFO_INVALIDITYDATE,
ST_CERT_CRL | ST_CERT_REQ_REV, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
/* 2 5 29 27 deltaCRLIndicator */
MKACL_N( /* deltaCRLIndicator */
CRYPT_CERTINFO_DELTACRLINDICATOR,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( 0, RANGE_MAX ) ),
/* 2 5 29 28 issuingDistributionPoint */
MKACL_B( /* Extension present flag */
CRYPT_CERTINFO_ISSUINGDISTRIBUTIONPOINT,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* distributionPointName.fullName */
CRYPT_CERTINFO_ISSUINGDIST_FULLNAME,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RxD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( FALSE, TRUE ) ),
MKACL_B( /* onlyContainsUserCerts */
CRYPT_CERTINFO_ISSUINGDIST_USERCERTSONLY,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_B( /* onlyContainsCACerts */
CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
MKACL_N( /* onlySomeReasons */
CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ),
RANGE( CRYPT_CRLREASONFLAG_UNUSED, CRYPT_CRLREASONFLAG_LAST - 1 ) ),
MKACL_B( /* indirectCRL */
CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL,
ST_CERT_CRL, ST_NONE, ACCESS_Rxx_RWD,
ROUTE( OBJECT_TYPE_CERTIFICATE ) ),
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -