📄 ext_def.c
字号:
sourceDataUri IA5String OPTIONAL
}
} */
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x02" ), CRYPT_CERTINFO_BIOMETRICINFO,
MKDESC( "biometricInfo" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_LEVEL_PKIX_FULL | FL_VALID_CERT | FL_SETOF, RANGE_NONE },
{ NULL, 0,
MKDESC( "biometricInfo.biometricData" )
ENCODING( BER_SEQUENCE ),
FL_MORE, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_BIOMETRICINFO_TYPE,
MKDESC( "biometricInfo.biometricData.typeOfData" )
ENCODING( BER_INTEGER ),
FL_MORE | FL_MULTIVALUED, RANGE( 0, 1 ) },
{ NULL, CRYPT_CERTINFO_BIOMETRICINFO_HASHALGO,
MKDESC( "biometricInfo.biometricData.hashAlgorithm" )
ENCODING( BER_OBJECT_IDENTIFIER ),
FL_MORE | FL_MULTIVALUED, RANGE_OID },
{ NULL, CRYPT_CERTINFO_BIOMETRICINFO_HASH,
MKDESC( "biometricInfo.biometricData.dataHash" )
ENCODING( BER_OCTETSTRING ),
FL_MORE | FL_MULTIVALUED, RANGE( 16, CRYPT_MAX_HASHSIZE ) },
{ NULL, CRYPT_CERTINFO_BIOMETRICINFO_URL,
MKDESC( "biometricInfo.biometricData.sourceDataUri" )
ENCODING( BER_STRING_IA5 ),
FL_OPTIONAL | FL_MULTIVALUED | FL_SEQEND_2 /*FL_SEQEND*/, CHECK_URL },
/* qcStatements
OID = 1 3 6 1 5 5 7 1 3
critical = TRUE
SEQUENCE OF {
SEQUENCE {
statementID OBJECT IDENTIFIER,
statementInfo SEQUENCE {
semanticsIdentifier OBJECT IDENTIFIER OPTIONAL,
nameRegistrationAuthorities SEQUENCE OF GeneralName
}
}
There are two versions of the statementID OID, one for RFC 3039 and
the other for RFC 3739 (which are actually identical except where
they're not). To handle this we preferentially encode the RFC 3739
(v2) OID but allow the v1 OID as a fallback by marking both as
optional */
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x03" ), CRYPT_CERTINFO_QCSTATEMENT,
MKDESC( "qcStatements" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_LEVEL_PKIX_FULL | FL_CRITICAL | FL_VALID_CERT | FL_SETOF, RANGE_NONE },
{ NULL, 0,
MKDESC( "qcStatements.qcStatement (statementID)" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_IDENTIFIER, RANGE_NONE },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x0B\x02" ), 0,
MKDESC( "qcStatements.qcStatement.statementID (1 3 6 1 5 5 7 11 2)" )
ENCODING( FIELDTYPE_IDENTIFIER ),
FL_MORE | FL_OPTIONAL, RANGE_NONE },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x0B\x01" ), 0,
MKDESC( "qcStatements.qcStatement.statementID (Backwards-compat.) (1 3 6 1 5 5 7 11 1)" )
ENCODING( FIELDTYPE_IDENTIFIER ),
FL_MORE | FL_OPTIONAL, RANGE_NONE },
{ NULL, 0,
MKDESC( "qcStatements.qcStatement.statementInfo (statementID)" )
ENCODING( BER_SEQUENCE ),
FL_MORE, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_QCSTATEMENT_SEMANTICS,
MKDESC( "qcStatements.qcStatement.statementInfo.semanticsIdentifier (statementID)" )
ENCODING( BER_OBJECT_IDENTIFIER ),
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, RANGE_OID },
{ NULL, 0,
MKDESC( "qcStatements.qcStatement.statementInfo.nameRegistrationAuthorities (statementID)" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_SETOF, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY,
