playground
/
menu-clock-macos
mirror of https://github.com/n0shake/Clocker.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 Commits
8 Branches
21 Tags
72 MiB
 
 
 
 
 
Tree: 1cf5abfd96
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1cf5abfd96'
${ noResults }
menu-clock-macos/Clocker/Frameworks/Security.framework/Versions/A/Headers/certextensions.h

640 lines
21 KiB
Raw Blame History

/*
* Copyright (c) 2000-2004,2011,2014 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*
* CertExtensions.h -- X.509 Cert Extensions as C structs
*/
#ifndef _CERT_EXTENSIONS_H_
#define _CERT_EXTENSIONS_H_
#include <Security/cssmtype.h>
/***
*** Structs for declaring extension-specific data.
***/
/*
* GeneralName, used in AuthorityKeyID, SubjectAltName, and
* IssuerAltName.
*
* For now, we just provide explicit support for the types which are
* represented as IA5Strings, OIDs, and octet strings. Constructed types
* such as EDIPartyName and x400Address are not explicitly handled
* right now and must be encoded and decoded by the caller. (See exception
* for Name and OtherName, below). In those cases the CE_GeneralName.name.Data field
* represents the BER contents octets; CE_GeneralName.name.Length is the
* length of the contents; the tag of the field is not needed - the BER
* encoding uses context-specific implicit tagging. The berEncoded field
* is set to CSSM_TRUE in these case. Simple types have berEncoded = CSSM_FALSE.
*
* In the case of a GeneralName in the form of a Name, we parse the Name
* into a CSSM_X509_NAME and place a pointer to the CSSM_X509_NAME in the
* CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to
* sizeof(CSSM_X509_NAME). In this case berEncoded is false.
*
* In the case of a GeneralName in the form of a OtherName, we parse the fields
* into a CE_OtherName and place a pointer to the CE_OtherName in the
* CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to
* sizeof(CE_OtherName). In this case berEncoded is false.
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
* GeneralName ::= CHOICE {
* otherName [0] OtherName
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER}
*
* OtherName ::= SEQUENCE {
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*
* EDIPartyName ::= SEQUENCE {
* nameAssigner [0] DirectoryString OPTIONAL,
* partyName [1] DirectoryString }
*/
typedef enum __CE_GeneralNameType {
GNT_OtherName = 0,
GNT_RFC822Name,
GNT_DNSName,
GNT_X400Address,
GNT_DirectoryName,
GNT_EdiPartyName,
GNT_URI,
GNT_IPAddress,
GNT_RegisteredID
} CE_GeneralNameType;
typedef struct __CE_OtherName {
CSSM_OID typeId;
CSSM_DATA value; // unparsed, BER-encoded
} CE_OtherName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_GeneralName {
CE_GeneralNameType nameType; // GNT_RFC822Name, etc.
CSSM_BOOL berEncoded;
CSSM_DATA name;
} CE_GeneralName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_GeneralNames {
uint32 numNames;
CE_GeneralName *generalName;
} CE_GeneralNames DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
*
* AuthorityKeyIdentifier ::= SEQUENCE {
* keyIdentifier [0] KeyIdentifier OPTIONAL,
* authorityCertIssuer [1] GeneralNames OPTIONAL,
* authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
*
* KeyIdentifier ::= OCTET STRING
*
* CSSM OID = CSSMOID_AuthorityKeyIdentifier
*/
typedef struct __CE_AuthorityKeyID {
CSSM_BOOL keyIdentifierPresent;
CSSM_DATA keyIdentifier;
CSSM_BOOL generalNamesPresent;
CE_GeneralNames *generalNames;
CSSM_BOOL serialNumberPresent;
CSSM_DATA serialNumber;
} CE_AuthorityKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
* SubjectKeyIdentifier ::= KeyIdentifier
*
* CSSM OID = CSSMOID_SubjectKeyIdentifier
*/
typedef CSSM_DATA CE_SubjectKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
*
* KeyUsage ::= BIT STRING {
* digitalSignature (0),
* nonRepudiation (1),
* keyEncipherment (2),
* dataEncipherment (3),
* keyAgreement (4),
* keyCertSign (5),
* cRLSign (6),
* encipherOnly (7),
* decipherOnly (8) }
*
* CSSM OID = CSSMOID_KeyUsage
*
*/
typedef uint16 CE_KeyUsage DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
#define CE_KU_DigitalSignature 0x8000
#define CE_KU_NonRepudiation 0x4000
#define CE_KU_KeyEncipherment 0x2000
#define CE_KU_DataEncipherment 0x1000
#define CE_KU_KeyAgreement 0x0800
#define CE_KU_KeyCertSign 0x0400
#define CE_KU_CRLSign 0x0200
#define CE_KU_EncipherOnly 0x0100
#define CE_KU_DecipherOnly 0x0080
/*
* id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 }
*
* -- reasonCode ::= { CRLReason }
*
* CRLReason ::= ENUMERATED {
* unspecified (0),
* keyCompromise (1),
* cACompromise (2),
* affiliationChanged (3),
* superseded (4),
* cessationOfOperation (5),
* certificateHold (6),
* removeFromCRL (8) }
*
* CSSM OID = CSSMOID_CrlReason
*
*/
typedef uint32 CE_CrlReason DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
#define CE_CR_Unspecified 0
#define CE_CR_KeyCompromise 1
#define CE_CR_CACompromise 2
#define CE_CR_AffiliationChanged 3
#define CE_CR_Superseded 4
#define CE_CR_CessationOfOperation 5
#define CE_CR_CertificateHold 6
#define CE_CR_RemoveFromCRL 8
/*
* id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
*
* SubjectAltName ::= GeneralNames
*
* CSSM OID = CSSMOID_SubjectAltName
*
* GeneralNames defined above.
*/
/*
* id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
*
* ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId*
*
* KeyPurposeId ::= OBJECT IDENTIFIER
*
* CSSM OID = CSSMOID_ExtendedKeyUsage
*/
typedef struct __CE_ExtendedKeyUsage {
uint32 numPurposes;
CSSM_OID_PTR purposes; // in Intel pre-encoded format
} CE_ExtendedKeyUsage;
/*
* id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
*
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
*
* CSSM OID = CSSMOID_BasicConstraints
*/
typedef struct __CE_BasicConstraints {
CSSM_BOOL cA;
CSSM_BOOL pathLenConstraintPresent;
uint32 pathLenConstraint;
} CE_BasicConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
*
* certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
*
* PolicyInformation ::= SEQUENCE {
* policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF
* PolicyQualifierInfo OPTIONAL }
*
* CertPolicyId ::= OBJECT IDENTIFIER
*
* PolicyQualifierInfo ::= SEQUENCE {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId }
*
* -- policyQualifierIds for Internet policy qualifiers
*
* id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
* id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
* id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
*
* PolicyQualifierId ::=
* OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
*
* Qualifier ::= CHOICE {
* cPSuri CPSuri,
* userNotice UserNotice }
*
* CPSuri ::= IA5String
*
* UserNotice ::= SEQUENCE {
* noticeRef NoticeReference OPTIONAL,
* explicitText DisplayText OPTIONAL}
*
* NoticeReference ::= SEQUENCE {
* organization DisplayText,
* noticeNumbers SEQUENCE OF INTEGER }
*
* DisplayText ::= CHOICE {
* visibleString VisibleString (SIZE (1..200)),
* bmpString BMPString (SIZE (1..200)),
* utf8String UTF8String (SIZE (1..200)) }
*
* CSSM OID = CSSMOID_CertificatePolicies
*
* We only support down to the level of Qualifier, and then only the CPSuri
* choice. UserNotice is transmitted to and from this library as a raw
* CSSM_DATA containing the BER-encoded UserNotice sequence.
*/
typedef struct __CE_PolicyQualifierInfo {
CSSM_OID policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE
CSSM_DATA qualifier; // CSSMOID_QT_CPS: IA5String contents
// CSSMOID_QT_UNOTICE : Sequence contents
} CE_PolicyQualifierInfo DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_PolicyInformation {
CSSM_OID certPolicyId;
uint32 numPolicyQualifiers; // size of *policyQualifiers;
CE_PolicyQualifierInfo *policyQualifiers;
} CE_PolicyInformation DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_CertPolicies {
uint32 numPolicies; // size of *policies;
CE_PolicyInformation *policies;
} CE_CertPolicies DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* netscape-cert-type, a bit string.
*
* CSSM OID = CSSMOID_NetscapeCertType
*
* Bit fields defined in oidsattr.h: CE_NCT_SSL_Client, etc.
*/
typedef uint16 CE_NetscapeCertType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* CRLDistributionPoints.
*
* id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }
*
* cRLDistributionPoints ::= {
* CRLDistPointsSyntax }
*
* CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
*
* NOTE: RFC 2459 claims that the tag for the optional DistributionPointName
* is IMPLICIT as shown here, but in practice it is EXPLICIT. It has to be -
* because the underlying type also uses an implicit tag for distinguish
* between CHOICEs.
*
* DistributionPoint ::= SEQUENCE {
* distributionPoint [0] DistributionPointName OPTIONAL,
* reasons [1] ReasonFlags OPTIONAL,
* cRLIssuer [2] GeneralNames OPTIONAL }
*
* DistributionPointName ::= CHOICE {
* fullName [0] GeneralNames,
* nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
*
* ReasonFlags ::= BIT STRING {
* unused (0),
* keyCompromise (1),
* cACompromise (2),
* affiliationChanged (3),
* superseded (4),
* cessationOfOperation (5),
* certificateHold (6) }
*
* CSSM OID = CSSMOID_CrlDistributionPoints
*/
/*
* Note that this looks similar to CE_CrlReason, but that's an enum and this
* is an OR-able bit string.
*/
typedef uint8 CE_CrlDistReasonFlags DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
#define CE_CD_Unspecified 0x80
#define CE_CD_KeyCompromise 0x40
#define CE_CD_CACompromise 0x20
#define CE_CD_AffiliationChanged 0x10
#define CE_CD_Superseded 0x08
#define CE_CD_CessationOfOperation 0x04
#define CE_CD_CertificateHold 0x02
typedef enum __CE_CrlDistributionPointNameType {
CE_CDNT_FullName,
CE_CDNT_NameRelativeToCrlIssuer
} CE_CrlDistributionPointNameType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_DistributionPointName {
CE_CrlDistributionPointNameType nameType;
union {
CE_GeneralNames *fullName;
CSSM_X509_RDN_PTR rdn;
} dpn;
} CE_DistributionPointName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* The top-level CRLDistributionPoint.
* All fields are optional; NULL pointers indicate absence.
*/
typedef struct __CE_CRLDistributionPoint {
CE_DistributionPointName *distPointName;
CSSM_BOOL reasonsPresent;
CE_CrlDistReasonFlags reasons;
CE_GeneralNames *crlIssuer;
} CE_CRLDistributionPoint DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_CRLDistPointsSyntax {
uint32 numDistPoints;
CE_CRLDistributionPoint *distPoints;
} CE_CRLDistPointsSyntax DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* Authority Information Access and Subject Information Access.
*
* CSSM OID = CSSMOID_AuthorityInfoAccess
* CSSM OID = CSSMOID_SubjectInfoAccess
*
* SubjAuthInfoAccessSyntax ::=
* SEQUENCE SIZE (1..MAX) OF AccessDescription
*
* AccessDescription ::= SEQUENCE {
* accessMethod OBJECT IDENTIFIER,
* accessLocation GeneralName }
*/
typedef struct __CE_AccessDescription {
CSSM_OID accessMethod;
CE_GeneralName accessLocation;
} CE_AccessDescription DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_AuthorityInfoAccess {
uint32 numAccessDescriptions;
CE_AccessDescription *accessDescriptions;
} CE_AuthorityInfoAccess DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* Qualified Certificate Statement support, per RFC 3739.
*
* First, NameRegistrationAuthorities, a component of
* SemanticsInformation; it's the same as a GeneralNames -
* a sequence of GeneralName.
*/
typedef CE_GeneralNames CE_NameRegistrationAuthorities DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* SemanticsInformation, identified as the qcType field
* of a CE_QC_Statement for statementId value id-qcs-pkixQCSyntax-v2.
* Both fields optional; at least one must be present.
*/
typedef struct __CE_SemanticsInformation {
CSSM_OID *semanticsIdentifier;
CE_NameRegistrationAuthorities *nameRegistrationAuthorities;
} CE_SemanticsInformation DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* One Qualified Certificate Statement.
* The statementId OID is required; zero or one of {semanticsInfo,
* otherInfo} can be valid, depending on the value of statementId.
* For statementId id-qcs-pkixQCSyntax-v2 (CSSMOID_OID_QCS_SYNTAX_V2),
* the semanticsInfo field may be present; otherwise, DER-encoded
* information may be present in otherInfo. Both semanticsInfo and
* otherInfo are optional.
*/
typedef struct __CE_QC_Statement {
CSSM_OID statementId;
CE_SemanticsInformation *semanticsInfo;
CSSM_DATA *otherInfo;
} CE_QC_Statement DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* The top-level Qualified Certificate Statements extension.
*/
typedef struct __CE_QC_Statements {
uint32 numQCStatements;
CE_QC_Statement *qcStatements;
} CE_QC_Statements DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*** CRL extensions ***/
/*
* cRLNumber, an integer.
*
* CSSM OID = CSSMOID_CrlNumber
*/
typedef uint32 CE_CrlNumber;
/*
* deltaCRLIndicator, an integer.
*
* CSSM OID = CSSMOID_DeltaCrlIndicator
*/
typedef uint32 CE_DeltaCrl;
/*
* IssuingDistributionPoint
*
* id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
*
* issuingDistributionPoint ::= SEQUENCE {
* distributionPoint [0] DistributionPointName OPTIONAL,
* onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
* onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
* onlySomeReasons [3] ReasonFlags OPTIONAL,
* indirectCRL [4] BOOLEAN DEFAULT FALSE }
*
* CSSM OID = CSSMOID_IssuingDistributionPoint
*/
typedef struct __CE_IssuingDistributionPoint {
CE_DistributionPointName *distPointName; // optional
CSSM_BOOL onlyUserCertsPresent;
CSSM_BOOL onlyUserCerts;
CSSM_BOOL onlyCACertsPresent;
CSSM_BOOL onlyCACerts;
CSSM_BOOL onlySomeReasonsPresent;
CE_CrlDistReasonFlags onlySomeReasons;
CSSM_BOOL indirectCrlPresent;
CSSM_BOOL indirectCrl;
} CE_IssuingDistributionPoint DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* NameConstraints
*
* id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
*
* NameConstraints ::= SEQUENCE {
* permittedSubtrees [0] GeneralSubtrees OPTIONAL,
* excludedSubtrees [1] GeneralSubtrees OPTIONAL }
*
* GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
*
* GeneralSubtree ::= SEQUENCE {
* base GeneralName,
* minimum [0] BaseDistance DEFAULT 0,
* maximum [1] BaseDistance OPTIONAL }
*
* BaseDistance ::= INTEGER (0..MAX)
*/
typedef struct __CE_GeneralSubtree {
CE_GeneralNames *base;
uint32 minimum; // default=0
CSSM_BOOL maximumPresent;
uint32 maximum; // optional
} CE_GeneralSubtree DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_GeneralSubtrees {
uint32 numSubtrees;
CE_GeneralSubtree *subtrees;
} CE_GeneralSubtrees DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_NameConstraints {
CE_GeneralSubtrees *permitted; // optional
CE_GeneralSubtrees *excluded; // optional
} CE_NameConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* PolicyMappings
*
* id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
*
* PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
* issuerDomainPolicy CertPolicyId,
* subjectDomainPolicy CertPolicyId }
*
* Note that both issuer and subject policy OIDs are required,
* and are stored by value in this structure.
*/
typedef struct __CE_PolicyMapping {
CSSM_OID issuerDomainPolicy;
CSSM_OID subjectDomainPolicy;
} CE_PolicyMapping DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_PolicyMappings {
uint32 numPolicyMappings;
CE_PolicyMapping *policyMappings;
} CE_PolicyMappings DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* PolicyConstraints
*
* id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
*
* PolicyConstraints ::= SEQUENCE {
* requireExplicitPolicy [0] SkipCerts OPTIONAL,
* inhibitPolicyMapping [1] SkipCerts OPTIONAL }
*
* SkipCerts ::= INTEGER (0..MAX)
*/
typedef struct __CE_PolicyConstraints {
CSSM_BOOL requireExplicitPolicyPresent;
uint32 requireExplicitPolicy; // optional
CSSM_BOOL inhibitPolicyMappingPresent;
uint32 inhibitPolicyMapping; // optional
} CE_PolicyConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* InhibitAnyPolicy, an integer.
*
* CSSM OID = CSSMOID_InhibitAnyPolicy
*/
typedef uint32 CE_InhibitAnyPolicy DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
/*
* An enumerated list identifying one of the above per-extension
* structs.
*/
typedef enum __CE_DataType {
DT_AuthorityKeyID, // CE_AuthorityKeyID
DT_SubjectKeyID, // CE_SubjectKeyID
DT_KeyUsage, // CE_KeyUsage
DT_SubjectAltName, // implies CE_GeneralName
DT_IssuerAltName, // implies CE_GeneralName
DT_ExtendedKeyUsage, // CE_ExtendedKeyUsage
DT_BasicConstraints, // CE_BasicConstraints
DT_CertPolicies, // CE_CertPolicies
DT_NetscapeCertType, // CE_NetscapeCertType
DT_CrlNumber, // CE_CrlNumber
DT_DeltaCrl, // CE_DeltaCrl
DT_CrlReason, // CE_CrlReason
DT_CrlDistributionPoints, // CE_CRLDistPointsSyntax
DT_IssuingDistributionPoint,// CE_IssuingDistributionPoint
DT_AuthorityInfoAccess, // CE_AuthorityInfoAccess
DT_Other, // unknown, raw data as a CSSM_DATA
DT_QC_Statements, // CE_QC_Statements
DT_NameConstraints, // CE_NameConstraints
DT_PolicyMappings, // CE_PolicyMappings
DT_PolicyConstraints, // CE_PolicyConstraints
DT_InhibitAnyPolicy // CE_InhibitAnyPolicy
} CE_DataType;
/*
* One unified representation of all the cert and CRL extensions we know about.
*/
typedef union {
CE_AuthorityKeyID authorityKeyID;
CE_SubjectKeyID subjectKeyID;
CE_KeyUsage keyUsage;
CE_GeneralNames subjectAltName;
CE_GeneralNames issuerAltName;
CE_ExtendedKeyUsage extendedKeyUsage;
CE_BasicConstraints basicConstraints;
CE_CertPolicies certPolicies;
CE_NetscapeCertType netscapeCertType;
CE_CrlNumber crlNumber;
CE_DeltaCrl deltaCrl;
CE_CrlReason crlReason;
CE_CRLDistPointsSyntax crlDistPoints;
CE_IssuingDistributionPoint issuingDistPoint;
CE_AuthorityInfoAccess authorityInfoAccess;
CE_QC_Statements qualifiedCertStatements;
CE_NameConstraints nameConstraints;
CE_PolicyMappings policyMappings;
CE_PolicyConstraints policyConstraints;
CE_InhibitAnyPolicy inhibitAnyPolicy;
CSSM_DATA rawData; // unknown, not decoded
} CE_Data DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
typedef struct __CE_DataAndType {
CE_DataType type;
CE_Data extension;
CSSM_BOOL critical;
} CE_DataAndType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
#endif /* _CERT_EXTENSIONS_H_ */