MKDESC( "qcStatements.qcStatement.statementInfo.nameRegistrationAuthorities.generalNames" )
ENCODING( FIELDTYPE_SUBTYPED ),
FL_MULTIVALUED | FL_NONEMPTY | FL_SEQEND_3 /* Really _4*/, ENCODED_OBJECT( generalNameInfo ) },
/* subjectInfoAccess:
OID = 1 3 6 1 5 5 7 1 11
SEQUENCE SIZE (1...MAX) OF {
SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
} */
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x0B" ), CRYPT_CERTINFO_SUBJECTINFOACCESS,
MKDESC( "subjectInfoAccess" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_LEVEL_STANDARD | FL_VALID_CERT | FL_SETOF, RANGE_NONE },
{ NULL, 0,
MKDESC( "subjectInfoAccess.accessDescription (timeStamping)" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_IDENTIFIER, RANGE_NONE },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x03" ), 0,
MKDESC( "subjectInfoAccess.timeStamping (1 3 6 1 5 5 7 48 3)" )
ENCODING( FIELDTYPE_IDENTIFIER ),
FL_MORE, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
MKDESC( "subjectInfoAccess.accessDescription.accessLocation (timeStamping)" )
ENCODING( FIELDTYPE_SUBTYPED ),
FL_MORE | FL_NONEMPTY | FL_MULTIVALUED | FL_OPTIONAL | FL_SEQEND, ENCODED_OBJECT( generalNameInfo ) },
{ NULL, 0,
MKDESC( "subjectInfoAccess.accessDescription (caRepository)" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_IDENTIFIER, RANGE_NONE },
{ MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x05" ), 0,
MKDESC( "subjectInfoAccess.caRepository (1 3 6 1 5 5 7 48 5)" )
ENCODING( FIELDTYPE_IDENTIFIER ),
FL_MORE, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
MKDESC( "subjectInfoAccess.accessDescription.accessLocation (timeStamping)" )
ENCODING( FIELDTYPE_SUBTYPED ),
FL_MORE | FL_NONEMPTY | FL_MULTIVALUED | FL_OPTIONAL | FL_SEQEND, ENCODED_OBJECT( generalNameInfo ) },
{ NULL, 0,
MKDESC( "subjectInfoAccess.accessDescription (catchAll)" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_IDENTIFIER, RANGE_NONE },
{ NULL, 0,
MKDESC( "subjectInfoAccess.catchAll" )
ENCODING( FIELDTYPE_BLOB ), /* Match anything and ignore it */
FL_OPTIONAL | FL_NONENCODING | FL_SEQEND_2 /*FL_SEQEND*/, RANGE_NONE },
/* ocspNonce:
OID = 1 3 6 1 5 5 7 48 1 2
nonce INTEGER
This value was supposed to be an INTEGER, however while specifying a
million pieces of uneecessary braindamage OCSP forgot to actually
define this anywhere in the spec. Because of this it's possible to
get other stuff here as well, the worst-case being OpenSSL 0.9.6/
0.9.7a-c which just dumps a raw blob (not even valid ASN.1 data) in
here. We can't do anything with this since we need at least
something DER-encoded to be able to read it. OpenSSL 0.9.7d and
later used an OCTET STRING so we use the same trick as we do for the
certPolicy IA5String/VisibleString duality where we define the field
as if it were a CHOICE { INTEGER, OCTET STRING } with the INTEGER
first to make sure that we encode that preferentially.
In addition although the nonce should be an INTEGER data value it's
really an INTEGER equivalent of an OCTET STRING hole so we call it an
octet string to make sure that it gets handled appropriately.
Finally, we set the en/decoding level to FL_LEVEL_OBLIVIOUS to make
sure that it's still encoded even in oblivious mode, if we don't do
this then a nonce in a request won't be returned in the response if
the user is running at a reduced compliance level */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02" ), CRYPT_CERTINFO_OCSP_NONCE,
MKDESC( "ocspNonce" )
ENCODING_ALIAS( BER_OCTETSTRING, BER_INTEGER ), /* Actually an INTEGER hole */
FL_MORE | FL_LEVEL_OBLIVIOUS | FL_VALID_OCSPREQ | FL_VALID_OCSPRESP | FL_OPTIONAL | FL_ALIAS, RANGE( 1, 64 ) },
{ NULL, CRYPT_CERTINFO_OCSP_NONCE,
MKDESC( "ocspNonce (Kludge)" )
ENCODING( BER_OCTETSTRING ),
FL_OPTIONAL, RANGE( 1, 64 ) },
/* ocspAcceptableResponses:
OID = 1 3 6 1 5 5 7 48 1 4
SEQUENCE {
oidInstance1 OPTIONAL,
oidInstance2 OPTIONAL,
...
oidInstanceN OPTIONAL
} */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x04" ), CRYPT_CERTINFO_OCSP_RESPONSE,
MKDESC( "ocspAcceptableResponses" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_NONEMPTY | FL_LEVEL_STANDARD | FL_VALID_CERTREQ | FL_VALID_CERT, RANGE_NONE },
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01" ), CRYPT_CERTINFO_OCSP_RESPONSE_OCSP,
MKDESC( "ocspAcceptableResponses.ocsp (1 3 6 1 5 5 7 48 1 1)" )
ENCODING( FIELDTYPE_IDENTIFIER ),
FL_OPTIONAL | FL_SEQEND /*NONE*/, RANGE_NONE },
/* ocspNoCheck:
OID = 1 3 6 1 5 5 7 48 1 5
critical = FALSE
NULL
This value is treated as a pseudo-numeric value that must be
CRYPT_UNUSED when written and is explicitly set to CRYPT_UNUSED when
read */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x05" ), CRYPT_CERTINFO_OCSP_NOCHECK,
MKDESC( "ocspNoCheck" )
ENCODING( BER_NULL ),
FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT | FL_VALID_CERTREQ | FL_NONENCODING, RANGE_UNUSED },
/* ocspArchiveCutoff:
OID = 1 3 6 1 5 5 7 48 1 6
archiveCutoff GeneralizedTime */
{ MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x06" ), CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF,
MKDESC( "ocspArchiveCutoff" )
ENCODING( BER_TIME_GENERALIZED ),
FL_LEVEL_PKIX_PARTIAL | FL_VALID_OCSPRESP, RANGE_TIME },
/* dateOfCertGen
OID = 1 3 36 8 3 1
dateOfCertGen GeneralizedTime */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x01" ), CRYPT_CERTINFO_SIGG_DATEOFCERTGEN,
MKDESC( "dateOfCertGen" )
ENCODING( BER_TIME_GENERALIZED ),
FL_LEVEL_PKIX_FULL | FL_VALID_CERT, RANGE_TIME },
/* procuration
OID = 1 3 36 8 3 2
SEQUENCE OF {
country PrintableString SIZE(2) OPTIONAL,
typeOfSubstitution [0] PrintableString OPTIONAL,
signingFor GeneralName
} */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x02" ), CRYPT_CERTINFO_SIGG_PROCURATION,
MKDESC( "procuration" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_VALID_CERTREQ | FL_VALID_CERT | FL_SETOF, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY,
MKDESC( "procuration.country" )
ENCODING( BER_STRING_PRINTABLE ),
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, RANGE( 2, 2 ) },
{ NULL, CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION,
MKDESC( "procuration.typeOfSubstitution" )
ENCODING_TAGGED( BER_STRING_PRINTABLE, 0 ),
FL_MORE | FL_MULTIVALUED | FL_OPTIONAL, RANGE( 1, 128 ) },
{ NULL, CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
MKDESC( "procuration.signingFor.thirdPerson" )
ENCODING( FIELDTYPE_SUBTYPED ),
FL_MULTIVALUED | FL_SEQEND /*NONE*/ | FL_NONEMPTY, ENCODED_OBJECT( generalNameInfo ) },
/* monetaryLimit
OID = 1 3 36 8 3 4
SEQUENCE {
currency PrintableString SIZE(3),
amount INTEGER,
exponent INTEGER
} */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x04" ), CRYPT_CERTINFO_SIGG_MONETARYLIMIT,
MKDESC( "monetaryLimit" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_LEVEL_PKIX_FULL | FL_VALID_CERTREQ | FL_VALID_CERT, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY,
MKDESC( "monetaryLimit.currency" )
ENCODING( BER_STRING_PRINTABLE ),
FL_MORE, RANGE( 3, 3 ) },
{ NULL, CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT,
MKDESC( "monetaryLimit.amount" )
ENCODING( BER_INTEGER ),
FL_MORE, RANGE( 1, 255 ) }, /* That's what the spec says */
{ NULL, CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT,
MKDESC( "monetaryLimit.exponent" )
ENCODING( BER_INTEGER ),
FL_SEQEND /*NONE*/, RANGE( 0, 255 ) },
/* restriction
OID = 1 3 36 8 3 8
restriction PrintableString */
{ MKOID( "\x06\x05\x2B\x24\x08\x03\x08" ), CRYPT_CERTINFO_SIGG_RESTRICTION,
MKDESC( "restriction" )
ENCODING( BER_STRING_PRINTABLE ),
FL_LEVEL_PKIX_FULL | FL_VALID_CERT, RANGE( 1, 128 ) },
/* strongExtranet:
OID = 1 3 101 1 4 1
SEQUENCE {
version INTEGER (0),
SEQUENCE OF {
SEQUENCE {
zone INTEGER,
id OCTET STRING (SIZE(1..64))
}
}
} */
{ MKOID( "\x06\x05\x2B\x65\x01\x04\x01" ), CRYPT_CERTINFO_STRONGEXTRANET,
MKDESC( "strongExtranet" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERTREQ | FL_VALID_CERT, RANGE_NONE },
{ NULL, 0,
MKDESC( "strongExtranet.version" )
ENCODING( FIELDTYPE_BLOB ), /* Always 0 */
FL_MORE | FL_NONENCODING, 0, 0, 3, "\x02\x01\x00" },
{ NULL, 0,
MKDESC( "strongExtranet.sxNetIDList" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_SETOF, RANGE_NONE },
{ NULL, 0,
MKDESC( "strongExtranet.sxNetIDList.sxNetID" )
ENCODING( BER_SEQUENCE ),
FL_MORE, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_STRONGEXTRANET_ZONE,
MKDESC( "strongExtranet.sxNetIDList.sxNetID.zone" )
ENCODING( BER_INTEGER ),
FL_MORE, RANGE( 0, MAX_INTLENGTH ) },
{ NULL, CRYPT_CERTINFO_STRONGEXTRANET_ID,
MKDESC( "strongExtranet.sxNetIDList.sxnetID.id" )
ENCODING( BER_OCTETSTRING ),
FL_SEQEND_3 /*FL_SEQEND_2*/, RANGE( 1, 64 ) },
/* subjectDirectoryAttributes:
OID = 2 5 29 9
SEQUENCE SIZE (1..MAX) OF {
SEQUENCE {
type OBJECT IDENTIFIER,
values SET OF ANY -- SIZE (1)
} */
{ MKOID( "\x06\x03\x55\x1D\x09" ), CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES,
MKDESC( "subjectDirectoryAttributes" )
ENCODING( BER_SEQUENCE ),
FL_MORE | FL_LEVEL_PKIX_PARTIAL | FL_VALID_CERT | FL_SETOF, RANGE_NONE },
{ NULL, 0,
MKDESC( "subjectDirectoryAttributes.attribute" )
ENCODING( BER_SEQUENCE ),
FL_MORE, RANGE_NONE },
{ NULL, CRYPT_CERTINFO_SUBJECTDIR_TYPE,
MKDESC( "subjectDirectoryAttributes.attribute.type" )
ENCODING( BER_OBJECT_IDENTIFIER ),
FL_MORE | FL_MULTIVALUED, RANGE_OID },
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -