From e01f8ad0b3914e703e60aee0bebe857e431e23f8 Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Fri, 5 Sep 2025 02:56:13 +0530 Subject: [PATCH 01/10] feat: passport reader crate --- playground/passport-input-gen/Cargo.toml | 7 + playground/passport-input-gen/src/main.rs | 1 + .../passport-input-gen/src/parser/binary.rs | 57 + .../passport-input-gen/src/parser/dsc.rs | 162 + .../passport-input-gen/src/parser/mod.rs | 85 + .../src/parser/oid_registry.rs | 2731 +++++++++++++++++ .../passport-input-gen/src/parser/sod.rs | 384 +++ .../passport-input-gen/src/parser/types.rs | 166 + .../passport-input-gen/src/parser/utils.rs | 43 + 9 files changed, 3636 insertions(+) create mode 100644 playground/passport-input-gen/src/parser/binary.rs create mode 100644 playground/passport-input-gen/src/parser/dsc.rs create mode 100644 playground/passport-input-gen/src/parser/mod.rs create mode 100644 playground/passport-input-gen/src/parser/oid_registry.rs create mode 100644 playground/passport-input-gen/src/parser/sod.rs create mode 100644 playground/passport-input-gen/src/parser/types.rs create mode 100644 playground/passport-input-gen/src/parser/utils.rs diff --git a/playground/passport-input-gen/Cargo.toml b/playground/passport-input-gen/Cargo.toml index 4943e2b51..6671ec882 100644 --- a/playground/passport-input-gen/Cargo.toml +++ b/playground/passport-input-gen/Cargo.toml @@ -7,6 +7,13 @@ description = "Passport input generator" [dependencies] rsa = { version = "0.9.8", features = ["sha2"] } sha2 = { version = "0.10", features = ["compress"] } +x509-parser = "0.16" +base64 = "0.22" +hex = "0.4" +rasn = "0.15" +rasn-pkix = "0.15" +rasn-cms = "0.15" +chrono = { version = "0.4", features = ["serde"] } [[bin]] name = "passport-input-generator" diff --git a/playground/passport-input-gen/src/main.rs b/playground/passport-input-gen/src/main.rs index 102007abd..e9e4cd7d1 100644 --- a/playground/passport-input-gen/src/main.rs +++ b/playground/passport-input-gen/src/main.rs @@ -1,6 +1,7 @@ pub mod constants; pub mod crypto; pub mod generator; +pub mod parser; pub mod prover_config; use crate::{ diff --git a/playground/passport-input-gen/src/parser/binary.rs b/playground/passport-input-gen/src/parser/binary.rs new file mode 100644 index 000000000..ea0e10e11 --- /dev/null +++ b/playground/passport-input-gen/src/parser/binary.rs @@ -0,0 +1,57 @@ +use base64::{engine::general_purpose, Engine as _}; + +#[derive(Debug, Clone)] +pub struct Binary { + pub data: Vec, +} + +impl Binary { + pub fn new(data: Vec) -> Self { + Binary { data } + } + + pub fn from_slice(data: &[u8]) -> Self { + Binary { + data: data.to_vec(), + } + } + + pub fn from_base64(b64: &str) -> Result { + let data = general_purpose::STANDARD.decode(b64)?; + Ok(Binary::new(data)) + } + + pub fn len(&self) -> usize { + self.data.len() + } + + pub fn is_empty(&self) -> bool { + self.data.is_empty() + } + + pub fn slice(&self, start: usize, end: usize) -> Binary { + Binary::new(self.data[start..end].to_vec()) + } + + pub fn to_string_ascii(&self) -> String { + String::from_utf8_lossy(&self.data).to_string() + } + + pub fn to_number_array(&self) -> Vec { + self.data.clone() + } + + pub fn to_hex(&self) -> String { + format!("0x{}", hex::encode(&self.data)) + } + + pub fn equals(&self, other: &Binary) -> bool { + self.data.eq(&other.data) + } +} + +impl PartialEq for Binary { + fn eq(&self, other: &Self) -> bool { + self.data == other.data + } +} diff --git a/playground/passport-input-gen/src/parser/dsc.rs b/playground/passport-input-gen/src/parser/dsc.rs new file mode 100644 index 000000000..6995b07df --- /dev/null +++ b/playground/passport-input-gen/src/parser/dsc.rs @@ -0,0 +1,162 @@ +use { + crate::parser::{ + binary::Binary, + oid_registry::load_oids, + types::{SignatureAlgorithm, SignatureAlgorithmName}, + utils::{get_oid_name, strip_length_prefix, OidEntry}, + }, + std::collections::HashMap, + x509_parser::prelude::*, +}; + +#[derive(Debug, Clone)] +pub struct TbsCertificate { + pub version: u32, + pub serial_number: Binary, + pub signature_algorithm: SignatureAlgorithm, + pub issuer: String, + pub validity_not_before: String, + pub validity_not_after: String, + pub subject: String, + pub subject_public_key_info: SubjectPublicKeyInfo, + pub issuer_unique_id: Option, + pub subject_unique_id: Option, + pub extensions: HashMap, +} + +#[derive(Debug, Clone)] +pub struct SubjectPublicKeyInfo { + pub signature_algorithm: SignatureAlgorithm, + pub subject_public_key: Binary, +} + +#[derive(Debug, Clone)] +pub struct DSC { + pub tbs: TbsCertificate, + pub signature_algorithm: SignatureAlgorithm, + pub signature: Binary, +} + +impl DSC { + fn format_name(name: &X509Name<'_>, registry: &HashMap<&'static str, OidEntry>) -> String { + let mut parts = Vec::new(); + for rdn in name.iter_rdn() { + let mut rdn_parts = Vec::new(); + for attr in rdn.iter() { + let oid_str = attr.attr_type().to_string(); + let field_name = get_oid_name(&oid_str, registry); + let value = attr + .as_str() + .map(|s| s.to_string()) + .unwrap_or_else(|_| hex::encode(attr.as_slice())); + rdn_parts.push(format!("{}={}", field_name, value)); + } + parts.push(rdn_parts.join(", ")); + } + parts.join(", ") + } + + pub fn from_der(binary: &Binary) -> DSC { + let der = strip_length_prefix(binary); + let (_, cert) = parse_x509_certificate(&der.data).expect("X509 decode failed"); + Self::from_x509(cert) + } + + pub fn from_x509(cert: X509Certificate<'_>) -> DSC { + let registry = load_oids(); + + let tbs = cert.tbs_certificate; + let version = tbs.version().0; + + let serial_number = Binary::from_slice(tbs.raw_serial()); + + let tbs_sig_oid = tbs.signature.algorithm.to_string(); + let tbs_sig_name = SignatureAlgorithmName::from_oid(&tbs_sig_oid) + .expect("Unsupported signature algorithm"); + + let tbs_sig_params = tbs + .signature + .parameters + .as_ref() + .map(|p| Binary::from_slice(p.data)); + + let issuer = Self::format_name(&tbs.issuer, ®istry); + let subject = Self::format_name(&tbs.subject, ®istry); + + let not_before = tbs.validity.not_before.to_string(); + let not_after = tbs.validity.not_after.to_string(); + + let spki_alg_oid = tbs.subject_pki.algorithm.algorithm.to_string(); + let spki_alg_name = SignatureAlgorithmName::from_oid(&spki_alg_oid) + .expect("Unsupported public key algorithm"); + + let spki_alg_params = tbs + .subject_pki + .algorithm + .parameters + .as_ref() + .map(|p| Binary::from_slice(p.data)); + + let subject_public_key = Binary::from_slice(&tbs.subject_pki.subject_public_key.data); + + let subject_public_key_info = SubjectPublicKeyInfo { + signature_algorithm: SignatureAlgorithm { + name: spki_alg_name, + parameters: spki_alg_params, + }, + subject_public_key, + }; + + let issuer_unique_id = tbs + .issuer_uid + .as_ref() + .map(|uid| Binary::from_slice(uid.0.as_ref())); + + let subject_unique_id = tbs + .subject_uid + .as_ref() + .map(|uid| Binary::from_slice(uid.0.as_ref())); + + let mut extensions = HashMap::new(); + for ext in tbs.extensions().iter() { + let oid_str = ext.oid.to_string(); + let name = get_oid_name(&oid_str, ®istry); + extensions.insert(name, (ext.critical, Binary::from_slice(ext.value))); + } + + let tbs_struct = TbsCertificate { + version, + serial_number, + signature_algorithm: SignatureAlgorithm { + name: tbs_sig_name, + parameters: tbs_sig_params, + }, + issuer, + validity_not_before: not_before, + validity_not_after: not_after, + subject, + subject_public_key_info, + issuer_unique_id, + subject_unique_id, + extensions, + }; + + let sig_alg_oid = cert.signature_algorithm.algorithm.to_string(); + let sig_alg_name = SignatureAlgorithmName::from_oid(&sig_alg_oid) + .expect("Unsupported signature algorithm"); + let sig_alg_params = cert + .signature_algorithm + .parameters + .as_ref() + .map(|p| Binary::from_slice(p.data)); + + DSC { + tbs: tbs_struct, + signature_algorithm: SignatureAlgorithm { + name: sig_alg_name, + parameters: sig_alg_params, + }, + signature: Binary::from_slice(&cert.signature_value.data), + } + } +} diff --git a/playground/passport-input-gen/src/parser/mod.rs b/playground/passport-input-gen/src/parser/mod.rs new file mode 100644 index 000000000..b7a625714 --- /dev/null +++ b/playground/passport-input-gen/src/parser/mod.rs @@ -0,0 +1,85 @@ +use crate::parser::{binary::Binary, sod::SOD}; + +mod binary; +mod dsc; +mod oid_registry; +mod sod; +mod types; +mod utils; + +pub struct PassportReader { + pub dg1: Binary, + pub sod: SOD, +} + +impl PassportReader { + pub fn print_passport(&self) { + let is_id_card = self.dg1.len() == 95; + let mrz_data = self.dg1.slice(5, self.dg1.len()).to_number_array(); + let mrz = String::from_utf8_lossy(&mrz_data).to_string(); + + println!("MRZ: {}", mrz); + + let extract = |start: usize, end: usize| { + String::from_utf8_lossy(&mrz_data[start..end]) + .trim() + .to_string() + }; + + let name = extract( + if is_id_card { 60 } else { 5 }, + if is_id_card { 90 } else { 44 }, + ); + let date_of_birth = extract( + if is_id_card { 30 } else { 57 }, + if is_id_card { 36 } else { 63 }, + ); + let nationality = extract( + if is_id_card { 45 } else { 54 }, + if is_id_card { 48 } else { 57 }, + ); + let gender = extract( + if is_id_card { 37 } else { 64 }, + if is_id_card { 38 } else { 65 }, + ); + let passport_number = extract( + if is_id_card { 5 } else { 44 }, + if is_id_card { 14 } else { 53 }, + ); + let passport_expiry = extract( + if is_id_card { 38 } else { 65 }, + if is_id_card { 44 } else { 71 }, + ); + + println!("Name: {}", name); + println!("Date of Birth: {}", date_of_birth); + println!("Nationality: {}", nationality); + println!("Gender: {}", gender); + println!("Passport Number: {}", passport_number); + println!("Passport Expiry: {}", passport_expiry); + + for (group_number, hash_value) in self + .sod + .encap_content_info + .e_content + .data_group_hash_values + .values + .iter() + { + println!( + "Data Group {} hash: {}", + group_number, + hex::encode(hash_value.to_number_array()) + ); + if *group_number == 1 { + println!("Data Group 1 value: {:?}", self.dg1.to_number_array()); + } + } + + println!( + "Data Groups Hash Algorithm: {:?}", + self.sod.encap_content_info.e_content.hash_algorithm + ); + } +} +// } diff --git a/playground/passport-input-gen/src/parser/oid_registry.rs b/playground/passport-input-gen/src/parser/oid_registry.rs new file mode 100644 index 000000000..54cc6fb70 --- /dev/null +++ b/playground/passport-input-gen/src/parser/oid_registry.rs @@ -0,0 +1,2731 @@ +// rust-analyzer: ignore + +use {crate::parser::utils::OidEntry, std::collections::HashMap}; + +#[rustfmt::skip] +pub fn load_oids() -> HashMap<&'static str, OidEntry> { + let mut oids = HashMap::new(); + oids.insert("0.2.262.1.10", OidEntry { d: "Telesec", c: "Deutsche Telekom", w: false }); + oids.insert("0.2.262.1.10.0", OidEntry { d: "extension", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.1", OidEntry { d: "mechanism", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.1.0", OidEntry { d: "authentication", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.0.1", OidEntry { d: "passwordAuthentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.2", OidEntry { d: "protectedPasswordAuthentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.3", OidEntry { d: "oneWayX509Authentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.4", OidEntry { d: "twoWayX509Authentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.5", OidEntry { d: "threeWayX509Authentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.6", OidEntry { d: "oneWayISO9798Authentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.7", OidEntry { d: "twoWayISO9798Authentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.0.8", OidEntry { d: "telekomAuthentication", c: "Telesec authentication", w: false }); + oids.insert("0.2.262.1.10.1.1", OidEntry { d: "signature", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.1.1", OidEntry { d: "md4WithRSAAndISO9697", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.1.2", OidEntry { d: "md4WithRSAAndTelesecSignatureStandard", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.1.3", OidEntry { d: "md5WithRSAAndISO9697", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.1.4", OidEntry { d: "md5WithRSAAndTelesecSignatureStandard", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.1.5", OidEntry { d: "ripemd160WithRSAAndTelekomSignatureStandard", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.1.9", OidEntry { d: "hbciRsaSignature", c: "Telesec signature", w: false }); + oids.insert("0.2.262.1.10.1.2", OidEntry { d: "encryption", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.2.0", OidEntry { d: "none", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.1", OidEntry { d: "rsaTelesec", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.2", OidEntry { d: "des", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.2.1", OidEntry { d: "desECB", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.2.2", OidEntry { d: "desCBC", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.2.3", OidEntry { d: "desOFB", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.2.4", OidEntry { d: "desCFB8", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.2.5", OidEntry { d: "desCFB64", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.3", OidEntry { d: "des3", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.3.1", OidEntry { d: "des3ECB", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.3.2", OidEntry { d: "des3CBC", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.3.3", OidEntry { d: "des3OFB", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.3.4", OidEntry { d: "des3CFB8", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.3.5", OidEntry { d: "des3CFB64", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.4", OidEntry { d: "magenta", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.5", OidEntry { d: "idea", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.5.1", OidEntry { d: "ideaECB", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.5.2", OidEntry { d: "ideaCBC", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.5.3", OidEntry { d: "ideaOFB", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.5.4", OidEntry { d: "ideaCFB8", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.2.5.5", OidEntry { d: "ideaCFB64", c: "Telesec encryption", w: false }); + oids.insert("0.2.262.1.10.1.3", OidEntry { d: "oneWayFunction", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.3.1", OidEntry { d: "md4", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.2", OidEntry { d: "md5", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.3", OidEntry { d: "sqModNX509", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.4", OidEntry { d: "sqModNISO", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.5", OidEntry { d: "ripemd128", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.6", OidEntry { d: "hashUsingBlockCipher", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.7", OidEntry { d: "mac", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.3.8", OidEntry { d: "ripemd160", c: "Telesec one-way function", w: false }); + oids.insert("0.2.262.1.10.1.4", OidEntry { d: "fecFunction", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.1.4.1", OidEntry { d: "reedSolomon", c: "Telesec mechanism", w: false }); + oids.insert("0.2.262.1.10.2", OidEntry { d: "module", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.2.0", OidEntry { d: "algorithms", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.1", OidEntry { d: "attributeTypes", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.2", OidEntry { d: "certificateTypes", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.3", OidEntry { d: "messageTypes", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.4", OidEntry { d: "plProtocol", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.5", OidEntry { d: "smeAndComponentsOfSme", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.6", OidEntry { d: "fec", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.7", OidEntry { d: "usefulDefinitions", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.8", OidEntry { d: "stefiles", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.9", OidEntry { d: "sadmib", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.10", OidEntry { d: "electronicOrder", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.11", OidEntry { d: "telesecTtpAsymmetricApplication", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.12", OidEntry { d: "telesecTtpBasisApplication", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.13", OidEntry { d: "telesecTtpMessages", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.2.14", OidEntry { d: "telesecTtpTimeStampApplication", c: "Telesec module", w: false }); + oids.insert("0.2.262.1.10.3", OidEntry { d: "objectClass", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.3.0", OidEntry { d: "telesecOtherName", c: "Telesec object class", w: false }); + oids.insert("0.2.262.1.10.3.1", OidEntry { d: "directory", c: "Telesec object class", w: false }); + oids.insert("0.2.262.1.10.3.2", OidEntry { d: "directoryType", c: "Telesec object class", w: false }); + oids.insert("0.2.262.1.10.3.3", OidEntry { d: "directoryGroup", c: "Telesec object class", w: false }); + oids.insert("0.2.262.1.10.3.4", OidEntry { d: "directoryUser", c: "Telesec object class", w: false }); + oids.insert("0.2.262.1.10.3.5", OidEntry { d: "symmetricKeyEntry", c: "Telesec object class", w: false }); + oids.insert("0.2.262.1.10.4", OidEntry { d: "package", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.5", OidEntry { d: "parameter", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.6", OidEntry { d: "nameBinding", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.7", OidEntry { d: "attribute", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.7.0", OidEntry { d: "applicationGroupIdentifier", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.1", OidEntry { d: "certificateType", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.2", OidEntry { d: "telesecCertificate", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.3", OidEntry { d: "certificateNumber", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.4", OidEntry { d: "certificateRevocationList", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.5", OidEntry { d: "creationDate", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.6", OidEntry { d: "issuer", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.7", OidEntry { d: "namingAuthority", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.8", OidEntry { d: "publicKeyDirectory", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.9", OidEntry { d: "securityDomain", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.10", OidEntry { d: "subject", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.11", OidEntry { d: "timeOfRevocation", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.12", OidEntry { d: "userGroupReference", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.13", OidEntry { d: "validity", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.14", OidEntry { d: "zert93", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.15", OidEntry { d: "securityMessEnv", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.16", OidEntry { d: "anonymizedPublicKeyDirectory", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.17", OidEntry { d: "telesecGivenName", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.18", OidEntry { d: "nameAdditions", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.19", OidEntry { d: "telesecPostalCode", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.20", OidEntry { d: "nameDistinguisher", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.21", OidEntry { d: "telesecCertificateList", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.22", OidEntry { d: "teletrustCertificateList", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.23", OidEntry { d: "x509CertificateList", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.24", OidEntry { d: "timeOfIssue", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.25", OidEntry { d: "physicalCardNumber", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.26", OidEntry { d: "fileType", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.27", OidEntry { d: "ctlFileIsArchive", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.28", OidEntry { d: "emailAddress", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.29", OidEntry { d: "certificateTemplateList", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.30", OidEntry { d: "directoryName", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.31", OidEntry { d: "directoryTypeName", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.32", OidEntry { d: "directoryGroupName", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.33", OidEntry { d: "directoryUserName", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.34", OidEntry { d: "revocationFlag", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.35", OidEntry { d: "symmetricKeyEntryName", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.36", OidEntry { d: "glNumber", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.37", OidEntry { d: "goNumber", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.38", OidEntry { d: "gKeyData", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.39", OidEntry { d: "zKeyData", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.40", OidEntry { d: "ktKeyData", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.41", OidEntry { d: "ktKeyNumber", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.51", OidEntry { d: "timeOfRevocationGen", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.7.52", OidEntry { d: "liabilityText", c: "Telesec attribute", w: false }); + oids.insert("0.2.262.1.10.8", OidEntry { d: "attributeGroup", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.9", OidEntry { d: "action", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.10", OidEntry { d: "notification", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.11", OidEntry { d: "snmp-mibs", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.11.1", OidEntry { d: "securityApplication", c: "Telesec SNMP MIBs", w: false }); + oids.insert("0.2.262.1.10.12", OidEntry { d: "certAndCrlExtensionDefinitions", c: "Telesec", w: false }); + oids.insert("0.2.262.1.10.12.0", OidEntry { d: "liabilityLimitationFlag", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.2.262.1.10.12.1", OidEntry { d: "telesecCertIdExt", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.2.262.1.10.12.2", OidEntry { d: "Telesec policyIdentifier", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.2.262.1.10.12.3", OidEntry { d: "telesecPolicyQualifierID", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.2.262.1.10.12.4", OidEntry { d: "telesecCRLFilteredExt", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.2.262.1.10.12.5", OidEntry { d: "telesecCRLFilterExt", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.2.262.1.10.12.6", OidEntry { d: "telesecNamingAuthorityExt", c: "Telesec cert/CRL extension", w: false }); + oids.insert("0.4.0.127.0.7", OidEntry { d: "bsi", c: "BSI TR-03110/TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1", OidEntry { d: "bsiEcc", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1", OidEntry { d: "bsifieldType", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.1", OidEntry { d: "bsiPrimeField", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2", OidEntry { d: "bsiCharacteristicTwoField", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2.2", OidEntry { d: "bsiECTLVKeyFormat", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2.2.1", OidEntry { d: "bsiECTLVPublicKey", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2.3", OidEntry { d: "bsiCharacteristicTwoBasis", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2.3.1", OidEntry { d: "bsiGnBasis", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2.3.2", OidEntry { d: "bsiTpBasis", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.2.3.3", OidEntry { d: "bsiPpBasis", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1", OidEntry { d: "bsiEcdsaSignatures", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1.1", OidEntry { d: "bsiEcdsaWithSHA1", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1.2", OidEntry { d: "bsiEcdsaWithSHA224", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1.3", OidEntry { d: "bsiEcdsaWithSHA256", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1.4", OidEntry { d: "bsiEcdsaWithSHA384", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1.5", OidEntry { d: "bsiEcdsaWithSHA512", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.4.1.6", OidEntry { d: "bsiEcdsaWithRIPEMD160", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1", OidEntry { d: "bsiEckaEgX963KDF", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1.1", OidEntry { d: "bsiEckaEgX963KDFWithSHA1", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1.2", OidEntry { d: "bsiEckaEgX963KDFWithSHA224", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1.3", OidEntry { d: "bsiEckaEgX963KDFWithSHA256", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1.4", OidEntry { d: "bsiEckaEgX963KDFWithSHA384", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1.5", OidEntry { d: "bsiEckaEgX963KDFWithSHA512", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.1.6", OidEntry { d: "bsiEckaEgX963KDFWithRIPEMD160", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.2", OidEntry { d: "bsiEckaEgSessionKDF", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.2.1", OidEntry { d: "bsiEckaEgSessionKDFWith3DES", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.2.2", OidEntry { d: "bsiEckaEgSessionKDFWithAES128", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.2.3", OidEntry { d: "bsiEckaEgSessionKDFWithAES192", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.1.2.4", OidEntry { d: "bsiEckaEgSessionKDFWithAES256", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2", OidEntry { d: "bsiEckaDH", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1", OidEntry { d: "bsiEckaDHX963KDF", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1.1", OidEntry { d: "bsiEckaDHX963KDFWithSHA1", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1.2", OidEntry { d: "bsiEckaDHX963KDFWithSHA224", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1.3", OidEntry { d: "bsiEckaDHX963KDFWithSHA256", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1.4", OidEntry { d: "bsiEckaDHX963KDFWithSHA384", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1.5", OidEntry { d: "bsiEckaDHX963KDFWithSHA512", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.1.6", OidEntry { d: "bsiEckaDHX963KDFWithRIPEMD160", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.2", OidEntry { d: "bsiEckaDHSessionKDF", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.2.1", OidEntry { d: "bsiEckaDHSessionKDFWith3DES", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.2.2", OidEntry { d: "bsiEckaDHSessionKDFWithAES128", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.2.3", OidEntry { d: "bsiEckaDHSessionKDFWithAES192", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.1.5.2.2.4", OidEntry { d: "bsiEckaDHSessionKDFWithAES256", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.2", OidEntry { d: "bsiEcKeyType", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.2.1", OidEntry { d: "bsiEcPublicKey", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.5.1", OidEntry { d: "bsiKaeg", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.5.1.1", OidEntry { d: "bsiKaegWithX963KDF", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.1.5.1.2", OidEntry { d: "bsiKaegWith3DESKDF", c: "BSI TR-03111", w: false }); + oids.insert("0.4.0.127.0.7.2.2.1", OidEntry { d: "bsiPK", c: "BSI TR-03110. Formerly known as bsiCA, now moved to ...2.2.3.x", w: false }); + oids.insert("0.4.0.127.0.7.2.2.1.1", OidEntry { d: "bsiPK_DH", c: "BSI TR-03110. Formerly known as bsiCA_DH, now moved to ...2.2.3.x", w: false }); + oids.insert("0.4.0.127.0.7.2.2.1.2", OidEntry { d: "bsiPK_ECDH", c: "BSI TR-03110. Formerly known as bsiCA_ECDH, now moved to ...2.2.3.x", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2", OidEntry { d: "bsiTA", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1", OidEntry { d: "bsiTA_RSA", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1.1", OidEntry { d: "bsiTA_RSAv1_5_SHA1", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1.2", OidEntry { d: "bsiTA_RSAv1_5_SHA256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1.3", OidEntry { d: "bsiTA_RSAPSS_SHA1", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1.4", OidEntry { d: "bsiTA_RSAPSS_SHA256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1.5", OidEntry { d: "bsiTA_RSAv1_5_SHA512", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.1.6", OidEntry { d: "bsiTA_RSAPSS_SHA512", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.2", OidEntry { d: "bsiTA_ECDSA", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.2.1", OidEntry { d: "bsiTA_ECDSA_SHA1", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.2.2", OidEntry { d: "bsiTA_ECDSA_SHA224", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.2.3", OidEntry { d: "bsiTA_ECDSA_SHA256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.2.4", OidEntry { d: "bsiTA_ECDSA_SHA384", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.2.2.5", OidEntry { d: "bsiTA_ECDSA_SHA512", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3", OidEntry { d: "bsiCA", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.1", OidEntry { d: "bsiCA_DH", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.1.1", OidEntry { d: "bsiCA_DH_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.1.2", OidEntry { d: "bsiCA_DH_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.1.3", OidEntry { d: "bsiCA_DH_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.1.4", OidEntry { d: "bsiCA_DH_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.2", OidEntry { d: "bsiCA_ECDH", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.2.1", OidEntry { d: "bsiCA_ECDH_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.2.2", OidEntry { d: "bsiCA_ECDH_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.2.3", OidEntry { d: "bsiCA_ECDH_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.3.2.4", OidEntry { d: "bsiCA_ECDH_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4", OidEntry { d: "bsiPACE", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.1", OidEntry { d: "bsiPACE_DH_GM", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.1.1", OidEntry { d: "bsiPACE_DH_GM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.1.2", OidEntry { d: "bsiPACE_DH_GM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.1.3", OidEntry { d: "bsiPACE_DH_GM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.1.4", OidEntry { d: "bsiPACE_DH_GM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.2", OidEntry { d: "bsiPACE_ECDH_GM", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.2.1", OidEntry { d: "bsiPACE_ECDH_GM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.2.2", OidEntry { d: "bsiPACE_ECDH_GM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.2.3", OidEntry { d: "bsiPACE_ECDH_GM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.2.4", OidEntry { d: "bsiPACE_ECDH_GM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.3", OidEntry { d: "bsiPACE_DH_IM", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.3.1", OidEntry { d: "bsiPACE_DH_IM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.3.2", OidEntry { d: "bsiPACE_DH_IM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.3.3", OidEntry { d: "bsiPACE_DH_IM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.3.4", OidEntry { d: "bsiPACE_DH_IM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.4", OidEntry { d: "bsiPACE_ECDH_IM", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.4.1", OidEntry { d: "bsiPACE_ECDH_IM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.4.2", OidEntry { d: "bsiPACE_ECDH_IM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.4.3", OidEntry { d: "bsiPACE_ECDH_IM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.4.4.4", OidEntry { d: "bsiPACE_ECDH_IM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5", OidEntry { d: "bsiRI", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.1", OidEntry { d: "bsiRI_DH", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.1.1", OidEntry { d: "bsiRI_DH_SHA1", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.1.2", OidEntry { d: "bsiRI_DH_SHA224", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.1.3", OidEntry { d: "bsiRI_DH_SHA256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.1.4", OidEntry { d: "bsiRI_DH_SHA384", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.1.5", OidEntry { d: "bsiRI_DH_SHA512", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.2", OidEntry { d: "bsiRI_ECDH", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.2.1", OidEntry { d: "bsiRI_ECDH_SHA1", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.2.2", OidEntry { d: "bsiRI_ECDH_SHA224", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.2.3", OidEntry { d: "bsiRI_ECDH_SHA256", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.2.4", OidEntry { d: "bsiRI_ECDH_SHA384", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.5.2.5", OidEntry { d: "bsiRI_ECDH_SHA512", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.6", OidEntry { d: "bsiCardInfo", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.7", OidEntry { d: "bsiEidSecurity", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.2.2.8", OidEntry { d: "bsiPT", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.2", OidEntry { d: "bsiEACRoles", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.2.1", OidEntry { d: "bsiEACRolesIS", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.2.2", OidEntry { d: "bsiEACRolesAT", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.2.3", OidEntry { d: "bsiEACRolesST", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.3", OidEntry { d: "bsiTAv2ce", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.3.1", OidEntry { d: "bsiTAv2ceDescription", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.3.1.1", OidEntry { d: "bsiTAv2ceDescriptionPlainText", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.3.1.2", OidEntry { d: "bsiTAv2ceDescriptionIA5String", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.3.1.3", OidEntry { d: "bsiTAv2ceDescriptionOctetString", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.3.2", OidEntry { d: "bsiTAv2ceTerminalSector", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.4", OidEntry { d: "bsiAuxData", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.4.1", OidEntry { d: "bsiAuxDataBirthday", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.4.2", OidEntry { d: "bsiAuxDataExpireDate", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.4.3", OidEntry { d: "bsiAuxDataCommunityID", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5", OidEntry { d: "bsiDefectList", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.1", OidEntry { d: "bsiDefectAuthDefect", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.1.1", OidEntry { d: "bsiDefectCertRevoked", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.1.2", OidEntry { d: "bsiDefectCertReplaced", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.1.3", OidEntry { d: "bsiDefectChipAuthKeyRevoked", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.1.4", OidEntry { d: "bsiDefectActiveAuthKeyRevoked", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.2", OidEntry { d: "bsiDefectEPassportDefect", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.2.1", OidEntry { d: "bsiDefectEPassportDGMalformed", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.2.2", OidEntry { d: "bsiDefectSODInvalid", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.3", OidEntry { d: "bsiDefectEIDDefect", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.3.1", OidEntry { d: "bsiDefectEIDDGMalformed", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.3.2", OidEntry { d: "bsiDefectEIDIntegrity", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.4", OidEntry { d: "bsiDefectDocumentDefect", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.4.1", OidEntry { d: "bsiDefectCardSecurityMalformed", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.4.2", OidEntry { d: "bsiDefectChipSecurityMalformed", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.5.4.3", OidEntry { d: "bsiDefectPowerDownReq", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.1.6", OidEntry { d: "bsiListContentDescription", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.2.1", OidEntry { d: "bsiSecurityObject", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.2.2", OidEntry { d: "bsiBlackList", c: "BSI TR-03110", w: false }); + oids.insert("0.4.0.127.0.7.3.4.2.2", OidEntry { d: "bsiSignedUpdateDeviceAdmin", c: "BSI TR-03109", w: false }); + oids.insert("0.4.0.127.0.7.4.1.1.1", OidEntry { d: "bsiCertReqMsgs", c: "BSI TR-03109", w: false }); + oids.insert("0.4.0.127.0.7.4.1.1.2", OidEntry { d: "bsiCertReqMsgswithOuterSignature", c: "BSI TR-03109", w: false }); + oids.insert("0.4.0.127.0.7.4.1.1.3", OidEntry { d: "bsiAuthorizedCertReqMsgs", c: "BSI TR-03109", w: false }); + oids.insert("0.4.0.127.0.7.4.1.2.2", OidEntry { d: "bsiSignedRevReqs", c: "BSI TR-03109", w: false }); + oids.insert("0.4.0.1862", OidEntry { d: "etsiQcsProfile", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1", OidEntry { d: "etsiQcs", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.1", OidEntry { d: "etsiQcsCompliance", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.2", OidEntry { d: "etsiQcsLimitValue", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.3", OidEntry { d: "etsiQcsRetentionPeriod", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.4", OidEntry { d: "etsiQcsQcSSCD", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.5", OidEntry { d: "etsiQcsQcPDS", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.6", OidEntry { d: "etsiQcsQcType", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.6.1", OidEntry { d: "etsiQcsQctEsign", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.6.2", OidEntry { d: "etsiQcsQctEseal", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.1862.1.6.3", OidEntry { d: "etsiQcsQctWeb", c: "ETSI TS 101 862 Qualified Certificates", w: false }); + oids.insert("0.4.0.2042.1.1", OidEntry { d: "normalisedCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.2042.1.2", OidEntry { d: "normalisedCertificatePolicyPlus", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.2042.1.3", OidEntry { d: "lightweightCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.2042.1.4", OidEntry { d: "evCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.2042.1.5", OidEntry { d: "evCertificatePolicyPlus", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.2042.1.6", OidEntry { d: "dvCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.2042.1.7", OidEntry { d: "ovCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); + oids.insert("0.4.0.194112.1.0", OidEntry { d: "qcpNatural", c: "EU Qualified Certificate Policy", w: false }); + oids.insert("0.4.0.194112.1.1", OidEntry { d: "qcpLegal", c: "EU Qualified Certificate Policy", w: false }); + oids.insert("0.4.0.194112.1.2", OidEntry { d: "qcpNaturalQscd", c: "EU Qualified Certificate Policy", w: false }); + oids.insert("0.4.0.194112.1.3", OidEntry { d: "qcpLegalQscd", c: "EU Qualified Certificate Policy", w: false }); + oids.insert("0.4.0.194112.1.4", OidEntry { d: "qcpWeb", c: "EU Qualified Certificate Policy", w: false }); + oids.insert("0.4.0.194121.1.1", OidEntry { d: "qcsSemanticsIdNatural", c: "EU Qualified Certificate Identifier", w: false }); + oids.insert("0.4.0.194121.1.2", OidEntry { d: "qcsSemanticsIdLegal", c: "EU Qualified Certificate Identifier", w: false }); + oids.insert("0.4.0.194121.1.3", OidEntry { d: "qcsSemanticsIdeIDASNatural", c: "EU Qualified Certificate Identifier", w: false }); + oids.insert("0.4.0.194121.1.4", OidEntry { d: "qcsSemanticsIdeIDASLegal", c: "EU Qualified Certificate Identifier", w: false }); + oids.insert("0.9.2342.19200300.100.1.1", OidEntry { d: "userID", c: "Some oddball X.500 attribute collection", w: false }); + oids.insert("0.9.2342.19200300.100.1.3", OidEntry { d: "rfc822Mailbox", c: "Some oddball X.500 attribute collection", w: false }); + oids.insert("0.9.2342.19200300.100.1.25", OidEntry { d: "domainComponent", c: "Men are from Mars, this OID is from Pluto", w: false }); + oids.insert("1.0.10118.3.0.49", OidEntry { d: "ripemd160", c: "ISO 10118-3 hash function", w: false }); + oids.insert("1.0.10118.3.0.50", OidEntry { d: "ripemd128", c: "ISO 10118-3 hash function", w: false }); + oids.insert("1.0.10118.3.0.55", OidEntry { d: "whirlpool", c: "ISO 10118-3 hash function", w: false }); + oids.insert("1.0.18033.2", OidEntry { d: "iso18033-2", c: "ISO 18033-2", w: false }); + oids.insert("1.0.18033.2.2", OidEntry { d: "kem", c: "ISO 18033-2 algorithms", w: false }); + oids.insert("1.0.18033.2.2.4", OidEntry { d: "kemRSA", c: "ISO 18033-2 KEM algorithms", w: false }); + oids.insert("1.2.36.1.3.1.1.1", OidEntry { d: "qgpki", c: "Queensland Government PKI", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1", OidEntry { d: "qgpkiPolicies", c: "QGPKI policies", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.1", OidEntry { d: "qgpkiMedIntermedCA", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.1.1", OidEntry { d: "qgpkiMedIntermedIndividual", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.1.2", OidEntry { d: "qgpkiMedIntermedDeviceControl", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.1.3", OidEntry { d: "qgpkiMedIntermedDevice", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.1.4", OidEntry { d: "qgpkiMedIntermedAuthorisedParty", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.1.5", OidEntry { d: "qgpkiMedIntermedDeviceSystem", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2", OidEntry { d: "qgpkiMedIssuingCA", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.1", OidEntry { d: "qgpkiMedIssuingIndividual", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.2", OidEntry { d: "qgpkiMedIssuingDeviceControl", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.3", OidEntry { d: "qgpkiMedIssuingDevice", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.4", OidEntry { d: "qgpkiMedIssuingAuthorisedParty", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.5", OidEntry { d: "qgpkiMedIssuingClientAuth", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.6", OidEntry { d: "qgpkiMedIssuingServerAuth", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.7", OidEntry { d: "qgpkiMedIssuingDataProt", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.2.8", OidEntry { d: "qgpkiMedIssuingTokenAuth", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.3", OidEntry { d: "qgpkiBasicIntermedCA", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.3.1", OidEntry { d: "qgpkiBasicIntermedDeviceSystem", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.4", OidEntry { d: "qgpkiBasicIssuingCA", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.4.1", OidEntry { d: "qgpkiBasicIssuingClientAuth", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.4.2", OidEntry { d: "qgpkiBasicIssuingServerAuth", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.1.4.3", OidEntry { d: "qgpkiBasicIssuingDataSigning", c: "QGPKI policy", w: false }); + oids.insert("1.2.36.1.3.1.1.1.2", OidEntry { d: "qgpkiAssuranceLevel", c: "QGPKI assurance level", w: false }); + oids.insert("1.2.36.1.3.1.1.1.2.1", OidEntry { d: "qgpkiAssuranceRudimentary", c: "QGPKI assurance level", w: false }); + oids.insert("1.2.36.1.3.1.1.1.2.2", OidEntry { d: "qgpkiAssuranceBasic", c: "QGPKI assurance level", w: false }); + oids.insert("1.2.36.1.3.1.1.1.2.3", OidEntry { d: "qgpkiAssuranceMedium", c: "QGPKI assurance level", w: false }); + oids.insert("1.2.36.1.3.1.1.1.2.4", OidEntry { d: "qgpkiAssuranceHigh", c: "QGPKI assurance level", w: false }); + oids.insert("1.2.36.1.3.1.1.1.3", OidEntry { d: "qgpkiCertFunction", c: "QGPKI policies", w: false }); + oids.insert("1.2.36.1.3.1.1.1.3.1", OidEntry { d: "qgpkiFunctionIndividual", c: "QGPKI policies", w: false }); + oids.insert("1.2.36.1.3.1.1.1.3.2", OidEntry { d: "qgpkiFunctionDevice", c: "QGPKI policies", w: false }); + oids.insert("1.2.36.1.3.1.1.1.3.3", OidEntry { d: "qgpkiFunctionAuthorisedParty", c: "QGPKI policies", w: false }); + oids.insert("1.2.36.1.3.1.1.1.3.4", OidEntry { d: "qgpkiFunctionDeviceControl", c: "QGPKI policies", w: false }); + oids.insert("1.2.36.1.3.1.2", OidEntry { d: "qpspki", c: "Queensland Police PKI", w: false }); + oids.insert("1.2.36.1.3.1.2.1", OidEntry { d: "qpspkiPolicies", c: "Queensland Police PKI", w: false }); + oids.insert("1.2.36.1.3.1.2.1.2", OidEntry { d: "qpspkiPolicyBasic", c: "Queensland Police PKI", w: false }); + oids.insert("1.2.36.1.3.1.2.1.3", OidEntry { d: "qpspkiPolicyMedium", c: "Queensland Police PKI", w: false }); + oids.insert("1.2.36.1.3.1.2.1.4", OidEntry { d: "qpspkiPolicyHigh", c: "Queensland Police PKI", w: false }); + oids.insert("1.2.36.1.3.1.3.2", OidEntry { d: "qtmrpki", c: "Queensland Transport PKI", w: false }); + oids.insert("1.2.36.1.3.1.3.2.1", OidEntry { d: "qtmrpkiPolicies", c: "Queensland Transport PKI", w: false }); + oids.insert("1.2.36.1.3.1.3.2.2", OidEntry { d: "qtmrpkiPurpose", c: "Queensland Transport PKI", w: false }); + oids.insert("1.2.36.1.3.1.3.2.2.1", OidEntry { d: "qtmrpkiIndividual", c: "Queensland Transport PKI purpose", w: false }); + oids.insert("1.2.36.1.3.1.3.2.2.2", OidEntry { d: "qtmrpkiDeviceControl", c: "Queensland Transport PKI purpose", w: false }); + oids.insert("1.2.36.1.3.1.3.2.2.3", OidEntry { d: "qtmrpkiDevice", c: "Queensland Transport PKI purpose", w: false }); + oids.insert("1.2.36.1.3.1.3.2.2.4", OidEntry { d: "qtmrpkiAuthorisedParty", c: "Queensland Transport PKI purpose", w: false }); + oids.insert("1.2.36.1.3.1.3.2.2.5", OidEntry { d: "qtmrpkiDeviceSystem", c: "Queensland Transport PKI purpose", w: false }); + oids.insert("1.2.36.1.3.1.3.2.3", OidEntry { d: "qtmrpkiDevice", c: "Queensland Transport PKI", w: false }); + oids.insert("1.2.36.1.3.1.3.2.3.1", OidEntry { d: "qtmrpkiDriverLicense", c: "Queensland Transport PKI device", w: false }); + oids.insert("1.2.36.1.3.1.3.2.3.2", OidEntry { d: "qtmrpkiIndustryAuthority", c: "Queensland Transport PKI device", w: false }); + oids.insert("1.2.36.1.3.1.3.2.3.3", OidEntry { d: "qtmrpkiMarineLicense", c: "Queensland Transport PKI device", w: false }); + oids.insert("1.2.36.1.3.1.3.2.3.4", OidEntry { d: "qtmrpkiAdultProofOfAge", c: "Queensland Transport PKI device", w: false }); + oids.insert("1.2.36.1.3.1.3.2.3.5", OidEntry { d: "qtmrpkiSam", c: "Queensland Transport PKI device", w: false }); + oids.insert("1.2.36.1.3.1.3.2.4", OidEntry { d: "qtmrpkiAuthorisedParty", c: "Queensland Transport PKI", w: false }); + oids.insert("1.2.36.1.3.1.3.2.4.1", OidEntry { d: "qtmrpkiTransportInspector", c: "Queensland Transport PKI authorised party", w: false }); + oids.insert("1.2.36.1.3.1.3.2.4.2", OidEntry { d: "qtmrpkiPoliceOfficer", c: "Queensland Transport PKI authorised party", w: false }); + oids.insert("1.2.36.1.3.1.3.2.4.3", OidEntry { d: "qtmrpkiSystem", c: "Queensland Transport PKI authorised party", w: false }); + oids.insert("1.2.36.1.3.1.3.2.4.4", OidEntry { d: "qtmrpkiLiquorLicensingInspector", c: "Queensland Transport PKI authorised party", w: false }); + oids.insert("1.2.36.1.3.1.3.2.4.5", OidEntry { d: "qtmrpkiMarineEnforcementOfficer", c: "Queensland Transport PKI authorised party", w: false }); + oids.insert("1.2.36.1.333.1", OidEntry { d: "australianBusinessNumber", c: "Australian Government corporate taxpayer ID", w: false }); + oids.insert("1.2.36.68980861.1.1.2", OidEntry { d: "signetPersonal", c: "Signet CA", w: false }); + oids.insert("1.2.36.68980861.1.1.3", OidEntry { d: "signetBusiness", c: "Signet CA", w: false }); + oids.insert("1.2.36.68980861.1.1.4", OidEntry { d: "signetLegal", c: "Signet CA", w: false }); + oids.insert("1.2.36.68980861.1.1.10", OidEntry { d: "signetPilot", c: "Signet CA", w: false }); + oids.insert("1.2.36.68980861.1.1.11", OidEntry { d: "signetIntraNet", c: "Signet CA", w: false }); + oids.insert("1.2.36.68980861.1.1.20", OidEntry { d: "signetPolicy", c: "Signet CA", w: false }); + oids.insert("1.2.36.75878867.1.100.1.1", OidEntry { d: "certificatesAustraliaPolicy", c: "Certificates Australia CA", w: false }); + oids.insert("1.2.112.0.2.0.34.101.45.2.1", OidEntry { d: "bignPubkey", c: "Belarus STB 34.101.45", w: false }); + oids.insert("1.2.112.0.2.0.34.101.45.3.1", OidEntry { d: "bignParamB1", c: "Belarus STB 34.101.45", w: false }); + oids.insert("1.2.112.0.2.0.34.101.45.3.2", OidEntry { d: "bignParamB2", c: "Belarus STB 34.101.45", w: false }); + oids.insert("1.2.112.0.2.0.34.101.45.3.3", OidEntry { d: "bignParamB3", c: "Belarus STB 34.101.45", w: false }); + oids.insert("1.2.112.0.2.0.34.101.45.11", OidEntry { d: "bignWithHSpec", c: "Belarus STB 34.101.45", w: false }); + oids.insert("1.2.112.0.2.0.34.101.45.12", OidEntry { d: "bignWithHBelt", c: "Belarus STB 34.101.45", w: false }); + oids.insert("1.2.156.10197.1", OidEntry { d: "gmtCryptographicAlgorithm", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.100", OidEntry { d: "gmtBlockCipher", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.102", OidEntry { d: "sm1Cipher", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.103", OidEntry { d: "ssf33Cipher", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.104", OidEntry { d: "sm4Cipher", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.200", OidEntry { d: "gmtStreamCipher", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.201", OidEntry { d: "zucCipher", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.300", OidEntry { d: "gmtPublicKeyCryptography", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.301", OidEntry { d: "sm2ECC", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.301.1", OidEntry { d: "sm2-1DigitalSignature", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.301.2", OidEntry { d: "sm2-2KeyExchange", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.301.3", OidEntry { d: "sm2-3PublicKeyEncryption", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.302", OidEntry { d: "gmtSM9IBE", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.302.1", OidEntry { d: "sm9-1DigitalSignature", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.302.2", OidEntry { d: "sm9-2KeyExchange", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.302.3", OidEntry { d: "sm9-3PublicKeyEncryption", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.400", OidEntry { d: "gmtHashAlgorithm", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.401", OidEntry { d: "sm3Hash", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.401.1", OidEntry { d: "sm3HashWithoutKey", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.401.2", OidEntry { d: "sm3HashWithKey", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.500", OidEntry { d: "gmtDigestSigning", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.501", OidEntry { d: "sm2withSM3", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.1.504", OidEntry { d: "rsaWithSM3", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.4.3", OidEntry { d: "gmtCertificateAuthority", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6", OidEntry { d: "gmtStandardClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1", OidEntry { d: "gmtFoundationClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.1", OidEntry { d: "gmtAlgorithmClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.1.1", OidEntry { d: "zucStandard", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.1.2", OidEntry { d: "sm4Standard", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.1.3", OidEntry { d: "sm2Standard", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.1.4", OidEntry { d: "sm3Standard", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.2", OidEntry { d: "gmtIDClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.2.1", OidEntry { d: "gmtCryptoID", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.3", OidEntry { d: "gmtOperationModes", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.4", OidEntry { d: "gmtSecurityMechanism", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.4.1", OidEntry { d: "gmtSM2Specification", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.1.4.2", OidEntry { d: "gmtSM2CryptographicMessageSyntax", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.2", OidEntry { d: "gmtDeviceClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.3", OidEntry { d: "gmtServiceClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.4", OidEntry { d: "gmtInfrastructure", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.5", OidEntry { d: "gmtTestingClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.5.1", OidEntry { d: "gmtRandomTestingClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.156.10197.6.6", OidEntry { d: "gmtManagementClass", c: "China GM Standards Committee", w: false }); + oids.insert("1.2.392.200011.61.1.1.1", OidEntry { d: "mitsubishiSecurityAlgorithm", c: "Mitsubishi security algorithm", w: false }); + oids.insert("1.2.392.200011.61.1.1.1.1", OidEntry { d: "misty1-cbc", c: "Mitsubishi security algorithm", w: false }); + oids.insert("1.2.410.200004.1", OidEntry { d: "kisaAlgorithm", c: "KISA algorithm", w: false }); + oids.insert("1.2.410.200004.1.1", OidEntry { d: "kcdsa", c: "Korean DSA", w: false }); + oids.insert("1.2.410.200004.1.2", OidEntry { d: "has160", c: "Korean hash algorithm", w: false }); + oids.insert("1.2.410.200004.1.3", OidEntry { d: "seedECB", c: "Korean SEED algorithm, ECB mode", w: false }); + oids.insert("1.2.410.200004.1.4", OidEntry { d: "seedCBC", c: "Korean SEED algorithm, CBC mode", w: false }); + oids.insert("1.2.410.200004.1.5", OidEntry { d: "seedOFB", c: "Korean SEED algorithm, OFB mode", w: false }); + oids.insert("1.2.410.200004.1.6", OidEntry { d: "seedCFB", c: "Korean SEED algorithm, CFB mode", w: false }); + oids.insert("1.2.410.200004.1.7", OidEntry { d: "seedMAC", c: "Korean SEED algorithm, MAC mode", w: false }); + oids.insert("1.2.410.200004.1.8", OidEntry { d: "kcdsaWithHAS160", c: "Korean signature algorithm", w: false }); + oids.insert("1.2.410.200004.1.9", OidEntry { d: "kcdsaWithSHA1", c: "Korean signature algorithm", w: false }); + oids.insert("1.2.410.200004.1.10", OidEntry { d: "pbeWithHAS160AndSEED-ECB", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.11", OidEntry { d: "pbeWithHAS160AndSEED-CBC", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.12", OidEntry { d: "pbeWithHAS160AndSEED-CFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.13", OidEntry { d: "pbeWithHAS160AndSEED-OFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.14", OidEntry { d: "pbeWithSHA1AndSEED-ECB", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.15", OidEntry { d: "pbeWithSHA1AndSEED-CBC", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.16", OidEntry { d: "pbeWithSHA1AndSEED-CFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.17", OidEntry { d: "pbeWithSHA1AndSEED-OFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); + oids.insert("1.2.410.200004.1.20", OidEntry { d: "rsaWithHAS160", c: "Korean signature algorithm", w: false }); + oids.insert("1.2.410.200004.1.21", OidEntry { d: "kcdsa1", c: "Korean DSA", w: false }); + oids.insert("1.2.410.200004.2", OidEntry { d: "npkiCP", c: "KISA NPKI certificate policies", w: false }); + oids.insert("1.2.410.200004.2.1", OidEntry { d: "npkiSignaturePolicy", c: "KISA NPKI certificate policies", w: false }); + oids.insert("1.2.410.200004.3", OidEntry { d: "npkiKP", c: "KISA NPKI key usage", w: false }); + oids.insert("1.2.410.200004.4", OidEntry { d: "npkiAT", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200004.5", OidEntry { d: "npkiLCA", c: "KISA NPKI licensed CA", w: false }); + oids.insert("1.2.410.200004.5.1", OidEntry { d: "npkiSignKorea", c: "KISA NPKI licensed CA", w: false }); + oids.insert("1.2.410.200004.5.2", OidEntry { d: "npkiSignGate", c: "KISA NPKI licensed CA", w: false }); + oids.insert("1.2.410.200004.5.3", OidEntry { d: "npkiNcaSign", c: "KISA NPKI licensed CA", w: false }); + oids.insert("1.2.410.200004.6", OidEntry { d: "npkiON", c: "KISA NPKI otherName", w: false }); + oids.insert("1.2.410.200004.7", OidEntry { d: "npkiAPP", c: "KISA NPKI application", w: false }); + oids.insert("1.2.410.200004.7.1", OidEntry { d: "npkiSMIME", c: "KISA NPKI application", w: false }); + oids.insert("1.2.410.200004.7.1.1", OidEntry { d: "npkiSMIMEAlgo", c: "KISA NPKI application", w: false }); + oids.insert("1.2.410.200004.7.1.1.1", OidEntry { d: "npkiCmsSEEDWrap", c: "KISA NPKI application", w: false }); + oids.insert("1.2.410.200004.10", OidEntry { d: "npki", c: "KISA NPKI", w: false }); + oids.insert("1.2.410.200004.10.1", OidEntry { d: "npkiAttribute", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200004.10.1.1", OidEntry { d: "npkiIdentifyData", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200004.10.1.1.1", OidEntry { d: "npkiVID", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200004.10.1.1.2", OidEntry { d: "npkiEncryptedVID", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200004.10.1.1.3", OidEntry { d: "npkiRandomNum", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200004.10.1.1.4", OidEntry { d: "npkiVID", c: "KISA NPKI attribute", w: false }); + oids.insert("1.2.410.200046.1.1", OidEntry { d: "aria1AlgorithmModes", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.1", OidEntry { d: "aria128-ecb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.2", OidEntry { d: "aria128-cbc", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.3", OidEntry { d: "aria128-cfb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.4", OidEntry { d: "aria128-ofb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.5", OidEntry { d: "aria128-ctr", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.6", OidEntry { d: "aria192-ecb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.7", OidEntry { d: "aria192-cbc", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.8", OidEntry { d: "aria192-cfb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.9", OidEntry { d: "aria192-ofb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.10", OidEntry { d: "aria192-ctr", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.11", OidEntry { d: "aria256-ecb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.12", OidEntry { d: "aria256-cbc", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.13", OidEntry { d: "aria256-cfb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.14", OidEntry { d: "aria256-ofb", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.15", OidEntry { d: "aria256-ctr", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.21", OidEntry { d: "aria128-cmac", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.22", OidEntry { d: "aria192-cmac", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.23", OidEntry { d: "aria256-cmac", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.31", OidEntry { d: "aria128-ocb2", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.32", OidEntry { d: "aria192-ocb2", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.33", OidEntry { d: "aria256-ocb2", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.34", OidEntry { d: "aria128-gcm", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.35", OidEntry { d: "aria192-gcm", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.36", OidEntry { d: "aria256-gcm", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.37", OidEntry { d: "aria128-ccm", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.38", OidEntry { d: "aria192-ccm", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.39", OidEntry { d: "aria256-ccm", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.40", OidEntry { d: "aria128-keywrap", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.41", OidEntry { d: "aria192-keywrap", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.42", OidEntry { d: "aria256-keywrap", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.43", OidEntry { d: "aria128-keywrapWithPad", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.44", OidEntry { d: "aria192-keywrapWithPad", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.410.200046.1.1.45", OidEntry { d: "aria256-keywrapWithPad", c: "ARIA algorithm modes", w: false }); + oids.insert("1.2.643.2.2.3", OidEntry { d: "gostSignature", c: "GOST R 34.10-2001 + GOST R 34.11-94 signature", w: false }); + oids.insert("1.2.643.2.2.4", OidEntry { d: "gost94Signature", c: "GOST R 34.10-94 + GOST R 34.11-94 signature. Obsoleted by GOST R 34.10-2001", w: true }); + oids.insert("1.2.643.2.2.19", OidEntry { d: "gostPublicKey", c: "GOST R 34.10-2001 (ECC) public key", w: false }); + oids.insert("1.2.643.2.2.20", OidEntry { d: "gost94PublicKey", c: "GOST R 34.10-94 public key. Obsoleted by GOST R 34.10-2001", w: true }); + oids.insert("1.2.643.2.2.21", OidEntry { d: "gostCipher", c: "GOST 28147-89 (symmetric key block cipher)", w: false }); + oids.insert("1.2.643.2.2.31.0", OidEntry { d: "testCipherParams", c: "Test params for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.1", OidEntry { d: "cryptoProCipherA", c: "CryptoPro params A (default, variant 'Verba-O') for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.2", OidEntry { d: "cryptoProCipherB", c: "CryptoPro params B (variant 1) for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.3", OidEntry { d: "cryptoProCipherC", c: "CryptoPro params C (variant 2) for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.4", OidEntry { d: "cryptoProCipherD", c: "CryptoPro params D (variant 3) for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.5", OidEntry { d: "oscar11Cipher", c: "Oscar-1.1 params for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.6", OidEntry { d: "oscar10Cipher", c: "Oscar-1.0 params for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.7", OidEntry { d: "ric1Cipher", c: "RIC-1 params for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.12", OidEntry { d: "tc26CipherA", c: "TC26 params 2 for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.13", OidEntry { d: "tc26CipherB", c: "TC26 params 1 for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.14", OidEntry { d: "tc26CipherC", c: "TC26 params 3 for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.15", OidEntry { d: "tc26CipherD", c: "TC26 params 4 for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.16", OidEntry { d: "tc26CipherE", c: "TC26 params 5 for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.31.17", OidEntry { d: "tc26CipherF", c: "TC26 params 6 for GOST 28147-89", w: false }); + oids.insert("1.2.643.7.1.2.5.1.1", OidEntry { d: "tc26CipherZ", c: "TC26 params Z for GOST 28147-89", w: false }); + oids.insert("1.2.643.2.2.9", OidEntry { d: "gostDigest", c: "GOST R 34.11-94 digest", w: false }); + oids.insert("1.2.643.2.2.30.0", OidEntry { d: "testDigestParams", c: "Test params for GOST R 34.11-94", w: false }); + oids.insert("1.2.643.2.2.30.1", OidEntry { d: "cryptoProDigestA", c: "CryptoPro digest params A (default, variant 'Verba-O') for GOST R 34.11-94", w: false }); + oids.insert("1.2.643.2.2.30.2", OidEntry { d: "cryptoProDigestB", c: "CryptoPro digest params B (variant 1) for GOST R 34.11-94", w: false }); + oids.insert("1.2.643.2.2.30.3", OidEntry { d: "cryptoProDigestC", c: "CryptoPro digest params C (variant 2) for GOST R 34.11-94", w: false }); + oids.insert("1.2.643.2.2.30.4", OidEntry { d: "cryptoProDigestD", c: "CryptoPro digest params D (variant 3) for GOST R 34.11-94", w: false }); + oids.insert("1.2.643.2.2.32.2", OidEntry { d: "cryptoPro94SignA", c: "CryptoPro sign params A (default, variant 'Verba-O') for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.32.3", OidEntry { d: "cryptoPro94SignB", c: "CryptoPro sign params B (variant 1) for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.32.4", OidEntry { d: "cryptoPro94SignC", c: "CryptoPro sign params C (variant 2) for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.32.5", OidEntry { d: "cryptoPro94SignD", c: "CryptoPro sign params D (variant 3) for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.33.1", OidEntry { d: "cryptoPro94SignXA", c: "CryptoPro sign params XA (variant 1) for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.33.2", OidEntry { d: "cryptoPro94SignXB", c: "CryptoPro sign params XB (variant 2) for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.33.3", OidEntry { d: "cryptoPro94SignXC", c: "CryptoPro sign params XC (variant 3) for GOST R 34.10-94", w: false }); + oids.insert("1.2.643.2.2.35.0", OidEntry { d: "testSignParams", c: "Test elliptic curve for GOST R 34.10-2001", w: false }); + oids.insert("1.2.643.2.2.35.1", OidEntry { d: "cryptoProSignA", c: "CryptoPro ell.curve A for GOST R 34.10-2001", w: false }); + oids.insert("1.2.643.2.2.35.2", OidEntry { d: "cryptoProSignB", c: "CryptoPro ell.curve B for GOST R 34.10-2001", w: false }); + oids.insert("1.2.643.2.2.35.3", OidEntry { d: "cryptoProSignC", c: "CryptoPro ell.curve C for GOST R 34.10-2001", w: false }); + oids.insert("1.2.643.2.2.36.0", OidEntry { d: "cryptoProSignXA", c: "CryptoPro ell.curve XA for GOST R 34.10-2001", w: false }); + oids.insert("1.2.643.2.2.36.1", OidEntry { d: "cryptoProSignXB", c: "CryptoPro ell.curve XB for GOST R 34.10-2001", w: false }); + oids.insert("1.2.643.7.1.2.1.1.1", OidEntry { d: "cryptoPro2012Sign256A", c: "CryptoPro ell.curve A for GOST R 34.10-2012 256 bit", w: false }); + oids.insert("1.2.643.7.1.2.1.2.1", OidEntry { d: "cryptoPro2012Sign512A", c: "CryptoPro ell.curve A (default) for GOST R 34.10-2012 512 bit", w: false }); + oids.insert("1.2.643.7.1.2.1.2.2", OidEntry { d: "cryptoPro2012Sign512B", c: "CryptoPro ell.curve B for GOST R 34.10-2012 512 bit", w: false }); + oids.insert("1.2.643.7.1.2.1.2.3", OidEntry { d: "cryptoPro2012Sign512C", c: "CryptoPro ell.curve C for GOST R 34.10-2012 512 bit", w: false }); + oids.insert("1.2.643.2.2.14.0", OidEntry { d: "nullMeshing", c: "Do not mesh state of GOST 28147-89 cipher", w: false }); + oids.insert("1.2.643.2.2.14.1", OidEntry { d: "cryptoProMeshing", c: "CryptoPro meshing of state of GOST 28147-89 cipher", w: false }); + oids.insert("1.2.643.2.2.10", OidEntry { d: "hmacGost", c: "HMAC with GOST R 34.11-94", w: false }); + oids.insert("1.2.643.2.2.13.0", OidEntry { d: "gostWrap", c: "Wrap key using GOST 28147-89 key", w: false }); + oids.insert("1.2.643.2.2.13.1", OidEntry { d: "cryptoProWrap", c: "Wrap key using diversified GOST 28147-89 key", w: false }); + oids.insert("1.2.643.2.2.96", OidEntry { d: "cryptoProECDHWrap", c: "Wrap key using ECC DH on GOST R 34.10-2001 keys (VKO)", w: false }); + oids.insert("1.2.643.7.1.1.1.1", OidEntry { d: "gost2012PublicKey256", c: "GOST R 34.10-2012 256 bit public key", w: false }); + oids.insert("1.2.643.7.1.1.1.2", OidEntry { d: "gost2012PublicKey512", c: "GOST R 34.10-2012 512 bit public key", w: false }); + oids.insert("1.2.643.7.1.1.2.2", OidEntry { d: "gost2012Digest256", c: "GOST R 34.11-2012 256 bit digest", w: false }); + oids.insert("1.2.643.7.1.1.2.3", OidEntry { d: "gost2012Digest512", c: "GOST R 34.11-2012 512 bit digest", w: false }); + oids.insert("1.2.643.7.1.1.3.2", OidEntry { d: "gost2012Signature256", c: "GOST R 34.10-2012 256 bit signature", w: false }); + oids.insert("1.2.643.7.1.1.3.3", OidEntry { d: "gost2012Signature512", c: "GOST R 34.10-2012 512 bit signature", w: false }); + oids.insert("1.2.643.7.1.1.6.1", OidEntry { d: "cryptoProECDH256", c: "CryptoPro ECC DH algorithm for GOST R 34.10-2012 256 bit key", w: false }); + oids.insert("1.2.643.7.1.1.6.2", OidEntry { d: "cryptoProECDH512", c: "CryptoPro ECC DH algorithm for GOST R 34.10-2012 512 bit key", w: false }); + oids.insert("1.2.643.100.113.1", OidEntry { d: "cryptoProClassSignToolKC1", c: "CryptoPro GOST", w: false }); + oids.insert("1.2.643.100.113.2", OidEntry { d: "cryptoProClassSignToolKC2", c: "CryptoPro GOST", w: false }); + oids.insert("1.2.643.100.113.3", OidEntry { d: "cryptoProClassSignToolKC3", c: "CryptoPro GOST", w: false }); + oids.insert("1.2.643.100.113.4", OidEntry { d: "cryptoProClassSignToolKB1", c: "CryptoPro GOST", w: false }); + oids.insert("1.2.643.100.113.5", OidEntry { d: "cryptoProClassSignToolKB2", c: "CryptoPro GOST", w: false }); + oids.insert("1.2.643.100.113.6", OidEntry { d: "cryptoProClassSignToolKA1", c: "CryptoPro GOST", w: false }); + oids.insert("1.2.752.34.1", OidEntry { d: "seis-cp", c: "SEIS Project", w: false }); + oids.insert("1.2.752.34.1.1", OidEntry { d: "SEIS high-assurance policyIdentifier", c: "SEIS Project certificate policies", w: false }); + oids.insert("1.2.752.34.1.2", OidEntry { d: "SEIS GAK policyIdentifier", c: "SEIS Project certificate policies", w: false }); + oids.insert("1.2.752.34.2", OidEntry { d: "SEIS pe", c: "SEIS Project", w: false }); + oids.insert("1.2.752.34.3", OidEntry { d: "SEIS at", c: "SEIS Project", w: false }); + oids.insert("1.2.752.34.3.1", OidEntry { d: "SEIS at-personalIdentifier", c: "SEIS Project attribute", w: false }); + oids.insert("1.2.840.10040.1", OidEntry { d: "module", c: "ANSI X9.57", w: false }); + oids.insert("1.2.840.10040.1.1", OidEntry { d: "x9f1-cert-mgmt", c: "ANSI X9.57 module", w: false }); + oids.insert("1.2.840.10040.2", OidEntry { d: "holdinstruction", c: "ANSI X9.57", w: false }); + oids.insert("1.2.840.10040.2.1", OidEntry { d: "holdinstruction-none", c: "ANSI X9.57 hold instruction", w: false }); + oids.insert("1.2.840.10040.2.2", OidEntry { d: "callissuer", c: "ANSI X9.57 hold instruction", w: false }); + oids.insert("1.2.840.10040.2.3", OidEntry { d: "reject", c: "ANSI X9.57 hold instruction", w: false }); + oids.insert("1.2.840.10040.2.4", OidEntry { d: "pickupToken", c: "ANSI X9.57 hold instruction", w: false }); + oids.insert("1.2.840.10040.3", OidEntry { d: "attribute", c: "ANSI X9.57", w: false }); + oids.insert("1.2.840.10040.3.1", OidEntry { d: "countersignature", c: "ANSI X9.57 attribute", w: false }); + oids.insert("1.2.840.10040.3.2", OidEntry { d: "attribute-cert", c: "ANSI X9.57 attribute", w: false }); + oids.insert("1.2.840.10040.4", OidEntry { d: "algorithm", c: "ANSI X9.57", w: false }); + oids.insert("1.2.840.10040.4.1", OidEntry { d: "dsa", c: "ANSI X9.57 algorithm", w: false }); + oids.insert("1.2.840.10040.4.2", OidEntry { d: "dsa-match", c: "ANSI X9.57 algorithm", w: false }); + oids.insert("1.2.840.10040.4.3", OidEntry { d: "dsaWithSha1", c: "ANSI X9.57 algorithm", w: false }); + oids.insert("1.2.840.10045.1", OidEntry { d: "fieldType", c: "ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1", w: false }); + oids.insert("1.2.840.10045.1.1", OidEntry { d: "prime-field", c: "ANSI X9.62 field type", w: false }); + oids.insert("1.2.840.10045.1.2", OidEntry { d: "characteristic-two-field", c: "ANSI X9.62 field type", w: false }); + oids.insert("1.2.840.10045.1.2.3", OidEntry { d: "characteristic-two-basis", c: "ANSI X9.62 field type", w: false }); + oids.insert("1.2.840.10045.1.2.3.1", OidEntry { d: "onBasis", c: "ANSI X9.62 field basis", w: false }); + oids.insert("1.2.840.10045.1.2.3.2", OidEntry { d: "tpBasis", c: "ANSI X9.62 field basis", w: false }); + oids.insert("1.2.840.10045.1.2.3.3", OidEntry { d: "ppBasis", c: "ANSI X9.62 field basis", w: false }); + oids.insert("1.2.840.10045.2", OidEntry { d: "publicKeyType", c: "ANSI X9.62", w: false }); + oids.insert("1.2.840.10045.2.1", OidEntry { d: "ecPublicKey", c: "ANSI X9.62 public key type", w: false }); + oids.insert("1.2.840.10045.3.0.1", OidEntry { d: "c2pnb163v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.2", OidEntry { d: "c2pnb163v2", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.3", OidEntry { d: "c2pnb163v3", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.5", OidEntry { d: "c2tnb191v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.6", OidEntry { d: "c2tnb191v2", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.7", OidEntry { d: "c2tnb191v3", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.10", OidEntry { d: "c2pnb208w1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.11", OidEntry { d: "c2tnb239v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.12", OidEntry { d: "c2tnb239v2", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.13", OidEntry { d: "c2tnb239v3", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.16", OidEntry { d: "c2pnb272w1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.18", OidEntry { d: "c2tnb359v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.19", OidEntry { d: "c2pnb368w1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.0.20", OidEntry { d: "c2tnb431r1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.1", OidEntry { d: "prime192v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.2", OidEntry { d: "prime192v2", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.3", OidEntry { d: "prime192v3", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.4", OidEntry { d: "prime239v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.5", OidEntry { d: "prime239v2", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.6", OidEntry { d: "prime239v3", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.3.1.7", OidEntry { d: "prime256v1", c: "ANSI X9.62 named elliptic curve", w: false }); + oids.insert("1.2.840.10045.4.1", OidEntry { d: "ecdsaWithSHA1", c: "ANSI X9.62 ECDSA algorithm with SHA1", w: false }); + oids.insert("1.2.840.10045.4.2", OidEntry { d: "ecdsaWithRecommended", c: "ANSI X9.62 ECDSA algorithm with Recommended", w: false }); + oids.insert("1.2.840.10045.4.3", OidEntry { d: "ecdsaWithSpecified", c: "ANSI X9.62 ECDSA algorithm with Specified", w: false }); + oids.insert("1.2.840.10045.4.3.1", OidEntry { d: "ecdsaWithSHA224", c: "ANSI X9.62 ECDSA algorithm with SHA224", w: false }); + oids.insert("1.2.840.10045.4.3.2", OidEntry { d: "ecdsaWithSHA256", c: "ANSI X9.62 ECDSA algorithm with SHA256", w: false }); + oids.insert("1.2.840.10045.4.3.3", OidEntry { d: "ecdsaWithSHA384", c: "ANSI X9.62 ECDSA algorithm with SHA384", w: false }); + oids.insert("1.2.840.10045.4.3.4", OidEntry { d: "ecdsaWithSHA512", c: "ANSI X9.62 ECDSA algorithm with SHA512", w: false }); + oids.insert("1.2.840.10046.1", OidEntry { d: "fieldType", c: "ANSI X9.42", w: false }); + oids.insert("1.2.840.10046.1.1", OidEntry { d: "gf-prime", c: "ANSI X9.42 field type", w: false }); + oids.insert("1.2.840.10046.2", OidEntry { d: "numberType", c: "ANSI X9.42", w: false }); + oids.insert("1.2.840.10046.2.1", OidEntry { d: "dhPublicKey", c: "ANSI X9.42 number type", w: false }); + oids.insert("1.2.840.10046.3", OidEntry { d: "scheme", c: "ANSI X9.42", w: false }); + oids.insert("1.2.840.10046.3.1", OidEntry { d: "dhStatic", c: "ANSI X9.42 scheme", w: false }); + oids.insert("1.2.840.10046.3.2", OidEntry { d: "dhEphem", c: "ANSI X9.42 scheme", w: false }); + oids.insert("1.2.840.10046.3.3", OidEntry { d: "dhHybrid1", c: "ANSI X9.42 scheme", w: false }); + oids.insert("1.2.840.10046.3.4", OidEntry { d: "dhHybrid2", c: "ANSI X9.42 scheme", w: false }); + oids.insert("1.2.840.10046.3.5", OidEntry { d: "mqv2", c: "ANSI X9.42 scheme", w: false }); + oids.insert("1.2.840.10046.3.6", OidEntry { d: "mqv1", c: "ANSI X9.42 scheme", w: false }); + oids.insert("1.2.840.10065.2.2", OidEntry { d: "?", c: "ASTM 31.20", w: false }); + oids.insert("1.2.840.10065.2.3", OidEntry { d: "healthcareLicense", c: "ASTM 31.20", w: false }); + oids.insert("1.2.840.10065.2.3.1.1", OidEntry { d: "license?", c: "ASTM 31.20 healthcare license type", w: false }); + oids.insert("1.2.840.10070", OidEntry { d: "iec62351", c: "IEC 62351", w: false }); + oids.insert("1.2.840.10070.8", OidEntry { d: "iec62351_8", c: "IEC 62351-8", w: false }); + oids.insert("1.2.840.10070.8.1", OidEntry { d: "iecUserRoles", c: "IEC 62351-8", w: false }); + oids.insert("1.2.840.113533.7", OidEntry { d: "nsn", c: "", w: false }); + oids.insert("1.2.840.113533.7.65", OidEntry { d: "nsn-ce", c: "", w: false }); + oids.insert("1.2.840.113533.7.65.0", OidEntry { d: "entrustVersInfo", c: "Nortel Secure Networks ce", w: false }); + oids.insert("1.2.840.113533.7.66", OidEntry { d: "nsn-alg", c: "", w: false }); + oids.insert("1.2.840.113533.7.66.3", OidEntry { d: "cast3CBC", c: "Nortel Secure Networks alg", w: false }); + oids.insert("1.2.840.113533.7.66.10", OidEntry { d: "cast5CBC", c: "Nortel Secure Networks alg", w: false }); + oids.insert("1.2.840.113533.7.66.11", OidEntry { d: "cast5MAC", c: "Nortel Secure Networks alg", w: false }); + oids.insert("1.2.840.113533.7.66.12", OidEntry { d: "pbeWithMD5AndCAST5-CBC", c: "Nortel Secure Networks alg", w: false }); + oids.insert("1.2.840.113533.7.66.13", OidEntry { d: "passwordBasedMac", c: "Nortel Secure Networks alg", w: false }); + oids.insert("1.2.840.113533.7.67", OidEntry { d: "nsn-oc", c: "", w: false }); + oids.insert("1.2.840.113533.7.67.0", OidEntry { d: "entrustUser", c: "Nortel Secure Networks oc", w: false }); + oids.insert("1.2.840.113533.7.68", OidEntry { d: "nsn-at", c: "", w: false }); + oids.insert("1.2.840.113533.7.68.0", OidEntry { d: "entrustCAInfo", c: "Nortel Secure Networks at", w: false }); + oids.insert("1.2.840.113533.7.68.10", OidEntry { d: "attributeCertificate", c: "Nortel Secure Networks at", w: false }); + oids.insert("1.2.840.113549.1.1", OidEntry { d: "pkcs-1", c: "", w: false }); + oids.insert("1.2.840.113549.1.1.1", OidEntry { d: "rsaEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.2", OidEntry { d: "md2WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.3", OidEntry { d: "md4WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.4", OidEntry { d: "md5WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.5", OidEntry { d: "sha1WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.7", OidEntry { d: "rsaOAEP", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.8", OidEntry { d: "pkcs1-MGF", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.9", OidEntry { d: "rsaOAEP-pSpecified", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.10", OidEntry { d: "rsaPSS", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.11", OidEntry { d: "sha256WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.12", OidEntry { d: "sha384WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.13", OidEntry { d: "sha512WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.14", OidEntry { d: "sha224WithRSAEncryption", c: "PKCS #1", w: false }); + oids.insert("1.2.840.113549.1.1.6", OidEntry { d: "rsaOAEPEncryptionSET", c: "PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption", w: false }); + oids.insert("1.2.840.113549.1.2", OidEntry { d: "bsafeRsaEncr", c: "Obsolete BSAFE OID", w: true }); + oids.insert("1.2.840.113549.1.3", OidEntry { d: "pkcs-3", c: "", w: false }); + oids.insert("1.2.840.113549.1.3.1", OidEntry { d: "dhKeyAgreement", c: "PKCS #3", w: false }); + oids.insert("1.2.840.113549.1.5", OidEntry { d: "pkcs-5", c: "", w: false }); + oids.insert("1.2.840.113549.1.5.1", OidEntry { d: "pbeWithMD2AndDES-CBC", c: "PKCS #5", w: false }); + oids.insert("1.2.840.113549.1.5.3", OidEntry { d: "pbeWithMD5AndDES-CBC", c: "PKCS #5", w: false }); + oids.insert("1.2.840.113549.1.5.4", OidEntry { d: "pbeWithMD2AndRC2-CBC", c: "PKCS #5", w: false }); + oids.insert("1.2.840.113549.1.5.6", OidEntry { d: "pbeWithMD5AndRC2-CBC", c: "PKCS #5", w: false }); + oids.insert("1.2.840.113549.1.5.9", OidEntry { d: "pbeWithMD5AndXOR", c: "PKCS #5, used in BSAFE only", w: true }); + oids.insert("1.2.840.113549.1.5.10", OidEntry { d: "pbeWithSHAAndDES-CBC", c: "PKCS #5", w: false }); + oids.insert("1.2.840.113549.1.5.12", OidEntry { d: "pkcs5PBKDF2", c: "PKCS #5 v2.0", w: false }); + oids.insert("1.2.840.113549.1.5.13", OidEntry { d: "pkcs5PBES2", c: "PKCS #5 v2.0", w: false }); + oids.insert("1.2.840.113549.1.5.14", OidEntry { d: "pkcs5PBMAC1", c: "PKCS #5 v2.0", w: false }); + oids.insert("1.2.840.113549.1.7", OidEntry { d: "pkcs-7", c: "", w: false }); + oids.insert("1.2.840.113549.1.7.1", OidEntry { d: "data", c: "PKCS #7", w: false }); + oids.insert("1.2.840.113549.1.7.2", OidEntry { d: "signedData", c: "PKCS #7", w: false }); + oids.insert("1.2.840.113549.1.7.3", OidEntry { d: "envelopedData", c: "PKCS #7", w: false }); + oids.insert("1.2.840.113549.1.7.4", OidEntry { d: "signedAndEnvelopedData", c: "PKCS #7", w: false }); + oids.insert("1.2.840.113549.1.7.5", OidEntry { d: "digestedData", c: "PKCS #7", w: false }); + oids.insert("1.2.840.113549.1.7.6", OidEntry { d: "encryptedData", c: "PKCS #7", w: false }); + oids.insert("1.2.840.113549.1.7.7", OidEntry { d: "dataWithAttributes", c: "PKCS #7 experimental", w: true }); + oids.insert("1.2.840.113549.1.7.8", OidEntry { d: "encryptedPrivateKeyInfo", c: "PKCS #7 experimental", w: true }); + oids.insert("1.2.840.113549.1.9", OidEntry { d: "pkcs-9", c: "", w: false }); + oids.insert("1.2.840.113549.1.9.1", OidEntry { d: "emailAddress", c: "PKCS #9. Deprecated, use an altName extension instead", w: false }); + oids.insert("1.2.840.113549.1.9.2", OidEntry { d: "unstructuredName", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.3", OidEntry { d: "contentType", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.4", OidEntry { d: "messageDigest", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.5", OidEntry { d: "signingTime", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.6", OidEntry { d: "countersignature", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.7", OidEntry { d: "challengePassword", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.8", OidEntry { d: "unstructuredAddress", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.9", OidEntry { d: "extendedCertificateAttributes", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.10", OidEntry { d: "issuerAndSerialNumber", c: "PKCS #9 experimental", w: true }); + oids.insert("1.2.840.113549.1.9.11", OidEntry { d: "passwordCheck", c: "PKCS #9 experimental", w: true }); + oids.insert("1.2.840.113549.1.9.12", OidEntry { d: "publicKey", c: "PKCS #9 experimental", w: true }); + oids.insert("1.2.840.113549.1.9.13", OidEntry { d: "signingDescription", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.14", OidEntry { d: "extensionRequest", c: "PKCS #9 via CRMF", w: false }); + oids.insert("1.2.840.113549.1.9.15", OidEntry { d: "sMIMECapabilities", c: "PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name", w: false }); + oids.insert("1.2.840.113549.1.9.15.1", OidEntry { d: "preferSignedData", c: "sMIMECapabilities", w: false }); + oids.insert("1.2.840.113549.1.9.15.2", OidEntry { d: "canNotDecryptAny", c: "sMIMECapabilities", w: false }); + oids.insert("1.2.840.113549.1.9.15.3", OidEntry { d: "receiptRequest", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 1) instead", w: true }); + oids.insert("1.2.840.113549.1.9.15.4", OidEntry { d: "receipt", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 1 1) instead", w: true }); + oids.insert("1.2.840.113549.1.9.15.5", OidEntry { d: "contentHints", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 4) instead", w: true }); + oids.insert("1.2.840.113549.1.9.15.6", OidEntry { d: "mlExpansionHistory", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 3) instead", w: true }); + oids.insert("1.2.840.113549.1.9.16", OidEntry { d: "id-sMIME", c: "PKCS #9", w: false }); + oids.insert("1.2.840.113549.1.9.16.0", OidEntry { d: "id-mod", c: "id-sMIME", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.1", OidEntry { d: "id-mod-cms", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.2", OidEntry { d: "id-mod-ess", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.3", OidEntry { d: "id-mod-oid", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.4", OidEntry { d: "id-mod-msg-v3", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.5", OidEntry { d: "id-mod-ets-eSignature-88", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.6", OidEntry { d: "id-mod-ets-eSignature-97", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.7", OidEntry { d: "id-mod-ets-eSigPolicy-88", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.0.8", OidEntry { d: "id-mod-ets-eSigPolicy-88", c: "S/MIME Modules", w: false }); + oids.insert("1.2.840.113549.1.9.16.1", OidEntry { d: "contentType", c: "S/MIME", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.0", OidEntry { d: "anyContentType", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.1", OidEntry { d: "receipt", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.2", OidEntry { d: "authData", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.3", OidEntry { d: "publishCert", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.4", OidEntry { d: "tSTInfo", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.5", OidEntry { d: "tDTInfo", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.6", OidEntry { d: "contentInfo", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.7", OidEntry { d: "dVCSRequestData", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.8", OidEntry { d: "dVCSResponseData", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.9", OidEntry { d: "compressedData", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.10", OidEntry { d: "scvpCertValRequest", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.11", OidEntry { d: "scvpCertValResponse", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.12", OidEntry { d: "scvpValPolRequest", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.13", OidEntry { d: "scvpValPolResponse", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.14", OidEntry { d: "attrCertEncAttrs", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.15", OidEntry { d: "tSReq", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.16", OidEntry { d: "firmwarePackage", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.17", OidEntry { d: "firmwareLoadReceipt", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.18", OidEntry { d: "firmwareLoadError", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.19", OidEntry { d: "contentCollection", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.20", OidEntry { d: "contentWithAttrs", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.21", OidEntry { d: "encKeyWithID", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.22", OidEntry { d: "encPEPSI", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.23", OidEntry { d: "authEnvelopedData", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.24", OidEntry { d: "routeOriginAttest", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.25", OidEntry { d: "symmetricKeyPackage", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.26", OidEntry { d: "rpkiManifest", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.27", OidEntry { d: "asciiTextWithCRLF", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.28", OidEntry { d: "xml", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.29", OidEntry { d: "pdf", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.30", OidEntry { d: "postscript", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.31", OidEntry { d: "timestampedData", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.32", OidEntry { d: "asAdjacencyAttest", c: "S/MIME Content Types", w: true }); + oids.insert("1.2.840.113549.1.9.16.1.33", OidEntry { d: "rpkiTrustAnchor", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.34", OidEntry { d: "trustAnchorList", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.35", OidEntry { d: "rpkiGhostbusters", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.36", OidEntry { d: "resourceTaggedAttest", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.37", OidEntry { d: "utf8TextWithCRLF", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.38", OidEntry { d: "htmlWithCRLF", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.39", OidEntry { d: "epub", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.40", OidEntry { d: "animaJSONVoucher", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.41", OidEntry { d: "mudType", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.42", OidEntry { d: "sztpConveyedInfoXML", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.43", OidEntry { d: "sztpConveyedInfoJSON", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.44", OidEntry { d: "cbor", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.45", OidEntry { d: "cborSequence", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.46", OidEntry { d: "animaCBORVoucher", c: "S/MIME Content Types", w: true }); + oids.insert("1.2.840.113549.1.9.16.1.47", OidEntry { d: "geofeedCSVwithCRLF", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.48", OidEntry { d: "rpkiSignedChecklist", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.1.49", OidEntry { d: "rpkiASPA", c: "S/MIME Content Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.2", OidEntry { d: "authenticatedAttributes", c: "S/MIME", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.1", OidEntry { d: "receiptRequest", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.2", OidEntry { d: "securityLabel", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.3", OidEntry { d: "mlExpandHistory", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.4", OidEntry { d: "contentHint", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.5", OidEntry { d: "msgSigDigest", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.6", OidEntry { d: "encapContentType", c: "S/MIME Authenticated Attributes. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.2.7", OidEntry { d: "contentIdentifier", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.8", OidEntry { d: "macValue", c: "S/MIME Authenticated Attributes. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.2.9", OidEntry { d: "equivalentLabels", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.10", OidEntry { d: "contentReference", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.11", OidEntry { d: "encrypKeyPref", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.12", OidEntry { d: "signingCertificate", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.13", OidEntry { d: "smimeEncryptCerts", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.14", OidEntry { d: "timeStampToken", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.15", OidEntry { d: "sigPolicyId", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.16", OidEntry { d: "commitmentType", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.17", OidEntry { d: "signerLocation", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.18", OidEntry { d: "signerAttr", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.19", OidEntry { d: "otherSigCert", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.20", OidEntry { d: "contentTimestamp", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.21", OidEntry { d: "certificateRefs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.22", OidEntry { d: "revocationRefs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.23", OidEntry { d: "certValues", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.24", OidEntry { d: "revocationValues", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.25", OidEntry { d: "escTimeStamp", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.26", OidEntry { d: "certCRLTimestamp", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.27", OidEntry { d: "archiveTimeStamp", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.28", OidEntry { d: "signatureType", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.29", OidEntry { d: "dvcsDvc", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.30", OidEntry { d: "cekReference", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.31", OidEntry { d: "maxCEKDecrypts", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.32", OidEntry { d: "kekDerivationAlg", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.33", OidEntry { d: "intendedRecipients", c: "S/MIME Authenticated Attributes. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.2.34", OidEntry { d: "cmcUnsignedData", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.35", OidEntry { d: "fwPackageID", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.36", OidEntry { d: "fwTargetHardwareIDs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.37", OidEntry { d: "fwDecryptKeyID", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.38", OidEntry { d: "fwImplCryptAlgs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.39", OidEntry { d: "fwWrappedFirmwareKey", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.40", OidEntry { d: "fwCommunityIdentifiers", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.41", OidEntry { d: "fwPkgMessageDigest", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.42", OidEntry { d: "fwPackageInfo", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.43", OidEntry { d: "fwImplCompressAlgs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.44", OidEntry { d: "etsAttrCertificateRefs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.45", OidEntry { d: "etsAttrRevocationRefs", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.46", OidEntry { d: "binarySigningTime", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.47", OidEntry { d: "signingCertificateV2", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.48", OidEntry { d: "etsArchiveTimeStampV2", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.49", OidEntry { d: "erInternal", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.50", OidEntry { d: "erExternal", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.51", OidEntry { d: "multipleSignatures", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.52", OidEntry { d: "cmsAlgorithmProtect", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.53", OidEntry { d: "setKeyInformation", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.54", OidEntry { d: "asymmDecryptKeyID", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.55", OidEntry { d: "secureHeaderFieldsIdentifier", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.56", OidEntry { d: "otpChallenge", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.57", OidEntry { d: "revocationChallenge", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.2.58", OidEntry { d: "estIdentityLinking", c: "S/MIME Authenticated Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.1", OidEntry { d: "esDHwith3DES", c: "S/MIME Algorithms. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.3.2", OidEntry { d: "esDHwithRC2", c: "S/MIME Algorithms. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.3.3", OidEntry { d: "3desWrap", c: "S/MIME Algorithms. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.3.4", OidEntry { d: "rc2Wrap", c: "S/MIME Algorithms. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.3.5", OidEntry { d: "esDH", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.6", OidEntry { d: "cms3DESwrap", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.7", OidEntry { d: "cmsRC2wrap", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.8", OidEntry { d: "zlib", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.9", OidEntry { d: "pwriKEK", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.10", OidEntry { d: "ssDH", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.11", OidEntry { d: "hmacWith3DESwrap", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.12", OidEntry { d: "hmacWithAESwrap", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.13", OidEntry { d: "md5XorExperiment", c: "S/MIME Algorithms. Experimental", w: true }); + oids.insert("1.2.840.113549.1.9.16.3.14", OidEntry { d: "rsaKEM", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.15", OidEntry { d: "authEnc128", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.16", OidEntry { d: "authEnc256", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.17", OidEntry { d: "hssLmsHashSig", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.18", OidEntry { d: "chaCha20Poly1305", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.19", OidEntry { d: "ecdhHKDF-SHA256", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.20", OidEntry { d: "ecdhHKDF-SHA384", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.21", OidEntry { d: "ecdhHKDF-SHA512", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.22", OidEntry { d: "aesSIV-CMAC-256", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.23", OidEntry { d: "aesSIV-CMAC-384", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.24", OidEntry { d: "aesSIV-CMAC-512", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.25", OidEntry { d: "aesSIV-CMAC-wrap256", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.26", OidEntry { d: "aesSIV-CMAC-wrap384", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.27", OidEntry { d: "aesSIV-CMAC-wrap512", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.28", OidEntry { d: "hkdfWithSha256", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.29", OidEntry { d: "hkdfWithSha384", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.3.30", OidEntry { d: "hkdfWithSha512", c: "S/MIME Algorithms", w: false }); + oids.insert("1.2.840.113549.1.9.16.4.1", OidEntry { d: "certDist-ldap", c: "S/MIME Certificate Distribution", w: false }); + oids.insert("1.2.840.113549.1.9.16.5.1", OidEntry { d: "sigPolicyQualifier-spuri x", c: "S/MIME Signature Policy Qualifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.5.2", OidEntry { d: "sigPolicyQualifier-spUserNotice", c: "S/MIME Signature Policy Qualifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.6.1", OidEntry { d: "proofOfOrigin", c: "S/MIME Commitment Type Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.6.2", OidEntry { d: "proofOfReceipt", c: "S/MIME Commitment Type Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.6.3", OidEntry { d: "proofOfDelivery", c: "S/MIME Commitment Type Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.6.4", OidEntry { d: "proofOfSender", c: "S/MIME Commitment Type Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.6.5", OidEntry { d: "proofOfApproval", c: "S/MIME Commitment Type Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.6.6", OidEntry { d: "proofOfCreation", c: "S/MIME Commitment Type Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.7.1", OidEntry { d: "testAmoco", c: "S/MIMETest Security Policies", w: false }); + oids.insert("1.2.840.113549.1.9.16.7.2", OidEntry { d: "testCaterpillar", c: "S/MIMETest Security Policies", w: false }); + oids.insert("1.2.840.113549.1.9.16.7.3", OidEntry { d: "testWhirlpool", c: "S/MIMETest Security Policies", w: false }); + oids.insert("1.2.840.113549.1.9.16.7.4", OidEntry { d: "testWhirlpoolCategories", c: "S/MIMETest Security Policies", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.1", OidEntry { d: "glUseKEK", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.2", OidEntry { d: "glDelete", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.3", OidEntry { d: "glAddMember", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.4", OidEntry { d: "glDeleteMember", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.5", OidEntry { d: "glRekey", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.6", OidEntry { d: "glAddOwner", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.7", OidEntry { d: "glRemoveOwner", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.8", OidEntry { d: "glkCompromise", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.9", OidEntry { d: "glkRefresh", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.10", OidEntry { d: "glFailInfo", c: "S/MIME Symmetric Key Distribution Attributes. Obsolete", w: true }); + oids.insert("1.2.840.113549.1.9.16.8.11", OidEntry { d: "glaQueryRequest", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.12", OidEntry { d: "glaQueryResponse", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.13", OidEntry { d: "glProvideCert", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.14", OidEntry { d: "glUpdateCert", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.8.15", OidEntry { d: "glKey", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.9", OidEntry { d: "signatureTypeIdentifier", c: "S/MIME", w: false }); + oids.insert("1.2.840.113549.1.9.16.9.1", OidEntry { d: "originatorSig", c: "S/MIME Signature Type Identifier", w: false }); + oids.insert("1.2.840.113549.1.9.16.9.2", OidEntry { d: "domainSig", c: "S/MIME Signature Type Identifier", w: false }); + oids.insert("1.2.840.113549.1.9.16.9.3", OidEntry { d: "additionalAttributesSig", c: "S/MIME Signature Type Identifier", w: false }); + oids.insert("1.2.840.113549.1.9.16.9.4", OidEntry { d: "reviewSig", c: "S/MIME Signature Type Identifier", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.1", OidEntry { d: "envelopedData", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.2", OidEntry { d: "signedData", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.3", OidEntry { d: "certsOnly", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.4", OidEntry { d: "signedReceipt", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.5", OidEntry { d: "envelopedX400", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.6", OidEntry { d: "signedX400", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.10.7", OidEntry { d: "compressedData", c: "S/MIME X.400 Encoded Information Types", w: false }); + oids.insert("1.2.840.113549.1.9.16.11", OidEntry { d: "capabilities", c: "S/MIME", w: false }); + oids.insert("1.2.840.113549.1.9.16.11.1", OidEntry { d: "preferBinaryInside", c: "S/MIME Capability", w: false }); + oids.insert("1.2.840.113549.1.9.16.12", OidEntry { d: "pskcAttributes", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.1", OidEntry { d: "pskcManufacturer", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.2", OidEntry { d: "pskcSerialNo", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.3", OidEntry { d: "pskcModel", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.4", OidEntry { d: "pskcIssueno", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.5", OidEntry { d: "pskcDevicebinding", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.6", OidEntry { d: "pskcDevicestartdate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.7", OidEntry { d: "pskcDeviceexpirydate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.8", OidEntry { d: "pskcModuleid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.9", OidEntry { d: "pskcKeyid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.10", OidEntry { d: "pskcAlgorithm", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.11", OidEntry { d: "pskcIssuer", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.12", OidEntry { d: "pskcKeyprofileid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.13", OidEntry { d: "pskcKeyreference", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.14", OidEntry { d: "pskcFriendlyname", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.15", OidEntry { d: "pskcAlgorithmparams", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.16", OidEntry { d: "pskcCounter", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.17", OidEntry { d: "pskcTime", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.18", OidEntry { d: "pskcTimeinterval", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.19", OidEntry { d: "pskcTimedrift", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.20", OidEntry { d: "pskcValuemac", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.21", OidEntry { d: "pskcKeystartdate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.22", OidEntry { d: "pskcKeyexpirydate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.23", OidEntry { d: "pskcNooftransactions", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.24", OidEntry { d: "pskcKeyusages", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.25", OidEntry { d: "pskcPinpolicy", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.26", OidEntry { d: "pskcDeviceuserid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.12.27", OidEntry { d: "pskcKeyuserid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); + oids.insert("1.2.840.113549.1.9.16.13", OidEntry { d: "otherRecipientInfoIds", c: "S/MIME Other Recipient Info Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.13.1", OidEntry { d: "keyTransPSK", c: "S/MIME Other Recipient Info Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.16.13.2", OidEntry { d: "keyAgreePSK", c: "S/MIME Other Recipient Info Identifiers", w: false }); + oids.insert("1.2.840.113549.1.9.20", OidEntry { d: "friendlyName (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.21", OidEntry { d: "localKeyID (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.22", OidEntry { d: "certTypes (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.22.1", OidEntry { d: "x509Certificate (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.22.2", OidEntry { d: "sdsiCertificate (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.23", OidEntry { d: "crlTypes (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.23.1", OidEntry { d: "x509Crl (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); + oids.insert("1.2.840.113549.1.9.24", OidEntry { d: "pkcs9objectClass", c: "PKCS #9/RFC 2985", w: false }); + oids.insert("1.2.840.113549.1.9.25", OidEntry { d: "pkcs9attributes", c: "PKCS #9/RFC 2985", w: false }); + oids.insert("1.2.840.113549.1.9.25.1", OidEntry { d: "pkcs15Token", c: "PKCS #9/RFC 2985 attribute", w: false }); + oids.insert("1.2.840.113549.1.9.25.2", OidEntry { d: "encryptedPrivateKeyInfo", c: "PKCS #9/RFC 2985 attribute", w: false }); + oids.insert("1.2.840.113549.1.9.25.3", OidEntry { d: "randomNonce", c: "PKCS #9/RFC 2985 attribute", w: false }); + oids.insert("1.2.840.113549.1.9.25.4", OidEntry { d: "sequenceNumber", c: "PKCS #9/RFC 2985 attribute", w: false }); + oids.insert("1.2.840.113549.1.9.25.5", OidEntry { d: "pkcs7PDU", c: "PKCS #9/RFC 2985 attribute", w: false }); + oids.insert("1.2.840.113549.1.9.26", OidEntry { d: "pkcs9syntax", c: "PKCS #9/RFC 2985", w: false }); + oids.insert("1.2.840.113549.1.9.27", OidEntry { d: "pkcs9matchingRules", c: "PKCS #9/RFC 2985", w: false }); + oids.insert("1.2.840.113549.1.9.52", OidEntry { d: "cmsAlgorithmProtection", c: "RFC 6211", w: false }); + oids.insert("1.2.840.113549.1.12", OidEntry { d: "pkcs-12", c: "", w: false }); + oids.insert("1.2.840.113549.1.12.1", OidEntry { d: "pkcs-12-PbeIds", c: "This OID was formerly assigned as PKCS #12 modeID", w: false }); + oids.insert("1.2.840.113549.1.12.1.1", OidEntry { d: "pbeWithSHAAnd128BitRC4", c: "PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode", w: false }); + oids.insert("1.2.840.113549.1.12.1.2", OidEntry { d: "pbeWithSHAAnd40BitRC4", c: "PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode", w: false }); + oids.insert("1.2.840.113549.1.12.1.3", OidEntry { d: "pbeWithSHAAnd3-KeyTripleDES-CBC", c: "PKCS #12 PbeIds", w: false }); + oids.insert("1.2.840.113549.1.12.1.4", OidEntry { d: "pbeWithSHAAnd2-KeyTripleDES-CBC", c: "PKCS #12 PbeIds", w: false }); + oids.insert("1.2.840.113549.1.12.1.5", OidEntry { d: "pbeWithSHAAnd128BitRC2-CBC", c: "PKCS #12 PbeIds", w: false }); + oids.insert("1.2.840.113549.1.12.1.6", OidEntry { d: "pbeWithSHAAnd40BitRC2-CBC", c: "PKCS #12 PbeIds", w: false }); + oids.insert("1.2.840.113549.1.12.2", OidEntry { d: "pkcs-12-ESPVKID", c: "Deprecated", w: true }); + oids.insert("1.2.840.113549.1.12.2.1", OidEntry { d: "pkcs-12-PKCS8KeyShrouding", c: "PKCS #12 ESPVKID. Deprecated, use (1 2 840 113549 1 12 3 5) instead", w: true }); + oids.insert("1.2.840.113549.1.12.3", OidEntry { d: "pkcs-12-BagIds", c: "", w: false }); + oids.insert("1.2.840.113549.1.12.3.1", OidEntry { d: "pkcs-12-keyBagId", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.3.2", OidEntry { d: "pkcs-12-certAndCRLBagId", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.3.3", OidEntry { d: "pkcs-12-secretBagId", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.3.4", OidEntry { d: "pkcs-12-safeContentsId", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.3.5", OidEntry { d: "pkcs-12-pkcs-8ShroudedKeyBagId", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.4", OidEntry { d: "pkcs-12-CertBagID", c: "Deprecated", w: true }); + oids.insert("1.2.840.113549.1.12.4.1", OidEntry { d: "pkcs-12-X509CertCRLBagID", c: "PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag", w: false }); + oids.insert("1.2.840.113549.1.12.4.2", OidEntry { d: "pkcs-12-SDSICertBagID", c: "PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag", w: false }); + oids.insert("1.2.840.113549.1.12.5", OidEntry { d: "pkcs-12-OID", c: "", w: true }); + oids.insert("1.2.840.113549.1.12.5.1", OidEntry { d: "pkcs-12-PBEID", c: "PKCS #12 OID. Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.1", OidEntry { d: "pkcs-12-PBEWithSha1And128BitRC4", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 1) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.2", OidEntry { d: "pkcs-12-PBEWithSha1And40BitRC4", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 2) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.3", OidEntry { d: "pkcs-12-PBEWithSha1AndTripleDESCBC", c: "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.4", OidEntry { d: "pkcs-12-PBEWithSha1And128BitRC2CBC", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 5) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.5", OidEntry { d: "pkcs-12-PBEWithSha1And40BitRC2CBC", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 6) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.6", OidEntry { d: "pkcs-12-PBEWithSha1AndRC4", c: "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.1.7", OidEntry { d: "pkcs-12-PBEWithSha1AndRC2CBC", c: "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.2", OidEntry { d: "pkcs-12-EnvelopingID", c: "PKCS #12 OID. Deprecated, use the conventional PKCS #1 OIDs instead", w: false }); + oids.insert("1.2.840.113549.1.12.5.2.1", OidEntry { d: "pkcs-12-RSAEncryptionWith128BitRC4", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.2.2", OidEntry { d: "pkcs-12-RSAEncryptionWith40BitRC4", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.2.3", OidEntry { d: "pkcs-12-RSAEncryptionWithTripleDES", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.3", OidEntry { d: "pkcs-12-SignatureID", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); + oids.insert("1.2.840.113549.1.12.5.3.1", OidEntry { d: "pkcs-12-RSASignatureWithSHA1Digest", c: "PKCS #12 OID SignatureID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); + oids.insert("1.2.840.113549.1.12.10", OidEntry { d: "pkcs-12Version1", c: "", w: false }); + oids.insert("1.2.840.113549.1.12.10.1", OidEntry { d: "pkcs-12BadIds", c: "", w: false }); + oids.insert("1.2.840.113549.1.12.10.1.1", OidEntry { d: "pkcs-12-keyBag", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.10.1.2", OidEntry { d: "pkcs-12-pkcs-8ShroudedKeyBag", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.10.1.3", OidEntry { d: "pkcs-12-certBag", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.10.1.4", OidEntry { d: "pkcs-12-crlBag", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.10.1.5", OidEntry { d: "pkcs-12-secretBag", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.12.10.1.6", OidEntry { d: "pkcs-12-safeContentsBag", c: "PKCS #12 BagIds", w: false }); + oids.insert("1.2.840.113549.1.15.1", OidEntry { d: "pkcs15modules", c: "PKCS #15", w: false }); + oids.insert("1.2.840.113549.1.15.2", OidEntry { d: "pkcs15attributes", c: "PKCS #15", w: false }); + oids.insert("1.2.840.113549.1.15.3", OidEntry { d: "pkcs15contentType", c: "PKCS #15", w: false }); + oids.insert("1.2.840.113549.1.15.3.1", OidEntry { d: "pkcs15content", c: "PKCS #15 content type", w: false }); + oids.insert("1.2.840.113549.2", OidEntry { d: "digestAlgorithm", c: "", w: false }); + oids.insert("1.2.840.113549.2.2", OidEntry { d: "md2", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.4", OidEntry { d: "md4", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.5", OidEntry { d: "md5", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.7", OidEntry { d: "hmacWithSHA1", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.8", OidEntry { d: "hmacWithSHA224", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.9", OidEntry { d: "hmacWithSHA256", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.10", OidEntry { d: "hmacWithSHA384", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.2.11", OidEntry { d: "hmacWithSHA512", c: "RSADSI digestAlgorithm", w: false }); + oids.insert("1.2.840.113549.3", OidEntry { d: "encryptionAlgorithm", c: "", w: false }); + oids.insert("1.2.840.113549.3.2", OidEntry { d: "rc2CBC", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.3", OidEntry { d: "rc2ECB", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.4", OidEntry { d: "rc4", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.5", OidEntry { d: "rc4WithMAC", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.6", OidEntry { d: "desx-CBC", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.7", OidEntry { d: "des-EDE3-CBC", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.8", OidEntry { d: "rc5CBC", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.9", OidEntry { d: "rc5-CBCPad", c: "RSADSI encryptionAlgorithm", w: false }); + oids.insert("1.2.840.113549.3.10", OidEntry { d: "desCDMF", c: "RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad", w: false }); + oids.insert("1.2.840.114021.1.6.1", OidEntry { d: "Identrus unknown policyIdentifier", c: "Identrus", w: false }); + oids.insert("1.2.840.114021.4.1", OidEntry { d: "identrusOCSP", c: "Identrus", w: false }); + oids.insert("1.2.840.113556.1.2.241", OidEntry { d: "deliveryMechanism", c: "Microsoft Exchange Server - attribute", w: false }); + oids.insert("1.2.840.113556.1.2.281", OidEntry { d: "ntSecurityDescriptor", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.3.0", OidEntry { d: "site-Addressing", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.3.13", OidEntry { d: "classSchema", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.3.14", OidEntry { d: "attributeSchema", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.3.17", OidEntry { d: "mailbox-Agent", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.3.22", OidEntry { d: "mailbox", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.3.23", OidEntry { d: "container", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.3.46", OidEntry { d: "mailRecipient", c: "Microsoft Exchange Server - object class", w: false }); + oids.insert("1.2.840.113556.1.4.145", OidEntry { d: "revision", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1327", OidEntry { d: "pKIDefaultKeySpec", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1328", OidEntry { d: "pKIKeyUsage", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1329", OidEntry { d: "pKIMaxIssuingDepth", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1330", OidEntry { d: "pKICriticalExtensions", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1331", OidEntry { d: "pKIExpirationPeriod", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1332", OidEntry { d: "pKIOverlapPeriod", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1333", OidEntry { d: "pKIExtendedKeyUsage", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1334", OidEntry { d: "pKIDefaultCSPs", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1335", OidEntry { d: "pKIEnrollmentAccess", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1429", OidEntry { d: "msPKI-RA-Signature", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1430", OidEntry { d: "msPKI-Enrollment-Flag", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1431", OidEntry { d: "msPKI-Private-Key-Flag", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1432", OidEntry { d: "msPKI-Certificate-Name-Flag", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1433", OidEntry { d: "msPKI-Minimal-Key-Size", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1434", OidEntry { d: "msPKI-Template-Schema-Version", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1435", OidEntry { d: "msPKI-Template-Minor-Revision", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1436", OidEntry { d: "msPKI-Cert-Template-OID", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1437", OidEntry { d: "msPKI-Supersede-Templates", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1438", OidEntry { d: "msPKI-RA-Policies", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1439", OidEntry { d: "msPKI-Certificate-Policy", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1674", OidEntry { d: "msPKI-Certificate-Application-Policy", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.1.4.1675", OidEntry { d: "msPKI-RA-Application-Policies", c: "Microsoft Cert Template - attribute", w: false }); + oids.insert("1.2.840.113556.4.3", OidEntry { d: "microsoftExcel", c: "Microsoft", w: false }); + oids.insert("1.2.840.113556.4.4", OidEntry { d: "titledWithOID", c: "Microsoft", w: false }); + oids.insert("1.2.840.113556.4.5", OidEntry { d: "microsoftPowerPoint", c: "Microsoft", w: false }); + oids.insert("1.2.840.113583.1", OidEntry { d: "adobeAcrobat", c: "Adobe Acrobat", w: false }); + oids.insert("1.2.840.113583.1.1", OidEntry { d: "acrobatSecurity", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.1", OidEntry { d: "pdfPassword", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.2", OidEntry { d: "pdfDefaultSigningCredential", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.3", OidEntry { d: "pdfDefaultEncryptionCredential", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.4", OidEntry { d: "pdfPasswordTimeout", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.5", OidEntry { d: "pdfAuthenticDocumentsTrust", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.6", OidEntry { d: "pdfDynamicContentTrust", c: "Adobe Acrobat security", w: true }); + oids.insert("1.2.840.113583.1.1.7", OidEntry { d: "pdfUbiquityTrust", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.8", OidEntry { d: "pdfRevocationInfoArchival", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.9", OidEntry { d: "pdfX509Extension", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.9.1", OidEntry { d: "pdfTimeStamp", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.9.2", OidEntry { d: "pdfArchiveRevInfo", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.1.10", OidEntry { d: "pdfPPLKLiteCredential", c: "Adobe Acrobat security", w: false }); + oids.insert("1.2.840.113583.1.2", OidEntry { d: "acrobatCPS", c: "Adobe Acrobat CPS", w: false }); + oids.insert("1.2.840.113583.1.2.1", OidEntry { d: "pdfAuthenticDocumentsCPS", c: "Adobe Acrobat CPS", w: false }); + oids.insert("1.2.840.113583.1.2.2", OidEntry { d: "pdfTestCPS", c: "Adobe Acrobat CPS", w: false }); + oids.insert("1.2.840.113583.1.2.3", OidEntry { d: "pdfUbiquityCPS", c: "Adobe Acrobat CPS", w: false }); + oids.insert("1.2.840.113583.1.2.4", OidEntry { d: "pdfAdhocCPS", c: "Adobe Acrobat CPS", w: false }); + oids.insert("1.2.840.113583.1.7", OidEntry { d: "acrobatUbiquity", c: "Adobe Acrobat ubiquity", w: false }); + oids.insert("1.2.840.113583.1.7.1", OidEntry { d: "pdfUbiquitySubRights", c: "Adobe Acrobat ubiquity", w: false }); + oids.insert("1.2.840.113583.1.9", OidEntry { d: "acrobatExtension", c: "Adobe Acrobat X.509 extension", w: false }); + oids.insert("1.2.840.113628.114.1.7", OidEntry { d: "adobePKCS7", c: "Adobe", w: false }); + oids.insert("1.2.840.113635.100", OidEntry { d: "appleDataSecurity", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.1", OidEntry { d: "appleTrustPolicy", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.1.1", OidEntry { d: "appleISignTP", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.2", OidEntry { d: "appleX509Basic", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.3", OidEntry { d: "appleSSLPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.4", OidEntry { d: "appleLocalCertGenPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.5", OidEntry { d: "appleCSRGenPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.6", OidEntry { d: "appleCRLPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.7", OidEntry { d: "appleOCSPPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.8", OidEntry { d: "appleSMIMEPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.9", OidEntry { d: "appleEAPPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.10", OidEntry { d: "appleSWUpdateSigningPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.11", OidEntry { d: "appleIPSecPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.12", OidEntry { d: "appleIChatPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.13", OidEntry { d: "appleResourceSignPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.14", OidEntry { d: "applePKINITClientPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.15", OidEntry { d: "applePKINITServerPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.16", OidEntry { d: "appleCodeSigningPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.1.17", OidEntry { d: "applePackageSigningPolicy", c: "Apple trust policy", w: false }); + oids.insert("1.2.840.113635.100.2", OidEntry { d: "appleSecurityAlgorithm", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.2.1", OidEntry { d: "appleFEE", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.2.2", OidEntry { d: "appleASC", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.2.3", OidEntry { d: "appleFEE_MD5", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.2.4", OidEntry { d: "appleFEE_SHA1", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.2.5", OidEntry { d: "appleFEED", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.2.6", OidEntry { d: "appleFEEDEXP", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.2.7", OidEntry { d: "appleECDSA", c: "Apple security algorithm", w: false }); + oids.insert("1.2.840.113635.100.3", OidEntry { d: "appleDotMacCertificate", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.3.1", OidEntry { d: "appleDotMacCertificateRequest", c: "Apple dotMac certificate", w: false }); + oids.insert("1.2.840.113635.100.3.2", OidEntry { d: "appleDotMacCertificateExtension", c: "Apple dotMac certificate", w: false }); + oids.insert("1.2.840.113635.100.3.3", OidEntry { d: "appleDotMacCertificateRequestValues", c: "Apple dotMac certificate", w: false }); + oids.insert("1.2.840.113635.100.4", OidEntry { d: "appleExtendedKeyUsage", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.4.1", OidEntry { d: "appleCodeSigning", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.1.1", OidEntry { d: "appleCodeSigningDevelopment", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.1.2", OidEntry { d: "appleSoftwareUpdateSigning", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.1.3", OidEntry { d: "appleCodeSigningThirdParty", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.1.4", OidEntry { d: "appleResourceSigning", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.2", OidEntry { d: "appleIChatSigning", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.3", OidEntry { d: "appleIChatEncryption", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.4", OidEntry { d: "appleSystemIdentity", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.5", OidEntry { d: "appleCryptoEnv", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.5.1", OidEntry { d: "appleCryptoProductionEnv", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.5.2", OidEntry { d: "appleCryptoMaintenanceEnv", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.5.3", OidEntry { d: "appleCryptoTestEnv", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.5.4", OidEntry { d: "appleCryptoDevelopmentEnv", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.6", OidEntry { d: "appleCryptoQoS", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.6.1", OidEntry { d: "appleCryptoTier0QoS", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.6.2", OidEntry { d: "appleCryptoTier1QoS", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.6.3", OidEntry { d: "appleCryptoTier2QoS", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.4.6.4", OidEntry { d: "appleCryptoTier3QoS", c: "Apple extended key usage", w: false }); + oids.insert("1.2.840.113635.100.5", OidEntry { d: "appleCertificatePolicies", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.5.1", OidEntry { d: "appleCertificatePolicyID", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.5.2", OidEntry { d: "appleDotMacCertificatePolicyID", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.5.3", OidEntry { d: "appleADCCertificatePolicyID", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.6", OidEntry { d: "appleCertificateExtensions", c: "Apple", w: false }); + oids.insert("1.2.840.113635.100.6.1", OidEntry { d: "appleCertificateExtensionCodeSigning", c: "Apple certificate extension", w: false }); + oids.insert("1.2.840.113635.100.6.1.1", OidEntry { d: "appleCertificateExtensionAppleSigning", c: "Apple certificate extension", w: false }); + oids.insert("1.2.840.113635.100.6.1.2", OidEntry { d: "appleCertificateExtensionADCDeveloperSigning", c: "Apple certificate extension", w: false }); + oids.insert("1.2.840.113635.100.6.1.3", OidEntry { d: "appleCertificateExtensionADCAppleSigning", c: "Apple certificate extension", w: false }); + oids.insert("1.2.840.113635.100.15.1", OidEntry { d: "appleCustomCertificateExtension1", c: "Apple custom certificate extension", w: false }); + oids.insert("1.2.840.113635.100.15.2", OidEntry { d: "appleCustomCertificateExtension2", c: "Apple custom certificate extension", w: false }); + oids.insert("1.2.840.113635.100.15.3", OidEntry { d: "appleCustomCertificateExtension3", c: "Apple custom certificate extension", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.4", OidEntry { d: "spcIndirectDataContext", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.10", OidEntry { d: "spcAgencyInfo", c: "Microsoft code signing. Also assigned as policyLink", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.11", OidEntry { d: "spcStatementType", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.12", OidEntry { d: "spcSpOpusInfo", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.14", OidEntry { d: "certReqExtensions", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.15", OidEntry { d: "spcPEImageData", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.18", OidEntry { d: "spcRawFileData", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.19", OidEntry { d: "spcStructuredStorageData", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.20", OidEntry { d: "spcJavaClassData (type 1)", c: "Microsoft code signing. Formerly link extension aka glue extension ", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.21", OidEntry { d: "individualCodeSigning", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.22", OidEntry { d: "commercialCodeSigning", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.25", OidEntry { d: "spcLink (type 2)", c: "Microsoft code signing. Also assigned as glue extension", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.26", OidEntry { d: "spcMinimalCriteriaInfo", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.27", OidEntry { d: "spcFinancialCriteriaInfo", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.28", OidEntry { d: "spcLink (type 3)", c: "Microsoft code signing. Also assigned as glue extension", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.29", OidEntry { d: "spcHashInfoObjID", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.1.30", OidEntry { d: "spcSipInfoObjID", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.2.2", OidEntry { d: "ctl", c: "Microsoft CTL", w: false }); + oids.insert("1.3.6.1.4.1.311.2.2.1", OidEntry { d: "ctlTrustedCodesigningCAList", c: "Microsoft CTL", w: false }); + oids.insert("1.3.6.1.4.1.311.2.2.2", OidEntry { d: "ctlTrustedClientAuthCAList", c: "Microsoft CTL", w: false }); + oids.insert("1.3.6.1.4.1.311.2.2.3", OidEntry { d: "ctlTrustedServerAuthCAList", c: "Microsoft CTL", w: false }); + oids.insert("1.3.6.1.4.1.311.3.2.1", OidEntry { d: "timestampRequest", c: "Microsoft code signing", w: false }); + oids.insert("1.3.6.1.4.1.311.10.1", OidEntry { d: "certTrustList", c: "Microsoft contentType", w: false }); + oids.insert("1.3.6.1.4.1.311.10.1.1", OidEntry { d: "sortedCtl", c: "Microsoft contentType", w: false }); + oids.insert("1.3.6.1.4.1.311.10.2", OidEntry { d: "nextUpdateLocation", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.1", OidEntry { d: "certTrustListSigning", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.2", OidEntry { d: "timeStampSigning", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.3", OidEntry { d: "serverGatedCrypto", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.3.1", OidEntry { d: "serialized", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.4", OidEntry { d: "encryptedFileSystem", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.5", OidEntry { d: "whqlCrypto", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.6", OidEntry { d: "nt5Crypto", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.7", OidEntry { d: "oemWHQLCrypto", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.8", OidEntry { d: "embeddedNTCrypto", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.9", OidEntry { d: "rootListSigner", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.10", OidEntry { d: "qualifiedSubordination", c: "Microsoft extended 3key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.11", OidEntry { d: "keyRecovery", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.12", OidEntry { d: "documentSigning", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.13", OidEntry { d: "lifetimeSigning", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.14", OidEntry { d: "mobileDeviceSoftware", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.15", OidEntry { d: "smartDisplay", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.16", OidEntry { d: "cspSignature", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.3.4.1", OidEntry { d: "efsRecovery", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.4.1", OidEntry { d: "yesnoTrustAttr", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.10.5.1", OidEntry { d: "drm", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.5.2", OidEntry { d: "drmIndividualization", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.6.1", OidEntry { d: "licenses", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.6.2", OidEntry { d: "licenseServer", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.10.7.1", OidEntry { d: "keyidRdn", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.10.8.1", OidEntry { d: "removeCertificate", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.10.9.1", OidEntry { d: "crossCertDistPoints", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.10.10.1", OidEntry { d: "cmcAddAttributes", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.11", OidEntry { d: "certPropIdPrefix", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.11.4", OidEntry { d: "certMd5HashPropId", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.11.20", OidEntry { d: "certKeyIdentifierPropId", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.11.28", OidEntry { d: "certIssuerSerialNumberMd5HashPropId", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.11.29", OidEntry { d: "certSubjectNameMd5HashPropId", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.10.12.1", OidEntry { d: "anyApplicationPolicy", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.12", OidEntry { d: "catalog", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.12.1.1", OidEntry { d: "catalogList", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.12.1.2", OidEntry { d: "catalogListMember", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.12.2.1", OidEntry { d: "catalogNameValueObjID", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.12.2.2", OidEntry { d: "catalogMemberInfoObjID", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.13.1", OidEntry { d: "renewalCertificate", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.13.2.1", OidEntry { d: "enrolmentNameValuePair", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.13.2.2", OidEntry { d: "enrolmentCSP", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.13.2.3", OidEntry { d: "osVersion", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.16.4", OidEntry { d: "microsoftRecipientInfo", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.17.1", OidEntry { d: "pkcs12KeyProviderNameAttr", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.17.2", OidEntry { d: "localMachineKeyset", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.17.3", OidEntry { d: "pkcs12ExtendedAttributes", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.20.1", OidEntry { d: "autoEnrollCtlUsage", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.20.2", OidEntry { d: "enrollCerttypeExtension", c: "Microsoft CAPICOM certificate template, V1", w: false }); + oids.insert("1.3.6.1.4.1.311.20.2.1", OidEntry { d: "enrollmentAgent", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.20.2.2", OidEntry { d: "smartcardLogon", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.20.2.3", OidEntry { d: "userPrincipalName", c: "Microsoft UPN", w: false }); + oids.insert("1.3.6.1.4.1.311.20.3", OidEntry { d: "certManifold", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.1", OidEntry { d: "cAKeyCertIndexPair", c: "Microsoft attribute. Also assigned as certsrvCaVersion", w: false }); + oids.insert("1.3.6.1.4.1.311.21.2", OidEntry { d: "certSrvPreviousCertHash", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.3", OidEntry { d: "crlVirtualBase", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.4", OidEntry { d: "crlNextPublish", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.5", OidEntry { d: "caExchange", c: "Microsoft extended key usage", w: true }); + oids.insert("1.3.6.1.4.1.311.21.6", OidEntry { d: "keyRecovery", c: "Microsoft extended key usage", w: true }); + oids.insert("1.3.6.1.4.1.311.21.7", OidEntry { d: "certificateTemplate", c: "Microsoft CAPICOM certificate template, V2", w: false }); + oids.insert("1.3.6.1.4.1.311.21.9", OidEntry { d: "rdnDummySigner", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.10", OidEntry { d: "applicationCertPolicies", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.11", OidEntry { d: "applicationPolicyMappings", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.12", OidEntry { d: "applicationPolicyConstraints", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.13", OidEntry { d: "archivedKey", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.21.14", OidEntry { d: "crlSelfCDP", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.15", OidEntry { d: "requireCertChainPolicy", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.16", OidEntry { d: "archivedKeyCertHash", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.17", OidEntry { d: "issuedCertHash", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.19", OidEntry { d: "dsEmailReplication", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.21.20", OidEntry { d: "requestClientInfo", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.21.21", OidEntry { d: "encryptedKeyHash", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.21.22", OidEntry { d: "certsrvCrossCaVersion", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.25.1", OidEntry { d: "ntdsReplication", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.25.2", OidEntry { d: "ntdsCASecurityExt", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.25.2.1", OidEntry { d: "ntdsObjectSID", c: "Microsoft", w: false }); + oids.insert("1.3.6.1.4.1.311.31.1", OidEntry { d: "productUpdate", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.47.1.1", OidEntry { d: "systemHealth", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.47.1.3", OidEntry { d: "systemHealthLoophole", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.60.1.1", OidEntry { d: "rootProgramFlags", c: "Microsoft policy attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.61.1.1", OidEntry { d: "kernelModeCodeSigning", c: "Microsoft extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.311.60.2.1.1", OidEntry { d: "jurisdictionOfIncorporationL", c: "Microsoft (???)", w: false }); + oids.insert("1.3.6.1.4.1.311.60.2.1.2", OidEntry { d: "jurisdictionOfIncorporationSP", c: "Microsoft (???)", w: false }); + oids.insert("1.3.6.1.4.1.311.60.2.1.3", OidEntry { d: "jurisdictionOfIncorporationC", c: "Microsoft (???)", w: false }); + oids.insert("1.3.6.1.4.1.311.76.509.1.1", OidEntry { d: "microsoftCPS", c: "Microsoft PKI services", w: false }); + oids.insert("1.3.6.1.4.1.311.88", OidEntry { d: "capiCom", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.88.1", OidEntry { d: "capiComVersion", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.88.2", OidEntry { d: "capiComAttribute", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.88.2.1", OidEntry { d: "capiComDocumentName", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.88.2.2", OidEntry { d: "capiComDocumentDescription", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.88.3", OidEntry { d: "capiComEncryptedData", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.311.88.3.1", OidEntry { d: "capiComEncryptedContent", c: "Microsoft attribute", w: false }); + oids.insert("1.3.6.1.4.1.188.7.1.1", OidEntry { d: "ascom", c: "Ascom Systech", w: false }); + oids.insert("1.3.6.1.4.1.188.7.1.1.1", OidEntry { d: "ideaECB", c: "Ascom Systech", w: false }); + oids.insert("1.3.6.1.4.1.188.7.1.1.2", OidEntry { d: "ideaCBC", c: "Ascom Systech", w: false }); + oids.insert("1.3.6.1.4.1.188.7.1.1.3", OidEntry { d: "ideaCFB", c: "Ascom Systech", w: false }); + oids.insert("1.3.6.1.4.1.188.7.1.1.4", OidEntry { d: "ideaOFB", c: "Ascom Systech", w: false }); + oids.insert("1.3.6.1.4.1.2363.3.2", OidEntry { d: "euroControlUntrustedEA", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2363.4.3", OidEntry { d: "euroControlEARootCA", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2363.4.3.1", OidEntry { d: "euroControlEABridgeCA", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2363.4.3.1.1", OidEntry { d: "euroControlEAIssuingCA", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2363.4.3.1.1.1", OidEntry { d: "euroControlEAClientCertificate", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2363.4.3.1.1.2", OidEntry { d: "euroControlEAServerCertificate", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2363.4.3.1.1.3", OidEntry { d: "euroControlEASWIMSigningCertificate", c: "Eurocontrol certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.2428.10.1.1", OidEntry { d: "UNINETT policyIdentifier", c: "UNINETT PCA", w: false }); + oids.insert("1.3.6.1.4.1.2712.10", OidEntry { d: "ICE-TEL policyIdentifier", c: "ICE-TEL CA", w: false }); + oids.insert("1.3.6.1.4.1.2786.1.1.1", OidEntry { d: "ICE-TEL Italian policyIdentifier", c: "ICE-TEL CA policy", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.1.1", OidEntry { d: "blowfishECB", c: "cryptlib encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.1.2", OidEntry { d: "blowfishCBC", c: "cryptlib encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.1.3", OidEntry { d: "blowfishCFB", c: "cryptlib encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.1.4", OidEntry { d: "blowfishOFB", c: "cryptlib encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.2.1", OidEntry { d: "elgamal", c: "cryptlib public-key algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.2.1.1", OidEntry { d: "elgamalWithSHA-1", c: "cryptlib public-key algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.1.2.1.2", OidEntry { d: "elgamalWithRIPEMD-160", c: "cryptlib public-key algorithm", w: false }); + oids.insert("1.3.6.1.4.1.3029.3.1.1", OidEntry { d: "cryptlibPresenceCheck", c: "cryptlib attribute type", w: false }); + oids.insert("1.3.6.1.4.1.3029.3.1.2", OidEntry { d: "pkiBoot", c: "cryptlib attribute type", w: false }); + oids.insert("1.3.6.1.4.1.3029.3.1.4", OidEntry { d: "crlExtReason", c: "cryptlib attribute type", w: false }); + oids.insert("1.3.6.1.4.1.3029.3.1.5", OidEntry { d: "keyFeatures", c: "cryptlib attribute type", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1", OidEntry { d: "cryptlibContent", c: "cryptlib", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1.1", OidEntry { d: "cryptlibConfigData", c: "cryptlib content type", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1.2", OidEntry { d: "cryptlibUserIndex", c: "cryptlib content type", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1.3", OidEntry { d: "cryptlibUserInfo", c: "cryptlib content type", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1.4", OidEntry { d: "rtcsRequest", c: "cryptlib content type", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1.5", OidEntry { d: "rtcsResponse", c: "cryptlib content type", w: false }); + oids.insert("1.3.6.1.4.1.3029.4.1.6", OidEntry { d: "rtcsResponseExt", c: "cryptlib content type", w: false }); + oids.insert("1.3.6.1.4.1.3029.42.11172.1", OidEntry { d: "mpeg-1", c: "cryptlib special MPEG-of-cat OID", w: false }); + oids.insert("1.3.6.1.4.1.3029.54.11940.54", OidEntry { d: "TSA policy Anything that arrives, we sign", c: "cryptlib TSA policy", w: false }); + oids.insert("1.3.6.1.4.1.3029.88.89.90.90.89", OidEntry { d: "xYZZY policyIdentifier", c: "cryptlib certificate policy", w: false }); + oids.insert("1.3.6.1.4.1.3401.8.1.1", OidEntry { d: "pgpExtension", c: "PGP key information", w: false }); + oids.insert("1.3.6.1.4.1.3576.7", OidEntry { d: "eciaAscX12Edi", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.7.1", OidEntry { d: "plainEDImessage", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.7.2", OidEntry { d: "signedEDImessage", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.7.5", OidEntry { d: "integrityEDImessage", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.7.65", OidEntry { d: "iaReceiptMessage", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.7.97", OidEntry { d: "iaStatusMessage", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.8", OidEntry { d: "eciaEdifact", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.3576.9", OidEntry { d: "eciaNonEdi", c: "TMN EDI for Interactive Agents", w: false }); + oids.insert("1.3.6.1.4.1.4146", OidEntry { d: "Globalsign", c: "Globalsign", w: false }); + oids.insert("1.3.6.1.4.1.4146.1", OidEntry { d: "globalsignPolicy", c: "Globalsign", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.10", OidEntry { d: "globalsignDVPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.20", OidEntry { d: "globalsignOVPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.30", OidEntry { d: "globalsignTSAPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.40", OidEntry { d: "globalsignClientCertPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.50", OidEntry { d: "globalsignCodeSignPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.60", OidEntry { d: "globalsignRootSignPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.70", OidEntry { d: "globalsignTrustedRootPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.80", OidEntry { d: "globalsignEDIClientPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.81", OidEntry { d: "globalsignEDIServerPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.90", OidEntry { d: "globalsignTPMRootPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.95", OidEntry { d: "globalsignOCSPPolicy", c: "Globalsign policy", w: false }); + oids.insert("1.3.6.1.4.1.5309.1", OidEntry { d: "edelWebPolicy", c: "EdelWeb policy", w: false }); + oids.insert("1.3.6.1.4.1.5309.1.2", OidEntry { d: "edelWebCustomerPolicy", c: "EdelWeb policy", w: false }); + oids.insert("1.3.6.1.4.1.5309.1.2.1", OidEntry { d: "edelWebClepsydrePolicy", c: "EdelWeb policy", w: false }); + oids.insert("1.3.6.1.4.1.5309.1.2.2", OidEntry { d: "edelWebExperimentalTSAPolicy", c: "EdelWeb policy", w: false }); + oids.insert("1.3.6.1.4.1.5309.1.2.3", OidEntry { d: "edelWebOpenEvidenceTSAPolicy", c: "EdelWeb policy", w: false }); + oids.insert("1.3.6.1.4.1.5472", OidEntry { d: "timeproof", c: "enterprise", w: false }); + oids.insert("1.3.6.1.4.1.5472.1", OidEntry { d: "tss", c: "timeproof", w: false }); + oids.insert("1.3.6.1.4.1.5472.1.1", OidEntry { d: "tss80", c: "timeproof TSS", w: false }); + oids.insert("1.3.6.1.4.1.5472.1.2", OidEntry { d: "tss380", c: "timeproof TSS", w: false }); + oids.insert("1.3.6.1.4.1.5472.1.3", OidEntry { d: "tss400", c: "timeproof TSS", w: false }); + oids.insert("1.3.6.1.4.1.5770.0.3", OidEntry { d: "secondaryPractices", c: "MEDePass", w: false }); + oids.insert("1.3.6.1.4.1.5770.0.4", OidEntry { d: "physicianIdentifiers", c: "MEDePass", w: false }); + oids.insert("1.3.6.1.4.1.6449.1.2.1.3.1", OidEntry { d: "comodoPolicy", c: "Comodo CA", w: false }); + oids.insert("1.3.6.1.4.1.6449.1.2.2.15", OidEntry { d: "wotrustPolicy", c: "WoTrust (Comodo) CA", w: false }); + oids.insert("1.3.6.1.4.1.6449.1.3.5.2", OidEntry { d: "comodoCertifiedDeliveryService", c: "Comodo CA", w: false }); + oids.insert("1.3.6.1.4.1.6449.2.1.1", OidEntry { d: "comodoTimestampingPolicy", c: "Comodo CA", w: false }); + oids.insert("1.3.6.1.4.1.8301.3.5.1", OidEntry { d: "validityModelChain", c: "TU Darmstadt ValidityModel", w: false }); + oids.insert("1.3.6.1.4.1.8301.3.5.2", OidEntry { d: "validityModelShell", c: "ValidityModel", w: false }); + oids.insert("1.3.6.1.4.1.8231.1", OidEntry { d: "rolUnicoNacional", c: "Chilean Government national unique roll number", w: false }); + oids.insert("1.3.6.1.4.1.11129.2.4.2", OidEntry { d: "googleSignedCertificateTimestamp", c: "Google Certificate Transparency", w: false }); + oids.insert("1.3.6.1.4.1.11129.2.4.3", OidEntry { d: "googlePrecertificatePoison", c: "Google Certificate Transparency", w: false }); + oids.insert("1.3.6.1.4.1.11129.2.4.4", OidEntry { d: "googlePrecertificateCA", c: "Google Certificate Transparency", w: false }); + oids.insert("1.3.6.1.4.1.11129.2.4.5", OidEntry { d: "googleOcspSignedCertificateTimestamp", c: "Google Certificate Transparency", w: false }); + oids.insert("1.3.6.1.4.1.11591", OidEntry { d: "gnu", c: "GNU Project (see https://www.gnupg.org/oids.html)", w: false }); + oids.insert("1.3.6.1.4.1.11591.1", OidEntry { d: "gnuRadius", c: "GNU Radius", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.2.1", OidEntry { d: "gpgX509StandaloneCert", c: "Cert is intentionally self-signed.", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.2.2", OidEntry { d: "gpgX509WellKnownPrivateKey", c: "Mark cert as having a well known key", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.2.10", OidEntry { d: "gpgX509PgpKdfKekParm", c: "Description of ECC params", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.3.1", OidEntry { d: "gpgCtPgpKeyblock", c: "CMS ct for a binary PGP keyblock", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.4.1.1", OidEntry { d: "gpgFingerprint", c: "LDAP keyserver attribute", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.4.1.2", OidEntry { d: "gpgSubFingerprint", c: "LDAP keyserver attribute", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.4.1.3", OidEntry { d: "gpgMailbox", c: "LDAP keyserver attribute", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.4.1.4", OidEntry { d: "gpgSubCertID", c: "LDAP keyserver attribute", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.5.1", OidEntry { d: "gpgNtds", c: "LDAP URL ext, auth with current AD user", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.6.1", OidEntry { d: "gpgX509PgpUseCert", c: "X.509 encoded OpenPGP key usage", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.6.2", OidEntry { d: "gpgX509PgpUseSign", c: "X.509 encoded PGP key usage", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.6.3", OidEntry { d: "gpgX509PgpUseEncr", c: "X.509 encoded PGP key usage", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.6.4", OidEntry { d: "gpgX509PgpUseAuth", c: "X.509 encoded PGP key usage", w: false }); + oids.insert("1.3.6.1.4.1.11591.2.12242973", OidEntry { d: "gpgInvalidOid", c: "0xBAD01D to indicate an invalid encoded OID", w: false }); + oids.insert("1.3.6.1.4.1.11591.3", OidEntry { d: "gnuRadar", c: "GNU Radar", w: false }); + oids.insert("1.3.6.1.4.1.11591.4.11", OidEntry { d: "scrypt", c: "GNU Generic Security Service", w: false }); + oids.insert("1.3.6.1.4.1.11591.12", OidEntry { d: "gnuDigestAlgorithm", c: "GNU digest algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.12.2", OidEntry { d: "tiger", c: "GNU digest algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13", OidEntry { d: "gnuEncryptionAlgorithm", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2", OidEntry { d: "serpent", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.1", OidEntry { d: "serpent128_ECB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.2", OidEntry { d: "serpent128_CBC", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.3", OidEntry { d: "serpent128_OFB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.4", OidEntry { d: "serpent128_CFB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.21", OidEntry { d: "serpent192_ECB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.22", OidEntry { d: "serpent192_CBC", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.23", OidEntry { d: "serpent192_OFB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.24", OidEntry { d: "serpent192_CFB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.41", OidEntry { d: "serpent256_ECB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.42", OidEntry { d: "serpent256_CBC", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.43", OidEntry { d: "serpent256_OFB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.13.2.44", OidEntry { d: "serpent256_CFB", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.15.1", OidEntry { d: "curve25519", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.15.2", OidEntry { d: "curve448", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.15.3", OidEntry { d: "curve25519ph", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.11591.15.4", OidEntry { d: "curve448ph", c: "GNU encryption algorithm", w: false }); + oids.insert("1.3.6.1.4.1.16334.509.1.1", OidEntry { d: "Northrop Grumman extKeyUsage?", c: "Northrop Grumman extended key usage", w: false }); + oids.insert("1.3.6.1.4.1.16334.509.2.1", OidEntry { d: "ngcClass1", c: "Northrop Grumman policy", w: false }); + oids.insert("1.3.6.1.4.1.16334.509.2.2", OidEntry { d: "ngcClass2", c: "Northrop Grumman policy", w: false }); + oids.insert("1.3.6.1.4.1.16334.509.2.3", OidEntry { d: "ngcClass3", c: "Northrop Grumman policy", w: false }); + oids.insert("1.3.6.1.4.1.23629.1.4.2.1.1", OidEntry { d: "safenetUsageLimit", c: "SafeNet", w: false }); + oids.insert("1.3.6.1.4.1.23629.1.4.2.1.2", OidEntry { d: "safenetEndDate", c: "SafeNet", w: false }); + oids.insert("1.3.6.1.4.1.23629.1.4.2.1.3", OidEntry { d: "safenetStartDate", c: "SafeNet", w: false }); + oids.insert("1.3.6.1.4.1.23629.1.4.2.1.4", OidEntry { d: "safenetAdminCert", c: "SafeNet", w: false }); + oids.insert("1.3.6.1.4.1.23629.1.4.2.2.1", OidEntry { d: "safenetKeyDigest", c: "SafeNet", w: false }); + oids.insert("1.3.6.1.4.1.25054.3", OidEntry { d: "carillonSecurity", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.1", OidEntry { d: "carillonCommercialPKI", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.2", OidEntry { d: "carillonCommercialTSA", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.3", OidEntry { d: "carillonCommercialSCVP", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.3.1", OidEntry { d: "carillonSCVPExtendedStatusInfo", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.4", OidEntry { d: "carillonCommercialCMS", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.4.1", OidEntry { d: "carillonExtKeyUsageCIVCardAuth", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.4.2", OidEntry { d: "carillonExtKeyUsageCIVContentSigning", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.5", OidEntry { d: "carillonCommercialLSAP", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.5.1", OidEntry { d: "carillonExtKeyUsageLSAPCodeSigning", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.6", OidEntry { d: "carillonCommercialCE", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.7", OidEntry { d: "carillonCommercialLicense", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.7.1", OidEntry { d: "carillonExtKeyUsageLicenseSigning", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.25054.3.8", OidEntry { d: "carillonCommercialSecret", c: "Carillon security", w: false }); + oids.insert("1.3.6.1.4.1.51483.2.1", OidEntry { d: "hashOfRootKey", c: "CTIA", w: false }); + oids.insert("1.3.6.1.5.2.3.1", OidEntry { d: "authData", c: "Kerberos", w: false }); + oids.insert("1.3.6.1.5.2.3.2", OidEntry { d: "dHKeyData", c: "Kerberos", w: false }); + oids.insert("1.3.6.1.5.2.3.3", OidEntry { d: "rkeyData", c: "Kerberos", w: false }); + oids.insert("1.3.6.1.5.2.3.4", OidEntry { d: "keyPurposeClientAuth", c: "Kerberos", w: false }); + oids.insert("1.3.6.1.5.2.3.5", OidEntry { d: "keyPurposeKdc", c: "Kerberos", w: false }); + oids.insert("1.3.6.1.5.2.3.6", OidEntry { d: "kdf", c: "Kerberos", w: false }); + oids.insert("1.3.6.1.5.5.7", OidEntry { d: "pkix", c: "", w: false }); + oids.insert("1.3.6.1.5.5.7.0.12", OidEntry { d: "attributeCert", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.1", OidEntry { d: "privateExtension", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.1.1", OidEntry { d: "authorityInfoAccess", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.2", OidEntry { d: "biometricInfo", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.3", OidEntry { d: "qcStatements", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.4", OidEntry { d: "acAuditIdentity", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.5", OidEntry { d: "acTargeting", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.6", OidEntry { d: "acAaControls", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.7", OidEntry { d: "ipAddrBlocks", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.8", OidEntry { d: "autonomousSysIds", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.9", OidEntry { d: "routerIdentifier", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.10", OidEntry { d: "acProxying", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.11", OidEntry { d: "subjectInfoAccess", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.12", OidEntry { d: "logoType", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.13", OidEntry { d: "wlanSSID", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.14", OidEntry { d: "proxyCertInfo", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.15", OidEntry { d: "acPolicies", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.16", OidEntry { d: "certificateWarranty", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.18", OidEntry { d: "cmsContentConstraints", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.19", OidEntry { d: "otherCerts", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.20", OidEntry { d: "wrappedApexContinKey", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.21", OidEntry { d: "clearanceConstraints", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.22", OidEntry { d: "skiSemantics", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.23", OidEntry { d: "noSecrecyAfforded", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.24", OidEntry { d: "tlsFeature", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.25", OidEntry { d: "manufacturerUsageDescription", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.26", OidEntry { d: "tnAuthList", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.27", OidEntry { d: "jwtClaimConstraints", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.28", OidEntry { d: "ipAddrBlocksV2", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.29", OidEntry { d: "autonomousSysIdsV2", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.30", OidEntry { d: "manufacturerUsageDescriptionSigner", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.31", OidEntry { d: "acmeIdentifier", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.32", OidEntry { d: "masaURL", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.33", OidEntry { d: "enhancedJWTClaimConstraints", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.1.34", OidEntry { d: "nfTypes", c: "PKIX private extension", w: false }); + oids.insert("1.3.6.1.5.5.7.2", OidEntry { d: "policyQualifierIds", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.2.1", OidEntry { d: "cps", c: "PKIX policy qualifier", w: false }); + oids.insert("1.3.6.1.5.5.7.2.2", OidEntry { d: "unotice", c: "PKIX policy qualifier", w: false }); + oids.insert("1.3.6.1.5.5.7.2.3", OidEntry { d: "textNotice", c: "PKIX policy qualifier", w: false }); + oids.insert("1.3.6.1.5.5.7.2.4", OidEntry { d: "acps", c: "PKIX policy qualifier", w: false }); + oids.insert("1.3.6.1.5.5.7.2.5", OidEntry { d: "acunotice", c: "PKIX policy qualifier", w: false }); + oids.insert("1.3.6.1.5.5.7.3", OidEntry { d: "keyPurpose", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.3.1", OidEntry { d: "serverAuth", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.2", OidEntry { d: "clientAuth", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.3", OidEntry { d: "codeSigning", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.4", OidEntry { d: "emailProtection", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.5", OidEntry { d: "ipsecEndSystem", c: "PKIX key purpose", w: true }); + oids.insert("1.3.6.1.5.5.7.3.6", OidEntry { d: "ipsecTunnel", c: "PKIX key purpose", w: true }); + oids.insert("1.3.6.1.5.5.7.3.7", OidEntry { d: "ipsecUser", c: "PKIX key purpose", w: true }); + oids.insert("1.3.6.1.5.5.7.3.8", OidEntry { d: "timeStamping", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.9", OidEntry { d: "ocspSigning", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.10", OidEntry { d: "dvcs", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.11", OidEntry { d: "sbgpCertAAServerAuth", c: "PKIX key purpose", w: true }); + oids.insert("1.3.6.1.5.5.7.3.12", OidEntry { d: "scvpResponder", c: "PKIX key purpose", w: true }); + oids.insert("1.3.6.1.5.5.7.3.13", OidEntry { d: "eapOverPPP", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.14", OidEntry { d: "eapOverLAN", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.15", OidEntry { d: "scvpServer", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.16", OidEntry { d: "scvpClient", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.17", OidEntry { d: "ipsecIKE", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.18", OidEntry { d: "capwapAC", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.19", OidEntry { d: "capwapWTP", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.20", OidEntry { d: "sipDomain", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.21", OidEntry { d: "secureShellClient", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.22", OidEntry { d: "secureShellServer", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.23", OidEntry { d: "sendRouter", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.24", OidEntry { d: "sendProxiedRouter", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.25", OidEntry { d: "sendOwner", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.26", OidEntry { d: "sendProxiedOwner", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.27", OidEntry { d: "cmcCA", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.28", OidEntry { d: "cmcRA", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.29", OidEntry { d: "cmcArchive", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.30", OidEntry { d: "bgpsecRouter", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.31", OidEntry { d: "bimi", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.32", OidEntry { d: "cmKGA", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.33", OidEntry { d: "rpcTLSClient", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.34", OidEntry { d: "rpcTLSServer", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.35", OidEntry { d: "bundleSecurity", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.3.36", OidEntry { d: "documentSigning", c: "PKIX key purpose", w: false }); + oids.insert("1.3.6.1.5.5.7.4", OidEntry { d: "cmpInformationTypes", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.4.1", OidEntry { d: "caProtEncCert", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.2", OidEntry { d: "signKeyPairTypes", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.3", OidEntry { d: "encKeyPairTypes", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.4", OidEntry { d: "preferredSymmAlg", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.5", OidEntry { d: "caKeyUpdateInfo", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.6", OidEntry { d: "currentCRL", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.7", OidEntry { d: "unsupportedOIDs", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.10", OidEntry { d: "keyPairParamReq", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.11", OidEntry { d: "keyPairParamRep", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.12", OidEntry { d: "revPassphrase", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.13", OidEntry { d: "implicitConfirm", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.14", OidEntry { d: "confirmWaitTime", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.15", OidEntry { d: "origPKIMessage", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.4.16", OidEntry { d: "suppLangTags", c: "PKIX CMP information", w: false }); + oids.insert("1.3.6.1.5.5.7.5", OidEntry { d: "crmfRegistration", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1", OidEntry { d: "regCtrl", c: "PKIX CRMF registration", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.1", OidEntry { d: "regToken", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.2", OidEntry { d: "authenticator", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.3", OidEntry { d: "pkiPublicationInfo", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.4", OidEntry { d: "pkiArchiveOptions", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.5", OidEntry { d: "oldCertID", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.6", OidEntry { d: "protocolEncrKey", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.7", OidEntry { d: "altCertTemplate", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.1.8", OidEntry { d: "wtlsTemplate", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.2", OidEntry { d: "utf8Pairs", c: "PKIX CRMF registration", w: false }); + oids.insert("1.3.6.1.5.5.7.5.2.1", OidEntry { d: "utf8Pairs", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.5.2.2", OidEntry { d: "certReq", c: "PKIX CRMF registration control", w: false }); + oids.insert("1.3.6.1.5.5.7.6", OidEntry { d: "algorithms", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.6.1", OidEntry { d: "des40", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.2", OidEntry { d: "noSignature", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.3", OidEntry { d: "dhSigHmacSha1", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.4", OidEntry { d: "dhPop", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.5", OidEntry { d: "dhPopSha224", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.6", OidEntry { d: "dhPopSha256", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.7", OidEntry { d: "dhPopSha384", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.8", OidEntry { d: "dhPopSha512", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.15", OidEntry { d: "dhPopStaticSha224HmacSha224", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.16", OidEntry { d: "dhPopStaticSha256HmacSha256", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.17", OidEntry { d: "dhPopStaticSha384HmacSha384", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.18", OidEntry { d: "dhPopStaticSha512HmacSha512", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.25", OidEntry { d: "ecdhPopStaticSha224HmacSha224", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.26", OidEntry { d: "ecdhPopStaticSha256HmacSha256", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.27", OidEntry { d: "ecdhPopStaticSha384HmacSha384", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.28", OidEntry { d: "ecdhPopStaticSha512HmacSha512", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.30", OidEntry { d: "rsaPssShake128", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.31", OidEntry { d: "rsaPssShake256", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.32", OidEntry { d: "ecdsaShake128", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.6.33", OidEntry { d: "ecdsaShake256", c: "PKIX algorithm", w: false }); + oids.insert("1.3.6.1.5.5.7.7", OidEntry { d: "cmcControls", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.8", OidEntry { d: "otherNames", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.8.1", OidEntry { d: "personalData", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.2", OidEntry { d: "userGroup", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.3", OidEntry { d: "permanentIdentifier", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.5", OidEntry { d: "xmppAddr", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.6", OidEntry { d: "SIM", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.7", OidEntry { d: "dnsSRV", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.8", OidEntry { d: "naiRealm", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.9", OidEntry { d: "smtpUTF8Mailbox", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.10", OidEntry { d: "acpNodeName", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.8.11", OidEntry { d: "bundleEID", c: "PKIX other name", w: false }); + oids.insert("1.3.6.1.5.5.7.9", OidEntry { d: "personalData", c: "PKIX qualified certificates", w: false }); + oids.insert("1.3.6.1.5.5.7.9.1", OidEntry { d: "dateOfBirth", c: "PKIX personal data", w: false }); + oids.insert("1.3.6.1.5.5.7.9.2", OidEntry { d: "placeOfBirth", c: "PKIX personal data", w: false }); + oids.insert("1.3.6.1.5.5.7.9.3", OidEntry { d: "gender", c: "PKIX personal data", w: false }); + oids.insert("1.3.6.1.5.5.7.9.4", OidEntry { d: "countryOfCitizenship", c: "PKIX personal data", w: false }); + oids.insert("1.3.6.1.5.5.7.9.5", OidEntry { d: "countryOfResidence", c: "PKIX personal data", w: false }); + oids.insert("1.3.6.1.5.5.7.10", OidEntry { d: "attributeCertificate", c: "PKIX", w: false }); + oids.insert("1.3.6.1.5.5.7.10.1", OidEntry { d: "authenticationInfo", c: "PKIX attribute certificate extension", w: false }); + oids.insert("1.3.6.1.5.5.7.10.2", OidEntry { d: "accessIdentity", c: "PKIX attribute certificate extension", w: false }); + oids.insert("1.3.6.1.5.5.7.10.3", OidEntry { d: "chargingIdentity", c: "PKIX attribute certificate extension", w: false }); + oids.insert("1.3.6.1.5.5.7.10.4", OidEntry { d: "group", c: "PKIX attribute certificate extension", w: false }); + oids.insert("1.3.6.1.5.5.7.10.5", OidEntry { d: "role", c: "PKIX attribute certificate extension", w: false }); + oids.insert("1.3.6.1.5.5.7.10.6", OidEntry { d: "wlanSSID", c: "PKIX attribute-certificate extension", w: false }); + oids.insert("1.3.6.1.5.5.7.11", OidEntry { d: "personalData", c: "PKIX qualified certificates", w: false }); + oids.insert("1.3.6.1.5.5.7.11.1", OidEntry { d: "pkixQCSyntax-v1", c: "PKIX qualified certificates", w: false }); + oids.insert("1.3.6.1.5.5.7.11.2", OidEntry { d: "pkixQCSyntax-v2", c: "PKIX qualified certificates", w: false }); + oids.insert("1.3.6.1.5.5.7.12", OidEntry { d: "pkixCCT", c: "PKIX CMC Content Types", w: false }); + oids.insert("1.3.6.1.5.5.7.12.2", OidEntry { d: "pkiData", c: "PKIX CMC Content Types", w: false }); + oids.insert("1.3.6.1.5.5.7.12.3", OidEntry { d: "pkiResponse", c: "PKIX CMC Content Types", w: false }); + oids.insert("1.3.6.1.5.5.7.14.2", OidEntry { d: "resourceCertificatePolicy", c: "PKIX policies", w: false }); + oids.insert("1.3.6.1.5.5.7.17", OidEntry { d: "scvpCheck", c: "PKIX SCVP check", w: false }); + oids.insert("1.3.6.1.5.5.7.17.1", OidEntry { d: "scvpCheckBuildPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.17.2", OidEntry { d: "scvpCheckBuildValidPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.17.3", OidEntry { d: "scvpCheckBuildStatusCheckedPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.17.4", OidEntry { d: "scvpCheckBuildAaPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.17.5", OidEntry { d: "scvpCheckBuildValidAaPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.17.6", OidEntry { d: "scvpCheckBuildStatusCheckedAaPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.17.7", OidEntry { d: "scvpCheckStatusCheckAcAndBuildStatusCheckedAaPath", c: "SCVP", w: false }); + oids.insert("1.3.6.1.5.5.7.18", OidEntry { d: "scvpWantBack", c: "PKIX SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.1", OidEntry { d: "scvpWantbackBestCertPath", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.2", OidEntry { d: "scvpWantbackRevocationInfo", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.4", OidEntry { d: "scvpWantbackPublicKeyInfo", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.5", OidEntry { d: "scvpWantbackAaCertPath", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.6", OidEntry { d: "scvpWantbackAaRevocationInfo", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.7", OidEntry { d: "scvpWantbackAcRevocationInfo", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.9", OidEntry { d: "scvpWantbackRelayedResponses", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.10", OidEntry { d: "scvpWantbackCert", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.11", OidEntry { d: "scvpWantbackAcCert", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.12", OidEntry { d: "scvpWantbackAllCertPaths", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.13", OidEntry { d: "scvpWantbackEeRevocationInfo", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.18.14", OidEntry { d: "scvpWantbackCAsRevocationInfo", c: "SCVP wantback", w: false }); + oids.insert("1.3.6.1.5.5.7.19", OidEntry { d: "scvpValPolicy", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.1", OidEntry { d: "scvpDefaultValPolicy", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2", OidEntry { d: "scvpNameValAlg", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2.1", OidEntry { d: "scvpNameErrorNameMismatch", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2.2", OidEntry { d: "scvpNameErrorNoName", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2.3", OidEntry { d: "scvpNameErrorUnknownAlg", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2.4", OidEntry { d: "scvpNameErrorBadName", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2.5", OidEntry { d: "scvpNameErrorBadNameType", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.2.6", OidEntry { d: "scvpNameErrorMixedNames", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3", OidEntry { d: "scvpBasicValAlg", c: "SCVP validation policy", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.1", OidEntry { d: "scvpValErrorExpired", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.2", OidEntry { d: "scvpValErrorNotYetValid", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.3", OidEntry { d: "scvpValErrorWrongTrustAnchor", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.4", OidEntry { d: "scvpValErrorNoValidCertPath", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.5", OidEntry { d: "scvpValErrorRevoked", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.9", OidEntry { d: "scvpValErrorInvalidKeyPurpose", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.10", OidEntry { d: "scvpValErrorInvalidKeyUsage", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.19.3.11", OidEntry { d: "scvpValErrorInvalidCertPolicy", c: "SCVP validation policy error", w: false }); + oids.insert("1.3.6.1.5.5.7.20", OidEntry { d: "logo", c: "Qualified Certificate", w: false }); + oids.insert("1.3.6.1.5.5.7.20.1", OidEntry { d: "logoLoyalty", c: "Qualified Certificate", w: false }); + oids.insert("1.3.6.1.5.5.7.20.2", OidEntry { d: "logoBackground", c: "Qualified Certificate", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1", OidEntry { d: "ocsp", c: "PKIX OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.1", OidEntry { d: "ocspBasic", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.2", OidEntry { d: "ocspNonce", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.3", OidEntry { d: "ocspCRL", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.4", OidEntry { d: "ocspResponse", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.5", OidEntry { d: "ocspNoCheck", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.6", OidEntry { d: "ocspArchiveCutoff", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.1.7", OidEntry { d: "ocspServiceLocator", c: "OCSP", w: false }); + oids.insert("1.3.6.1.5.5.7.48.2", OidEntry { d: "caIssuers", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.7.48.3", OidEntry { d: "timeStamping", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.7.48.4", OidEntry { d: "dvcs", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.7.48.5", OidEntry { d: "caRepository", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.7.48.7", OidEntry { d: "signedObjectRepository", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.7.48.10", OidEntry { d: "rpkiManifest", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.7.48.11", OidEntry { d: "signedObject", c: "PKIX subject/authority info access descriptor", w: false }); + oids.insert("1.3.6.1.5.5.8.1.1", OidEntry { d: "hmacMD5", c: "ISAKMP HMAC algorithm", w: false }); + oids.insert("1.3.6.1.5.5.8.1.2", OidEntry { d: "hmacSHA", c: "ISAKMP HMAC algorithm", w: false }); + oids.insert("1.3.6.1.5.5.8.1.3", OidEntry { d: "hmacTiger", c: "ISAKMP HMAC algorithm", w: false }); + oids.insert("1.3.6.1.5.5.8.2.2", OidEntry { d: "iKEIntermediate", c: "IKE ???", w: false }); + oids.insert("1.3.12.2.1011.7.1", OidEntry { d: "decEncryptionAlgorithm", c: "DASS algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.1.2", OidEntry { d: "decDEA", c: "DASS encryption algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.2", OidEntry { d: "decHashAlgorithm", c: "DASS algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.2.1", OidEntry { d: "decMD2", c: "DASS hash algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.2.2", OidEntry { d: "decMD4", c: "DASS hash algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.3", OidEntry { d: "decSignatureAlgorithm", c: "DASS algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.3.1", OidEntry { d: "decMD2withRSA", c: "DASS signature algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.3.2", OidEntry { d: "decMD4withRSA", c: "DASS signature algorithm", w: false }); + oids.insert("1.3.12.2.1011.7.3.3", OidEntry { d: "decDEAMAC", c: "DASS signature algorithm", w: false }); + oids.insert("1.3.14.2.26.5", OidEntry { d: "sha", c: "Unsure about this OID", w: false }); + oids.insert("1.3.14.3.2.1.1", OidEntry { d: "rsa", c: "X.509. Unsure about this OID", w: false }); + oids.insert("1.3.14.3.2.2", OidEntry { d: "md4WitRSA", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.2.3", OidEntry { d: "md5WithRSA", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.2.4", OidEntry { d: "md4WithRSAEncryption", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.2.2.1", OidEntry { d: "sqmod-N", c: "X.509. Deprecated", w: true }); + oids.insert("1.3.14.3.2.3.1", OidEntry { d: "sqmod-NwithRSA", c: "X.509. Deprecated", w: true }); + oids.insert("1.3.14.3.2.6", OidEntry { d: "desECB", c: "", w: false }); + oids.insert("1.3.14.3.2.7", OidEntry { d: "desCBC", c: "", w: false }); + oids.insert("1.3.14.3.2.8", OidEntry { d: "desOFB", c: "", w: false }); + oids.insert("1.3.14.3.2.9", OidEntry { d: "desCFB", c: "", w: false }); + oids.insert("1.3.14.3.2.10", OidEntry { d: "desMAC", c: "", w: false }); + oids.insert("1.3.14.3.2.11", OidEntry { d: "rsaSignature", c: "ISO 9796-2, also X9.31 Part 1", w: false }); + oids.insert("1.3.14.3.2.12", OidEntry { d: "dsa", c: "OIW?, supposedly from an incomplete version of SDN.701 (doesn't match final SDN.701)", w: true }); + oids.insert("1.3.14.3.2.13", OidEntry { d: "dsaWithSHA", c: "Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27)", w: true }); + oids.insert("1.3.14.3.2.14", OidEntry { d: "mdc2WithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); + oids.insert("1.3.14.3.2.15", OidEntry { d: "shaWithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); + oids.insert("1.3.14.3.2.16", OidEntry { d: "dhWithCommonModulus", c: "Oddball OIW OID. Deprecated, use a plain DH OID instead", w: true }); + oids.insert("1.3.14.3.2.17", OidEntry { d: "desEDE", c: "Oddball OIW OID. Mode is ECB", w: false }); + oids.insert("1.3.14.3.2.18", OidEntry { d: "sha", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.2.19", OidEntry { d: "mdc-2", c: "Oddball OIW OID, DES-based hash, planned for X9.31 Part 2", w: false }); + oids.insert("1.3.14.3.2.20", OidEntry { d: "dsaCommon", c: "Oddball OIW OID. Deprecated, use a plain DSA OID instead", w: true }); + oids.insert("1.3.14.3.2.21", OidEntry { d: "dsaCommonWithSHA", c: "Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead", w: true }); + oids.insert("1.3.14.3.2.22", OidEntry { d: "rsaKeyTransport", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.2.23", OidEntry { d: "keyed-hash-seal", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.2.24", OidEntry { d: "md2WithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); + oids.insert("1.3.14.3.2.25", OidEntry { d: "md5WithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); + oids.insert("1.3.14.3.2.26", OidEntry { d: "sha1", c: "OIW", w: false }); + oids.insert("1.3.14.3.2.27", OidEntry { d: "dsaWithSHA1", c: "OIW. This OID may also be assigned as ripemd-160", w: false }); + oids.insert("1.3.14.3.2.28", OidEntry { d: "dsaWithCommonSHA1", c: "OIW", w: false }); + oids.insert("1.3.14.3.2.29", OidEntry { d: "sha-1WithRSAEncryption", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.3.3.1", OidEntry { d: "simple-strong-auth-mechanism", c: "Oddball OIW OID", w: false }); + oids.insert("1.3.14.7.2.1.1", OidEntry { d: "ElGamal", c: "Unsure about this OID", w: false }); + oids.insert("1.3.14.7.2.3.1", OidEntry { d: "md2WithRSA", c: "Unsure about this OID", w: false }); + oids.insert("1.3.14.7.2.3.2", OidEntry { d: "md2WithElGamal", c: "Unsure about this OID", w: false }); + oids.insert("1.3.18.0.2.18.1", OidEntry { d: "hostIDMapping", c: "IBM RACF ID mapping", w: false }); + oids.insert("1.3.27.16", OidEntry { d: "icaoSecurity", c: "ICAO security", w: false }); + oids.insert("1.3.27.16.0", OidEntry { d: "icaoSecurity", c: "ICAO security test?", w: false }); + oids.insert("1.3.27.16.0.1.1.1.1.1.1.0", OidEntry { d: "icaoTestValidationPolicy", c: "ICAO security test?", w: false }); + oids.insert("1.3.27.16.1", OidEntry { d: "icaoCertPolicy", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2", OidEntry { d: "icaoIATFRootCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1", OidEntry { d: "icaoIdentityAssurance", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.1", OidEntry { d: "icaoIdentityAssuranceLow", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.2", OidEntry { d: "icaoIdentityAssuranceLowDevice", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.3", OidEntry { d: "icaoIdentityAssuranceLowTSPMediated", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.4", OidEntry { d: "icaoIdentityAssuranceMedium", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.5", OidEntry { d: "icaoIdentityAssuranceMediumDevice", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.6", OidEntry { d: "icaoIdentityAssuranceMediumTSPMediated", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.7", OidEntry { d: "icaoIdentityAssuranceMediumHardware", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.8", OidEntry { d: "icaoIdentityAssuranceMediumDeviceHardware", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.9", OidEntry { d: "icaoIdentityAssuranceHigh", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.10", OidEntry { d: "icaoIdentityAssuranceHighCardAuth", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.0.1.11", OidEntry { d: "icaoIdentityAssuranceHighContentSigning", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1", OidEntry { d: "icaoIATFBridgeCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.0", OidEntry { d: "icaoCAODRootCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1", OidEntry { d: "icaoCAODBridgeCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1.1", OidEntry { d: "icaoUSBridgeCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1.1.1", OidEntry { d: "icaoFAARootCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1.1.1.1", OidEntry { d: "icaoFAAIssuingCA", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1.1.1.1.1", OidEntry { d: "icaoFAAClientCertificate", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1.1.1.1.2", OidEntry { d: "icaoFAAServerCertificate", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.2.1.1.1.1.1.3", OidEntry { d: "icaoFAASWIMSigningCertificate", c: "ICAO certificate policies", w: false }); + oids.insert("1.3.27.16.1.4.1.1", OidEntry { d: "icaoSWIMSigning", c: "ICAO extended key usage", w: false }); + oids.insert("1.3.36.1", OidEntry { d: "document", c: "Teletrust document", w: false }); + oids.insert("1.3.36.1.1", OidEntry { d: "finalVersion", c: "Teletrust document", w: false }); + oids.insert("1.3.36.1.2", OidEntry { d: "draft", c: "Teletrust document", w: false }); + oids.insert("1.3.36.2", OidEntry { d: "sio", c: "Teletrust sio", w: false }); + oids.insert("1.3.36.2.1", OidEntry { d: "sedu", c: "Teletrust sio", w: false }); + oids.insert("1.3.36.3", OidEntry { d: "algorithm", c: "Teletrust algorithm", w: false }); + oids.insert("1.3.36.3.1", OidEntry { d: "encryptionAlgorithm", c: "Teletrust algorithm", w: false }); + oids.insert("1.3.36.3.1.1", OidEntry { d: "des", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.1.1", OidEntry { d: "desECB_pad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.1.1.1", OidEntry { d: "desECB_ISOpad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.1.2.1", OidEntry { d: "desCBC_pad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.1.2.1.1", OidEntry { d: "desCBC_ISOpad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.3", OidEntry { d: "des_3", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.3.1.1", OidEntry { d: "des_3ECB_pad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); + oids.insert("1.3.36.3.1.3.1.1.1", OidEntry { d: "des_3ECB_ISOpad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); + oids.insert("1.3.36.3.1.3.2.1", OidEntry { d: "des_3CBC_pad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); + oids.insert("1.3.36.3.1.3.2.1.1", OidEntry { d: "des_3CBC_ISOpad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); + oids.insert("1.3.36.3.1.2", OidEntry { d: "idea", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.1", OidEntry { d: "ideaECB", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.1.1", OidEntry { d: "ideaECB_pad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.1.1.1", OidEntry { d: "ideaECB_ISOpad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.2", OidEntry { d: "ideaCBC", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.2.1", OidEntry { d: "ideaCBC_pad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.2.1.1", OidEntry { d: "ideaCBC_ISOpad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.3", OidEntry { d: "ideaOFB", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.2.4", OidEntry { d: "ideaCFB", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.4", OidEntry { d: "rsaEncryption", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.4.512.17", OidEntry { d: "rsaEncryptionWithlmod512expe17", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.5", OidEntry { d: "bsi-1", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.5.1", OidEntry { d: "bsi_1ECB_pad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.5.2", OidEntry { d: "bsi_1CBC_pad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.1.5.2.1", OidEntry { d: "bsi_1CBC_PEMpad", c: "Teletrust encryption algorithm", w: false }); + oids.insert("1.3.36.3.2", OidEntry { d: "hashAlgorithm", c: "Teletrust algorithm", w: false }); + oids.insert("1.3.36.3.2.1", OidEntry { d: "ripemd160", c: "Teletrust hash algorithm", w: false }); + oids.insert("1.3.36.3.2.2", OidEntry { d: "ripemd128", c: "Teletrust hash algorithm", w: false }); + oids.insert("1.3.36.3.2.3", OidEntry { d: "ripemd256", c: "Teletrust hash algorithm", w: false }); + oids.insert("1.3.36.3.2.4", OidEntry { d: "mdc2singleLength", c: "Teletrust hash algorithm", w: false }); + oids.insert("1.3.36.3.2.5", OidEntry { d: "mdc2doubleLength", c: "Teletrust hash algorithm", w: false }); + oids.insert("1.3.36.3.3", OidEntry { d: "signatureAlgorithm", c: "Teletrust algorithm", w: false }); + oids.insert("1.3.36.3.3.1", OidEntry { d: "rsaSignature", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.1.1", OidEntry { d: "rsaSignatureWithsha1", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.1.1.1024.11", OidEntry { d: "rsaSignatureWithsha1_l1024_l11", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.1.2", OidEntry { d: "rsaSignatureWithripemd160", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.1.2.1024.11", OidEntry { d: "rsaSignatureWithripemd160_l1024_l11", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.1.3", OidEntry { d: "rsaSignatureWithrimpemd128", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.1.4", OidEntry { d: "rsaSignatureWithrimpemd256", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.2", OidEntry { d: "ecsieSign", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.2.1", OidEntry { d: "ecsieSignWithsha1", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.2.2", OidEntry { d: "ecsieSignWithripemd160", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.2.3", OidEntry { d: "ecsieSignWithmd2", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.2.4", OidEntry { d: "ecsieSignWithmd5", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.1", OidEntry { d: "brainpoolP160r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.2", OidEntry { d: "brainpoolP160t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.3", OidEntry { d: "brainpoolP192r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.4", OidEntry { d: "brainpoolP192t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.5", OidEntry { d: "brainpoolP224r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.6", OidEntry { d: "brainpoolP224t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.7", OidEntry { d: "brainpoolP256r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.8", OidEntry { d: "brainpoolP256t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.9", OidEntry { d: "brainpoolP320r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.10", OidEntry { d: "brainpoolP320t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.11", OidEntry { d: "brainpoolP384r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.12", OidEntry { d: "brainpoolP384t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.13", OidEntry { d: "brainpoolP512r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.3.2.8.1.1.14", OidEntry { d: "brainpoolP512t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); + oids.insert("1.3.36.3.4", OidEntry { d: "signatureScheme", c: "Teletrust algorithm", w: false }); + oids.insert("1.3.36.3.4.1", OidEntry { d: "sigS_ISO9796-1", c: "Teletrust signature scheme", w: false }); + oids.insert("1.3.36.3.4.2", OidEntry { d: "sigS_ISO9796-2", c: "Teletrust signature scheme", w: false }); + oids.insert("1.3.36.3.4.2.1", OidEntry { d: "sigS_ISO9796-2Withred", c: "Teletrust signature scheme. Unsure what this is supposed to be", w: false }); + oids.insert("1.3.36.3.4.2.2", OidEntry { d: "sigS_ISO9796-2Withrsa", c: "Teletrust signature scheme. Unsure what this is supposed to be", w: false }); + oids.insert("1.3.36.3.4.2.3", OidEntry { d: "sigS_ISO9796-2Withrnd", c: "Teletrust signature scheme. 9796-2 with random number in padding field", w: false }); + oids.insert("1.3.36.4", OidEntry { d: "attribute", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.5", OidEntry { d: "policy", c: "Teletrust policy", w: false }); + oids.insert("1.3.36.6", OidEntry { d: "api", c: "Teletrust API", w: false }); + oids.insert("1.3.36.6.1", OidEntry { d: "manufacturer-specific_api", c: "Teletrust API", w: false }); + oids.insert("1.3.36.6.1.1", OidEntry { d: "utimaco-api", c: "Teletrust API", w: false }); + oids.insert("1.3.36.6.2", OidEntry { d: "functionality-specific_api", c: "Teletrust API", w: false }); + oids.insert("1.3.36.7", OidEntry { d: "keymgmnt", c: "Teletrust key management", w: false }); + oids.insert("1.3.36.7.1", OidEntry { d: "keyagree", c: "Teletrust key management", w: false }); + oids.insert("1.3.36.7.1.1", OidEntry { d: "bsiPKE", c: "Teletrust key management", w: false }); + oids.insert("1.3.36.7.2", OidEntry { d: "keytrans", c: "Teletrust key management", w: false }); + oids.insert("1.3.36.7.2.1", OidEntry { d: "encISO9796-2Withrsa", c: "Teletrust key management. 9796-2 with key stored in hash field", w: false }); + oids.insert("1.3.36.8.1.1", OidEntry { d: "Teletrust SigGConform policyIdentifier", c: "Teletrust policy", w: false }); + oids.insert("1.3.36.8.2.1", OidEntry { d: "directoryService", c: "Teletrust extended key usage", w: false }); + oids.insert("1.3.36.8.3.1", OidEntry { d: "dateOfCertGen", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.2", OidEntry { d: "procuration", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.3", OidEntry { d: "admission", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.4", OidEntry { d: "monetaryLimit", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.5", OidEntry { d: "declarationOfMajority", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.6", OidEntry { d: "integratedCircuitCardSerialNumber", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.7", OidEntry { d: "pKReference", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.8", OidEntry { d: "restriction", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.9", OidEntry { d: "retrieveIfAllowed", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.10", OidEntry { d: "requestedCertificate", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.11", OidEntry { d: "namingAuthorities", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.11.1", OidEntry { d: "rechtWirtschaftSteuern", c: "Teletrust naming authorities", w: false }); + oids.insert("1.3.36.8.3.11.1.1", OidEntry { d: "rechtsanwaeltin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.2", OidEntry { d: "rechtsanwalt", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.3", OidEntry { d: "rechtsBeistand", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.4", OidEntry { d: "steuerBeraterin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.5", OidEntry { d: "steuerBerater", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.6", OidEntry { d: "steuerBevollmaechtigte", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.7", OidEntry { d: "steuerBevollmaechtigter", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.8", OidEntry { d: "notarin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.9", OidEntry { d: "notar", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.10", OidEntry { d: "notarVertreterin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.11", OidEntry { d: "notarVertreter", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.12", OidEntry { d: "notariatsVerwalterin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.13", OidEntry { d: "notariatsVerwalter", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.14", OidEntry { d: "wirtschaftsPrueferin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.15", OidEntry { d: "wirtschaftsPruefer", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.16", OidEntry { d: "vereidigteBuchprueferin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.17", OidEntry { d: "vereidigterBuchpruefer", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.18", OidEntry { d: "patentAnwaeltin", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.11.1.19", OidEntry { d: "patentAnwalt", c: "Teletrust ProfessionInfo", w: false }); + oids.insert("1.3.36.8.3.12", OidEntry { d: "certInDirSince", c: "Teletrust OCSP attribute (obsolete)", w: true }); + oids.insert("1.3.36.8.3.13", OidEntry { d: "certHash", c: "Teletrust OCSP attribute", w: false }); + oids.insert("1.3.36.8.3.14", OidEntry { d: "nameAtBirth", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.3.15", OidEntry { d: "additionalInformation", c: "Teletrust attribute", w: false }); + oids.insert("1.3.36.8.4.1", OidEntry { d: "personalData", c: "Teletrust OtherName attribute", w: false }); + oids.insert("1.3.36.8.4.8", OidEntry { d: "restriction", c: "Teletrust attribute certificate attribute", w: false }); + oids.insert("1.3.36.8.5.1.1.1", OidEntry { d: "rsaIndicateSHA1", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.8.5.1.1.2", OidEntry { d: "rsaIndicateRIPEMD160", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.8.5.1.1.3", OidEntry { d: "rsaWithSHA1", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.8.5.1.1.4", OidEntry { d: "rsaWithRIPEMD160", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.8.5.1.2.1", OidEntry { d: "dsaExtended", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.8.5.1.2.2", OidEntry { d: "dsaWithRIPEMD160", c: "Teletrust signature algorithm", w: false }); + oids.insert("1.3.36.8.6.1", OidEntry { d: "cert", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.2", OidEntry { d: "certRef", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.3", OidEntry { d: "attrCert", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.4", OidEntry { d: "attrRef", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.5", OidEntry { d: "fileName", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.6", OidEntry { d: "storageTime", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.7", OidEntry { d: "fileSize", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.8", OidEntry { d: "location", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.9", OidEntry { d: "sigNumber", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.6.10", OidEntry { d: "autoGen", c: "Teletrust signature attributes", w: false }); + oids.insert("1.3.36.8.7.1.1", OidEntry { d: "ptAdobeILL", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.2", OidEntry { d: "ptAmiPro", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.3", OidEntry { d: "ptAutoCAD", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.4", OidEntry { d: "ptBinary", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.5", OidEntry { d: "ptBMP", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.6", OidEntry { d: "ptCGM", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.7", OidEntry { d: "ptCorelCRT", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.8", OidEntry { d: "ptCorelDRW", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.9", OidEntry { d: "ptCorelEXC", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.10", OidEntry { d: "ptCorelPHT", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.11", OidEntry { d: "ptDraw", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.12", OidEntry { d: "ptDVI", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.13", OidEntry { d: "ptEPS", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.14", OidEntry { d: "ptExcel", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.15", OidEntry { d: "ptGEM", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.16", OidEntry { d: "ptGIF", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.17", OidEntry { d: "ptHPGL", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.18", OidEntry { d: "ptJPEG", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.19", OidEntry { d: "ptKodak", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.20", OidEntry { d: "ptLaTeX", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.21", OidEntry { d: "ptLotus", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.22", OidEntry { d: "ptLotusPIC", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.23", OidEntry { d: "ptMacPICT", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.24", OidEntry { d: "ptMacWord", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.25", OidEntry { d: "ptMSWfD", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.26", OidEntry { d: "ptMSWord", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.27", OidEntry { d: "ptMSWord2", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.28", OidEntry { d: "ptMSWord6", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.29", OidEntry { d: "ptMSWord8", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.30", OidEntry { d: "ptPDF", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.31", OidEntry { d: "ptPIF", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.32", OidEntry { d: "ptPostscript", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.33", OidEntry { d: "ptRTF", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.34", OidEntry { d: "ptSCITEX", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.35", OidEntry { d: "ptTAR", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.36", OidEntry { d: "ptTarga", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.37", OidEntry { d: "ptTeX", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.38", OidEntry { d: "ptText", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.39", OidEntry { d: "ptTIFF", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.40", OidEntry { d: "ptTIFF-FC", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.41", OidEntry { d: "ptUID", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.42", OidEntry { d: "ptUUEncode", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.43", OidEntry { d: "ptWMF", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.44", OidEntry { d: "ptWordPerfect", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.36.8.7.1.45", OidEntry { d: "ptWPGrph", c: "Teletrust presentation types", w: false }); + oids.insert("1.3.101.1.4", OidEntry { d: "thawte-ce", c: "Thawte", w: false }); + oids.insert("1.3.101.1.4.1", OidEntry { d: "strongExtranet", c: "Thawte certificate extension", w: false }); + oids.insert("1.3.101.110", OidEntry { d: "curveX25519", c: "ECDH 25519 key agreement algorithm", w: false }); + oids.insert("1.3.101.111", OidEntry { d: "curveX448", c: "ECDH 448 key agreement algorithm", w: false }); + oids.insert("1.3.101.112", OidEntry { d: "curveEd25519", c: "EdDSA 25519 signature algorithm", w: false }); + oids.insert("1.3.101.113", OidEntry { d: "curveEd448", c: "EdDSA 448 signature algorithm", w: false }); + oids.insert("1.3.101.114", OidEntry { d: "curveEd25519ph", c: "EdDSA 25519 pre-hash signature algorithm", w: false }); + oids.insert("1.3.101.115", OidEntry { d: "curveEd448ph", c: "EdDSA 448 pre-hash signature algorithm", w: false }); + oids.insert("1.3.132.0.1", OidEntry { d: "sect163k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.2", OidEntry { d: "sect163r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.3", OidEntry { d: "sect239k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.4", OidEntry { d: "sect113r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.5", OidEntry { d: "sect113r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.6", OidEntry { d: "secp112r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.7", OidEntry { d: "secp112r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.8", OidEntry { d: "secp160r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.9", OidEntry { d: "secp160k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.10", OidEntry { d: "secp256k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.15", OidEntry { d: "sect163r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.16", OidEntry { d: "sect283k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.17", OidEntry { d: "sect283r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.22", OidEntry { d: "sect131r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.23", OidEntry { d: "sect131r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.24", OidEntry { d: "sect193r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.25", OidEntry { d: "sect193r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.26", OidEntry { d: "sect233k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.27", OidEntry { d: "sect233r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.28", OidEntry { d: "secp128r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.29", OidEntry { d: "secp128r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.30", OidEntry { d: "secp160r2", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.31", OidEntry { d: "secp192k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.32", OidEntry { d: "secp224k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.33", OidEntry { d: "secp224r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.34", OidEntry { d: "secp384r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.35", OidEntry { d: "secp521r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.36", OidEntry { d: "sect409k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.37", OidEntry { d: "sect409r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.38", OidEntry { d: "sect571k1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.0.39", OidEntry { d: "sect571r1", c: "SECG (Certicom) named elliptic curve", w: false }); + oids.insert("1.3.132.1.11.0", OidEntry { d: "ecdhX963KDF-SHA224", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.11.1", OidEntry { d: "ecdhX963KDF-SHA256", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.11.2", OidEntry { d: "ecdhX963KDF-SHA384", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.11.3", OidEntry { d: "ecdhX963KDF-SHA512", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.14.0", OidEntry { d: "eccofactordhX963KDF-SHA224", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.14.1", OidEntry { d: "eccofactordhX963KDF-SHA256", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.14.2", OidEntry { d: "eccofactordhX963KDF-SHA384", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.14.3", OidEntry { d: "eccofactordhX963KDF-SHA512", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.15.0", OidEntry { d: "ecmqv-X963KDF-SHA224", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.15.1", OidEntry { d: "ecmqv-X963KDF-SHA256", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.15.2", OidEntry { d: "ecmqv-X963KDF-SHA384", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.132.1.15.3", OidEntry { d: "ecmqv-X963KDF-SHA512", c: "SECG (Certicom) elliptic curve key agreement", w: false }); + oids.insert("1.3.133.16.840.9.44", OidEntry { d: "x944", c: "X9.44", w: false }); + oids.insert("1.3.133.16.840.9.44.1", OidEntry { d: "x944Components", c: "X9.44", w: false }); + oids.insert("1.3.133.16.840.9.44.1.1", OidEntry { d: "x944Kdf2", c: "X9.44", w: false }); + oids.insert("1.3.133.16.840.9.44.1.2", OidEntry { d: "x944Kdf3", c: "X9.44", w: false }); + oids.insert("1.3.133.16.840.9.84", OidEntry { d: "x984", c: "X9.84", w: false }); + oids.insert("1.3.133.16.840.9.84.0", OidEntry { d: "x984Module", c: "X9.84", w: false }); + oids.insert("1.3.133.16.840.9.84.0.1", OidEntry { d: "x984Biometrics", c: "X9.84 Module", w: false }); + oids.insert("1.3.133.16.840.9.84.0.2", OidEntry { d: "x984CMS", c: "X9.84 Module", w: false }); + oids.insert("1.3.133.16.840.9.84.0.3", OidEntry { d: "x984Identifiers", c: "X9.84 Module", w: false }); + oids.insert("1.3.133.16.840.9.84.1", OidEntry { d: "x984Biometric", c: "X9.84", w: false }); + oids.insert("1.3.133.16.840.9.84.1.0", OidEntry { d: "biometricUnknownType", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.1", OidEntry { d: "biometricBodyOdor", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.2", OidEntry { d: "biometricDNA", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.3", OidEntry { d: "biometricEarShape", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.4", OidEntry { d: "biometricFacialFeatures", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.5", OidEntry { d: "biometricFingerImage", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.6", OidEntry { d: "biometricFingerGeometry", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.7", OidEntry { d: "biometricHandGeometry", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.8", OidEntry { d: "biometricIrisFeatures", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.9", OidEntry { d: "biometricKeystrokeDynamics", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.10", OidEntry { d: "biometricPalm", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.11", OidEntry { d: "biometricRetina", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.12", OidEntry { d: "biometricSignature", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.13", OidEntry { d: "biometricSpeechPattern", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.14", OidEntry { d: "biometricThermalImage", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.15", OidEntry { d: "biometricVeinPattern", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.16", OidEntry { d: "biometricThermalFaceImage", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.17", OidEntry { d: "biometricThermalHandImage", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.18", OidEntry { d: "biometricLipMovement", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.1.19", OidEntry { d: "biometricGait", c: "X9.84 Biometric", w: false }); + oids.insert("1.3.133.16.840.9.84.3", OidEntry { d: "x984MatchingMethod", c: "X9.84", w: false }); + oids.insert("1.3.133.16.840.9.84.4", OidEntry { d: "x984FormatOwner", c: "X9.84", w: false }); + oids.insert("1.3.133.16.840.9.84.4.0", OidEntry { d: "x984CbeffOwner", c: "X9.84 Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1", OidEntry { d: "x984IbiaOwner", c: "X9.84 Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.1", OidEntry { d: "ibiaOwnerSAFLINK", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.2", OidEntry { d: "ibiaOwnerBioscrypt", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.3", OidEntry { d: "ibiaOwnerVisionics", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.4", OidEntry { d: "ibiaOwnerInfineonTechnologiesAG", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.5", OidEntry { d: "ibiaOwnerIridianTechnologies", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.6", OidEntry { d: "ibiaOwnerVeridicom", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.7", OidEntry { d: "ibiaOwnerCyberSIGN", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.8", OidEntry { d: "ibiaOwnereCryp", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.9", OidEntry { d: "ibiaOwnerFingerprintCardsAB", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.10", OidEntry { d: "ibiaOwnerSecuGen", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.11", OidEntry { d: "ibiaOwnerPreciseBiometric", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.12", OidEntry { d: "ibiaOwnerIdentix", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.13", OidEntry { d: "ibiaOwnerDERMALOG", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.14", OidEntry { d: "ibiaOwnerLOGICO", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.15", OidEntry { d: "ibiaOwnerNIST", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.16", OidEntry { d: "ibiaOwnerA3Vision", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.17", OidEntry { d: "ibiaOwnerNEC", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.133.16.840.9.84.4.1.18", OidEntry { d: "ibiaOwnerSTMicroelectronics", c: "X9.84 IBIA Format Owner", w: false }); + oids.insert("1.3.158.36061701.0.0.0.1.2.2", OidEntry { d: "qcpSK", c: "Slovakia Qualified Electronic Signature policies", w: false }); + oids.insert("2.5.4.0", OidEntry { d: "objectClass", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.1", OidEntry { d: "aliasedEntryName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.2", OidEntry { d: "knowledgeInformation", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.3", OidEntry { d: "commonName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.4", OidEntry { d: "surname", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.5", OidEntry { d: "serialNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.6", OidEntry { d: "countryName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.7", OidEntry { d: "localityName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.7.1", OidEntry { d: "collectiveLocalityName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.8", OidEntry { d: "stateOrProvinceName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.8.1", OidEntry { d: "collectiveStateOrProvinceName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.9", OidEntry { d: "streetAddress", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.9.1", OidEntry { d: "collectiveStreetAddress", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.10", OidEntry { d: "organizationName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.10.1", OidEntry { d: "collectiveOrganizationName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.11", OidEntry { d: "organizationalUnitName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.11.1", OidEntry { d: "collectiveOrganizationalUnitName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.12", OidEntry { d: "title", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.13", OidEntry { d: "description", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.14", OidEntry { d: "searchGuide", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.15", OidEntry { d: "businessCategory", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.16", OidEntry { d: "postalAddress", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.16.1", OidEntry { d: "collectivePostalAddress", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.17", OidEntry { d: "postalCode", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.17.1", OidEntry { d: "collectivePostalCode", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.18", OidEntry { d: "postOfficeBox", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.18.1", OidEntry { d: "collectivePostOfficeBox", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.19", OidEntry { d: "physicalDeliveryOfficeName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.19.1", OidEntry { d: "collectivePhysicalDeliveryOfficeName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.20", OidEntry { d: "telephoneNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.20.1", OidEntry { d: "collectiveTelephoneNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.21", OidEntry { d: "telexNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.21.1", OidEntry { d: "collectiveTelexNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.22", OidEntry { d: "teletexTerminalIdentifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.22.1", OidEntry { d: "collectiveTeletexTerminalIdentifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.23", OidEntry { d: "facsimileTelephoneNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.23.1", OidEntry { d: "collectiveFacsimileTelephoneNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.24", OidEntry { d: "x121Address", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.25", OidEntry { d: "internationalISDNNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.25.1", OidEntry { d: "collectiveInternationalISDNNumber", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.26", OidEntry { d: "registeredAddress", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.27", OidEntry { d: "destinationIndicator", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.28", OidEntry { d: "preferredDeliveryMehtod", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.29", OidEntry { d: "presentationAddress", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.30", OidEntry { d: "supportedApplicationContext", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.31", OidEntry { d: "member", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.32", OidEntry { d: "owner", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.33", OidEntry { d: "roleOccupant", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.34", OidEntry { d: "seeAlso", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.35", OidEntry { d: "userPassword", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.36", OidEntry { d: "userCertificate", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.37", OidEntry { d: "caCertificate", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.38", OidEntry { d: "authorityRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.39", OidEntry { d: "certificateRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.40", OidEntry { d: "crossCertificatePair", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.41", OidEntry { d: "name", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.42", OidEntry { d: "givenName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.43", OidEntry { d: "initials", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.44", OidEntry { d: "generationQualifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.45", OidEntry { d: "uniqueIdentifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.46", OidEntry { d: "dnQualifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.47", OidEntry { d: "enhancedSearchGuide", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.48", OidEntry { d: "protocolInformation", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.49", OidEntry { d: "distinguishedName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.50", OidEntry { d: "uniqueMember", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.51", OidEntry { d: "houseIdentifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.52", OidEntry { d: "supportedAlgorithms", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.53", OidEntry { d: "deltaRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.54", OidEntry { d: "dmdName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.55", OidEntry { d: "clearance", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.56", OidEntry { d: "defaultDirQop", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.57", OidEntry { d: "attributeIntegrityInfo", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.58", OidEntry { d: "attributeCertificate", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.59", OidEntry { d: "attributeCertificateRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.60", OidEntry { d: "confKeyInfo", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.61", OidEntry { d: "aACertificate", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.62", OidEntry { d: "attributeDescriptorCertificate", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.63", OidEntry { d: "attributeAuthorityRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.64", OidEntry { d: "familyInformation", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.65", OidEntry { d: "pseudonym", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.66", OidEntry { d: "communicationsService", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.67", OidEntry { d: "communicationsNetwork", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.68", OidEntry { d: "certificationPracticeStmt", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.69", OidEntry { d: "certificatePolicy", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.70", OidEntry { d: "pkiPath", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.71", OidEntry { d: "privPolicy", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.72", OidEntry { d: "role", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.73", OidEntry { d: "delegationPath", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.74", OidEntry { d: "protPrivPolicy", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.75", OidEntry { d: "xMLPrivilegeInfo", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.76", OidEntry { d: "xmlPrivPolicy", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.77", OidEntry { d: "uuidpair", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.78", OidEntry { d: "tagOid", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.79", OidEntry { d: "uiiFormat", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.80", OidEntry { d: "uiiInUrh", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.81", OidEntry { d: "contentUrl", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.82", OidEntry { d: "permission", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.83", OidEntry { d: "uri", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.84", OidEntry { d: "pwdAttribute", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.85", OidEntry { d: "userPwd", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.86", OidEntry { d: "urn", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.87", OidEntry { d: "url", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.88", OidEntry { d: "utmCoordinates", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.89", OidEntry { d: "urnC", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.90", OidEntry { d: "uii", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.91", OidEntry { d: "epc", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.92", OidEntry { d: "tagAfi", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.93", OidEntry { d: "epcFormat", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.94", OidEntry { d: "epcInUrn", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.95", OidEntry { d: "ldapUrl", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.96", OidEntry { d: "tagLocation", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.97", OidEntry { d: "organizationIdentifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.98", OidEntry { d: "countryCode3c", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.99", OidEntry { d: "countryCode3n", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.100", OidEntry { d: "dnsName", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.101", OidEntry { d: "eepkCertificateRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.102", OidEntry { d: "eeAttrCertificateRevocationList", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.103", OidEntry { d: "supportedPublicKeyAlgorithms", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.104", OidEntry { d: "intEmail", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.105", OidEntry { d: "jid", c: "X.520 DN component", w: false }); + oids.insert("2.5.4.106", OidEntry { d: "objectIdentifier", c: "X.520 DN component", w: false }); + oids.insert("2.5.6.0", OidEntry { d: "top", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.1", OidEntry { d: "alias", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.2", OidEntry { d: "country", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.3", OidEntry { d: "locality", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.4", OidEntry { d: "organization", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.5", OidEntry { d: "organizationalUnit", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.6", OidEntry { d: "person", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.7", OidEntry { d: "organizationalPerson", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.8", OidEntry { d: "organizationalRole", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.9", OidEntry { d: "groupOfNames", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.10", OidEntry { d: "residentialPerson", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.11", OidEntry { d: "applicationProcess", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.12", OidEntry { d: "applicationEntity", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.13", OidEntry { d: "dSA", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.14", OidEntry { d: "device", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.15", OidEntry { d: "strongAuthenticationUser", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.16", OidEntry { d: "certificateAuthority", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.17", OidEntry { d: "groupOfUniqueNames", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.21", OidEntry { d: "pkiUser", c: "X.520 objectClass", w: false }); + oids.insert("2.5.6.22", OidEntry { d: "pkiCA", c: "X.520 objectClass", w: false }); + oids.insert("2.5.8.1.1", OidEntry { d: "rsa", c: "X.500 algorithms. Ambiguous, since no padding rules specified", w: true }); + oids.insert("2.5.29.1", OidEntry { d: "authorityKeyIdentifier", c: "X.509 extension. Deprecated, use 2 5 29 35 instead", w: true }); + oids.insert("2.5.29.2", OidEntry { d: "keyAttributes", c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", w: true }); + oids.insert("2.5.29.3", OidEntry { d: "certificatePolicies", c: "X.509 extension. Deprecated, use 2 5 29 32 instead", w: true }); + oids.insert("2.5.29.4", OidEntry { d: "keyUsageRestriction", c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", w: true }); + oids.insert("2.5.29.5", OidEntry { d: "policyMapping", c: "X.509 extension. Deprecated, use 2 5 29 33 instead", w: true }); + oids.insert("2.5.29.6", OidEntry { d: "subtreesConstraint", c: "X.509 extension. Obsolete, use nameConstraints instead", w: true }); + oids.insert("2.5.29.7", OidEntry { d: "subjectAltName", c: "X.509 extension. Deprecated, use 2 5 29 17 instead", w: true }); + oids.insert("2.5.29.8", OidEntry { d: "issuerAltName", c: "X.509 extension. Deprecated, use 2 5 29 18 instead", w: true }); + oids.insert("2.5.29.9", OidEntry { d: "subjectDirectoryAttributes", c: "X.509 extension", w: false }); + oids.insert("2.5.29.10", OidEntry { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true }); + oids.insert("2.5.29.11", OidEntry { d: "nameConstraints", c: "X.509 extension. Deprecated, use 2 5 29 30 instead", w: true }); + oids.insert("2.5.29.12", OidEntry { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true }); + oids.insert("2.5.29.13", OidEntry { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true }); + oids.insert("2.5.29.14", OidEntry { d: "subjectKeyIdentifier", c: "X.509 extension", w: false }); + oids.insert("2.5.29.15", OidEntry { d: "keyUsage", c: "X.509 extension", w: false }); + oids.insert("2.5.29.16", OidEntry { d: "privateKeyUsagePeriod", c: "X.509 extension", w: false }); + oids.insert("2.5.29.17", OidEntry { d: "subjectAltName", c: "X.509 extension", w: false }); + oids.insert("2.5.29.18", OidEntry { d: "issuerAltName", c: "X.509 extension", w: false }); + oids.insert("2.5.29.19", OidEntry { d: "basicConstraints", c: "X.509 extension", w: false }); + oids.insert("2.5.29.20", OidEntry { d: "cRLNumber", c: "X.509 extension", w: false }); + oids.insert("2.5.29.21", OidEntry { d: "cRLReason", c: "X.509 extension", w: false }); + oids.insert("2.5.29.22", OidEntry { d: "expirationDate", c: "X.509 extension. Deprecated, alternative OID uncertain", w: true }); + oids.insert("2.5.29.23", OidEntry { d: "instructionCode", c: "X.509 extension", w: false }); + oids.insert("2.5.29.24", OidEntry { d: "invalidityDate", c: "X.509 extension", w: false }); + oids.insert("2.5.29.25", OidEntry { d: "cRLDistributionPoints", c: "X.509 extension. Deprecated, use 2 5 29 31 instead", w: true }); + oids.insert("2.5.29.26", OidEntry { d: "issuingDistributionPoint", c: "X.509 extension. Deprecated, use 2 5 29 28 instead", w: true }); + oids.insert("2.5.29.27", OidEntry { d: "deltaCRLIndicator", c: "X.509 extension", w: false }); + oids.insert("2.5.29.28", OidEntry { d: "issuingDistributionPoint", c: "X.509 extension", w: false }); + oids.insert("2.5.29.29", OidEntry { d: "certificateIssuer", c: "X.509 extension", w: false }); + oids.insert("2.5.29.30", OidEntry { d: "nameConstraints", c: "X.509 extension", w: false }); + oids.insert("2.5.29.31", OidEntry { d: "cRLDistributionPoints", c: "X.509 extension", w: false }); + oids.insert("2.5.29.32", OidEntry { d: "certificatePolicies", c: "X.509 extension", w: false }); + oids.insert("2.5.29.32.0", OidEntry { d: "anyPolicy", c: "X.509 certificate policy", w: false }); + oids.insert("2.5.29.33", OidEntry { d: "policyMappings", c: "X.509 extension", w: false }); + oids.insert("2.5.29.34", OidEntry { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true }); + oids.insert("2.5.29.35", OidEntry { d: "authorityKeyIdentifier", c: "X.509 extension", w: false }); + oids.insert("2.5.29.36", OidEntry { d: "policyConstraints", c: "X.509 extension", w: false }); + oids.insert("2.5.29.37", OidEntry { d: "extKeyUsage", c: "X.509 extension", w: false }); + oids.insert("2.5.29.37.0", OidEntry { d: "anyExtendedKeyUsage", c: "X.509 extended key usage", w: false }); + oids.insert("2.5.29.38", OidEntry { d: "authorityAttributeIdentifier", c: "X.509 extension", w: false }); + oids.insert("2.5.29.39", OidEntry { d: "roleSpecCertIdentifier", c: "X.509 extension", w: false }); + oids.insert("2.5.29.40", OidEntry { d: "cRLStreamIdentifier", c: "X.509 extension", w: false }); + oids.insert("2.5.29.41", OidEntry { d: "basicAttConstraints", c: "X.509 extension", w: false }); + oids.insert("2.5.29.42", OidEntry { d: "delegatedNameConstraints", c: "X.509 extension", w: false }); + oids.insert("2.5.29.43", OidEntry { d: "timeSpecification", c: "X.509 extension", w: false }); + oids.insert("2.5.29.44", OidEntry { d: "cRLScope", c: "X.509 extension", w: false }); + oids.insert("2.5.29.45", OidEntry { d: "statusReferrals", c: "X.509 extension", w: false }); + oids.insert("2.5.29.46", OidEntry { d: "freshestCRL", c: "X.509 extension", w: false }); + oids.insert("2.5.29.47", OidEntry { d: "orderedList", c: "X.509 extension", w: false }); + oids.insert("2.5.29.48", OidEntry { d: "attributeDescriptor", c: "X.509 extension", w: false }); + oids.insert("2.5.29.49", OidEntry { d: "userNotice", c: "X.509 extension", w: false }); + oids.insert("2.5.29.50", OidEntry { d: "sOAIdentifier", c: "X.509 extension", w: false }); + oids.insert("2.5.29.51", OidEntry { d: "baseUpdateTime", c: "X.509 extension", w: false }); + oids.insert("2.5.29.52", OidEntry { d: "acceptableCertPolicies", c: "X.509 extension", w: false }); + oids.insert("2.5.29.53", OidEntry { d: "deltaInfo", c: "X.509 extension", w: false }); + oids.insert("2.5.29.54", OidEntry { d: "inhibitAnyPolicy", c: "X.509 extension", w: false }); + oids.insert("2.5.29.55", OidEntry { d: "targetInformation", c: "X.509 extension", w: false }); + oids.insert("2.5.29.56", OidEntry { d: "noRevAvail", c: "X.509 extension", w: false }); + oids.insert("2.5.29.57", OidEntry { d: "acceptablePrivilegePolicies", c: "X.509 extension", w: false }); + oids.insert("2.5.29.58", OidEntry { d: "toBeRevoked", c: "X.509 extension", w: false }); + oids.insert("2.5.29.59", OidEntry { d: "revokedGroups", c: "X.509 extension", w: false }); + oids.insert("2.5.29.60", OidEntry { d: "expiredCertsOnCRL", c: "X.509 extension", w: false }); + oids.insert("2.5.29.61", OidEntry { d: "indirectIssuer", c: "X.509 extension", w: false }); + oids.insert("2.5.29.62", OidEntry { d: "noAssertion", c: "X.509 extension", w: false }); + oids.insert("2.5.29.63", OidEntry { d: "aAissuingDistributionPoint", c: "X.509 extension", w: false }); + oids.insert("2.5.29.64", OidEntry { d: "issuedOnBehalfOf", c: "X.509 extension", w: false }); + oids.insert("2.5.29.65", OidEntry { d: "singleUse", c: "X.509 extension", w: false }); + oids.insert("2.5.29.66", OidEntry { d: "groupAC", c: "X.509 extension", w: false }); + oids.insert("2.5.29.67", OidEntry { d: "allowedAttAss", c: "X.509 extension", w: false }); + oids.insert("2.5.29.68", OidEntry { d: "attributeMappings", c: "X.509 extension", w: false }); + oids.insert("2.5.29.69", OidEntry { d: "holderNameConstraints", c: "X.509 extension", w: false }); + oids.insert("2.16.578.1.26.1.3.1", OidEntry { d: "privateKeySmartCard", c: "Norway Buypass CA policy", w: false }); + oids.insert("2.16.578.1.26.1.3.2", OidEntry { d: "privateKeySoftToken", c: "Norway Buypass CA policy", w: false }); + oids.insert("2.16.578.1.26.1.3.3", OidEntry { d: "sslEvident. Also assigned as BuyPass EV policy", c: "Norway Buypass CA policy", w: false }); + oids.insert("2.16.578.1.26.1.3.4", OidEntry { d: "sslBusinessPlus", c: "Norway Buypass CA policy", w: false }); + oids.insert("2.16.578.1.26.1.3.5", OidEntry { d: "privateKeyHardToken", c: "Norway Buypass CA policy", w: false }); + oids.insert("2.16.578.1.26.1.3.6", OidEntry { d: "privateKeyHSM", c: "Norway Buypass CA policy", w: false }); + oids.insert("2.16.724.1.2.2.4.1", OidEntry { d: "personalDataInfo", c: "Spanish Government PKI?", w: false }); + oids.insert("2.16.840.1.101.2.1.1.1", OidEntry { d: "sdnsSignatureAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.2", OidEntry { d: "fortezzaSignatureAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1.", w: false }); + oids.insert("2.16.840.1.101.2.1.1.3", OidEntry { d: "sdnsConfidentialityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.4", OidEntry { d: "fortezzaConfidentialityAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.5", OidEntry { d: "sdnsIntegrityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.6", OidEntry { d: "fortezzaIntegrityAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.7", OidEntry { d: "sdnsTokenProtectionAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.8", OidEntry { d: "fortezzaTokenProtectionAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.9", OidEntry { d: "sdnsKeyManagementAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.10", OidEntry { d: "fortezzaKeyManagementAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.11", OidEntry { d: "sdnsKMandSigAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.12", OidEntry { d: "fortezzaKMandSigAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.13", OidEntry { d: "suiteASignatureAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.14", OidEntry { d: "suiteAConfidentialityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.15", OidEntry { d: "suiteAIntegrityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.16", OidEntry { d: "suiteATokenProtectionAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.17", OidEntry { d: "suiteAKeyManagementAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.18", OidEntry { d: "suiteAKMandSigAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.19", OidEntry { d: "fortezzaUpdatedSigAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.20", OidEntry { d: "fortezzaKMandUpdSigAlgorithms", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.21", OidEntry { d: "fortezzaUpdatedIntegAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.22", OidEntry { d: "keyExchangeAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm", w: false }); + oids.insert("2.16.840.1.101.2.1.1.23", OidEntry { d: "fortezzaWrap80Algorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.1.24", OidEntry { d: "kEAKeyEncryptionAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); + oids.insert("2.16.840.1.101.2.1.2.1", OidEntry { d: "rfc822MessageFormat", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.2", OidEntry { d: "emptyContent", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.3", OidEntry { d: "cspContentType", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.42", OidEntry { d: "mspRev3ContentType", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.48", OidEntry { d: "mspContentType", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.49", OidEntry { d: "mspRekeyAgentProtocol", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.50", OidEntry { d: "mspMMP", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.66", OidEntry { d: "mspRev3-1ContentType", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.72", OidEntry { d: "forwardedMSPMessageBodyPart", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.73", OidEntry { d: "mspForwardedMessageParameters", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.74", OidEntry { d: "forwardedCSPMsgBodyPart", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.75", OidEntry { d: "cspForwardedMessageParameters", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.76", OidEntry { d: "mspMMP2", c: "SDN.700 INFOSEC format", w: false }); + oids.insert("2.16.840.1.101.2.1.2.78.2", OidEntry { d: "encryptedKeyPackage", c: "SDN.700 INFOSEC format and RFC 6032", w: false }); + oids.insert("2.16.840.1.101.2.1.2.78.3", OidEntry { d: "keyPackageReceipt", c: "SDN.700 INFOSEC format and RFC 7191", w: false }); + oids.insert("2.16.840.1.101.2.1.2.78.6", OidEntry { d: "keyPackageError", c: "SDN.700 INFOSEC format and RFC 7191", w: false }); + oids.insert("2.16.840.1.101.2.1.3.1", OidEntry { d: "sdnsSecurityPolicy", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.2", OidEntry { d: "sdnsPRBAC", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.3", OidEntry { d: "mosaicPRBAC", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.10", OidEntry { d: "siSecurityPolicy", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.10.0", OidEntry { d: "siNASP", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.1", OidEntry { d: "siELCO", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.2", OidEntry { d: "siTK", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.3", OidEntry { d: "siDSAP", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.4", OidEntry { d: "siSSSS", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.5", OidEntry { d: "siDNASP", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.6", OidEntry { d: "siBYEMAN", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.7", OidEntry { d: "siREL-US", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.8", OidEntry { d: "siREL-AUS", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.9", OidEntry { d: "siREL-CAN", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.10", OidEntry { d: "siREL_UK", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.11", OidEntry { d: "siREL-NZ", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.10.12", OidEntry { d: "siGeneric", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.11", OidEntry { d: "genser", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.11.0", OidEntry { d: "genserNations", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.11.1", OidEntry { d: "genserComsec", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.11.2", OidEntry { d: "genserAcquisition", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.3.11.3", OidEntry { d: "genserSecurityCategories", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.11.3.0", OidEntry { d: "genserTagSetName", c: "SDN.700 INFOSEC GENSER policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.12", OidEntry { d: "defaultSecurityPolicy", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.13", OidEntry { d: "capcoMarkings", c: "SDN.700 INFOSEC policy", w: false }); + oids.insert("2.16.840.1.101.2.1.3.13.0", OidEntry { d: "capcoSecurityCategories", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); + oids.insert("2.16.840.1.101.2.1.3.13.0.1", OidEntry { d: "capcoTagSetName1", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); + oids.insert("2.16.840.1.101.2.1.3.13.0.2", OidEntry { d: "capcoTagSetName2", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); + oids.insert("2.16.840.1.101.2.1.3.13.0.3", OidEntry { d: "capcoTagSetName3", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); + oids.insert("2.16.840.1.101.2.1.3.13.0.4", OidEntry { d: "capcoTagSetName4", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); + oids.insert("2.16.840.1.101.2.1.5.1", OidEntry { d: "sdnsKeyManagementCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.2", OidEntry { d: "sdnsUserSignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.3", OidEntry { d: "sdnsKMandSigCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.4", OidEntry { d: "fortezzaKeyManagementCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.5", OidEntry { d: "fortezzaKMandSigCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.6", OidEntry { d: "fortezzaUserSignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.7", OidEntry { d: "fortezzaCASignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.8", OidEntry { d: "sdnsCASignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.10", OidEntry { d: "auxiliaryVector", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.11", OidEntry { d: "mlReceiptPolicy", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.12", OidEntry { d: "mlMembership", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.13", OidEntry { d: "mlAdministrators", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.14", OidEntry { d: "alid", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.20", OidEntry { d: "janUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.21", OidEntry { d: "febUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.22", OidEntry { d: "marUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.23", OidEntry { d: "aprUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.24", OidEntry { d: "mayUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.25", OidEntry { d: "junUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.26", OidEntry { d: "julUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.27", OidEntry { d: "augUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.28", OidEntry { d: "sepUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.29", OidEntry { d: "octUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.30", OidEntry { d: "novUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.31", OidEntry { d: "decUKMs", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.40", OidEntry { d: "metaSDNSckl", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.41", OidEntry { d: "sdnsCKL", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.42", OidEntry { d: "metaSDNSsignatureCKL", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.43", OidEntry { d: "sdnsSignatureCKL", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.44", OidEntry { d: "sdnsCertificateRevocationList", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.45", OidEntry { d: "fortezzaCertificateRevocationList", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.46", OidEntry { d: "fortezzaCKL", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.47", OidEntry { d: "alExemptedAddressProcessor", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.48", OidEntry { d: "guard", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.49", OidEntry { d: "algorithmsSupported", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.50", OidEntry { d: "suiteAKeyManagementCertificate", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.51", OidEntry { d: "suiteAKMandSigCertificate", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.52", OidEntry { d: "suiteAUserSignatureCertificate", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.53", OidEntry { d: "prbacInfo", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.54", OidEntry { d: "prbacCAConstraints", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.55", OidEntry { d: "sigOrKMPrivileges", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.56", OidEntry { d: "commPrivileges", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.57", OidEntry { d: "labeledAttribute", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.58", OidEntry { d: "policyInformationFile", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); + oids.insert("2.16.840.1.101.2.1.5.59", OidEntry { d: "secPolicyInformationFile", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.60", OidEntry { d: "cAClearanceConstraint", c: "SDN.700 INFOSEC attributes", w: false }); + oids.insert("2.16.840.1.101.2.1.5.65", OidEntry { d: "keyPkgIdAndReceiptReq", c: "SDN.700 INFOSEC attributes and RFC 7191", w: false }); + oids.insert("2.16.840.1.101.2.1.5.66", OidEntry { d: "contentDecryptKeyID", c: "SDN.700 INFOSEC attributes and RFC 6032", w: false }); + oids.insert("2.16.840.1.101.2.1.5.70", OidEntry { d: "kpCrlPointers", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.5.71", OidEntry { d: "kpKeyProvinceV2", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.5.72", OidEntry { d: "kpManifest", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.7.1", OidEntry { d: "cspExtns", c: "SDN.700 INFOSEC extensions", w: false }); + oids.insert("2.16.840.1.101.2.1.7.1.0", OidEntry { d: "cspCsExtn", c: "SDN.700 INFOSEC extensions", w: false }); + oids.insert("2.16.840.1.101.2.1.8.1", OidEntry { d: "mISSISecurityCategories", c: "SDN.700 INFOSEC security category", w: false }); + oids.insert("2.16.840.1.101.2.1.8.2", OidEntry { d: "standardSecurityLabelPrivileges", c: "SDN.700 INFOSEC security category", w: false }); + oids.insert("2.16.840.1.101.2.1.8.3.1", OidEntry { d: "enumeratedPermissiveAttrs", c: "SDN.700 INFOSEC security category from RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.8.3.3", OidEntry { d: "informativeAttrs", c: "SDN.700 INFOSEC security category from RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.8.3.4", OidEntry { d: "enumeratedRestrictiveAttrs", c: "SDN.700 INFOSEC security category from RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.10.1", OidEntry { d: "sigPrivileges", c: "SDN.700 INFOSEC privileges", w: false }); + oids.insert("2.16.840.1.101.2.1.10.2", OidEntry { d: "kmPrivileges", c: "SDN.700 INFOSEC privileges", w: false }); + oids.insert("2.16.840.1.101.2.1.10.3", OidEntry { d: "namedTagSetPrivilege", c: "SDN.700 INFOSEC privileges", w: false }); + oids.insert("2.16.840.1.101.2.1.11.1", OidEntry { d: "ukDemo", c: "SDN.700 INFOSEC certificate policy", w: false }); + oids.insert("2.16.840.1.101.2.1.11.2", OidEntry { d: "usDODClass2", c: "SDN.700 INFOSEC certificate policy", w: false }); + oids.insert("2.16.840.1.101.2.1.11.3", OidEntry { d: "usMediumPilot", c: "SDN.700 INFOSEC certificate policy", w: false }); + oids.insert("2.16.840.1.101.2.1.11.4", OidEntry { d: "usDODClass4", c: "SDN.700 INFOSEC certificate policy", w: false }); + oids.insert("2.16.840.1.101.2.1.11.5", OidEntry { d: "usDODClass3", c: "SDN.700 INFOSEC certificate policy", w: false }); + oids.insert("2.16.840.1.101.2.1.11.6", OidEntry { d: "usDODClass5", c: "SDN.700 INFOSEC certificate policy", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0", OidEntry { d: "testSecurityPolicy", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.1", OidEntry { d: "tsp1", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.1.0", OidEntry { d: "tsp1SecurityCategories", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.1.0.0", OidEntry { d: "tsp1TagSetZero", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.1.0.1", OidEntry { d: "tsp1TagSetOne", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.1.0.2", OidEntry { d: "tsp1TagSetTwo", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.2", OidEntry { d: "tsp2", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.2.0", OidEntry { d: "tsp2SecurityCategories", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.2.0.0", OidEntry { d: "tsp2TagSetZero", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.2.0.1", OidEntry { d: "tsp2TagSetOne", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.2.0.2", OidEntry { d: "tsp2TagSetTwo", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.3", OidEntry { d: "kafka", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.3.0", OidEntry { d: "kafkaSecurityCategories", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.3.0.1", OidEntry { d: "kafkaTagSetName1", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.3.0.2", OidEntry { d: "kafkaTagSetName2", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.0.3.0.3", OidEntry { d: "kafkaTagSetName3", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.12.1.1", OidEntry { d: "tcp1", c: "SDN.700 INFOSEC test objects", w: false }); + oids.insert("2.16.840.1.101.2.1.13.1", OidEntry { d: "kmaKeyAlgorithm", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.3", OidEntry { d: "kmaTSECNomenclature", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.5", OidEntry { d: "kmaKeyDistPeriod", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.6", OidEntry { d: "kmaKeyValidityPeriod", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.7", OidEntry { d: "kmaKeyDuration", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.11", OidEntry { d: "kmaSplitID", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.12", OidEntry { d: "kmaKeyPkgType", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.13", OidEntry { d: "kmaKeyPurpose", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.14", OidEntry { d: "kmaKeyUse", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.15", OidEntry { d: "kmaTransportKey", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.16", OidEntry { d: "kmaKeyPkgReceiversV2", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.19", OidEntry { d: "kmaOtherCertFormats", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.20", OidEntry { d: "kmaUsefulCerts", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.21", OidEntry { d: "kmaKeyWrapAlgorithm", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.13.22", OidEntry { d: "kmaSigUsageV3", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); + oids.insert("2.16.840.1.101.2.1.16.0", OidEntry { d: "dn", c: "SDN.700 INFOSEC attributes and RFC 7191", w: false }); + oids.insert("2.16.840.1.101.2.1.22", OidEntry { d: "errorCodes", c: "RFC 7906 key attribute error codes", w: false }); + oids.insert("2.16.840.1.101.2.1.22.1", OidEntry { d: "missingKeyType", c: "RFC 7906 key attribute error codes", w: false }); + oids.insert("2.16.840.1.101.2.1.22.2", OidEntry { d: "privacyMarkTooLong", c: "RFC 7906 key attribute error codes", w: false }); + oids.insert("2.16.840.1.101.2.1.22.3", OidEntry { d: "unrecognizedSecurityPolicy", c: "RFC 7906 key attribute error codes", w: false }); + oids.insert("2.16.840.1.101.3.1", OidEntry { d: "slabel", c: "CSOR GAK", w: true }); + oids.insert("2.16.840.1.101.3.2", OidEntry { d: "pki", c: "NIST", w: true }); + oids.insert("2.16.840.1.101.3.2.1", OidEntry { d: "NIST policyIdentifier", c: "NIST policies", w: true }); + oids.insert("2.16.840.1.101.3.2.1.3.1", OidEntry { d: "fbcaRudimentaryPolicy", c: "Federal Bridge CA Policy", w: false }); + oids.insert("2.16.840.1.101.3.2.1.3.2", OidEntry { d: "fbcaBasicPolicy", c: "Federal Bridge CA Policy", w: false }); + oids.insert("2.16.840.1.101.3.2.1.3.3", OidEntry { d: "fbcaMediumPolicy", c: "Federal Bridge CA Policy", w: false }); + oids.insert("2.16.840.1.101.3.2.1.3.4", OidEntry { d: "fbcaHighPolicy", c: "Federal Bridge CA Policy", w: false }); + oids.insert("2.16.840.1.101.3.2.1.48.1", OidEntry { d: "nistTestPolicy1", c: "NIST PKITS policies", w: false }); + oids.insert("2.16.840.1.101.3.2.1.48.2", OidEntry { d: "nistTestPolicy2", c: "NIST PKITS policies", w: false }); + oids.insert("2.16.840.1.101.3.2.1.48.3", OidEntry { d: "nistTestPolicy3", c: "NIST PKITS policies", w: false }); + oids.insert("2.16.840.1.101.3.2.1.48.4", OidEntry { d: "nistTestPolicy4", c: "NIST PKITS policies", w: false }); + oids.insert("2.16.840.1.101.3.2.1.48.5", OidEntry { d: "nistTestPolicy5", c: "NIST PKITS policies", w: false }); + oids.insert("2.16.840.1.101.3.2.1.48.6", OidEntry { d: "nistTestPolicy6", c: "NIST PKITS policies", w: false }); + oids.insert("2.16.840.1.101.3.2.2", OidEntry { d: "gak", c: "CSOR GAK extended key usage", w: true }); + oids.insert("2.16.840.1.101.3.2.2.1", OidEntry { d: "kRAKey", c: "CSOR GAK extended key usage", w: true }); + oids.insert("2.16.840.1.101.3.2.3", OidEntry { d: "extensions", c: "CSOR GAK extensions", w: true }); + oids.insert("2.16.840.1.101.3.2.3.1", OidEntry { d: "kRTechnique", c: "CSOR GAK extensions", w: true }); + oids.insert("2.16.840.1.101.3.2.3.2", OidEntry { d: "kRecoveryCapable", c: "CSOR GAK extensions", w: true }); + oids.insert("2.16.840.1.101.3.2.3.3", OidEntry { d: "kR", c: "CSOR GAK extensions", w: true }); + oids.insert("2.16.840.1.101.3.2.4", OidEntry { d: "keyRecoverySchemes", c: "CSOR GAK", w: true }); + oids.insert("2.16.840.1.101.3.2.5", OidEntry { d: "krapola", c: "CSOR GAK", w: true }); + oids.insert("2.16.840.1.101.3.3", OidEntry { d: "arpa", c: "CSOR GAK", w: true }); + oids.insert("2.16.840.1.101.3.4", OidEntry { d: "nistAlgorithm", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1", OidEntry { d: "aes", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.1", OidEntry { d: "aes128-ECB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.2", OidEntry { d: "aes128-CBC", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.3", OidEntry { d: "aes128-OFB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.4", OidEntry { d: "aes128-CFB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.5", OidEntry { d: "aes128-wrap", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.6", OidEntry { d: "aes128-GCM", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.7", OidEntry { d: "aes128-CCM", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.8", OidEntry { d: "aes128-wrap-pad", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.9", OidEntry { d: "aes128-GMAC", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.21", OidEntry { d: "aes192-ECB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.22", OidEntry { d: "aes192-CBC", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.23", OidEntry { d: "aes192-OFB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.24", OidEntry { d: "aes192-CFB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.25", OidEntry { d: "aes192-wrap", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.26", OidEntry { d: "aes192-GCM", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.27", OidEntry { d: "aes192-CCM", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.28", OidEntry { d: "aes192-wrap-pad", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.29", OidEntry { d: "aes192-GMAC", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.41", OidEntry { d: "aes256-ECB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.42", OidEntry { d: "aes256-CBC", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.43", OidEntry { d: "aes256-OFB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.44", OidEntry { d: "aes256-CFB", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.45", OidEntry { d: "aes256-wrap", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.46", OidEntry { d: "aes256-GCM", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.47", OidEntry { d: "aes256-CCM", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.48", OidEntry { d: "aes256-wrap-pad", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.1.49", OidEntry { d: "aes256-GMAC", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2", OidEntry { d: "hashAlgos", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.1", OidEntry { d: "sha-256", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.2", OidEntry { d: "sha-384", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.3", OidEntry { d: "sha-512", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.4", OidEntry { d: "sha-224", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.7", OidEntry { d: "sha3-224", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.8", OidEntry { d: "sha3-256", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.9", OidEntry { d: "sha3-384", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.10", OidEntry { d: "sha3-512", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.11", OidEntry { d: "shake128", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.12", OidEntry { d: "shake256", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.17", OidEntry { d: "shake128len", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.18", OidEntry { d: "shake256len", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.19", OidEntry { d: "kmacShake128", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.2.20", OidEntry { d: "kmacShake256", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.3.1", OidEntry { d: "dsaWithSha224", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.101.3.4.3.2", OidEntry { d: "dsaWithSha256", c: "NIST Algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8", OidEntry { d: "novellAlgorithm", c: "Novell", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.22", OidEntry { d: "desCbcIV8", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.23", OidEntry { d: "desCbcPadIV8", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.24", OidEntry { d: "desEDE2CbcIV8", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.25", OidEntry { d: "desEDE2CbcPadIV8", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.26", OidEntry { d: "desEDE3CbcIV8", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.27", OidEntry { d: "desEDE3CbcPadIV8", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.28", OidEntry { d: "rc5CbcPad", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.29", OidEntry { d: "md2WithRSAEncryptionBSafe1", c: "Novell signature algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.30", OidEntry { d: "md5WithRSAEncryptionBSafe1", c: "Novell signature algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.31", OidEntry { d: "sha1WithRSAEncryptionBSafe1", c: "Novell signature algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.32", OidEntry { d: "lmDigest", c: "Novell digest algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.40", OidEntry { d: "md2", c: "Novell digest algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.50", OidEntry { d: "md5", c: "Novell digest algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.51", OidEntry { d: "ikeHmacWithSHA1-RSA", c: "Novell signature algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.52", OidEntry { d: "ikeHmacWithMD5-RSA", c: "Novell signature algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.69", OidEntry { d: "rc2CbcPad", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.82", OidEntry { d: "sha-1", c: "Novell digest algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.92", OidEntry { d: "rc2BSafe1Cbc", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.95", OidEntry { d: "md4", c: "Novell digest algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.130", OidEntry { d: "md4Packet", c: "Novell keyed hash", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.131", OidEntry { d: "rsaEncryptionBsafe1", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.132", OidEntry { d: "nwPassword", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.2.8.133", OidEntry { d: "novellObfuscate-1", c: "Novell encryption algorithm", w: false }); + oids.insert("2.16.840.1.113719.1.9", OidEntry { d: "pki", c: "Novell", w: false }); + oids.insert("2.16.840.1.113719.1.9.4", OidEntry { d: "pkiAttributeType", c: "Novell PKI", w: false }); + oids.insert("2.16.840.1.113719.1.9.4.1", OidEntry { d: "securityAttributes", c: "Novell PKI attribute type", w: false }); + oids.insert("2.16.840.1.113719.1.9.4.2", OidEntry { d: "relianceLimit", c: "Novell PKI attribute type", w: false }); + oids.insert("2.16.840.1.113730.1", OidEntry { d: "cert-extension", c: "Netscape", w: false }); + oids.insert("2.16.840.1.113730.1.1", OidEntry { d: "netscape-cert-type", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.2", OidEntry { d: "netscape-base-url", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.3", OidEntry { d: "netscape-revocation-url", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.4", OidEntry { d: "netscape-ca-revocation-url", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.7", OidEntry { d: "netscape-cert-renewal-url", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.8", OidEntry { d: "netscape-ca-policy-url", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.9", OidEntry { d: "HomePage-url", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.10", OidEntry { d: "EntityLogo", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.11", OidEntry { d: "UserPicture", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.12", OidEntry { d: "netscape-ssl-server-name", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.1.13", OidEntry { d: "netscape-comment", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.2", OidEntry { d: "data-type", c: "Netscape", w: false }); + oids.insert("2.16.840.1.113730.2.1", OidEntry { d: "dataGIF", c: "Netscape data type", w: false }); + oids.insert("2.16.840.1.113730.2.2", OidEntry { d: "dataJPEG", c: "Netscape data type", w: false }); + oids.insert("2.16.840.1.113730.2.3", OidEntry { d: "dataURL", c: "Netscape data type", w: false }); + oids.insert("2.16.840.1.113730.2.4", OidEntry { d: "dataHTML", c: "Netscape data type", w: false }); + oids.insert("2.16.840.1.113730.2.5", OidEntry { d: "certSequence", c: "Netscape data type", w: false }); + oids.insert("2.16.840.1.113730.2.6", OidEntry { d: "certURL", c: "Netscape certificate extension", w: false }); + oids.insert("2.16.840.1.113730.3", OidEntry { d: "directory", c: "Netscape", w: false }); + oids.insert("2.16.840.1.113730.3.1", OidEntry { d: "ldapDefinitions", c: "Netscape directory", w: false }); + oids.insert("2.16.840.1.113730.3.1.1", OidEntry { d: "carLicense", c: "Netscape LDAP definitions", w: false }); + oids.insert("2.16.840.1.113730.3.1.2", OidEntry { d: "departmentNumber", c: "Netscape LDAP definitions", w: false }); + oids.insert("2.16.840.1.113730.3.1.3", OidEntry { d: "employeeNumber", c: "Netscape LDAP definitions", w: false }); + oids.insert("2.16.840.1.113730.3.1.4", OidEntry { d: "employeeType", c: "Netscape LDAP definitions", w: false }); + oids.insert("2.16.840.1.113730.3.1.216", OidEntry { d: "userPKCS12", c: "Netscape LDAP definitions", w: false }); + oids.insert("2.16.840.1.113730.3.2.2", OidEntry { d: "inetOrgPerson", c: "Netscape LDAP definitions", w: false }); + oids.insert("2.16.840.1.113730.4.1", OidEntry { d: "serverGatedCrypto", c: "Netscape", w: false }); + oids.insert("2.16.840.1.113733.1.6.3", OidEntry { d: "verisignCZAG", c: "Verisign extension", w: false }); + oids.insert("2.16.840.1.113733.1.6.6", OidEntry { d: "verisignInBox", c: "Verisign extension", w: false }); + oids.insert("2.16.840.1.113733.1.6.11", OidEntry { d: "verisignOnsiteJurisdictionHash", c: "Verisign extension", w: false }); + oids.insert("2.16.840.1.113733.1.6.13", OidEntry { d: "Unknown Verisign VPN extension", c: "Verisign extension", w: false }); + oids.insert("2.16.840.1.113733.1.6.15", OidEntry { d: "verisignServerID", c: "Verisign extension", w: false }); + oids.insert("2.16.840.1.113733.1.7.1.1", OidEntry { d: "verisignCertPolicies95Qualifier1", c: "Verisign policy", w: false }); + oids.insert("2.16.840.1.113733.1.7.1.1.1", OidEntry { d: "verisignCPSv1notice", c: "Verisign policy (obsolete)", w: false }); + oids.insert("2.16.840.1.113733.1.7.1.1.2", OidEntry { d: "verisignCPSv1nsi", c: "Verisign policy (obsolete)", w: false }); + oids.insert("2.16.840.1.113733.1.8.1", OidEntry { d: "verisignISSStrongCrypto", c: "Verisign", w: false }); + oids.insert("2.16.840.1.113733.1", OidEntry { d: "pki", c: "Verisign extension", w: false }); + oids.insert("2.16.840.1.113733.1.9", OidEntry { d: "pkcs7Attribute", c: "Verisign PKI extension", w: false }); + oids.insert("2.16.840.1.113733.1.9.2", OidEntry { d: "messageType", c: "Verisign PKCS #7 attribute", w: false }); + oids.insert("2.16.840.1.113733.1.9.3", OidEntry { d: "pkiStatus", c: "Verisign PKCS #7 attribute", w: false }); + oids.insert("2.16.840.1.113733.1.9.4", OidEntry { d: "failInfo", c: "Verisign PKCS #7 attribute", w: false }); + oids.insert("2.16.840.1.113733.1.9.5", OidEntry { d: "senderNonce", c: "Verisign PKCS #7 attribute", w: false }); + oids.insert("2.16.840.1.113733.1.9.6", OidEntry { d: "recipientNonce", c: "Verisign PKCS #7 attribute", w: false }); + oids.insert("2.16.840.1.113733.1.9.7", OidEntry { d: "transID", c: "Verisign PKCS #7 attribute", w: false }); + oids.insert("2.16.840.1.113733.1.9.8", OidEntry { d: "extensionReq", c: "Verisign PKCS #7 attribute. Use PKCS #9 extensionRequest instead", w: true }); + oids.insert("2.16.840.1.113741.2", OidEntry { d: "intelCDSA", c: "Intel CDSA", w: false }); + oids.insert("2.16.840.1.114412.1", OidEntry { d: "digiCertNonEVCerts", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.1", OidEntry { d: "digiCertOVCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.2", OidEntry { d: "digiCertDVCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.11", OidEntry { d: "digiCertFederatedDeviceCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.3.0.1", OidEntry { d: "digiCertGlobalCAPolicy", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.3.0.2", OidEntry { d: "digiCertHighAssuranceEVCAPolicy", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.3.0.3", OidEntry { d: "digiCertGlobalRootCAPolicy", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.1.3.0.4", OidEntry { d: "digiCertAssuredIDRootCAPolicy", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.2", OidEntry { d: "digiCertEVCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.3", OidEntry { d: "digiCertObjectSigningCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.3.1", OidEntry { d: "digiCertCodeSigningCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.3.2", OidEntry { d: "digiCertEVCodeSigningCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.3.11", OidEntry { d: "digiCertKernelCodeSigningCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.3.21", OidEntry { d: "digiCertDocumentSigningCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4", OidEntry { d: "digiCertClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.1.1", OidEntry { d: "digiCertLevel1PersonalClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.1.2", OidEntry { d: "digiCertLevel1EnterpriseClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.2", OidEntry { d: "digiCertLevel2ClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.3.1", OidEntry { d: "digiCertLevel3USClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.3.2", OidEntry { d: "digiCertLevel3CBPClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.4.1", OidEntry { d: "digiCertLevel4USClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.4.2", OidEntry { d: "digiCertLevel4CBPClientCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.5.1", OidEntry { d: "digiCertPIVHardwareCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.5.2", OidEntry { d: "digiCertPIVCardAuthCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.2.4.5.3", OidEntry { d: "digiCertPIVContentSigningCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.4.31", OidEntry { d: "digiCertGridClassicCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.4.31.5", OidEntry { d: "digiCertGridIntegratedCert", c: "Digicert CA policy", w: false }); + oids.insert("2.16.840.1.114412.31.4.31.1", OidEntry { d: "digiCertGridHostCert", c: "Digicert CA policy", w: false }); + oids.insert("2.23.42.0", OidEntry { d: "contentType", c: "SET", w: false }); + oids.insert("2.23.42.0.0", OidEntry { d: "panData", c: "SET contentType", w: false }); + oids.insert("2.23.42.0.1", OidEntry { d: "panToken", c: "SET contentType", w: false }); + oids.insert("2.23.42.0.2", OidEntry { d: "panOnly", c: "SET contentType", w: false }); + oids.insert("2.23.42.1", OidEntry { d: "msgExt", c: "SET", w: false }); + oids.insert("2.23.42.2", OidEntry { d: "field", c: "SET", w: false }); + oids.insert("2.23.42.2.0", OidEntry { d: "fullName", c: "SET field", w: false }); + oids.insert("2.23.42.2.1", OidEntry { d: "givenName", c: "SET field", w: false }); + oids.insert("2.23.42.2.2", OidEntry { d: "familyName", c: "SET field", w: false }); + oids.insert("2.23.42.2.3", OidEntry { d: "birthFamilyName", c: "SET field", w: false }); + oids.insert("2.23.42.2.4", OidEntry { d: "placeName", c: "SET field", w: false }); + oids.insert("2.23.42.2.5", OidEntry { d: "identificationNumber", c: "SET field", w: false }); + oids.insert("2.23.42.2.6", OidEntry { d: "month", c: "SET field", w: false }); + oids.insert("2.23.42.2.7", OidEntry { d: "date", c: "SET field", w: false }); + oids.insert("2.23.42.2.8", OidEntry { d: "address", c: "SET field", w: false }); + oids.insert("2.23.42.2.9", OidEntry { d: "telephone", c: "SET field", w: false }); + oids.insert("2.23.42.2.10", OidEntry { d: "amount", c: "SET field", w: false }); + oids.insert("2.23.42.2.11", OidEntry { d: "accountNumber", c: "SET field", w: false }); + oids.insert("2.23.42.2.12", OidEntry { d: "passPhrase", c: "SET field", w: false }); + oids.insert("2.23.42.3", OidEntry { d: "attribute", c: "SET", w: false }); + oids.insert("2.23.42.3.0", OidEntry { d: "cert", c: "SET attribute", w: false }); + oids.insert("2.23.42.3.0.0", OidEntry { d: "rootKeyThumb", c: "SET cert attribute", w: false }); + oids.insert("2.23.42.3.0.1", OidEntry { d: "additionalPolicy", c: "SET cert attribute", w: false }); + oids.insert("2.23.42.4", OidEntry { d: "algorithm", c: "SET", w: false }); + oids.insert("2.23.42.5", OidEntry { d: "policy", c: "SET", w: false }); + oids.insert("2.23.42.5.0", OidEntry { d: "root", c: "SET policy", w: false }); + oids.insert("2.23.42.6", OidEntry { d: "module", c: "SET", w: false }); + oids.insert("2.23.42.7", OidEntry { d: "certExt", c: "SET", w: false }); + oids.insert("2.23.42.7.0", OidEntry { d: "hashedRootKey", c: "SET cert extension", w: false }); + oids.insert("2.23.42.7.1", OidEntry { d: "certificateType", c: "SET cert extension", w: false }); + oids.insert("2.23.42.7.2", OidEntry { d: "merchantData", c: "SET cert extension", w: false }); + oids.insert("2.23.42.7.3", OidEntry { d: "cardCertRequired", c: "SET cert extension", w: false }); + oids.insert("2.23.42.7.4", OidEntry { d: "tunneling", c: "SET cert extension", w: false }); + oids.insert("2.23.42.7.5", OidEntry { d: "setExtensions", c: "SET cert extension", w: false }); + oids.insert("2.23.42.7.6", OidEntry { d: "setQualifier", c: "SET cert extension", w: false }); + oids.insert("2.23.42.8", OidEntry { d: "brand", c: "SET", w: false }); + oids.insert("2.23.42.8.1", OidEntry { d: "IATA-ATA", c: "SET brand", w: false }); + oids.insert("2.23.42.8.4", OidEntry { d: "VISA", c: "SET brand", w: false }); + oids.insert("2.23.42.8.5", OidEntry { d: "MasterCard", c: "SET brand", w: false }); + oids.insert("2.23.42.8.30", OidEntry { d: "Diners", c: "SET brand", w: false }); + oids.insert("2.23.42.8.34", OidEntry { d: "AmericanExpress", c: "SET brand", w: false }); + oids.insert("2.23.42.8.6011", OidEntry { d: "Novus", c: "SET brand", w: false }); + oids.insert("2.23.42.9", OidEntry { d: "vendor", c: "SET", w: false }); + oids.insert("2.23.42.9.0", OidEntry { d: "GlobeSet", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.1", OidEntry { d: "IBM", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.2", OidEntry { d: "CyberCash", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.3", OidEntry { d: "Terisa", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.4", OidEntry { d: "RSADSI", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.5", OidEntry { d: "VeriFone", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.6", OidEntry { d: "TrinTech", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.7", OidEntry { d: "BankGate", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.8", OidEntry { d: "GTE", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.9", OidEntry { d: "CompuSource", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.10", OidEntry { d: "Griffin", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.11", OidEntry { d: "Certicom", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.12", OidEntry { d: "OSS", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.13", OidEntry { d: "TenthMountain", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.14", OidEntry { d: "Antares", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.15", OidEntry { d: "ECC", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.16", OidEntry { d: "Maithean", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.17", OidEntry { d: "Netscape", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.18", OidEntry { d: "Verisign", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.19", OidEntry { d: "BlueMoney", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.20", OidEntry { d: "Lacerte", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.21", OidEntry { d: "Fujitsu", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.22", OidEntry { d: "eLab", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.23", OidEntry { d: "Entrust", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.24", OidEntry { d: "VIAnet", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.25", OidEntry { d: "III", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.26", OidEntry { d: "OpenMarket", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.27", OidEntry { d: "Lexem", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.28", OidEntry { d: "Intertrader", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.29", OidEntry { d: "Persimmon", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.30", OidEntry { d: "NABLE", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.31", OidEntry { d: "espace-net", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.32", OidEntry { d: "Hitachi", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.33", OidEntry { d: "Microsoft", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.34", OidEntry { d: "NEC", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.35", OidEntry { d: "Mitsubishi", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.36", OidEntry { d: "NCR", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.37", OidEntry { d: "e-COMM", c: "SET vendor", w: false }); + oids.insert("2.23.42.9.38", OidEntry { d: "Gemplus", c: "SET vendor", w: false }); + oids.insert("2.23.42.10", OidEntry { d: "national", c: "SET", w: false }); + oids.insert("2.23.42.10.392", OidEntry { d: "Japan", c: "SET national", w: false }); + oids.insert("2.23.43.1.4", OidEntry { d: "wTLS-ECC", c: "WAP WTLS", w: false }); + oids.insert("2.23.43.1.4.1", OidEntry { d: "wTLS-ECC-curve1", c: "WAP WTLS", w: false }); + oids.insert("2.23.43.1.4.6", OidEntry { d: "wTLS-ECC-curve6", c: "WAP WTLS", w: false }); + oids.insert("2.23.43.1.4.8", OidEntry { d: "wTLS-ECC-curve8", c: "WAP WTLS", w: false }); + oids.insert("2.23.43.1.4.9", OidEntry { d: "wTLS-ECC-curve9", c: "WAP WTLS", w: false }); + oids.insert("2.23.133", OidEntry { d: "tCPA", c: "TCPA/TCG", w: false }); + oids.insert("2.23.133.1", OidEntry { d: "tcgSpecVersion", c: "TCPA/TCG", w: false }); + oids.insert("2.23.133.2", OidEntry { d: "tcgAttribute", c: "TCPA/TCG", w: false }); + oids.insert("2.23.133.2.1", OidEntry { d: "tcgTpmManufacturer", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.2", OidEntry { d: "tcgTpmModel", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.3", OidEntry { d: "tcgTpmVersion", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.4", OidEntry { d: "tcgPlatformManufacturer", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.5", OidEntry { d: "tcgPlatformModel", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.6", OidEntry { d: "tcgPlatformVersion", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.7", OidEntry { d: "tcgComponentManufacturer", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.8", OidEntry { d: "tcgComponentModel", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.9", OidEntry { d: "tcgComponentVersion", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.10", OidEntry { d: "tcgSecurityQualities", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.11", OidEntry { d: "tcgTpmProtectionProfile", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.12", OidEntry { d: "tcgTpmSecurityTarget", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.13", OidEntry { d: "tcgFoundationProtectionProfile", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.14", OidEntry { d: "tcgFoundationSecurityTarget", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.15", OidEntry { d: "tcgTpmIdLabel", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.16", OidEntry { d: "tcgTpmSpecification", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.2.18", OidEntry { d: "tcgTpmSecurityAssertions", c: "TCPA/TCG Attribute", w: false }); + oids.insert("2.23.133.3", OidEntry { d: "tcgProtocol", c: "TCPA/TCG", w: false }); + oids.insert("2.23.133.3.1", OidEntry { d: "tcgPrttTpmIdProtocol", c: "TCPA/TCG Protocol", w: false }); + oids.insert("2.23.133.8.1", OidEntry { d: "tcgEKCertificate", c: "TCPA/TCG Key Usage", w: false }); + oids.insert("2.23.133.10.1.1.1", OidEntry { d: "tcgObject", c: "TCPA/TCG Object", w: false }); + oids.insert("2.23.134.1.4.2.1", OidEntry { d: "postSignumRootQCA", c: "PostSignum CA", w: false }); + oids.insert("2.23.134.1.2.2.3", OidEntry { d: "postSignumPublicCA", c: "PostSignum CA", w: false }); + oids.insert("2.23.134.1.2.1.8.210", OidEntry { d: "postSignumCommercialServerPolicy", c: "PostSignum CA", w: false }); + oids.insert("2.23.136.1.1.1", OidEntry { d: "mRTDSignatureData", c: "ICAO MRTD", w: false }); + oids.insert("2.23.140.1.1", OidEntry { d: "evGuidelines", c: "CAB Certificate Policies", w: false }); + oids.insert("2.23.140.1.2.1", OidEntry { d: "domainValidated", c: "CAB Certificate Policies", w: false }); + oids.insert("2.23.140.1.2.2", OidEntry { d: "subjectIdentityValidated", c: "CAB Certificate Policies", w: false }); + oids.insert("2.23.140.1.4.1", OidEntry { d: "codeSigningRequirements", c: "CAB Certificate Policies", w: false }); + oids.insert("2.54.1775.2", OidEntry { d: "hashedRootKey", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("2.54.1775.3", OidEntry { d: "certificateType", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("2.54.1775.4", OidEntry { d: "merchantData", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("2.54.1775.5", OidEntry { d: "cardCertRequired", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("2.54.1775.6", OidEntry { d: "tunneling", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("2.54.1775.7", OidEntry { d: "setQualifier", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("2.54.1775.99", OidEntry { d: "setData", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); + oids.insert("1.2.40.0.17.1.22", OidEntry { d: "A-Trust EV policy", c: "A-Trust CA Root", w: false }); + oids.insert("1.3.6.1.4.1.34697.2.1", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Commercial", w: false }); + oids.insert("1.3.6.1.4.1.34697.2.2", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Networking", w: false }); + oids.insert("1.3.6.1.4.1.34697.2.3", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Premium", w: false }); + oids.insert("1.3.6.1.4.1.34697.2.4", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Premium ECC", w: false }); + oids.insert("1.3.6.1.4.1.17326.10.14.2.1.2", OidEntry { d: "Camerfirma EV policy", c: "Camerfirma CA Root", w: false }); + oids.insert("1.3.6.1.4.1.17326.10.8.12.1.2", OidEntry { d: "Camerfirma EV policy", c: "Camerfirma CA Root", w: false }); + oids.insert("1.3.6.1.4.1.22234.2.5.2.3.1", OidEntry { d: "CertPlus EV policy", c: "CertPlus Class 2 Primary CA (formerly Keynectis)", w: false }); + oids.insert("1.3.6.1.4.1.6449.1.2.1.5.1", OidEntry { d: "Comodo EV policy", c: "COMODO Certification Authority", w: false }); + oids.insert("1.3.6.1.4.1.6334.1.100.1", OidEntry { d: "Cybertrust EV policy", c: "Cybertrust Global Root (now Verizon Business)", w: false }); + oids.insert("1.3.6.1.4.1.4788.2.202.1", OidEntry { d: "D-TRUST EV policy", c: "D-TRUST Root Class 3 CA 2 EV 2009", w: false }); + oids.insert("2.16.840.1.114412.2.1", OidEntry { d: "DigiCert EV policy", c: "DigiCert High Assurance EV Root CA", w: false }); + oids.insert("2.16.528.1.1001.1.1.1.12.6.1.1.1", OidEntry { d: "DigiNotar EV policy", c: "DigiNotar Root CA", w: false }); + oids.insert("2.16.840.1.114028.10.1.2", OidEntry { d: "Entrust EV policy", c: "Entrust Root Certification Authority", w: false }); + oids.insert("1.3.6.1.4.1.14370.1.6", OidEntry { d: "GeoTrust EV policy", c: "GeoTrust Primary Certification Authority (formerly Equifax)", w: false }); + oids.insert("1.3.6.1.4.1.4146.1.1", OidEntry { d: "GlobalSign EV policy", c: "GlobalSign", w: false }); + oids.insert("2.16.840.1.114413.1.7.23.3", OidEntry { d: "GoDaddy EV policy", c: "GoDaddy Class 2 Certification Authority (formerly ValiCert)", w: false }); + oids.insert("1.3.6.1.4.1.14777.6.1.1", OidEntry { d: "Izenpe EV policy", c: "Certificado de Servidor Seguro SSL EV", w: false }); + oids.insert("1.3.6.1.4.1.14777.6.1.2", OidEntry { d: "Izenpe EV policy", c: "Certificado de Sede Electronica EV", w: false }); + oids.insert("1.3.6.1.4.1.782.1.2.1.8.1", OidEntry { d: "Network Solutions EV policy", c: "Network Solutions Certificate Authority", w: false }); + oids.insert("1.3.6.1.4.1.8024.0.2.100.1.2", OidEntry { d: "QuoVadis EV policy", c: "QuoVadis Root CA 2", w: false }); + oids.insert("1.2.392.200091.100.721.1", OidEntry { d: "Security Communication (SECOM) EV policy", c: "Security Communication RootCA1", w: false }); + oids.insert("2.16.840.1.114414.1.7.23.3", OidEntry { d: "Starfield EV policy", c: "Starfield Class 2 Certification Authority", w: false }); + oids.insert("1.3.6.1.4.1.23223.1.1.1", OidEntry { d: "StartCom EV policy", c: "StartCom Certification Authority", w: false }); + oids.insert("2.16.756.1.89.1.2.1.1", OidEntry { d: "SwissSign EV policy", c: "SwissSign Gold CA - G2", w: false }); + oids.insert("1.3.6.1.4.1.7879.13.24.1", OidEntry { d: "T-TeleSec EV policy", c: "T-TeleSec GlobalRoot Class 3", w: false }); + oids.insert("2.16.840.1.113733.1.7.48.1", OidEntry { d: "Thawte EV policy", c: "Thawte Premium Server CA", w: false }); + oids.insert("2.16.840.1.114404.1.1.2.4.1", OidEntry { d: "TrustWave EV policy", c: "TrustWave CA, formerly SecureTrust, before that XRamp", w: false }); + oids.insert("1.3.6.1.4.1.40869.1.1.22.3", OidEntry { d: "TWCA EV policy", c: "TWCA Root Certification Authority", w: false }); + oids.insert("2.16.840.1.113733.1.7.23.6", OidEntry { d: "VeriSign EV policy", c: "VeriSign Class 3 Public Primary Certification Authority", w: false }); + oids.insert("2.16.840.1.114171.500.9", OidEntry { d: "Wells Fargo EV policy", c: "Wells Fargo WellsSecure Public Root Certificate Authority", w: false }); + oids.insert("2.23.136.1.1.6.1", OidEntry { d: "nameChange", c: "X.509 extension", w: false }); + oids.insert("2.23.136.1.1.6.2", OidEntry { d: "documentTypeList", c: "X.509 extension", w: false }); + + oids +} diff --git a/playground/passport-input-gen/src/parser/sod.rs b/playground/passport-input-gen/src/parser/sod.rs new file mode 100644 index 000000000..e0cc8539f --- /dev/null +++ b/playground/passport-input-gen/src/parser/sod.rs @@ -0,0 +1,384 @@ +use { + crate::parser::{ + binary::Binary, + dsc::DSC, + oid_registry::load_oids, + types::{ + DataGroupHashValues, DigestAlgorithm, EContent, EncapContentInfo, + IssuerAndSerialNumber, LDSSecurityObject, SignatureAlgorithm, SignatureAlgorithmName, + SignedAttrs, SignerIdentifier, SignerInfo, + }, + utils::{ + get_hash_algo_name, get_oid_name, oid_to_string, strip_length_prefix, version_from, + OidEntry, + }, + }, + rasn::der, + rasn_cms::{Attribute, ContentInfo, SignedData}, + std::collections::{BTreeSet, HashMap}, +}; + +#[derive(Debug, Clone)] +pub struct SOD { + pub version: u32, + pub digest_algorithms: Vec, + pub encap_content_info: EncapContentInfo, + pub signer_info: SignerInfo, + pub certificate: DSC, + pub bytes: Binary, +} + +impl SOD { + fn parse_signed_attrs( + signer_info_raw: &rasn_cms::SignerInfo, + registry: &HashMap<&'static str, OidEntry>, + ) -> SignedAttrs { + let mut signed_attr_map: HashMap = HashMap::new(); + let mut reconstructed_signed_attrs: Vec = vec![]; + + for attr in signer_info_raw.signed_attrs.clone().unwrap_or_default() { + let oid: &rasn::types::ObjectIdentifier = &attr.r#type; + let values = &attr.values; + let oid_str = oid_to_string(oid); + + let name = get_oid_name(&oid_str, registry); + let val = values.first().expect("No value in Attribute").as_bytes(); + signed_attr_map.insert(name, Binary::from_slice(val)); + + reconstructed_signed_attrs.push(attr); + } + + let signed_attrs_set = BTreeSet::from_iter(reconstructed_signed_attrs); + let reconstructed_block = + der::encode(&signed_attrs_set).expect("Failed to encode reconstructed signedAttrs"); + + let message_digest = signed_attr_map + .get("messageDigest") + .expect("No messageDigest found") + .clone(); + + let signing_time = signed_attr_map.get("signingTime").map(|time_attr| { + der::decode::(&time_attr.data) + .expect("Failed to decode signingTime") + }); + + let content_type_bytes = signed_attr_map + .get("contentType") + .expect("No ContentType found in the map"); + + let content_type_oid: rasn::types::ObjectIdentifier = + der::decode(&content_type_bytes.data).expect("Failed to decode contentType OID"); + + let oid_string: String = oid_to_string(&content_type_oid); + + SignedAttrs { + bytes: Binary::from_slice(&reconstructed_block), + content_type: get_oid_name(&oid_string, registry), + message_digest, + signing_time, + } + } + + fn parse_certificate(signed_data: &SignedData) -> DSC { + let certificates = signed_data + .certificates + .as_ref() + .expect("No certificates field in SOD"); + if certificates.is_empty() { + panic!("No DSC certificate found in SOD"); + } + if certificates.len() > 1 { + eprintln!("Warning: Found multiple DSC certificates"); + } + + let dsc = certificates + .first() + .expect("Failed to extract X.509 Certificate"); + + let dsc_cert = match dsc { + rasn_cms::CertificateChoices::Certificate(c) => c, + _ => panic!("Unsupported certificate type"), + }; + let dsc_der = der::encode(&**dsc_cert).expect("Failed to encode DSC certificate"); + let dsc_binary = Binary::from_slice(&dsc_der); + DSC::from_der(&dsc_binary) + } + + fn parse_encap_content_info( + signed_data: &SignedData, + registry: &HashMap<&'static str, OidEntry>, + ) -> EncapContentInfo { + let econtent_bytes = signed_data + .encap_content_info + .content + .as_ref() + .expect("No eContent found"); + + let econtent: LDSSecurityObject = + der::decode(econtent_bytes).expect("Failed to decode LDS Security Object"); + + let content_type = &signed_data.encap_content_info.content_type; + let econtent_oid = get_oid_name(&oid_to_string(content_type), registry); + let econtent_vec = signed_data.encap_content_info.content.clone().unwrap(); + let econtent_binary = Binary::from_slice(&econtent_vec); + let hash_algorithm_oid = oid_to_string(&econtent.hash_algorithm.algorithm); + let hash_algorithm_name = get_hash_algo_name(&hash_algorithm_oid, registry); + + let hash_algorithm = DigestAlgorithm::from_name(&hash_algorithm_name) + .expect("Unsupported hash algorithm in eContent"); + let mut data_group_hash_values_map = DataGroupHashValues { + values: HashMap::new(), + }; + + let mut sorted_data_groups: Vec<_> = econtent.data_group_hash_values.into_iter().collect(); + sorted_data_groups.sort_by_key(|dg| version_from(&dg.data_group_number)); + + for data_group in sorted_data_groups { + let dg_number = version_from(&data_group.data_group_number); + let hash_value = Binary::from_slice(&data_group.data_group_hash_value); + data_group_hash_values_map + .values + .insert(dg_number, hash_value); + } + + EncapContentInfo { + e_content_type: econtent_oid, + e_content: EContent { + version: version_from(&econtent.version), + hash_algorithm, + data_group_hash_values: data_group_hash_values_map, + bytes: econtent_binary, + }, + } + } + + fn parse_signer_info( + signer_info_raw: &rasn_cms::SignerInfo, + registry: &HashMap<&'static str, OidEntry>, + ) -> SignerInfo { + let signed_attrs = Self::parse_signed_attrs(signer_info_raw, registry); + let signer_version = version_from(&signer_info_raw.version); + + let signed_digest_algorithm_oid = DigestAlgorithm::from_name(&get_oid_name( + &oid_to_string(&signer_info_raw.digest_algorithm.algorithm), + registry, + )) + .expect("Unsupported digest algorithm"); + + let signature_algorithm_name = + oid_to_string(&signer_info_raw.signature_algorithm.algorithm); + let signature_algorithm = SignatureAlgorithmName::from_oid(&signature_algorithm_name) + .expect("Unsupported signature algorithm"); + + let signature_parameters = signer_info_raw + .signature_algorithm + .parameters + .as_ref() + .map(|p| Binary::from_slice(p.as_bytes())); + + let signature = Binary::from_slice(&signer_info_raw.signature); + let signer_identifier = Self::parse_signer_identifier(signer_info_raw.sid.clone()); + SignerInfo { + version: signer_version, + signed_attrs: SignedAttrs { + content_type: signed_attrs.content_type, + message_digest: signed_attrs.message_digest, + signing_time: signed_attrs.signing_time.map(|ut| { + let time_str = ut.to_string(); + chrono::DateTime::parse_from_rfc3339(&format!("{}T00:00:00Z", time_str)) + .unwrap_or_else(|_| chrono::Utc::now().into()) + .with_timezone(&chrono::Utc) + }), + bytes: signed_attrs.bytes, + }, + digest_algorithm: signed_digest_algorithm_oid, + signature_algorithm: SignatureAlgorithm { + name: signature_algorithm, + parameters: signature_parameters, + }, + signature, + sid: signer_identifier, + } + } + + fn parse_signer_identifier(sid: rasn_cms::SignerIdentifier) -> SignerIdentifier { + match sid { + rasn_cms::SignerIdentifier::IssuerAndSerialNumber(issuer_and_serial) => { + let rasn_pkix::Name::RdnSequence(rdn_sequence) = &issuer_and_serial.issuer; + let issuer_dn = rdn_sequence + .iter() + .flat_map(|rdn| rdn.iter()) + .map(|attr| { + let oid_str = oid_to_string(&attr.r#type); + let value_str = std::str::from_utf8(attr.value.as_bytes()) + .map(String::from) + .unwrap_or_else(|_| hex::encode(attr.value.as_bytes())); + let field_name = match oid_str.as_str() { + "2.5.4.3" => "CN", + "2.5.4.6" => "C", + "2.5.4.7" => "L", + "2.5.4.8" => "ST", + "2.5.4.9" => "STREET", + "2.5.4.10" => "O", + "2.5.4.11" => "OU", + _ => &oid_str, + }; + format!("{}={}", field_name, value_str) + }) + .collect::>() + .join(", "); + let serial_number = + Binary::from_slice(&issuer_and_serial.serial_number.to_bytes_be().1); + SignerIdentifier { + issuer_and_serial_number: Some(IssuerAndSerialNumber { + issuer: issuer_dn, + serial_number, + }), + subject_key_identifier: None, + } + } + rasn_cms::SignerIdentifier::SubjectKeyIdentifier(ski) => SignerIdentifier { + issuer_and_serial_number: None, + subject_key_identifier: Some(hex::encode(&ski)), + }, + } + } + + pub fn from_der(binary: &mut Binary) -> SOD { + *binary = strip_length_prefix(binary); + let hex_der = hex::decode(binary.to_hex().trim_start_matches("0x")).unwrap(); + let content_info: ContentInfo = der::decode(&hex_der).expect("CMS decode failed"); + let signed_data: SignedData = + der::decode(content_info.content.as_bytes()).expect("SignedData decode failed"); + if signed_data.signer_infos.is_empty() { + panic!("No SignerInfos found"); + } + if signed_data.signer_infos.len() > 1 { + eprintln!("Warning: Found multiple SignerInfos"); + } + let signer_info_raw = signed_data + .signer_infos + .first() + .expect("No SignerInfo found") + .clone(); + if signer_info_raw.signed_attrs.is_none() { + panic!("No signedAttrs found in SignerInfo"); + } + let registry = load_oids(); + let mut digest_algorithms: Vec = vec![]; + for alg in &signed_data.digest_algorithms { + let oid_str = oid_to_string(&alg.algorithm); + let name = get_hash_algo_name(&oid_str, ®istry); + if let Some(digest_alg) = DigestAlgorithm::from_name(&name) { + digest_algorithms.push(digest_alg); + } else { + eprintln!("Unknown digest algorithm: {}", name); + } + } + let certificate = Self::parse_certificate(&signed_data); + let encap_content_info = Self::parse_encap_content_info(&signed_data, ®istry); + let signer_info = Self::parse_signer_info(&signer_info_raw, ®istry); + let sod_version = version_from(&signed_data.version); + SOD { + version: sod_version, + digest_algorithms, + encap_content_info, + signer_info, + certificate, + bytes: binary.clone(), + } + } +} +#[cfg(test)] +mod tests { + use super::*; + + const FIXTURE_EF_SOD: &str = "d4IHijCCB4YGCSqGSIb3DQEHAqCCB3cwggdzAgEDMQ8wDQYJYIZIAWUDBAIBBQAwgekGBmeBCAEBAaCB3gSB2zCB2AIBADANBglghkgBZQMEAgEFADCBwzAlAgEBBCBBcMqHn85qIv/vFWf/iAefQVxm6tJQq18jeBrCzb9CtjAlAgECBCCpobCd/VmAh6s/zkri7GWxoVJb0li/wn30QZ+KZeVHRTAlAgEDBCBAPk0Xwm68gyQRiYFh2P1dmcWO6GXLN1m1Kap4LH7eADAlAgEOBCDPUAT/zNZOGovTpC/VOBTsPUSBZAvhkG0Oz+sBbvamrjAlAgEEBCBMeg8N2qRzEjg08bBxPtlFPR0dWLzkR/sXNtQKB2HBe6CCBGUwggRhMIIClaADAgECAgYBQv1c+ScwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMFMxCzAJBgNVBAYTAkRFMRcwFQYDVQQKDA5ISlAgQ29uc3VsdGluZzEXMBUGA1UECwwOQ291bnRyeSBTaWduZXIxEjAQBgNVBAMMCUhKUCBQQiBDUzAeFw0xMzEyMTYyMTQzMThaFw0xNDEyMTEyMTQzMThaMFQxCzAJBgNVBAYTAkRFMRcwFQYDVQQKDA5ISlAgQ29uc3VsdGluZzEYMBYGA1UECwwPRG9jdW1lbnQgU2lnbmVyMRIwEAYDVQQDDAlISlAgUEIgRFMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCefLsGU3cEEjKRWgRN063CGZrUwUvI5YwkqJnb1iqYTurioABsHVNDkkameplk11m8e5QmzmxMB4NjMGz2ZkXxLznZUP4sBBAOb/U8MQtS90zR7YmTFJbzdtOEq2BKVwEpRF8BX8w1leFht8WRy1IGvBZHfYzewJSA2/YmJpb2KXDaCXiAfbozDud3v1TUca4eslcJDxN54Zii0VAzRIRzR75Gdk+gDE6Tus0yFDsuBMbDac7OeUP9QUUhhJUz+c25heQnZ/HdeS5+/tNlHjx134aPohAd9FzV09lVsjqI3TCnUvT7n06EtRjgyg+PK6zmXWH5gRWg6ojdOjQWAXyjAgMBAAGjUjBQMB8GA1UdIwQYMBaAFB5NV1YMEpAjZqj94RQIo39w631lMB0GA1UdDgQWBBSDHDC+h4/fVycwEOWziVDldvewijAOBgNVHQ8BAf8EBAMCB4AwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBgQAphNxDAog5uyR4akycnDfnY2j/YmRweXDlsA95NIQJBO2Q40sBjV1jTXU25Jr+ew6HL10JPm0RvzHJEGhqkQb593P1nFeu/5g95jNbXLQD4P99MFXwmUiHj4vhvBhPKgPILBQJf8Gd7dzPYaLq5vi/GmS+TAJTzgvDWtQeENb/CMHuhyNJ6NAqci9IFEyrZl0PrfnbOza/srFa5KOxPcTPZBM7WZzbOvijZaxiKAlomf6o1Wok+Q2nKz6VuX/YLEuO+cu0mcPZ8JBTpf3dUelKE6AEUw10990bDIgWP5v6CYkj3IHSR9deM8rDx+J66sYnuZqxjmsD04Jg4tzPodY40XYUdzvBProNU+Lj6aIC4HQsJd9HEHLNoqiLorJWSJcLwxEy3oT3Aqu8mHQLT+58Zs0Ul1WnY7gB3PncG1IZGjrMUUJExR0pfzXlrqMouGQbM9VNx8UNJGb53dzpinXydtSNYUtsT6Z1wgF4JL7XzCe0b8vluCzktDPjSq7S6+4xggIGMIICAgIBATBdMFMxCzAJBgNVBAYTAkRFMRcwFQYDVQQKDA5ISlAgQ29uc3VsdGluZzEXMBUGA1UECwwOQ291bnRyeSBTaWduZXIxEjAQBgNVBAMMCUhKUCBQQiBDUwIGAUL9XPknMA0GCWCGSAFlAwQCAQUAoEgwFQYJKoZIhvcNAQkDMQgGBmeBCAEBATAvBgkqhkiG9w0BCQQxIgQgtGoNBeKA85jv7uv/Z+eMc2rdFedWcLGtTGxTToGHudYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgBIIBAHYRBun70u0bL3UCfa8Tl1pMet/FTWddLdK7p2K8Bz2SiK9LG4e6eYfVP6HTIdGUP1hXP0kTQk4rzdCAwtiSephb4r3K9rj+IeyZ2CJ/BS7RGLfq5gKfV4icpyORIHaRY1UGjrvPRvGcP7tJ3PHp87EN8R4nD6wRvG0ePFrfaODkY4GkX3N+ke6fiJ221BiqLGwyE8R/vCeH8BNDhLNDzJIamgOHjrp5ugCQERVJWULD57Dk2gngkWwXIiitKNnb7JFfMuWNdDFIBEMDDCw9He+EAiP+1BqSxbMKos6e00bLuLsXKi7/c+C4z+yJBxoH3GJidCH4CNpUGlihpXLnWD8="; + + fn parse_sod() -> SOD { + let mut sod_bytes = Binary::from_base64(FIXTURE_EF_SOD).unwrap(); + SOD::from_der(&mut sod_bytes) + } + + #[test] + fn should_parse_basic_sod_properties() { + let sod = parse_sod(); + assert_eq!(sod.version, 3); + assert_eq!(sod.digest_algorithms.len(), 1); + assert!(matches!(sod.digest_algorithms[0], DigestAlgorithm::SHA256)); + } + + #[test] + fn should_parse_econtent_data_correctly() { + let sod = parse_sod(); + let econtent = &sod.encap_content_info.e_content; + assert_eq!(econtent.version, 0); + assert!(matches!(econtent.hash_algorithm, DigestAlgorithm::SHA256)); + let dg_hashes = &econtent.data_group_hash_values.values; + assert_eq!(dg_hashes.len(), 5); + assert_eq!( + dg_hashes.get(&1).unwrap().to_hex(), + "0x4170ca879fce6a22ffef1567ff88079f415c66ead250ab5f23781ac2cdbf42b6" + ); + assert_eq!( + dg_hashes.get(&2).unwrap().to_hex(), + "0xa9a1b09dfd598087ab3fce4ae2ec65b1a1525bd258bfc27df4419f8a65e54745" + ); + } + + #[test] + fn should_parse_signer_info_correctly() { + let sod = parse_sod(); + let signer = &sod.signer_info; + assert_eq!(signer.version, 1); + assert!(matches!(signer.digest_algorithm, DigestAlgorithm::SHA256)); + assert!(matches!( + signer.signature_algorithm.name, + SignatureAlgorithmName::RsassaPss + )); + assert_eq!(signer.signed_attrs.content_type, "mRTDSignatureData"); + assert_eq!( + signer.signed_attrs.message_digest.to_hex(), + "0x0420b46a0d05e280f398efeeebff67e78c736add15e75670b1ad4c6c534e8187b9d6" + ); + } + + #[test] + fn should_parse_certificate_information_correctly() { + let sod = parse_sod(); + let cert = &sod.certificate; + let tbs = &cert.tbs; + assert_eq!(tbs.validity_not_before, "Dec 16 21:43:18 2013 +00:00"); + assert_eq!(tbs.validity_not_after, "Dec 11 21:43:18 2014 +00:00"); + assert_eq!( + tbs.issuer, + "countryName=DE, organizationName=HJP Consulting, organizationalUnitName=Country \ + Signer, commonName=HJP PB CS" + ); + assert_eq!( + tbs.subject, + "countryName=DE, organizationName=HJP Consulting, organizationalUnitName=Document \ + Signer, commonName=HJP PB DS" + ); + assert!(tbs.extensions.contains_key("keyUsage")); + assert!(tbs.extensions.contains_key("authorityKeyIdentifier")); + assert!(tbs.extensions.contains_key("subjectKeyIdentifier")); + assert!(tbs.extensions.get("keyUsage").unwrap().0); + } + + #[test] + fn should_parse_signature_algorithms_correctly() { + let sod = parse_sod(); + let cert = &sod.certificate; + assert!(matches!( + cert.signature_algorithm.name, + SignatureAlgorithmName::RsassaPss + )); + assert!(matches!( + cert.tbs.subject_public_key_info.signature_algorithm.name, + SignatureAlgorithmName::RsaEncryption + )); + assert!(!cert.signature.is_empty()); + assert!(!sod.signer_info.signature.is_empty()); + } +} diff --git a/playground/passport-input-gen/src/parser/types.rs b/playground/passport-input-gen/src/parser/types.rs new file mode 100644 index 000000000..455e1fb92 --- /dev/null +++ b/playground/passport-input-gen/src/parser/types.rs @@ -0,0 +1,166 @@ +use { + crate::parser::binary::Binary, + chrono::{DateTime, Utc}, + rasn::{ + types::{Integer, OctetString, PrintableString, SequenceOf}, + AsnType, Decode, Encode, + }, + rasn_pkix::AlgorithmIdentifier, + std::collections::HashMap, +}; + +#[derive(Debug, Clone)] +pub enum DigestAlgorithm { + SHA1, + SHA224, + SHA256, + SHA384, + SHA512, +} + +impl DigestAlgorithm { + pub fn from_name(name: &str) -> Option { + match name.to_uppercase().as_str() { + "SHA1" | "SHA-1" => Some(Self::SHA1), + "SHA224" | "SHA-224" => Some(Self::SHA224), + "SHA256" | "SHA-256" => Some(Self::SHA256), + "SHA384" | "SHA-384" => Some(Self::SHA384), + "SHA512" | "SHA-512" => Some(Self::SHA512), + _ => None, + } + } +} + +#[derive(Debug, Clone)] +pub struct DataGroupHashValues { + pub values: HashMap, +} + +#[derive(Debug, Clone)] +pub struct EContent { + pub version: u32, + pub hash_algorithm: DigestAlgorithm, + pub data_group_hash_values: DataGroupHashValues, + pub bytes: Binary, +} + +#[derive(Debug, Clone)] +pub struct EncapContentInfo { + pub e_content_type: String, + pub e_content: EContent, +} + +#[derive(Debug, Clone)] +pub struct SignerInfo { + pub version: u32, + pub signed_attrs: SignedAttrs, + pub digest_algorithm: DigestAlgorithm, + pub signature_algorithm: SignatureAlgorithm, + pub signature: Binary, + pub sid: SignerIdentifier, +} + +#[derive(Debug, Clone)] +pub struct SignedAttrs { + pub content_type: String, + pub message_digest: Binary, + pub signing_time: Option>, + pub bytes: Binary, +} + +#[derive(Debug, Clone)] +pub struct SignerIdentifier { + pub issuer_and_serial_number: Option, + pub subject_key_identifier: Option, +} + +#[derive(Debug, Clone)] +pub struct IssuerAndSerialNumber { + pub issuer: String, + pub serial_number: Binary, +} + +#[derive(Debug, Clone)] +pub struct SignatureAlgorithm { + pub name: SignatureAlgorithmName, + pub parameters: Option, +} + +#[derive(Debug, Clone)] +pub enum SignatureAlgorithmName { + Sha1WithRsaSignature, + Sha256WithRsaEncryption, + Sha384WithRsaEncryption, + Sha512WithRsaEncryption, + RsassaPss, + EcdsaWithSha1, + EcdsaWithSha256, + EcdsaWithSha384, + EcdsaWithSha512, + RsaEncryption, + EcPublicKey, +} + +impl SignatureAlgorithmName { + pub fn from_oid(oid: &str) -> Option { + match oid { + "1.2.840.113549.1.1.5" => Some(Self::Sha1WithRsaSignature), + "1.2.840.113549.1.1.11" => Some(Self::Sha256WithRsaEncryption), + "1.2.840.113549.1.1.12" => Some(Self::Sha384WithRsaEncryption), + "1.2.840.113549.1.1.13" => Some(Self::Sha512WithRsaEncryption), + "1.2.840.113549.1.1.10" => Some(Self::RsassaPss), + "1.2.840.10045.4.1" => Some(Self::EcdsaWithSha1), + "1.2.840.10045.4.3.2" => Some(Self::EcdsaWithSha256), + "1.2.840.10045.4.3.3" => Some(Self::EcdsaWithSha384), + "1.2.840.10045.4.3.4" => Some(Self::EcdsaWithSha512), + "1.2.840.113549.1.1.1" => Some(Self::RsaEncryption), + "1.2.840.10045.2.1" => Some(Self::EcPublicKey), + _ => None, + } + } +} + +#[derive(Debug, Clone)] +pub struct DataGroupInfo { + pub group_number: u32, + pub name: String, + pub hash: Vec, + pub value: Vec, +} + +/// DataGroupNumber ::= INTEGER (1..16) +pub type DataGroupNumber = Integer; + +/// DataGroupHash ::= SEQUENCE { +/// dataGroupNumber DataGroupNumber, +/// dataGroupHashValue OCTET STRING +/// } +#[derive(Debug, Clone, AsnType, Decode, Encode)] +pub struct DataGroupHash { + pub data_group_number: DataGroupNumber, + pub data_group_hash_value: OctetString, +} + +/// LDSVersionInfo ::= SEQUENCE { +/// ldsVersion PrintableString, +/// unicodeVersion PrintableString +/// } +#[derive(Debug, Clone, AsnType, Decode, Encode)] +pub struct LDSVersionInfo { + pub lds_version: PrintableString, + pub unicode_version: PrintableString, +} + +/// LDSSecurityObject ::= SEQUENCE { +/// version INTEGER { v0(0), v1(1), v2(2) }, +/// hashAlgorithm DigestAlgorithmIdentifier, +/// dataGroupHashValues SEQUENCE SIZE (2..ub-DataGroups) OF DataGroupHash, +/// ldsVersionInfo LDSVersionInfo OPTIONAL +/// } +#[derive(Debug, Clone, AsnType, Decode, Encode)] +pub struct LDSSecurityObject { + pub version: Integer, + pub hash_algorithm: AlgorithmIdentifier, + pub data_group_hash_values: SequenceOf, + pub lds_version_info: Option, +} diff --git a/playground/passport-input-gen/src/parser/utils.rs b/playground/passport-input-gen/src/parser/utils.rs new file mode 100644 index 000000000..44c1cd849 --- /dev/null +++ b/playground/passport-input-gen/src/parser/utils.rs @@ -0,0 +1,43 @@ +use {crate::parser::binary::Binary, std::collections::HashMap}; + +#[derive(Debug)] +pub struct OidEntry { + pub d: &'static str, + pub c: &'static str, + pub w: bool, +} + +pub fn get_oid_name(oid: &str, registry: &HashMap<&'static str, OidEntry>) -> String { + if let Some(entry) = registry.get(oid) { + entry.d.to_string() + } else { + oid.to_string() + } +} + +pub fn get_hash_algo_name(oid: &str, registry: &HashMap<&'static str, OidEntry>) -> String { + if let Some(entry) = registry.get(oid) { + entry.d.replace("-", "").to_uppercase() + } else { + oid.to_string() + } +} + +pub fn oid_to_string(oid: &rasn::types::ObjectIdentifier) -> String { + oid.iter() + .map(|v| v.to_string()) + .collect::>() + .join(".") +} + +pub fn strip_length_prefix(binary: &Binary) -> Binary { + if binary.slice(0, 2).equals(&Binary::new(vec![119, 130])) { + binary.slice(4, binary.len()) + } else { + binary.clone() + } +} + +pub fn version_from(value: &rasn::types::Integer) -> u32 { + value.to_u32_digits().1.first().copied().unwrap_or(0) +} From b148894d47e4d3493108f2d483ec48abe34460e2 Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Fri, 5 Sep 2025 23:07:56 +0530 Subject: [PATCH 02/10] chore: add comments to dsc, sod --- .../passport-input-gen/src/parser/dsc.rs | 3 +++ .../passport-input-gen/src/parser/sod.rs | 23 +++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/playground/passport-input-gen/src/parser/dsc.rs b/playground/passport-input-gen/src/parser/dsc.rs index 6995b07df..38d1f05fc 100644 --- a/playground/passport-input-gen/src/parser/dsc.rs +++ b/playground/passport-input-gen/src/parser/dsc.rs @@ -38,6 +38,7 @@ pub struct DSC { } impl DSC { + /// Formats an X.509 Distinguished Name (DN) into a readable string. fn format_name(name: &X509Name<'_>, registry: &HashMap<&'static str, OidEntry>) -> String { let mut parts = Vec::new(); for rdn in name.iter_rdn() { @@ -56,12 +57,14 @@ impl DSC { parts.join(", ") } + /// Parses a DER-encoded X.509 certificate into a `DSC`. pub fn from_der(binary: &Binary) -> DSC { let der = strip_length_prefix(binary); let (_, cert) = parse_x509_certificate(&der.data).expect("X509 decode failed"); Self::from_x509(cert) } + /// Converts a parsed `X509Certificate` into the internal `DSC` struct. pub fn from_x509(cert: X509Certificate<'_>) -> DSC { let registry = load_oids(); diff --git a/playground/passport-input-gen/src/parser/sod.rs b/playground/passport-input-gen/src/parser/sod.rs index e0cc8539f..3f9207117 100644 --- a/playground/passport-input-gen/src/parser/sod.rs +++ b/playground/passport-input-gen/src/parser/sod.rs @@ -29,6 +29,10 @@ pub struct SOD { } impl SOD { + /// Parses the `signedAttrs` field from a `SignerInfo`. + /// - Extracts attributes like `messageDigest`, `contentType`, and + /// `signingTime`. + /// - Returns a structured `SignedAttrs` object. fn parse_signed_attrs( signer_info_raw: &rasn_cms::SignerInfo, registry: &HashMap<&'static str, OidEntry>, @@ -79,6 +83,8 @@ impl SOD { } } + /// Extracts and parses the DSC (Document Signer Certificate) from a + /// `SignedData` structure. fn parse_certificate(signed_data: &SignedData) -> DSC { let certificates = signed_data .certificates @@ -104,6 +110,11 @@ impl SOD { DSC::from_der(&dsc_binary) } + /// Parses the encapsulated LDS Security Object (`encapContentInfo`) from + /// the SOD. + /// - Extracts the hash algorithm and data group hash values (DG1, DG2, + /// etc.). + /// - Builds an `EncapContentInfo` with structured hashes and metadata. fn parse_encap_content_info( signed_data: &SignedData, registry: &HashMap<&'static str, OidEntry>, @@ -152,6 +163,9 @@ impl SOD { } } + /// Parses a `SignerInfo` structure into a custom `SignerInfo` model. + /// - Handles signed attributes, digest algorithm, signature algorithm, and + /// signature value. fn parse_signer_info( signer_info_raw: &rasn_cms::SignerInfo, registry: &HashMap<&'static str, OidEntry>, @@ -201,6 +215,9 @@ impl SOD { } } + /// Parses the signer identifier (SID) from the `SignerInfo`. + /// - Supports both `IssuerAndSerialNumber` and `SubjectKeyIdentifier`. + /// - Builds a readable issuer DN string (CN, O, OU, etc.). fn parse_signer_identifier(sid: rasn_cms::SignerIdentifier) -> SignerIdentifier { match sid { rasn_cms::SignerIdentifier::IssuerAndSerialNumber(issuer_and_serial) => { @@ -244,6 +261,12 @@ impl SOD { } } + /// Entry point: parses a full SOD (Security Object Document) from raw DER + /// bytes. + /// - Decodes CMS `ContentInfo` and `SignedData`. + /// - Extracts digest algorithms, certificate, `encapContentInfo`, and + /// `SignerInfo`. + /// - Returns a structured `SOD` with all relevant fields populated. pub fn from_der(binary: &mut Binary) -> SOD { *binary = strip_length_prefix(binary); let hex_der = hex::decode(binary.to_hex().trim_start_matches("0x")).unwrap(); From e4ea348c9f0b3eec1b28941c60b42c644cf1cf43 Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Sat, 13 Sep 2025 02:44:15 +0530 Subject: [PATCH 03/10] feat: sod to passport circuit --- playground/passport-input-gen/Cargo.toml | 4 + .../passport-input-gen/src/parser/binary.rs | 5 + .../passport-input-gen/src/parser/dsc.rs | 3 + .../passport-input-gen/src/parser/mod.rs | 460 +++++++++++++++--- .../passport-input-gen/src/parser/utils.rs | 34 +- 5 files changed, 449 insertions(+), 57 deletions(-) diff --git a/playground/passport-input-gen/Cargo.toml b/playground/passport-input-gen/Cargo.toml index 6671ec882..ad954eda5 100644 --- a/playground/passport-input-gen/Cargo.toml +++ b/playground/passport-input-gen/Cargo.toml @@ -14,6 +14,10 @@ rasn = "0.15" rasn-pkix = "0.15" rasn-cms = "0.15" chrono = { version = "0.4", features = ["serde"] } +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0.143" +toml = "0.8" +noir-bignum-paramgen = "0.1.5" [[bin]] name = "passport-input-generator" diff --git a/playground/passport-input-gen/src/parser/binary.rs b/playground/passport-input-gen/src/parser/binary.rs index ea0e10e11..11e810c9a 100644 --- a/playground/passport-input-gen/src/parser/binary.rs +++ b/playground/passport-input-gen/src/parser/binary.rs @@ -48,6 +48,11 @@ impl Binary { pub fn equals(&self, other: &Binary) -> bool { self.data.eq(&other.data) } + + pub fn from_hex(hex_str: &str) -> Result { + let data = hex::decode(hex_str)?; + Ok(Binary::new(data)) + } } impl PartialEq for Binary { diff --git a/playground/passport-input-gen/src/parser/dsc.rs b/playground/passport-input-gen/src/parser/dsc.rs index 38d1f05fc..5689cd43c 100644 --- a/playground/passport-input-gen/src/parser/dsc.rs +++ b/playground/passport-input-gen/src/parser/dsc.rs @@ -22,6 +22,7 @@ pub struct TbsCertificate { pub issuer_unique_id: Option, pub subject_unique_id: Option, pub extensions: HashMap, + pub bytes: Binary, } #[derive(Debug, Clone)] @@ -69,6 +70,7 @@ impl DSC { let registry = load_oids(); let tbs = cert.tbs_certificate; + let tbs_bytes = Binary::from_slice(tbs.as_ref()); let version = tbs.version().0; let serial_number = Binary::from_slice(tbs.raw_serial()); @@ -142,6 +144,7 @@ impl DSC { issuer_unique_id, subject_unique_id, extensions, + bytes: tbs_bytes, }; let sig_alg_oid = cert.signature_algorithm.algorithm.to_string(); diff --git a/playground/passport-input-gen/src/parser/mod.rs b/playground/passport-input-gen/src/parser/mod.rs index b7a625714..666229b32 100644 --- a/playground/passport-input-gen/src/parser/mod.rs +++ b/playground/passport-input-gen/src/parser/mod.rs @@ -1,4 +1,21 @@ -use crate::parser::{binary::Binary, sod::SOD}; +use { + crate::parser::{ + binary::Binary, + sod::SOD, + utils::{fit, load_csca_public_keys}, + }, + base64::{engine::general_purpose::STANDARD, Engine as _}, + noir_bignum_paramgen::compute_barrett_reduction_parameter, + rsa::{ + pkcs1::DecodeRsaPublicKey, + pkcs1v15::{Pkcs1v15Sign, Signature}, + pkcs8::DecodePublicKey, + traits::PublicKeyParts, + BigUint, RsaPublicKey, + }, + sha2::{Digest, Sha256}, + std::{fs::File, io::Write, path::Path}, +}; mod binary; mod dsc; @@ -12,74 +29,405 @@ pub struct PassportReader { pub sod: SOD, } -impl PassportReader { - pub fn print_passport(&self) { - let is_id_card = self.dg1.len() == 95; - let mrz_data = self.dg1.slice(5, self.dg1.len()).to_number_array(); - let mrz = String::from_utf8_lossy(&mrz_data).to_string(); +const MAX_SIGNED_ATTRIBUTES_SIZE: usize = 200; +const MAX_DG1_SIZE: usize = 95; +const SIG_BYTES: usize = 256; +const MAX_ECONTENT_SIZE: usize = 200; +const MAX_TBS_SIZE: usize = 1500; - println!("MRZ: {}", mrz); +// Circuits inputs for +// provekit/noir-examples/noir-passport-examples/complete_age_check +pub struct CircuitInputs { + dg1: [u8; MAX_DG1_SIZE], + dg1_padded_length: usize, - let extract = |start: usize, end: usize| { - String::from_utf8_lossy(&mrz_data[start..end]) - .trim() - .to_string() - }; + /// in the format YYYYMMDD + current_date: u64, - let name = extract( - if is_id_card { 60 } else { 5 }, - if is_id_card { 90 } else { 44 }, - ); - let date_of_birth = extract( - if is_id_card { 30 } else { 57 }, - if is_id_card { 36 } else { 63 }, - ); - let nationality = extract( - if is_id_card { 45 } else { 54 }, - if is_id_card { 48 } else { 57 }, - ); - let gender = extract( - if is_id_card { 37 } else { 64 }, - if is_id_card { 38 } else { 65 }, - ); - let passport_number = extract( - if is_id_card { 5 } else { 44 }, - if is_id_card { 14 } else { 53 }, - ); - let passport_expiry = extract( - if is_id_card { 38 } else { 65 }, - if is_id_card { 44 } else { 71 }, - ); + min_age_required: u8, + max_age_required: u8, + passport_validity_contents: PassportValidityContent, +} + +pub struct PassportValidityContent { + /// Signed attributes from SOD + signed_attributes: [u8; MAX_SIGNED_ATTRIBUTES_SIZE], + signed_attributes_size: usize, + + /// Encapsulated content info + econtent: [u8; MAX_ECONTENT_SIZE], + econtent_len: usize, - println!("Name: {}", name); - println!("Date of Birth: {}", date_of_birth); - println!("Nationality: {}", nationality); - println!("Gender: {}", gender); - println!("Passport Number: {}", passport_number); - println!("Passport Expiry: {}", passport_expiry); + /// DSC (Document Signer Certificate) public key and signature + dsc_pubkey: [u8; SIG_BYTES], + dsc_barrett_mu: [u8; SIG_BYTES + 1], + dsc_signature: [u8; SIG_BYTES], + dsc_rsa_exponent: u32, - for (group_number, hash_value) in self + /// CSCA (Country Signing Certificate Authority) public key and signature + // Todo: csca can be different size based on country, but for now we assume 4096 bits for US + // passport data + csc_pubkey: [u8; SIG_BYTES * 2], + csc_barrett_mu: [u8; (SIG_BYTES * 2) + 1], + dsc_cert_signature: [u8; SIG_BYTES * 2], + csc_rsa_exponent: u32, + + /// Offsets + dg1_hash_offset: usize, + econtent_hash_offset: usize, + dsc_pubkey_offset_in_dsc_cert: usize, + + // TBS bytes of the DSC certificate + dsc_cert: [u8; MAX_TBS_SIZE], + dsc_cert_len: usize, +} + +impl PassportReader { + pub fn validate(&self) -> (bool, Option) { + // Check1: DG1 Hash check in Econtent + let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + + let dg1_hash_from_econtent = self .sod .encap_content_info .e_content .data_group_hash_values .values - .iter() - { - println!( - "Data Group {} hash: {}", - group_number, - hex::encode(hash_value.to_number_array()) - ); - if *group_number == 1 { - println!("Data Group 1 value: {:?}", self.dg1.to_number_array()); + .get(&1) + .expect("DG1 hash missing") + .to_number_array(); + + assert_eq!(dg1_hash_from_econtent, dg1_hash.to_vec()); + + // Check2: Hash(Econtent) check in SignedAttributes + let econtent_hash = Sha256::digest( + &self + .sod + .encap_content_info + .e_content + .bytes + .to_number_array(), + ); + + let mut msg_digest_from_signed_attr = self + .sod + .signer_info + .signed_attrs + .message_digest + .to_number_array(); + + if msg_digest_from_signed_attr.len() > 2 && msg_digest_from_signed_attr[0] == 0x04 { + msg_digest_from_signed_attr = msg_digest_from_signed_attr[2..].to_vec(); + } + + assert_eq!(econtent_hash.as_slice(), msg_digest_from_signed_attr); + + // Check 3: Signature verification of SOD using DSC public key + let signed_attr_hash = + Sha256::digest(&self.sod.signer_info.signed_attrs.bytes.to_number_array()); + + let public_key_der = self + .sod + .certificate + .tbs + .subject_public_key_info + .subject_public_key + .to_number_array(); + + let public_key = + RsaPublicKey::from_pkcs1_der(&public_key_der).expect("Failed to parse public key"); + + let dsc_signature_bytes = self.sod.signer_info.signature.to_number_array(); + let dsc_sig_verify = public_key.verify( + Pkcs1v15Sign::new::(), + &signed_attr_hash, + &dsc_signature_bytes, + ); + + if dsc_sig_verify.is_err() { + return (false, None); + } + + assert_eq!(dsc_sig_verify.is_ok(), true); + + // check 4: Signature verification of DSC using CSCA public key + let all_csca_keys = load_csca_public_keys().expect("Failed to load CSCA public keys"); + let usa_csca_keys = all_csca_keys.get("USA").unwrap(); + + assert_eq!(usa_csca_keys.len() > 0, true); + + let tbs_bytes = &self.sod.certificate.tbs.bytes.to_number_array(); + let tbs_digest = Sha256::digest(&tbs_bytes); + + let csca_signature = &self.sod.certificate.signature.to_number_array(); + + let mut is_csca_verified = false; + let mut current_csca_index = 0; + + for csca in usa_csca_keys { + let der_key = STANDARD.decode(csca.public_key.as_bytes()).unwrap(); + let csca_public_key = RsaPublicKey::from_public_key_der(&der_key).unwrap(); + + if let Ok(_) = + csca_public_key.verify(Pkcs1v15Sign::new::(), &tbs_digest, &csca_signature) + { + is_csca_verified = true; + break; } + current_csca_index += 1; } + return (is_csca_verified, Some(current_csca_index)); + } + + pub fn to_circuit_inputs( + &self, + current_date: u64, + min_age_required: u8, + max_age_required: u8, + csca_key_index: usize, + ) -> CircuitInputs { + let dg1_padded = fit::(&self.dg1.to_number_array()); + let dg1_padded_length = self.dg1.len(); - println!( - "Data Groups Hash Algorithm: {:?}", - self.sod.encap_content_info.e_content.hash_algorithm + let signed_attributes = self.sod.signer_info.signed_attrs.bytes.to_number_array(); + let signed_attributes_padded = fit::(&signed_attributes); + let signed_attributes_size = signed_attributes.len(); + + let econtent_bytes = self + .sod + .encap_content_info + .e_content + .bytes + .to_number_array(); + + let econtent_len = econtent_bytes.len(); + let econtent_padded = fit::(&econtent_bytes); + + let public_key_der = self + .sod + .certificate + .tbs + .subject_public_key_info + .subject_public_key + .to_number_array(); + + let public_key = RsaPublicKey::from_pkcs1_der(&public_key_der).unwrap(); + + let public_key_n_vec = public_key.n().to_bytes_be(); + let public_key_n: [u8; SIG_BYTES] = public_key_n_vec + .try_into() + .expect("Public key modulus is not 256 bytes"); + + let dsc_signature: [u8; SIG_BYTES] = self + .sod + .signer_info + .signature + .to_number_array() + .try_into() + .expect("DSC signature is not 256 bytes"); + + let public_key_e = public_key.e(); + let public_key_e_bytes = public_key_e.to_bytes_be(); + + let dsc_rsa_exponent = if public_key_e_bytes.len() <= 4 { + let mut buf = [0u8; 4]; + buf[4 - public_key_e_bytes.len()..].copy_from_slice(&public_key_e_bytes); + u32::from_be_bytes(buf) + } else { + panic!("RSA exponent is larger than 4 bytes"); + }; + + let dsc_barrett = + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&public_key_n)) + .to_bytes_be(); + + let dsc_barrett_mu: [u8; SIG_BYTES + 1] = dsc_barrett + .try_into() + .expect(&format!("Barrett mu not {} bytes", SIG_BYTES + 1)); + + let all_csca_keys = load_csca_public_keys().expect( + "Failed to load + CSCA public keys", ); + let usa_csca_keys = all_csca_keys.get("USA").unwrap(); + + let csca_public_key_pem = &usa_csca_keys[csca_key_index].public_key; + let der_key = STANDARD.decode(csca_public_key_pem.as_bytes()).unwrap(); + let csca_public_key = + RsaPublicKey::from_public_key_der(&der_key).expect("Failed to parse CSCA public key"); + + let csca_public = csca_public_key.n().to_bytes_be(); + let csca_public_n: [u8; SIG_BYTES * 2] = csca_public + .try_into() + .expect(&format!("CSCA key not {} bytes", SIG_BYTES * 2)); + + let csca_rsa_exponent_bytes = csca_public_key.e().to_bytes_be(); + let csca_rsa_exponent = if csca_rsa_exponent_bytes.len() <= 4 { + let mut buf = [0u8; 4]; + buf[4 - csca_rsa_exponent_bytes.len()..].copy_from_slice(&csca_rsa_exponent_bytes); + u32::from_be_bytes(buf) + } else { + panic!("RSA exponent is larger than 4 bytes"); + }; + + let csca_barrett = + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&csca_public_n)) + .to_bytes_be(); + + let csca_barrett_mu: [u8; SIG_BYTES * 2 + 1] = csca_barrett + .try_into() + .expect(&format!("CSCA mu not {} bytes", SIG_BYTES * 2 + 1)); + + let csca_signature = self.sod.certificate.signature.to_number_array(); + let csca_signature: [u8; SIG_BYTES * 2] = csca_signature + .clone() + .try_into() + .expect(&format!("CSCA sig not {} bytes", SIG_BYTES * 2)); + + // offsets + let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + let econtent_hash = Sha256::digest(&econtent_bytes); + + let dg1_hash_offset = econtent_bytes + .windows(dg1_hash.len()) + .position(|window| window == dg1_hash.as_slice()) + .expect("DG1 hash not found in eContent"); + + let econtent_hash_offset = signed_attributes + .windows(econtent_hash.len()) + .position(|window| window == econtent_hash.as_slice()) + .expect("EContent hash not found in signed attributes"); + + let tbs_bytes = self.sod.certificate.tbs.bytes.to_number_array(); + let tbs_bytes_len = tbs_bytes.len(); + let dsc_cert = fit::(&tbs_bytes); + + let dsc_pubkey_offset_in_dsc_cert = tbs_bytes + .windows(public_key_n.len()) + .position(|window| window == public_key_n.as_slice()) + .expect("Public key not found in DSC cert"); + + CircuitInputs { + dg1: dg1_padded, + dg1_padded_length, + current_date, + min_age_required, + max_age_required, + passport_validity_contents: PassportValidityContent { + signed_attributes: signed_attributes_padded, + signed_attributes_size, + econtent: econtent_padded, + econtent_len, + dsc_pubkey: public_key_n, + dsc_barrett_mu, + dsc_signature, + dsc_rsa_exponent, + csc_pubkey: csca_public_n, + csc_barrett_mu: csca_barrett_mu, + dsc_cert_signature: csca_signature, + csc_rsa_exponent: csca_rsa_exponent, + dg1_hash_offset, + econtent_hash_offset, + dsc_pubkey_offset_in_dsc_cert, + dsc_cert, + dsc_cert_len: tbs_bytes_len, + }, + } + } +} + +impl CircuitInputs { + pub fn to_toml_string(&self) -> String { + let mut toml_content = String::new(); + + toml_content.push_str(&format!("dg1 = {:?}\n", self.dg1)); + toml_content.push_str(&format!("dg1_padded_length = {}\n", self.dg1_padded_length)); + toml_content.push_str(&format!("current_date = {}\n", self.current_date)); + toml_content.push_str(&format!("min_age_required = {}\n", self.min_age_required)); + toml_content.push_str(&format!("max_age_required = {}\n", self.max_age_required)); + + toml_content.push_str("\n[passport_validity_contents]\n"); + toml_content.push_str(&format!( + "signed_attributes = {:?}\n", + self.passport_validity_contents.signed_attributes + )); + toml_content.push_str(&format!( + "signed_attributes_size = {}\n", + self.passport_validity_contents.signed_attributes_size + )); + + toml_content.push_str(&format!( + "econtent = {:?}\n", + self.passport_validity_contents.econtent + )); + toml_content.push_str(&format!( + "econtent_len = {}\n", + self.passport_validity_contents.econtent_len + )); + + toml_content.push_str(&format!( + "dsc_signature = {:?}\n", + self.passport_validity_contents.dsc_signature + )); + toml_content.push_str(&format!( + "dsc_rsa_exponent = {}\n", + self.passport_validity_contents.dsc_rsa_exponent + )); + toml_content.push_str(&format!( + "dsc_pubkey = {:?}\n", + self.passport_validity_contents.dsc_pubkey + )); + toml_content.push_str(&format!( + "dsc_barrett_mu = {:?}\n", + self.passport_validity_contents.dsc_barrett_mu + )); + + toml_content.push_str(&format!( + "csc_pubkey = {:?}\n", + self.passport_validity_contents.csc_pubkey + )); + toml_content.push_str(&format!( + "csc_barrett_mu = {:?}\n", + self.passport_validity_contents.csc_barrett_mu + )); + toml_content.push_str(&format!( + "dsc_cert_signature = {:?}\n", + self.passport_validity_contents.dsc_cert_signature + )); + toml_content.push_str(&format!( + "csc_rsa_exponent = {}\n", + self.passport_validity_contents.csc_rsa_exponent + )); + + toml_content.push_str(&format!( + "dg1_hash_offset = {}\n", + self.passport_validity_contents.dg1_hash_offset + )); + toml_content.push_str(&format!( + "econtent_hash_offset = {}\n", + self.passport_validity_contents.econtent_hash_offset + )); + toml_content.push_str(&format!( + "dsc_pubkey_offset_in_dsc_cert = {}\n", + self.passport_validity_contents + .dsc_pubkey_offset_in_dsc_cert + )); + toml_content.push_str(&format!( + "dsc_cert = {:?}\n", + self.passport_validity_contents.dsc_cert + )); + toml_content.push_str(&format!( + "dsc_cert_len = {}\n", + self.passport_validity_contents.dsc_cert_len + )); + + toml_content + } + + pub fn save_to_toml_file>(&self, path: P) -> std::io::Result<()> { + let toml_content = self.to_toml_string(); + let mut file = File::create(path)?; + file.write_all(toml_content.as_bytes())?; + Ok(()) } } -// } diff --git a/playground/passport-input-gen/src/parser/utils.rs b/playground/passport-input-gen/src/parser/utils.rs index 44c1cd849..d0d22c03c 100644 --- a/playground/passport-input-gen/src/parser/utils.rs +++ b/playground/passport-input-gen/src/parser/utils.rs @@ -1,4 +1,8 @@ -use {crate::parser::binary::Binary, std::collections::HashMap}; +use { + crate::parser::binary::Binary, + serde::Deserialize, + std::{collections::HashMap, fs}, +}; #[derive(Debug)] pub struct OidEntry { @@ -41,3 +45,31 @@ pub fn strip_length_prefix(binary: &Binary) -> Binary { pub fn version_from(value: &rasn::types::Integer) -> u32 { value.to_u32_digits().1.first().copied().unwrap_or(0) } + +pub fn fit(data: &[u8]) -> [u8; N] { + let mut buf = [0u8; N]; + let len = data.len().min(N); + buf[..len].copy_from_slice(&data[..len]); + buf +} + +#[derive(Deserialize)] +pub struct CscaKey { + pub filename: String, + pub public_key: String, + // pub modulus: String, + // pub exponent: u32, + // pub subject: String, + // #[serde(rename = "notBefore")] + // pub not_before: String, + // #[serde(rename = "notAfter")] + // pub not_after: String, + // pub serial: String, +} + +pub fn load_csca_public_keys() -> Result>, Box> +{ + let file_content = fs::read_to_string("csca_registry/csca_public_key.json")?; + let csca_keys: HashMap> = serde_json::from_str(&file_content)?; + Ok(csca_keys) +} From 570411b45e18d66486918362620e42a51a1871df Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Sat, 13 Sep 2025 02:46:24 +0530 Subject: [PATCH 04/10] fix: include csca keys --- .gitignore | 2 ++ .../csca_registry/csca_public_key.json | 28 +++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 playground/passport-input-gen/csca_registry/csca_public_key.json diff --git a/.gitignore b/.gitignore index 7aad1878b..d7201f9d2 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,8 @@ # Noir and prover artifacts *.json +# Allow JSON files in csca_registry +!**/csca_registry/**/*.json *.gz *.bin *.nps diff --git a/playground/passport-input-gen/csca_registry/csca_public_key.json b/playground/passport-input-gen/csca_registry/csca_public_key.json new file mode 100644 index 000000000..4ce0b2b21 --- /dev/null +++ b/playground/passport-input-gen/csca_registry/csca_public_key.json @@ -0,0 +1,28 @@ +{ + "USA": [ + { + "filename": "cert-00267-pubkey.pem", + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw4VGHnr3jsI//bv4fKBmGYLcrdcABkQNmVr8xkmlS7xxkDEQCohnzKSk8v0T+L0yp3h+WctO1ZwsaJfU0HDdMogDmEv3SeoNImOuqiofzkDLdH6/IWA/JfEwBYDz+1cn7/rbHuFCwo/dkPNJkeE7OrLGd9g6tsj8YibMZrB8N7nIVgEa9QOEiqXmUUV4KNKKRZJLu/RaWzZGNq+JqlXgANKvSwKWVW+aINb84UfkBIdbPfIkEq6JMdok+YIQyHemEP6nxnHAVQwOYRkgHidw9YHXZZkHgh75efixMoAy3LQxvoknECrlpZgxqIpdup+AwsEW8hoJZbpd3Dxeb27AAF3Rl9LBGPi1thd1A4Qb/AjVDtIyQaU62cHo7fEGcW5kVg/BLGhKH+RJKOqEZoG8b80X0jv/Z2VNNtDU/8flcKG9DkD+d+kgjMQAyPCOjC2achDcK5Zc1Q8/tq0T25x6GoRjbxadqR6MKrAYaP8KOLCrL0MJsjvcfD3M+hdyJXJPN/7TeCyKbK+dBvVCk9BePi6lBKmp6lEHjyyydgNBBzZPrTNf5l60Oh9eWpaIoTHcmToS6zKVffFb/dWnkCTF1BBuy1VgJNeIspn8n1PhY5Q23qvV8q+Q1Ta1X3TFGkvAb1SXGiPQW4Hd2JrFJEBo8Ah8nn8rQKX999PLI+An1acCAwEAAQ==" + }, + { + "filename": "cert-00444-pubkey.pem", + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4yGdJKQ7D4DCDPGseAdOMC6Dgj8Xa91oXgHgPtgLW7y3kGm2Z4u9yXLciMebRCoq55wfO4ZcGv+mnMHpkv7fnFWSnG+8pP1BRUEKCYhXAbeWSww+CpMFEagzP7miPZg1TsE4QKFhGyRAfMdJFuG1aGQTtEdjgAWkat7YovTSA0pC7V/PwMlagZZwTsz8OOiO0w0eS9uIHGJKylg8gi9RSQZ/Hm2r4oOYvx3G3Iqa4OlNXO/KKD9mwd19+BFjuJ1cdqfzcYejhMPothyvlUgbWeaYek3ZfXuqz9XjYBF3rnacVKE9w4ydncRpUpOrSV/qSwxZA46QBuKAGxCS3kOUjgEmAj74/dLI8IaqHhYfSwchQdiT7FhQQ+YZENkRI5Gm4QDVLrT01plMK5ytX7mo4F83Hb1uE+WGgjTk9VDEKfZsERscCiArR7oUoRWZyuH81aMScMVzDVpFxvOg6Md7rWk5k8hRwL75nZtkFilsNnIVGMtuQP7DSG0xcKJ3EZT69YsRH0oEAa4sfa5fm4/X/WVfkNl51tI71PmYvnzcO6UVt42pgGiAJGoy5YmdhKKmXBgj0aVmzFRxd/+Jx2SgyccLeiIIA6y5bn6av/KuUB2wi9NLPbFz0OxvdKYqtfqNL+E6WmpeHHiiKGCrUes15d7fs/65QCvamV7fFBn8+lcCAwEAAQ==" + }, + { + "filename": "cert-00443-pubkey.pem", + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==" + }, + { + "filename": "cert-00265-pubkey.pem", + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9Pm+vLMuE/h005EKy6NVXhI+afR9iaURn6ENVOrAy+QBNvol4vNRCCqEcHwrc21e8KmRoFqoN7a1/YidoZKIsBG/8HkitFqPX76FudVcY1npqzRFMlv+3kf5YANrhbzCqVlo1UCGXOfRJwZUKgJQ9Wb++OMSMmzSJwgXQP9bxRURHRlGl833CCudrdHajKfEF0f/f5WNx4/s2/DbfBaW+FK9LAeXIqjFkS8xDGv1La785gohpIDAk6dbKMhVWWT7YwPm3T5ox2E59IIN65qJzmKeKKdhaZdr7ZzrxhYVxVjce6KFTlcrN1fqtAnAjeETEEEnfIgw4tlV827Pm1S9dEZnHzkxWmusRo1UNeQw7pdO/sAuy34uVRA9CBhdETxTvRMpBrnzM1G5mB7H7ltsS0T2Gp8QiRxaXR9CnpJAI3Bil6lJJ/fKJwVyzr7xR9c2ws4DIJ/uh0Jgy8wkeVOie0ava6KEI7PCz0N2GNz0Jd2sAXUBDsfs/nNKw7K2k5HLJ/5bJz90d8TwoE6j5xaB2ObOhCwBFyTb0CsLrWnaIu/ZyJr0P/NqWYaZXhv4oIeousUHEl4qpvn7K9hVNKT1c7qAKH3ZEbLEnxV5DYh5qsRwImt4M9B5LJsFojJ28TqOE1DB+4Dqg9mhQ+CaX1s1Urw7PqOqA8u/euk0YxD86kCAwEAAQ==" + }, + { + "filename": "cert-00266-pubkey.pem", + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvbwV+zl/vBzLWAadrtTSpC9l/zOOzAQKbwhVXCGPKK0SfOjiqIJSVfboQ+Tvz67Fgxb8LDhUJzoUSxHjh7PvO8NYwGXMhQrw0JzAARjPqbGUST3qXO/DfEwAilFKx1NvmlrxZgAS64iIqUjl7IGwYApALE1Ok5jkEvYDTE16uCe5RQz0vuqaKcgirrhwIW6C4r2wx9G1xr7/piII7fo97D7h5y0206OwshClHAmQ0p4LSK+Nxexp6sWaDsb/E7jKjLcxkcKJLsayGF58edW4fnI92BuI3pAhPSJpMmCImdN8LvF32o0jnYmYPsRFlLsj2+UEAnH13bs1qS07vvRnx3CXmPYTGl6amlbmePaMDgV4qWM8e71ddVgj1jyZANgzx4fDT9B82A8+Iw13ZOpU/rBW9OZ3Rk2aSOmFC69Vq12cbYrfXobc3GXyQ/hb4yMi3tfNS2nqeesb2a5/GrxKhwOIiNrJcClnzTlqrdcjEHdZYCXT4kR6wpbGAQNruew/BWIuWrGugXPB8ah8f8ttLetGO55kMaPDbk+ZXY6DlDjDLznurF0bEzZiNcRmUQ8p2rpToRqmH/XntE0OgasGzBmcJX5oMNC+7zvELBJcc9YzMIgXX7R5VlI5/Gvnnn4x6lmiio5FWb3ksMc1MWYTN2bmk5tyyKxvQ6Z4rZdx+1UCAwEAAQ==" + }, + { + "filename": "cert-00456-pubkey.pem", + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==" + } + ] +} From 5d6152de817bc57ebdb419f9cca5fcda4a797a2c Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Sun, 14 Sep 2025 01:36:12 +0530 Subject: [PATCH 05/10] chore: cleanup --- playground/passport-input-gen/Cargo.toml | 1 + .../csca_registry/csca_public_key.json | 36 +- playground/passport-input-gen/src/main.rs | 8 +- .../passport-input-gen/src/parser/dsc.rs | 149 ++--- .../passport-input-gen/src/parser/mod.rs | 547 ++++++++---------- .../passport-input-gen/src/parser/sod.rs | 53 +- .../passport-input-gen/src/parser/types.rs | 25 + .../passport-input-gen/src/parser/utils.rs | 34 +- 8 files changed, 392 insertions(+), 461 deletions(-) diff --git a/playground/passport-input-gen/Cargo.toml b/playground/passport-input-gen/Cargo.toml index ad954eda5..0c2c14f10 100644 --- a/playground/passport-input-gen/Cargo.toml +++ b/playground/passport-input-gen/Cargo.toml @@ -18,6 +18,7 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0.143" toml = "0.8" noir-bignum-paramgen = "0.1.5" +thiserror = "2.0.16" [[bin]] name = "passport-input-generator" diff --git a/playground/passport-input-gen/csca_registry/csca_public_key.json b/playground/passport-input-gen/csca_registry/csca_public_key.json index 4ce0b2b21..920aa6669 100644 --- a/playground/passport-input-gen/csca_registry/csca_public_key.json +++ b/playground/passport-input-gen/csca_registry/csca_public_key.json @@ -2,27 +2,51 @@ "USA": [ { "filename": "cert-00267-pubkey.pem", - "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw4VGHnr3jsI//bv4fKBmGYLcrdcABkQNmVr8xkmlS7xxkDEQCohnzKSk8v0T+L0yp3h+WctO1ZwsaJfU0HDdMogDmEv3SeoNImOuqiofzkDLdH6/IWA/JfEwBYDz+1cn7/rbHuFCwo/dkPNJkeE7OrLGd9g6tsj8YibMZrB8N7nIVgEa9QOEiqXmUUV4KNKKRZJLu/RaWzZGNq+JqlXgANKvSwKWVW+aINb84UfkBIdbPfIkEq6JMdok+YIQyHemEP6nxnHAVQwOYRkgHidw9YHXZZkHgh75efixMoAy3LQxvoknECrlpZgxqIpdup+AwsEW8hoJZbpd3Dxeb27AAF3Rl9LBGPi1thd1A4Qb/AjVDtIyQaU62cHo7fEGcW5kVg/BLGhKH+RJKOqEZoG8b80X0jv/Z2VNNtDU/8flcKG9DkD+d+kgjMQAyPCOjC2achDcK5Zc1Q8/tq0T25x6GoRjbxadqR6MKrAYaP8KOLCrL0MJsjvcfD3M+hdyJXJPN/7TeCyKbK+dBvVCk9BePi6lBKmp6lEHjyyydgNBBzZPrTNf5l60Oh9eWpaIoTHcmToS6zKVffFb/dWnkCTF1BBuy1VgJNeIspn8n1PhY5Q23qvV8q+Q1Ta1X3TFGkvAb1SXGiPQW4Hd2JrFJEBo8Ah8nn8rQKX999PLI+An1acCAwEAAQ==" + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw4VGHnr3jsI//bv4fKBmGYLcrdcABkQNmVr8xkmlS7xxkDEQCohnzKSk8v0T+L0yp3h+WctO1ZwsaJfU0HDdMogDmEv3SeoNImOuqiofzkDLdH6/IWA/JfEwBYDz+1cn7/rbHuFCwo/dkPNJkeE7OrLGd9g6tsj8YibMZrB8N7nIVgEa9QOEiqXmUUV4KNKKRZJLu/RaWzZGNq+JqlXgANKvSwKWVW+aINb84UfkBIdbPfIkEq6JMdok+YIQyHemEP6nxnHAVQwOYRkgHidw9YHXZZkHgh75efixMoAy3LQxvoknECrlpZgxqIpdup+AwsEW8hoJZbpd3Dxeb27AAF3Rl9LBGPi1thd1A4Qb/AjVDtIyQaU62cHo7fEGcW5kVg/BLGhKH+RJKOqEZoG8b80X0jv/Z2VNNtDU/8flcKG9DkD+d+kgjMQAyPCOjC2achDcK5Zc1Q8/tq0T25x6GoRjbxadqR6MKrAYaP8KOLCrL0MJsjvcfD3M+hdyJXJPN/7TeCyKbK+dBvVCk9BePi6lBKmp6lEHjyyydgNBBzZPrTNf5l60Oh9eWpaIoTHcmToS6zKVffFb/dWnkCTF1BBuy1VgJNeIspn8n1PhY5Q23qvV8q+Q1Ta1X3TFGkvAb1SXGiPQW4Hd2JrFJEBo8Ah8nn8rQKX999PLI+An1acCAwEAAQ==", + "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", + "notBefore": "Dec 18 16:21:01 2014 GMT", + "notAfter": "Jul 18 16:51:01 2035 GMT", + "serial": "4E322929" }, { "filename": "cert-00444-pubkey.pem", - "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4yGdJKQ7D4DCDPGseAdOMC6Dgj8Xa91oXgHgPtgLW7y3kGm2Z4u9yXLciMebRCoq55wfO4ZcGv+mnMHpkv7fnFWSnG+8pP1BRUEKCYhXAbeWSww+CpMFEagzP7miPZg1TsE4QKFhGyRAfMdJFuG1aGQTtEdjgAWkat7YovTSA0pC7V/PwMlagZZwTsz8OOiO0w0eS9uIHGJKylg8gi9RSQZ/Hm2r4oOYvx3G3Iqa4OlNXO/KKD9mwd19+BFjuJ1cdqfzcYejhMPothyvlUgbWeaYek3ZfXuqz9XjYBF3rnacVKE9w4ydncRpUpOrSV/qSwxZA46QBuKAGxCS3kOUjgEmAj74/dLI8IaqHhYfSwchQdiT7FhQQ+YZENkRI5Gm4QDVLrT01plMK5ytX7mo4F83Hb1uE+WGgjTk9VDEKfZsERscCiArR7oUoRWZyuH81aMScMVzDVpFxvOg6Md7rWk5k8hRwL75nZtkFilsNnIVGMtuQP7DSG0xcKJ3EZT69YsRH0oEAa4sfa5fm4/X/WVfkNl51tI71PmYvnzcO6UVt42pgGiAJGoy5YmdhKKmXBgj0aVmzFRxd/+Jx2SgyccLeiIIA6y5bn6av/KuUB2wi9NLPbFz0OxvdKYqtfqNL+E6WmpeHHiiKGCrUes15d7fs/65QCvamV7fFBn8+lcCAwEAAQ==" + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4yGdJKQ7D4DCDPGseAdOMC6Dgj8Xa91oXgHgPtgLW7y3kGm2Z4u9yXLciMebRCoq55wfO4ZcGv+mnMHpkv7fnFWSnG+8pP1BRUEKCYhXAbeWSww+CpMFEagzP7miPZg1TsE4QKFhGyRAfMdJFuG1aGQTtEdjgAWkat7YovTSA0pC7V/PwMlagZZwTsz8OOiO0w0eS9uIHGJKylg8gi9RSQZ/Hm2r4oOYvx3G3Iqa4OlNXO/KKD9mwd19+BFjuJ1cdqfzcYejhMPothyvlUgbWeaYek3ZfXuqz9XjYBF3rnacVKE9w4ydncRpUpOrSV/qSwxZA46QBuKAGxCS3kOUjgEmAj74/dLI8IaqHhYfSwchQdiT7FhQQ+YZENkRI5Gm4QDVLrT01plMK5ytX7mo4F83Hb1uE+WGgjTk9VDEKfZsERscCiArR7oUoRWZyuH81aMScMVzDVpFxvOg6Md7rWk5k8hRwL75nZtkFilsNnIVGMtuQP7DSG0xcKJ3EZT69YsRH0oEAa4sfa5fm4/X/WVfkNl51tI71PmYvnzcO6UVt42pgGiAJGoy5YmdhKKmXBgj0aVmzFRxd/+Jx2SgyccLeiIIA6y5bn6av/KuUB2wi9NLPbFz0OxvdKYqtfqNL+E6WmpeHHiiGGCrUes15d7fs/65QCvamV7fFBn8+lcCAwEAAQ==", + "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", + "notBefore": "Sep 30 16:38:20 2024 GMT", + "notAfter": "Mar 30 17:08:20 2045 GMT", + "serial": "5DCE72E1" }, { "filename": "cert-00443-pubkey.pem", - "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==" + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==", + "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", + "notBefore": "Nov 14 16:37:12 2019 GMT", + "notAfter": "May 14 17:07:12 2040 GMT", + "serial": "4E32D006" }, { "filename": "cert-00265-pubkey.pem", - "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9Pm+vLMuE/h005EKy6NVXhI+afR9iaURn6ENVOrAy+QBNvol4vNRCCqEcHwrc21e8KmRoFqoN7a1/YidoZKIsBG/8HkitFqPX76FudVcY1npqzRFMlv+3kf5YANrhbzCqVlo1UCGXOfRJwZUKgJQ9Wb++OMSMmzSJwgXQP9bxRURHRlGl833CCudrdHajKfEF0f/f5WNx4/s2/DbfBaW+FK9LAeXIqjFkS8xDGv1La785gohpIDAk6dbKMhVWWT7YwPm3T5ox2E59IIN65qJzmKeKKdhaZdr7ZzrxhYVxVjce6KFTlcrN1fqtAnAjeETEEEnfIgw4tlV827Pm1S9dEZnHzkxWmusRo1UNeQw7pdO/sAuy34uVRA9CBhdETxTvRMpBrnzM1G5mB7H7ltsS0T2Gp8QiRxaXR9CnpJAI3Bil6lJJ/fKJwVyzr7xR9c2ws4DIJ/uh0Jgy8wkeVOie0ava6KEI7PCz0N2GNz0Jd2sAXUBDsfs/nNKw7K2k5HLJ/5bJz90d8TwoE6j5xaB2ObOhCwBFyTb0CsLrWnaIu/ZyJr0P/NqWYaZXhv4oIeousUHEl4qpvn7K9hVNKT1c7qAKH3ZEbLEnxV5DYh5qsRwImt4M9B5LJsFojJ28TqOE1DB+4Dqg9mhQ+CaX1s1Urw7PqOqA8u/euk0YxD86kCAwEAAQ==" + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9Pm+vLMuE/h005EKy6NVXhI+afR9iaURn6ENVOrAy+QBNvol4vNRCCqEcHwrc21e8KmRoFqoN7a1/YidoZKIsBG/8HkitFqPX76FudVcY1npqzRFMlv+3kf5YANrhbzCqVlo1UCGXOfRJwZUKgJQ9Wb++OMSMmzSJwgXQP9bxRURHRlGl833CCudrdHajKfEF0f/f5WNx4/s2/DbfBaW+FK9LAeXIqjFkS8xDGv1La785gohpIDAk6dbKMhVWWT7YwPm3T5ox2E59IIN65qJzmKeKKdhaZdr7ZzrxhYVxVjce6KFTlcrN1fqtAnAjeETEEEnfIgw4tlV827Pm1S9dEZnHzkxWmusRo1UNeQw7pdO/sAuy34uVRA9CBhdETxTvRMpBrnzM1G5mB7H7ltsS0T2Gp8QiRxaXR9CnpJAI3Bil6lJJ/fKJwVyzr7xR9c2ws4DIJ/uh0Jgy8wkeVOie0ava6KEI7PCz0N2GNz0Jd2sAXUBDsfs/nNKw7K2k5HLJ/5bJz90d8TwoE6j5xaB2ObOhCwBFyTb0CsLrWnaIu/ZyJr0P/NqWYaZXhv4oIeousUHEl4qpvn7K9hVNKT1c7qAKH3ZEbLEnxV5DYh5qsRwImt4M9B5LJsFojJ28TqOE1DB+4Dqg9mhQ+CaX1s1Urw7PqOqA8u/euk0YxD86kCAwEAAQ==", + "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", + "notBefore": "Nov 19 20:57:05 2004 GMT", + "notAfter": "Jun 19 21:27:05 2025 GMT", + "serial": "419E6523" }, { "filename": "cert-00266-pubkey.pem", - "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvbwV+zl/vBzLWAadrtTSpC9l/zOOzAQKbwhVXCGPKK0SfOjiqIJSVfboQ+Tvz67Fgxb8LDhUJzoUSxHjh7PvO8NYwGXMhQrw0JzAARjPqbGUST3qXO/DfEwAilFKx1NvmlrxZgAS64iIqUjl7IGwYApALE1Ok5jkEvYDTE16uCe5RQz0vuqaKcgirrhwIW6C4r2wx9G1xr7/piII7fo97D7h5y0206OwshClHAmQ0p4LSK+Nxexp6sWaDsb/E7jKjLcxkcKJLsayGF58edW4fnI92BuI3pAhPSJpMmCImdN8LvF32o0jnYmYPsRFlLsj2+UEAnH13bs1qS07vvRnx3CXmPYTGl6amlbmePaMDgV4qWM8e71ddVgj1jyZANgzx4fDT9B82A8+Iw13ZOpU/rBW9OZ3Rk2aSOmFC69Vq12cbYrfXobc3GXyQ/hb4yMi3tfNS2nqeesb2a5/GrxKhwOIiNrJcClnzTlqrdcjEHdZYCXT4kR6wpbGAQNruew/BWIuWrGugXPB8ah8f8ttLetGO55kMaPDbk+ZXY6DlDjDLznurF0bEzZiNcRmUQ8p2rpToRqmH/XntE0OgasGzBmcJX5oMNC+7zvELBJcc9YzMIgXX7R5VlI5/Gvnnn4x6lmiio5FWb3ksMc1MWYTN2bmk5tyyKxvQ6Z4rZdx+1UCAwEAAQ==" + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvbwV+zl/vBzLWAadrtTSpC9l/zOOzAQKbwhVXCGPKK0SfOjiqIJSVfboQ+Tvz67Fgxb8LDhUJzoUSxHjh7PvO8NYwGXMhQrw0JzAARjPqbGUST3qXO/DfEwAilFKx1NvmlrxZgAS64iIqUjl7IGwYApALE1Ok5jkEvYDTE16uCe5RQz0vuqaKcgirrhwIW6C4r2wx9G1xr7/piII7fo97D7h5y0206OwshClHAmQ0p4LSK+Nxexp6sWaDsb/E7jKjLcxkcKJLsayGF58edW4fnI92BuI3pAhPSJpMmCImdN8LvF32o0jnYmYPsRFlLsj2+UEAnH13bs1qS07vvRnx3CXmPYTGl6amlbmePaMDgV4qWM8e71ddVgj1jyZANgzx4fDT9B82A8+Iw13ZOpU/rBW9OZ3Rk2aSOmFC69Vq12cbYrfXobc3GXyQ/hb4yMi3tfNS2nqeesb2a5/GrxKhwOIiNrJcClnzTlqrdcjEHdZYCXT4kR6wpbGAQNruew/BWIuWrGugXPB8ah8f8ttLetGO55kMaPDbk+ZXY6DlDjDLznurF0bEzZiNcRmUQ8p2rpToRqmH/XntE0OgasGzBmcJX5oMNC+7zvELBJcc9YzMIgXX7R5VlI5/Gvnnn4x6lmiio5FWb3ksMc1MWYTN2bmk5tyyKxvQ6Z4rZdx+1UCAwEAAQ==", + "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", + "notBefore": "Jan 8 16:06:27 2010 GMT", + "notAfter": "Aug 8 16:36:27 2030 GMT", + "serial": "45DE28DD" }, { "filename": "cert-00456-pubkey.pem", - "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==" + "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==", + "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", + "notBefore": "Nov 14 16:37:12 2019 GMT", + "notAfter": "May 14 17:07:12 2040 GMT", + "serial": "4E32D03F" } ] } diff --git a/playground/passport-input-gen/src/main.rs b/playground/passport-input-gen/src/main.rs index e9e4cd7d1..de9922e09 100644 --- a/playground/passport-input-gen/src/main.rs +++ b/playground/passport-input-gen/src/main.rs @@ -4,13 +4,7 @@ pub mod generator; pub mod parser; pub mod prover_config; -use crate::{ - generator::{generate_age_testcases, generate_usa_passport_sample}, - prover_config::{ - dg1_bytes_with_birthdate_expiry_date, - generate_prover_toml_string_from_custom_dg1_date_and_required_age, - }, -}; +use crate::generator::generate_age_testcases; fn main() { println!("Generating age verification testcases..."); diff --git a/playground/passport-input-gen/src/parser/dsc.rs b/playground/passport-input-gen/src/parser/dsc.rs index 5689cd43c..a635b0a91 100644 --- a/playground/passport-input-gen/src/parser/dsc.rs +++ b/playground/passport-input-gen/src/parser/dsc.rs @@ -41,21 +41,23 @@ pub struct DSC { impl DSC { /// Formats an X.509 Distinguished Name (DN) into a readable string. fn format_name(name: &X509Name<'_>, registry: &HashMap<&'static str, OidEntry>) -> String { - let mut parts = Vec::new(); - for rdn in name.iter_rdn() { - let mut rdn_parts = Vec::new(); - for attr in rdn.iter() { - let oid_str = attr.attr_type().to_string(); - let field_name = get_oid_name(&oid_str, registry); - let value = attr - .as_str() - .map(|s| s.to_string()) - .unwrap_or_else(|_| hex::encode(attr.as_slice())); - rdn_parts.push(format!("{}={}", field_name, value)); - } - parts.push(rdn_parts.join(", ")); - } - parts.join(", ") + name.iter_rdn() + .map(|rdn| { + rdn.iter() + .map(|attr| { + let oid_str = attr.attr_type().to_string(); + let field_name = get_oid_name(&oid_str, registry); + let value = attr + .as_str() + .map(String::from) + .unwrap_or_else(|_| hex::encode(attr.as_slice())); + format!("{}={}", field_name, value) + }) + .collect::>() + .join(", ") + }) + .collect::>() + .join(", ") } /// Parses a DER-encoded X.509 certificate into a `DSC`. @@ -68,100 +70,63 @@ impl DSC { /// Converts a parsed `X509Certificate` into the internal `DSC` struct. pub fn from_x509(cert: X509Certificate<'_>) -> DSC { let registry = load_oids(); - let tbs = cert.tbs_certificate; let tbs_bytes = Binary::from_slice(tbs.as_ref()); - let version = tbs.version().0; - - let serial_number = Binary::from_slice(tbs.raw_serial()); - - let tbs_sig_oid = tbs.signature.algorithm.to_string(); - let tbs_sig_name = SignatureAlgorithmName::from_oid(&tbs_sig_oid) - .expect("Unsupported signature algorithm"); - - let tbs_sig_params = tbs - .signature - .parameters - .as_ref() - .map(|p| Binary::from_slice(p.data)); - - let issuer = Self::format_name(&tbs.issuer, ®istry); - let subject = Self::format_name(&tbs.subject, ®istry); - - let not_before = tbs.validity.not_before.to_string(); - let not_after = tbs.validity.not_after.to_string(); - let spki_alg_oid = tbs.subject_pki.algorithm.algorithm.to_string(); - let spki_alg_name = SignatureAlgorithmName::from_oid(&spki_alg_oid) - .expect("Unsupported public key algorithm"); - - let spki_alg_params = tbs - .subject_pki - .algorithm - .parameters - .as_ref() - .map(|p| Binary::from_slice(p.data)); + // Helper function to create SignatureAlgorithm from AlgorithmIdentifier + let create_signature_algorithm = |alg_id: &x509_parser::x509::AlgorithmIdentifier<'_>| { + let name = SignatureAlgorithmName::from_oid(&alg_id.algorithm.to_string()) + .expect("Unsupported signature algorithm"); + let parameters = alg_id + .parameters + .as_ref() + .map(|p| Binary::from_slice(p.data)); + SignatureAlgorithm { name, parameters } + }; - let subject_public_key = Binary::from_slice(&tbs.subject_pki.subject_public_key.data); + let tbs_signature_algorithm = create_signature_algorithm(&tbs.signature); + let cert_signature_algorithm = create_signature_algorithm(&cert.signature_algorithm); + let spki_algorithm = create_signature_algorithm(&tbs.subject_pki.algorithm); let subject_public_key_info = SubjectPublicKeyInfo { - signature_algorithm: SignatureAlgorithm { - name: spki_alg_name, - parameters: spki_alg_params, - }, - subject_public_key, + signature_algorithm: spki_algorithm, + subject_public_key: Binary::from_slice(&tbs.subject_pki.subject_public_key.data), }; - let issuer_unique_id = tbs - .issuer_uid - .as_ref() - .map(|uid| Binary::from_slice(uid.0.as_ref())); - - let subject_unique_id = tbs - .subject_uid - .as_ref() - .map(|uid| Binary::from_slice(uid.0.as_ref())); - - let mut extensions = HashMap::new(); - for ext in tbs.extensions().iter() { - let oid_str = ext.oid.to_string(); - let name = get_oid_name(&oid_str, ®istry); - extensions.insert(name, (ext.critical, Binary::from_slice(ext.value))); - } + let extensions = tbs + .extensions() + .iter() + .map(|ext| { + let oid_str = ext.oid.to_string(); + let name = get_oid_name(&oid_str, ®istry); + (name, (ext.critical, Binary::from_slice(ext.value))) + }) + .collect(); let tbs_struct = TbsCertificate { - version, - serial_number, - signature_algorithm: SignatureAlgorithm { - name: tbs_sig_name, - parameters: tbs_sig_params, - }, - issuer, - validity_not_before: not_before, - validity_not_after: not_after, - subject, + version: tbs.version().0, + serial_number: Binary::from_slice(tbs.raw_serial()), + signature_algorithm: tbs_signature_algorithm, + issuer: Self::format_name(&tbs.issuer, ®istry), + validity_not_before: tbs.validity.not_before.to_string(), + validity_not_after: tbs.validity.not_after.to_string(), + subject: Self::format_name(&tbs.subject, ®istry), subject_public_key_info, - issuer_unique_id, - subject_unique_id, + issuer_unique_id: tbs + .issuer_uid + .as_ref() + .map(|uid| Binary::from_slice(uid.0.as_ref())), + subject_unique_id: tbs + .subject_uid + .as_ref() + .map(|uid| Binary::from_slice(uid.0.as_ref())), extensions, bytes: tbs_bytes, }; - let sig_alg_oid = cert.signature_algorithm.algorithm.to_string(); - let sig_alg_name = SignatureAlgorithmName::from_oid(&sig_alg_oid) - .expect("Unsupported signature algorithm"); - let sig_alg_params = cert - .signature_algorithm - .parameters - .as_ref() - .map(|p| Binary::from_slice(p.data)); - DSC { tbs: tbs_struct, - signature_algorithm: SignatureAlgorithm { - name: sig_alg_name, - parameters: sig_alg_params, - }, + signature_algorithm: cert_signature_algorithm, signature: Binary::from_slice(&cert.signature_value.data), } } diff --git a/playground/passport-input-gen/src/parser/mod.rs b/playground/passport-input-gen/src/parser/mod.rs index 666229b32..8633bd12c 100644 --- a/playground/passport-input-gen/src/parser/mod.rs +++ b/playground/passport-input-gen/src/parser/mod.rs @@ -2,19 +2,20 @@ use { crate::parser::{ binary::Binary, sod::SOD, - utils::{fit, load_csca_public_keys}, + types::{ + PassportError, MAX_DG1_SIZE, MAX_ECONTENT_SIZE, MAX_SIGNED_ATTRIBUTES_SIZE, + MAX_TBS_SIZE, SIG_BYTES, + }, + utils::{find_offset, fit, load_csca_public_keys, to_fixed_array, to_u32}, }, base64::{engine::general_purpose::STANDARD, Engine as _}, noir_bignum_paramgen::compute_barrett_reduction_parameter, rsa::{ - pkcs1::DecodeRsaPublicKey, - pkcs1v15::{Pkcs1v15Sign, Signature}, - pkcs8::DecodePublicKey, - traits::PublicKeyParts, - BigUint, RsaPublicKey, + pkcs1::DecodeRsaPublicKey, pkcs1v15::Pkcs1v15Sign, pkcs8::DecodePublicKey, + traits::PublicKeyParts, BigUint, RsaPublicKey, }, sha2::{Digest, Sha256}, - std::{fs::File, io::Write, path::Path}, + std::{fmt::Write as _, path::Path}, }; mod binary; @@ -24,70 +25,137 @@ mod sod; mod types; mod utils; +/// Parsed passport data pub struct PassportReader { pub dg1: Binary, pub sod: SOD, } -const MAX_SIGNED_ATTRIBUTES_SIZE: usize = 200; -const MAX_DG1_SIZE: usize = 95; -const SIG_BYTES: usize = 256; -const MAX_ECONTENT_SIZE: usize = 200; -const MAX_TBS_SIZE: usize = 1500; - -// Circuits inputs for -// provekit/noir-examples/noir-passport-examples/complete_age_check +/// Circuit inputs for Noir pub struct CircuitInputs { - dg1: [u8; MAX_DG1_SIZE], - dg1_padded_length: usize, - - /// in the format YYYYMMDD - current_date: u64, - - min_age_required: u8, - max_age_required: u8, - passport_validity_contents: PassportValidityContent, + pub dg1: [u8; MAX_DG1_SIZE], + pub dg1_padded_length: usize, + pub current_date: u64, + pub min_age_required: u8, + pub max_age_required: u8, + pub passport_validity_contents: PassportValidityContent, } +/// Extracted validity contents from SOD pub struct PassportValidityContent { - /// Signed attributes from SOD - signed_attributes: [u8; MAX_SIGNED_ATTRIBUTES_SIZE], - signed_attributes_size: usize, - - /// Encapsulated content info - econtent: [u8; MAX_ECONTENT_SIZE], - econtent_len: usize, - - /// DSC (Document Signer Certificate) public key and signature - dsc_pubkey: [u8; SIG_BYTES], - dsc_barrett_mu: [u8; SIG_BYTES + 1], - dsc_signature: [u8; SIG_BYTES], - dsc_rsa_exponent: u32, - - /// CSCA (Country Signing Certificate Authority) public key and signature - // Todo: csca can be different size based on country, but for now we assume 4096 bits for US - // passport data - csc_pubkey: [u8; SIG_BYTES * 2], - csc_barrett_mu: [u8; (SIG_BYTES * 2) + 1], - dsc_cert_signature: [u8; SIG_BYTES * 2], - csc_rsa_exponent: u32, - - /// Offsets - dg1_hash_offset: usize, - econtent_hash_offset: usize, - dsc_pubkey_offset_in_dsc_cert: usize, - - // TBS bytes of the DSC certificate - dsc_cert: [u8; MAX_TBS_SIZE], - dsc_cert_len: usize, + pub signed_attributes: [u8; MAX_SIGNED_ATTRIBUTES_SIZE], + pub signed_attributes_size: usize, + pub econtent: [u8; MAX_ECONTENT_SIZE], + pub econtent_len: usize, + pub dsc_pubkey: [u8; SIG_BYTES], + pub dsc_barrett_mu: [u8; SIG_BYTES + 1], + pub dsc_signature: [u8; SIG_BYTES], + pub dsc_rsa_exponent: u32, + pub csc_pubkey: [u8; SIG_BYTES * 2], + pub csc_barrett_mu: [u8; (SIG_BYTES * 2) + 1], + pub dsc_cert_signature: [u8; SIG_BYTES * 2], + pub csc_rsa_exponent: u32, + pub dg1_hash_offset: usize, + pub econtent_hash_offset: usize, + pub dsc_pubkey_offset_in_dsc_cert: usize, + pub dsc_cert: [u8; MAX_TBS_SIZE], + pub dsc_cert_len: usize, } impl PassportReader { - pub fn validate(&self) -> (bool, Option) { - // Check1: DG1 Hash check in Econtent - let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + /// Extract SignedAttributes (padded + size) + fn extract_signed_attrs(&self) -> ([u8; MAX_SIGNED_ATTRIBUTES_SIZE], usize) { + let signed_attrs = self.sod.signer_info.signed_attrs.bytes.to_number_array(); + let size = signed_attrs.len(); + let padded = fit::(&signed_attrs); + (padded, size) + } + + /// Extract eContent (padded + size + raw bytes) + fn extract_econtent(&self) -> ([u8; MAX_ECONTENT_SIZE], usize, Vec) { + let econtent_bytes = self + .sod + .encap_content_info + .e_content + .bytes + .to_number_array(); + let len = econtent_bytes.len(); + let padded = fit::(&econtent_bytes); + (padded, len, econtent_bytes) + } + + /// Extract DSC public key, exponent, Barrett mu, and signature + fn extract_dsc(&self) -> ([u8; SIG_BYTES], u32, [u8; SIG_BYTES + 1], [u8; SIG_BYTES]) { + let der = self + .sod + .certificate + .tbs + .subject_public_key_info + .subject_public_key + .to_number_array(); + let pubkey = RsaPublicKey::from_pkcs1_der(&der).unwrap(); + + let modulus = to_fixed_array::(pubkey.n().to_bytes_be(), "DSC modulus"); + let exponent = to_u32(pubkey.e().to_bytes_be()); + let barrett = to_fixed_array::<{ SIG_BYTES + 1 }>( + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + "DSC Barrett", + ); + let signature = to_fixed_array::( + self.sod.signer_info.signature.to_number_array(), + "DSC signature", + ); + + (modulus, exponent, barrett, signature) + } + + /// Extract CSCA public key, exponent, Barrett mu, and signature + fn extract_csca( + &self, + idx: usize, + ) -> ( + [u8; SIG_BYTES * 2], + u32, + [u8; SIG_BYTES * 2 + 1], + [u8; SIG_BYTES * 2], + ) { + let csca_keys = load_csca_public_keys().unwrap(); + let usa_csca = csca_keys.get("USA").unwrap(); + let der = STANDARD + .decode(usa_csca[idx].public_key.as_bytes()) + .unwrap(); + let pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); + + let modulus = to_fixed_array::<{ SIG_BYTES * 2 }>(pubkey.n().to_bytes_be(), "CSCA modulus"); + let exponent = to_u32(pubkey.e().to_bytes_be()); + let barrett = to_fixed_array::<{ SIG_BYTES * 2 + 1 }>( + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + "CSCA Barrett", + ); + let signature = to_fixed_array::<{ SIG_BYTES * 2 }>( + self.sod.certificate.signature.to_number_array(), + "CSCA signature", + ); - let dg1_hash_from_econtent = self + (modulus, exponent, barrett, signature) + } + + /// Extract DSC certificate (padded + len + offset of modulus inside cert) + fn extract_dsc_cert( + &self, + dsc_modulus: &[u8; SIG_BYTES], + ) -> ([u8; MAX_TBS_SIZE], usize, usize) { + let tbs_bytes = self.sod.certificate.tbs.bytes.to_number_array(); + let cert_len = tbs_bytes.len(); + let padded = fit::(&tbs_bytes); + let pubkey_offset = find_offset(&tbs_bytes, dsc_modulus, "DSC modulus in cert"); + (padded, cert_len, pubkey_offset) + } + /// Validate DG1, eContent, and signatures against DSC + CSCA + pub fn validate(&self) -> Result { + // 1. Check DG1 hash inside eContent + let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + let dg1_from_econtent = self .sod .encap_content_info .e_content @@ -97,9 +165,11 @@ impl PassportReader { .expect("DG1 hash missing") .to_number_array(); - assert_eq!(dg1_hash_from_econtent, dg1_hash.to_vec()); + if dg1_from_econtent != dg1_hash.to_vec() { + return Err(PassportError::Dg1HashMismatch); + } - // Check2: Hash(Econtent) check in SignedAttributes + // 2. Check hash(eContent) inside SignedAttributes let econtent_hash = Sha256::digest( &self .sod @@ -108,77 +178,62 @@ impl PassportReader { .bytes .to_number_array(), ); - - let mut msg_digest_from_signed_attr = self + let mut msg_digest = self .sod .signer_info .signed_attrs .message_digest .to_number_array(); - - if msg_digest_from_signed_attr.len() > 2 && msg_digest_from_signed_attr[0] == 0x04 { - msg_digest_from_signed_attr = msg_digest_from_signed_attr[2..].to_vec(); + if msg_digest.len() > 2 && msg_digest[0] == 0x04 { + msg_digest = msg_digest[2..].to_vec(); } - assert_eq!(econtent_hash.as_slice(), msg_digest_from_signed_attr); + if econtent_hash.as_slice() != msg_digest { + return Err(PassportError::EcontentHashMismatch); + } - // Check 3: Signature verification of SOD using DSC public key + // 3. Verify SignedAttributes signature with DSC let signed_attr_hash = Sha256::digest(&self.sod.signer_info.signed_attrs.bytes.to_number_array()); - - let public_key_der = self + let dsc_pubkey_bytes = self .sod .certificate .tbs .subject_public_key_info .subject_public_key .to_number_array(); - - let public_key = - RsaPublicKey::from_pkcs1_der(&public_key_der).expect("Failed to parse public key"); - - let dsc_signature_bytes = self.sod.signer_info.signature.to_number_array(); - let dsc_sig_verify = public_key.verify( - Pkcs1v15Sign::new::(), - &signed_attr_hash, - &dsc_signature_bytes, - ); - - if dsc_sig_verify.is_err() { - return (false, None); - } - - assert_eq!(dsc_sig_verify.is_ok(), true); - - // check 4: Signature verification of DSC using CSCA public key - let all_csca_keys = load_csca_public_keys().expect("Failed to load CSCA public keys"); - let usa_csca_keys = all_csca_keys.get("USA").unwrap(); - - assert_eq!(usa_csca_keys.len() > 0, true); - + let dsc_pubkey = RsaPublicKey::from_pkcs1_der(&dsc_pubkey_bytes).expect("Invalid DSC key"); + + let dsc_signature = self.sod.signer_info.signature.to_number_array(); + dsc_pubkey + .verify( + Pkcs1v15Sign::new::(), + &signed_attr_hash, + &dsc_signature, + ) + .map_err(|_| PassportError::DscSignatureInvalid)?; + + let all_csca = load_csca_public_keys().map_err(|_| PassportError::CscaKeysMissing)?; + let usa_csca = all_csca.get("USA").ok_or(PassportError::NoUsaCsca)?; let tbs_bytes = &self.sod.certificate.tbs.bytes.to_number_array(); - let tbs_digest = Sha256::digest(&tbs_bytes); - + let tbs_digest = Sha256::digest(tbs_bytes); let csca_signature = &self.sod.certificate.signature.to_number_array(); - let mut is_csca_verified = false; - let mut current_csca_index = 0; - - for csca in usa_csca_keys { - let der_key = STANDARD.decode(csca.public_key.as_bytes()).unwrap(); - let csca_public_key = RsaPublicKey::from_public_key_der(&der_key).unwrap(); - - if let Ok(_) = - csca_public_key.verify(Pkcs1v15Sign::new::(), &tbs_digest, &csca_signature) + for (i, csca) in usa_csca.iter().enumerate() { + let der = STANDARD.decode(csca.public_key.as_bytes()).unwrap(); + let csca_pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); + if csca_pubkey + .verify(Pkcs1v15Sign::new::(), &tbs_digest, csca_signature) + .is_ok() { - is_csca_verified = true; - break; + return Ok(i); // Success, return CSCA index } - current_csca_index += 1; } - return (is_csca_verified, Some(current_csca_index)); + + Err(PassportError::CscaSignatureInvalid) } + /// Convert to circuit inputs for Noir Circuits pub fn to_circuit_inputs( &self, current_date: u64, @@ -186,151 +241,59 @@ impl PassportReader { max_age_required: u8, csca_key_index: usize, ) -> CircuitInputs { + // === Step 1. DG1 === let dg1_padded = fit::(&self.dg1.to_number_array()); - let dg1_padded_length = self.dg1.len(); + let dg1_len = self.dg1.len(); - let signed_attributes = self.sod.signer_info.signed_attrs.bytes.to_number_array(); - let signed_attributes_padded = fit::(&signed_attributes); - let signed_attributes_size = signed_attributes.len(); + // === Step 2. SignedAttributes === + let (signed_attrs, signed_attributes_size) = self.extract_signed_attrs(); - let econtent_bytes = self - .sod - .encap_content_info - .e_content - .bytes - .to_number_array(); - - let econtent_len = econtent_bytes.len(); - let econtent_padded = fit::(&econtent_bytes); - - let public_key_der = self - .sod - .certificate - .tbs - .subject_public_key_info - .subject_public_key - .to_number_array(); + // === Step 3. eContent === + let (econtent, econtent_len, econtent_bytes) = self.extract_econtent(); - let public_key = RsaPublicKey::from_pkcs1_der(&public_key_der).unwrap(); + // === Step 4. DSC === + let (dsc_modulus, dsc_exponent, dsc_barrett, dsc_signature) = self.extract_dsc(); - let public_key_n_vec = public_key.n().to_bytes_be(); - let public_key_n: [u8; SIG_BYTES] = public_key_n_vec - .try_into() - .expect("Public key modulus is not 256 bytes"); + // === Step 5. CSCA === + let (csca_modulus, csca_exponent, csca_barrett, csca_signature) = + self.extract_csca(csca_key_index); - let dsc_signature: [u8; SIG_BYTES] = self - .sod - .signer_info - .signature - .to_number_array() - .try_into() - .expect("DSC signature is not 256 bytes"); - - let public_key_e = public_key.e(); - let public_key_e_bytes = public_key_e.to_bytes_be(); - - let dsc_rsa_exponent = if public_key_e_bytes.len() <= 4 { - let mut buf = [0u8; 4]; - buf[4 - public_key_e_bytes.len()..].copy_from_slice(&public_key_e_bytes); - u32::from_be_bytes(buf) - } else { - panic!("RSA exponent is larger than 4 bytes"); - }; - - let dsc_barrett = - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&public_key_n)) - .to_bytes_be(); - - let dsc_barrett_mu: [u8; SIG_BYTES + 1] = dsc_barrett - .try_into() - .expect(&format!("Barrett mu not {} bytes", SIG_BYTES + 1)); - - let all_csca_keys = load_csca_public_keys().expect( - "Failed to load - CSCA public keys", - ); - let usa_csca_keys = all_csca_keys.get("USA").unwrap(); - - let csca_public_key_pem = &usa_csca_keys[csca_key_index].public_key; - let der_key = STANDARD.decode(csca_public_key_pem.as_bytes()).unwrap(); - let csca_public_key = - RsaPublicKey::from_public_key_der(&der_key).expect("Failed to parse CSCA public key"); - - let csca_public = csca_public_key.n().to_bytes_be(); - let csca_public_n: [u8; SIG_BYTES * 2] = csca_public - .try_into() - .expect(&format!("CSCA key not {} bytes", SIG_BYTES * 2)); - - let csca_rsa_exponent_bytes = csca_public_key.e().to_bytes_be(); - let csca_rsa_exponent = if csca_rsa_exponent_bytes.len() <= 4 { - let mut buf = [0u8; 4]; - buf[4 - csca_rsa_exponent_bytes.len()..].copy_from_slice(&csca_rsa_exponent_bytes); - u32::from_be_bytes(buf) - } else { - panic!("RSA exponent is larger than 4 bytes"); - }; - - let csca_barrett = - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&csca_public_n)) - .to_bytes_be(); - - let csca_barrett_mu: [u8; SIG_BYTES * 2 + 1] = csca_barrett - .try_into() - .expect(&format!("CSCA mu not {} bytes", SIG_BYTES * 2 + 1)); - - let csca_signature = self.sod.certificate.signature.to_number_array(); - let csca_signature: [u8; SIG_BYTES * 2] = csca_signature - .clone() - .try_into() - .expect(&format!("CSCA sig not {} bytes", SIG_BYTES * 2)); - - // offsets + // === Step 6. Offsets === let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); - let econtent_hash = Sha256::digest(&econtent_bytes); + let dg1_hash_offset = find_offset(&econtent_bytes, dg1_hash.as_slice(), "DG1 hash"); - let dg1_hash_offset = econtent_bytes - .windows(dg1_hash.len()) - .position(|window| window == dg1_hash.as_slice()) - .expect("DG1 hash not found in eContent"); - - let econtent_hash_offset = signed_attributes - .windows(econtent_hash.len()) - .position(|window| window == econtent_hash.as_slice()) - .expect("EContent hash not found in signed attributes"); - - let tbs_bytes = self.sod.certificate.tbs.bytes.to_number_array(); - let tbs_bytes_len = tbs_bytes.len(); - let dsc_cert = fit::(&tbs_bytes); + let econtent_hash = Sha256::digest(&econtent_bytes); + let econtent_hash_offset = + find_offset(&signed_attrs, econtent_hash.as_slice(), "eContent hash"); - let dsc_pubkey_offset_in_dsc_cert = tbs_bytes - .windows(public_key_n.len()) - .position(|window| window == public_key_n.as_slice()) - .expect("Public key not found in DSC cert"); + // === Step 7. DSC Certificate === + let (dsc_cert, dsc_cert_len, dsc_pubkey_offset) = self.extract_dsc_cert(&dsc_modulus); + // === Step 8. Build CircuitInputs === CircuitInputs { dg1: dg1_padded, - dg1_padded_length, + dg1_padded_length: dg1_len, current_date, min_age_required, max_age_required, passport_validity_contents: PassportValidityContent { - signed_attributes: signed_attributes_padded, + signed_attributes: signed_attrs, signed_attributes_size, - econtent: econtent_padded, + econtent, econtent_len, - dsc_pubkey: public_key_n, - dsc_barrett_mu, + dsc_pubkey: dsc_modulus, + dsc_barrett_mu: dsc_barrett, dsc_signature, - dsc_rsa_exponent, - csc_pubkey: csca_public_n, - csc_barrett_mu: csca_barrett_mu, + dsc_rsa_exponent: dsc_exponent, + csc_pubkey: csca_modulus, + csc_barrett_mu: csca_barrett, dsc_cert_signature: csca_signature, - csc_rsa_exponent: csca_rsa_exponent, + csc_rsa_exponent: csca_exponent, dg1_hash_offset, econtent_hash_offset, - dsc_pubkey_offset_in_dsc_cert, + dsc_pubkey_offset_in_dsc_cert: dsc_pubkey_offset, dsc_cert, - dsc_cert_len: tbs_bytes_len, + dsc_cert_len, }, } } @@ -338,96 +301,46 @@ impl PassportReader { impl CircuitInputs { pub fn to_toml_string(&self) -> String { - let mut toml_content = String::new(); - - toml_content.push_str(&format!("dg1 = {:?}\n", self.dg1)); - toml_content.push_str(&format!("dg1_padded_length = {}\n", self.dg1_padded_length)); - toml_content.push_str(&format!("current_date = {}\n", self.current_date)); - toml_content.push_str(&format!("min_age_required = {}\n", self.min_age_required)); - toml_content.push_str(&format!("max_age_required = {}\n", self.max_age_required)); - - toml_content.push_str("\n[passport_validity_contents]\n"); - toml_content.push_str(&format!( - "signed_attributes = {:?}\n", - self.passport_validity_contents.signed_attributes - )); - toml_content.push_str(&format!( - "signed_attributes_size = {}\n", - self.passport_validity_contents.signed_attributes_size - )); - - toml_content.push_str(&format!( - "econtent = {:?}\n", - self.passport_validity_contents.econtent - )); - toml_content.push_str(&format!( - "econtent_len = {}\n", - self.passport_validity_contents.econtent_len - )); - - toml_content.push_str(&format!( - "dsc_signature = {:?}\n", - self.passport_validity_contents.dsc_signature - )); - toml_content.push_str(&format!( - "dsc_rsa_exponent = {}\n", - self.passport_validity_contents.dsc_rsa_exponent - )); - toml_content.push_str(&format!( - "dsc_pubkey = {:?}\n", - self.passport_validity_contents.dsc_pubkey - )); - toml_content.push_str(&format!( - "dsc_barrett_mu = {:?}\n", - self.passport_validity_contents.dsc_barrett_mu - )); - - toml_content.push_str(&format!( - "csc_pubkey = {:?}\n", - self.passport_validity_contents.csc_pubkey - )); - toml_content.push_str(&format!( - "csc_barrett_mu = {:?}\n", - self.passport_validity_contents.csc_barrett_mu - )); - toml_content.push_str(&format!( - "dsc_cert_signature = {:?}\n", - self.passport_validity_contents.dsc_cert_signature - )); - toml_content.push_str(&format!( - "csc_rsa_exponent = {}\n", - self.passport_validity_contents.csc_rsa_exponent - )); - - toml_content.push_str(&format!( - "dg1_hash_offset = {}\n", - self.passport_validity_contents.dg1_hash_offset - )); - toml_content.push_str(&format!( - "econtent_hash_offset = {}\n", - self.passport_validity_contents.econtent_hash_offset - )); - toml_content.push_str(&format!( - "dsc_pubkey_offset_in_dsc_cert = {}\n", - self.passport_validity_contents - .dsc_pubkey_offset_in_dsc_cert - )); - toml_content.push_str(&format!( - "dsc_cert = {:?}\n", - self.passport_validity_contents.dsc_cert - )); - toml_content.push_str(&format!( - "dsc_cert_len = {}\n", - self.passport_validity_contents.dsc_cert_len - )); - - toml_content + let mut out = String::new(); + writeln!(out, "dg1 = {:?}", self.dg1).unwrap(); + writeln!(out, "dg1_padded_length = {}", self.dg1_padded_length).unwrap(); + writeln!(out, "current_date = {}", self.current_date).unwrap(); + writeln!(out, "min_age_required = {}", self.min_age_required).unwrap(); + writeln!(out, "max_age_required = {}", self.max_age_required).unwrap(); + writeln!(out, "\n[passport_validity_contents]").unwrap(); + + let pvc = &self.passport_validity_contents; + writeln!(out, "signed_attributes = {:?}", pvc.signed_attributes).unwrap(); + writeln!( + out, + "signed_attributes_size = {}", + pvc.signed_attributes_size + ) + .unwrap(); + writeln!(out, "econtent = {:?}", pvc.econtent).unwrap(); + writeln!(out, "econtent_len = {}", pvc.econtent_len).unwrap(); + writeln!(out, "dsc_signature = {:?}", pvc.dsc_signature).unwrap(); + writeln!(out, "dsc_rsa_exponent = {}", pvc.dsc_rsa_exponent).unwrap(); + writeln!(out, "dsc_pubkey = {:?}", pvc.dsc_pubkey).unwrap(); + writeln!(out, "dsc_barrett_mu = {:?}", pvc.dsc_barrett_mu).unwrap(); + writeln!(out, "csc_pubkey = {:?}", pvc.csc_pubkey).unwrap(); + writeln!(out, "csc_barrett_mu = {:?}", pvc.csc_barrett_mu).unwrap(); + writeln!(out, "dsc_cert_signature = {:?}", pvc.dsc_cert_signature).unwrap(); + writeln!(out, "csc_rsa_exponent = {}", pvc.csc_rsa_exponent).unwrap(); + writeln!(out, "dg1_hash_offset = {}", pvc.dg1_hash_offset).unwrap(); + writeln!(out, "econtent_hash_offset = {}", pvc.econtent_hash_offset).unwrap(); + writeln!( + out, + "dsc_pubkey_offset_in_dsc_cert = {}", + pvc.dsc_pubkey_offset_in_dsc_cert + ) + .unwrap(); + writeln!(out, "dsc_cert = {:?}", pvc.dsc_cert).unwrap(); + writeln!(out, "dsc_cert_len = {}", pvc.dsc_cert_len).unwrap(); + out } pub fn save_to_toml_file>(&self, path: P) -> std::io::Result<()> { - let toml_content = self.to_toml_string(); - let mut file = File::create(path)?; - file.write_all(toml_content.as_bytes())?; - Ok(()) + std::fs::write(path, self.to_toml_string()) } } diff --git a/playground/passport-input-gen/src/parser/sod.rs b/playground/passport-input-gen/src/parser/sod.rs index 3f9207117..1a8ee0aa2 100644 --- a/playground/passport-input-gen/src/parser/sod.rs +++ b/playground/passport-input-gen/src/parser/sod.rs @@ -30,9 +30,6 @@ pub struct SOD { impl SOD { /// Parses the `signedAttrs` field from a `SignerInfo`. - /// - Extracts attributes like `messageDigest`, `contentType`, and - /// `signingTime`. - /// - Returns a structured `SignedAttrs` object. fn parse_signed_attrs( signer_info_raw: &rasn_cms::SignerInfo, registry: &HashMap<&'static str, OidEntry>, @@ -41,14 +38,14 @@ impl SOD { let mut reconstructed_signed_attrs: Vec = vec![]; for attr in signer_info_raw.signed_attrs.clone().unwrap_or_default() { - let oid: &rasn::types::ObjectIdentifier = &attr.r#type; - let values = &attr.values; - let oid_str = oid_to_string(oid); - + let oid_str = oid_to_string(&attr.r#type); let name = get_oid_name(&oid_str, registry); - let val = values.first().expect("No value in Attribute").as_bytes(); + let val = attr + .values + .first() + .expect("No value in Attribute") + .as_bytes(); signed_attr_map.insert(name, Binary::from_slice(val)); - reconstructed_signed_attrs.push(attr); } @@ -72,8 +69,7 @@ impl SOD { let content_type_oid: rasn::types::ObjectIdentifier = der::decode(&content_type_bytes.data).expect("Failed to decode contentType OID"); - - let oid_string: String = oid_to_string(&content_type_oid); + let oid_string = oid_to_string(&content_type_oid); SignedAttrs { bytes: Binary::from_slice(&reconstructed_block), @@ -112,9 +108,6 @@ impl SOD { /// Parses the encapsulated LDS Security Object (`encapContentInfo`) from /// the SOD. - /// - Extracts the hash algorithm and data group hash values (DG1, DG2, - /// etc.). - /// - Builds an `EncapContentInfo` with structured hashes and metadata. fn parse_encap_content_info( signed_data: &SignedData, registry: &HashMap<&'static str, OidEntry>, @@ -164,8 +157,6 @@ impl SOD { } /// Parses a `SignerInfo` structure into a custom `SignerInfo` model. - /// - Handles signed attributes, digest algorithm, signature algorithm, and - /// signature value. fn parse_signer_info( signer_info_raw: &rasn_cms::SignerInfo, registry: &HashMap<&'static str, OidEntry>, @@ -216,8 +207,6 @@ impl SOD { } /// Parses the signer identifier (SID) from the `SignerInfo`. - /// - Supports both `IssuerAndSerialNumber` and `SubjectKeyIdentifier`. - /// - Builds a readable issuer DN string (CN, O, OU, etc.). fn parse_signer_identifier(sid: rasn_cms::SignerIdentifier) -> SignerIdentifier { match sid { rasn_cms::SignerIdentifier::IssuerAndSerialNumber(issuer_and_serial) => { @@ -263,10 +252,6 @@ impl SOD { /// Entry point: parses a full SOD (Security Object Document) from raw DER /// bytes. - /// - Decodes CMS `ContentInfo` and `SignedData`. - /// - Extracts digest algorithms, certificate, `encapContentInfo`, and - /// `SignerInfo`. - /// - Returns a structured `SOD` with all relevant fields populated. pub fn from_der(binary: &mut Binary) -> SOD { *binary = strip_length_prefix(binary); let hex_der = hex::decode(binary.to_hex().trim_start_matches("0x")).unwrap(); @@ -288,16 +273,20 @@ impl SOD { panic!("No signedAttrs found in SignerInfo"); } let registry = load_oids(); - let mut digest_algorithms: Vec = vec![]; - for alg in &signed_data.digest_algorithms { - let oid_str = oid_to_string(&alg.algorithm); - let name = get_hash_algo_name(&oid_str, ®istry); - if let Some(digest_alg) = DigestAlgorithm::from_name(&name) { - digest_algorithms.push(digest_alg); - } else { - eprintln!("Unknown digest algorithm: {}", name); - } - } + let digest_algorithms: Vec = signed_data + .digest_algorithms + .iter() + .filter_map(|alg| { + let oid_str = oid_to_string(&alg.algorithm); + let name = get_hash_algo_name(&oid_str, ®istry); + if let Some(digest_alg) = DigestAlgorithm::from_name(&name) { + Some(digest_alg) + } else { + eprintln!("Unknown digest algorithm: {}", name); + None + } + }) + .collect(); let certificate = Self::parse_certificate(&signed_data); let encap_content_info = Self::parse_encap_content_info(&signed_data, ®istry); let signer_info = Self::parse_signer_info(&signer_info_raw, ®istry); diff --git a/playground/passport-input-gen/src/parser/types.rs b/playground/passport-input-gen/src/parser/types.rs index 455e1fb92..28f79c940 100644 --- a/playground/passport-input-gen/src/parser/types.rs +++ b/playground/passport-input-gen/src/parser/types.rs @@ -7,8 +7,15 @@ use { }, rasn_pkix::AlgorithmIdentifier, std::collections::HashMap, + thiserror::Error, }; +pub const MAX_SIGNED_ATTRIBUTES_SIZE: usize = 200; +pub const MAX_DG1_SIZE: usize = 95; +pub const SIG_BYTES: usize = 256; +pub const MAX_ECONTENT_SIZE: usize = 200; +pub const MAX_TBS_SIZE: usize = 1500; + #[derive(Debug, Clone)] pub enum DigestAlgorithm { SHA1, @@ -164,3 +171,21 @@ pub struct LDSSecurityObject { pub data_group_hash_values: SequenceOf, pub lds_version_info: Option, } + +#[derive(Debug, Error)] +pub enum PassportError { + #[error("DG1 hash mismatch in eContent")] + Dg1HashMismatch, + #[error("eContent hash mismatch in SignedAttributes")] + EcontentHashMismatch, + #[error("Invalid DSC public key")] + InvalidDscKey, + #[error("DSC signature verification failed")] + DscSignatureInvalid, + #[error("Failed to load CSCA keys")] + CscaKeysMissing, + #[error("No USA CSCA keys found")] + NoUsaCsca, + #[error("CSCA signature verification failed")] + CscaSignatureInvalid, +} diff --git a/playground/passport-input-gen/src/parser/utils.rs b/playground/passport-input-gen/src/parser/utils.rs index d0d22c03c..d3022895b 100644 --- a/playground/passport-input-gen/src/parser/utils.rs +++ b/playground/passport-input-gen/src/parser/utils.rs @@ -57,14 +57,12 @@ pub fn fit(data: &[u8]) -> [u8; N] { pub struct CscaKey { pub filename: String, pub public_key: String, - // pub modulus: String, - // pub exponent: u32, // pub subject: String, - // #[serde(rename = "notBefore")] - // pub not_before: String, - // #[serde(rename = "notAfter")] - // pub not_after: String, - // pub serial: String, + #[serde(rename = "notBefore")] + pub not_before: String, + #[serde(rename = "notAfter")] + pub not_after: String, + pub serial: String, } pub fn load_csca_public_keys() -> Result>, Box> @@ -73,3 +71,25 @@ pub fn load_csca_public_keys() -> Result>, Box> = serde_json::from_str(&file_content)?; Ok(csca_keys) } + +pub fn to_fixed_array(bytes: Vec, label: &str) -> [u8; N] { + bytes + .try_into() + .unwrap_or_else(|_| panic!("{label} not {N} bytes")) +} + +pub fn to_u32(bytes: Vec) -> u32 { + if bytes.len() > 4 { + panic!("RSA exponent too large"); + } + let mut buf = [0u8; 4]; + buf[4 - bytes.len()..].copy_from_slice(&bytes); + u32::from_be_bytes(buf) +} + +pub fn find_offset(haystack: &[u8], needle: &[u8], label: &str) -> usize { + haystack + .windows(needle.len()) + .position(|w| w == needle) + .unwrap_or_else(|| panic!("{label} not found")) +} From eb2f9d6c2a5ba81b1c7c1475fb83cc178830cf3e Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Sun, 14 Sep 2025 02:36:48 +0530 Subject: [PATCH 06/10] feat: mock data inputs --- .../.cargo/katex-header.html | 1 + playground/passport-input-gen/Cargo.toml | 5 +- .../passport-input-gen/src/constants.rs | 160 -------- playground/passport-input-gen/src/crypto.rs | 79 ---- .../passport-input-gen/src/generator.rs | 95 ----- playground/passport-input-gen/src/lib.rs | 385 ++++++++++++++++++ playground/passport-input-gen/src/main.rs | 29 -- .../passport-input-gen/src/mock_generator.rs | 185 +++++++++ .../passport-input-gen/src/mock_keys.rs | 81 ++++ .../passport-input-gen/src/parser/mod.rs | 350 +--------------- .../passport-input-gen/src/parser/utils.rs | 15 +- .../passport-input-gen/src/prover_config.rs | 115 ------ 12 files changed, 671 insertions(+), 829 deletions(-) create mode 100644 playground/passport-input-gen/.cargo/katex-header.html delete mode 100644 playground/passport-input-gen/src/constants.rs delete mode 100644 playground/passport-input-gen/src/crypto.rs delete mode 100644 playground/passport-input-gen/src/generator.rs create mode 100644 playground/passport-input-gen/src/lib.rs delete mode 100644 playground/passport-input-gen/src/main.rs create mode 100644 playground/passport-input-gen/src/mock_generator.rs create mode 100644 playground/passport-input-gen/src/mock_keys.rs delete mode 100644 playground/passport-input-gen/src/prover_config.rs diff --git a/playground/passport-input-gen/.cargo/katex-header.html b/playground/passport-input-gen/.cargo/katex-header.html new file mode 100644 index 000000000..0e76edd65 --- /dev/null +++ b/playground/passport-input-gen/.cargo/katex-header.html @@ -0,0 +1 @@ + diff --git a/playground/passport-input-gen/Cargo.toml b/playground/passport-input-gen/Cargo.toml index 0c2c14f10..d8c62ad7a 100644 --- a/playground/passport-input-gen/Cargo.toml +++ b/playground/passport-input-gen/Cargo.toml @@ -19,7 +19,4 @@ serde_json = "1.0.143" toml = "0.8" noir-bignum-paramgen = "0.1.5" thiserror = "2.0.16" - -[[bin]] -name = "passport-input-generator" -path = "src/main.rs" +signature = "2.2" diff --git a/playground/passport-input-gen/src/constants.rs b/playground/passport-input-gen/src/constants.rs deleted file mode 100644 index cc0b158e4..000000000 --- a/playground/passport-input-gen/src/constants.rs +++ /dev/null @@ -1,160 +0,0 @@ -//! Part I: RSA params for the DSC_PUBKEY over SIGNED_ATTRIBUTES. -//! -//! Part II: RSA params + signature for the CSC_PUBKEY over DSC_CERT, which -//! contains within itself the DSC_PUBKEY (so we can check the country's -//! signature over a certificate containing the DSC). -pub const PASSPORT_SOD_SIZE: u64 = 64; -pub const SOD_CERT_SIZE: u64 = 32; - -// This is `n` -pub const DSC_RSA_PUBKEY_BYTES: [u8; 256] = [ - 192, 58, 60, 17, 52, 201, 97, 44, 238, 196, 29, 165, 93, 10, 196, 187, 214, 161, 26, 122, 165, - 122, 254, 7, 67, 159, 174, 26, 110, 70, 185, 63, 31, 134, 41, 31, 238, 180, 16, 42, 200, 115, - 160, 146, 83, 47, 130, 116, 92, 52, 44, 197, 1, 57, 228, 237, 218, 87, 123, 25, 76, 29, 50, 53, - 151, 38, 233, 181, 111, 232, 168, 55, 11, 40, 134, 69, 137, 216, 37, 192, 127, 33, 80, 163, 17, - 121, 60, 188, 97, 216, 13, 202, 217, 99, 56, 52, 41, 100, 107, 233, 243, 147, 209, 218, 30, 20, - 6, 201, 68, 27, 218, 225, 191, 241, 182, 58, 55, 90, 170, 250, 98, 198, 245, 45, 168, 206, 201, - 88, 42, 100, 207, 204, 125, 181, 43, 62, 94, 192, 217, 10, 97, 45, 37, 131, 190, 14, 248, 143, - 142, 249, 226, 134, 89, 10, 102, 160, 238, 165, 27, 78, 135, 167, 195, 214, 213, 123, 129, 4, - 27, 6, 115, 246, 101, 143, 141, 132, 221, 30, 25, 221, 162, 153, 175, 187, 26, 24, 8, 233, 54, - 83, 178, 115, 197, 140, 94, 141, 195, 161, 36, 170, 10, 243, 166, 76, 32, 0, 90, 83, 181, 242, - 91, 49, 198, 224, 65, 116, 205, 224, 136, 201, 106, 207, 149, 236, 121, 248, 162, 49, 60, 124, - 20, 21, 234, 157, 162, 22, 158, 167, 6, 149, 147, 64, 209, 233, 127, 54, 108, 141, 45, 183, 68, - 82, 150, 52, 10, 17, -]; - -// Primes the private key derivation -pub const DSC_P_BYTES: [u8; 128] = [ - 203, 233, 97, 37, 77, 135, 16, 25, 120, 207, 98, 216, 190, 7, 84, 1, 90, 53, 227, 194, 107, - 102, 54, 193, 43, 241, 68, 223, 190, 228, 205, 200, 47, 233, 196, 152, 188, 138, 24, 130, 131, - 158, 236, 107, 196, 232, 169, 137, 47, 123, 144, 84, 131, 190, 130, 40, 207, 136, 92, 234, 173, - 173, 247, 170, 12, 177, 98, 32, 151, 252, 128, 208, 24, 29, 133, 249, 101, 194, 234, 169, 195, - 216, 255, 254, 185, 77, 42, 42, 62, 36, 80, 88, 211, 68, 223, 102, 16, 28, 52, 144, 115, 193, - 172, 152, 221, 227, 214, 79, 33, 70, 44, 113, 17, 102, 122, 204, 137, 63, 100, 111, 117, 58, - 166, 224, 183, 161, 221, 29, -]; -pub const DSC_Q_BYTES: [u8; 128] = [ - 241, 84, 199, 169, 58, 250, 210, 199, 72, 176, 179, 105, 87, 142, 247, 166, 243, 99, 103, 200, - 173, 138, 94, 163, 240, 243, 61, 28, 13, 173, 159, 168, 226, 173, 107, 242, 149, 120, 233, 151, - 144, 113, 167, 170, 110, 123, 192, 11, 231, 54, 234, 153, 80, 188, 13, 108, 104, 88, 162, 51, - 74, 41, 168, 164, 83, 45, 225, 202, 119, 52, 181, 189, 43, 248, 181, 123, 163, 81, 43, 10, 172, - 232, 147, 243, 173, 103, 140, 189, 181, 143, 106, 131, 45, 12, 231, 208, 109, 14, 254, 178, - 160, 125, 120, 60, 195, 88, 253, 136, 32, 229, 107, 227, 142, 129, 111, 145, 109, 230, 112, - 154, 164, 108, 83, 102, 24, 118, 178, 133, -]; - -// This is for Barrett reduction. Note that the Noir version is actually -// just \lfloor \frac{b^{2k + 4}}{n} \rfloor rather than the usual -// \lfloor \frac{b^{2k}}{n} \rfloor. -pub const DSC_MU_BYTES: [u8; 257] = [ - 21, 78, 222, 215, 117, 196, 81, 199, 11, 168, 117, 238, 216, 140, 5, 35, 218, 135, 157, 202, - 207, 56, 100, 226, 86, 120, 215, 191, 30, 183, 145, 218, 114, 2, 89, 219, 84, 45, 28, 28, 30, - 62, 88, 92, 62, 73, 167, 47, 107, 93, 129, 152, 75, 41, 115, 134, 126, 66, 254, 51, 254, 179, - 58, 144, 234, 38, 251, 39, 24, 167, 111, 52, 72, 9, 54, 27, 136, 238, 212, 55, 104, 129, 220, - 83, 96, 199, 122, 33, 103, 225, 193, 240, 26, 157, 132, 46, 85, 151, 214, 253, 113, 14, 243, 5, - 45, 177, 61, 7, 8, 247, 9, 189, 16, 13, 220, 174, 181, 196, 47, 139, 112, 251, 200, 153, 50, - 145, 249, 39, 159, 143, 81, 146, 200, 234, 100, 73, 185, 243, 131, 124, 219, 217, 239, 153, 88, - 101, 158, 11, 77, 217, 200, 198, 202, 34, 24, 186, 204, 251, 64, 167, 121, 220, 102, 230, 36, - 117, 111, 192, 138, 146, 128, 95, 187, 236, 133, 172, 202, 254, 111, 199, 60, 224, 110, 5, 171, - 107, 124, 92, 141, 48, 58, 178, 229, 72, 80, 137, 35, 72, 134, 172, 28, 41, 247, 241, 207, 137, - 81, 118, 216, 208, 223, 90, 233, 150, 189, 89, 144, 238, 114, 151, 166, 225, 191, 188, 232, 24, - 154, 60, 176, 116, 140, 245, 115, 251, 123, 41, 161, 98, 140, 108, 41, 8, 214, 215, 26, 127, - 235, 150, 200, 158, 218, 103, 110, 157, 148, 122, 52, -]; - -// ------------------------- DSC_CERT stuff ------------------------- - -// This is the actual message to be signed -pub const DSC_CERT: [u8; 700] = [ - 192, 58, 60, 17, 52, 201, 97, 44, 238, 196, 29, 165, 93, 10, 196, 187, 214, 161, 26, 122, 165, - 122, 254, 7, 67, 159, 174, 26, 110, 70, 185, 63, 31, 134, 41, 31, 238, 180, 16, 42, 200, 115, - 160, 146, 83, 47, 130, 116, 92, 52, 44, 197, 1, 57, 228, 237, 218, 87, 123, 25, 76, 29, 50, 53, - 151, 38, 233, 181, 111, 232, 168, 55, 11, 40, 134, 69, 137, 216, 37, 192, 127, 33, 80, 163, 17, - 121, 60, 188, 97, 216, 13, 202, 217, 99, 56, 52, 41, 100, 107, 233, 243, 147, 209, 218, 30, 20, - 6, 201, 68, 27, 218, 225, 191, 241, 182, 58, 55, 90, 170, 250, 98, 198, 245, 45, 168, 206, 201, - 88, 42, 100, 207, 204, 125, 181, 43, 62, 94, 192, 217, 10, 97, 45, 37, 131, 190, 14, 248, 143, - 142, 249, 226, 134, 89, 10, 102, 160, 238, 165, 27, 78, 135, 167, 195, 214, 213, 123, 129, 4, - 27, 6, 115, 246, 101, 143, 141, 132, 221, 30, 25, 221, 162, 153, 175, 187, 26, 24, 8, 233, 54, - 83, 178, 115, 197, 140, 94, 141, 195, 161, 36, 170, 10, 243, 166, 76, 32, 0, 90, 83, 181, 242, - 91, 49, 198, 224, 65, 116, 205, 224, 136, 201, 106, 207, 149, 236, 121, 248, 162, 49, 60, 124, - 20, 21, 234, 157, 162, 22, 158, 167, 6, 149, 147, 64, 209, 233, 127, 54, 108, 141, 45, 183, 68, - 82, 150, 52, 10, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, -]; - -pub const CSC_PUBKEY: [u8; 256] = [ - 224, 180, 214, 135, 38, 18, 4, 58, 73, 171, 42, 173, 59, 213, 43, 83, 124, 174, 52, 186, 188, - 60, 225, 178, 33, 200, 177, 8, 57, 122, 114, 73, 57, 208, 142, 76, 52, 22, 58, 9, 77, 198, 29, - 29, 116, 12, 36, 135, 204, 95, 83, 108, 59, 139, 64, 196, 7, 189, 104, 122, 199, 149, 11, 212, - 11, 61, 71, 127, 243, 136, 11, 1, 214, 176, 197, 149, 165, 239, 24, 87, 122, 92, 31, 191, 182, - 114, 54, 202, 73, 169, 16, 252, 79, 35, 30, 59, 207, 11, 180, 40, 225, 98, 131, 35, 178, 75, - 159, 128, 37, 124, 15, 161, 80, 175, 110, 13, 248, 210, 84, 242, 28, 90, 22, 150, 114, 173, - 114, 139, 210, 146, 136, 146, 121, 91, 58, 105, 159, 194, 40, 206, 64, 104, 38, 23, 34, 31, 83, - 60, 94, 60, 161, 117, 255, 43, 171, 140, 13, 108, 210, 52, 39, 157, 209, 127, 153, 65, 245, 85, - 56, 115, 145, 130, 208, 219, 88, 32, 16, 173, 152, 177, 92, 10, 203, 23, 78, 64, 164, 139, 113, - 161, 7, 202, 225, 21, 59, 95, 211, 121, 193, 29, 81, 231, 94, 34, 89, 243, 173, 252, 199, 243, - 16, 51, 246, 4, 177, 183, 29, 234, 175, 230, 38, 38, 166, 232, 54, 34, 34, 218, 123, 71, 202, - 126, 209, 110, 122, 96, 204, 190, 45, 157, 209, 77, 102, 140, 209, 0, 154, 174, 131, 230, 175, - 201, 26, 186, 195, 97, -]; -pub const CSC_PUBKEY_MU: [u8; 257] = [ - 18, 58, 109, 78, 125, 158, 62, 131, 144, 126, 13, 128, 223, 13, 125, 210, 50, 147, 112, 59, - 155, 196, 101, 157, 158, 220, 16, 214, 247, 182, 66, 3, 212, 210, 119, 137, 109, 134, 171, 192, - 63, 233, 217, 62, 0, 155, 21, 86, 17, 117, 45, 238, 46, 93, 89, 197, 249, 63, 184, 217, 51, - 147, 90, 2, 29, 46, 145, 4, 107, 58, 139, 166, 135, 86, 161, 109, 170, 130, 243, 112, 152, 59, - 29, 28, 187, 156, 206, 95, 82, 222, 13, 127, 186, 196, 52, 31, 51, 209, 250, 85, 242, 55, 229, - 100, 173, 135, 180, 166, 247, 234, 23, 175, 211, 166, 206, 99, 235, 89, 106, 37, 104, 70, 67, - 69, 73, 14, 254, 250, 34, 90, 214, 119, 48, 96, 42, 36, 135, 117, 34, 120, 171, 106, 203, 109, - 186, 213, 12, 160, 24, 255, 44, 247, 247, 139, 31, 183, 202, 234, 97, 18, 67, 146, 42, 255, - 193, 1, 199, 102, 34, 126, 150, 138, 27, 128, 143, 210, 242, 195, 177, 4, 121, 134, 109, 245, - 63, 165, 107, 65, 220, 238, 108, 1, 195, 10, 163, 181, 77, 41, 24, 235, 88, 131, 39, 157, 24, - 232, 155, 185, 252, 51, 238, 95, 20, 207, 11, 91, 50, 36, 16, 13, 20, 174, 174, 248, 179, 224, - 219, 242, 63, 90, 229, 4, 234, 237, 237, 208, 33, 173, 29, 22, 243, 162, 101, 75, 158, 211, 78, - 53, 22, 140, 251, 20, 100, 27, 33, 199, 91, -]; -pub const CSC_P_BYTES: [u8; 128] = [ - 252, 167, 178, 185, 203, 240, 127, 45, 79, 211, 213, 150, 243, 41, 153, 7, 205, 201, 73, 137, - 124, 75, 62, 193, 145, 198, 198, 143, 37, 138, 56, 170, 237, 125, 140, 0, 162, 99, 53, 103, 15, - 64, 245, 62, 201, 126, 160, 212, 191, 58, 153, 203, 66, 213, 175, 247, 182, 24, 1, 205, 162, - 180, 80, 117, 54, 19, 76, 230, 57, 43, 69, 23, 133, 221, 22, 107, 185, 246, 35, 153, 72, 152, - 223, 203, 239, 129, 187, 107, 23, 2, 7, 186, 54, 62, 38, 115, 98, 243, 166, 199, 74, 136, 228, - 41, 31, 26, 21, 214, 102, 119, 56, 34, 143, 81, 246, 225, 133, 198, 75, 143, 96, 74, 243, 1, - 219, 44, 231, 249, -]; -pub const CSC_Q_BYTES: [u8; 128] = [ - 227, 174, 106, 117, 3, 88, 186, 84, 135, 35, 168, 66, 131, 201, 107, 22, 2, 3, 57, 63, 49, 28, - 144, 26, 41, 46, 37, 128, 122, 37, 255, 187, 74, 231, 128, 233, 133, 91, 223, 48, 63, 221, 120, - 90, 212, 34, 245, 232, 148, 251, 108, 183, 49, 166, 127, 91, 145, 195, 31, 97, 251, 237, 77, - 135, 145, 20, 140, 60, 70, 137, 231, 104, 157, 19, 101, 31, 61, 65, 110, 76, 18, 170, 31, 15, - 210, 146, 190, 178, 214, 228, 241, 239, 232, 230, 89, 125, 72, 79, 249, 201, 15, 3, 195, 61, - 178, 178, 19, 149, 23, 20, 208, 255, 136, 201, 172, 53, 241, 70, 188, 232, 74, 162, 103, 32, - 172, 106, 160, 169, -]; -pub const DSC_CERT_SIGNATURE_BYTES: [u8; 256] = [ - 10, 206, 98, 74, 100, 76, 221, 180, 183, 172, 153, 91, 69, 40, 127, 246, 154, 214, 50, 66, 197, - 55, 239, 218, 24, 20, 33, 244, 14, 20, 160, 200, 243, 254, 38, 234, 124, 188, 9, 110, 98, 60, - 205, 132, 99, 227, 137, 208, 178, 207, 78, 138, 101, 169, 132, 117, 127, 54, 250, 21, 5, 197, - 184, 173, 116, 21, 50, 140, 155, 149, 168, 244, 220, 82, 43, 58, 153, 160, 133, 25, 117, 106, - 127, 48, 10, 138, 16, 46, 80, 154, 173, 139, 203, 238, 4, 31, 241, 121, 138, 71, 30, 39, 188, - 130, 223, 45, 40, 113, 157, 171, 16, 151, 161, 40, 164, 78, 41, 141, 181, 11, 136, 152, 117, - 93, 222, 60, 59, 227, 206, 201, 192, 16, 162, 10, 197, 88, 183, 248, 91, 22, 113, 121, 223, - 244, 59, 241, 252, 248, 27, 120, 171, 163, 207, 6, 179, 160, 210, 180, 228, 25, 189, 213, 29, - 128, 8, 60, 209, 87, 91, 135, 128, 147, 23, 248, 33, 180, 187, 248, 110, 93, 166, 176, 31, 192, - 237, 216, 150, 33, 212, 205, 122, 94, 35, 9, 57, 135, 169, 230, 95, 188, 232, 200, 4, 234, 248, - 47, 145, 169, 230, 216, 245, 47, 19, 220, 233, 169, 26, 117, 155, 25, 63, 47, 86, 37, 24, 35, - 238, 138, 171, 57, 116, 215, 246, 124, 219, 23, 138, 121, 88, 189, 102, 88, 140, 133, 135, 184, - 224, 228, 135, 203, 107, 134, 142, 192, 117, 4, -]; diff --git a/playground/passport-input-gen/src/crypto.rs b/playground/passport-input-gen/src/crypto.rs deleted file mode 100644 index c5298901c..000000000 --- a/playground/passport-input-gen/src/crypto.rs +++ /dev/null @@ -1,79 +0,0 @@ -use { - rsa::{ - rand_core::OsRng, - traits::{PrivateKeyParts, PublicKeyParts}, - BigUint, Pkcs1v15Sign, RsaPrivateKey, - }, - sha2::{Digest, Sha256}, -}; - -// From Noir: -// `redc_param` = 2^{modulus_bits() * 2 + BARRETT_REDUCTION_OVERFLOW_BITS} / -// modulus -fn compute_redc_param_for_noir(n: &BigUint) -> BigUint { - const BARRETT_REDUCTION_OVERFLOW_BITS: usize = 4; - let k = n.bits(); - let b = BigUint::from(1u8) << (2 * k + BARRETT_REDUCTION_OVERFLOW_BITS); - &b / n -} - -/// Generates and prints a random set of RSA params, as bytes. -pub fn generate_random_rsa_params() { - let mut rng = OsRng; // rand@0.8 - let bits = 2048; - let private_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key"); - let _mu = compute_redc_param_for_noir(private_key.n()); -} - -/// Returns the signature bytes. -pub fn generate_rsa_signature_pkcs_from_priv_key( - rsa_priv_key_p_bytes: &[u8; 128], - rsa_priv_key_q_bytes: &[u8; 128], - message_bytes: &[u8], -) -> Vec { - let prime_p = BigUint::from_bytes_be(&rsa_priv_key_p_bytes[..]); - let prime_q = BigUint::from_bytes_be(&rsa_priv_key_q_bytes[..]); - let e = BigUint::from(65537_u64); - let private_key = - RsaPrivateKey::from_p_q(prime_p, prime_q, e).expect("failed to read key from prime bytes"); - let public_key = private_key.to_public_key(); - let padding = Pkcs1v15Sign::new::(); // We explicitly want PKCSv1.15, not PSS - - let digest_in = Sha256::digest(message_bytes); - let signature_bytes = private_key - .sign(padding.clone(), &digest_in) - .expect("We should be able to sign"); - - public_key - .verify(padding, &digest_in, &signature_bytes) - .expect("Error: verification failed"); - - signature_bytes -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_rsa_signature_generation() { - let mut rng = OsRng; - let bits = 2048; - let private_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key"); - - let p_bytes = private_key.primes()[0].to_bytes_be(); - let q_bytes = private_key.primes()[1].to_bytes_be(); - - let mut p_padded = [0u8; 128]; - let mut q_padded = [0u8; 128]; - p_padded[128 - p_bytes.len()..].copy_from_slice(&p_bytes); - q_padded[128 - q_bytes.len()..].copy_from_slice(&q_bytes); - - let message = b"test message"; - - let signature = generate_rsa_signature_pkcs_from_priv_key(&p_padded, &q_padded, message); - - assert!(!signature.is_empty()); - assert_eq!(signature.len(), 256); - } -} diff --git a/playground/passport-input-gen/src/generator.rs b/playground/passport-input-gen/src/generator.rs deleted file mode 100644 index 03b8db531..000000000 --- a/playground/passport-input-gen/src/generator.rs +++ /dev/null @@ -1,95 +0,0 @@ -use crate::prover_config::{ - dg1_bytes_with_birthdate_expiry_date, - generate_prover_toml_string_from_custom_dg1_date_and_required_age, -}; - -pub fn generate_usa_passport_sample() -> String { - // USA passport MRZ example from the test file - // P YYMMDD format - // Expiry: 250101 (January 1, 2025) -> YYMMDD format - let birthdate_bytes = [b'9', b'0', b'0', b'1', b'0', b'1']; // Jan 1, 1990 - let expiry_bytes = [b'2', b'5', b'0', b'1', b'0', b'1']; // Jan 1, 2025 - let current_date = 20250101; // Current date for age verification - - // Generate DG1 with USA passport data - let usa_dg1_with_birthdate_expiry = - dg1_bytes_with_birthdate_expiry_date(&birthdate_bytes, &expiry_bytes); - - let usa_prover_toml = generate_prover_toml_string_from_custom_dg1_date_and_required_age( - &usa_dg1_with_birthdate_expiry, - 18, - 70, - current_date, - ); - - usa_prover_toml -} - -pub fn generate_age_testcases() -> Vec<(String, String)> { - let mut testcases = Vec::new(); - let current_date = 20250101; // January 1, 2025 - - // Test Case 1: Below 18 (17 years old - born January 2, 2007) - let birthdate_below_18 = [b'0', b'7', b'0', b'1', b'0', b'2']; // January 2, 2007 - let expiry_below_18 = [b'3', b'2', b'0', b'1', b'0', b'2']; // January 2, 2032 - let below_18_dg1 = dg1_bytes_with_birthdate_expiry_date(&birthdate_below_18, &expiry_below_18); - let below_18_toml = generate_prover_toml_string_from_custom_dg1_date_and_required_age( - &below_18_dg1, - 1, - 18, - current_date, - ); - testcases.push(("below_18".to_string(), below_18_toml)); - - // Test Case 2: Exactly 18 (born January 1, 2007) - let birthdate_exactly_18 = [b'0', b'7', b'0', b'1', b'0', b'1']; // January 1, 2007 - let expiry_exactly_18 = [b'3', b'2', b'0', b'1', b'0', b'1']; // January 1, 2032 - let exactly_18_dg1 = - dg1_bytes_with_birthdate_expiry_date(&birthdate_exactly_18, &expiry_exactly_18); - let exactly_18_toml = generate_prover_toml_string_from_custom_dg1_date_and_required_age( - &exactly_18_dg1, - 18, - 70, - current_date, - ); - testcases.push(("exactly_18".to_string(), exactly_18_toml)); - - // Test Case 3: Above 18 (19 years old - born December 31, 2005) - let birthdate_above_18 = [b'0', b'5', b'1', b'2', b'3', b'1']; // December 31, 2005 - let expiry_above_18 = [b'3', b'0', b'1', b'2', b'3', b'1']; // December 31, 2030 - let above_18_dg1 = dg1_bytes_with_birthdate_expiry_date(&birthdate_above_18, &expiry_above_18); - let above_18_toml = generate_prover_toml_string_from_custom_dg1_date_and_required_age( - &above_18_dg1, - 18, - 70, - current_date, - ); - testcases.push(("above_18".to_string(), above_18_toml)); - - testcases -} - -pub fn create_usa_dg1_from_mrz(mrz: &str) -> Option<[u8; 95]> { - // US MRZ format: - // P, +} + +/// Circuit inputs for Noir +pub struct CircuitInputs { + pub dg1: [u8; MAX_DG1_SIZE], + pub dg1_padded_length: usize, + pub current_date: u64, + pub min_age_required: u8, + pub max_age_required: u8, + pub passport_validity_contents: PassportValidityContent, +} + +/// Extracted validity contents from SOD +pub struct PassportValidityContent { + pub signed_attributes: [u8; MAX_SIGNED_ATTRIBUTES_SIZE], + pub signed_attributes_size: usize, + pub econtent: [u8; MAX_ECONTENT_SIZE], + pub econtent_len: usize, + pub dsc_pubkey: [u8; SIG_BYTES], + pub dsc_barrett_mu: [u8; SIG_BYTES + 1], + pub dsc_signature: [u8; SIG_BYTES], + pub dsc_rsa_exponent: u32, + pub csc_pubkey: [u8; SIG_BYTES * 2], + pub csc_barrett_mu: [u8; (SIG_BYTES * 2) + 1], + pub dsc_cert_signature: [u8; SIG_BYTES * 2], + pub csc_rsa_exponent: u32, + pub dg1_hash_offset: usize, + pub econtent_hash_offset: usize, + pub dsc_pubkey_offset_in_dsc_cert: usize, + pub dsc_cert: [u8; MAX_TBS_SIZE], + pub dsc_cert_len: usize, +} + +impl PassportReader { + /// Extract SignedAttributes (padded + size) + fn extract_signed_attrs(&self) -> ([u8; MAX_SIGNED_ATTRIBUTES_SIZE], usize) { + let signed_attrs = self.sod.signer_info.signed_attrs.bytes.to_number_array(); + let size = signed_attrs.len(); + let padded = fit::(&signed_attrs); + (padded, size) + } + + /// Extract eContent (padded + size + raw bytes) + fn extract_econtent(&self) -> ([u8; MAX_ECONTENT_SIZE], usize, Vec) { + let econtent_bytes = self + .sod + .encap_content_info + .e_content + .bytes + .to_number_array(); + let len = econtent_bytes.len(); + let padded = fit::(&econtent_bytes); + (padded, len, econtent_bytes) + } + + /// Extract DSC public key, exponent, Barrett mu, and signature + fn extract_dsc(&self) -> ([u8; SIG_BYTES], u32, [u8; SIG_BYTES + 1], [u8; SIG_BYTES]) { + let der = self + .sod + .certificate + .tbs + .subject_public_key_info + .subject_public_key + .to_number_array(); + let pubkey = RsaPublicKey::from_pkcs1_der(&der).unwrap(); + + let modulus = to_fixed_array::(pubkey.n().to_bytes_be(), "DSC modulus"); + let exponent = to_u32(pubkey.e().to_bytes_be()); + let barrett = to_fixed_array::<{ SIG_BYTES + 1 }>( + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + "DSC Barrett", + ); + let signature = to_fixed_array::( + self.sod.signer_info.signature.to_number_array(), + "DSC signature", + ); + + (modulus, exponent, barrett, signature) + } + + /// Extract CSCA public key, exponent, Barrett mu, and signature + fn extract_csca( + &self, + idx: usize, + ) -> ( + [u8; SIG_BYTES * 2], + u32, + [u8; SIG_BYTES * 2 + 1], + [u8; SIG_BYTES * 2], + ) { + let csca_keys = load_csca_public_keys().unwrap(); + let usa_csca = csca_keys.get("USA").unwrap(); + let der = STANDARD + .decode(usa_csca[idx].public_key.as_bytes()) + .unwrap(); + let pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); + + let modulus = to_fixed_array::<{ SIG_BYTES * 2 }>(pubkey.n().to_bytes_be(), "CSCA modulus"); + let exponent = to_u32(pubkey.e().to_bytes_be()); + let barrett = to_fixed_array::<{ SIG_BYTES * 2 + 1 }>( + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + "CSCA Barrett", + ); + let signature = to_fixed_array::<{ SIG_BYTES * 2 }>( + self.sod.certificate.signature.to_number_array(), + "CSCA signature", + ); + + (modulus, exponent, barrett, signature) + } + + /// Extract CSCA data from an in-memory public key (used for mock data) + fn extract_csca_from_pubkey( + &self, + pubkey: &RsaPublicKey, + ) -> ( + [u8; SIG_BYTES * 2], + u32, + [u8; SIG_BYTES * 2 + 1], + [u8; SIG_BYTES * 2], + ) { + let modulus = to_fixed_array::<{ SIG_BYTES * 2 }>(pubkey.n().to_bytes_be(), "CSCA modulus"); + let exponent = to_u32(pubkey.e().to_bytes_be()); + let barrett = to_fixed_array::<{ SIG_BYTES * 2 + 1 }>( + compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + "CSCA Barrett", + ); + let signature = to_fixed_array::<{ SIG_BYTES * 2 }>( + self.sod.certificate.signature.to_number_array(), + "CSCA signature", + ); + + (modulus, exponent, barrett, signature) + } + + /// Extract DSC certificate (padded + len + offset of modulus inside cert) + fn extract_dsc_cert( + &self, + dsc_modulus: &[u8; SIG_BYTES], + ) -> ([u8; MAX_TBS_SIZE], usize, usize) { + let tbs_bytes = self.sod.certificate.tbs.bytes.to_number_array(); + let cert_len = tbs_bytes.len(); + let padded = fit::(&tbs_bytes); + let pubkey_offset = find_offset(&tbs_bytes, dsc_modulus, "DSC modulus in cert"); + (padded, cert_len, pubkey_offset) + } + /// Validate DG1, eContent, and signatures against DSC + CSCA + pub fn validate(&self) -> Result { + // 1. Check DG1 hash inside eContent + let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + let dg1_from_econtent = self + .sod + .encap_content_info + .e_content + .data_group_hash_values + .values + .get(&1) + .expect("DG1 hash missing") + .to_number_array(); + + if dg1_from_econtent != dg1_hash.to_vec() { + return Err(PassportError::Dg1HashMismatch); + } + + // 2. Check hash(eContent) inside SignedAttributes + let econtent_hash = Sha256::digest( + &self + .sod + .encap_content_info + .e_content + .bytes + .to_number_array(), + ); + let mut msg_digest = self + .sod + .signer_info + .signed_attrs + .message_digest + .to_number_array(); + if msg_digest.len() > 2 && msg_digest[0] == 0x04 { + msg_digest = msg_digest[2..].to_vec(); + } + + if econtent_hash.as_slice() != msg_digest { + return Err(PassportError::EcontentHashMismatch); + } + + // 3. Verify SignedAttributes signature with DSC + let signed_attr_hash = + Sha256::digest(&self.sod.signer_info.signed_attrs.bytes.to_number_array()); + let dsc_pubkey_bytes = self + .sod + .certificate + .tbs + .subject_public_key_info + .subject_public_key + .to_number_array(); + let dsc_pubkey = RsaPublicKey::from_pkcs1_der(&dsc_pubkey_bytes).expect("Invalid DSC key"); + + let dsc_signature = self.sod.signer_info.signature.to_number_array(); + dsc_pubkey + .verify( + Pkcs1v15Sign::new::(), + &signed_attr_hash, + &dsc_signature, + ) + .map_err(|_| PassportError::DscSignatureInvalid)?; + + let tbs_bytes = &self.sod.certificate.tbs.bytes.to_number_array(); + let tbs_digest = Sha256::digest(tbs_bytes); + let csca_signature = &self.sod.certificate.signature.to_number_array(); + + if let Some(key) = &self.csca_pubkey { + key.verify(Pkcs1v15Sign::new::(), &tbs_digest, csca_signature) + .map_err(|_| PassportError::CscaSignatureInvalid)?; + return Ok(0); + } + + let all_csca = load_csca_public_keys().map_err(|_| PassportError::CscaKeysMissing)?; + let usa_csca = all_csca.get("USA").ok_or(PassportError::NoUsaCsca)?; + + for (i, csca) in usa_csca.iter().enumerate() { + let der = STANDARD.decode(csca.public_key.as_bytes()).unwrap(); + let csca_pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); + if csca_pubkey + .verify(Pkcs1v15Sign::new::(), &tbs_digest, csca_signature) + .is_ok() + { + return Ok(i); // Success, return CSCA index + } + } + + Err(PassportError::CscaSignatureInvalid) + } + + /// Convert to circuit inputs for Noir Circuits + pub fn to_circuit_inputs( + &self, + current_date: u64, + min_age_required: u8, + max_age_required: u8, + csca_key_index: usize, + ) -> CircuitInputs { + // === Step 1. DG1 === + let dg1_padded = fit::(&self.dg1.to_number_array()); + let dg1_len = self.dg1.len(); + + // === Step 2. SignedAttributes === + let (signed_attrs, signed_attributes_size) = self.extract_signed_attrs(); + + // === Step 3. eContent === + let (econtent, econtent_len, econtent_bytes) = self.extract_econtent(); + + // === Step 4. DSC === + let (dsc_modulus, dsc_exponent, dsc_barrett, dsc_signature) = self.extract_dsc(); + + // === Step 5. CSCA === + let (csca_modulus, csca_exponent, csca_barrett, csca_signature) = if self.mockdata { + let key = self + .csca_pubkey + .as_ref() + .expect("Missing CSCA public key for mock data"); + self.extract_csca_from_pubkey(key) + } else { + self.extract_csca(csca_key_index) + }; + + // === Step 6. Offsets === + let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + let dg1_hash_offset = find_offset(&econtent_bytes, dg1_hash.as_slice(), "DG1 hash"); + + let econtent_hash = Sha256::digest(&econtent_bytes); + let econtent_hash_offset = + find_offset(&signed_attrs, econtent_hash.as_slice(), "eContent hash"); + + // === Step 7. DSC Certificate === + let (dsc_cert, dsc_cert_len, dsc_pubkey_offset) = self.extract_dsc_cert(&dsc_modulus); + + // === Step 8. Build CircuitInputs === + CircuitInputs { + dg1: dg1_padded, + dg1_padded_length: dg1_len, + current_date, + min_age_required, + max_age_required, + passport_validity_contents: PassportValidityContent { + signed_attributes: signed_attrs, + signed_attributes_size, + econtent, + econtent_len, + dsc_pubkey: dsc_modulus, + dsc_barrett_mu: dsc_barrett, + dsc_signature, + dsc_rsa_exponent: dsc_exponent, + csc_pubkey: csca_modulus, + csc_barrett_mu: csca_barrett, + dsc_cert_signature: csca_signature, + csc_rsa_exponent: csca_exponent, + dg1_hash_offset, + econtent_hash_offset, + dsc_pubkey_offset_in_dsc_cert: dsc_pubkey_offset, + dsc_cert, + dsc_cert_len, + }, + } + } +} + +impl CircuitInputs { + pub fn to_toml_string(&self) -> String { + let mut out = String::new(); + writeln!(out, "dg1 = {:?}", self.dg1).unwrap(); + writeln!(out, "dg1_padded_length = {}", self.dg1_padded_length).unwrap(); + writeln!(out, "current_date = {}", self.current_date).unwrap(); + writeln!(out, "min_age_required = {}", self.min_age_required).unwrap(); + writeln!(out, "max_age_required = {}", self.max_age_required).unwrap(); + writeln!(out, "\n[passport_validity_contents]").unwrap(); + + let pvc = &self.passport_validity_contents; + writeln!(out, "signed_attributes = {:?}", pvc.signed_attributes).unwrap(); + writeln!( + out, + "signed_attributes_size = {}", + pvc.signed_attributes_size + ) + .unwrap(); + writeln!(out, "econtent = {:?}", pvc.econtent).unwrap(); + writeln!(out, "econtent_len = {}", pvc.econtent_len).unwrap(); + writeln!(out, "dsc_signature = {:?}", pvc.dsc_signature).unwrap(); + writeln!(out, "dsc_rsa_exponent = {}", pvc.dsc_rsa_exponent).unwrap(); + writeln!(out, "dsc_pubkey = {:?}", pvc.dsc_pubkey).unwrap(); + writeln!(out, "dsc_barrett_mu = {:?}", pvc.dsc_barrett_mu).unwrap(); + writeln!(out, "csc_pubkey = {:?}", pvc.csc_pubkey).unwrap(); + writeln!(out, "csc_barrett_mu = {:?}", pvc.csc_barrett_mu).unwrap(); + writeln!(out, "dsc_cert_signature = {:?}", pvc.dsc_cert_signature).unwrap(); + writeln!(out, "csc_rsa_exponent = {}", pvc.csc_rsa_exponent).unwrap(); + writeln!(out, "dg1_hash_offset = {}", pvc.dg1_hash_offset).unwrap(); + writeln!(out, "econtent_hash_offset = {}", pvc.econtent_hash_offset).unwrap(); + writeln!( + out, + "dsc_pubkey_offset_in_dsc_cert = {}", + pvc.dsc_pubkey_offset_in_dsc_cert + ) + .unwrap(); + writeln!(out, "dsc_cert = {:?}", pvc.dsc_cert).unwrap(); + writeln!(out, "dsc_cert_len = {}", pvc.dsc_cert_len).unwrap(); + out + } + + pub fn save_to_toml_file>(&self, path: P) -> std::io::Result<()> { + std::fs::write(path, self.to_toml_string()) + } +} diff --git a/playground/passport-input-gen/src/main.rs b/playground/passport-input-gen/src/main.rs deleted file mode 100644 index de9922e09..000000000 --- a/playground/passport-input-gen/src/main.rs +++ /dev/null @@ -1,29 +0,0 @@ -pub mod constants; -pub mod crypto; -pub mod generator; -pub mod parser; -pub mod prover_config; - -use crate::generator::generate_age_testcases; - -fn main() { - println!("Generating age verification testcases..."); - - // Generate age testcases: below 18, exactly 18, above 18 (max age 70) - let testcases = generate_age_testcases(); - for (name, toml_content) in testcases { - let filename = format!("{}_Prover.toml", name); - let complete_age_check_path = format!( - "../../noir-examples/noir-passport-examples/complete_age_check/{}", - filename - ); - std::fs::write(&complete_age_check_path, toml_content) - .expect(&format!("Unable to write {}", complete_age_check_path)); - println!("Generated: {}", complete_age_check_path); - } - - println!("\nTestcases created:"); - println!("- below_18_Prover.toml (17 years old)"); - println!("- exactly_18_Prover.toml (18 years old)"); - println!("- above_18_Prover.toml (19 years old"); -} diff --git a/playground/passport-input-gen/src/mock_generator.rs b/playground/passport-input-gen/src/mock_generator.rs new file mode 100644 index 000000000..3b71269c0 --- /dev/null +++ b/playground/passport-input-gen/src/mock_generator.rs @@ -0,0 +1,185 @@ +use { + crate::parser::{ + binary::Binary, + dsc::{SubjectPublicKeyInfo, TbsCertificate, DSC}, + sod::SOD, + types::{ + DataGroupHashValues, DigestAlgorithm, EContent, EncapContentInfo, SignatureAlgorithm, + SignatureAlgorithmName, SignedAttrs, SignerIdentifier, SignerInfo, MAX_DG1_SIZE, + }, + }, + rsa::{ + pkcs1::EncodeRsaPublicKey, + pkcs1v15::SigningKey, + signature::{SignatureEncoding, Signer}, + RsaPrivateKey, RsaPublicKey, + }, + sha2::{Digest, Sha256}, + std::collections::HashMap, +}; + +/// Build a fake DG1 (MRZ) with given birthdate and expiry dates. +/// Birthdate and expiry are encoded as YYMMDD and inserted into the MRZ +/// positions. The rest of the bytes are filled with `<` characters and the +/// final two bytes are zeroed. +pub fn dg1_bytes_with_birthdate_expiry_date(birthdate: &[u8; 6], expiry: &[u8; 6]) -> Vec { + let mut dg1 = vec![b'<'; MAX_DG1_SIZE]; + let mrz_offset = 5; + dg1[mrz_offset + 57..mrz_offset + 57 + 6].copy_from_slice(birthdate); + dg1[mrz_offset + 65..mrz_offset + 65 + 6].copy_from_slice(expiry); + dg1[93] = 0; + dg1[94] = 0; + dg1 +} + +/// Generate a synthetic SOD structure for the given DG1 and key pairs. +#[allow(clippy::too_many_arguments)] +pub fn generate_fake_sod( + dg1: &[u8], + dsc_priv: &RsaPrivateKey, + dsc_pub: &RsaPublicKey, + csca_priv: &RsaPrivateKey, + _csca_pub: &RsaPublicKey, +) -> SOD { + // Hash DG1 and build eContent + let dg1_hash = Sha256::digest(dg1); + let econtent_bytes = dg1_hash.to_vec(); + let mut dg_map = HashMap::new(); + dg_map.insert(1u32, Binary::from_slice(&dg1_hash)); + let data_group_hashes = DataGroupHashValues { values: dg_map }; + let econtent = EContent { + version: 0, + hash_algorithm: DigestAlgorithm::SHA256, + data_group_hash_values: data_group_hashes, + bytes: Binary::from_slice(&econtent_bytes), + }; + let encap_content_info = EncapContentInfo { + e_content_type: "mRTDSignatureData".to_string(), + e_content: econtent, + }; + + // Hash eContent and build SignedAttributes + let econtent_hash = Sha256::digest(&econtent_bytes); + let signed_attr_bytes = econtent_hash.to_vec(); + let signed_attrs = SignedAttrs { + content_type: "data".to_string(), + message_digest: Binary::from_slice(&econtent_hash), + signing_time: None, + bytes: Binary::from_slice(&signed_attr_bytes), + }; + + // Sign SignedAttributes with DSC private key + let dsc_signer = SigningKey::::new(dsc_priv.clone()); + let dsc_signature = dsc_signer.sign(&signed_attr_bytes).to_bytes(); + let signer_info = SignerInfo { + version: 1, + signed_attrs, + digest_algorithm: DigestAlgorithm::SHA256, + signature_algorithm: SignatureAlgorithm { + name: SignatureAlgorithmName::Sha256WithRsaEncryption, + parameters: None, + }, + signature: Binary::from_slice(&dsc_signature), + sid: SignerIdentifier { + issuer_and_serial_number: None, + subject_key_identifier: None, + }, + }; + + // Build fake DSC certificate (TBS = DER of DSC public key) + let dsc_pub_der = dsc_pub.to_pkcs1_der().expect("pkcs1 der").to_vec(); + let tbs_bytes = dsc_pub_der.clone(); + + let csca_signer = SigningKey::::new(csca_priv.clone()); + let csca_signature = csca_signer.sign(&tbs_bytes).to_bytes(); + + let dsc_cert = DSC { + tbs: TbsCertificate { + version: 1, + serial_number: Binary::from_slice(&[1]), + signature_algorithm: SignatureAlgorithm { + name: SignatureAlgorithmName::Sha256WithRsaEncryption, + parameters: None, + }, + issuer: "CSCA".to_string(), + validity_not_before: "".to_string(), + validity_not_after: "".to_string(), + subject: "DSC".to_string(), + subject_public_key_info: SubjectPublicKeyInfo { + signature_algorithm: SignatureAlgorithm { + name: SignatureAlgorithmName::RsaEncryption, + parameters: None, + }, + subject_public_key: Binary::from_slice(&dsc_pub_der), + }, + issuer_unique_id: None, + subject_unique_id: None, + extensions: HashMap::new(), + bytes: Binary::from_slice(&tbs_bytes), + }, + signature_algorithm: SignatureAlgorithm { + name: SignatureAlgorithmName::Sha256WithRsaEncryption, + parameters: None, + }, + signature: Binary::from_slice(&csca_signature), + }; + + SOD { + version: 1, + digest_algorithms: vec![DigestAlgorithm::SHA256], + encap_content_info, + signer_info, + certificate: dsc_cert, + bytes: Binary::new(vec![]), + } +} + +#[cfg(test)] +mod tests { + use { + super::*, + crate::{ + mock_keys::{MOCK_CSCA_PRIV_KEY_B64, MOCK_DSC_PRIV_KEY_B64}, + PassportReader, + }, + base64::{engine::general_purpose::STANDARD, Engine as _}, + rsa::pkcs8::DecodePrivateKey, + }; + + fn load_csca_mock_private_key() -> RsaPrivateKey { + let der = STANDARD + .decode(MOCK_CSCA_PRIV_KEY_B64) + .expect("decode CSCA private key"); + RsaPrivateKey::from_pkcs8_der(&der).expect("CSCA key") + } + + fn load_dsc_mock_private_key() -> RsaPrivateKey { + let der = STANDARD + .decode(MOCK_DSC_PRIV_KEY_B64) + .expect("decode DSC private key"); + RsaPrivateKey::from_pkcs8_der(&der).expect("DSC key") + } + + #[test] + fn test_generate_and_validate_sod() { + let csca_priv = load_csca_mock_private_key(); + let csca_pub = csca_priv.to_public_key(); + let dsc_priv = load_dsc_mock_private_key(); + let dsc_pub = dsc_priv.to_public_key(); + + let dg1 = dg1_bytes_with_birthdate_expiry_date(b"070101", b"320101"); + let sod = generate_fake_sod(&dg1, &dsc_priv, &dsc_pub, &csca_priv, &csca_pub); + let reader = PassportReader { + dg1: Binary::from_slice(&dg1), + sod, + mockdata: true, + csca_pubkey: Some(csca_pub), + }; + assert!(reader.validate().is_ok()); + + let inputs = reader.to_circuit_inputs(20250101, 18, 70, 0); + let _toml_output = inputs.to_toml_string(); + + println!("{}", _toml_output); + } +} diff --git a/playground/passport-input-gen/src/mock_keys.rs b/playground/passport-input-gen/src/mock_keys.rs new file mode 100644 index 000000000..66940a486 --- /dev/null +++ b/playground/passport-input-gen/src/mock_keys.rs @@ -0,0 +1,81 @@ +pub const MOCK_CSCA_PRIV_KEY_B64: &str = concat!( + "MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC/ODQ6RGbtt6vD", + "VAsD6TPLSiUqRJgTmsCDE3HVfO/g4aVQf42ZjkMbUMOFcvBaucelyrBZRSRBaR5u", + "BNAM8oeKcABwFz//amVV5uPQyOlVnjnYxiB0BLUK0POXpZO7DoU9Hw+SoBBb3UFR", + "g036CAUe9G6LneT6LzYumeukyUA9q5gXc/2Phmpk3X58HZ5EqZkIhhON861nsIf4", + "s/5Ku1YvDMyAkS55POXZ3PeHup5FW4B0XJjpi/lqP8vZVnECTqX0VpjVpCQYs2RD", + "tkUeBYMLgdOrNO2UaMVrLEAm9PKqA7+2kYGl7NlhwEsR/v4hRM1GT4ZF9LAYhRNG", + "GKqhSKswkkuGdw0n2b0CrY2IsIzc5l6XtgR42idzIk6LZubj305IhTvggE9HQ4Wr", + "C0LIhRVMfX5v1B0HXAQFvSkVD2AfHOmcLP4veVJHhUUDh/ftHYxvAujIgepxkvOU", + "f+O3br5BXYi0aBF5LYDYwF9vSy+2YCl+ZCiBK5oO3MAIQC+ZAvSMMwTUafn/PI8C", + "PFawQf2EhVQ4pal5trDt0tF3/Ypff8JI+NRbV8utJlDeZaP8VrqPobhGGPjmxJ0j", + "zScxiAjMsHREpwEK2VLQ1xzn/MtG8D4E09GUjSz213CiFIFee+Z+gCEp53dAM/2m", + "kUAKno0rwRRFD8Iji+kc8KaDPbvxgQIDAQABAoICACOjf4RulDpw9YfZpZXshFU6", + "s/ONRkS9Hm0vlhNCjli85Xk71LHOZG52XoKEOgzGvFGHldeFfezdASljJz2KhD2G", + "g2ZgxvI9K7bXahVTJL3q2AAxaQIGkJF8ATJ9zytZWPbbz6S1xWbBtXdSQBm+Heo3", + "h1TpMDB61R/ZWyRix+DWlumkGhmCZVj4OSc7w/ArJdUDXCikRmjha24sadQW10i8", + "m27I4D8DXRl+R/oZi38Ev0uwqGU6y9kEG+Oda0GRU/fWnfSPe5TI9oJyOa6PO23N", + "HBy4KCF1Z3oCjNBV7dZHDZeixeWdX6SK2NL5Ufb0Ykfc8XsfUCS5xK5XUZHuv8zi", + "tgfTBESU1QQuh/Lpif/rQuAcSVsVpGtHZ5HjN/ZpOFoc0oJ4OtKLU80/02TNDKvF", + "GYzOsecJT6rvCmk88PD4//oaYEBIB+5bWasIqtmzgb1/QTMm5BHujhk46+YPaysY", + "Vy3eU5it0A0eh0clbwXLNTAjCbELBAuS5sQeOKBCr5hUoknvS65Ur7QSss+mdObN", + "HaHwvvPDAjkfJCrqUhwpiOI/293B3lMcWcXmQYx7XUCj7pJ9tbkd2xsifCPKbO28", + "GrUXeojdIwTEAa3AOMdNf6Ny9Q9OBNMBMheHsMPxykheMa+uKpsNjKsr+fDuIkZ6", + "aQ1uk6NVLHzUFWL8imS5AoIBAQDeFhOZuY5na35gdQLaoLn/WmKiiWjP3f1cY4Ji", + "/pm2YCNiFR3PylV0qo5KUN80fKaTWnDR/loXbn2ai3IHq75i9X4smNj6KM4dBrmR", + "NVYdVvQuMejZhdxbQGrmkxjpDRPWa1jBzCnAkfXvVUv5HS4iq2r2fOuqVquLkwSa", + "ERkwCSDTydlBD5KWEYnPv5dxldm4haMg3kPTd0tX82YLUrVRR3AkdtEvn9V6SbYM", + "8mUik5Y0kfIdYFNVtR6YrEbec0h/4pjyVMLpt0FNCXBrt9VT1WmLj0Y5mvHIm0sT", + "LZq7ZjxW1QTUHJpN+P4CbIHdTYnJNc5jA+5NT2sxQgTJ8HFNAoIBAQDca3gPsugy", + "XxOoW5Ijfg05xAN2pcIa9aMsYLuunn3MXFQUxWwVSweqMSANUMHfKxx7llaW7BPj", + "P2WZ9TT39fr5H8hQo6e/aAx9S7nS7FTz1YKF2maOeQrTHlGJBwibxxxfdy6+0Gm7", + "B+mALt/50n+kbncE9tWiWuw1voezDlctryxdh72qTUNSlM1vSSz4giHzKatcOFJB", + "iiJiG/MQUva9mxiyM0YmyUjdwUFOwqgRGrlPUi+M+LTkYrkk3DN+FxRlNT/OdcKf", + "5Mrcx7zmcKrlUI68iaTU8hq6k87J5/4BZ8PP8wqjqMGqYCYjrt5xZEFzFaQBd5GP", + "oWWHo05CYycFAoIBAQDDbjvrT81PltlL+kv7pepnGduoWjDgkuGslmibwp3zTiB0", + "5E4ql0uh8aBrJ0Vzw6k2DCUxtZkD+5gOEl3TAD/2hz9z8UEmyheulUdgz8Wq5eTU", + "bdkQ6eniZwprQtBt7LMjQa2GRKoNKqR36uCDJDmACsaCh6U+bSxiE4q+JQO8MJwx", + "ovNKfHCrHF3gciHLs2k3JmpJty2KffTQPYDzv+GM18eIXwJv3UAXb5wDQp7a0XMh", + "abjcPvK2fj6hbSCkCmCnIPkkbpBi6H9PUloagFf6gNdzFy5d7MqNlJJ5Gu2JsUqx", + "wpyQJ2dl7BFigqe43c29QVsP6NqgL54NZ6IdLjgVAoIBAHeWo0Q5N/ukVAEC9a3m", + "BPzzWUG1OzPvU8GPFiTufqgy67d9SV/gHl97Wb1/tEAFnuV6sq4dlci0q8Y1ILDr", + "t2gUk1UVBb02kZglTsOeT5UfoTpIPV5NU88pYulqdIQ4Ki+tdSI35zV/XHOcew6K", + "44/uEwsRdOUqWX/rSKqgPDJgGT0BmajdVIpoi3E2jXyi9hJ86CkXsaE3deIu8dhI", + "evByRprgcM44ZR1TbcByokbtbd8YYw4kHdjPq03RXuqpUPp8QoscnySrOFlC0T1h", + "oYbbByZJs7GJTXEvIoGvKcPPbZDUd1BGDhUHJ4oypSN2VoA/HIVjPwljcrd9pccl", + "DpUCggEBAJAYrxUnjLEnMArHfFNoQFeD0xZCCqyrhg5YYVvePD3QS7z2A5Z50uVL", + "4YaygyPYoSOZtBGiXKXebF6iIxHZv3fH95sd1UWU4UsqdH93TpQoxJVJ7xC8kRE/", + "t1qEx7QrxZ/lnGn9nIpNXmOkWBWS8hm17ChXjEpu9HfYeOJiCrrg2oukoeK5xCw3", + "QJGTINWrgTIfQ8ODvTtpDRQVTNrqpFJUwE8qhGV7GuFbBetRQX5fDDeKS/k8/1Gf", + "9mvZ6DI10/tRrf6kP7WqkxoEi0+xEYuvw4XlvhVFZUMtpvWazlWvQIMK7ibhVtvs", + "H+OeAUjqk4zLjY/dS6LoK6ouvEsT2xY=" +); + +pub const MOCK_DSC_PRIV_KEY_B64: &str = concat!( + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCQYBZiyhfuBrtT", + "9gqNlSc+ls8ZTP55n8EZEUDlcKqYXtTVBL8It+G41bXTZNI8mxoN2wt0VOwh1C8F", + "u+J4oTlhyPqui9irX7KUbQOJl/WONbH7SsoCnSE3Hr3v82W3K0T1xglabVltIWIg", + "rXnLAk9EloeeSEzfN0IeLSEQW5mef0DdH5fxXWnrmbCS3RTnjQKSTdEeWiEh6LCR", + "9OXdK2UK0jcyyGdXElI1wYJ8RWCzV/XLtc05Q7VQxjlll7NnyfM0RFt6idGNJ0RJ", + "9MjTfQKwDFBNUeGpItG71C84XNyfWeyFyNML7dmBc7/QJ8azEBw7eaAw71GQZqh6", + "njtTNlvTAgMBAAECggEAMDh3oZ1AKtcCwENAOROlHOl/2EJ4CCVMeFPj6f4cbHHY", + "AiHosD/CW1q9tRJKicWACTqs87jdeVsGLZMYTBQFN1zKJXw97Nc0rRBQCye+8zWJ", + "8ZWELSVQD7nr1HXl9iy0hqYTP6mgIavxu1pVgHGQCieAumQJkNBC/BM0pOMDRwVX", + "J7SyW8JdGW8tpKNoZd00iECvnLwjSJbe1Gzc9JfIbe4KG+J3lFX2GButvKpQR+sI", + "RqEJX5YaKQ+ck0xsYE+0XmrnNvO8UR2zqxORwonGVPFeeBUQUBzgZs3QlumTLLdD", + "WSllYrOj0NTkPEPpx3OeYAlnCTWPfYtlhiPFVM6QoQKBgQDGTXuCetOy3rXPltPA", + "hL7hlvW2FoynMCHQm+iCacbxfmItLe+acttOgHX1Jn+N+yoz08H5NQlBfgzsukqx", + "v0pHss9YDHboPXMZn/wWh9UyICaVm4u/pPF94fDX5dGZohhyS2V20TdIumTJI0Zn", + "UofXqeHK9kdpL3r+PxKJdyXF4wKBgQC6Ydf2uOaW8uxVbQBe3KD65XWmUUOibOFr", + "HvNhGzlaiRlXRIt6ETBg0HFXdk8FrGjXJyDABZdUDn1maWW7+vM8U/t3uv6y2QTY", + "BuxrEcfTkjRyLYc1B+7YVA4tOOfjVFWavHqOt5WXGWizjcHaX3+ahaSdeFqL3fIG", + "xZUsmIZ1UQKBgCyRM2XyxutXZFMgWbzV2LSIofZngPr+NUtWDt5oeX7C4bu3rDbx", + "A1rUQi5zlY1KWoTFXb3tboQamTsG70ydaktM446tVngBf4HN0/EYXBDk6ucKy1Cp", + "+GBLTD6pdv7pUEc3rLkUcjFVOtt9oxALm14b3xQnX4tDUYgcksT0UzfzAoGAEYwI", + "owfBXdC9A0Xh1Qx8c2KK8v+PmIkbp9QgIbJIcgeaRScE4pcfsN2u7gcLZYNX03mx", + "kaJ1HsrGb4/YrhvwLmvRrvIB7KCV3ii4tVPVNkv7eAxlQE7g46j2NLe4zSQxcwHv", + "n+QUx0bzHoRoDcET6F5Qoyqji6t3j7+mTa6GaiECgYEAro8UucwZXo8JRTXt5ylL", + "cwLA0O+U5dTwq2Pi9YcQ/pPHdqEMEp975QNcI9tmgSEBv+hppDC4ydgdGj1+pyTR", + "8nFvIYWjqcNAaxypyNladBlnsNpF0gby2BNAV4+HlprX5xFVzsgflHgB1SIHP4/Z", + "lxVcRfuIVt0q/b4RcHCPZZo=" +); diff --git a/playground/passport-input-gen/src/parser/mod.rs b/playground/passport-input-gen/src/parser/mod.rs index 8633bd12c..85a3ab3bd 100644 --- a/playground/passport-input-gen/src/parser/mod.rs +++ b/playground/passport-input-gen/src/parser/mod.rs @@ -1,346 +1,6 @@ -use { - crate::parser::{ - binary::Binary, - sod::SOD, - types::{ - PassportError, MAX_DG1_SIZE, MAX_ECONTENT_SIZE, MAX_SIGNED_ATTRIBUTES_SIZE, - MAX_TBS_SIZE, SIG_BYTES, - }, - utils::{find_offset, fit, load_csca_public_keys, to_fixed_array, to_u32}, - }, - base64::{engine::general_purpose::STANDARD, Engine as _}, - noir_bignum_paramgen::compute_barrett_reduction_parameter, - rsa::{ - pkcs1::DecodeRsaPublicKey, pkcs1v15::Pkcs1v15Sign, pkcs8::DecodePublicKey, - traits::PublicKeyParts, BigUint, RsaPublicKey, - }, - sha2::{Digest, Sha256}, - std::{fmt::Write as _, path::Path}, -}; - -mod binary; -mod dsc; +pub mod binary; +pub mod dsc; mod oid_registry; -mod sod; -mod types; -mod utils; - -/// Parsed passport data -pub struct PassportReader { - pub dg1: Binary, - pub sod: SOD, -} - -/// Circuit inputs for Noir -pub struct CircuitInputs { - pub dg1: [u8; MAX_DG1_SIZE], - pub dg1_padded_length: usize, - pub current_date: u64, - pub min_age_required: u8, - pub max_age_required: u8, - pub passport_validity_contents: PassportValidityContent, -} - -/// Extracted validity contents from SOD -pub struct PassportValidityContent { - pub signed_attributes: [u8; MAX_SIGNED_ATTRIBUTES_SIZE], - pub signed_attributes_size: usize, - pub econtent: [u8; MAX_ECONTENT_SIZE], - pub econtent_len: usize, - pub dsc_pubkey: [u8; SIG_BYTES], - pub dsc_barrett_mu: [u8; SIG_BYTES + 1], - pub dsc_signature: [u8; SIG_BYTES], - pub dsc_rsa_exponent: u32, - pub csc_pubkey: [u8; SIG_BYTES * 2], - pub csc_barrett_mu: [u8; (SIG_BYTES * 2) + 1], - pub dsc_cert_signature: [u8; SIG_BYTES * 2], - pub csc_rsa_exponent: u32, - pub dg1_hash_offset: usize, - pub econtent_hash_offset: usize, - pub dsc_pubkey_offset_in_dsc_cert: usize, - pub dsc_cert: [u8; MAX_TBS_SIZE], - pub dsc_cert_len: usize, -} - -impl PassportReader { - /// Extract SignedAttributes (padded + size) - fn extract_signed_attrs(&self) -> ([u8; MAX_SIGNED_ATTRIBUTES_SIZE], usize) { - let signed_attrs = self.sod.signer_info.signed_attrs.bytes.to_number_array(); - let size = signed_attrs.len(); - let padded = fit::(&signed_attrs); - (padded, size) - } - - /// Extract eContent (padded + size + raw bytes) - fn extract_econtent(&self) -> ([u8; MAX_ECONTENT_SIZE], usize, Vec) { - let econtent_bytes = self - .sod - .encap_content_info - .e_content - .bytes - .to_number_array(); - let len = econtent_bytes.len(); - let padded = fit::(&econtent_bytes); - (padded, len, econtent_bytes) - } - - /// Extract DSC public key, exponent, Barrett mu, and signature - fn extract_dsc(&self) -> ([u8; SIG_BYTES], u32, [u8; SIG_BYTES + 1], [u8; SIG_BYTES]) { - let der = self - .sod - .certificate - .tbs - .subject_public_key_info - .subject_public_key - .to_number_array(); - let pubkey = RsaPublicKey::from_pkcs1_der(&der).unwrap(); - - let modulus = to_fixed_array::(pubkey.n().to_bytes_be(), "DSC modulus"); - let exponent = to_u32(pubkey.e().to_bytes_be()); - let barrett = to_fixed_array::<{ SIG_BYTES + 1 }>( - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), - "DSC Barrett", - ); - let signature = to_fixed_array::( - self.sod.signer_info.signature.to_number_array(), - "DSC signature", - ); - - (modulus, exponent, barrett, signature) - } - - /// Extract CSCA public key, exponent, Barrett mu, and signature - fn extract_csca( - &self, - idx: usize, - ) -> ( - [u8; SIG_BYTES * 2], - u32, - [u8; SIG_BYTES * 2 + 1], - [u8; SIG_BYTES * 2], - ) { - let csca_keys = load_csca_public_keys().unwrap(); - let usa_csca = csca_keys.get("USA").unwrap(); - let der = STANDARD - .decode(usa_csca[idx].public_key.as_bytes()) - .unwrap(); - let pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); - - let modulus = to_fixed_array::<{ SIG_BYTES * 2 }>(pubkey.n().to_bytes_be(), "CSCA modulus"); - let exponent = to_u32(pubkey.e().to_bytes_be()); - let barrett = to_fixed_array::<{ SIG_BYTES * 2 + 1 }>( - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), - "CSCA Barrett", - ); - let signature = to_fixed_array::<{ SIG_BYTES * 2 }>( - self.sod.certificate.signature.to_number_array(), - "CSCA signature", - ); - - (modulus, exponent, barrett, signature) - } - - /// Extract DSC certificate (padded + len + offset of modulus inside cert) - fn extract_dsc_cert( - &self, - dsc_modulus: &[u8; SIG_BYTES], - ) -> ([u8; MAX_TBS_SIZE], usize, usize) { - let tbs_bytes = self.sod.certificate.tbs.bytes.to_number_array(); - let cert_len = tbs_bytes.len(); - let padded = fit::(&tbs_bytes); - let pubkey_offset = find_offset(&tbs_bytes, dsc_modulus, "DSC modulus in cert"); - (padded, cert_len, pubkey_offset) - } - /// Validate DG1, eContent, and signatures against DSC + CSCA - pub fn validate(&self) -> Result { - // 1. Check DG1 hash inside eContent - let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); - let dg1_from_econtent = self - .sod - .encap_content_info - .e_content - .data_group_hash_values - .values - .get(&1) - .expect("DG1 hash missing") - .to_number_array(); - - if dg1_from_econtent != dg1_hash.to_vec() { - return Err(PassportError::Dg1HashMismatch); - } - - // 2. Check hash(eContent) inside SignedAttributes - let econtent_hash = Sha256::digest( - &self - .sod - .encap_content_info - .e_content - .bytes - .to_number_array(), - ); - let mut msg_digest = self - .sod - .signer_info - .signed_attrs - .message_digest - .to_number_array(); - if msg_digest.len() > 2 && msg_digest[0] == 0x04 { - msg_digest = msg_digest[2..].to_vec(); - } - - if econtent_hash.as_slice() != msg_digest { - return Err(PassportError::EcontentHashMismatch); - } - - // 3. Verify SignedAttributes signature with DSC - let signed_attr_hash = - Sha256::digest(&self.sod.signer_info.signed_attrs.bytes.to_number_array()); - let dsc_pubkey_bytes = self - .sod - .certificate - .tbs - .subject_public_key_info - .subject_public_key - .to_number_array(); - let dsc_pubkey = RsaPublicKey::from_pkcs1_der(&dsc_pubkey_bytes).expect("Invalid DSC key"); - - let dsc_signature = self.sod.signer_info.signature.to_number_array(); - dsc_pubkey - .verify( - Pkcs1v15Sign::new::(), - &signed_attr_hash, - &dsc_signature, - ) - .map_err(|_| PassportError::DscSignatureInvalid)?; - - let all_csca = load_csca_public_keys().map_err(|_| PassportError::CscaKeysMissing)?; - let usa_csca = all_csca.get("USA").ok_or(PassportError::NoUsaCsca)?; - let tbs_bytes = &self.sod.certificate.tbs.bytes.to_number_array(); - let tbs_digest = Sha256::digest(tbs_bytes); - let csca_signature = &self.sod.certificate.signature.to_number_array(); - - for (i, csca) in usa_csca.iter().enumerate() { - let der = STANDARD.decode(csca.public_key.as_bytes()).unwrap(); - let csca_pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); - if csca_pubkey - .verify(Pkcs1v15Sign::new::(), &tbs_digest, csca_signature) - .is_ok() - { - return Ok(i); // Success, return CSCA index - } - } - - Err(PassportError::CscaSignatureInvalid) - } - - /// Convert to circuit inputs for Noir Circuits - pub fn to_circuit_inputs( - &self, - current_date: u64, - min_age_required: u8, - max_age_required: u8, - csca_key_index: usize, - ) -> CircuitInputs { - // === Step 1. DG1 === - let dg1_padded = fit::(&self.dg1.to_number_array()); - let dg1_len = self.dg1.len(); - - // === Step 2. SignedAttributes === - let (signed_attrs, signed_attributes_size) = self.extract_signed_attrs(); - - // === Step 3. eContent === - let (econtent, econtent_len, econtent_bytes) = self.extract_econtent(); - - // === Step 4. DSC === - let (dsc_modulus, dsc_exponent, dsc_barrett, dsc_signature) = self.extract_dsc(); - - // === Step 5. CSCA === - let (csca_modulus, csca_exponent, csca_barrett, csca_signature) = - self.extract_csca(csca_key_index); - - // === Step 6. Offsets === - let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); - let dg1_hash_offset = find_offset(&econtent_bytes, dg1_hash.as_slice(), "DG1 hash"); - - let econtent_hash = Sha256::digest(&econtent_bytes); - let econtent_hash_offset = - find_offset(&signed_attrs, econtent_hash.as_slice(), "eContent hash"); - - // === Step 7. DSC Certificate === - let (dsc_cert, dsc_cert_len, dsc_pubkey_offset) = self.extract_dsc_cert(&dsc_modulus); - - // === Step 8. Build CircuitInputs === - CircuitInputs { - dg1: dg1_padded, - dg1_padded_length: dg1_len, - current_date, - min_age_required, - max_age_required, - passport_validity_contents: PassportValidityContent { - signed_attributes: signed_attrs, - signed_attributes_size, - econtent, - econtent_len, - dsc_pubkey: dsc_modulus, - dsc_barrett_mu: dsc_barrett, - dsc_signature, - dsc_rsa_exponent: dsc_exponent, - csc_pubkey: csca_modulus, - csc_barrett_mu: csca_barrett, - dsc_cert_signature: csca_signature, - csc_rsa_exponent: csca_exponent, - dg1_hash_offset, - econtent_hash_offset, - dsc_pubkey_offset_in_dsc_cert: dsc_pubkey_offset, - dsc_cert, - dsc_cert_len, - }, - } - } -} - -impl CircuitInputs { - pub fn to_toml_string(&self) -> String { - let mut out = String::new(); - writeln!(out, "dg1 = {:?}", self.dg1).unwrap(); - writeln!(out, "dg1_padded_length = {}", self.dg1_padded_length).unwrap(); - writeln!(out, "current_date = {}", self.current_date).unwrap(); - writeln!(out, "min_age_required = {}", self.min_age_required).unwrap(); - writeln!(out, "max_age_required = {}", self.max_age_required).unwrap(); - writeln!(out, "\n[passport_validity_contents]").unwrap(); - - let pvc = &self.passport_validity_contents; - writeln!(out, "signed_attributes = {:?}", pvc.signed_attributes).unwrap(); - writeln!( - out, - "signed_attributes_size = {}", - pvc.signed_attributes_size - ) - .unwrap(); - writeln!(out, "econtent = {:?}", pvc.econtent).unwrap(); - writeln!(out, "econtent_len = {}", pvc.econtent_len).unwrap(); - writeln!(out, "dsc_signature = {:?}", pvc.dsc_signature).unwrap(); - writeln!(out, "dsc_rsa_exponent = {}", pvc.dsc_rsa_exponent).unwrap(); - writeln!(out, "dsc_pubkey = {:?}", pvc.dsc_pubkey).unwrap(); - writeln!(out, "dsc_barrett_mu = {:?}", pvc.dsc_barrett_mu).unwrap(); - writeln!(out, "csc_pubkey = {:?}", pvc.csc_pubkey).unwrap(); - writeln!(out, "csc_barrett_mu = {:?}", pvc.csc_barrett_mu).unwrap(); - writeln!(out, "dsc_cert_signature = {:?}", pvc.dsc_cert_signature).unwrap(); - writeln!(out, "csc_rsa_exponent = {}", pvc.csc_rsa_exponent).unwrap(); - writeln!(out, "dg1_hash_offset = {}", pvc.dg1_hash_offset).unwrap(); - writeln!(out, "econtent_hash_offset = {}", pvc.econtent_hash_offset).unwrap(); - writeln!( - out, - "dsc_pubkey_offset_in_dsc_cert = {}", - pvc.dsc_pubkey_offset_in_dsc_cert - ) - .unwrap(); - writeln!(out, "dsc_cert = {:?}", pvc.dsc_cert).unwrap(); - writeln!(out, "dsc_cert_len = {}", pvc.dsc_cert_len).unwrap(); - out - } - - pub fn save_to_toml_file>(&self, path: P) -> std::io::Result<()> { - std::fs::write(path, self.to_toml_string()) - } -} +pub mod sod; +pub mod types; +pub mod utils; diff --git a/playground/passport-input-gen/src/parser/utils.rs b/playground/passport-input-gen/src/parser/utils.rs index d3022895b..7fc0eafc3 100644 --- a/playground/passport-input-gen/src/parser/utils.rs +++ b/playground/passport-input-gen/src/parser/utils.rs @@ -1,7 +1,7 @@ use { crate::parser::binary::Binary, serde::Deserialize, - std::{collections::HashMap, fs}, + std::{cell::RefCell, collections::HashMap, fs}, }; #[derive(Debug)] @@ -65,9 +65,20 @@ pub struct CscaKey { pub serial: String, } +thread_local! { + static CSCA_JSON_PATH: RefCell> = RefCell::new(None); +} + +pub fn set_csca_json_path(path: Option) { + CSCA_JSON_PATH.with(|p| *p.borrow_mut() = path); +} + pub fn load_csca_public_keys() -> Result>, Box> { - let file_content = fs::read_to_string("csca_registry/csca_public_key.json")?; + let path = CSCA_JSON_PATH + .with(|p| p.borrow().clone()) + .unwrap_or_else(|| "csca_registry/csca_public_key.json".to_string()); + let file_content = fs::read_to_string(path)?; let csca_keys: HashMap> = serde_json::from_str(&file_content)?; Ok(csca_keys) } diff --git a/playground/passport-input-gen/src/prover_config.rs b/playground/passport-input-gen/src/prover_config.rs deleted file mode 100644 index 09f0780dc..000000000 --- a/playground/passport-input-gen/src/prover_config.rs +++ /dev/null @@ -1,115 +0,0 @@ -use { - crate::{ - constants::{ - CSC_PUBKEY, CSC_PUBKEY_MU, DSC_CERT, DSC_CERT_SIGNATURE_BYTES, DSC_MU_BYTES, - DSC_P_BYTES, DSC_Q_BYTES, DSC_RSA_PUBKEY_BYTES, PASSPORT_SOD_SIZE, SOD_CERT_SIZE, - }, - crypto::generate_rsa_signature_pkcs_from_priv_key, - }, - std::iter::repeat_n, -}; - -/// Assuming here that we use all the RSA keys from `zkpassport_constants`. -/// This essentially generates the struct `PassportValidityContents`. -pub fn generate_passport_validity_contents_prover_toml( - passport_sod: &[u8; 700], - sod_cert: &[u8; 200], - sod_cert_signature_bytes: &[u8; 256], -) -> String { - let mut prover_toml_str = String::from("[passport_validity_contents]\n\n"); - - // --- Purely passport DG1/SOD stuff --- - prover_toml_str += &format!("passport_sod = {:?}\n\n", passport_sod); - prover_toml_str += &format!("passport_sod_size = {:?}\n\n", PASSPORT_SOD_SIZE); - - // --- DSC signature over signed attributes stuff --- - prover_toml_str += &format!("sod_cert = {:?}\n\n", sod_cert); - prover_toml_str += &format!("sod_cert_size = {:?}\n\n", SOD_CERT_SIZE); - - prover_toml_str += &format!("dsc_pubkey = {:?}\n\n", DSC_RSA_PUBKEY_BYTES); - prover_toml_str += &format!("dsc_barrett_mu = {:?}\n\n", DSC_MU_BYTES); - - prover_toml_str += &format!("sod_cert_signature = {:?}\n\n", sod_cert_signature_bytes); - prover_toml_str += &format!("dsc_rsa_exponent = {:?}\n\n", 65537); - - // --- CSC signature over DSC cert stuff --- - prover_toml_str += &format!("dsc_pubkey_offset_in_dsc_cert = {:?}\n\n", 0); - prover_toml_str += &format!("dsc_cert = {:?}\n\n", DSC_CERT); - prover_toml_str += &format!("dsc_cert_len = {:?}\n\n", 256); - prover_toml_str += &format!("csc_pubkey = {:?}\n\n", CSC_PUBKEY); - prover_toml_str += &format!("csc_barrett_mu = {:?}\n\n", CSC_PUBKEY_MU); - prover_toml_str += &format!("dsc_cert_signature = {:?}\n\n", DSC_CERT_SIGNATURE_BYTES); - prover_toml_str += &format!("csc_rsa_exponent = {:?}\n\n", 65537); - - prover_toml_str -} - -/// Note: both `birthdate_bytes` and `expiry_bytes` are in the form "YYMMDD". -pub fn dg1_bytes_with_birthdate_expiry_date( - birthdate_bytes: &[u8; 6], - expiry_bytes: &[u8; 6], -) -> [u8; 95] { - let mut dg1_bytes = [1; 95]; - - // From Noir (we should double-check this with an actual passport): - // MRZ offset within DG1 is 5 - // Birthdate offset within MRZ is 57, with 6 bytes allocated - dg1_bytes[57 + 5..57 + 5 + 6].copy_from_slice(birthdate_bytes); - - // Expiry offset within MRZ is 65, with 6 bytes allocated - dg1_bytes[65 + 5..65 + 5 + 6].copy_from_slice(expiry_bytes); - - // Set final two bytes to be zero - dg1_bytes[93..].copy_from_slice(&[0, 0]); - - dg1_bytes -} - -/// Note: `current_date` format should be "YYYYMMDD" -pub fn generate_prover_toml_string_from_custom_dg1_date_and_required_age( - custom_dg1_bytes: &[u8; 95], - min_age_required: u8, - max_age_required: u8, - current_date: u64, -) -> String { - use sha2::{Digest, Sha256}; - - // Next, compute SHA-256 digest of this - let sha256_digest = Sha256::digest(custom_dg1_bytes); - - let passport_sod: Vec = sha256_digest - .into_iter() - .chain(repeat_n(0, 700 - 32)) - .collect(); - - let passport_sod_hash = Sha256::digest(&passport_sod); - let passport_signed_attributes: Vec = passport_sod_hash - .into_iter() - .chain(repeat_n(0, 200 - 32)) - .collect(); - - // Next, generate signature of the signed attributes - let passport_signed_attributes_signature_bytes = generate_rsa_signature_pkcs_from_priv_key( - &DSC_P_BYTES, - &DSC_Q_BYTES, - &passport_signed_attributes, - ); - - let mut prover_toml_str = format!("dg1_hash_offset_in_sod = {:?}\n\n", 0); - prover_toml_str += &format!("dg1 = {:?}\n\n", custom_dg1_bytes); - prover_toml_str += &format!("min_age_required = {:?}\n\n", min_age_required); - prover_toml_str += &format!("max_age_required = {:?}\n\n", max_age_required); - prover_toml_str += &format!("current_date = {:?}\n\n", current_date); - - // The DSC_CERT and everything afterwards should be deterministic, since - // we are not changing the DSC_KEY. - prover_toml_str += &generate_passport_validity_contents_prover_toml( - &passport_sod.try_into().unwrap(), - &passport_signed_attributes.try_into().unwrap(), - &passport_signed_attributes_signature_bytes - .try_into() - .unwrap(), - ); - - prover_toml_str -} From 8bcb710db0cb5f69c2516690e1aac5dc3dfb720e Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Mon, 15 Sep 2025 15:24:41 +0530 Subject: [PATCH 07/10] fix: timestamp --- playground/passport-input-gen/src/mock_generator.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/playground/passport-input-gen/src/mock_generator.rs b/playground/passport-input-gen/src/mock_generator.rs index 3b71269c0..17fcc22f3 100644 --- a/playground/passport-input-gen/src/mock_generator.rs +++ b/playground/passport-input-gen/src/mock_generator.rs @@ -143,6 +143,7 @@ mod tests { PassportReader, }, base64::{engine::general_purpose::STANDARD, Engine as _}, + chrono::{Date, Utc}, rsa::pkcs8::DecodePrivateKey, }; @@ -177,7 +178,10 @@ mod tests { }; assert!(reader.validate().is_ok()); - let inputs = reader.to_circuit_inputs(20250101, 18, 70, 0); + let current_date = Utc::now(); + let current_timestamp = current_date.timestamp() as u64; + + let inputs = reader.to_circuit_inputs(current_timestamp, 18, 70, 0); let _toml_output = inputs.to_toml_string(); println!("{}", _toml_output); From 9fb942d572829d9128bf3a53c65677a80fb4614e Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Wed, 17 Sep 2025 14:22:10 +0530 Subject: [PATCH 08/10] chore: updated with important oid --- .../src/parser/oid_registry.rs | 2924 ++--------------- 1 file changed, 197 insertions(+), 2727 deletions(-) diff --git a/playground/passport-input-gen/src/parser/oid_registry.rs b/playground/passport-input-gen/src/parser/oid_registry.rs index 54cc6fb70..684dd4c39 100644 --- a/playground/passport-input-gen/src/parser/oid_registry.rs +++ b/playground/passport-input-gen/src/parser/oid_registry.rs @@ -1,2731 +1,201 @@ -// rust-analyzer: ignore - use {crate::parser::utils::OidEntry, std::collections::HashMap}; -#[rustfmt::skip] +/// Returns a lookup table for the Object Identifiers that are relevant to the +/// passport input generator. +/// +/// The previous version of this registry tried to mirror a “complete” OID +/// catalogue. That was hard to maintain and pulled in thousands of identifiers +/// that are never touched by the parser. The routines that consume this +/// registry only require a small set of entries to render human readable names +/// for: +/// +/// * CMS signed attributes that appear in SOD files (content type, message +/// digest, signing time). +/// * The hash algorithms that are supported by the parser (SHA-* family). +/// * Common X.509 RDN attributes so that certificate issuers/subjects remain +/// readable. +/// * Frequently used X.509 extensions such as key usage and authority key +/// identifiers. +/// * ICAO MRTD specific identifiers (e.g. `mRTDSignatureData`). +/// +/// Keeping the list focused makes it clear which identifiers we rely on and +/// avoids carrying around a huge hard-coded list that is difficult to audit. pub fn load_oids() -> HashMap<&'static str, OidEntry> { - let mut oids = HashMap::new(); - oids.insert("0.2.262.1.10", OidEntry { d: "Telesec", c: "Deutsche Telekom", w: false }); - oids.insert("0.2.262.1.10.0", OidEntry { d: "extension", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.1", OidEntry { d: "mechanism", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.1.0", OidEntry { d: "authentication", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.0.1", OidEntry { d: "passwordAuthentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.2", OidEntry { d: "protectedPasswordAuthentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.3", OidEntry { d: "oneWayX509Authentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.4", OidEntry { d: "twoWayX509Authentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.5", OidEntry { d: "threeWayX509Authentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.6", OidEntry { d: "oneWayISO9798Authentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.7", OidEntry { d: "twoWayISO9798Authentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.0.8", OidEntry { d: "telekomAuthentication", c: "Telesec authentication", w: false }); - oids.insert("0.2.262.1.10.1.1", OidEntry { d: "signature", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.1.1", OidEntry { d: "md4WithRSAAndISO9697", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.1.2", OidEntry { d: "md4WithRSAAndTelesecSignatureStandard", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.1.3", OidEntry { d: "md5WithRSAAndISO9697", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.1.4", OidEntry { d: "md5WithRSAAndTelesecSignatureStandard", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.1.5", OidEntry { d: "ripemd160WithRSAAndTelekomSignatureStandard", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.1.9", OidEntry { d: "hbciRsaSignature", c: "Telesec signature", w: false }); - oids.insert("0.2.262.1.10.1.2", OidEntry { d: "encryption", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.2.0", OidEntry { d: "none", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.1", OidEntry { d: "rsaTelesec", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.2", OidEntry { d: "des", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.2.1", OidEntry { d: "desECB", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.2.2", OidEntry { d: "desCBC", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.2.3", OidEntry { d: "desOFB", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.2.4", OidEntry { d: "desCFB8", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.2.5", OidEntry { d: "desCFB64", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.3", OidEntry { d: "des3", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.3.1", OidEntry { d: "des3ECB", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.3.2", OidEntry { d: "des3CBC", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.3.3", OidEntry { d: "des3OFB", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.3.4", OidEntry { d: "des3CFB8", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.3.5", OidEntry { d: "des3CFB64", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.4", OidEntry { d: "magenta", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.5", OidEntry { d: "idea", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.5.1", OidEntry { d: "ideaECB", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.5.2", OidEntry { d: "ideaCBC", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.5.3", OidEntry { d: "ideaOFB", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.5.4", OidEntry { d: "ideaCFB8", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.2.5.5", OidEntry { d: "ideaCFB64", c: "Telesec encryption", w: false }); - oids.insert("0.2.262.1.10.1.3", OidEntry { d: "oneWayFunction", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.3.1", OidEntry { d: "md4", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.2", OidEntry { d: "md5", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.3", OidEntry { d: "sqModNX509", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.4", OidEntry { d: "sqModNISO", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.5", OidEntry { d: "ripemd128", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.6", OidEntry { d: "hashUsingBlockCipher", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.7", OidEntry { d: "mac", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.3.8", OidEntry { d: "ripemd160", c: "Telesec one-way function", w: false }); - oids.insert("0.2.262.1.10.1.4", OidEntry { d: "fecFunction", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.1.4.1", OidEntry { d: "reedSolomon", c: "Telesec mechanism", w: false }); - oids.insert("0.2.262.1.10.2", OidEntry { d: "module", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.2.0", OidEntry { d: "algorithms", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.1", OidEntry { d: "attributeTypes", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.2", OidEntry { d: "certificateTypes", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.3", OidEntry { d: "messageTypes", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.4", OidEntry { d: "plProtocol", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.5", OidEntry { d: "smeAndComponentsOfSme", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.6", OidEntry { d: "fec", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.7", OidEntry { d: "usefulDefinitions", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.8", OidEntry { d: "stefiles", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.9", OidEntry { d: "sadmib", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.10", OidEntry { d: "electronicOrder", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.11", OidEntry { d: "telesecTtpAsymmetricApplication", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.12", OidEntry { d: "telesecTtpBasisApplication", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.13", OidEntry { d: "telesecTtpMessages", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.2.14", OidEntry { d: "telesecTtpTimeStampApplication", c: "Telesec module", w: false }); - oids.insert("0.2.262.1.10.3", OidEntry { d: "objectClass", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.3.0", OidEntry { d: "telesecOtherName", c: "Telesec object class", w: false }); - oids.insert("0.2.262.1.10.3.1", OidEntry { d: "directory", c: "Telesec object class", w: false }); - oids.insert("0.2.262.1.10.3.2", OidEntry { d: "directoryType", c: "Telesec object class", w: false }); - oids.insert("0.2.262.1.10.3.3", OidEntry { d: "directoryGroup", c: "Telesec object class", w: false }); - oids.insert("0.2.262.1.10.3.4", OidEntry { d: "directoryUser", c: "Telesec object class", w: false }); - oids.insert("0.2.262.1.10.3.5", OidEntry { d: "symmetricKeyEntry", c: "Telesec object class", w: false }); - oids.insert("0.2.262.1.10.4", OidEntry { d: "package", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.5", OidEntry { d: "parameter", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.6", OidEntry { d: "nameBinding", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.7", OidEntry { d: "attribute", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.7.0", OidEntry { d: "applicationGroupIdentifier", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.1", OidEntry { d: "certificateType", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.2", OidEntry { d: "telesecCertificate", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.3", OidEntry { d: "certificateNumber", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.4", OidEntry { d: "certificateRevocationList", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.5", OidEntry { d: "creationDate", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.6", OidEntry { d: "issuer", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.7", OidEntry { d: "namingAuthority", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.8", OidEntry { d: "publicKeyDirectory", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.9", OidEntry { d: "securityDomain", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.10", OidEntry { d: "subject", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.11", OidEntry { d: "timeOfRevocation", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.12", OidEntry { d: "userGroupReference", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.13", OidEntry { d: "validity", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.14", OidEntry { d: "zert93", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.15", OidEntry { d: "securityMessEnv", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.16", OidEntry { d: "anonymizedPublicKeyDirectory", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.17", OidEntry { d: "telesecGivenName", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.18", OidEntry { d: "nameAdditions", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.19", OidEntry { d: "telesecPostalCode", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.20", OidEntry { d: "nameDistinguisher", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.21", OidEntry { d: "telesecCertificateList", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.22", OidEntry { d: "teletrustCertificateList", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.23", OidEntry { d: "x509CertificateList", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.24", OidEntry { d: "timeOfIssue", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.25", OidEntry { d: "physicalCardNumber", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.26", OidEntry { d: "fileType", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.27", OidEntry { d: "ctlFileIsArchive", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.28", OidEntry { d: "emailAddress", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.29", OidEntry { d: "certificateTemplateList", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.30", OidEntry { d: "directoryName", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.31", OidEntry { d: "directoryTypeName", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.32", OidEntry { d: "directoryGroupName", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.33", OidEntry { d: "directoryUserName", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.34", OidEntry { d: "revocationFlag", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.35", OidEntry { d: "symmetricKeyEntryName", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.36", OidEntry { d: "glNumber", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.37", OidEntry { d: "goNumber", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.38", OidEntry { d: "gKeyData", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.39", OidEntry { d: "zKeyData", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.40", OidEntry { d: "ktKeyData", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.41", OidEntry { d: "ktKeyNumber", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.51", OidEntry { d: "timeOfRevocationGen", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.7.52", OidEntry { d: "liabilityText", c: "Telesec attribute", w: false }); - oids.insert("0.2.262.1.10.8", OidEntry { d: "attributeGroup", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.9", OidEntry { d: "action", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.10", OidEntry { d: "notification", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.11", OidEntry { d: "snmp-mibs", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.11.1", OidEntry { d: "securityApplication", c: "Telesec SNMP MIBs", w: false }); - oids.insert("0.2.262.1.10.12", OidEntry { d: "certAndCrlExtensionDefinitions", c: "Telesec", w: false }); - oids.insert("0.2.262.1.10.12.0", OidEntry { d: "liabilityLimitationFlag", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.2.262.1.10.12.1", OidEntry { d: "telesecCertIdExt", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.2.262.1.10.12.2", OidEntry { d: "Telesec policyIdentifier", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.2.262.1.10.12.3", OidEntry { d: "telesecPolicyQualifierID", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.2.262.1.10.12.4", OidEntry { d: "telesecCRLFilteredExt", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.2.262.1.10.12.5", OidEntry { d: "telesecCRLFilterExt", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.2.262.1.10.12.6", OidEntry { d: "telesecNamingAuthorityExt", c: "Telesec cert/CRL extension", w: false }); - oids.insert("0.4.0.127.0.7", OidEntry { d: "bsi", c: "BSI TR-03110/TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1", OidEntry { d: "bsiEcc", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1", OidEntry { d: "bsifieldType", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.1", OidEntry { d: "bsiPrimeField", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2", OidEntry { d: "bsiCharacteristicTwoField", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2.2", OidEntry { d: "bsiECTLVKeyFormat", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2.2.1", OidEntry { d: "bsiECTLVPublicKey", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2.3", OidEntry { d: "bsiCharacteristicTwoBasis", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2.3.1", OidEntry { d: "bsiGnBasis", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2.3.2", OidEntry { d: "bsiTpBasis", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.2.3.3", OidEntry { d: "bsiPpBasis", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1", OidEntry { d: "bsiEcdsaSignatures", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1.1", OidEntry { d: "bsiEcdsaWithSHA1", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1.2", OidEntry { d: "bsiEcdsaWithSHA224", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1.3", OidEntry { d: "bsiEcdsaWithSHA256", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1.4", OidEntry { d: "bsiEcdsaWithSHA384", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1.5", OidEntry { d: "bsiEcdsaWithSHA512", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.4.1.6", OidEntry { d: "bsiEcdsaWithRIPEMD160", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1", OidEntry { d: "bsiEckaEgX963KDF", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1.1", OidEntry { d: "bsiEckaEgX963KDFWithSHA1", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1.2", OidEntry { d: "bsiEckaEgX963KDFWithSHA224", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1.3", OidEntry { d: "bsiEckaEgX963KDFWithSHA256", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1.4", OidEntry { d: "bsiEckaEgX963KDFWithSHA384", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1.5", OidEntry { d: "bsiEckaEgX963KDFWithSHA512", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.1.6", OidEntry { d: "bsiEckaEgX963KDFWithRIPEMD160", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.2", OidEntry { d: "bsiEckaEgSessionKDF", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.2.1", OidEntry { d: "bsiEckaEgSessionKDFWith3DES", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.2.2", OidEntry { d: "bsiEckaEgSessionKDFWithAES128", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.2.3", OidEntry { d: "bsiEckaEgSessionKDFWithAES192", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.1.2.4", OidEntry { d: "bsiEckaEgSessionKDFWithAES256", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2", OidEntry { d: "bsiEckaDH", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1", OidEntry { d: "bsiEckaDHX963KDF", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1.1", OidEntry { d: "bsiEckaDHX963KDFWithSHA1", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1.2", OidEntry { d: "bsiEckaDHX963KDFWithSHA224", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1.3", OidEntry { d: "bsiEckaDHX963KDFWithSHA256", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1.4", OidEntry { d: "bsiEckaDHX963KDFWithSHA384", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1.5", OidEntry { d: "bsiEckaDHX963KDFWithSHA512", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.1.6", OidEntry { d: "bsiEckaDHX963KDFWithRIPEMD160", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.2", OidEntry { d: "bsiEckaDHSessionKDF", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.2.1", OidEntry { d: "bsiEckaDHSessionKDFWith3DES", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.2.2", OidEntry { d: "bsiEckaDHSessionKDFWithAES128", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.2.3", OidEntry { d: "bsiEckaDHSessionKDFWithAES192", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.1.5.2.2.4", OidEntry { d: "bsiEckaDHSessionKDFWithAES256", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.2", OidEntry { d: "bsiEcKeyType", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.2.1", OidEntry { d: "bsiEcPublicKey", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.5.1", OidEntry { d: "bsiKaeg", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.5.1.1", OidEntry { d: "bsiKaegWithX963KDF", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.1.5.1.2", OidEntry { d: "bsiKaegWith3DESKDF", c: "BSI TR-03111", w: false }); - oids.insert("0.4.0.127.0.7.2.2.1", OidEntry { d: "bsiPK", c: "BSI TR-03110. Formerly known as bsiCA, now moved to ...2.2.3.x", w: false }); - oids.insert("0.4.0.127.0.7.2.2.1.1", OidEntry { d: "bsiPK_DH", c: "BSI TR-03110. Formerly known as bsiCA_DH, now moved to ...2.2.3.x", w: false }); - oids.insert("0.4.0.127.0.7.2.2.1.2", OidEntry { d: "bsiPK_ECDH", c: "BSI TR-03110. Formerly known as bsiCA_ECDH, now moved to ...2.2.3.x", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2", OidEntry { d: "bsiTA", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1", OidEntry { d: "bsiTA_RSA", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1.1", OidEntry { d: "bsiTA_RSAv1_5_SHA1", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1.2", OidEntry { d: "bsiTA_RSAv1_5_SHA256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1.3", OidEntry { d: "bsiTA_RSAPSS_SHA1", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1.4", OidEntry { d: "bsiTA_RSAPSS_SHA256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1.5", OidEntry { d: "bsiTA_RSAv1_5_SHA512", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.1.6", OidEntry { d: "bsiTA_RSAPSS_SHA512", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.2", OidEntry { d: "bsiTA_ECDSA", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.2.1", OidEntry { d: "bsiTA_ECDSA_SHA1", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.2.2", OidEntry { d: "bsiTA_ECDSA_SHA224", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.2.3", OidEntry { d: "bsiTA_ECDSA_SHA256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.2.4", OidEntry { d: "bsiTA_ECDSA_SHA384", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.2.2.5", OidEntry { d: "bsiTA_ECDSA_SHA512", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3", OidEntry { d: "bsiCA", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.1", OidEntry { d: "bsiCA_DH", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.1.1", OidEntry { d: "bsiCA_DH_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.1.2", OidEntry { d: "bsiCA_DH_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.1.3", OidEntry { d: "bsiCA_DH_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.1.4", OidEntry { d: "bsiCA_DH_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.2", OidEntry { d: "bsiCA_ECDH", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.2.1", OidEntry { d: "bsiCA_ECDH_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.2.2", OidEntry { d: "bsiCA_ECDH_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.2.3", OidEntry { d: "bsiCA_ECDH_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.3.2.4", OidEntry { d: "bsiCA_ECDH_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4", OidEntry { d: "bsiPACE", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.1", OidEntry { d: "bsiPACE_DH_GM", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.1.1", OidEntry { d: "bsiPACE_DH_GM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.1.2", OidEntry { d: "bsiPACE_DH_GM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.1.3", OidEntry { d: "bsiPACE_DH_GM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.1.4", OidEntry { d: "bsiPACE_DH_GM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.2", OidEntry { d: "bsiPACE_ECDH_GM", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.2.1", OidEntry { d: "bsiPACE_ECDH_GM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.2.2", OidEntry { d: "bsiPACE_ECDH_GM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.2.3", OidEntry { d: "bsiPACE_ECDH_GM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.2.4", OidEntry { d: "bsiPACE_ECDH_GM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.3", OidEntry { d: "bsiPACE_DH_IM", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.3.1", OidEntry { d: "bsiPACE_DH_IM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.3.2", OidEntry { d: "bsiPACE_DH_IM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.3.3", OidEntry { d: "bsiPACE_DH_IM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.3.4", OidEntry { d: "bsiPACE_DH_IM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.4", OidEntry { d: "bsiPACE_ECDH_IM", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.4.1", OidEntry { d: "bsiPACE_ECDH_IM_3DES_CBC_CBC", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.4.2", OidEntry { d: "bsiPACE_ECDH_IM_AES_CBC_CMAC_128", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.4.3", OidEntry { d: "bsiPACE_ECDH_IM_AES_CBC_CMAC_192", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.4.4.4", OidEntry { d: "bsiPACE_ECDH_IM_AES_CBC_CMAC_256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5", OidEntry { d: "bsiRI", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.1", OidEntry { d: "bsiRI_DH", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.1.1", OidEntry { d: "bsiRI_DH_SHA1", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.1.2", OidEntry { d: "bsiRI_DH_SHA224", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.1.3", OidEntry { d: "bsiRI_DH_SHA256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.1.4", OidEntry { d: "bsiRI_DH_SHA384", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.1.5", OidEntry { d: "bsiRI_DH_SHA512", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.2", OidEntry { d: "bsiRI_ECDH", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.2.1", OidEntry { d: "bsiRI_ECDH_SHA1", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.2.2", OidEntry { d: "bsiRI_ECDH_SHA224", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.2.3", OidEntry { d: "bsiRI_ECDH_SHA256", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.2.4", OidEntry { d: "bsiRI_ECDH_SHA384", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.5.2.5", OidEntry { d: "bsiRI_ECDH_SHA512", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.6", OidEntry { d: "bsiCardInfo", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.7", OidEntry { d: "bsiEidSecurity", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.2.2.8", OidEntry { d: "bsiPT", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.2", OidEntry { d: "bsiEACRoles", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.2.1", OidEntry { d: "bsiEACRolesIS", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.2.2", OidEntry { d: "bsiEACRolesAT", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.2.3", OidEntry { d: "bsiEACRolesST", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.3", OidEntry { d: "bsiTAv2ce", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.3.1", OidEntry { d: "bsiTAv2ceDescription", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.3.1.1", OidEntry { d: "bsiTAv2ceDescriptionPlainText", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.3.1.2", OidEntry { d: "bsiTAv2ceDescriptionIA5String", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.3.1.3", OidEntry { d: "bsiTAv2ceDescriptionOctetString", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.3.2", OidEntry { d: "bsiTAv2ceTerminalSector", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.4", OidEntry { d: "bsiAuxData", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.4.1", OidEntry { d: "bsiAuxDataBirthday", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.4.2", OidEntry { d: "bsiAuxDataExpireDate", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.4.3", OidEntry { d: "bsiAuxDataCommunityID", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5", OidEntry { d: "bsiDefectList", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.1", OidEntry { d: "bsiDefectAuthDefect", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.1.1", OidEntry { d: "bsiDefectCertRevoked", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.1.2", OidEntry { d: "bsiDefectCertReplaced", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.1.3", OidEntry { d: "bsiDefectChipAuthKeyRevoked", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.1.4", OidEntry { d: "bsiDefectActiveAuthKeyRevoked", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.2", OidEntry { d: "bsiDefectEPassportDefect", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.2.1", OidEntry { d: "bsiDefectEPassportDGMalformed", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.2.2", OidEntry { d: "bsiDefectSODInvalid", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.3", OidEntry { d: "bsiDefectEIDDefect", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.3.1", OidEntry { d: "bsiDefectEIDDGMalformed", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.3.2", OidEntry { d: "bsiDefectEIDIntegrity", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.4", OidEntry { d: "bsiDefectDocumentDefect", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.4.1", OidEntry { d: "bsiDefectCardSecurityMalformed", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.4.2", OidEntry { d: "bsiDefectChipSecurityMalformed", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.5.4.3", OidEntry { d: "bsiDefectPowerDownReq", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.1.6", OidEntry { d: "bsiListContentDescription", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.2.1", OidEntry { d: "bsiSecurityObject", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.2.2", OidEntry { d: "bsiBlackList", c: "BSI TR-03110", w: false }); - oids.insert("0.4.0.127.0.7.3.4.2.2", OidEntry { d: "bsiSignedUpdateDeviceAdmin", c: "BSI TR-03109", w: false }); - oids.insert("0.4.0.127.0.7.4.1.1.1", OidEntry { d: "bsiCertReqMsgs", c: "BSI TR-03109", w: false }); - oids.insert("0.4.0.127.0.7.4.1.1.2", OidEntry { d: "bsiCertReqMsgswithOuterSignature", c: "BSI TR-03109", w: false }); - oids.insert("0.4.0.127.0.7.4.1.1.3", OidEntry { d: "bsiAuthorizedCertReqMsgs", c: "BSI TR-03109", w: false }); - oids.insert("0.4.0.127.0.7.4.1.2.2", OidEntry { d: "bsiSignedRevReqs", c: "BSI TR-03109", w: false }); - oids.insert("0.4.0.1862", OidEntry { d: "etsiQcsProfile", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1", OidEntry { d: "etsiQcs", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.1", OidEntry { d: "etsiQcsCompliance", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.2", OidEntry { d: "etsiQcsLimitValue", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.3", OidEntry { d: "etsiQcsRetentionPeriod", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.4", OidEntry { d: "etsiQcsQcSSCD", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.5", OidEntry { d: "etsiQcsQcPDS", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.6", OidEntry { d: "etsiQcsQcType", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.6.1", OidEntry { d: "etsiQcsQctEsign", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.6.2", OidEntry { d: "etsiQcsQctEseal", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.1862.1.6.3", OidEntry { d: "etsiQcsQctWeb", c: "ETSI TS 101 862 Qualified Certificates", w: false }); - oids.insert("0.4.0.2042.1.1", OidEntry { d: "normalisedCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.2042.1.2", OidEntry { d: "normalisedCertificatePolicyPlus", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.2042.1.3", OidEntry { d: "lightweightCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.2042.1.4", OidEntry { d: "evCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.2042.1.5", OidEntry { d: "evCertificatePolicyPlus", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.2042.1.6", OidEntry { d: "dvCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.2042.1.7", OidEntry { d: "ovCertificatePolicy", c: "ETSI TS 102 042 Certificate Policies", w: false }); - oids.insert("0.4.0.194112.1.0", OidEntry { d: "qcpNatural", c: "EU Qualified Certificate Policy", w: false }); - oids.insert("0.4.0.194112.1.1", OidEntry { d: "qcpLegal", c: "EU Qualified Certificate Policy", w: false }); - oids.insert("0.4.0.194112.1.2", OidEntry { d: "qcpNaturalQscd", c: "EU Qualified Certificate Policy", w: false }); - oids.insert("0.4.0.194112.1.3", OidEntry { d: "qcpLegalQscd", c: "EU Qualified Certificate Policy", w: false }); - oids.insert("0.4.0.194112.1.4", OidEntry { d: "qcpWeb", c: "EU Qualified Certificate Policy", w: false }); - oids.insert("0.4.0.194121.1.1", OidEntry { d: "qcsSemanticsIdNatural", c: "EU Qualified Certificate Identifier", w: false }); - oids.insert("0.4.0.194121.1.2", OidEntry { d: "qcsSemanticsIdLegal", c: "EU Qualified Certificate Identifier", w: false }); - oids.insert("0.4.0.194121.1.3", OidEntry { d: "qcsSemanticsIdeIDASNatural", c: "EU Qualified Certificate Identifier", w: false }); - oids.insert("0.4.0.194121.1.4", OidEntry { d: "qcsSemanticsIdeIDASLegal", c: "EU Qualified Certificate Identifier", w: false }); - oids.insert("0.9.2342.19200300.100.1.1", OidEntry { d: "userID", c: "Some oddball X.500 attribute collection", w: false }); - oids.insert("0.9.2342.19200300.100.1.3", OidEntry { d: "rfc822Mailbox", c: "Some oddball X.500 attribute collection", w: false }); - oids.insert("0.9.2342.19200300.100.1.25", OidEntry { d: "domainComponent", c: "Men are from Mars, this OID is from Pluto", w: false }); - oids.insert("1.0.10118.3.0.49", OidEntry { d: "ripemd160", c: "ISO 10118-3 hash function", w: false }); - oids.insert("1.0.10118.3.0.50", OidEntry { d: "ripemd128", c: "ISO 10118-3 hash function", w: false }); - oids.insert("1.0.10118.3.0.55", OidEntry { d: "whirlpool", c: "ISO 10118-3 hash function", w: false }); - oids.insert("1.0.18033.2", OidEntry { d: "iso18033-2", c: "ISO 18033-2", w: false }); - oids.insert("1.0.18033.2.2", OidEntry { d: "kem", c: "ISO 18033-2 algorithms", w: false }); - oids.insert("1.0.18033.2.2.4", OidEntry { d: "kemRSA", c: "ISO 18033-2 KEM algorithms", w: false }); - oids.insert("1.2.36.1.3.1.1.1", OidEntry { d: "qgpki", c: "Queensland Government PKI", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1", OidEntry { d: "qgpkiPolicies", c: "QGPKI policies", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.1", OidEntry { d: "qgpkiMedIntermedCA", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.1.1", OidEntry { d: "qgpkiMedIntermedIndividual", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.1.2", OidEntry { d: "qgpkiMedIntermedDeviceControl", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.1.3", OidEntry { d: "qgpkiMedIntermedDevice", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.1.4", OidEntry { d: "qgpkiMedIntermedAuthorisedParty", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.1.5", OidEntry { d: "qgpkiMedIntermedDeviceSystem", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2", OidEntry { d: "qgpkiMedIssuingCA", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.1", OidEntry { d: "qgpkiMedIssuingIndividual", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.2", OidEntry { d: "qgpkiMedIssuingDeviceControl", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.3", OidEntry { d: "qgpkiMedIssuingDevice", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.4", OidEntry { d: "qgpkiMedIssuingAuthorisedParty", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.5", OidEntry { d: "qgpkiMedIssuingClientAuth", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.6", OidEntry { d: "qgpkiMedIssuingServerAuth", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.7", OidEntry { d: "qgpkiMedIssuingDataProt", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.2.8", OidEntry { d: "qgpkiMedIssuingTokenAuth", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.3", OidEntry { d: "qgpkiBasicIntermedCA", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.3.1", OidEntry { d: "qgpkiBasicIntermedDeviceSystem", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.4", OidEntry { d: "qgpkiBasicIssuingCA", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.4.1", OidEntry { d: "qgpkiBasicIssuingClientAuth", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.4.2", OidEntry { d: "qgpkiBasicIssuingServerAuth", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.1.4.3", OidEntry { d: "qgpkiBasicIssuingDataSigning", c: "QGPKI policy", w: false }); - oids.insert("1.2.36.1.3.1.1.1.2", OidEntry { d: "qgpkiAssuranceLevel", c: "QGPKI assurance level", w: false }); - oids.insert("1.2.36.1.3.1.1.1.2.1", OidEntry { d: "qgpkiAssuranceRudimentary", c: "QGPKI assurance level", w: false }); - oids.insert("1.2.36.1.3.1.1.1.2.2", OidEntry { d: "qgpkiAssuranceBasic", c: "QGPKI assurance level", w: false }); - oids.insert("1.2.36.1.3.1.1.1.2.3", OidEntry { d: "qgpkiAssuranceMedium", c: "QGPKI assurance level", w: false }); - oids.insert("1.2.36.1.3.1.1.1.2.4", OidEntry { d: "qgpkiAssuranceHigh", c: "QGPKI assurance level", w: false }); - oids.insert("1.2.36.1.3.1.1.1.3", OidEntry { d: "qgpkiCertFunction", c: "QGPKI policies", w: false }); - oids.insert("1.2.36.1.3.1.1.1.3.1", OidEntry { d: "qgpkiFunctionIndividual", c: "QGPKI policies", w: false }); - oids.insert("1.2.36.1.3.1.1.1.3.2", OidEntry { d: "qgpkiFunctionDevice", c: "QGPKI policies", w: false }); - oids.insert("1.2.36.1.3.1.1.1.3.3", OidEntry { d: "qgpkiFunctionAuthorisedParty", c: "QGPKI policies", w: false }); - oids.insert("1.2.36.1.3.1.1.1.3.4", OidEntry { d: "qgpkiFunctionDeviceControl", c: "QGPKI policies", w: false }); - oids.insert("1.2.36.1.3.1.2", OidEntry { d: "qpspki", c: "Queensland Police PKI", w: false }); - oids.insert("1.2.36.1.3.1.2.1", OidEntry { d: "qpspkiPolicies", c: "Queensland Police PKI", w: false }); - oids.insert("1.2.36.1.3.1.2.1.2", OidEntry { d: "qpspkiPolicyBasic", c: "Queensland Police PKI", w: false }); - oids.insert("1.2.36.1.3.1.2.1.3", OidEntry { d: "qpspkiPolicyMedium", c: "Queensland Police PKI", w: false }); - oids.insert("1.2.36.1.3.1.2.1.4", OidEntry { d: "qpspkiPolicyHigh", c: "Queensland Police PKI", w: false }); - oids.insert("1.2.36.1.3.1.3.2", OidEntry { d: "qtmrpki", c: "Queensland Transport PKI", w: false }); - oids.insert("1.2.36.1.3.1.3.2.1", OidEntry { d: "qtmrpkiPolicies", c: "Queensland Transport PKI", w: false }); - oids.insert("1.2.36.1.3.1.3.2.2", OidEntry { d: "qtmrpkiPurpose", c: "Queensland Transport PKI", w: false }); - oids.insert("1.2.36.1.3.1.3.2.2.1", OidEntry { d: "qtmrpkiIndividual", c: "Queensland Transport PKI purpose", w: false }); - oids.insert("1.2.36.1.3.1.3.2.2.2", OidEntry { d: "qtmrpkiDeviceControl", c: "Queensland Transport PKI purpose", w: false }); - oids.insert("1.2.36.1.3.1.3.2.2.3", OidEntry { d: "qtmrpkiDevice", c: "Queensland Transport PKI purpose", w: false }); - oids.insert("1.2.36.1.3.1.3.2.2.4", OidEntry { d: "qtmrpkiAuthorisedParty", c: "Queensland Transport PKI purpose", w: false }); - oids.insert("1.2.36.1.3.1.3.2.2.5", OidEntry { d: "qtmrpkiDeviceSystem", c: "Queensland Transport PKI purpose", w: false }); - oids.insert("1.2.36.1.3.1.3.2.3", OidEntry { d: "qtmrpkiDevice", c: "Queensland Transport PKI", w: false }); - oids.insert("1.2.36.1.3.1.3.2.3.1", OidEntry { d: "qtmrpkiDriverLicense", c: "Queensland Transport PKI device", w: false }); - oids.insert("1.2.36.1.3.1.3.2.3.2", OidEntry { d: "qtmrpkiIndustryAuthority", c: "Queensland Transport PKI device", w: false }); - oids.insert("1.2.36.1.3.1.3.2.3.3", OidEntry { d: "qtmrpkiMarineLicense", c: "Queensland Transport PKI device", w: false }); - oids.insert("1.2.36.1.3.1.3.2.3.4", OidEntry { d: "qtmrpkiAdultProofOfAge", c: "Queensland Transport PKI device", w: false }); - oids.insert("1.2.36.1.3.1.3.2.3.5", OidEntry { d: "qtmrpkiSam", c: "Queensland Transport PKI device", w: false }); - oids.insert("1.2.36.1.3.1.3.2.4", OidEntry { d: "qtmrpkiAuthorisedParty", c: "Queensland Transport PKI", w: false }); - oids.insert("1.2.36.1.3.1.3.2.4.1", OidEntry { d: "qtmrpkiTransportInspector", c: "Queensland Transport PKI authorised party", w: false }); - oids.insert("1.2.36.1.3.1.3.2.4.2", OidEntry { d: "qtmrpkiPoliceOfficer", c: "Queensland Transport PKI authorised party", w: false }); - oids.insert("1.2.36.1.3.1.3.2.4.3", OidEntry { d: "qtmrpkiSystem", c: "Queensland Transport PKI authorised party", w: false }); - oids.insert("1.2.36.1.3.1.3.2.4.4", OidEntry { d: "qtmrpkiLiquorLicensingInspector", c: "Queensland Transport PKI authorised party", w: false }); - oids.insert("1.2.36.1.3.1.3.2.4.5", OidEntry { d: "qtmrpkiMarineEnforcementOfficer", c: "Queensland Transport PKI authorised party", w: false }); - oids.insert("1.2.36.1.333.1", OidEntry { d: "australianBusinessNumber", c: "Australian Government corporate taxpayer ID", w: false }); - oids.insert("1.2.36.68980861.1.1.2", OidEntry { d: "signetPersonal", c: "Signet CA", w: false }); - oids.insert("1.2.36.68980861.1.1.3", OidEntry { d: "signetBusiness", c: "Signet CA", w: false }); - oids.insert("1.2.36.68980861.1.1.4", OidEntry { d: "signetLegal", c: "Signet CA", w: false }); - oids.insert("1.2.36.68980861.1.1.10", OidEntry { d: "signetPilot", c: "Signet CA", w: false }); - oids.insert("1.2.36.68980861.1.1.11", OidEntry { d: "signetIntraNet", c: "Signet CA", w: false }); - oids.insert("1.2.36.68980861.1.1.20", OidEntry { d: "signetPolicy", c: "Signet CA", w: false }); - oids.insert("1.2.36.75878867.1.100.1.1", OidEntry { d: "certificatesAustraliaPolicy", c: "Certificates Australia CA", w: false }); - oids.insert("1.2.112.0.2.0.34.101.45.2.1", OidEntry { d: "bignPubkey", c: "Belarus STB 34.101.45", w: false }); - oids.insert("1.2.112.0.2.0.34.101.45.3.1", OidEntry { d: "bignParamB1", c: "Belarus STB 34.101.45", w: false }); - oids.insert("1.2.112.0.2.0.34.101.45.3.2", OidEntry { d: "bignParamB2", c: "Belarus STB 34.101.45", w: false }); - oids.insert("1.2.112.0.2.0.34.101.45.3.3", OidEntry { d: "bignParamB3", c: "Belarus STB 34.101.45", w: false }); - oids.insert("1.2.112.0.2.0.34.101.45.11", OidEntry { d: "bignWithHSpec", c: "Belarus STB 34.101.45", w: false }); - oids.insert("1.2.112.0.2.0.34.101.45.12", OidEntry { d: "bignWithHBelt", c: "Belarus STB 34.101.45", w: false }); - oids.insert("1.2.156.10197.1", OidEntry { d: "gmtCryptographicAlgorithm", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.100", OidEntry { d: "gmtBlockCipher", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.102", OidEntry { d: "sm1Cipher", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.103", OidEntry { d: "ssf33Cipher", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.104", OidEntry { d: "sm4Cipher", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.200", OidEntry { d: "gmtStreamCipher", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.201", OidEntry { d: "zucCipher", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.300", OidEntry { d: "gmtPublicKeyCryptography", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.301", OidEntry { d: "sm2ECC", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.301.1", OidEntry { d: "sm2-1DigitalSignature", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.301.2", OidEntry { d: "sm2-2KeyExchange", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.301.3", OidEntry { d: "sm2-3PublicKeyEncryption", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.302", OidEntry { d: "gmtSM9IBE", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.302.1", OidEntry { d: "sm9-1DigitalSignature", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.302.2", OidEntry { d: "sm9-2KeyExchange", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.302.3", OidEntry { d: "sm9-3PublicKeyEncryption", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.400", OidEntry { d: "gmtHashAlgorithm", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.401", OidEntry { d: "sm3Hash", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.401.1", OidEntry { d: "sm3HashWithoutKey", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.401.2", OidEntry { d: "sm3HashWithKey", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.500", OidEntry { d: "gmtDigestSigning", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.501", OidEntry { d: "sm2withSM3", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.1.504", OidEntry { d: "rsaWithSM3", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.4.3", OidEntry { d: "gmtCertificateAuthority", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6", OidEntry { d: "gmtStandardClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1", OidEntry { d: "gmtFoundationClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.1", OidEntry { d: "gmtAlgorithmClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.1.1", OidEntry { d: "zucStandard", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.1.2", OidEntry { d: "sm4Standard", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.1.3", OidEntry { d: "sm2Standard", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.1.4", OidEntry { d: "sm3Standard", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.2", OidEntry { d: "gmtIDClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.2.1", OidEntry { d: "gmtCryptoID", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.3", OidEntry { d: "gmtOperationModes", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.4", OidEntry { d: "gmtSecurityMechanism", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.4.1", OidEntry { d: "gmtSM2Specification", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.1.4.2", OidEntry { d: "gmtSM2CryptographicMessageSyntax", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.2", OidEntry { d: "gmtDeviceClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.3", OidEntry { d: "gmtServiceClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.4", OidEntry { d: "gmtInfrastructure", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.5", OidEntry { d: "gmtTestingClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.5.1", OidEntry { d: "gmtRandomTestingClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.156.10197.6.6", OidEntry { d: "gmtManagementClass", c: "China GM Standards Committee", w: false }); - oids.insert("1.2.392.200011.61.1.1.1", OidEntry { d: "mitsubishiSecurityAlgorithm", c: "Mitsubishi security algorithm", w: false }); - oids.insert("1.2.392.200011.61.1.1.1.1", OidEntry { d: "misty1-cbc", c: "Mitsubishi security algorithm", w: false }); - oids.insert("1.2.410.200004.1", OidEntry { d: "kisaAlgorithm", c: "KISA algorithm", w: false }); - oids.insert("1.2.410.200004.1.1", OidEntry { d: "kcdsa", c: "Korean DSA", w: false }); - oids.insert("1.2.410.200004.1.2", OidEntry { d: "has160", c: "Korean hash algorithm", w: false }); - oids.insert("1.2.410.200004.1.3", OidEntry { d: "seedECB", c: "Korean SEED algorithm, ECB mode", w: false }); - oids.insert("1.2.410.200004.1.4", OidEntry { d: "seedCBC", c: "Korean SEED algorithm, CBC mode", w: false }); - oids.insert("1.2.410.200004.1.5", OidEntry { d: "seedOFB", c: "Korean SEED algorithm, OFB mode", w: false }); - oids.insert("1.2.410.200004.1.6", OidEntry { d: "seedCFB", c: "Korean SEED algorithm, CFB mode", w: false }); - oids.insert("1.2.410.200004.1.7", OidEntry { d: "seedMAC", c: "Korean SEED algorithm, MAC mode", w: false }); - oids.insert("1.2.410.200004.1.8", OidEntry { d: "kcdsaWithHAS160", c: "Korean signature algorithm", w: false }); - oids.insert("1.2.410.200004.1.9", OidEntry { d: "kcdsaWithSHA1", c: "Korean signature algorithm", w: false }); - oids.insert("1.2.410.200004.1.10", OidEntry { d: "pbeWithHAS160AndSEED-ECB", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.11", OidEntry { d: "pbeWithHAS160AndSEED-CBC", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.12", OidEntry { d: "pbeWithHAS160AndSEED-CFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.13", OidEntry { d: "pbeWithHAS160AndSEED-OFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.14", OidEntry { d: "pbeWithSHA1AndSEED-ECB", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.15", OidEntry { d: "pbeWithSHA1AndSEED-CBC", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.16", OidEntry { d: "pbeWithSHA1AndSEED-CFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.17", OidEntry { d: "pbeWithSHA1AndSEED-OFB", c: "Korean SEED algorithm, PBE key derivation", w: false }); - oids.insert("1.2.410.200004.1.20", OidEntry { d: "rsaWithHAS160", c: "Korean signature algorithm", w: false }); - oids.insert("1.2.410.200004.1.21", OidEntry { d: "kcdsa1", c: "Korean DSA", w: false }); - oids.insert("1.2.410.200004.2", OidEntry { d: "npkiCP", c: "KISA NPKI certificate policies", w: false }); - oids.insert("1.2.410.200004.2.1", OidEntry { d: "npkiSignaturePolicy", c: "KISA NPKI certificate policies", w: false }); - oids.insert("1.2.410.200004.3", OidEntry { d: "npkiKP", c: "KISA NPKI key usage", w: false }); - oids.insert("1.2.410.200004.4", OidEntry { d: "npkiAT", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200004.5", OidEntry { d: "npkiLCA", c: "KISA NPKI licensed CA", w: false }); - oids.insert("1.2.410.200004.5.1", OidEntry { d: "npkiSignKorea", c: "KISA NPKI licensed CA", w: false }); - oids.insert("1.2.410.200004.5.2", OidEntry { d: "npkiSignGate", c: "KISA NPKI licensed CA", w: false }); - oids.insert("1.2.410.200004.5.3", OidEntry { d: "npkiNcaSign", c: "KISA NPKI licensed CA", w: false }); - oids.insert("1.2.410.200004.6", OidEntry { d: "npkiON", c: "KISA NPKI otherName", w: false }); - oids.insert("1.2.410.200004.7", OidEntry { d: "npkiAPP", c: "KISA NPKI application", w: false }); - oids.insert("1.2.410.200004.7.1", OidEntry { d: "npkiSMIME", c: "KISA NPKI application", w: false }); - oids.insert("1.2.410.200004.7.1.1", OidEntry { d: "npkiSMIMEAlgo", c: "KISA NPKI application", w: false }); - oids.insert("1.2.410.200004.7.1.1.1", OidEntry { d: "npkiCmsSEEDWrap", c: "KISA NPKI application", w: false }); - oids.insert("1.2.410.200004.10", OidEntry { d: "npki", c: "KISA NPKI", w: false }); - oids.insert("1.2.410.200004.10.1", OidEntry { d: "npkiAttribute", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200004.10.1.1", OidEntry { d: "npkiIdentifyData", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200004.10.1.1.1", OidEntry { d: "npkiVID", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200004.10.1.1.2", OidEntry { d: "npkiEncryptedVID", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200004.10.1.1.3", OidEntry { d: "npkiRandomNum", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200004.10.1.1.4", OidEntry { d: "npkiVID", c: "KISA NPKI attribute", w: false }); - oids.insert("1.2.410.200046.1.1", OidEntry { d: "aria1AlgorithmModes", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.1", OidEntry { d: "aria128-ecb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.2", OidEntry { d: "aria128-cbc", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.3", OidEntry { d: "aria128-cfb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.4", OidEntry { d: "aria128-ofb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.5", OidEntry { d: "aria128-ctr", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.6", OidEntry { d: "aria192-ecb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.7", OidEntry { d: "aria192-cbc", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.8", OidEntry { d: "aria192-cfb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.9", OidEntry { d: "aria192-ofb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.10", OidEntry { d: "aria192-ctr", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.11", OidEntry { d: "aria256-ecb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.12", OidEntry { d: "aria256-cbc", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.13", OidEntry { d: "aria256-cfb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.14", OidEntry { d: "aria256-ofb", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.15", OidEntry { d: "aria256-ctr", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.21", OidEntry { d: "aria128-cmac", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.22", OidEntry { d: "aria192-cmac", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.23", OidEntry { d: "aria256-cmac", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.31", OidEntry { d: "aria128-ocb2", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.32", OidEntry { d: "aria192-ocb2", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.33", OidEntry { d: "aria256-ocb2", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.34", OidEntry { d: "aria128-gcm", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.35", OidEntry { d: "aria192-gcm", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.36", OidEntry { d: "aria256-gcm", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.37", OidEntry { d: "aria128-ccm", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.38", OidEntry { d: "aria192-ccm", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.39", OidEntry { d: "aria256-ccm", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.40", OidEntry { d: "aria128-keywrap", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.41", OidEntry { d: "aria192-keywrap", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.42", OidEntry { d: "aria256-keywrap", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.43", OidEntry { d: "aria128-keywrapWithPad", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.44", OidEntry { d: "aria192-keywrapWithPad", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.410.200046.1.1.45", OidEntry { d: "aria256-keywrapWithPad", c: "ARIA algorithm modes", w: false }); - oids.insert("1.2.643.2.2.3", OidEntry { d: "gostSignature", c: "GOST R 34.10-2001 + GOST R 34.11-94 signature", w: false }); - oids.insert("1.2.643.2.2.4", OidEntry { d: "gost94Signature", c: "GOST R 34.10-94 + GOST R 34.11-94 signature. Obsoleted by GOST R 34.10-2001", w: true }); - oids.insert("1.2.643.2.2.19", OidEntry { d: "gostPublicKey", c: "GOST R 34.10-2001 (ECC) public key", w: false }); - oids.insert("1.2.643.2.2.20", OidEntry { d: "gost94PublicKey", c: "GOST R 34.10-94 public key. Obsoleted by GOST R 34.10-2001", w: true }); - oids.insert("1.2.643.2.2.21", OidEntry { d: "gostCipher", c: "GOST 28147-89 (symmetric key block cipher)", w: false }); - oids.insert("1.2.643.2.2.31.0", OidEntry { d: "testCipherParams", c: "Test params for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.1", OidEntry { d: "cryptoProCipherA", c: "CryptoPro params A (default, variant 'Verba-O') for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.2", OidEntry { d: "cryptoProCipherB", c: "CryptoPro params B (variant 1) for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.3", OidEntry { d: "cryptoProCipherC", c: "CryptoPro params C (variant 2) for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.4", OidEntry { d: "cryptoProCipherD", c: "CryptoPro params D (variant 3) for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.5", OidEntry { d: "oscar11Cipher", c: "Oscar-1.1 params for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.6", OidEntry { d: "oscar10Cipher", c: "Oscar-1.0 params for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.7", OidEntry { d: "ric1Cipher", c: "RIC-1 params for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.12", OidEntry { d: "tc26CipherA", c: "TC26 params 2 for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.13", OidEntry { d: "tc26CipherB", c: "TC26 params 1 for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.14", OidEntry { d: "tc26CipherC", c: "TC26 params 3 for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.15", OidEntry { d: "tc26CipherD", c: "TC26 params 4 for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.16", OidEntry { d: "tc26CipherE", c: "TC26 params 5 for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.31.17", OidEntry { d: "tc26CipherF", c: "TC26 params 6 for GOST 28147-89", w: false }); - oids.insert("1.2.643.7.1.2.5.1.1", OidEntry { d: "tc26CipherZ", c: "TC26 params Z for GOST 28147-89", w: false }); - oids.insert("1.2.643.2.2.9", OidEntry { d: "gostDigest", c: "GOST R 34.11-94 digest", w: false }); - oids.insert("1.2.643.2.2.30.0", OidEntry { d: "testDigestParams", c: "Test params for GOST R 34.11-94", w: false }); - oids.insert("1.2.643.2.2.30.1", OidEntry { d: "cryptoProDigestA", c: "CryptoPro digest params A (default, variant 'Verba-O') for GOST R 34.11-94", w: false }); - oids.insert("1.2.643.2.2.30.2", OidEntry { d: "cryptoProDigestB", c: "CryptoPro digest params B (variant 1) for GOST R 34.11-94", w: false }); - oids.insert("1.2.643.2.2.30.3", OidEntry { d: "cryptoProDigestC", c: "CryptoPro digest params C (variant 2) for GOST R 34.11-94", w: false }); - oids.insert("1.2.643.2.2.30.4", OidEntry { d: "cryptoProDigestD", c: "CryptoPro digest params D (variant 3) for GOST R 34.11-94", w: false }); - oids.insert("1.2.643.2.2.32.2", OidEntry { d: "cryptoPro94SignA", c: "CryptoPro sign params A (default, variant 'Verba-O') for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.32.3", OidEntry { d: "cryptoPro94SignB", c: "CryptoPro sign params B (variant 1) for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.32.4", OidEntry { d: "cryptoPro94SignC", c: "CryptoPro sign params C (variant 2) for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.32.5", OidEntry { d: "cryptoPro94SignD", c: "CryptoPro sign params D (variant 3) for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.33.1", OidEntry { d: "cryptoPro94SignXA", c: "CryptoPro sign params XA (variant 1) for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.33.2", OidEntry { d: "cryptoPro94SignXB", c: "CryptoPro sign params XB (variant 2) for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.33.3", OidEntry { d: "cryptoPro94SignXC", c: "CryptoPro sign params XC (variant 3) for GOST R 34.10-94", w: false }); - oids.insert("1.2.643.2.2.35.0", OidEntry { d: "testSignParams", c: "Test elliptic curve for GOST R 34.10-2001", w: false }); - oids.insert("1.2.643.2.2.35.1", OidEntry { d: "cryptoProSignA", c: "CryptoPro ell.curve A for GOST R 34.10-2001", w: false }); - oids.insert("1.2.643.2.2.35.2", OidEntry { d: "cryptoProSignB", c: "CryptoPro ell.curve B for GOST R 34.10-2001", w: false }); - oids.insert("1.2.643.2.2.35.3", OidEntry { d: "cryptoProSignC", c: "CryptoPro ell.curve C for GOST R 34.10-2001", w: false }); - oids.insert("1.2.643.2.2.36.0", OidEntry { d: "cryptoProSignXA", c: "CryptoPro ell.curve XA for GOST R 34.10-2001", w: false }); - oids.insert("1.2.643.2.2.36.1", OidEntry { d: "cryptoProSignXB", c: "CryptoPro ell.curve XB for GOST R 34.10-2001", w: false }); - oids.insert("1.2.643.7.1.2.1.1.1", OidEntry { d: "cryptoPro2012Sign256A", c: "CryptoPro ell.curve A for GOST R 34.10-2012 256 bit", w: false }); - oids.insert("1.2.643.7.1.2.1.2.1", OidEntry { d: "cryptoPro2012Sign512A", c: "CryptoPro ell.curve A (default) for GOST R 34.10-2012 512 bit", w: false }); - oids.insert("1.2.643.7.1.2.1.2.2", OidEntry { d: "cryptoPro2012Sign512B", c: "CryptoPro ell.curve B for GOST R 34.10-2012 512 bit", w: false }); - oids.insert("1.2.643.7.1.2.1.2.3", OidEntry { d: "cryptoPro2012Sign512C", c: "CryptoPro ell.curve C for GOST R 34.10-2012 512 bit", w: false }); - oids.insert("1.2.643.2.2.14.0", OidEntry { d: "nullMeshing", c: "Do not mesh state of GOST 28147-89 cipher", w: false }); - oids.insert("1.2.643.2.2.14.1", OidEntry { d: "cryptoProMeshing", c: "CryptoPro meshing of state of GOST 28147-89 cipher", w: false }); - oids.insert("1.2.643.2.2.10", OidEntry { d: "hmacGost", c: "HMAC with GOST R 34.11-94", w: false }); - oids.insert("1.2.643.2.2.13.0", OidEntry { d: "gostWrap", c: "Wrap key using GOST 28147-89 key", w: false }); - oids.insert("1.2.643.2.2.13.1", OidEntry { d: "cryptoProWrap", c: "Wrap key using diversified GOST 28147-89 key", w: false }); - oids.insert("1.2.643.2.2.96", OidEntry { d: "cryptoProECDHWrap", c: "Wrap key using ECC DH on GOST R 34.10-2001 keys (VKO)", w: false }); - oids.insert("1.2.643.7.1.1.1.1", OidEntry { d: "gost2012PublicKey256", c: "GOST R 34.10-2012 256 bit public key", w: false }); - oids.insert("1.2.643.7.1.1.1.2", OidEntry { d: "gost2012PublicKey512", c: "GOST R 34.10-2012 512 bit public key", w: false }); - oids.insert("1.2.643.7.1.1.2.2", OidEntry { d: "gost2012Digest256", c: "GOST R 34.11-2012 256 bit digest", w: false }); - oids.insert("1.2.643.7.1.1.2.3", OidEntry { d: "gost2012Digest512", c: "GOST R 34.11-2012 512 bit digest", w: false }); - oids.insert("1.2.643.7.1.1.3.2", OidEntry { d: "gost2012Signature256", c: "GOST R 34.10-2012 256 bit signature", w: false }); - oids.insert("1.2.643.7.1.1.3.3", OidEntry { d: "gost2012Signature512", c: "GOST R 34.10-2012 512 bit signature", w: false }); - oids.insert("1.2.643.7.1.1.6.1", OidEntry { d: "cryptoProECDH256", c: "CryptoPro ECC DH algorithm for GOST R 34.10-2012 256 bit key", w: false }); - oids.insert("1.2.643.7.1.1.6.2", OidEntry { d: "cryptoProECDH512", c: "CryptoPro ECC DH algorithm for GOST R 34.10-2012 512 bit key", w: false }); - oids.insert("1.2.643.100.113.1", OidEntry { d: "cryptoProClassSignToolKC1", c: "CryptoPro GOST", w: false }); - oids.insert("1.2.643.100.113.2", OidEntry { d: "cryptoProClassSignToolKC2", c: "CryptoPro GOST", w: false }); - oids.insert("1.2.643.100.113.3", OidEntry { d: "cryptoProClassSignToolKC3", c: "CryptoPro GOST", w: false }); - oids.insert("1.2.643.100.113.4", OidEntry { d: "cryptoProClassSignToolKB1", c: "CryptoPro GOST", w: false }); - oids.insert("1.2.643.100.113.5", OidEntry { d: "cryptoProClassSignToolKB2", c: "CryptoPro GOST", w: false }); - oids.insert("1.2.643.100.113.6", OidEntry { d: "cryptoProClassSignToolKA1", c: "CryptoPro GOST", w: false }); - oids.insert("1.2.752.34.1", OidEntry { d: "seis-cp", c: "SEIS Project", w: false }); - oids.insert("1.2.752.34.1.1", OidEntry { d: "SEIS high-assurance policyIdentifier", c: "SEIS Project certificate policies", w: false }); - oids.insert("1.2.752.34.1.2", OidEntry { d: "SEIS GAK policyIdentifier", c: "SEIS Project certificate policies", w: false }); - oids.insert("1.2.752.34.2", OidEntry { d: "SEIS pe", c: "SEIS Project", w: false }); - oids.insert("1.2.752.34.3", OidEntry { d: "SEIS at", c: "SEIS Project", w: false }); - oids.insert("1.2.752.34.3.1", OidEntry { d: "SEIS at-personalIdentifier", c: "SEIS Project attribute", w: false }); - oids.insert("1.2.840.10040.1", OidEntry { d: "module", c: "ANSI X9.57", w: false }); - oids.insert("1.2.840.10040.1.1", OidEntry { d: "x9f1-cert-mgmt", c: "ANSI X9.57 module", w: false }); - oids.insert("1.2.840.10040.2", OidEntry { d: "holdinstruction", c: "ANSI X9.57", w: false }); - oids.insert("1.2.840.10040.2.1", OidEntry { d: "holdinstruction-none", c: "ANSI X9.57 hold instruction", w: false }); - oids.insert("1.2.840.10040.2.2", OidEntry { d: "callissuer", c: "ANSI X9.57 hold instruction", w: false }); - oids.insert("1.2.840.10040.2.3", OidEntry { d: "reject", c: "ANSI X9.57 hold instruction", w: false }); - oids.insert("1.2.840.10040.2.4", OidEntry { d: "pickupToken", c: "ANSI X9.57 hold instruction", w: false }); - oids.insert("1.2.840.10040.3", OidEntry { d: "attribute", c: "ANSI X9.57", w: false }); - oids.insert("1.2.840.10040.3.1", OidEntry { d: "countersignature", c: "ANSI X9.57 attribute", w: false }); - oids.insert("1.2.840.10040.3.2", OidEntry { d: "attribute-cert", c: "ANSI X9.57 attribute", w: false }); - oids.insert("1.2.840.10040.4", OidEntry { d: "algorithm", c: "ANSI X9.57", w: false }); - oids.insert("1.2.840.10040.4.1", OidEntry { d: "dsa", c: "ANSI X9.57 algorithm", w: false }); - oids.insert("1.2.840.10040.4.2", OidEntry { d: "dsa-match", c: "ANSI X9.57 algorithm", w: false }); - oids.insert("1.2.840.10040.4.3", OidEntry { d: "dsaWithSha1", c: "ANSI X9.57 algorithm", w: false }); - oids.insert("1.2.840.10045.1", OidEntry { d: "fieldType", c: "ANSI X9.62. This OID is also assigned as ecdsa-with-SHA1", w: false }); - oids.insert("1.2.840.10045.1.1", OidEntry { d: "prime-field", c: "ANSI X9.62 field type", w: false }); - oids.insert("1.2.840.10045.1.2", OidEntry { d: "characteristic-two-field", c: "ANSI X9.62 field type", w: false }); - oids.insert("1.2.840.10045.1.2.3", OidEntry { d: "characteristic-two-basis", c: "ANSI X9.62 field type", w: false }); - oids.insert("1.2.840.10045.1.2.3.1", OidEntry { d: "onBasis", c: "ANSI X9.62 field basis", w: false }); - oids.insert("1.2.840.10045.1.2.3.2", OidEntry { d: "tpBasis", c: "ANSI X9.62 field basis", w: false }); - oids.insert("1.2.840.10045.1.2.3.3", OidEntry { d: "ppBasis", c: "ANSI X9.62 field basis", w: false }); - oids.insert("1.2.840.10045.2", OidEntry { d: "publicKeyType", c: "ANSI X9.62", w: false }); - oids.insert("1.2.840.10045.2.1", OidEntry { d: "ecPublicKey", c: "ANSI X9.62 public key type", w: false }); - oids.insert("1.2.840.10045.3.0.1", OidEntry { d: "c2pnb163v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.2", OidEntry { d: "c2pnb163v2", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.3", OidEntry { d: "c2pnb163v3", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.5", OidEntry { d: "c2tnb191v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.6", OidEntry { d: "c2tnb191v2", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.7", OidEntry { d: "c2tnb191v3", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.10", OidEntry { d: "c2pnb208w1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.11", OidEntry { d: "c2tnb239v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.12", OidEntry { d: "c2tnb239v2", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.13", OidEntry { d: "c2tnb239v3", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.16", OidEntry { d: "c2pnb272w1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.18", OidEntry { d: "c2tnb359v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.19", OidEntry { d: "c2pnb368w1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.0.20", OidEntry { d: "c2tnb431r1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.1", OidEntry { d: "prime192v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.2", OidEntry { d: "prime192v2", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.3", OidEntry { d: "prime192v3", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.4", OidEntry { d: "prime239v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.5", OidEntry { d: "prime239v2", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.6", OidEntry { d: "prime239v3", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.3.1.7", OidEntry { d: "prime256v1", c: "ANSI X9.62 named elliptic curve", w: false }); - oids.insert("1.2.840.10045.4.1", OidEntry { d: "ecdsaWithSHA1", c: "ANSI X9.62 ECDSA algorithm with SHA1", w: false }); - oids.insert("1.2.840.10045.4.2", OidEntry { d: "ecdsaWithRecommended", c: "ANSI X9.62 ECDSA algorithm with Recommended", w: false }); - oids.insert("1.2.840.10045.4.3", OidEntry { d: "ecdsaWithSpecified", c: "ANSI X9.62 ECDSA algorithm with Specified", w: false }); - oids.insert("1.2.840.10045.4.3.1", OidEntry { d: "ecdsaWithSHA224", c: "ANSI X9.62 ECDSA algorithm with SHA224", w: false }); - oids.insert("1.2.840.10045.4.3.2", OidEntry { d: "ecdsaWithSHA256", c: "ANSI X9.62 ECDSA algorithm with SHA256", w: false }); - oids.insert("1.2.840.10045.4.3.3", OidEntry { d: "ecdsaWithSHA384", c: "ANSI X9.62 ECDSA algorithm with SHA384", w: false }); - oids.insert("1.2.840.10045.4.3.4", OidEntry { d: "ecdsaWithSHA512", c: "ANSI X9.62 ECDSA algorithm with SHA512", w: false }); - oids.insert("1.2.840.10046.1", OidEntry { d: "fieldType", c: "ANSI X9.42", w: false }); - oids.insert("1.2.840.10046.1.1", OidEntry { d: "gf-prime", c: "ANSI X9.42 field type", w: false }); - oids.insert("1.2.840.10046.2", OidEntry { d: "numberType", c: "ANSI X9.42", w: false }); - oids.insert("1.2.840.10046.2.1", OidEntry { d: "dhPublicKey", c: "ANSI X9.42 number type", w: false }); - oids.insert("1.2.840.10046.3", OidEntry { d: "scheme", c: "ANSI X9.42", w: false }); - oids.insert("1.2.840.10046.3.1", OidEntry { d: "dhStatic", c: "ANSI X9.42 scheme", w: false }); - oids.insert("1.2.840.10046.3.2", OidEntry { d: "dhEphem", c: "ANSI X9.42 scheme", w: false }); - oids.insert("1.2.840.10046.3.3", OidEntry { d: "dhHybrid1", c: "ANSI X9.42 scheme", w: false }); - oids.insert("1.2.840.10046.3.4", OidEntry { d: "dhHybrid2", c: "ANSI X9.42 scheme", w: false }); - oids.insert("1.2.840.10046.3.5", OidEntry { d: "mqv2", c: "ANSI X9.42 scheme", w: false }); - oids.insert("1.2.840.10046.3.6", OidEntry { d: "mqv1", c: "ANSI X9.42 scheme", w: false }); - oids.insert("1.2.840.10065.2.2", OidEntry { d: "?", c: "ASTM 31.20", w: false }); - oids.insert("1.2.840.10065.2.3", OidEntry { d: "healthcareLicense", c: "ASTM 31.20", w: false }); - oids.insert("1.2.840.10065.2.3.1.1", OidEntry { d: "license?", c: "ASTM 31.20 healthcare license type", w: false }); - oids.insert("1.2.840.10070", OidEntry { d: "iec62351", c: "IEC 62351", w: false }); - oids.insert("1.2.840.10070.8", OidEntry { d: "iec62351_8", c: "IEC 62351-8", w: false }); - oids.insert("1.2.840.10070.8.1", OidEntry { d: "iecUserRoles", c: "IEC 62351-8", w: false }); - oids.insert("1.2.840.113533.7", OidEntry { d: "nsn", c: "", w: false }); - oids.insert("1.2.840.113533.7.65", OidEntry { d: "nsn-ce", c: "", w: false }); - oids.insert("1.2.840.113533.7.65.0", OidEntry { d: "entrustVersInfo", c: "Nortel Secure Networks ce", w: false }); - oids.insert("1.2.840.113533.7.66", OidEntry { d: "nsn-alg", c: "", w: false }); - oids.insert("1.2.840.113533.7.66.3", OidEntry { d: "cast3CBC", c: "Nortel Secure Networks alg", w: false }); - oids.insert("1.2.840.113533.7.66.10", OidEntry { d: "cast5CBC", c: "Nortel Secure Networks alg", w: false }); - oids.insert("1.2.840.113533.7.66.11", OidEntry { d: "cast5MAC", c: "Nortel Secure Networks alg", w: false }); - oids.insert("1.2.840.113533.7.66.12", OidEntry { d: "pbeWithMD5AndCAST5-CBC", c: "Nortel Secure Networks alg", w: false }); - oids.insert("1.2.840.113533.7.66.13", OidEntry { d: "passwordBasedMac", c: "Nortel Secure Networks alg", w: false }); - oids.insert("1.2.840.113533.7.67", OidEntry { d: "nsn-oc", c: "", w: false }); - oids.insert("1.2.840.113533.7.67.0", OidEntry { d: "entrustUser", c: "Nortel Secure Networks oc", w: false }); - oids.insert("1.2.840.113533.7.68", OidEntry { d: "nsn-at", c: "", w: false }); - oids.insert("1.2.840.113533.7.68.0", OidEntry { d: "entrustCAInfo", c: "Nortel Secure Networks at", w: false }); - oids.insert("1.2.840.113533.7.68.10", OidEntry { d: "attributeCertificate", c: "Nortel Secure Networks at", w: false }); - oids.insert("1.2.840.113549.1.1", OidEntry { d: "pkcs-1", c: "", w: false }); - oids.insert("1.2.840.113549.1.1.1", OidEntry { d: "rsaEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.2", OidEntry { d: "md2WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.3", OidEntry { d: "md4WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.4", OidEntry { d: "md5WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.5", OidEntry { d: "sha1WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.7", OidEntry { d: "rsaOAEP", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.8", OidEntry { d: "pkcs1-MGF", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.9", OidEntry { d: "rsaOAEP-pSpecified", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.10", OidEntry { d: "rsaPSS", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.11", OidEntry { d: "sha256WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.12", OidEntry { d: "sha384WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.13", OidEntry { d: "sha512WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.14", OidEntry { d: "sha224WithRSAEncryption", c: "PKCS #1", w: false }); - oids.insert("1.2.840.113549.1.1.6", OidEntry { d: "rsaOAEPEncryptionSET", c: "PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption", w: false }); - oids.insert("1.2.840.113549.1.2", OidEntry { d: "bsafeRsaEncr", c: "Obsolete BSAFE OID", w: true }); - oids.insert("1.2.840.113549.1.3", OidEntry { d: "pkcs-3", c: "", w: false }); - oids.insert("1.2.840.113549.1.3.1", OidEntry { d: "dhKeyAgreement", c: "PKCS #3", w: false }); - oids.insert("1.2.840.113549.1.5", OidEntry { d: "pkcs-5", c: "", w: false }); - oids.insert("1.2.840.113549.1.5.1", OidEntry { d: "pbeWithMD2AndDES-CBC", c: "PKCS #5", w: false }); - oids.insert("1.2.840.113549.1.5.3", OidEntry { d: "pbeWithMD5AndDES-CBC", c: "PKCS #5", w: false }); - oids.insert("1.2.840.113549.1.5.4", OidEntry { d: "pbeWithMD2AndRC2-CBC", c: "PKCS #5", w: false }); - oids.insert("1.2.840.113549.1.5.6", OidEntry { d: "pbeWithMD5AndRC2-CBC", c: "PKCS #5", w: false }); - oids.insert("1.2.840.113549.1.5.9", OidEntry { d: "pbeWithMD5AndXOR", c: "PKCS #5, used in BSAFE only", w: true }); - oids.insert("1.2.840.113549.1.5.10", OidEntry { d: "pbeWithSHAAndDES-CBC", c: "PKCS #5", w: false }); - oids.insert("1.2.840.113549.1.5.12", OidEntry { d: "pkcs5PBKDF2", c: "PKCS #5 v2.0", w: false }); - oids.insert("1.2.840.113549.1.5.13", OidEntry { d: "pkcs5PBES2", c: "PKCS #5 v2.0", w: false }); - oids.insert("1.2.840.113549.1.5.14", OidEntry { d: "pkcs5PBMAC1", c: "PKCS #5 v2.0", w: false }); - oids.insert("1.2.840.113549.1.7", OidEntry { d: "pkcs-7", c: "", w: false }); - oids.insert("1.2.840.113549.1.7.1", OidEntry { d: "data", c: "PKCS #7", w: false }); - oids.insert("1.2.840.113549.1.7.2", OidEntry { d: "signedData", c: "PKCS #7", w: false }); - oids.insert("1.2.840.113549.1.7.3", OidEntry { d: "envelopedData", c: "PKCS #7", w: false }); - oids.insert("1.2.840.113549.1.7.4", OidEntry { d: "signedAndEnvelopedData", c: "PKCS #7", w: false }); - oids.insert("1.2.840.113549.1.7.5", OidEntry { d: "digestedData", c: "PKCS #7", w: false }); - oids.insert("1.2.840.113549.1.7.6", OidEntry { d: "encryptedData", c: "PKCS #7", w: false }); - oids.insert("1.2.840.113549.1.7.7", OidEntry { d: "dataWithAttributes", c: "PKCS #7 experimental", w: true }); - oids.insert("1.2.840.113549.1.7.8", OidEntry { d: "encryptedPrivateKeyInfo", c: "PKCS #7 experimental", w: true }); - oids.insert("1.2.840.113549.1.9", OidEntry { d: "pkcs-9", c: "", w: false }); - oids.insert("1.2.840.113549.1.9.1", OidEntry { d: "emailAddress", c: "PKCS #9. Deprecated, use an altName extension instead", w: false }); - oids.insert("1.2.840.113549.1.9.2", OidEntry { d: "unstructuredName", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.3", OidEntry { d: "contentType", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.4", OidEntry { d: "messageDigest", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.5", OidEntry { d: "signingTime", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.6", OidEntry { d: "countersignature", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.7", OidEntry { d: "challengePassword", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.8", OidEntry { d: "unstructuredAddress", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.9", OidEntry { d: "extendedCertificateAttributes", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.10", OidEntry { d: "issuerAndSerialNumber", c: "PKCS #9 experimental", w: true }); - oids.insert("1.2.840.113549.1.9.11", OidEntry { d: "passwordCheck", c: "PKCS #9 experimental", w: true }); - oids.insert("1.2.840.113549.1.9.12", OidEntry { d: "publicKey", c: "PKCS #9 experimental", w: true }); - oids.insert("1.2.840.113549.1.9.13", OidEntry { d: "signingDescription", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.14", OidEntry { d: "extensionRequest", c: "PKCS #9 via CRMF", w: false }); - oids.insert("1.2.840.113549.1.9.15", OidEntry { d: "sMIMECapabilities", c: "PKCS #9. This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name", w: false }); - oids.insert("1.2.840.113549.1.9.15.1", OidEntry { d: "preferSignedData", c: "sMIMECapabilities", w: false }); - oids.insert("1.2.840.113549.1.9.15.2", OidEntry { d: "canNotDecryptAny", c: "sMIMECapabilities", w: false }); - oids.insert("1.2.840.113549.1.9.15.3", OidEntry { d: "receiptRequest", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 1) instead", w: true }); - oids.insert("1.2.840.113549.1.9.15.4", OidEntry { d: "receipt", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 1 1) instead", w: true }); - oids.insert("1.2.840.113549.1.9.15.5", OidEntry { d: "contentHints", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 4) instead", w: true }); - oids.insert("1.2.840.113549.1.9.15.6", OidEntry { d: "mlExpansionHistory", c: "sMIMECapabilities. Deprecated, use (1 2 840 113549 1 9 16 2 3) instead", w: true }); - oids.insert("1.2.840.113549.1.9.16", OidEntry { d: "id-sMIME", c: "PKCS #9", w: false }); - oids.insert("1.2.840.113549.1.9.16.0", OidEntry { d: "id-mod", c: "id-sMIME", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.1", OidEntry { d: "id-mod-cms", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.2", OidEntry { d: "id-mod-ess", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.3", OidEntry { d: "id-mod-oid", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.4", OidEntry { d: "id-mod-msg-v3", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.5", OidEntry { d: "id-mod-ets-eSignature-88", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.6", OidEntry { d: "id-mod-ets-eSignature-97", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.7", OidEntry { d: "id-mod-ets-eSigPolicy-88", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.0.8", OidEntry { d: "id-mod-ets-eSigPolicy-88", c: "S/MIME Modules", w: false }); - oids.insert("1.2.840.113549.1.9.16.1", OidEntry { d: "contentType", c: "S/MIME", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.0", OidEntry { d: "anyContentType", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.1", OidEntry { d: "receipt", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.2", OidEntry { d: "authData", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.3", OidEntry { d: "publishCert", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.4", OidEntry { d: "tSTInfo", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.5", OidEntry { d: "tDTInfo", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.6", OidEntry { d: "contentInfo", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.7", OidEntry { d: "dVCSRequestData", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.8", OidEntry { d: "dVCSResponseData", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.9", OidEntry { d: "compressedData", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.10", OidEntry { d: "scvpCertValRequest", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.11", OidEntry { d: "scvpCertValResponse", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.12", OidEntry { d: "scvpValPolRequest", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.13", OidEntry { d: "scvpValPolResponse", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.14", OidEntry { d: "attrCertEncAttrs", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.15", OidEntry { d: "tSReq", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.16", OidEntry { d: "firmwarePackage", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.17", OidEntry { d: "firmwareLoadReceipt", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.18", OidEntry { d: "firmwareLoadError", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.19", OidEntry { d: "contentCollection", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.20", OidEntry { d: "contentWithAttrs", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.21", OidEntry { d: "encKeyWithID", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.22", OidEntry { d: "encPEPSI", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.23", OidEntry { d: "authEnvelopedData", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.24", OidEntry { d: "routeOriginAttest", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.25", OidEntry { d: "symmetricKeyPackage", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.26", OidEntry { d: "rpkiManifest", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.27", OidEntry { d: "asciiTextWithCRLF", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.28", OidEntry { d: "xml", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.29", OidEntry { d: "pdf", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.30", OidEntry { d: "postscript", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.31", OidEntry { d: "timestampedData", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.32", OidEntry { d: "asAdjacencyAttest", c: "S/MIME Content Types", w: true }); - oids.insert("1.2.840.113549.1.9.16.1.33", OidEntry { d: "rpkiTrustAnchor", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.34", OidEntry { d: "trustAnchorList", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.35", OidEntry { d: "rpkiGhostbusters", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.36", OidEntry { d: "resourceTaggedAttest", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.37", OidEntry { d: "utf8TextWithCRLF", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.38", OidEntry { d: "htmlWithCRLF", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.39", OidEntry { d: "epub", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.40", OidEntry { d: "animaJSONVoucher", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.41", OidEntry { d: "mudType", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.42", OidEntry { d: "sztpConveyedInfoXML", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.43", OidEntry { d: "sztpConveyedInfoJSON", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.44", OidEntry { d: "cbor", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.45", OidEntry { d: "cborSequence", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.46", OidEntry { d: "animaCBORVoucher", c: "S/MIME Content Types", w: true }); - oids.insert("1.2.840.113549.1.9.16.1.47", OidEntry { d: "geofeedCSVwithCRLF", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.48", OidEntry { d: "rpkiSignedChecklist", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.1.49", OidEntry { d: "rpkiASPA", c: "S/MIME Content Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.2", OidEntry { d: "authenticatedAttributes", c: "S/MIME", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.1", OidEntry { d: "receiptRequest", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.2", OidEntry { d: "securityLabel", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.3", OidEntry { d: "mlExpandHistory", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.4", OidEntry { d: "contentHint", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.5", OidEntry { d: "msgSigDigest", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.6", OidEntry { d: "encapContentType", c: "S/MIME Authenticated Attributes. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.2.7", OidEntry { d: "contentIdentifier", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.8", OidEntry { d: "macValue", c: "S/MIME Authenticated Attributes. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.2.9", OidEntry { d: "equivalentLabels", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.10", OidEntry { d: "contentReference", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.11", OidEntry { d: "encrypKeyPref", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.12", OidEntry { d: "signingCertificate", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.13", OidEntry { d: "smimeEncryptCerts", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.14", OidEntry { d: "timeStampToken", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.15", OidEntry { d: "sigPolicyId", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.16", OidEntry { d: "commitmentType", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.17", OidEntry { d: "signerLocation", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.18", OidEntry { d: "signerAttr", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.19", OidEntry { d: "otherSigCert", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.20", OidEntry { d: "contentTimestamp", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.21", OidEntry { d: "certificateRefs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.22", OidEntry { d: "revocationRefs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.23", OidEntry { d: "certValues", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.24", OidEntry { d: "revocationValues", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.25", OidEntry { d: "escTimeStamp", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.26", OidEntry { d: "certCRLTimestamp", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.27", OidEntry { d: "archiveTimeStamp", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.28", OidEntry { d: "signatureType", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.29", OidEntry { d: "dvcsDvc", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.30", OidEntry { d: "cekReference", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.31", OidEntry { d: "maxCEKDecrypts", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.32", OidEntry { d: "kekDerivationAlg", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.33", OidEntry { d: "intendedRecipients", c: "S/MIME Authenticated Attributes. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.2.34", OidEntry { d: "cmcUnsignedData", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.35", OidEntry { d: "fwPackageID", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.36", OidEntry { d: "fwTargetHardwareIDs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.37", OidEntry { d: "fwDecryptKeyID", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.38", OidEntry { d: "fwImplCryptAlgs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.39", OidEntry { d: "fwWrappedFirmwareKey", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.40", OidEntry { d: "fwCommunityIdentifiers", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.41", OidEntry { d: "fwPkgMessageDigest", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.42", OidEntry { d: "fwPackageInfo", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.43", OidEntry { d: "fwImplCompressAlgs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.44", OidEntry { d: "etsAttrCertificateRefs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.45", OidEntry { d: "etsAttrRevocationRefs", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.46", OidEntry { d: "binarySigningTime", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.47", OidEntry { d: "signingCertificateV2", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.48", OidEntry { d: "etsArchiveTimeStampV2", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.49", OidEntry { d: "erInternal", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.50", OidEntry { d: "erExternal", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.51", OidEntry { d: "multipleSignatures", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.52", OidEntry { d: "cmsAlgorithmProtect", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.53", OidEntry { d: "setKeyInformation", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.54", OidEntry { d: "asymmDecryptKeyID", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.55", OidEntry { d: "secureHeaderFieldsIdentifier", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.56", OidEntry { d: "otpChallenge", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.57", OidEntry { d: "revocationChallenge", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.2.58", OidEntry { d: "estIdentityLinking", c: "S/MIME Authenticated Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.1", OidEntry { d: "esDHwith3DES", c: "S/MIME Algorithms. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.3.2", OidEntry { d: "esDHwithRC2", c: "S/MIME Algorithms. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.3.3", OidEntry { d: "3desWrap", c: "S/MIME Algorithms. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.3.4", OidEntry { d: "rc2Wrap", c: "S/MIME Algorithms. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.3.5", OidEntry { d: "esDH", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.6", OidEntry { d: "cms3DESwrap", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.7", OidEntry { d: "cmsRC2wrap", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.8", OidEntry { d: "zlib", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.9", OidEntry { d: "pwriKEK", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.10", OidEntry { d: "ssDH", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.11", OidEntry { d: "hmacWith3DESwrap", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.12", OidEntry { d: "hmacWithAESwrap", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.13", OidEntry { d: "md5XorExperiment", c: "S/MIME Algorithms. Experimental", w: true }); - oids.insert("1.2.840.113549.1.9.16.3.14", OidEntry { d: "rsaKEM", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.15", OidEntry { d: "authEnc128", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.16", OidEntry { d: "authEnc256", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.17", OidEntry { d: "hssLmsHashSig", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.18", OidEntry { d: "chaCha20Poly1305", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.19", OidEntry { d: "ecdhHKDF-SHA256", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.20", OidEntry { d: "ecdhHKDF-SHA384", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.21", OidEntry { d: "ecdhHKDF-SHA512", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.22", OidEntry { d: "aesSIV-CMAC-256", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.23", OidEntry { d: "aesSIV-CMAC-384", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.24", OidEntry { d: "aesSIV-CMAC-512", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.25", OidEntry { d: "aesSIV-CMAC-wrap256", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.26", OidEntry { d: "aesSIV-CMAC-wrap384", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.27", OidEntry { d: "aesSIV-CMAC-wrap512", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.28", OidEntry { d: "hkdfWithSha256", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.29", OidEntry { d: "hkdfWithSha384", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.3.30", OidEntry { d: "hkdfWithSha512", c: "S/MIME Algorithms", w: false }); - oids.insert("1.2.840.113549.1.9.16.4.1", OidEntry { d: "certDist-ldap", c: "S/MIME Certificate Distribution", w: false }); - oids.insert("1.2.840.113549.1.9.16.5.1", OidEntry { d: "sigPolicyQualifier-spuri x", c: "S/MIME Signature Policy Qualifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.5.2", OidEntry { d: "sigPolicyQualifier-spUserNotice", c: "S/MIME Signature Policy Qualifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.6.1", OidEntry { d: "proofOfOrigin", c: "S/MIME Commitment Type Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.6.2", OidEntry { d: "proofOfReceipt", c: "S/MIME Commitment Type Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.6.3", OidEntry { d: "proofOfDelivery", c: "S/MIME Commitment Type Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.6.4", OidEntry { d: "proofOfSender", c: "S/MIME Commitment Type Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.6.5", OidEntry { d: "proofOfApproval", c: "S/MIME Commitment Type Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.6.6", OidEntry { d: "proofOfCreation", c: "S/MIME Commitment Type Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.7.1", OidEntry { d: "testAmoco", c: "S/MIMETest Security Policies", w: false }); - oids.insert("1.2.840.113549.1.9.16.7.2", OidEntry { d: "testCaterpillar", c: "S/MIMETest Security Policies", w: false }); - oids.insert("1.2.840.113549.1.9.16.7.3", OidEntry { d: "testWhirlpool", c: "S/MIMETest Security Policies", w: false }); - oids.insert("1.2.840.113549.1.9.16.7.4", OidEntry { d: "testWhirlpoolCategories", c: "S/MIMETest Security Policies", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.1", OidEntry { d: "glUseKEK", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.2", OidEntry { d: "glDelete", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.3", OidEntry { d: "glAddMember", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.4", OidEntry { d: "glDeleteMember", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.5", OidEntry { d: "glRekey", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.6", OidEntry { d: "glAddOwner", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.7", OidEntry { d: "glRemoveOwner", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.8", OidEntry { d: "glkCompromise", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.9", OidEntry { d: "glkRefresh", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.10", OidEntry { d: "glFailInfo", c: "S/MIME Symmetric Key Distribution Attributes. Obsolete", w: true }); - oids.insert("1.2.840.113549.1.9.16.8.11", OidEntry { d: "glaQueryRequest", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.12", OidEntry { d: "glaQueryResponse", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.13", OidEntry { d: "glProvideCert", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.14", OidEntry { d: "glUpdateCert", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.8.15", OidEntry { d: "glKey", c: "S/MIME Symmetric Key Distribution Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.9", OidEntry { d: "signatureTypeIdentifier", c: "S/MIME", w: false }); - oids.insert("1.2.840.113549.1.9.16.9.1", OidEntry { d: "originatorSig", c: "S/MIME Signature Type Identifier", w: false }); - oids.insert("1.2.840.113549.1.9.16.9.2", OidEntry { d: "domainSig", c: "S/MIME Signature Type Identifier", w: false }); - oids.insert("1.2.840.113549.1.9.16.9.3", OidEntry { d: "additionalAttributesSig", c: "S/MIME Signature Type Identifier", w: false }); - oids.insert("1.2.840.113549.1.9.16.9.4", OidEntry { d: "reviewSig", c: "S/MIME Signature Type Identifier", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.1", OidEntry { d: "envelopedData", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.2", OidEntry { d: "signedData", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.3", OidEntry { d: "certsOnly", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.4", OidEntry { d: "signedReceipt", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.5", OidEntry { d: "envelopedX400", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.6", OidEntry { d: "signedX400", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.10.7", OidEntry { d: "compressedData", c: "S/MIME X.400 Encoded Information Types", w: false }); - oids.insert("1.2.840.113549.1.9.16.11", OidEntry { d: "capabilities", c: "S/MIME", w: false }); - oids.insert("1.2.840.113549.1.9.16.11.1", OidEntry { d: "preferBinaryInside", c: "S/MIME Capability", w: false }); - oids.insert("1.2.840.113549.1.9.16.12", OidEntry { d: "pskcAttributes", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.1", OidEntry { d: "pskcManufacturer", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.2", OidEntry { d: "pskcSerialNo", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.3", OidEntry { d: "pskcModel", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.4", OidEntry { d: "pskcIssueno", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.5", OidEntry { d: "pskcDevicebinding", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.6", OidEntry { d: "pskcDevicestartdate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.7", OidEntry { d: "pskcDeviceexpirydate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.8", OidEntry { d: "pskcModuleid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.9", OidEntry { d: "pskcKeyid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.10", OidEntry { d: "pskcAlgorithm", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.11", OidEntry { d: "pskcIssuer", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.12", OidEntry { d: "pskcKeyprofileid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.13", OidEntry { d: "pskcKeyreference", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.14", OidEntry { d: "pskcFriendlyname", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.15", OidEntry { d: "pskcAlgorithmparams", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.16", OidEntry { d: "pskcCounter", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.17", OidEntry { d: "pskcTime", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.18", OidEntry { d: "pskcTimeinterval", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.19", OidEntry { d: "pskcTimedrift", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.20", OidEntry { d: "pskcValuemac", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.21", OidEntry { d: "pskcKeystartdate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.22", OidEntry { d: "pskcKeyexpirydate", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.23", OidEntry { d: "pskcNooftransactions", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.24", OidEntry { d: "pskcKeyusages", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.25", OidEntry { d: "pskcPinpolicy", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.26", OidEntry { d: "pskcDeviceuserid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.12.27", OidEntry { d: "pskcKeyuserid", c: "S/MIME Portable Symmetric Key Container Attributes", w: false }); - oids.insert("1.2.840.113549.1.9.16.13", OidEntry { d: "otherRecipientInfoIds", c: "S/MIME Other Recipient Info Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.13.1", OidEntry { d: "keyTransPSK", c: "S/MIME Other Recipient Info Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.16.13.2", OidEntry { d: "keyAgreePSK", c: "S/MIME Other Recipient Info Identifiers", w: false }); - oids.insert("1.2.840.113549.1.9.20", OidEntry { d: "friendlyName (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.21", OidEntry { d: "localKeyID (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.22", OidEntry { d: "certTypes (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.22.1", OidEntry { d: "x509Certificate (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.22.2", OidEntry { d: "sdsiCertificate (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.23", OidEntry { d: "crlTypes (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.23.1", OidEntry { d: "x509Crl (for PKCS #12)", c: "PKCS #9 via PKCS #12", w: false }); - oids.insert("1.2.840.113549.1.9.24", OidEntry { d: "pkcs9objectClass", c: "PKCS #9/RFC 2985", w: false }); - oids.insert("1.2.840.113549.1.9.25", OidEntry { d: "pkcs9attributes", c: "PKCS #9/RFC 2985", w: false }); - oids.insert("1.2.840.113549.1.9.25.1", OidEntry { d: "pkcs15Token", c: "PKCS #9/RFC 2985 attribute", w: false }); - oids.insert("1.2.840.113549.1.9.25.2", OidEntry { d: "encryptedPrivateKeyInfo", c: "PKCS #9/RFC 2985 attribute", w: false }); - oids.insert("1.2.840.113549.1.9.25.3", OidEntry { d: "randomNonce", c: "PKCS #9/RFC 2985 attribute", w: false }); - oids.insert("1.2.840.113549.1.9.25.4", OidEntry { d: "sequenceNumber", c: "PKCS #9/RFC 2985 attribute", w: false }); - oids.insert("1.2.840.113549.1.9.25.5", OidEntry { d: "pkcs7PDU", c: "PKCS #9/RFC 2985 attribute", w: false }); - oids.insert("1.2.840.113549.1.9.26", OidEntry { d: "pkcs9syntax", c: "PKCS #9/RFC 2985", w: false }); - oids.insert("1.2.840.113549.1.9.27", OidEntry { d: "pkcs9matchingRules", c: "PKCS #9/RFC 2985", w: false }); - oids.insert("1.2.840.113549.1.9.52", OidEntry { d: "cmsAlgorithmProtection", c: "RFC 6211", w: false }); - oids.insert("1.2.840.113549.1.12", OidEntry { d: "pkcs-12", c: "", w: false }); - oids.insert("1.2.840.113549.1.12.1", OidEntry { d: "pkcs-12-PbeIds", c: "This OID was formerly assigned as PKCS #12 modeID", w: false }); - oids.insert("1.2.840.113549.1.12.1.1", OidEntry { d: "pbeWithSHAAnd128BitRC4", c: "PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OfflineTransportMode", w: false }); - oids.insert("1.2.840.113549.1.12.1.2", OidEntry { d: "pbeWithSHAAnd40BitRC4", c: "PKCS #12 PbeIds. This OID was formerly assigned as pkcs-12-OnlineTransportMode", w: false }); - oids.insert("1.2.840.113549.1.12.1.3", OidEntry { d: "pbeWithSHAAnd3-KeyTripleDES-CBC", c: "PKCS #12 PbeIds", w: false }); - oids.insert("1.2.840.113549.1.12.1.4", OidEntry { d: "pbeWithSHAAnd2-KeyTripleDES-CBC", c: "PKCS #12 PbeIds", w: false }); - oids.insert("1.2.840.113549.1.12.1.5", OidEntry { d: "pbeWithSHAAnd128BitRC2-CBC", c: "PKCS #12 PbeIds", w: false }); - oids.insert("1.2.840.113549.1.12.1.6", OidEntry { d: "pbeWithSHAAnd40BitRC2-CBC", c: "PKCS #12 PbeIds", w: false }); - oids.insert("1.2.840.113549.1.12.2", OidEntry { d: "pkcs-12-ESPVKID", c: "Deprecated", w: true }); - oids.insert("1.2.840.113549.1.12.2.1", OidEntry { d: "pkcs-12-PKCS8KeyShrouding", c: "PKCS #12 ESPVKID. Deprecated, use (1 2 840 113549 1 12 3 5) instead", w: true }); - oids.insert("1.2.840.113549.1.12.3", OidEntry { d: "pkcs-12-BagIds", c: "", w: false }); - oids.insert("1.2.840.113549.1.12.3.1", OidEntry { d: "pkcs-12-keyBagId", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.3.2", OidEntry { d: "pkcs-12-certAndCRLBagId", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.3.3", OidEntry { d: "pkcs-12-secretBagId", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.3.4", OidEntry { d: "pkcs-12-safeContentsId", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.3.5", OidEntry { d: "pkcs-12-pkcs-8ShroudedKeyBagId", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.4", OidEntry { d: "pkcs-12-CertBagID", c: "Deprecated", w: true }); - oids.insert("1.2.840.113549.1.12.4.1", OidEntry { d: "pkcs-12-X509CertCRLBagID", c: "PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-X509CertCRLBag", w: false }); - oids.insert("1.2.840.113549.1.12.4.2", OidEntry { d: "pkcs-12-SDSICertBagID", c: "PKCS #12 CertBagID. This OID was formerly assigned as pkcs-12-SDSICertBag", w: false }); - oids.insert("1.2.840.113549.1.12.5", OidEntry { d: "pkcs-12-OID", c: "", w: true }); - oids.insert("1.2.840.113549.1.12.5.1", OidEntry { d: "pkcs-12-PBEID", c: "PKCS #12 OID. Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.1", OidEntry { d: "pkcs-12-PBEWithSha1And128BitRC4", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 1) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.2", OidEntry { d: "pkcs-12-PBEWithSha1And40BitRC4", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 2) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.3", OidEntry { d: "pkcs-12-PBEWithSha1AndTripleDESCBC", c: "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.4", OidEntry { d: "pkcs-12-PBEWithSha1And128BitRC2CBC", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 5) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.5", OidEntry { d: "pkcs-12-PBEWithSha1And40BitRC2CBC", c: "PKCS #12 OID PBEID. Deprecated, use (1 2 840 113549 1 12 1 6) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.6", OidEntry { d: "pkcs-12-PBEWithSha1AndRC4", c: "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.1.7", OidEntry { d: "pkcs-12-PBEWithSha1AndRC2CBC", c: "PKCS #12 OID PBEID. Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.2", OidEntry { d: "pkcs-12-EnvelopingID", c: "PKCS #12 OID. Deprecated, use the conventional PKCS #1 OIDs instead", w: false }); - oids.insert("1.2.840.113549.1.12.5.2.1", OidEntry { d: "pkcs-12-RSAEncryptionWith128BitRC4", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.2.2", OidEntry { d: "pkcs-12-RSAEncryptionWith40BitRC4", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.2.3", OidEntry { d: "pkcs-12-RSAEncryptionWithTripleDES", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.3", OidEntry { d: "pkcs-12-SignatureID", c: "PKCS #12 OID EnvelopingID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); - oids.insert("1.2.840.113549.1.12.5.3.1", OidEntry { d: "pkcs-12-RSASignatureWithSHA1Digest", c: "PKCS #12 OID SignatureID. Deprecated, use the conventional PKCS #1 OIDs instead", w: true }); - oids.insert("1.2.840.113549.1.12.10", OidEntry { d: "pkcs-12Version1", c: "", w: false }); - oids.insert("1.2.840.113549.1.12.10.1", OidEntry { d: "pkcs-12BadIds", c: "", w: false }); - oids.insert("1.2.840.113549.1.12.10.1.1", OidEntry { d: "pkcs-12-keyBag", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.10.1.2", OidEntry { d: "pkcs-12-pkcs-8ShroudedKeyBag", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.10.1.3", OidEntry { d: "pkcs-12-certBag", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.10.1.4", OidEntry { d: "pkcs-12-crlBag", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.10.1.5", OidEntry { d: "pkcs-12-secretBag", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.12.10.1.6", OidEntry { d: "pkcs-12-safeContentsBag", c: "PKCS #12 BagIds", w: false }); - oids.insert("1.2.840.113549.1.15.1", OidEntry { d: "pkcs15modules", c: "PKCS #15", w: false }); - oids.insert("1.2.840.113549.1.15.2", OidEntry { d: "pkcs15attributes", c: "PKCS #15", w: false }); - oids.insert("1.2.840.113549.1.15.3", OidEntry { d: "pkcs15contentType", c: "PKCS #15", w: false }); - oids.insert("1.2.840.113549.1.15.3.1", OidEntry { d: "pkcs15content", c: "PKCS #15 content type", w: false }); - oids.insert("1.2.840.113549.2", OidEntry { d: "digestAlgorithm", c: "", w: false }); - oids.insert("1.2.840.113549.2.2", OidEntry { d: "md2", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.4", OidEntry { d: "md4", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.5", OidEntry { d: "md5", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.7", OidEntry { d: "hmacWithSHA1", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.8", OidEntry { d: "hmacWithSHA224", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.9", OidEntry { d: "hmacWithSHA256", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.10", OidEntry { d: "hmacWithSHA384", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.2.11", OidEntry { d: "hmacWithSHA512", c: "RSADSI digestAlgorithm", w: false }); - oids.insert("1.2.840.113549.3", OidEntry { d: "encryptionAlgorithm", c: "", w: false }); - oids.insert("1.2.840.113549.3.2", OidEntry { d: "rc2CBC", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.3", OidEntry { d: "rc2ECB", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.4", OidEntry { d: "rc4", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.5", OidEntry { d: "rc4WithMAC", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.6", OidEntry { d: "desx-CBC", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.7", OidEntry { d: "des-EDE3-CBC", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.8", OidEntry { d: "rc5CBC", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.9", OidEntry { d: "rc5-CBCPad", c: "RSADSI encryptionAlgorithm", w: false }); - oids.insert("1.2.840.113549.3.10", OidEntry { d: "desCDMF", c: "RSADSI encryptionAlgorithm. Formerly called CDMFCBCPad", w: false }); - oids.insert("1.2.840.114021.1.6.1", OidEntry { d: "Identrus unknown policyIdentifier", c: "Identrus", w: false }); - oids.insert("1.2.840.114021.4.1", OidEntry { d: "identrusOCSP", c: "Identrus", w: false }); - oids.insert("1.2.840.113556.1.2.241", OidEntry { d: "deliveryMechanism", c: "Microsoft Exchange Server - attribute", w: false }); - oids.insert("1.2.840.113556.1.2.281", OidEntry { d: "ntSecurityDescriptor", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.3.0", OidEntry { d: "site-Addressing", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.3.13", OidEntry { d: "classSchema", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.3.14", OidEntry { d: "attributeSchema", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.3.17", OidEntry { d: "mailbox-Agent", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.3.22", OidEntry { d: "mailbox", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.3.23", OidEntry { d: "container", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.3.46", OidEntry { d: "mailRecipient", c: "Microsoft Exchange Server - object class", w: false }); - oids.insert("1.2.840.113556.1.4.145", OidEntry { d: "revision", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1327", OidEntry { d: "pKIDefaultKeySpec", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1328", OidEntry { d: "pKIKeyUsage", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1329", OidEntry { d: "pKIMaxIssuingDepth", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1330", OidEntry { d: "pKICriticalExtensions", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1331", OidEntry { d: "pKIExpirationPeriod", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1332", OidEntry { d: "pKIOverlapPeriod", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1333", OidEntry { d: "pKIExtendedKeyUsage", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1334", OidEntry { d: "pKIDefaultCSPs", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1335", OidEntry { d: "pKIEnrollmentAccess", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1429", OidEntry { d: "msPKI-RA-Signature", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1430", OidEntry { d: "msPKI-Enrollment-Flag", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1431", OidEntry { d: "msPKI-Private-Key-Flag", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1432", OidEntry { d: "msPKI-Certificate-Name-Flag", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1433", OidEntry { d: "msPKI-Minimal-Key-Size", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1434", OidEntry { d: "msPKI-Template-Schema-Version", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1435", OidEntry { d: "msPKI-Template-Minor-Revision", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1436", OidEntry { d: "msPKI-Cert-Template-OID", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1437", OidEntry { d: "msPKI-Supersede-Templates", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1438", OidEntry { d: "msPKI-RA-Policies", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1439", OidEntry { d: "msPKI-Certificate-Policy", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1674", OidEntry { d: "msPKI-Certificate-Application-Policy", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.1.4.1675", OidEntry { d: "msPKI-RA-Application-Policies", c: "Microsoft Cert Template - attribute", w: false }); - oids.insert("1.2.840.113556.4.3", OidEntry { d: "microsoftExcel", c: "Microsoft", w: false }); - oids.insert("1.2.840.113556.4.4", OidEntry { d: "titledWithOID", c: "Microsoft", w: false }); - oids.insert("1.2.840.113556.4.5", OidEntry { d: "microsoftPowerPoint", c: "Microsoft", w: false }); - oids.insert("1.2.840.113583.1", OidEntry { d: "adobeAcrobat", c: "Adobe Acrobat", w: false }); - oids.insert("1.2.840.113583.1.1", OidEntry { d: "acrobatSecurity", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.1", OidEntry { d: "pdfPassword", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.2", OidEntry { d: "pdfDefaultSigningCredential", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.3", OidEntry { d: "pdfDefaultEncryptionCredential", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.4", OidEntry { d: "pdfPasswordTimeout", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.5", OidEntry { d: "pdfAuthenticDocumentsTrust", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.6", OidEntry { d: "pdfDynamicContentTrust", c: "Adobe Acrobat security", w: true }); - oids.insert("1.2.840.113583.1.1.7", OidEntry { d: "pdfUbiquityTrust", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.8", OidEntry { d: "pdfRevocationInfoArchival", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.9", OidEntry { d: "pdfX509Extension", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.9.1", OidEntry { d: "pdfTimeStamp", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.9.2", OidEntry { d: "pdfArchiveRevInfo", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.1.10", OidEntry { d: "pdfPPLKLiteCredential", c: "Adobe Acrobat security", w: false }); - oids.insert("1.2.840.113583.1.2", OidEntry { d: "acrobatCPS", c: "Adobe Acrobat CPS", w: false }); - oids.insert("1.2.840.113583.1.2.1", OidEntry { d: "pdfAuthenticDocumentsCPS", c: "Adobe Acrobat CPS", w: false }); - oids.insert("1.2.840.113583.1.2.2", OidEntry { d: "pdfTestCPS", c: "Adobe Acrobat CPS", w: false }); - oids.insert("1.2.840.113583.1.2.3", OidEntry { d: "pdfUbiquityCPS", c: "Adobe Acrobat CPS", w: false }); - oids.insert("1.2.840.113583.1.2.4", OidEntry { d: "pdfAdhocCPS", c: "Adobe Acrobat CPS", w: false }); - oids.insert("1.2.840.113583.1.7", OidEntry { d: "acrobatUbiquity", c: "Adobe Acrobat ubiquity", w: false }); - oids.insert("1.2.840.113583.1.7.1", OidEntry { d: "pdfUbiquitySubRights", c: "Adobe Acrobat ubiquity", w: false }); - oids.insert("1.2.840.113583.1.9", OidEntry { d: "acrobatExtension", c: "Adobe Acrobat X.509 extension", w: false }); - oids.insert("1.2.840.113628.114.1.7", OidEntry { d: "adobePKCS7", c: "Adobe", w: false }); - oids.insert("1.2.840.113635.100", OidEntry { d: "appleDataSecurity", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.1", OidEntry { d: "appleTrustPolicy", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.1.1", OidEntry { d: "appleISignTP", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.2", OidEntry { d: "appleX509Basic", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.3", OidEntry { d: "appleSSLPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.4", OidEntry { d: "appleLocalCertGenPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.5", OidEntry { d: "appleCSRGenPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.6", OidEntry { d: "appleCRLPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.7", OidEntry { d: "appleOCSPPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.8", OidEntry { d: "appleSMIMEPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.9", OidEntry { d: "appleEAPPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.10", OidEntry { d: "appleSWUpdateSigningPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.11", OidEntry { d: "appleIPSecPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.12", OidEntry { d: "appleIChatPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.13", OidEntry { d: "appleResourceSignPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.14", OidEntry { d: "applePKINITClientPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.15", OidEntry { d: "applePKINITServerPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.16", OidEntry { d: "appleCodeSigningPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.1.17", OidEntry { d: "applePackageSigningPolicy", c: "Apple trust policy", w: false }); - oids.insert("1.2.840.113635.100.2", OidEntry { d: "appleSecurityAlgorithm", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.2.1", OidEntry { d: "appleFEE", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.2.2", OidEntry { d: "appleASC", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.2.3", OidEntry { d: "appleFEE_MD5", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.2.4", OidEntry { d: "appleFEE_SHA1", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.2.5", OidEntry { d: "appleFEED", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.2.6", OidEntry { d: "appleFEEDEXP", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.2.7", OidEntry { d: "appleECDSA", c: "Apple security algorithm", w: false }); - oids.insert("1.2.840.113635.100.3", OidEntry { d: "appleDotMacCertificate", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.3.1", OidEntry { d: "appleDotMacCertificateRequest", c: "Apple dotMac certificate", w: false }); - oids.insert("1.2.840.113635.100.3.2", OidEntry { d: "appleDotMacCertificateExtension", c: "Apple dotMac certificate", w: false }); - oids.insert("1.2.840.113635.100.3.3", OidEntry { d: "appleDotMacCertificateRequestValues", c: "Apple dotMac certificate", w: false }); - oids.insert("1.2.840.113635.100.4", OidEntry { d: "appleExtendedKeyUsage", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.4.1", OidEntry { d: "appleCodeSigning", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.1.1", OidEntry { d: "appleCodeSigningDevelopment", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.1.2", OidEntry { d: "appleSoftwareUpdateSigning", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.1.3", OidEntry { d: "appleCodeSigningThirdParty", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.1.4", OidEntry { d: "appleResourceSigning", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.2", OidEntry { d: "appleIChatSigning", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.3", OidEntry { d: "appleIChatEncryption", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.4", OidEntry { d: "appleSystemIdentity", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.5", OidEntry { d: "appleCryptoEnv", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.5.1", OidEntry { d: "appleCryptoProductionEnv", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.5.2", OidEntry { d: "appleCryptoMaintenanceEnv", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.5.3", OidEntry { d: "appleCryptoTestEnv", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.5.4", OidEntry { d: "appleCryptoDevelopmentEnv", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.6", OidEntry { d: "appleCryptoQoS", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.6.1", OidEntry { d: "appleCryptoTier0QoS", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.6.2", OidEntry { d: "appleCryptoTier1QoS", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.6.3", OidEntry { d: "appleCryptoTier2QoS", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.4.6.4", OidEntry { d: "appleCryptoTier3QoS", c: "Apple extended key usage", w: false }); - oids.insert("1.2.840.113635.100.5", OidEntry { d: "appleCertificatePolicies", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.5.1", OidEntry { d: "appleCertificatePolicyID", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.5.2", OidEntry { d: "appleDotMacCertificatePolicyID", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.5.3", OidEntry { d: "appleADCCertificatePolicyID", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.6", OidEntry { d: "appleCertificateExtensions", c: "Apple", w: false }); - oids.insert("1.2.840.113635.100.6.1", OidEntry { d: "appleCertificateExtensionCodeSigning", c: "Apple certificate extension", w: false }); - oids.insert("1.2.840.113635.100.6.1.1", OidEntry { d: "appleCertificateExtensionAppleSigning", c: "Apple certificate extension", w: false }); - oids.insert("1.2.840.113635.100.6.1.2", OidEntry { d: "appleCertificateExtensionADCDeveloperSigning", c: "Apple certificate extension", w: false }); - oids.insert("1.2.840.113635.100.6.1.3", OidEntry { d: "appleCertificateExtensionADCAppleSigning", c: "Apple certificate extension", w: false }); - oids.insert("1.2.840.113635.100.15.1", OidEntry { d: "appleCustomCertificateExtension1", c: "Apple custom certificate extension", w: false }); - oids.insert("1.2.840.113635.100.15.2", OidEntry { d: "appleCustomCertificateExtension2", c: "Apple custom certificate extension", w: false }); - oids.insert("1.2.840.113635.100.15.3", OidEntry { d: "appleCustomCertificateExtension3", c: "Apple custom certificate extension", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.4", OidEntry { d: "spcIndirectDataContext", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.10", OidEntry { d: "spcAgencyInfo", c: "Microsoft code signing. Also assigned as policyLink", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.11", OidEntry { d: "spcStatementType", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.12", OidEntry { d: "spcSpOpusInfo", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.14", OidEntry { d: "certReqExtensions", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.15", OidEntry { d: "spcPEImageData", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.18", OidEntry { d: "spcRawFileData", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.19", OidEntry { d: "spcStructuredStorageData", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.20", OidEntry { d: "spcJavaClassData (type 1)", c: "Microsoft code signing. Formerly link extension aka glue extension ", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.21", OidEntry { d: "individualCodeSigning", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.22", OidEntry { d: "commercialCodeSigning", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.25", OidEntry { d: "spcLink (type 2)", c: "Microsoft code signing. Also assigned as glue extension", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.26", OidEntry { d: "spcMinimalCriteriaInfo", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.27", OidEntry { d: "spcFinancialCriteriaInfo", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.28", OidEntry { d: "spcLink (type 3)", c: "Microsoft code signing. Also assigned as glue extension", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.29", OidEntry { d: "spcHashInfoObjID", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.1.30", OidEntry { d: "spcSipInfoObjID", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.2.2", OidEntry { d: "ctl", c: "Microsoft CTL", w: false }); - oids.insert("1.3.6.1.4.1.311.2.2.1", OidEntry { d: "ctlTrustedCodesigningCAList", c: "Microsoft CTL", w: false }); - oids.insert("1.3.6.1.4.1.311.2.2.2", OidEntry { d: "ctlTrustedClientAuthCAList", c: "Microsoft CTL", w: false }); - oids.insert("1.3.6.1.4.1.311.2.2.3", OidEntry { d: "ctlTrustedServerAuthCAList", c: "Microsoft CTL", w: false }); - oids.insert("1.3.6.1.4.1.311.3.2.1", OidEntry { d: "timestampRequest", c: "Microsoft code signing", w: false }); - oids.insert("1.3.6.1.4.1.311.10.1", OidEntry { d: "certTrustList", c: "Microsoft contentType", w: false }); - oids.insert("1.3.6.1.4.1.311.10.1.1", OidEntry { d: "sortedCtl", c: "Microsoft contentType", w: false }); - oids.insert("1.3.6.1.4.1.311.10.2", OidEntry { d: "nextUpdateLocation", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.1", OidEntry { d: "certTrustListSigning", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.2", OidEntry { d: "timeStampSigning", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.3", OidEntry { d: "serverGatedCrypto", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.3.1", OidEntry { d: "serialized", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.4", OidEntry { d: "encryptedFileSystem", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.5", OidEntry { d: "whqlCrypto", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.6", OidEntry { d: "nt5Crypto", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.7", OidEntry { d: "oemWHQLCrypto", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.8", OidEntry { d: "embeddedNTCrypto", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.9", OidEntry { d: "rootListSigner", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.10", OidEntry { d: "qualifiedSubordination", c: "Microsoft extended 3key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.11", OidEntry { d: "keyRecovery", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.12", OidEntry { d: "documentSigning", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.13", OidEntry { d: "lifetimeSigning", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.14", OidEntry { d: "mobileDeviceSoftware", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.15", OidEntry { d: "smartDisplay", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.16", OidEntry { d: "cspSignature", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.3.4.1", OidEntry { d: "efsRecovery", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.4.1", OidEntry { d: "yesnoTrustAttr", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.10.5.1", OidEntry { d: "drm", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.5.2", OidEntry { d: "drmIndividualization", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.6.1", OidEntry { d: "licenses", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.6.2", OidEntry { d: "licenseServer", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.10.7.1", OidEntry { d: "keyidRdn", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.10.8.1", OidEntry { d: "removeCertificate", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.10.9.1", OidEntry { d: "crossCertDistPoints", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.10.10.1", OidEntry { d: "cmcAddAttributes", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.11", OidEntry { d: "certPropIdPrefix", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.11.4", OidEntry { d: "certMd5HashPropId", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.11.20", OidEntry { d: "certKeyIdentifierPropId", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.11.28", OidEntry { d: "certIssuerSerialNumberMd5HashPropId", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.11.29", OidEntry { d: "certSubjectNameMd5HashPropId", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.10.12.1", OidEntry { d: "anyApplicationPolicy", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.12", OidEntry { d: "catalog", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.12.1.1", OidEntry { d: "catalogList", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.12.1.2", OidEntry { d: "catalogListMember", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.12.2.1", OidEntry { d: "catalogNameValueObjID", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.12.2.2", OidEntry { d: "catalogMemberInfoObjID", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.13.1", OidEntry { d: "renewalCertificate", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.13.2.1", OidEntry { d: "enrolmentNameValuePair", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.13.2.2", OidEntry { d: "enrolmentCSP", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.13.2.3", OidEntry { d: "osVersion", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.16.4", OidEntry { d: "microsoftRecipientInfo", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.17.1", OidEntry { d: "pkcs12KeyProviderNameAttr", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.17.2", OidEntry { d: "localMachineKeyset", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.17.3", OidEntry { d: "pkcs12ExtendedAttributes", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.20.1", OidEntry { d: "autoEnrollCtlUsage", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.20.2", OidEntry { d: "enrollCerttypeExtension", c: "Microsoft CAPICOM certificate template, V1", w: false }); - oids.insert("1.3.6.1.4.1.311.20.2.1", OidEntry { d: "enrollmentAgent", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.20.2.2", OidEntry { d: "smartcardLogon", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.20.2.3", OidEntry { d: "userPrincipalName", c: "Microsoft UPN", w: false }); - oids.insert("1.3.6.1.4.1.311.20.3", OidEntry { d: "certManifold", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.1", OidEntry { d: "cAKeyCertIndexPair", c: "Microsoft attribute. Also assigned as certsrvCaVersion", w: false }); - oids.insert("1.3.6.1.4.1.311.21.2", OidEntry { d: "certSrvPreviousCertHash", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.3", OidEntry { d: "crlVirtualBase", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.4", OidEntry { d: "crlNextPublish", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.5", OidEntry { d: "caExchange", c: "Microsoft extended key usage", w: true }); - oids.insert("1.3.6.1.4.1.311.21.6", OidEntry { d: "keyRecovery", c: "Microsoft extended key usage", w: true }); - oids.insert("1.3.6.1.4.1.311.21.7", OidEntry { d: "certificateTemplate", c: "Microsoft CAPICOM certificate template, V2", w: false }); - oids.insert("1.3.6.1.4.1.311.21.9", OidEntry { d: "rdnDummySigner", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.10", OidEntry { d: "applicationCertPolicies", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.11", OidEntry { d: "applicationPolicyMappings", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.12", OidEntry { d: "applicationPolicyConstraints", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.13", OidEntry { d: "archivedKey", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.21.14", OidEntry { d: "crlSelfCDP", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.15", OidEntry { d: "requireCertChainPolicy", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.16", OidEntry { d: "archivedKeyCertHash", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.17", OidEntry { d: "issuedCertHash", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.19", OidEntry { d: "dsEmailReplication", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.21.20", OidEntry { d: "requestClientInfo", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.21.21", OidEntry { d: "encryptedKeyHash", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.21.22", OidEntry { d: "certsrvCrossCaVersion", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.25.1", OidEntry { d: "ntdsReplication", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.25.2", OidEntry { d: "ntdsCASecurityExt", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.25.2.1", OidEntry { d: "ntdsObjectSID", c: "Microsoft", w: false }); - oids.insert("1.3.6.1.4.1.311.31.1", OidEntry { d: "productUpdate", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.47.1.1", OidEntry { d: "systemHealth", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.47.1.3", OidEntry { d: "systemHealthLoophole", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.60.1.1", OidEntry { d: "rootProgramFlags", c: "Microsoft policy attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.61.1.1", OidEntry { d: "kernelModeCodeSigning", c: "Microsoft extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.311.60.2.1.1", OidEntry { d: "jurisdictionOfIncorporationL", c: "Microsoft (???)", w: false }); - oids.insert("1.3.6.1.4.1.311.60.2.1.2", OidEntry { d: "jurisdictionOfIncorporationSP", c: "Microsoft (???)", w: false }); - oids.insert("1.3.6.1.4.1.311.60.2.1.3", OidEntry { d: "jurisdictionOfIncorporationC", c: "Microsoft (???)", w: false }); - oids.insert("1.3.6.1.4.1.311.76.509.1.1", OidEntry { d: "microsoftCPS", c: "Microsoft PKI services", w: false }); - oids.insert("1.3.6.1.4.1.311.88", OidEntry { d: "capiCom", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.88.1", OidEntry { d: "capiComVersion", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.88.2", OidEntry { d: "capiComAttribute", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.88.2.1", OidEntry { d: "capiComDocumentName", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.88.2.2", OidEntry { d: "capiComDocumentDescription", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.88.3", OidEntry { d: "capiComEncryptedData", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.311.88.3.1", OidEntry { d: "capiComEncryptedContent", c: "Microsoft attribute", w: false }); - oids.insert("1.3.6.1.4.1.188.7.1.1", OidEntry { d: "ascom", c: "Ascom Systech", w: false }); - oids.insert("1.3.6.1.4.1.188.7.1.1.1", OidEntry { d: "ideaECB", c: "Ascom Systech", w: false }); - oids.insert("1.3.6.1.4.1.188.7.1.1.2", OidEntry { d: "ideaCBC", c: "Ascom Systech", w: false }); - oids.insert("1.3.6.1.4.1.188.7.1.1.3", OidEntry { d: "ideaCFB", c: "Ascom Systech", w: false }); - oids.insert("1.3.6.1.4.1.188.7.1.1.4", OidEntry { d: "ideaOFB", c: "Ascom Systech", w: false }); - oids.insert("1.3.6.1.4.1.2363.3.2", OidEntry { d: "euroControlUntrustedEA", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2363.4.3", OidEntry { d: "euroControlEARootCA", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2363.4.3.1", OidEntry { d: "euroControlEABridgeCA", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2363.4.3.1.1", OidEntry { d: "euroControlEAIssuingCA", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2363.4.3.1.1.1", OidEntry { d: "euroControlEAClientCertificate", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2363.4.3.1.1.2", OidEntry { d: "euroControlEAServerCertificate", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2363.4.3.1.1.3", OidEntry { d: "euroControlEASWIMSigningCertificate", c: "Eurocontrol certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.2428.10.1.1", OidEntry { d: "UNINETT policyIdentifier", c: "UNINETT PCA", w: false }); - oids.insert("1.3.6.1.4.1.2712.10", OidEntry { d: "ICE-TEL policyIdentifier", c: "ICE-TEL CA", w: false }); - oids.insert("1.3.6.1.4.1.2786.1.1.1", OidEntry { d: "ICE-TEL Italian policyIdentifier", c: "ICE-TEL CA policy", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.1.1", OidEntry { d: "blowfishECB", c: "cryptlib encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.1.2", OidEntry { d: "blowfishCBC", c: "cryptlib encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.1.3", OidEntry { d: "blowfishCFB", c: "cryptlib encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.1.4", OidEntry { d: "blowfishOFB", c: "cryptlib encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.2.1", OidEntry { d: "elgamal", c: "cryptlib public-key algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.2.1.1", OidEntry { d: "elgamalWithSHA-1", c: "cryptlib public-key algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.1.2.1.2", OidEntry { d: "elgamalWithRIPEMD-160", c: "cryptlib public-key algorithm", w: false }); - oids.insert("1.3.6.1.4.1.3029.3.1.1", OidEntry { d: "cryptlibPresenceCheck", c: "cryptlib attribute type", w: false }); - oids.insert("1.3.6.1.4.1.3029.3.1.2", OidEntry { d: "pkiBoot", c: "cryptlib attribute type", w: false }); - oids.insert("1.3.6.1.4.1.3029.3.1.4", OidEntry { d: "crlExtReason", c: "cryptlib attribute type", w: false }); - oids.insert("1.3.6.1.4.1.3029.3.1.5", OidEntry { d: "keyFeatures", c: "cryptlib attribute type", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1", OidEntry { d: "cryptlibContent", c: "cryptlib", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1.1", OidEntry { d: "cryptlibConfigData", c: "cryptlib content type", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1.2", OidEntry { d: "cryptlibUserIndex", c: "cryptlib content type", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1.3", OidEntry { d: "cryptlibUserInfo", c: "cryptlib content type", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1.4", OidEntry { d: "rtcsRequest", c: "cryptlib content type", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1.5", OidEntry { d: "rtcsResponse", c: "cryptlib content type", w: false }); - oids.insert("1.3.6.1.4.1.3029.4.1.6", OidEntry { d: "rtcsResponseExt", c: "cryptlib content type", w: false }); - oids.insert("1.3.6.1.4.1.3029.42.11172.1", OidEntry { d: "mpeg-1", c: "cryptlib special MPEG-of-cat OID", w: false }); - oids.insert("1.3.6.1.4.1.3029.54.11940.54", OidEntry { d: "TSA policy Anything that arrives, we sign", c: "cryptlib TSA policy", w: false }); - oids.insert("1.3.6.1.4.1.3029.88.89.90.90.89", OidEntry { d: "xYZZY policyIdentifier", c: "cryptlib certificate policy", w: false }); - oids.insert("1.3.6.1.4.1.3401.8.1.1", OidEntry { d: "pgpExtension", c: "PGP key information", w: false }); - oids.insert("1.3.6.1.4.1.3576.7", OidEntry { d: "eciaAscX12Edi", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.7.1", OidEntry { d: "plainEDImessage", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.7.2", OidEntry { d: "signedEDImessage", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.7.5", OidEntry { d: "integrityEDImessage", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.7.65", OidEntry { d: "iaReceiptMessage", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.7.97", OidEntry { d: "iaStatusMessage", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.8", OidEntry { d: "eciaEdifact", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.3576.9", OidEntry { d: "eciaNonEdi", c: "TMN EDI for Interactive Agents", w: false }); - oids.insert("1.3.6.1.4.1.4146", OidEntry { d: "Globalsign", c: "Globalsign", w: false }); - oids.insert("1.3.6.1.4.1.4146.1", OidEntry { d: "globalsignPolicy", c: "Globalsign", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.10", OidEntry { d: "globalsignDVPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.20", OidEntry { d: "globalsignOVPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.30", OidEntry { d: "globalsignTSAPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.40", OidEntry { d: "globalsignClientCertPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.50", OidEntry { d: "globalsignCodeSignPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.60", OidEntry { d: "globalsignRootSignPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.70", OidEntry { d: "globalsignTrustedRootPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.80", OidEntry { d: "globalsignEDIClientPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.81", OidEntry { d: "globalsignEDIServerPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.90", OidEntry { d: "globalsignTPMRootPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.95", OidEntry { d: "globalsignOCSPPolicy", c: "Globalsign policy", w: false }); - oids.insert("1.3.6.1.4.1.5309.1", OidEntry { d: "edelWebPolicy", c: "EdelWeb policy", w: false }); - oids.insert("1.3.6.1.4.1.5309.1.2", OidEntry { d: "edelWebCustomerPolicy", c: "EdelWeb policy", w: false }); - oids.insert("1.3.6.1.4.1.5309.1.2.1", OidEntry { d: "edelWebClepsydrePolicy", c: "EdelWeb policy", w: false }); - oids.insert("1.3.6.1.4.1.5309.1.2.2", OidEntry { d: "edelWebExperimentalTSAPolicy", c: "EdelWeb policy", w: false }); - oids.insert("1.3.6.1.4.1.5309.1.2.3", OidEntry { d: "edelWebOpenEvidenceTSAPolicy", c: "EdelWeb policy", w: false }); - oids.insert("1.3.6.1.4.1.5472", OidEntry { d: "timeproof", c: "enterprise", w: false }); - oids.insert("1.3.6.1.4.1.5472.1", OidEntry { d: "tss", c: "timeproof", w: false }); - oids.insert("1.3.6.1.4.1.5472.1.1", OidEntry { d: "tss80", c: "timeproof TSS", w: false }); - oids.insert("1.3.6.1.4.1.5472.1.2", OidEntry { d: "tss380", c: "timeproof TSS", w: false }); - oids.insert("1.3.6.1.4.1.5472.1.3", OidEntry { d: "tss400", c: "timeproof TSS", w: false }); - oids.insert("1.3.6.1.4.1.5770.0.3", OidEntry { d: "secondaryPractices", c: "MEDePass", w: false }); - oids.insert("1.3.6.1.4.1.5770.0.4", OidEntry { d: "physicianIdentifiers", c: "MEDePass", w: false }); - oids.insert("1.3.6.1.4.1.6449.1.2.1.3.1", OidEntry { d: "comodoPolicy", c: "Comodo CA", w: false }); - oids.insert("1.3.6.1.4.1.6449.1.2.2.15", OidEntry { d: "wotrustPolicy", c: "WoTrust (Comodo) CA", w: false }); - oids.insert("1.3.6.1.4.1.6449.1.3.5.2", OidEntry { d: "comodoCertifiedDeliveryService", c: "Comodo CA", w: false }); - oids.insert("1.3.6.1.4.1.6449.2.1.1", OidEntry { d: "comodoTimestampingPolicy", c: "Comodo CA", w: false }); - oids.insert("1.3.6.1.4.1.8301.3.5.1", OidEntry { d: "validityModelChain", c: "TU Darmstadt ValidityModel", w: false }); - oids.insert("1.3.6.1.4.1.8301.3.5.2", OidEntry { d: "validityModelShell", c: "ValidityModel", w: false }); - oids.insert("1.3.6.1.4.1.8231.1", OidEntry { d: "rolUnicoNacional", c: "Chilean Government national unique roll number", w: false }); - oids.insert("1.3.6.1.4.1.11129.2.4.2", OidEntry { d: "googleSignedCertificateTimestamp", c: "Google Certificate Transparency", w: false }); - oids.insert("1.3.6.1.4.1.11129.2.4.3", OidEntry { d: "googlePrecertificatePoison", c: "Google Certificate Transparency", w: false }); - oids.insert("1.3.6.1.4.1.11129.2.4.4", OidEntry { d: "googlePrecertificateCA", c: "Google Certificate Transparency", w: false }); - oids.insert("1.3.6.1.4.1.11129.2.4.5", OidEntry { d: "googleOcspSignedCertificateTimestamp", c: "Google Certificate Transparency", w: false }); - oids.insert("1.3.6.1.4.1.11591", OidEntry { d: "gnu", c: "GNU Project (see https://www.gnupg.org/oids.html)", w: false }); - oids.insert("1.3.6.1.4.1.11591.1", OidEntry { d: "gnuRadius", c: "GNU Radius", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.2.1", OidEntry { d: "gpgX509StandaloneCert", c: "Cert is intentionally self-signed.", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.2.2", OidEntry { d: "gpgX509WellKnownPrivateKey", c: "Mark cert as having a well known key", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.2.10", OidEntry { d: "gpgX509PgpKdfKekParm", c: "Description of ECC params", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.3.1", OidEntry { d: "gpgCtPgpKeyblock", c: "CMS ct for a binary PGP keyblock", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.4.1.1", OidEntry { d: "gpgFingerprint", c: "LDAP keyserver attribute", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.4.1.2", OidEntry { d: "gpgSubFingerprint", c: "LDAP keyserver attribute", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.4.1.3", OidEntry { d: "gpgMailbox", c: "LDAP keyserver attribute", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.4.1.4", OidEntry { d: "gpgSubCertID", c: "LDAP keyserver attribute", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.5.1", OidEntry { d: "gpgNtds", c: "LDAP URL ext, auth with current AD user", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.6.1", OidEntry { d: "gpgX509PgpUseCert", c: "X.509 encoded OpenPGP key usage", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.6.2", OidEntry { d: "gpgX509PgpUseSign", c: "X.509 encoded PGP key usage", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.6.3", OidEntry { d: "gpgX509PgpUseEncr", c: "X.509 encoded PGP key usage", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.6.4", OidEntry { d: "gpgX509PgpUseAuth", c: "X.509 encoded PGP key usage", w: false }); - oids.insert("1.3.6.1.4.1.11591.2.12242973", OidEntry { d: "gpgInvalidOid", c: "0xBAD01D to indicate an invalid encoded OID", w: false }); - oids.insert("1.3.6.1.4.1.11591.3", OidEntry { d: "gnuRadar", c: "GNU Radar", w: false }); - oids.insert("1.3.6.1.4.1.11591.4.11", OidEntry { d: "scrypt", c: "GNU Generic Security Service", w: false }); - oids.insert("1.3.6.1.4.1.11591.12", OidEntry { d: "gnuDigestAlgorithm", c: "GNU digest algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.12.2", OidEntry { d: "tiger", c: "GNU digest algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13", OidEntry { d: "gnuEncryptionAlgorithm", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2", OidEntry { d: "serpent", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.1", OidEntry { d: "serpent128_ECB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.2", OidEntry { d: "serpent128_CBC", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.3", OidEntry { d: "serpent128_OFB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.4", OidEntry { d: "serpent128_CFB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.21", OidEntry { d: "serpent192_ECB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.22", OidEntry { d: "serpent192_CBC", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.23", OidEntry { d: "serpent192_OFB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.24", OidEntry { d: "serpent192_CFB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.41", OidEntry { d: "serpent256_ECB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.42", OidEntry { d: "serpent256_CBC", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.43", OidEntry { d: "serpent256_OFB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.13.2.44", OidEntry { d: "serpent256_CFB", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.15.1", OidEntry { d: "curve25519", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.15.2", OidEntry { d: "curve448", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.15.3", OidEntry { d: "curve25519ph", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.11591.15.4", OidEntry { d: "curve448ph", c: "GNU encryption algorithm", w: false }); - oids.insert("1.3.6.1.4.1.16334.509.1.1", OidEntry { d: "Northrop Grumman extKeyUsage?", c: "Northrop Grumman extended key usage", w: false }); - oids.insert("1.3.6.1.4.1.16334.509.2.1", OidEntry { d: "ngcClass1", c: "Northrop Grumman policy", w: false }); - oids.insert("1.3.6.1.4.1.16334.509.2.2", OidEntry { d: "ngcClass2", c: "Northrop Grumman policy", w: false }); - oids.insert("1.3.6.1.4.1.16334.509.2.3", OidEntry { d: "ngcClass3", c: "Northrop Grumman policy", w: false }); - oids.insert("1.3.6.1.4.1.23629.1.4.2.1.1", OidEntry { d: "safenetUsageLimit", c: "SafeNet", w: false }); - oids.insert("1.3.6.1.4.1.23629.1.4.2.1.2", OidEntry { d: "safenetEndDate", c: "SafeNet", w: false }); - oids.insert("1.3.6.1.4.1.23629.1.4.2.1.3", OidEntry { d: "safenetStartDate", c: "SafeNet", w: false }); - oids.insert("1.3.6.1.4.1.23629.1.4.2.1.4", OidEntry { d: "safenetAdminCert", c: "SafeNet", w: false }); - oids.insert("1.3.6.1.4.1.23629.1.4.2.2.1", OidEntry { d: "safenetKeyDigest", c: "SafeNet", w: false }); - oids.insert("1.3.6.1.4.1.25054.3", OidEntry { d: "carillonSecurity", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.1", OidEntry { d: "carillonCommercialPKI", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.2", OidEntry { d: "carillonCommercialTSA", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.3", OidEntry { d: "carillonCommercialSCVP", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.3.1", OidEntry { d: "carillonSCVPExtendedStatusInfo", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.4", OidEntry { d: "carillonCommercialCMS", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.4.1", OidEntry { d: "carillonExtKeyUsageCIVCardAuth", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.4.2", OidEntry { d: "carillonExtKeyUsageCIVContentSigning", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.5", OidEntry { d: "carillonCommercialLSAP", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.5.1", OidEntry { d: "carillonExtKeyUsageLSAPCodeSigning", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.6", OidEntry { d: "carillonCommercialCE", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.7", OidEntry { d: "carillonCommercialLicense", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.7.1", OidEntry { d: "carillonExtKeyUsageLicenseSigning", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.25054.3.8", OidEntry { d: "carillonCommercialSecret", c: "Carillon security", w: false }); - oids.insert("1.3.6.1.4.1.51483.2.1", OidEntry { d: "hashOfRootKey", c: "CTIA", w: false }); - oids.insert("1.3.6.1.5.2.3.1", OidEntry { d: "authData", c: "Kerberos", w: false }); - oids.insert("1.3.6.1.5.2.3.2", OidEntry { d: "dHKeyData", c: "Kerberos", w: false }); - oids.insert("1.3.6.1.5.2.3.3", OidEntry { d: "rkeyData", c: "Kerberos", w: false }); - oids.insert("1.3.6.1.5.2.3.4", OidEntry { d: "keyPurposeClientAuth", c: "Kerberos", w: false }); - oids.insert("1.3.6.1.5.2.3.5", OidEntry { d: "keyPurposeKdc", c: "Kerberos", w: false }); - oids.insert("1.3.6.1.5.2.3.6", OidEntry { d: "kdf", c: "Kerberos", w: false }); - oids.insert("1.3.6.1.5.5.7", OidEntry { d: "pkix", c: "", w: false }); - oids.insert("1.3.6.1.5.5.7.0.12", OidEntry { d: "attributeCert", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.1", OidEntry { d: "privateExtension", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.1.1", OidEntry { d: "authorityInfoAccess", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.2", OidEntry { d: "biometricInfo", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.3", OidEntry { d: "qcStatements", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.4", OidEntry { d: "acAuditIdentity", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.5", OidEntry { d: "acTargeting", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.6", OidEntry { d: "acAaControls", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.7", OidEntry { d: "ipAddrBlocks", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.8", OidEntry { d: "autonomousSysIds", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.9", OidEntry { d: "routerIdentifier", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.10", OidEntry { d: "acProxying", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.11", OidEntry { d: "subjectInfoAccess", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.12", OidEntry { d: "logoType", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.13", OidEntry { d: "wlanSSID", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.14", OidEntry { d: "proxyCertInfo", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.15", OidEntry { d: "acPolicies", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.16", OidEntry { d: "certificateWarranty", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.18", OidEntry { d: "cmsContentConstraints", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.19", OidEntry { d: "otherCerts", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.20", OidEntry { d: "wrappedApexContinKey", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.21", OidEntry { d: "clearanceConstraints", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.22", OidEntry { d: "skiSemantics", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.23", OidEntry { d: "noSecrecyAfforded", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.24", OidEntry { d: "tlsFeature", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.25", OidEntry { d: "manufacturerUsageDescription", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.26", OidEntry { d: "tnAuthList", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.27", OidEntry { d: "jwtClaimConstraints", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.28", OidEntry { d: "ipAddrBlocksV2", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.29", OidEntry { d: "autonomousSysIdsV2", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.30", OidEntry { d: "manufacturerUsageDescriptionSigner", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.31", OidEntry { d: "acmeIdentifier", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.32", OidEntry { d: "masaURL", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.33", OidEntry { d: "enhancedJWTClaimConstraints", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.1.34", OidEntry { d: "nfTypes", c: "PKIX private extension", w: false }); - oids.insert("1.3.6.1.5.5.7.2", OidEntry { d: "policyQualifierIds", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.2.1", OidEntry { d: "cps", c: "PKIX policy qualifier", w: false }); - oids.insert("1.3.6.1.5.5.7.2.2", OidEntry { d: "unotice", c: "PKIX policy qualifier", w: false }); - oids.insert("1.3.6.1.5.5.7.2.3", OidEntry { d: "textNotice", c: "PKIX policy qualifier", w: false }); - oids.insert("1.3.6.1.5.5.7.2.4", OidEntry { d: "acps", c: "PKIX policy qualifier", w: false }); - oids.insert("1.3.6.1.5.5.7.2.5", OidEntry { d: "acunotice", c: "PKIX policy qualifier", w: false }); - oids.insert("1.3.6.1.5.5.7.3", OidEntry { d: "keyPurpose", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.3.1", OidEntry { d: "serverAuth", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.2", OidEntry { d: "clientAuth", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.3", OidEntry { d: "codeSigning", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.4", OidEntry { d: "emailProtection", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.5", OidEntry { d: "ipsecEndSystem", c: "PKIX key purpose", w: true }); - oids.insert("1.3.6.1.5.5.7.3.6", OidEntry { d: "ipsecTunnel", c: "PKIX key purpose", w: true }); - oids.insert("1.3.6.1.5.5.7.3.7", OidEntry { d: "ipsecUser", c: "PKIX key purpose", w: true }); - oids.insert("1.3.6.1.5.5.7.3.8", OidEntry { d: "timeStamping", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.9", OidEntry { d: "ocspSigning", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.10", OidEntry { d: "dvcs", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.11", OidEntry { d: "sbgpCertAAServerAuth", c: "PKIX key purpose", w: true }); - oids.insert("1.3.6.1.5.5.7.3.12", OidEntry { d: "scvpResponder", c: "PKIX key purpose", w: true }); - oids.insert("1.3.6.1.5.5.7.3.13", OidEntry { d: "eapOverPPP", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.14", OidEntry { d: "eapOverLAN", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.15", OidEntry { d: "scvpServer", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.16", OidEntry { d: "scvpClient", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.17", OidEntry { d: "ipsecIKE", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.18", OidEntry { d: "capwapAC", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.19", OidEntry { d: "capwapWTP", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.20", OidEntry { d: "sipDomain", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.21", OidEntry { d: "secureShellClient", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.22", OidEntry { d: "secureShellServer", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.23", OidEntry { d: "sendRouter", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.24", OidEntry { d: "sendProxiedRouter", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.25", OidEntry { d: "sendOwner", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.26", OidEntry { d: "sendProxiedOwner", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.27", OidEntry { d: "cmcCA", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.28", OidEntry { d: "cmcRA", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.29", OidEntry { d: "cmcArchive", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.30", OidEntry { d: "bgpsecRouter", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.31", OidEntry { d: "bimi", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.32", OidEntry { d: "cmKGA", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.33", OidEntry { d: "rpcTLSClient", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.34", OidEntry { d: "rpcTLSServer", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.35", OidEntry { d: "bundleSecurity", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.3.36", OidEntry { d: "documentSigning", c: "PKIX key purpose", w: false }); - oids.insert("1.3.6.1.5.5.7.4", OidEntry { d: "cmpInformationTypes", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.4.1", OidEntry { d: "caProtEncCert", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.2", OidEntry { d: "signKeyPairTypes", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.3", OidEntry { d: "encKeyPairTypes", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.4", OidEntry { d: "preferredSymmAlg", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.5", OidEntry { d: "caKeyUpdateInfo", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.6", OidEntry { d: "currentCRL", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.7", OidEntry { d: "unsupportedOIDs", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.10", OidEntry { d: "keyPairParamReq", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.11", OidEntry { d: "keyPairParamRep", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.12", OidEntry { d: "revPassphrase", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.13", OidEntry { d: "implicitConfirm", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.14", OidEntry { d: "confirmWaitTime", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.15", OidEntry { d: "origPKIMessage", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.4.16", OidEntry { d: "suppLangTags", c: "PKIX CMP information", w: false }); - oids.insert("1.3.6.1.5.5.7.5", OidEntry { d: "crmfRegistration", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1", OidEntry { d: "regCtrl", c: "PKIX CRMF registration", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.1", OidEntry { d: "regToken", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.2", OidEntry { d: "authenticator", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.3", OidEntry { d: "pkiPublicationInfo", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.4", OidEntry { d: "pkiArchiveOptions", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.5", OidEntry { d: "oldCertID", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.6", OidEntry { d: "protocolEncrKey", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.7", OidEntry { d: "altCertTemplate", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.1.8", OidEntry { d: "wtlsTemplate", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.2", OidEntry { d: "utf8Pairs", c: "PKIX CRMF registration", w: false }); - oids.insert("1.3.6.1.5.5.7.5.2.1", OidEntry { d: "utf8Pairs", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.5.2.2", OidEntry { d: "certReq", c: "PKIX CRMF registration control", w: false }); - oids.insert("1.3.6.1.5.5.7.6", OidEntry { d: "algorithms", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.6.1", OidEntry { d: "des40", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.2", OidEntry { d: "noSignature", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.3", OidEntry { d: "dhSigHmacSha1", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.4", OidEntry { d: "dhPop", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.5", OidEntry { d: "dhPopSha224", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.6", OidEntry { d: "dhPopSha256", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.7", OidEntry { d: "dhPopSha384", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.8", OidEntry { d: "dhPopSha512", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.15", OidEntry { d: "dhPopStaticSha224HmacSha224", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.16", OidEntry { d: "dhPopStaticSha256HmacSha256", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.17", OidEntry { d: "dhPopStaticSha384HmacSha384", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.18", OidEntry { d: "dhPopStaticSha512HmacSha512", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.25", OidEntry { d: "ecdhPopStaticSha224HmacSha224", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.26", OidEntry { d: "ecdhPopStaticSha256HmacSha256", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.27", OidEntry { d: "ecdhPopStaticSha384HmacSha384", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.28", OidEntry { d: "ecdhPopStaticSha512HmacSha512", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.30", OidEntry { d: "rsaPssShake128", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.31", OidEntry { d: "rsaPssShake256", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.32", OidEntry { d: "ecdsaShake128", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.6.33", OidEntry { d: "ecdsaShake256", c: "PKIX algorithm", w: false }); - oids.insert("1.3.6.1.5.5.7.7", OidEntry { d: "cmcControls", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.8", OidEntry { d: "otherNames", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.8.1", OidEntry { d: "personalData", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.2", OidEntry { d: "userGroup", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.3", OidEntry { d: "permanentIdentifier", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.5", OidEntry { d: "xmppAddr", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.6", OidEntry { d: "SIM", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.7", OidEntry { d: "dnsSRV", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.8", OidEntry { d: "naiRealm", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.9", OidEntry { d: "smtpUTF8Mailbox", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.10", OidEntry { d: "acpNodeName", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.8.11", OidEntry { d: "bundleEID", c: "PKIX other name", w: false }); - oids.insert("1.3.6.1.5.5.7.9", OidEntry { d: "personalData", c: "PKIX qualified certificates", w: false }); - oids.insert("1.3.6.1.5.5.7.9.1", OidEntry { d: "dateOfBirth", c: "PKIX personal data", w: false }); - oids.insert("1.3.6.1.5.5.7.9.2", OidEntry { d: "placeOfBirth", c: "PKIX personal data", w: false }); - oids.insert("1.3.6.1.5.5.7.9.3", OidEntry { d: "gender", c: "PKIX personal data", w: false }); - oids.insert("1.3.6.1.5.5.7.9.4", OidEntry { d: "countryOfCitizenship", c: "PKIX personal data", w: false }); - oids.insert("1.3.6.1.5.5.7.9.5", OidEntry { d: "countryOfResidence", c: "PKIX personal data", w: false }); - oids.insert("1.3.6.1.5.5.7.10", OidEntry { d: "attributeCertificate", c: "PKIX", w: false }); - oids.insert("1.3.6.1.5.5.7.10.1", OidEntry { d: "authenticationInfo", c: "PKIX attribute certificate extension", w: false }); - oids.insert("1.3.6.1.5.5.7.10.2", OidEntry { d: "accessIdentity", c: "PKIX attribute certificate extension", w: false }); - oids.insert("1.3.6.1.5.5.7.10.3", OidEntry { d: "chargingIdentity", c: "PKIX attribute certificate extension", w: false }); - oids.insert("1.3.6.1.5.5.7.10.4", OidEntry { d: "group", c: "PKIX attribute certificate extension", w: false }); - oids.insert("1.3.6.1.5.5.7.10.5", OidEntry { d: "role", c: "PKIX attribute certificate extension", w: false }); - oids.insert("1.3.6.1.5.5.7.10.6", OidEntry { d: "wlanSSID", c: "PKIX attribute-certificate extension", w: false }); - oids.insert("1.3.6.1.5.5.7.11", OidEntry { d: "personalData", c: "PKIX qualified certificates", w: false }); - oids.insert("1.3.6.1.5.5.7.11.1", OidEntry { d: "pkixQCSyntax-v1", c: "PKIX qualified certificates", w: false }); - oids.insert("1.3.6.1.5.5.7.11.2", OidEntry { d: "pkixQCSyntax-v2", c: "PKIX qualified certificates", w: false }); - oids.insert("1.3.6.1.5.5.7.12", OidEntry { d: "pkixCCT", c: "PKIX CMC Content Types", w: false }); - oids.insert("1.3.6.1.5.5.7.12.2", OidEntry { d: "pkiData", c: "PKIX CMC Content Types", w: false }); - oids.insert("1.3.6.1.5.5.7.12.3", OidEntry { d: "pkiResponse", c: "PKIX CMC Content Types", w: false }); - oids.insert("1.3.6.1.5.5.7.14.2", OidEntry { d: "resourceCertificatePolicy", c: "PKIX policies", w: false }); - oids.insert("1.3.6.1.5.5.7.17", OidEntry { d: "scvpCheck", c: "PKIX SCVP check", w: false }); - oids.insert("1.3.6.1.5.5.7.17.1", OidEntry { d: "scvpCheckBuildPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.17.2", OidEntry { d: "scvpCheckBuildValidPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.17.3", OidEntry { d: "scvpCheckBuildStatusCheckedPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.17.4", OidEntry { d: "scvpCheckBuildAaPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.17.5", OidEntry { d: "scvpCheckBuildValidAaPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.17.6", OidEntry { d: "scvpCheckBuildStatusCheckedAaPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.17.7", OidEntry { d: "scvpCheckStatusCheckAcAndBuildStatusCheckedAaPath", c: "SCVP", w: false }); - oids.insert("1.3.6.1.5.5.7.18", OidEntry { d: "scvpWantBack", c: "PKIX SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.1", OidEntry { d: "scvpWantbackBestCertPath", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.2", OidEntry { d: "scvpWantbackRevocationInfo", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.4", OidEntry { d: "scvpWantbackPublicKeyInfo", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.5", OidEntry { d: "scvpWantbackAaCertPath", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.6", OidEntry { d: "scvpWantbackAaRevocationInfo", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.7", OidEntry { d: "scvpWantbackAcRevocationInfo", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.9", OidEntry { d: "scvpWantbackRelayedResponses", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.10", OidEntry { d: "scvpWantbackCert", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.11", OidEntry { d: "scvpWantbackAcCert", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.12", OidEntry { d: "scvpWantbackAllCertPaths", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.13", OidEntry { d: "scvpWantbackEeRevocationInfo", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.18.14", OidEntry { d: "scvpWantbackCAsRevocationInfo", c: "SCVP wantback", w: false }); - oids.insert("1.3.6.1.5.5.7.19", OidEntry { d: "scvpValPolicy", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.1", OidEntry { d: "scvpDefaultValPolicy", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2", OidEntry { d: "scvpNameValAlg", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2.1", OidEntry { d: "scvpNameErrorNameMismatch", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2.2", OidEntry { d: "scvpNameErrorNoName", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2.3", OidEntry { d: "scvpNameErrorUnknownAlg", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2.4", OidEntry { d: "scvpNameErrorBadName", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2.5", OidEntry { d: "scvpNameErrorBadNameType", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.2.6", OidEntry { d: "scvpNameErrorMixedNames", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3", OidEntry { d: "scvpBasicValAlg", c: "SCVP validation policy", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.1", OidEntry { d: "scvpValErrorExpired", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.2", OidEntry { d: "scvpValErrorNotYetValid", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.3", OidEntry { d: "scvpValErrorWrongTrustAnchor", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.4", OidEntry { d: "scvpValErrorNoValidCertPath", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.5", OidEntry { d: "scvpValErrorRevoked", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.9", OidEntry { d: "scvpValErrorInvalidKeyPurpose", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.10", OidEntry { d: "scvpValErrorInvalidKeyUsage", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.19.3.11", OidEntry { d: "scvpValErrorInvalidCertPolicy", c: "SCVP validation policy error", w: false }); - oids.insert("1.3.6.1.5.5.7.20", OidEntry { d: "logo", c: "Qualified Certificate", w: false }); - oids.insert("1.3.6.1.5.5.7.20.1", OidEntry { d: "logoLoyalty", c: "Qualified Certificate", w: false }); - oids.insert("1.3.6.1.5.5.7.20.2", OidEntry { d: "logoBackground", c: "Qualified Certificate", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1", OidEntry { d: "ocsp", c: "PKIX OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.1", OidEntry { d: "ocspBasic", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.2", OidEntry { d: "ocspNonce", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.3", OidEntry { d: "ocspCRL", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.4", OidEntry { d: "ocspResponse", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.5", OidEntry { d: "ocspNoCheck", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.6", OidEntry { d: "ocspArchiveCutoff", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.1.7", OidEntry { d: "ocspServiceLocator", c: "OCSP", w: false }); - oids.insert("1.3.6.1.5.5.7.48.2", OidEntry { d: "caIssuers", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.7.48.3", OidEntry { d: "timeStamping", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.7.48.4", OidEntry { d: "dvcs", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.7.48.5", OidEntry { d: "caRepository", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.7.48.7", OidEntry { d: "signedObjectRepository", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.7.48.10", OidEntry { d: "rpkiManifest", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.7.48.11", OidEntry { d: "signedObject", c: "PKIX subject/authority info access descriptor", w: false }); - oids.insert("1.3.6.1.5.5.8.1.1", OidEntry { d: "hmacMD5", c: "ISAKMP HMAC algorithm", w: false }); - oids.insert("1.3.6.1.5.5.8.1.2", OidEntry { d: "hmacSHA", c: "ISAKMP HMAC algorithm", w: false }); - oids.insert("1.3.6.1.5.5.8.1.3", OidEntry { d: "hmacTiger", c: "ISAKMP HMAC algorithm", w: false }); - oids.insert("1.3.6.1.5.5.8.2.2", OidEntry { d: "iKEIntermediate", c: "IKE ???", w: false }); - oids.insert("1.3.12.2.1011.7.1", OidEntry { d: "decEncryptionAlgorithm", c: "DASS algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.1.2", OidEntry { d: "decDEA", c: "DASS encryption algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.2", OidEntry { d: "decHashAlgorithm", c: "DASS algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.2.1", OidEntry { d: "decMD2", c: "DASS hash algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.2.2", OidEntry { d: "decMD4", c: "DASS hash algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.3", OidEntry { d: "decSignatureAlgorithm", c: "DASS algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.3.1", OidEntry { d: "decMD2withRSA", c: "DASS signature algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.3.2", OidEntry { d: "decMD4withRSA", c: "DASS signature algorithm", w: false }); - oids.insert("1.3.12.2.1011.7.3.3", OidEntry { d: "decDEAMAC", c: "DASS signature algorithm", w: false }); - oids.insert("1.3.14.2.26.5", OidEntry { d: "sha", c: "Unsure about this OID", w: false }); - oids.insert("1.3.14.3.2.1.1", OidEntry { d: "rsa", c: "X.509. Unsure about this OID", w: false }); - oids.insert("1.3.14.3.2.2", OidEntry { d: "md4WitRSA", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.2.3", OidEntry { d: "md5WithRSA", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.2.4", OidEntry { d: "md4WithRSAEncryption", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.2.2.1", OidEntry { d: "sqmod-N", c: "X.509. Deprecated", w: true }); - oids.insert("1.3.14.3.2.3.1", OidEntry { d: "sqmod-NwithRSA", c: "X.509. Deprecated", w: true }); - oids.insert("1.3.14.3.2.6", OidEntry { d: "desECB", c: "", w: false }); - oids.insert("1.3.14.3.2.7", OidEntry { d: "desCBC", c: "", w: false }); - oids.insert("1.3.14.3.2.8", OidEntry { d: "desOFB", c: "", w: false }); - oids.insert("1.3.14.3.2.9", OidEntry { d: "desCFB", c: "", w: false }); - oids.insert("1.3.14.3.2.10", OidEntry { d: "desMAC", c: "", w: false }); - oids.insert("1.3.14.3.2.11", OidEntry { d: "rsaSignature", c: "ISO 9796-2, also X9.31 Part 1", w: false }); - oids.insert("1.3.14.3.2.12", OidEntry { d: "dsa", c: "OIW?, supposedly from an incomplete version of SDN.701 (doesn't match final SDN.701)", w: true }); - oids.insert("1.3.14.3.2.13", OidEntry { d: "dsaWithSHA", c: "Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27)", w: true }); - oids.insert("1.3.14.3.2.14", OidEntry { d: "mdc2WithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); - oids.insert("1.3.14.3.2.15", OidEntry { d: "shaWithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); - oids.insert("1.3.14.3.2.16", OidEntry { d: "dhWithCommonModulus", c: "Oddball OIW OID. Deprecated, use a plain DH OID instead", w: true }); - oids.insert("1.3.14.3.2.17", OidEntry { d: "desEDE", c: "Oddball OIW OID. Mode is ECB", w: false }); - oids.insert("1.3.14.3.2.18", OidEntry { d: "sha", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.2.19", OidEntry { d: "mdc-2", c: "Oddball OIW OID, DES-based hash, planned for X9.31 Part 2", w: false }); - oids.insert("1.3.14.3.2.20", OidEntry { d: "dsaCommon", c: "Oddball OIW OID. Deprecated, use a plain DSA OID instead", w: true }); - oids.insert("1.3.14.3.2.21", OidEntry { d: "dsaCommonWithSHA", c: "Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead", w: true }); - oids.insert("1.3.14.3.2.22", OidEntry { d: "rsaKeyTransport", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.2.23", OidEntry { d: "keyed-hash-seal", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.2.24", OidEntry { d: "md2WithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); - oids.insert("1.3.14.3.2.25", OidEntry { d: "md5WithRSASignature", c: "Oddball OIW OID using 9796-2 padding rules", w: false }); - oids.insert("1.3.14.3.2.26", OidEntry { d: "sha1", c: "OIW", w: false }); - oids.insert("1.3.14.3.2.27", OidEntry { d: "dsaWithSHA1", c: "OIW. This OID may also be assigned as ripemd-160", w: false }); - oids.insert("1.3.14.3.2.28", OidEntry { d: "dsaWithCommonSHA1", c: "OIW", w: false }); - oids.insert("1.3.14.3.2.29", OidEntry { d: "sha-1WithRSAEncryption", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.3.3.1", OidEntry { d: "simple-strong-auth-mechanism", c: "Oddball OIW OID", w: false }); - oids.insert("1.3.14.7.2.1.1", OidEntry { d: "ElGamal", c: "Unsure about this OID", w: false }); - oids.insert("1.3.14.7.2.3.1", OidEntry { d: "md2WithRSA", c: "Unsure about this OID", w: false }); - oids.insert("1.3.14.7.2.3.2", OidEntry { d: "md2WithElGamal", c: "Unsure about this OID", w: false }); - oids.insert("1.3.18.0.2.18.1", OidEntry { d: "hostIDMapping", c: "IBM RACF ID mapping", w: false }); - oids.insert("1.3.27.16", OidEntry { d: "icaoSecurity", c: "ICAO security", w: false }); - oids.insert("1.3.27.16.0", OidEntry { d: "icaoSecurity", c: "ICAO security test?", w: false }); - oids.insert("1.3.27.16.0.1.1.1.1.1.1.0", OidEntry { d: "icaoTestValidationPolicy", c: "ICAO security test?", w: false }); - oids.insert("1.3.27.16.1", OidEntry { d: "icaoCertPolicy", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2", OidEntry { d: "icaoIATFRootCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1", OidEntry { d: "icaoIdentityAssurance", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.1", OidEntry { d: "icaoIdentityAssuranceLow", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.2", OidEntry { d: "icaoIdentityAssuranceLowDevice", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.3", OidEntry { d: "icaoIdentityAssuranceLowTSPMediated", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.4", OidEntry { d: "icaoIdentityAssuranceMedium", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.5", OidEntry { d: "icaoIdentityAssuranceMediumDevice", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.6", OidEntry { d: "icaoIdentityAssuranceMediumTSPMediated", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.7", OidEntry { d: "icaoIdentityAssuranceMediumHardware", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.8", OidEntry { d: "icaoIdentityAssuranceMediumDeviceHardware", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.9", OidEntry { d: "icaoIdentityAssuranceHigh", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.10", OidEntry { d: "icaoIdentityAssuranceHighCardAuth", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.0.1.11", OidEntry { d: "icaoIdentityAssuranceHighContentSigning", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1", OidEntry { d: "icaoIATFBridgeCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.0", OidEntry { d: "icaoCAODRootCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1", OidEntry { d: "icaoCAODBridgeCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1.1", OidEntry { d: "icaoUSBridgeCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1.1.1", OidEntry { d: "icaoFAARootCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1.1.1.1", OidEntry { d: "icaoFAAIssuingCA", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1.1.1.1.1", OidEntry { d: "icaoFAAClientCertificate", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1.1.1.1.2", OidEntry { d: "icaoFAAServerCertificate", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.2.1.1.1.1.1.3", OidEntry { d: "icaoFAASWIMSigningCertificate", c: "ICAO certificate policies", w: false }); - oids.insert("1.3.27.16.1.4.1.1", OidEntry { d: "icaoSWIMSigning", c: "ICAO extended key usage", w: false }); - oids.insert("1.3.36.1", OidEntry { d: "document", c: "Teletrust document", w: false }); - oids.insert("1.3.36.1.1", OidEntry { d: "finalVersion", c: "Teletrust document", w: false }); - oids.insert("1.3.36.1.2", OidEntry { d: "draft", c: "Teletrust document", w: false }); - oids.insert("1.3.36.2", OidEntry { d: "sio", c: "Teletrust sio", w: false }); - oids.insert("1.3.36.2.1", OidEntry { d: "sedu", c: "Teletrust sio", w: false }); - oids.insert("1.3.36.3", OidEntry { d: "algorithm", c: "Teletrust algorithm", w: false }); - oids.insert("1.3.36.3.1", OidEntry { d: "encryptionAlgorithm", c: "Teletrust algorithm", w: false }); - oids.insert("1.3.36.3.1.1", OidEntry { d: "des", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.1.1", OidEntry { d: "desECB_pad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.1.1.1", OidEntry { d: "desECB_ISOpad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.1.2.1", OidEntry { d: "desCBC_pad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.1.2.1.1", OidEntry { d: "desCBC_ISOpad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.3", OidEntry { d: "des_3", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.3.1.1", OidEntry { d: "des_3ECB_pad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); - oids.insert("1.3.36.3.1.3.1.1.1", OidEntry { d: "des_3ECB_ISOpad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); - oids.insert("1.3.36.3.1.3.2.1", OidEntry { d: "des_3CBC_pad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); - oids.insert("1.3.36.3.1.3.2.1.1", OidEntry { d: "des_3CBC_ISOpad", c: "Teletrust encryption algorithm. EDE triple DES", w: false }); - oids.insert("1.3.36.3.1.2", OidEntry { d: "idea", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.1", OidEntry { d: "ideaECB", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.1.1", OidEntry { d: "ideaECB_pad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.1.1.1", OidEntry { d: "ideaECB_ISOpad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.2", OidEntry { d: "ideaCBC", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.2.1", OidEntry { d: "ideaCBC_pad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.2.1.1", OidEntry { d: "ideaCBC_ISOpad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.3", OidEntry { d: "ideaOFB", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.2.4", OidEntry { d: "ideaCFB", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.4", OidEntry { d: "rsaEncryption", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.4.512.17", OidEntry { d: "rsaEncryptionWithlmod512expe17", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.5", OidEntry { d: "bsi-1", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.5.1", OidEntry { d: "bsi_1ECB_pad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.5.2", OidEntry { d: "bsi_1CBC_pad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.1.5.2.1", OidEntry { d: "bsi_1CBC_PEMpad", c: "Teletrust encryption algorithm", w: false }); - oids.insert("1.3.36.3.2", OidEntry { d: "hashAlgorithm", c: "Teletrust algorithm", w: false }); - oids.insert("1.3.36.3.2.1", OidEntry { d: "ripemd160", c: "Teletrust hash algorithm", w: false }); - oids.insert("1.3.36.3.2.2", OidEntry { d: "ripemd128", c: "Teletrust hash algorithm", w: false }); - oids.insert("1.3.36.3.2.3", OidEntry { d: "ripemd256", c: "Teletrust hash algorithm", w: false }); - oids.insert("1.3.36.3.2.4", OidEntry { d: "mdc2singleLength", c: "Teletrust hash algorithm", w: false }); - oids.insert("1.3.36.3.2.5", OidEntry { d: "mdc2doubleLength", c: "Teletrust hash algorithm", w: false }); - oids.insert("1.3.36.3.3", OidEntry { d: "signatureAlgorithm", c: "Teletrust algorithm", w: false }); - oids.insert("1.3.36.3.3.1", OidEntry { d: "rsaSignature", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.1.1", OidEntry { d: "rsaSignatureWithsha1", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.1.1.1024.11", OidEntry { d: "rsaSignatureWithsha1_l1024_l11", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.1.2", OidEntry { d: "rsaSignatureWithripemd160", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.1.2.1024.11", OidEntry { d: "rsaSignatureWithripemd160_l1024_l11", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.1.3", OidEntry { d: "rsaSignatureWithrimpemd128", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.1.4", OidEntry { d: "rsaSignatureWithrimpemd256", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.2", OidEntry { d: "ecsieSign", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.2.1", OidEntry { d: "ecsieSignWithsha1", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.2.2", OidEntry { d: "ecsieSignWithripemd160", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.2.3", OidEntry { d: "ecsieSignWithmd2", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.2.4", OidEntry { d: "ecsieSignWithmd5", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.1", OidEntry { d: "brainpoolP160r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.2", OidEntry { d: "brainpoolP160t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.3", OidEntry { d: "brainpoolP192r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.4", OidEntry { d: "brainpoolP192t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.5", OidEntry { d: "brainpoolP224r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.6", OidEntry { d: "brainpoolP224t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.7", OidEntry { d: "brainpoolP256r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.8", OidEntry { d: "brainpoolP256t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.9", OidEntry { d: "brainpoolP320r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.10", OidEntry { d: "brainpoolP320t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.11", OidEntry { d: "brainpoolP384r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.12", OidEntry { d: "brainpoolP384t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.13", OidEntry { d: "brainpoolP512r1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.3.2.8.1.1.14", OidEntry { d: "brainpoolP512t1", c: "ECC Brainpool Standard Curves and Curve Generation", w: false }); - oids.insert("1.3.36.3.4", OidEntry { d: "signatureScheme", c: "Teletrust algorithm", w: false }); - oids.insert("1.3.36.3.4.1", OidEntry { d: "sigS_ISO9796-1", c: "Teletrust signature scheme", w: false }); - oids.insert("1.3.36.3.4.2", OidEntry { d: "sigS_ISO9796-2", c: "Teletrust signature scheme", w: false }); - oids.insert("1.3.36.3.4.2.1", OidEntry { d: "sigS_ISO9796-2Withred", c: "Teletrust signature scheme. Unsure what this is supposed to be", w: false }); - oids.insert("1.3.36.3.4.2.2", OidEntry { d: "sigS_ISO9796-2Withrsa", c: "Teletrust signature scheme. Unsure what this is supposed to be", w: false }); - oids.insert("1.3.36.3.4.2.3", OidEntry { d: "sigS_ISO9796-2Withrnd", c: "Teletrust signature scheme. 9796-2 with random number in padding field", w: false }); - oids.insert("1.3.36.4", OidEntry { d: "attribute", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.5", OidEntry { d: "policy", c: "Teletrust policy", w: false }); - oids.insert("1.3.36.6", OidEntry { d: "api", c: "Teletrust API", w: false }); - oids.insert("1.3.36.6.1", OidEntry { d: "manufacturer-specific_api", c: "Teletrust API", w: false }); - oids.insert("1.3.36.6.1.1", OidEntry { d: "utimaco-api", c: "Teletrust API", w: false }); - oids.insert("1.3.36.6.2", OidEntry { d: "functionality-specific_api", c: "Teletrust API", w: false }); - oids.insert("1.3.36.7", OidEntry { d: "keymgmnt", c: "Teletrust key management", w: false }); - oids.insert("1.3.36.7.1", OidEntry { d: "keyagree", c: "Teletrust key management", w: false }); - oids.insert("1.3.36.7.1.1", OidEntry { d: "bsiPKE", c: "Teletrust key management", w: false }); - oids.insert("1.3.36.7.2", OidEntry { d: "keytrans", c: "Teletrust key management", w: false }); - oids.insert("1.3.36.7.2.1", OidEntry { d: "encISO9796-2Withrsa", c: "Teletrust key management. 9796-2 with key stored in hash field", w: false }); - oids.insert("1.3.36.8.1.1", OidEntry { d: "Teletrust SigGConform policyIdentifier", c: "Teletrust policy", w: false }); - oids.insert("1.3.36.8.2.1", OidEntry { d: "directoryService", c: "Teletrust extended key usage", w: false }); - oids.insert("1.3.36.8.3.1", OidEntry { d: "dateOfCertGen", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.2", OidEntry { d: "procuration", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.3", OidEntry { d: "admission", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.4", OidEntry { d: "monetaryLimit", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.5", OidEntry { d: "declarationOfMajority", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.6", OidEntry { d: "integratedCircuitCardSerialNumber", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.7", OidEntry { d: "pKReference", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.8", OidEntry { d: "restriction", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.9", OidEntry { d: "retrieveIfAllowed", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.10", OidEntry { d: "requestedCertificate", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.11", OidEntry { d: "namingAuthorities", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.11.1", OidEntry { d: "rechtWirtschaftSteuern", c: "Teletrust naming authorities", w: false }); - oids.insert("1.3.36.8.3.11.1.1", OidEntry { d: "rechtsanwaeltin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.2", OidEntry { d: "rechtsanwalt", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.3", OidEntry { d: "rechtsBeistand", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.4", OidEntry { d: "steuerBeraterin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.5", OidEntry { d: "steuerBerater", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.6", OidEntry { d: "steuerBevollmaechtigte", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.7", OidEntry { d: "steuerBevollmaechtigter", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.8", OidEntry { d: "notarin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.9", OidEntry { d: "notar", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.10", OidEntry { d: "notarVertreterin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.11", OidEntry { d: "notarVertreter", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.12", OidEntry { d: "notariatsVerwalterin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.13", OidEntry { d: "notariatsVerwalter", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.14", OidEntry { d: "wirtschaftsPrueferin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.15", OidEntry { d: "wirtschaftsPruefer", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.16", OidEntry { d: "vereidigteBuchprueferin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.17", OidEntry { d: "vereidigterBuchpruefer", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.18", OidEntry { d: "patentAnwaeltin", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.11.1.19", OidEntry { d: "patentAnwalt", c: "Teletrust ProfessionInfo", w: false }); - oids.insert("1.3.36.8.3.12", OidEntry { d: "certInDirSince", c: "Teletrust OCSP attribute (obsolete)", w: true }); - oids.insert("1.3.36.8.3.13", OidEntry { d: "certHash", c: "Teletrust OCSP attribute", w: false }); - oids.insert("1.3.36.8.3.14", OidEntry { d: "nameAtBirth", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.3.15", OidEntry { d: "additionalInformation", c: "Teletrust attribute", w: false }); - oids.insert("1.3.36.8.4.1", OidEntry { d: "personalData", c: "Teletrust OtherName attribute", w: false }); - oids.insert("1.3.36.8.4.8", OidEntry { d: "restriction", c: "Teletrust attribute certificate attribute", w: false }); - oids.insert("1.3.36.8.5.1.1.1", OidEntry { d: "rsaIndicateSHA1", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.8.5.1.1.2", OidEntry { d: "rsaIndicateRIPEMD160", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.8.5.1.1.3", OidEntry { d: "rsaWithSHA1", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.8.5.1.1.4", OidEntry { d: "rsaWithRIPEMD160", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.8.5.1.2.1", OidEntry { d: "dsaExtended", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.8.5.1.2.2", OidEntry { d: "dsaWithRIPEMD160", c: "Teletrust signature algorithm", w: false }); - oids.insert("1.3.36.8.6.1", OidEntry { d: "cert", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.2", OidEntry { d: "certRef", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.3", OidEntry { d: "attrCert", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.4", OidEntry { d: "attrRef", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.5", OidEntry { d: "fileName", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.6", OidEntry { d: "storageTime", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.7", OidEntry { d: "fileSize", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.8", OidEntry { d: "location", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.9", OidEntry { d: "sigNumber", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.6.10", OidEntry { d: "autoGen", c: "Teletrust signature attributes", w: false }); - oids.insert("1.3.36.8.7.1.1", OidEntry { d: "ptAdobeILL", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.2", OidEntry { d: "ptAmiPro", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.3", OidEntry { d: "ptAutoCAD", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.4", OidEntry { d: "ptBinary", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.5", OidEntry { d: "ptBMP", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.6", OidEntry { d: "ptCGM", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.7", OidEntry { d: "ptCorelCRT", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.8", OidEntry { d: "ptCorelDRW", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.9", OidEntry { d: "ptCorelEXC", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.10", OidEntry { d: "ptCorelPHT", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.11", OidEntry { d: "ptDraw", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.12", OidEntry { d: "ptDVI", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.13", OidEntry { d: "ptEPS", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.14", OidEntry { d: "ptExcel", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.15", OidEntry { d: "ptGEM", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.16", OidEntry { d: "ptGIF", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.17", OidEntry { d: "ptHPGL", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.18", OidEntry { d: "ptJPEG", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.19", OidEntry { d: "ptKodak", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.20", OidEntry { d: "ptLaTeX", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.21", OidEntry { d: "ptLotus", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.22", OidEntry { d: "ptLotusPIC", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.23", OidEntry { d: "ptMacPICT", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.24", OidEntry { d: "ptMacWord", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.25", OidEntry { d: "ptMSWfD", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.26", OidEntry { d: "ptMSWord", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.27", OidEntry { d: "ptMSWord2", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.28", OidEntry { d: "ptMSWord6", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.29", OidEntry { d: "ptMSWord8", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.30", OidEntry { d: "ptPDF", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.31", OidEntry { d: "ptPIF", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.32", OidEntry { d: "ptPostscript", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.33", OidEntry { d: "ptRTF", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.34", OidEntry { d: "ptSCITEX", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.35", OidEntry { d: "ptTAR", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.36", OidEntry { d: "ptTarga", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.37", OidEntry { d: "ptTeX", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.38", OidEntry { d: "ptText", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.39", OidEntry { d: "ptTIFF", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.40", OidEntry { d: "ptTIFF-FC", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.41", OidEntry { d: "ptUID", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.42", OidEntry { d: "ptUUEncode", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.43", OidEntry { d: "ptWMF", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.44", OidEntry { d: "ptWordPerfect", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.36.8.7.1.45", OidEntry { d: "ptWPGrph", c: "Teletrust presentation types", w: false }); - oids.insert("1.3.101.1.4", OidEntry { d: "thawte-ce", c: "Thawte", w: false }); - oids.insert("1.3.101.1.4.1", OidEntry { d: "strongExtranet", c: "Thawte certificate extension", w: false }); - oids.insert("1.3.101.110", OidEntry { d: "curveX25519", c: "ECDH 25519 key agreement algorithm", w: false }); - oids.insert("1.3.101.111", OidEntry { d: "curveX448", c: "ECDH 448 key agreement algorithm", w: false }); - oids.insert("1.3.101.112", OidEntry { d: "curveEd25519", c: "EdDSA 25519 signature algorithm", w: false }); - oids.insert("1.3.101.113", OidEntry { d: "curveEd448", c: "EdDSA 448 signature algorithm", w: false }); - oids.insert("1.3.101.114", OidEntry { d: "curveEd25519ph", c: "EdDSA 25519 pre-hash signature algorithm", w: false }); - oids.insert("1.3.101.115", OidEntry { d: "curveEd448ph", c: "EdDSA 448 pre-hash signature algorithm", w: false }); - oids.insert("1.3.132.0.1", OidEntry { d: "sect163k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.2", OidEntry { d: "sect163r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.3", OidEntry { d: "sect239k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.4", OidEntry { d: "sect113r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.5", OidEntry { d: "sect113r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.6", OidEntry { d: "secp112r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.7", OidEntry { d: "secp112r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.8", OidEntry { d: "secp160r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.9", OidEntry { d: "secp160k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.10", OidEntry { d: "secp256k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.15", OidEntry { d: "sect163r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.16", OidEntry { d: "sect283k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.17", OidEntry { d: "sect283r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.22", OidEntry { d: "sect131r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.23", OidEntry { d: "sect131r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.24", OidEntry { d: "sect193r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.25", OidEntry { d: "sect193r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.26", OidEntry { d: "sect233k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.27", OidEntry { d: "sect233r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.28", OidEntry { d: "secp128r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.29", OidEntry { d: "secp128r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.30", OidEntry { d: "secp160r2", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.31", OidEntry { d: "secp192k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.32", OidEntry { d: "secp224k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.33", OidEntry { d: "secp224r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.34", OidEntry { d: "secp384r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.35", OidEntry { d: "secp521r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.36", OidEntry { d: "sect409k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.37", OidEntry { d: "sect409r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.38", OidEntry { d: "sect571k1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.0.39", OidEntry { d: "sect571r1", c: "SECG (Certicom) named elliptic curve", w: false }); - oids.insert("1.3.132.1.11.0", OidEntry { d: "ecdhX963KDF-SHA224", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.11.1", OidEntry { d: "ecdhX963KDF-SHA256", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.11.2", OidEntry { d: "ecdhX963KDF-SHA384", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.11.3", OidEntry { d: "ecdhX963KDF-SHA512", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.14.0", OidEntry { d: "eccofactordhX963KDF-SHA224", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.14.1", OidEntry { d: "eccofactordhX963KDF-SHA256", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.14.2", OidEntry { d: "eccofactordhX963KDF-SHA384", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.14.3", OidEntry { d: "eccofactordhX963KDF-SHA512", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.15.0", OidEntry { d: "ecmqv-X963KDF-SHA224", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.15.1", OidEntry { d: "ecmqv-X963KDF-SHA256", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.15.2", OidEntry { d: "ecmqv-X963KDF-SHA384", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.132.1.15.3", OidEntry { d: "ecmqv-X963KDF-SHA512", c: "SECG (Certicom) elliptic curve key agreement", w: false }); - oids.insert("1.3.133.16.840.9.44", OidEntry { d: "x944", c: "X9.44", w: false }); - oids.insert("1.3.133.16.840.9.44.1", OidEntry { d: "x944Components", c: "X9.44", w: false }); - oids.insert("1.3.133.16.840.9.44.1.1", OidEntry { d: "x944Kdf2", c: "X9.44", w: false }); - oids.insert("1.3.133.16.840.9.44.1.2", OidEntry { d: "x944Kdf3", c: "X9.44", w: false }); - oids.insert("1.3.133.16.840.9.84", OidEntry { d: "x984", c: "X9.84", w: false }); - oids.insert("1.3.133.16.840.9.84.0", OidEntry { d: "x984Module", c: "X9.84", w: false }); - oids.insert("1.3.133.16.840.9.84.0.1", OidEntry { d: "x984Biometrics", c: "X9.84 Module", w: false }); - oids.insert("1.3.133.16.840.9.84.0.2", OidEntry { d: "x984CMS", c: "X9.84 Module", w: false }); - oids.insert("1.3.133.16.840.9.84.0.3", OidEntry { d: "x984Identifiers", c: "X9.84 Module", w: false }); - oids.insert("1.3.133.16.840.9.84.1", OidEntry { d: "x984Biometric", c: "X9.84", w: false }); - oids.insert("1.3.133.16.840.9.84.1.0", OidEntry { d: "biometricUnknownType", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.1", OidEntry { d: "biometricBodyOdor", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.2", OidEntry { d: "biometricDNA", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.3", OidEntry { d: "biometricEarShape", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.4", OidEntry { d: "biometricFacialFeatures", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.5", OidEntry { d: "biometricFingerImage", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.6", OidEntry { d: "biometricFingerGeometry", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.7", OidEntry { d: "biometricHandGeometry", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.8", OidEntry { d: "biometricIrisFeatures", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.9", OidEntry { d: "biometricKeystrokeDynamics", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.10", OidEntry { d: "biometricPalm", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.11", OidEntry { d: "biometricRetina", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.12", OidEntry { d: "biometricSignature", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.13", OidEntry { d: "biometricSpeechPattern", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.14", OidEntry { d: "biometricThermalImage", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.15", OidEntry { d: "biometricVeinPattern", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.16", OidEntry { d: "biometricThermalFaceImage", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.17", OidEntry { d: "biometricThermalHandImage", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.18", OidEntry { d: "biometricLipMovement", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.1.19", OidEntry { d: "biometricGait", c: "X9.84 Biometric", w: false }); - oids.insert("1.3.133.16.840.9.84.3", OidEntry { d: "x984MatchingMethod", c: "X9.84", w: false }); - oids.insert("1.3.133.16.840.9.84.4", OidEntry { d: "x984FormatOwner", c: "X9.84", w: false }); - oids.insert("1.3.133.16.840.9.84.4.0", OidEntry { d: "x984CbeffOwner", c: "X9.84 Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1", OidEntry { d: "x984IbiaOwner", c: "X9.84 Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.1", OidEntry { d: "ibiaOwnerSAFLINK", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.2", OidEntry { d: "ibiaOwnerBioscrypt", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.3", OidEntry { d: "ibiaOwnerVisionics", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.4", OidEntry { d: "ibiaOwnerInfineonTechnologiesAG", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.5", OidEntry { d: "ibiaOwnerIridianTechnologies", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.6", OidEntry { d: "ibiaOwnerVeridicom", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.7", OidEntry { d: "ibiaOwnerCyberSIGN", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.8", OidEntry { d: "ibiaOwnereCryp", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.9", OidEntry { d: "ibiaOwnerFingerprintCardsAB", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.10", OidEntry { d: "ibiaOwnerSecuGen", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.11", OidEntry { d: "ibiaOwnerPreciseBiometric", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.12", OidEntry { d: "ibiaOwnerIdentix", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.13", OidEntry { d: "ibiaOwnerDERMALOG", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.14", OidEntry { d: "ibiaOwnerLOGICO", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.15", OidEntry { d: "ibiaOwnerNIST", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.16", OidEntry { d: "ibiaOwnerA3Vision", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.17", OidEntry { d: "ibiaOwnerNEC", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.133.16.840.9.84.4.1.18", OidEntry { d: "ibiaOwnerSTMicroelectronics", c: "X9.84 IBIA Format Owner", w: false }); - oids.insert("1.3.158.36061701.0.0.0.1.2.2", OidEntry { d: "qcpSK", c: "Slovakia Qualified Electronic Signature policies", w: false }); - oids.insert("2.5.4.0", OidEntry { d: "objectClass", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.1", OidEntry { d: "aliasedEntryName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.2", OidEntry { d: "knowledgeInformation", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.3", OidEntry { d: "commonName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.4", OidEntry { d: "surname", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.5", OidEntry { d: "serialNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.6", OidEntry { d: "countryName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.7", OidEntry { d: "localityName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.7.1", OidEntry { d: "collectiveLocalityName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.8", OidEntry { d: "stateOrProvinceName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.8.1", OidEntry { d: "collectiveStateOrProvinceName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.9", OidEntry { d: "streetAddress", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.9.1", OidEntry { d: "collectiveStreetAddress", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.10", OidEntry { d: "organizationName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.10.1", OidEntry { d: "collectiveOrganizationName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.11", OidEntry { d: "organizationalUnitName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.11.1", OidEntry { d: "collectiveOrganizationalUnitName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.12", OidEntry { d: "title", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.13", OidEntry { d: "description", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.14", OidEntry { d: "searchGuide", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.15", OidEntry { d: "businessCategory", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.16", OidEntry { d: "postalAddress", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.16.1", OidEntry { d: "collectivePostalAddress", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.17", OidEntry { d: "postalCode", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.17.1", OidEntry { d: "collectivePostalCode", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.18", OidEntry { d: "postOfficeBox", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.18.1", OidEntry { d: "collectivePostOfficeBox", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.19", OidEntry { d: "physicalDeliveryOfficeName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.19.1", OidEntry { d: "collectivePhysicalDeliveryOfficeName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.20", OidEntry { d: "telephoneNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.20.1", OidEntry { d: "collectiveTelephoneNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.21", OidEntry { d: "telexNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.21.1", OidEntry { d: "collectiveTelexNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.22", OidEntry { d: "teletexTerminalIdentifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.22.1", OidEntry { d: "collectiveTeletexTerminalIdentifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.23", OidEntry { d: "facsimileTelephoneNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.23.1", OidEntry { d: "collectiveFacsimileTelephoneNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.24", OidEntry { d: "x121Address", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.25", OidEntry { d: "internationalISDNNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.25.1", OidEntry { d: "collectiveInternationalISDNNumber", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.26", OidEntry { d: "registeredAddress", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.27", OidEntry { d: "destinationIndicator", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.28", OidEntry { d: "preferredDeliveryMehtod", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.29", OidEntry { d: "presentationAddress", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.30", OidEntry { d: "supportedApplicationContext", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.31", OidEntry { d: "member", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.32", OidEntry { d: "owner", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.33", OidEntry { d: "roleOccupant", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.34", OidEntry { d: "seeAlso", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.35", OidEntry { d: "userPassword", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.36", OidEntry { d: "userCertificate", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.37", OidEntry { d: "caCertificate", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.38", OidEntry { d: "authorityRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.39", OidEntry { d: "certificateRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.40", OidEntry { d: "crossCertificatePair", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.41", OidEntry { d: "name", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.42", OidEntry { d: "givenName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.43", OidEntry { d: "initials", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.44", OidEntry { d: "generationQualifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.45", OidEntry { d: "uniqueIdentifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.46", OidEntry { d: "dnQualifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.47", OidEntry { d: "enhancedSearchGuide", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.48", OidEntry { d: "protocolInformation", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.49", OidEntry { d: "distinguishedName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.50", OidEntry { d: "uniqueMember", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.51", OidEntry { d: "houseIdentifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.52", OidEntry { d: "supportedAlgorithms", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.53", OidEntry { d: "deltaRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.54", OidEntry { d: "dmdName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.55", OidEntry { d: "clearance", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.56", OidEntry { d: "defaultDirQop", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.57", OidEntry { d: "attributeIntegrityInfo", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.58", OidEntry { d: "attributeCertificate", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.59", OidEntry { d: "attributeCertificateRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.60", OidEntry { d: "confKeyInfo", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.61", OidEntry { d: "aACertificate", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.62", OidEntry { d: "attributeDescriptorCertificate", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.63", OidEntry { d: "attributeAuthorityRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.64", OidEntry { d: "familyInformation", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.65", OidEntry { d: "pseudonym", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.66", OidEntry { d: "communicationsService", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.67", OidEntry { d: "communicationsNetwork", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.68", OidEntry { d: "certificationPracticeStmt", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.69", OidEntry { d: "certificatePolicy", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.70", OidEntry { d: "pkiPath", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.71", OidEntry { d: "privPolicy", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.72", OidEntry { d: "role", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.73", OidEntry { d: "delegationPath", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.74", OidEntry { d: "protPrivPolicy", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.75", OidEntry { d: "xMLPrivilegeInfo", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.76", OidEntry { d: "xmlPrivPolicy", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.77", OidEntry { d: "uuidpair", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.78", OidEntry { d: "tagOid", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.79", OidEntry { d: "uiiFormat", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.80", OidEntry { d: "uiiInUrh", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.81", OidEntry { d: "contentUrl", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.82", OidEntry { d: "permission", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.83", OidEntry { d: "uri", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.84", OidEntry { d: "pwdAttribute", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.85", OidEntry { d: "userPwd", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.86", OidEntry { d: "urn", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.87", OidEntry { d: "url", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.88", OidEntry { d: "utmCoordinates", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.89", OidEntry { d: "urnC", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.90", OidEntry { d: "uii", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.91", OidEntry { d: "epc", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.92", OidEntry { d: "tagAfi", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.93", OidEntry { d: "epcFormat", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.94", OidEntry { d: "epcInUrn", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.95", OidEntry { d: "ldapUrl", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.96", OidEntry { d: "tagLocation", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.97", OidEntry { d: "organizationIdentifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.98", OidEntry { d: "countryCode3c", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.99", OidEntry { d: "countryCode3n", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.100", OidEntry { d: "dnsName", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.101", OidEntry { d: "eepkCertificateRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.102", OidEntry { d: "eeAttrCertificateRevocationList", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.103", OidEntry { d: "supportedPublicKeyAlgorithms", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.104", OidEntry { d: "intEmail", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.105", OidEntry { d: "jid", c: "X.520 DN component", w: false }); - oids.insert("2.5.4.106", OidEntry { d: "objectIdentifier", c: "X.520 DN component", w: false }); - oids.insert("2.5.6.0", OidEntry { d: "top", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.1", OidEntry { d: "alias", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.2", OidEntry { d: "country", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.3", OidEntry { d: "locality", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.4", OidEntry { d: "organization", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.5", OidEntry { d: "organizationalUnit", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.6", OidEntry { d: "person", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.7", OidEntry { d: "organizationalPerson", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.8", OidEntry { d: "organizationalRole", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.9", OidEntry { d: "groupOfNames", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.10", OidEntry { d: "residentialPerson", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.11", OidEntry { d: "applicationProcess", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.12", OidEntry { d: "applicationEntity", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.13", OidEntry { d: "dSA", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.14", OidEntry { d: "device", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.15", OidEntry { d: "strongAuthenticationUser", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.16", OidEntry { d: "certificateAuthority", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.17", OidEntry { d: "groupOfUniqueNames", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.21", OidEntry { d: "pkiUser", c: "X.520 objectClass", w: false }); - oids.insert("2.5.6.22", OidEntry { d: "pkiCA", c: "X.520 objectClass", w: false }); - oids.insert("2.5.8.1.1", OidEntry { d: "rsa", c: "X.500 algorithms. Ambiguous, since no padding rules specified", w: true }); - oids.insert("2.5.29.1", OidEntry { d: "authorityKeyIdentifier", c: "X.509 extension. Deprecated, use 2 5 29 35 instead", w: true }); - oids.insert("2.5.29.2", OidEntry { d: "keyAttributes", c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", w: true }); - oids.insert("2.5.29.3", OidEntry { d: "certificatePolicies", c: "X.509 extension. Deprecated, use 2 5 29 32 instead", w: true }); - oids.insert("2.5.29.4", OidEntry { d: "keyUsageRestriction", c: "X.509 extension. Obsolete, use keyUsage/extKeyUsage instead", w: true }); - oids.insert("2.5.29.5", OidEntry { d: "policyMapping", c: "X.509 extension. Deprecated, use 2 5 29 33 instead", w: true }); - oids.insert("2.5.29.6", OidEntry { d: "subtreesConstraint", c: "X.509 extension. Obsolete, use nameConstraints instead", w: true }); - oids.insert("2.5.29.7", OidEntry { d: "subjectAltName", c: "X.509 extension. Deprecated, use 2 5 29 17 instead", w: true }); - oids.insert("2.5.29.8", OidEntry { d: "issuerAltName", c: "X.509 extension. Deprecated, use 2 5 29 18 instead", w: true }); - oids.insert("2.5.29.9", OidEntry { d: "subjectDirectoryAttributes", c: "X.509 extension", w: false }); - oids.insert("2.5.29.10", OidEntry { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true }); - oids.insert("2.5.29.11", OidEntry { d: "nameConstraints", c: "X.509 extension. Deprecated, use 2 5 29 30 instead", w: true }); - oids.insert("2.5.29.12", OidEntry { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true }); - oids.insert("2.5.29.13", OidEntry { d: "basicConstraints", c: "X.509 extension. Deprecated, use 2 5 29 19 instead", w: true }); - oids.insert("2.5.29.14", OidEntry { d: "subjectKeyIdentifier", c: "X.509 extension", w: false }); - oids.insert("2.5.29.15", OidEntry { d: "keyUsage", c: "X.509 extension", w: false }); - oids.insert("2.5.29.16", OidEntry { d: "privateKeyUsagePeriod", c: "X.509 extension", w: false }); - oids.insert("2.5.29.17", OidEntry { d: "subjectAltName", c: "X.509 extension", w: false }); - oids.insert("2.5.29.18", OidEntry { d: "issuerAltName", c: "X.509 extension", w: false }); - oids.insert("2.5.29.19", OidEntry { d: "basicConstraints", c: "X.509 extension", w: false }); - oids.insert("2.5.29.20", OidEntry { d: "cRLNumber", c: "X.509 extension", w: false }); - oids.insert("2.5.29.21", OidEntry { d: "cRLReason", c: "X.509 extension", w: false }); - oids.insert("2.5.29.22", OidEntry { d: "expirationDate", c: "X.509 extension. Deprecated, alternative OID uncertain", w: true }); - oids.insert("2.5.29.23", OidEntry { d: "instructionCode", c: "X.509 extension", w: false }); - oids.insert("2.5.29.24", OidEntry { d: "invalidityDate", c: "X.509 extension", w: false }); - oids.insert("2.5.29.25", OidEntry { d: "cRLDistributionPoints", c: "X.509 extension. Deprecated, use 2 5 29 31 instead", w: true }); - oids.insert("2.5.29.26", OidEntry { d: "issuingDistributionPoint", c: "X.509 extension. Deprecated, use 2 5 29 28 instead", w: true }); - oids.insert("2.5.29.27", OidEntry { d: "deltaCRLIndicator", c: "X.509 extension", w: false }); - oids.insert("2.5.29.28", OidEntry { d: "issuingDistributionPoint", c: "X.509 extension", w: false }); - oids.insert("2.5.29.29", OidEntry { d: "certificateIssuer", c: "X.509 extension", w: false }); - oids.insert("2.5.29.30", OidEntry { d: "nameConstraints", c: "X.509 extension", w: false }); - oids.insert("2.5.29.31", OidEntry { d: "cRLDistributionPoints", c: "X.509 extension", w: false }); - oids.insert("2.5.29.32", OidEntry { d: "certificatePolicies", c: "X.509 extension", w: false }); - oids.insert("2.5.29.32.0", OidEntry { d: "anyPolicy", c: "X.509 certificate policy", w: false }); - oids.insert("2.5.29.33", OidEntry { d: "policyMappings", c: "X.509 extension", w: false }); - oids.insert("2.5.29.34", OidEntry { d: "policyConstraints", c: "X.509 extension. Deprecated, use 2 5 29 36 instead", w: true }); - oids.insert("2.5.29.35", OidEntry { d: "authorityKeyIdentifier", c: "X.509 extension", w: false }); - oids.insert("2.5.29.36", OidEntry { d: "policyConstraints", c: "X.509 extension", w: false }); - oids.insert("2.5.29.37", OidEntry { d: "extKeyUsage", c: "X.509 extension", w: false }); - oids.insert("2.5.29.37.0", OidEntry { d: "anyExtendedKeyUsage", c: "X.509 extended key usage", w: false }); - oids.insert("2.5.29.38", OidEntry { d: "authorityAttributeIdentifier", c: "X.509 extension", w: false }); - oids.insert("2.5.29.39", OidEntry { d: "roleSpecCertIdentifier", c: "X.509 extension", w: false }); - oids.insert("2.5.29.40", OidEntry { d: "cRLStreamIdentifier", c: "X.509 extension", w: false }); - oids.insert("2.5.29.41", OidEntry { d: "basicAttConstraints", c: "X.509 extension", w: false }); - oids.insert("2.5.29.42", OidEntry { d: "delegatedNameConstraints", c: "X.509 extension", w: false }); - oids.insert("2.5.29.43", OidEntry { d: "timeSpecification", c: "X.509 extension", w: false }); - oids.insert("2.5.29.44", OidEntry { d: "cRLScope", c: "X.509 extension", w: false }); - oids.insert("2.5.29.45", OidEntry { d: "statusReferrals", c: "X.509 extension", w: false }); - oids.insert("2.5.29.46", OidEntry { d: "freshestCRL", c: "X.509 extension", w: false }); - oids.insert("2.5.29.47", OidEntry { d: "orderedList", c: "X.509 extension", w: false }); - oids.insert("2.5.29.48", OidEntry { d: "attributeDescriptor", c: "X.509 extension", w: false }); - oids.insert("2.5.29.49", OidEntry { d: "userNotice", c: "X.509 extension", w: false }); - oids.insert("2.5.29.50", OidEntry { d: "sOAIdentifier", c: "X.509 extension", w: false }); - oids.insert("2.5.29.51", OidEntry { d: "baseUpdateTime", c: "X.509 extension", w: false }); - oids.insert("2.5.29.52", OidEntry { d: "acceptableCertPolicies", c: "X.509 extension", w: false }); - oids.insert("2.5.29.53", OidEntry { d: "deltaInfo", c: "X.509 extension", w: false }); - oids.insert("2.5.29.54", OidEntry { d: "inhibitAnyPolicy", c: "X.509 extension", w: false }); - oids.insert("2.5.29.55", OidEntry { d: "targetInformation", c: "X.509 extension", w: false }); - oids.insert("2.5.29.56", OidEntry { d: "noRevAvail", c: "X.509 extension", w: false }); - oids.insert("2.5.29.57", OidEntry { d: "acceptablePrivilegePolicies", c: "X.509 extension", w: false }); - oids.insert("2.5.29.58", OidEntry { d: "toBeRevoked", c: "X.509 extension", w: false }); - oids.insert("2.5.29.59", OidEntry { d: "revokedGroups", c: "X.509 extension", w: false }); - oids.insert("2.5.29.60", OidEntry { d: "expiredCertsOnCRL", c: "X.509 extension", w: false }); - oids.insert("2.5.29.61", OidEntry { d: "indirectIssuer", c: "X.509 extension", w: false }); - oids.insert("2.5.29.62", OidEntry { d: "noAssertion", c: "X.509 extension", w: false }); - oids.insert("2.5.29.63", OidEntry { d: "aAissuingDistributionPoint", c: "X.509 extension", w: false }); - oids.insert("2.5.29.64", OidEntry { d: "issuedOnBehalfOf", c: "X.509 extension", w: false }); - oids.insert("2.5.29.65", OidEntry { d: "singleUse", c: "X.509 extension", w: false }); - oids.insert("2.5.29.66", OidEntry { d: "groupAC", c: "X.509 extension", w: false }); - oids.insert("2.5.29.67", OidEntry { d: "allowedAttAss", c: "X.509 extension", w: false }); - oids.insert("2.5.29.68", OidEntry { d: "attributeMappings", c: "X.509 extension", w: false }); - oids.insert("2.5.29.69", OidEntry { d: "holderNameConstraints", c: "X.509 extension", w: false }); - oids.insert("2.16.578.1.26.1.3.1", OidEntry { d: "privateKeySmartCard", c: "Norway Buypass CA policy", w: false }); - oids.insert("2.16.578.1.26.1.3.2", OidEntry { d: "privateKeySoftToken", c: "Norway Buypass CA policy", w: false }); - oids.insert("2.16.578.1.26.1.3.3", OidEntry { d: "sslEvident. Also assigned as BuyPass EV policy", c: "Norway Buypass CA policy", w: false }); - oids.insert("2.16.578.1.26.1.3.4", OidEntry { d: "sslBusinessPlus", c: "Norway Buypass CA policy", w: false }); - oids.insert("2.16.578.1.26.1.3.5", OidEntry { d: "privateKeyHardToken", c: "Norway Buypass CA policy", w: false }); - oids.insert("2.16.578.1.26.1.3.6", OidEntry { d: "privateKeyHSM", c: "Norway Buypass CA policy", w: false }); - oids.insert("2.16.724.1.2.2.4.1", OidEntry { d: "personalDataInfo", c: "Spanish Government PKI?", w: false }); - oids.insert("2.16.840.1.101.2.1.1.1", OidEntry { d: "sdnsSignatureAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.2", OidEntry { d: "fortezzaSignatureAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1.", w: false }); - oids.insert("2.16.840.1.101.2.1.1.3", OidEntry { d: "sdnsConfidentialityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.4", OidEntry { d: "fortezzaConfidentialityAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicConfidentialityAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.5", OidEntry { d: "sdnsIntegrityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.6", OidEntry { d: "fortezzaIntegrityAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicIntegrityAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.7", OidEntry { d: "sdnsTokenProtectionAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.8", OidEntry { d: "fortezzaTokenProtectionAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly know as mosaicTokenProtectionAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.9", OidEntry { d: "sdnsKeyManagementAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.10", OidEntry { d: "fortezzaKeyManagementAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyManagementAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.11", OidEntry { d: "sdnsKMandSigAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.12", OidEntry { d: "fortezzaKMandSigAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandSigAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.13", OidEntry { d: "suiteASignatureAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.14", OidEntry { d: "suiteAConfidentialityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.15", OidEntry { d: "suiteAIntegrityAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.16", OidEntry { d: "suiteATokenProtectionAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.17", OidEntry { d: "suiteAKeyManagementAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.18", OidEntry { d: "suiteAKMandSigAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.19", OidEntry { d: "fortezzaUpdatedSigAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedSigAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.20", OidEntry { d: "fortezzaKMandUpdSigAlgorithms", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKMandUpdSigAlgorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.21", OidEntry { d: "fortezzaUpdatedIntegAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicUpdatedIntegAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.22", OidEntry { d: "keyExchangeAlgorithm", c: "SDN.700 INFOSEC algorithms. Formerly known as mosaicKeyEncryptionAlgorithm", w: false }); - oids.insert("2.16.840.1.101.2.1.1.23", OidEntry { d: "fortezzaWrap80Algorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.1.24", OidEntry { d: "kEAKeyEncryptionAlgorithm", c: "SDN.700 INFOSEC algorithms", w: false }); - oids.insert("2.16.840.1.101.2.1.2.1", OidEntry { d: "rfc822MessageFormat", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.2", OidEntry { d: "emptyContent", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.3", OidEntry { d: "cspContentType", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.42", OidEntry { d: "mspRev3ContentType", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.48", OidEntry { d: "mspContentType", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.49", OidEntry { d: "mspRekeyAgentProtocol", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.50", OidEntry { d: "mspMMP", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.66", OidEntry { d: "mspRev3-1ContentType", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.72", OidEntry { d: "forwardedMSPMessageBodyPart", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.73", OidEntry { d: "mspForwardedMessageParameters", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.74", OidEntry { d: "forwardedCSPMsgBodyPart", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.75", OidEntry { d: "cspForwardedMessageParameters", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.76", OidEntry { d: "mspMMP2", c: "SDN.700 INFOSEC format", w: false }); - oids.insert("2.16.840.1.101.2.1.2.78.2", OidEntry { d: "encryptedKeyPackage", c: "SDN.700 INFOSEC format and RFC 6032", w: false }); - oids.insert("2.16.840.1.101.2.1.2.78.3", OidEntry { d: "keyPackageReceipt", c: "SDN.700 INFOSEC format and RFC 7191", w: false }); - oids.insert("2.16.840.1.101.2.1.2.78.6", OidEntry { d: "keyPackageError", c: "SDN.700 INFOSEC format and RFC 7191", w: false }); - oids.insert("2.16.840.1.101.2.1.3.1", OidEntry { d: "sdnsSecurityPolicy", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.2", OidEntry { d: "sdnsPRBAC", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.3", OidEntry { d: "mosaicPRBAC", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.10", OidEntry { d: "siSecurityPolicy", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.10.0", OidEntry { d: "siNASP", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.1", OidEntry { d: "siELCO", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.2", OidEntry { d: "siTK", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.3", OidEntry { d: "siDSAP", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.4", OidEntry { d: "siSSSS", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.5", OidEntry { d: "siDNASP", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.6", OidEntry { d: "siBYEMAN", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.7", OidEntry { d: "siREL-US", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.8", OidEntry { d: "siREL-AUS", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.9", OidEntry { d: "siREL-CAN", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.10", OidEntry { d: "siREL_UK", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.11", OidEntry { d: "siREL-NZ", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.10.12", OidEntry { d: "siGeneric", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.11", OidEntry { d: "genser", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.11.0", OidEntry { d: "genserNations", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.11.1", OidEntry { d: "genserComsec", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.11.2", OidEntry { d: "genserAcquisition", c: "SDN.700 INFOSEC policy (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.3.11.3", OidEntry { d: "genserSecurityCategories", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.11.3.0", OidEntry { d: "genserTagSetName", c: "SDN.700 INFOSEC GENSER policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.12", OidEntry { d: "defaultSecurityPolicy", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.13", OidEntry { d: "capcoMarkings", c: "SDN.700 INFOSEC policy", w: false }); - oids.insert("2.16.840.1.101.2.1.3.13.0", OidEntry { d: "capcoSecurityCategories", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); - oids.insert("2.16.840.1.101.2.1.3.13.0.1", OidEntry { d: "capcoTagSetName1", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); - oids.insert("2.16.840.1.101.2.1.3.13.0.2", OidEntry { d: "capcoTagSetName2", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); - oids.insert("2.16.840.1.101.2.1.3.13.0.3", OidEntry { d: "capcoTagSetName3", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); - oids.insert("2.16.840.1.101.2.1.3.13.0.4", OidEntry { d: "capcoTagSetName4", c: "SDN.700 INFOSEC policy CAPCO markings", w: false }); - oids.insert("2.16.840.1.101.2.1.5.1", OidEntry { d: "sdnsKeyManagementCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.2", OidEntry { d: "sdnsUserSignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.3", OidEntry { d: "sdnsKMandSigCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.4", OidEntry { d: "fortezzaKeyManagementCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.5", OidEntry { d: "fortezzaKMandSigCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.6", OidEntry { d: "fortezzaUserSignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.7", OidEntry { d: "fortezzaCASignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.8", OidEntry { d: "sdnsCASignatureCertificate", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.10", OidEntry { d: "auxiliaryVector", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.11", OidEntry { d: "mlReceiptPolicy", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.12", OidEntry { d: "mlMembership", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.13", OidEntry { d: "mlAdministrators", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.14", OidEntry { d: "alid", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.20", OidEntry { d: "janUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.21", OidEntry { d: "febUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.22", OidEntry { d: "marUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.23", OidEntry { d: "aprUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.24", OidEntry { d: "mayUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.25", OidEntry { d: "junUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.26", OidEntry { d: "julUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.27", OidEntry { d: "augUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.28", OidEntry { d: "sepUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.29", OidEntry { d: "octUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.30", OidEntry { d: "novUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.31", OidEntry { d: "decUKMs", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.40", OidEntry { d: "metaSDNSckl", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.41", OidEntry { d: "sdnsCKL", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.42", OidEntry { d: "metaSDNSsignatureCKL", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.43", OidEntry { d: "sdnsSignatureCKL", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.44", OidEntry { d: "sdnsCertificateRevocationList", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.45", OidEntry { d: "fortezzaCertificateRevocationList", c: "SDN.700 INFOSEC attributes (superseded)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.46", OidEntry { d: "fortezzaCKL", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.47", OidEntry { d: "alExemptedAddressProcessor", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.48", OidEntry { d: "guard", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.49", OidEntry { d: "algorithmsSupported", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.50", OidEntry { d: "suiteAKeyManagementCertificate", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.51", OidEntry { d: "suiteAKMandSigCertificate", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.52", OidEntry { d: "suiteAUserSignatureCertificate", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.53", OidEntry { d: "prbacInfo", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.54", OidEntry { d: "prbacCAConstraints", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.55", OidEntry { d: "sigOrKMPrivileges", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.56", OidEntry { d: "commPrivileges", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.57", OidEntry { d: "labeledAttribute", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.58", OidEntry { d: "policyInformationFile", c: "SDN.700 INFOSEC attributes (obsolete)", w: true }); - oids.insert("2.16.840.1.101.2.1.5.59", OidEntry { d: "secPolicyInformationFile", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.60", OidEntry { d: "cAClearanceConstraint", c: "SDN.700 INFOSEC attributes", w: false }); - oids.insert("2.16.840.1.101.2.1.5.65", OidEntry { d: "keyPkgIdAndReceiptReq", c: "SDN.700 INFOSEC attributes and RFC 7191", w: false }); - oids.insert("2.16.840.1.101.2.1.5.66", OidEntry { d: "contentDecryptKeyID", c: "SDN.700 INFOSEC attributes and RFC 6032", w: false }); - oids.insert("2.16.840.1.101.2.1.5.70", OidEntry { d: "kpCrlPointers", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.5.71", OidEntry { d: "kpKeyProvinceV2", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.5.72", OidEntry { d: "kpManifest", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.7.1", OidEntry { d: "cspExtns", c: "SDN.700 INFOSEC extensions", w: false }); - oids.insert("2.16.840.1.101.2.1.7.1.0", OidEntry { d: "cspCsExtn", c: "SDN.700 INFOSEC extensions", w: false }); - oids.insert("2.16.840.1.101.2.1.8.1", OidEntry { d: "mISSISecurityCategories", c: "SDN.700 INFOSEC security category", w: false }); - oids.insert("2.16.840.1.101.2.1.8.2", OidEntry { d: "standardSecurityLabelPrivileges", c: "SDN.700 INFOSEC security category", w: false }); - oids.insert("2.16.840.1.101.2.1.8.3.1", OidEntry { d: "enumeratedPermissiveAttrs", c: "SDN.700 INFOSEC security category from RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.8.3.3", OidEntry { d: "informativeAttrs", c: "SDN.700 INFOSEC security category from RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.8.3.4", OidEntry { d: "enumeratedRestrictiveAttrs", c: "SDN.700 INFOSEC security category from RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.10.1", OidEntry { d: "sigPrivileges", c: "SDN.700 INFOSEC privileges", w: false }); - oids.insert("2.16.840.1.101.2.1.10.2", OidEntry { d: "kmPrivileges", c: "SDN.700 INFOSEC privileges", w: false }); - oids.insert("2.16.840.1.101.2.1.10.3", OidEntry { d: "namedTagSetPrivilege", c: "SDN.700 INFOSEC privileges", w: false }); - oids.insert("2.16.840.1.101.2.1.11.1", OidEntry { d: "ukDemo", c: "SDN.700 INFOSEC certificate policy", w: false }); - oids.insert("2.16.840.1.101.2.1.11.2", OidEntry { d: "usDODClass2", c: "SDN.700 INFOSEC certificate policy", w: false }); - oids.insert("2.16.840.1.101.2.1.11.3", OidEntry { d: "usMediumPilot", c: "SDN.700 INFOSEC certificate policy", w: false }); - oids.insert("2.16.840.1.101.2.1.11.4", OidEntry { d: "usDODClass4", c: "SDN.700 INFOSEC certificate policy", w: false }); - oids.insert("2.16.840.1.101.2.1.11.5", OidEntry { d: "usDODClass3", c: "SDN.700 INFOSEC certificate policy", w: false }); - oids.insert("2.16.840.1.101.2.1.11.6", OidEntry { d: "usDODClass5", c: "SDN.700 INFOSEC certificate policy", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0", OidEntry { d: "testSecurityPolicy", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.1", OidEntry { d: "tsp1", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.1.0", OidEntry { d: "tsp1SecurityCategories", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.1.0.0", OidEntry { d: "tsp1TagSetZero", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.1.0.1", OidEntry { d: "tsp1TagSetOne", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.1.0.2", OidEntry { d: "tsp1TagSetTwo", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.2", OidEntry { d: "tsp2", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.2.0", OidEntry { d: "tsp2SecurityCategories", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.2.0.0", OidEntry { d: "tsp2TagSetZero", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.2.0.1", OidEntry { d: "tsp2TagSetOne", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.2.0.2", OidEntry { d: "tsp2TagSetTwo", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.3", OidEntry { d: "kafka", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.3.0", OidEntry { d: "kafkaSecurityCategories", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.3.0.1", OidEntry { d: "kafkaTagSetName1", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.3.0.2", OidEntry { d: "kafkaTagSetName2", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.0.3.0.3", OidEntry { d: "kafkaTagSetName3", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.12.1.1", OidEntry { d: "tcp1", c: "SDN.700 INFOSEC test objects", w: false }); - oids.insert("2.16.840.1.101.2.1.13.1", OidEntry { d: "kmaKeyAlgorithm", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.3", OidEntry { d: "kmaTSECNomenclature", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.5", OidEntry { d: "kmaKeyDistPeriod", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.6", OidEntry { d: "kmaKeyValidityPeriod", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.7", OidEntry { d: "kmaKeyDuration", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.11", OidEntry { d: "kmaSplitID", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.12", OidEntry { d: "kmaKeyPkgType", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.13", OidEntry { d: "kmaKeyPurpose", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.14", OidEntry { d: "kmaKeyUse", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.15", OidEntry { d: "kmaTransportKey", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.16", OidEntry { d: "kmaKeyPkgReceiversV2", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.19", OidEntry { d: "kmaOtherCertFormats", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.20", OidEntry { d: "kmaUsefulCerts", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.21", OidEntry { d: "kmaKeyWrapAlgorithm", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.13.22", OidEntry { d: "kmaSigUsageV3", c: "SDN.700 INFOSEC attributes and RFC 7906", w: false }); - oids.insert("2.16.840.1.101.2.1.16.0", OidEntry { d: "dn", c: "SDN.700 INFOSEC attributes and RFC 7191", w: false }); - oids.insert("2.16.840.1.101.2.1.22", OidEntry { d: "errorCodes", c: "RFC 7906 key attribute error codes", w: false }); - oids.insert("2.16.840.1.101.2.1.22.1", OidEntry { d: "missingKeyType", c: "RFC 7906 key attribute error codes", w: false }); - oids.insert("2.16.840.1.101.2.1.22.2", OidEntry { d: "privacyMarkTooLong", c: "RFC 7906 key attribute error codes", w: false }); - oids.insert("2.16.840.1.101.2.1.22.3", OidEntry { d: "unrecognizedSecurityPolicy", c: "RFC 7906 key attribute error codes", w: false }); - oids.insert("2.16.840.1.101.3.1", OidEntry { d: "slabel", c: "CSOR GAK", w: true }); - oids.insert("2.16.840.1.101.3.2", OidEntry { d: "pki", c: "NIST", w: true }); - oids.insert("2.16.840.1.101.3.2.1", OidEntry { d: "NIST policyIdentifier", c: "NIST policies", w: true }); - oids.insert("2.16.840.1.101.3.2.1.3.1", OidEntry { d: "fbcaRudimentaryPolicy", c: "Federal Bridge CA Policy", w: false }); - oids.insert("2.16.840.1.101.3.2.1.3.2", OidEntry { d: "fbcaBasicPolicy", c: "Federal Bridge CA Policy", w: false }); - oids.insert("2.16.840.1.101.3.2.1.3.3", OidEntry { d: "fbcaMediumPolicy", c: "Federal Bridge CA Policy", w: false }); - oids.insert("2.16.840.1.101.3.2.1.3.4", OidEntry { d: "fbcaHighPolicy", c: "Federal Bridge CA Policy", w: false }); - oids.insert("2.16.840.1.101.3.2.1.48.1", OidEntry { d: "nistTestPolicy1", c: "NIST PKITS policies", w: false }); - oids.insert("2.16.840.1.101.3.2.1.48.2", OidEntry { d: "nistTestPolicy2", c: "NIST PKITS policies", w: false }); - oids.insert("2.16.840.1.101.3.2.1.48.3", OidEntry { d: "nistTestPolicy3", c: "NIST PKITS policies", w: false }); - oids.insert("2.16.840.1.101.3.2.1.48.4", OidEntry { d: "nistTestPolicy4", c: "NIST PKITS policies", w: false }); - oids.insert("2.16.840.1.101.3.2.1.48.5", OidEntry { d: "nistTestPolicy5", c: "NIST PKITS policies", w: false }); - oids.insert("2.16.840.1.101.3.2.1.48.6", OidEntry { d: "nistTestPolicy6", c: "NIST PKITS policies", w: false }); - oids.insert("2.16.840.1.101.3.2.2", OidEntry { d: "gak", c: "CSOR GAK extended key usage", w: true }); - oids.insert("2.16.840.1.101.3.2.2.1", OidEntry { d: "kRAKey", c: "CSOR GAK extended key usage", w: true }); - oids.insert("2.16.840.1.101.3.2.3", OidEntry { d: "extensions", c: "CSOR GAK extensions", w: true }); - oids.insert("2.16.840.1.101.3.2.3.1", OidEntry { d: "kRTechnique", c: "CSOR GAK extensions", w: true }); - oids.insert("2.16.840.1.101.3.2.3.2", OidEntry { d: "kRecoveryCapable", c: "CSOR GAK extensions", w: true }); - oids.insert("2.16.840.1.101.3.2.3.3", OidEntry { d: "kR", c: "CSOR GAK extensions", w: true }); - oids.insert("2.16.840.1.101.3.2.4", OidEntry { d: "keyRecoverySchemes", c: "CSOR GAK", w: true }); - oids.insert("2.16.840.1.101.3.2.5", OidEntry { d: "krapola", c: "CSOR GAK", w: true }); - oids.insert("2.16.840.1.101.3.3", OidEntry { d: "arpa", c: "CSOR GAK", w: true }); - oids.insert("2.16.840.1.101.3.4", OidEntry { d: "nistAlgorithm", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1", OidEntry { d: "aes", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.1", OidEntry { d: "aes128-ECB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.2", OidEntry { d: "aes128-CBC", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.3", OidEntry { d: "aes128-OFB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.4", OidEntry { d: "aes128-CFB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.5", OidEntry { d: "aes128-wrap", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.6", OidEntry { d: "aes128-GCM", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.7", OidEntry { d: "aes128-CCM", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.8", OidEntry { d: "aes128-wrap-pad", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.9", OidEntry { d: "aes128-GMAC", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.21", OidEntry { d: "aes192-ECB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.22", OidEntry { d: "aes192-CBC", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.23", OidEntry { d: "aes192-OFB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.24", OidEntry { d: "aes192-CFB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.25", OidEntry { d: "aes192-wrap", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.26", OidEntry { d: "aes192-GCM", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.27", OidEntry { d: "aes192-CCM", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.28", OidEntry { d: "aes192-wrap-pad", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.29", OidEntry { d: "aes192-GMAC", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.41", OidEntry { d: "aes256-ECB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.42", OidEntry { d: "aes256-CBC", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.43", OidEntry { d: "aes256-OFB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.44", OidEntry { d: "aes256-CFB", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.45", OidEntry { d: "aes256-wrap", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.46", OidEntry { d: "aes256-GCM", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.47", OidEntry { d: "aes256-CCM", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.48", OidEntry { d: "aes256-wrap-pad", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.1.49", OidEntry { d: "aes256-GMAC", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2", OidEntry { d: "hashAlgos", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.1", OidEntry { d: "sha-256", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.2", OidEntry { d: "sha-384", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.3", OidEntry { d: "sha-512", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.4", OidEntry { d: "sha-224", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.7", OidEntry { d: "sha3-224", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.8", OidEntry { d: "sha3-256", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.9", OidEntry { d: "sha3-384", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.10", OidEntry { d: "sha3-512", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.11", OidEntry { d: "shake128", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.12", OidEntry { d: "shake256", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.17", OidEntry { d: "shake128len", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.18", OidEntry { d: "shake256len", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.19", OidEntry { d: "kmacShake128", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.2.20", OidEntry { d: "kmacShake256", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.3.1", OidEntry { d: "dsaWithSha224", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.101.3.4.3.2", OidEntry { d: "dsaWithSha256", c: "NIST Algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8", OidEntry { d: "novellAlgorithm", c: "Novell", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.22", OidEntry { d: "desCbcIV8", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.23", OidEntry { d: "desCbcPadIV8", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.24", OidEntry { d: "desEDE2CbcIV8", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.25", OidEntry { d: "desEDE2CbcPadIV8", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.26", OidEntry { d: "desEDE3CbcIV8", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.27", OidEntry { d: "desEDE3CbcPadIV8", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.28", OidEntry { d: "rc5CbcPad", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.29", OidEntry { d: "md2WithRSAEncryptionBSafe1", c: "Novell signature algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.30", OidEntry { d: "md5WithRSAEncryptionBSafe1", c: "Novell signature algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.31", OidEntry { d: "sha1WithRSAEncryptionBSafe1", c: "Novell signature algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.32", OidEntry { d: "lmDigest", c: "Novell digest algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.40", OidEntry { d: "md2", c: "Novell digest algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.50", OidEntry { d: "md5", c: "Novell digest algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.51", OidEntry { d: "ikeHmacWithSHA1-RSA", c: "Novell signature algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.52", OidEntry { d: "ikeHmacWithMD5-RSA", c: "Novell signature algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.69", OidEntry { d: "rc2CbcPad", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.82", OidEntry { d: "sha-1", c: "Novell digest algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.92", OidEntry { d: "rc2BSafe1Cbc", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.95", OidEntry { d: "md4", c: "Novell digest algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.130", OidEntry { d: "md4Packet", c: "Novell keyed hash", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.131", OidEntry { d: "rsaEncryptionBsafe1", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.132", OidEntry { d: "nwPassword", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.2.8.133", OidEntry { d: "novellObfuscate-1", c: "Novell encryption algorithm", w: false }); - oids.insert("2.16.840.1.113719.1.9", OidEntry { d: "pki", c: "Novell", w: false }); - oids.insert("2.16.840.1.113719.1.9.4", OidEntry { d: "pkiAttributeType", c: "Novell PKI", w: false }); - oids.insert("2.16.840.1.113719.1.9.4.1", OidEntry { d: "securityAttributes", c: "Novell PKI attribute type", w: false }); - oids.insert("2.16.840.1.113719.1.9.4.2", OidEntry { d: "relianceLimit", c: "Novell PKI attribute type", w: false }); - oids.insert("2.16.840.1.113730.1", OidEntry { d: "cert-extension", c: "Netscape", w: false }); - oids.insert("2.16.840.1.113730.1.1", OidEntry { d: "netscape-cert-type", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.2", OidEntry { d: "netscape-base-url", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.3", OidEntry { d: "netscape-revocation-url", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.4", OidEntry { d: "netscape-ca-revocation-url", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.7", OidEntry { d: "netscape-cert-renewal-url", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.8", OidEntry { d: "netscape-ca-policy-url", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.9", OidEntry { d: "HomePage-url", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.10", OidEntry { d: "EntityLogo", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.11", OidEntry { d: "UserPicture", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.12", OidEntry { d: "netscape-ssl-server-name", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.1.13", OidEntry { d: "netscape-comment", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.2", OidEntry { d: "data-type", c: "Netscape", w: false }); - oids.insert("2.16.840.1.113730.2.1", OidEntry { d: "dataGIF", c: "Netscape data type", w: false }); - oids.insert("2.16.840.1.113730.2.2", OidEntry { d: "dataJPEG", c: "Netscape data type", w: false }); - oids.insert("2.16.840.1.113730.2.3", OidEntry { d: "dataURL", c: "Netscape data type", w: false }); - oids.insert("2.16.840.1.113730.2.4", OidEntry { d: "dataHTML", c: "Netscape data type", w: false }); - oids.insert("2.16.840.1.113730.2.5", OidEntry { d: "certSequence", c: "Netscape data type", w: false }); - oids.insert("2.16.840.1.113730.2.6", OidEntry { d: "certURL", c: "Netscape certificate extension", w: false }); - oids.insert("2.16.840.1.113730.3", OidEntry { d: "directory", c: "Netscape", w: false }); - oids.insert("2.16.840.1.113730.3.1", OidEntry { d: "ldapDefinitions", c: "Netscape directory", w: false }); - oids.insert("2.16.840.1.113730.3.1.1", OidEntry { d: "carLicense", c: "Netscape LDAP definitions", w: false }); - oids.insert("2.16.840.1.113730.3.1.2", OidEntry { d: "departmentNumber", c: "Netscape LDAP definitions", w: false }); - oids.insert("2.16.840.1.113730.3.1.3", OidEntry { d: "employeeNumber", c: "Netscape LDAP definitions", w: false }); - oids.insert("2.16.840.1.113730.3.1.4", OidEntry { d: "employeeType", c: "Netscape LDAP definitions", w: false }); - oids.insert("2.16.840.1.113730.3.1.216", OidEntry { d: "userPKCS12", c: "Netscape LDAP definitions", w: false }); - oids.insert("2.16.840.1.113730.3.2.2", OidEntry { d: "inetOrgPerson", c: "Netscape LDAP definitions", w: false }); - oids.insert("2.16.840.1.113730.4.1", OidEntry { d: "serverGatedCrypto", c: "Netscape", w: false }); - oids.insert("2.16.840.1.113733.1.6.3", OidEntry { d: "verisignCZAG", c: "Verisign extension", w: false }); - oids.insert("2.16.840.1.113733.1.6.6", OidEntry { d: "verisignInBox", c: "Verisign extension", w: false }); - oids.insert("2.16.840.1.113733.1.6.11", OidEntry { d: "verisignOnsiteJurisdictionHash", c: "Verisign extension", w: false }); - oids.insert("2.16.840.1.113733.1.6.13", OidEntry { d: "Unknown Verisign VPN extension", c: "Verisign extension", w: false }); - oids.insert("2.16.840.1.113733.1.6.15", OidEntry { d: "verisignServerID", c: "Verisign extension", w: false }); - oids.insert("2.16.840.1.113733.1.7.1.1", OidEntry { d: "verisignCertPolicies95Qualifier1", c: "Verisign policy", w: false }); - oids.insert("2.16.840.1.113733.1.7.1.1.1", OidEntry { d: "verisignCPSv1notice", c: "Verisign policy (obsolete)", w: false }); - oids.insert("2.16.840.1.113733.1.7.1.1.2", OidEntry { d: "verisignCPSv1nsi", c: "Verisign policy (obsolete)", w: false }); - oids.insert("2.16.840.1.113733.1.8.1", OidEntry { d: "verisignISSStrongCrypto", c: "Verisign", w: false }); - oids.insert("2.16.840.1.113733.1", OidEntry { d: "pki", c: "Verisign extension", w: false }); - oids.insert("2.16.840.1.113733.1.9", OidEntry { d: "pkcs7Attribute", c: "Verisign PKI extension", w: false }); - oids.insert("2.16.840.1.113733.1.9.2", OidEntry { d: "messageType", c: "Verisign PKCS #7 attribute", w: false }); - oids.insert("2.16.840.1.113733.1.9.3", OidEntry { d: "pkiStatus", c: "Verisign PKCS #7 attribute", w: false }); - oids.insert("2.16.840.1.113733.1.9.4", OidEntry { d: "failInfo", c: "Verisign PKCS #7 attribute", w: false }); - oids.insert("2.16.840.1.113733.1.9.5", OidEntry { d: "senderNonce", c: "Verisign PKCS #7 attribute", w: false }); - oids.insert("2.16.840.1.113733.1.9.6", OidEntry { d: "recipientNonce", c: "Verisign PKCS #7 attribute", w: false }); - oids.insert("2.16.840.1.113733.1.9.7", OidEntry { d: "transID", c: "Verisign PKCS #7 attribute", w: false }); - oids.insert("2.16.840.1.113733.1.9.8", OidEntry { d: "extensionReq", c: "Verisign PKCS #7 attribute. Use PKCS #9 extensionRequest instead", w: true }); - oids.insert("2.16.840.1.113741.2", OidEntry { d: "intelCDSA", c: "Intel CDSA", w: false }); - oids.insert("2.16.840.1.114412.1", OidEntry { d: "digiCertNonEVCerts", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.1", OidEntry { d: "digiCertOVCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.2", OidEntry { d: "digiCertDVCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.11", OidEntry { d: "digiCertFederatedDeviceCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.3.0.1", OidEntry { d: "digiCertGlobalCAPolicy", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.3.0.2", OidEntry { d: "digiCertHighAssuranceEVCAPolicy", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.3.0.3", OidEntry { d: "digiCertGlobalRootCAPolicy", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.1.3.0.4", OidEntry { d: "digiCertAssuredIDRootCAPolicy", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.2", OidEntry { d: "digiCertEVCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.3", OidEntry { d: "digiCertObjectSigningCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.3.1", OidEntry { d: "digiCertCodeSigningCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.3.2", OidEntry { d: "digiCertEVCodeSigningCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.3.11", OidEntry { d: "digiCertKernelCodeSigningCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.3.21", OidEntry { d: "digiCertDocumentSigningCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4", OidEntry { d: "digiCertClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.1.1", OidEntry { d: "digiCertLevel1PersonalClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.1.2", OidEntry { d: "digiCertLevel1EnterpriseClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.2", OidEntry { d: "digiCertLevel2ClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.3.1", OidEntry { d: "digiCertLevel3USClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.3.2", OidEntry { d: "digiCertLevel3CBPClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.4.1", OidEntry { d: "digiCertLevel4USClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.4.2", OidEntry { d: "digiCertLevel4CBPClientCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.5.1", OidEntry { d: "digiCertPIVHardwareCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.5.2", OidEntry { d: "digiCertPIVCardAuthCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.2.4.5.3", OidEntry { d: "digiCertPIVContentSigningCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.4.31", OidEntry { d: "digiCertGridClassicCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.4.31.5", OidEntry { d: "digiCertGridIntegratedCert", c: "Digicert CA policy", w: false }); - oids.insert("2.16.840.1.114412.31.4.31.1", OidEntry { d: "digiCertGridHostCert", c: "Digicert CA policy", w: false }); - oids.insert("2.23.42.0", OidEntry { d: "contentType", c: "SET", w: false }); - oids.insert("2.23.42.0.0", OidEntry { d: "panData", c: "SET contentType", w: false }); - oids.insert("2.23.42.0.1", OidEntry { d: "panToken", c: "SET contentType", w: false }); - oids.insert("2.23.42.0.2", OidEntry { d: "panOnly", c: "SET contentType", w: false }); - oids.insert("2.23.42.1", OidEntry { d: "msgExt", c: "SET", w: false }); - oids.insert("2.23.42.2", OidEntry { d: "field", c: "SET", w: false }); - oids.insert("2.23.42.2.0", OidEntry { d: "fullName", c: "SET field", w: false }); - oids.insert("2.23.42.2.1", OidEntry { d: "givenName", c: "SET field", w: false }); - oids.insert("2.23.42.2.2", OidEntry { d: "familyName", c: "SET field", w: false }); - oids.insert("2.23.42.2.3", OidEntry { d: "birthFamilyName", c: "SET field", w: false }); - oids.insert("2.23.42.2.4", OidEntry { d: "placeName", c: "SET field", w: false }); - oids.insert("2.23.42.2.5", OidEntry { d: "identificationNumber", c: "SET field", w: false }); - oids.insert("2.23.42.2.6", OidEntry { d: "month", c: "SET field", w: false }); - oids.insert("2.23.42.2.7", OidEntry { d: "date", c: "SET field", w: false }); - oids.insert("2.23.42.2.8", OidEntry { d: "address", c: "SET field", w: false }); - oids.insert("2.23.42.2.9", OidEntry { d: "telephone", c: "SET field", w: false }); - oids.insert("2.23.42.2.10", OidEntry { d: "amount", c: "SET field", w: false }); - oids.insert("2.23.42.2.11", OidEntry { d: "accountNumber", c: "SET field", w: false }); - oids.insert("2.23.42.2.12", OidEntry { d: "passPhrase", c: "SET field", w: false }); - oids.insert("2.23.42.3", OidEntry { d: "attribute", c: "SET", w: false }); - oids.insert("2.23.42.3.0", OidEntry { d: "cert", c: "SET attribute", w: false }); - oids.insert("2.23.42.3.0.0", OidEntry { d: "rootKeyThumb", c: "SET cert attribute", w: false }); - oids.insert("2.23.42.3.0.1", OidEntry { d: "additionalPolicy", c: "SET cert attribute", w: false }); - oids.insert("2.23.42.4", OidEntry { d: "algorithm", c: "SET", w: false }); - oids.insert("2.23.42.5", OidEntry { d: "policy", c: "SET", w: false }); - oids.insert("2.23.42.5.0", OidEntry { d: "root", c: "SET policy", w: false }); - oids.insert("2.23.42.6", OidEntry { d: "module", c: "SET", w: false }); - oids.insert("2.23.42.7", OidEntry { d: "certExt", c: "SET", w: false }); - oids.insert("2.23.42.7.0", OidEntry { d: "hashedRootKey", c: "SET cert extension", w: false }); - oids.insert("2.23.42.7.1", OidEntry { d: "certificateType", c: "SET cert extension", w: false }); - oids.insert("2.23.42.7.2", OidEntry { d: "merchantData", c: "SET cert extension", w: false }); - oids.insert("2.23.42.7.3", OidEntry { d: "cardCertRequired", c: "SET cert extension", w: false }); - oids.insert("2.23.42.7.4", OidEntry { d: "tunneling", c: "SET cert extension", w: false }); - oids.insert("2.23.42.7.5", OidEntry { d: "setExtensions", c: "SET cert extension", w: false }); - oids.insert("2.23.42.7.6", OidEntry { d: "setQualifier", c: "SET cert extension", w: false }); - oids.insert("2.23.42.8", OidEntry { d: "brand", c: "SET", w: false }); - oids.insert("2.23.42.8.1", OidEntry { d: "IATA-ATA", c: "SET brand", w: false }); - oids.insert("2.23.42.8.4", OidEntry { d: "VISA", c: "SET brand", w: false }); - oids.insert("2.23.42.8.5", OidEntry { d: "MasterCard", c: "SET brand", w: false }); - oids.insert("2.23.42.8.30", OidEntry { d: "Diners", c: "SET brand", w: false }); - oids.insert("2.23.42.8.34", OidEntry { d: "AmericanExpress", c: "SET brand", w: false }); - oids.insert("2.23.42.8.6011", OidEntry { d: "Novus", c: "SET brand", w: false }); - oids.insert("2.23.42.9", OidEntry { d: "vendor", c: "SET", w: false }); - oids.insert("2.23.42.9.0", OidEntry { d: "GlobeSet", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.1", OidEntry { d: "IBM", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.2", OidEntry { d: "CyberCash", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.3", OidEntry { d: "Terisa", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.4", OidEntry { d: "RSADSI", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.5", OidEntry { d: "VeriFone", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.6", OidEntry { d: "TrinTech", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.7", OidEntry { d: "BankGate", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.8", OidEntry { d: "GTE", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.9", OidEntry { d: "CompuSource", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.10", OidEntry { d: "Griffin", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.11", OidEntry { d: "Certicom", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.12", OidEntry { d: "OSS", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.13", OidEntry { d: "TenthMountain", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.14", OidEntry { d: "Antares", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.15", OidEntry { d: "ECC", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.16", OidEntry { d: "Maithean", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.17", OidEntry { d: "Netscape", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.18", OidEntry { d: "Verisign", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.19", OidEntry { d: "BlueMoney", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.20", OidEntry { d: "Lacerte", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.21", OidEntry { d: "Fujitsu", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.22", OidEntry { d: "eLab", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.23", OidEntry { d: "Entrust", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.24", OidEntry { d: "VIAnet", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.25", OidEntry { d: "III", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.26", OidEntry { d: "OpenMarket", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.27", OidEntry { d: "Lexem", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.28", OidEntry { d: "Intertrader", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.29", OidEntry { d: "Persimmon", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.30", OidEntry { d: "NABLE", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.31", OidEntry { d: "espace-net", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.32", OidEntry { d: "Hitachi", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.33", OidEntry { d: "Microsoft", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.34", OidEntry { d: "NEC", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.35", OidEntry { d: "Mitsubishi", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.36", OidEntry { d: "NCR", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.37", OidEntry { d: "e-COMM", c: "SET vendor", w: false }); - oids.insert("2.23.42.9.38", OidEntry { d: "Gemplus", c: "SET vendor", w: false }); - oids.insert("2.23.42.10", OidEntry { d: "national", c: "SET", w: false }); - oids.insert("2.23.42.10.392", OidEntry { d: "Japan", c: "SET national", w: false }); - oids.insert("2.23.43.1.4", OidEntry { d: "wTLS-ECC", c: "WAP WTLS", w: false }); - oids.insert("2.23.43.1.4.1", OidEntry { d: "wTLS-ECC-curve1", c: "WAP WTLS", w: false }); - oids.insert("2.23.43.1.4.6", OidEntry { d: "wTLS-ECC-curve6", c: "WAP WTLS", w: false }); - oids.insert("2.23.43.1.4.8", OidEntry { d: "wTLS-ECC-curve8", c: "WAP WTLS", w: false }); - oids.insert("2.23.43.1.4.9", OidEntry { d: "wTLS-ECC-curve9", c: "WAP WTLS", w: false }); - oids.insert("2.23.133", OidEntry { d: "tCPA", c: "TCPA/TCG", w: false }); - oids.insert("2.23.133.1", OidEntry { d: "tcgSpecVersion", c: "TCPA/TCG", w: false }); - oids.insert("2.23.133.2", OidEntry { d: "tcgAttribute", c: "TCPA/TCG", w: false }); - oids.insert("2.23.133.2.1", OidEntry { d: "tcgTpmManufacturer", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.2", OidEntry { d: "tcgTpmModel", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.3", OidEntry { d: "tcgTpmVersion", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.4", OidEntry { d: "tcgPlatformManufacturer", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.5", OidEntry { d: "tcgPlatformModel", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.6", OidEntry { d: "tcgPlatformVersion", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.7", OidEntry { d: "tcgComponentManufacturer", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.8", OidEntry { d: "tcgComponentModel", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.9", OidEntry { d: "tcgComponentVersion", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.10", OidEntry { d: "tcgSecurityQualities", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.11", OidEntry { d: "tcgTpmProtectionProfile", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.12", OidEntry { d: "tcgTpmSecurityTarget", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.13", OidEntry { d: "tcgFoundationProtectionProfile", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.14", OidEntry { d: "tcgFoundationSecurityTarget", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.15", OidEntry { d: "tcgTpmIdLabel", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.16", OidEntry { d: "tcgTpmSpecification", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.2.18", OidEntry { d: "tcgTpmSecurityAssertions", c: "TCPA/TCG Attribute", w: false }); - oids.insert("2.23.133.3", OidEntry { d: "tcgProtocol", c: "TCPA/TCG", w: false }); - oids.insert("2.23.133.3.1", OidEntry { d: "tcgPrttTpmIdProtocol", c: "TCPA/TCG Protocol", w: false }); - oids.insert("2.23.133.8.1", OidEntry { d: "tcgEKCertificate", c: "TCPA/TCG Key Usage", w: false }); - oids.insert("2.23.133.10.1.1.1", OidEntry { d: "tcgObject", c: "TCPA/TCG Object", w: false }); - oids.insert("2.23.134.1.4.2.1", OidEntry { d: "postSignumRootQCA", c: "PostSignum CA", w: false }); - oids.insert("2.23.134.1.2.2.3", OidEntry { d: "postSignumPublicCA", c: "PostSignum CA", w: false }); - oids.insert("2.23.134.1.2.1.8.210", OidEntry { d: "postSignumCommercialServerPolicy", c: "PostSignum CA", w: false }); - oids.insert("2.23.136.1.1.1", OidEntry { d: "mRTDSignatureData", c: "ICAO MRTD", w: false }); - oids.insert("2.23.140.1.1", OidEntry { d: "evGuidelines", c: "CAB Certificate Policies", w: false }); - oids.insert("2.23.140.1.2.1", OidEntry { d: "domainValidated", c: "CAB Certificate Policies", w: false }); - oids.insert("2.23.140.1.2.2", OidEntry { d: "subjectIdentityValidated", c: "CAB Certificate Policies", w: false }); - oids.insert("2.23.140.1.4.1", OidEntry { d: "codeSigningRequirements", c: "CAB Certificate Policies", w: false }); - oids.insert("2.54.1775.2", OidEntry { d: "hashedRootKey", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("2.54.1775.3", OidEntry { d: "certificateType", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("2.54.1775.4", OidEntry { d: "merchantData", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("2.54.1775.5", OidEntry { d: "cardCertRequired", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("2.54.1775.6", OidEntry { d: "tunneling", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("2.54.1775.7", OidEntry { d: "setQualifier", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("2.54.1775.99", OidEntry { d: "setData", c: "SET. Deprecated, use (2 23 42 7 0) instead", w: true }); - oids.insert("1.2.40.0.17.1.22", OidEntry { d: "A-Trust EV policy", c: "A-Trust CA Root", w: false }); - oids.insert("1.3.6.1.4.1.34697.2.1", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Commercial", w: false }); - oids.insert("1.3.6.1.4.1.34697.2.2", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Networking", w: false }); - oids.insert("1.3.6.1.4.1.34697.2.3", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Premium", w: false }); - oids.insert("1.3.6.1.4.1.34697.2.4", OidEntry { d: "AffirmTrust EV policy", c: "AffirmTrust Premium ECC", w: false }); - oids.insert("1.3.6.1.4.1.17326.10.14.2.1.2", OidEntry { d: "Camerfirma EV policy", c: "Camerfirma CA Root", w: false }); - oids.insert("1.3.6.1.4.1.17326.10.8.12.1.2", OidEntry { d: "Camerfirma EV policy", c: "Camerfirma CA Root", w: false }); - oids.insert("1.3.6.1.4.1.22234.2.5.2.3.1", OidEntry { d: "CertPlus EV policy", c: "CertPlus Class 2 Primary CA (formerly Keynectis)", w: false }); - oids.insert("1.3.6.1.4.1.6449.1.2.1.5.1", OidEntry { d: "Comodo EV policy", c: "COMODO Certification Authority", w: false }); - oids.insert("1.3.6.1.4.1.6334.1.100.1", OidEntry { d: "Cybertrust EV policy", c: "Cybertrust Global Root (now Verizon Business)", w: false }); - oids.insert("1.3.6.1.4.1.4788.2.202.1", OidEntry { d: "D-TRUST EV policy", c: "D-TRUST Root Class 3 CA 2 EV 2009", w: false }); - oids.insert("2.16.840.1.114412.2.1", OidEntry { d: "DigiCert EV policy", c: "DigiCert High Assurance EV Root CA", w: false }); - oids.insert("2.16.528.1.1001.1.1.1.12.6.1.1.1", OidEntry { d: "DigiNotar EV policy", c: "DigiNotar Root CA", w: false }); - oids.insert("2.16.840.1.114028.10.1.2", OidEntry { d: "Entrust EV policy", c: "Entrust Root Certification Authority", w: false }); - oids.insert("1.3.6.1.4.1.14370.1.6", OidEntry { d: "GeoTrust EV policy", c: "GeoTrust Primary Certification Authority (formerly Equifax)", w: false }); - oids.insert("1.3.6.1.4.1.4146.1.1", OidEntry { d: "GlobalSign EV policy", c: "GlobalSign", w: false }); - oids.insert("2.16.840.1.114413.1.7.23.3", OidEntry { d: "GoDaddy EV policy", c: "GoDaddy Class 2 Certification Authority (formerly ValiCert)", w: false }); - oids.insert("1.3.6.1.4.1.14777.6.1.1", OidEntry { d: "Izenpe EV policy", c: "Certificado de Servidor Seguro SSL EV", w: false }); - oids.insert("1.3.6.1.4.1.14777.6.1.2", OidEntry { d: "Izenpe EV policy", c: "Certificado de Sede Electronica EV", w: false }); - oids.insert("1.3.6.1.4.1.782.1.2.1.8.1", OidEntry { d: "Network Solutions EV policy", c: "Network Solutions Certificate Authority", w: false }); - oids.insert("1.3.6.1.4.1.8024.0.2.100.1.2", OidEntry { d: "QuoVadis EV policy", c: "QuoVadis Root CA 2", w: false }); - oids.insert("1.2.392.200091.100.721.1", OidEntry { d: "Security Communication (SECOM) EV policy", c: "Security Communication RootCA1", w: false }); - oids.insert("2.16.840.1.114414.1.7.23.3", OidEntry { d: "Starfield EV policy", c: "Starfield Class 2 Certification Authority", w: false }); - oids.insert("1.3.6.1.4.1.23223.1.1.1", OidEntry { d: "StartCom EV policy", c: "StartCom Certification Authority", w: false }); - oids.insert("2.16.756.1.89.1.2.1.1", OidEntry { d: "SwissSign EV policy", c: "SwissSign Gold CA - G2", w: false }); - oids.insert("1.3.6.1.4.1.7879.13.24.1", OidEntry { d: "T-TeleSec EV policy", c: "T-TeleSec GlobalRoot Class 3", w: false }); - oids.insert("2.16.840.1.113733.1.7.48.1", OidEntry { d: "Thawte EV policy", c: "Thawte Premium Server CA", w: false }); - oids.insert("2.16.840.1.114404.1.1.2.4.1", OidEntry { d: "TrustWave EV policy", c: "TrustWave CA, formerly SecureTrust, before that XRamp", w: false }); - oids.insert("1.3.6.1.4.1.40869.1.1.22.3", OidEntry { d: "TWCA EV policy", c: "TWCA Root Certification Authority", w: false }); - oids.insert("2.16.840.1.113733.1.7.23.6", OidEntry { d: "VeriSign EV policy", c: "VeriSign Class 3 Public Primary Certification Authority", w: false }); - oids.insert("2.16.840.1.114171.500.9", OidEntry { d: "Wells Fargo EV policy", c: "Wells Fargo WellsSecure Public Root Certificate Authority", w: false }); - oids.insert("2.23.136.1.1.6.1", OidEntry { d: "nameChange", c: "X.509 extension", w: false }); - oids.insert("2.23.136.1.1.6.2", OidEntry { d: "documentTypeList", c: "X.509 extension", w: false }); - - oids + HashMap::from([ + // PKCS#9 signed attributes used in CMS / SOD structures + ("1.2.840.113549.1.9.3", OidEntry { + d: "contentType", + c: "PKCS #9", + w: false, + }), + ("1.2.840.113549.1.9.4", OidEntry { + d: "messageDigest", + c: "PKCS #9", + w: false, + }), + ("1.2.840.113549.1.9.5", OidEntry { + d: "signingTime", + c: "PKCS #9", + w: false, + }), + // CMS eContent type for ICAO LDS security objects + ("2.23.136.1.1.1", OidEntry { + d: "mRTDSignatureData", + c: "ICAO MRTD", + w: false, + }), + // Hash algorithms recognised by the parser + ("1.3.14.3.2.26", OidEntry { + d: "sha-1", + c: "NIST Algorithm", + w: false, + }), + ("2.16.840.1.101.3.4.2.1", OidEntry { + d: "sha-256", + c: "NIST Algorithm", + w: false, + }), + ("2.16.840.1.101.3.4.2.2", OidEntry { + d: "sha-384", + c: "NIST Algorithm", + w: false, + }), + ("2.16.840.1.101.3.4.2.3", OidEntry { + d: "sha-512", + c: "NIST Algorithm", + w: false, + }), + ("2.16.840.1.101.3.4.2.4", OidEntry { + d: "sha-224", + c: "NIST Algorithm", + w: false, + }), + // Common X.509 RDN attributes so issuer/subject strings stay readable + ("2.5.4.3", OidEntry { + d: "commonName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.4", OidEntry { + d: "surname", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.5", OidEntry { + d: "serialNumber", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.6", OidEntry { + d: "countryName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.7", OidEntry { + d: "localityName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.8", OidEntry { + d: "stateOrProvinceName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.9", OidEntry { + d: "streetAddress", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.10", OidEntry { + d: "organizationName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.11", OidEntry { + d: "organizationalUnitName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.12", OidEntry { + d: "title", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.13", OidEntry { + d: "description", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.17", OidEntry { + d: "postalCode", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.42", OidEntry { + d: "givenName", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.43", OidEntry { + d: "initials", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.46", OidEntry { + d: "dnQualifier", + c: "X.520 Distinguished Name", + w: false, + }), + ("2.5.4.65", OidEntry { + d: "pseudonym", + c: "X.520 Distinguished Name", + w: false, + }), + // Commonly encountered X.509 extensions + ("2.5.29.14", OidEntry { + d: "subjectKeyIdentifier", + c: "X.509 extension", + w: false, + }), + ("2.5.29.15", OidEntry { + d: "keyUsage", + c: "X.509 extension", + w: false, + }), + ("2.5.29.17", OidEntry { + d: "subjectAltName", + c: "X.509 extension", + w: false, + }), + ("2.5.29.19", OidEntry { + d: "basicConstraints", + c: "X.509 extension", + w: false, + }), + ("2.5.29.31", OidEntry { + d: "cRLDistributionPoints", + c: "X.509 extension", + w: false, + }), + ("2.5.29.32", OidEntry { + d: "certificatePolicies", + c: "X.509 extension", + w: false, + }), + ("2.5.29.32.0", OidEntry { + d: "anyPolicy", + c: "X.509 extension", + w: false, + }), + ("2.5.29.35", OidEntry { + d: "authorityKeyIdentifier", + c: "X.509 extension", + w: false, + }), + ("2.5.29.37", OidEntry { + d: "extKeyUsage", + c: "X.509 extension", + w: false, + }), + ]) } From 0b578c5e48ffa86782ab50bd360d680986675def Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Wed, 17 Sep 2025 22:07:18 +0530 Subject: [PATCH 09/10] fix: clean code --- playground/passport-input-gen/Cargo.toml | 2 + .../csca_registry/csca_public_key.json | 24 +- playground/passport-input-gen/src/lib.rs | 325 ++++++++++-------- .../passport-input-gen/src/mock_generator.rs | 19 +- .../passport-input-gen/src/parser/binary.rs | 4 +- .../passport-input-gen/src/parser/dsc.rs | 68 ++-- .../passport-input-gen/src/parser/mod.rs | 10 +- .../src/parser/oid_registry.rs | 7 +- .../passport-input-gen/src/parser/sod.rs | 221 +++++++----- .../passport-input-gen/src/parser/types.rs | 42 ++- .../passport-input-gen/src/parser/utils.rs | 66 ++-- 11 files changed, 450 insertions(+), 338 deletions(-) diff --git a/playground/passport-input-gen/Cargo.toml b/playground/passport-input-gen/Cargo.toml index d8c62ad7a..0a2487b32 100644 --- a/playground/passport-input-gen/Cargo.toml +++ b/playground/passport-input-gen/Cargo.toml @@ -20,3 +20,5 @@ toml = "0.8" noir-bignum-paramgen = "0.1.5" thiserror = "2.0.16" signature = "2.2" +lazy_static = "1.5.0" + diff --git a/playground/passport-input-gen/csca_registry/csca_public_key.json b/playground/passport-input-gen/csca_registry/csca_public_key.json index 920aa6669..0e46cfbd7 100644 --- a/playground/passport-input-gen/csca_registry/csca_public_key.json +++ b/playground/passport-input-gen/csca_registry/csca_public_key.json @@ -4,48 +4,48 @@ "filename": "cert-00267-pubkey.pem", "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw4VGHnr3jsI//bv4fKBmGYLcrdcABkQNmVr8xkmlS7xxkDEQCohnzKSk8v0T+L0yp3h+WctO1ZwsaJfU0HDdMogDmEv3SeoNImOuqiofzkDLdH6/IWA/JfEwBYDz+1cn7/rbHuFCwo/dkPNJkeE7OrLGd9g6tsj8YibMZrB8N7nIVgEa9QOEiqXmUUV4KNKKRZJLu/RaWzZGNq+JqlXgANKvSwKWVW+aINb84UfkBIdbPfIkEq6JMdok+YIQyHemEP6nxnHAVQwOYRkgHidw9YHXZZkHgh75efixMoAy3LQxvoknECrlpZgxqIpdup+AwsEW8hoJZbpd3Dxeb27AAF3Rl9LBGPi1thd1A4Qb/AjVDtIyQaU62cHo7fEGcW5kVg/BLGhKH+RJKOqEZoG8b80X0jv/Z2VNNtDU/8flcKG9DkD+d+kgjMQAyPCOjC2achDcK5Zc1Q8/tq0T25x6GoRjbxadqR6MKrAYaP8KOLCrL0MJsjvcfD3M+hdyJXJPN/7TeCyKbK+dBvVCk9BePi6lBKmp6lEHjyyydgNBBzZPrTNf5l60Oh9eWpaIoTHcmToS6zKVffFb/dWnkCTF1BBuy1VgJNeIspn8n1PhY5Q23qvV8q+Q1Ta1X3TFGkvAb1SXGiPQW4Hd2JrFJEBo8Ah8nn8rQKX999PLI+An1acCAwEAAQ==", "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", - "notBefore": "Dec 18 16:21:01 2014 GMT", - "notAfter": "Jul 18 16:51:01 2035 GMT", + "notBefore": "2014-12-18T16:21:01Z", + "notAfter": "2035-07-18T16:51:01Z", "serial": "4E322929" }, { "filename": "cert-00444-pubkey.pem", "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4yGdJKQ7D4DCDPGseAdOMC6Dgj8Xa91oXgHgPtgLW7y3kGm2Z4u9yXLciMebRCoq55wfO4ZcGv+mnMHpkv7fnFWSnG+8pP1BRUEKCYhXAbeWSww+CpMFEagzP7miPZg1TsE4QKFhGyRAfMdJFuG1aGQTtEdjgAWkat7YovTSA0pC7V/PwMlagZZwTsz8OOiO0w0eS9uIHGJKylg8gi9RSQZ/Hm2r4oOYvx3G3Iqa4OlNXO/KKD9mwd19+BFjuJ1cdqfzcYejhMPothyvlUgbWeaYek3ZfXuqz9XjYBF3rnacVKE9w4ydncRpUpOrSV/qSwxZA46QBuKAGxCS3kOUjgEmAj74/dLI8IaqHhYfSwchQdiT7FhQQ+YZENkRI5Gm4QDVLrT01plMK5ytX7mo4F83Hb1uE+WGgjTk9VDEKfZsERscCiArR7oUoRWZyuH81aMScMVzDVpFxvOg6Md7rWk5k8hRwL75nZtkFilsNnIVGMtuQP7DSG0xcKJ3EZT69YsRH0oEAa4sfa5fm4/X/WVfkNl51tI71PmYvnzcO6UVt42pgGiAJGoy5YmdhKKmXBgj0aVmzFRxd/+Jx2SgyccLeiIIA6y5bn6av/KuUB2wi9NLPbFz0OxvdKYqtfqNL+E6WmpeHHiiGGCrUes15d7fs/65QCvamV7fFBn8+lcCAwEAAQ==", "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", - "notBefore": "Sep 30 16:38:20 2024 GMT", - "notAfter": "Mar 30 17:08:20 2045 GMT", + "notBefore": "2024-09-30T16:38:20Z", + "notAfter": "2045-03-30T17:08:20Z", "serial": "5DCE72E1" }, { "filename": "cert-00443-pubkey.pem", "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==", "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", - "notBefore": "Nov 14 16:37:12 2019 GMT", - "notAfter": "May 14 17:07:12 2040 GMT", + "notBefore": "2019-11-14T16:37:12Z", + "notAfter": "2040-05-14T17:07:12Z", "serial": "4E32D006" }, { "filename": "cert-00265-pubkey.pem", "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9Pm+vLMuE/h005EKy6NVXhI+afR9iaURn6ENVOrAy+QBNvol4vNRCCqEcHwrc21e8KmRoFqoN7a1/YidoZKIsBG/8HkitFqPX76FudVcY1npqzRFMlv+3kf5YANrhbzCqVlo1UCGXOfRJwZUKgJQ9Wb++OMSMmzSJwgXQP9bxRURHRlGl833CCudrdHajKfEF0f/f5WNx4/s2/DbfBaW+FK9LAeXIqjFkS8xDGv1La785gohpIDAk6dbKMhVWWT7YwPm3T5ox2E59IIN65qJzmKeKKdhaZdr7ZzrxhYVxVjce6KFTlcrN1fqtAnAjeETEEEnfIgw4tlV827Pm1S9dEZnHzkxWmusRo1UNeQw7pdO/sAuy34uVRA9CBhdETxTvRMpBrnzM1G5mB7H7ltsS0T2Gp8QiRxaXR9CnpJAI3Bil6lJJ/fKJwVyzr7xR9c2ws4DIJ/uh0Jgy8wkeVOie0ava6KEI7PCz0N2GNz0Jd2sAXUBDsfs/nNKw7K2k5HLJ/5bJz90d8TwoE6j5xaB2ObOhCwBFyTb0CsLrWnaIu/ZyJr0P/NqWYaZXhv4oIeousUHEl4qpvn7K9hVNKT1c7qAKH3ZEbLEnxV5DYh5qsRwImt4M9B5LJsFojJ28TqOE1DB+4Dqg9mhQ+CaX1s1Urw7PqOqA8u/euk0YxD86kCAwEAAQ==", "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", - "notBefore": "Nov 19 20:57:05 2004 GMT", - "notAfter": "Jun 19 21:27:05 2025 GMT", + "notBefore": "2004-11-19T20:57:05Z", + "notAfter": "2025-06-19T21:27:05Z", "serial": "419E6523" }, { "filename": "cert-00266-pubkey.pem", "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvbwV+zl/vBzLWAadrtTSpC9l/zOOzAQKbwhVXCGPKK0SfOjiqIJSVfboQ+Tvz67Fgxb8LDhUJzoUSxHjh7PvO8NYwGXMhQrw0JzAARjPqbGUST3qXO/DfEwAilFKx1NvmlrxZgAS64iIqUjl7IGwYApALE1Ok5jkEvYDTE16uCe5RQz0vuqaKcgirrhwIW6C4r2wx9G1xr7/piII7fo97D7h5y0206OwshClHAmQ0p4LSK+Nxexp6sWaDsb/E7jKjLcxkcKJLsayGF58edW4fnI92BuI3pAhPSJpMmCImdN8LvF32o0jnYmYPsRFlLsj2+UEAnH13bs1qS07vvRnx3CXmPYTGl6amlbmePaMDgV4qWM8e71ddVgj1jyZANgzx4fDT9B82A8+Iw13ZOpU/rBW9OZ3Rk2aSOmFC69Vq12cbYrfXobc3GXyQ/hb4yMi3tfNS2nqeesb2a5/GrxKhwOIiNrJcClnzTlqrdcjEHdZYCXT4kR6wpbGAQNruew/BWIuWrGugXPB8ah8f8ttLetGO55kMaPDbk+ZXY6DlDjDLznurF0bEzZiNcRmUQ8p2rpToRqmH/XntE0OgasGzBmcJX5oMNC+7zvELBJcc9YzMIgXX7R5VlI5/Gvnnn4x6lmiio5FWb3ksMc1MWYTN2bmk5tyyKxvQ6Z4rZdx+1UCAwEAAQ==", "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", - "notBefore": "Jan 8 16:06:27 2010 GMT", - "notAfter": "Aug 8 16:36:27 2030 GMT", + "notBefore": "2010-01-08T16:06:27Z", + "notAfter": "2030-08-08T16:36:27Z", "serial": "45DE28DD" }, { "filename": "cert-00456-pubkey.pem", "public_key": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAozIONhYqXeLWTi2rhDm+X2ZX1OMUr/j7DZgc6zXZ7VzsYVB+6ARiIbok77SxPtk9ZeUIqujjW59Jyb+EUiI6giIZOu9zY7BA+NQfhZeywzr1XKXhfROd5mmUiv3Nz5ukMBFwBoCaOHUchoqwml35lCk+X7K3NOS++HWbnxvRQFqOItsTcaMg2jp9BF+vmHr0nbucsi4zA3BzUKWsrbvcV05M4H/yoyru/5uq8JktSxbxCzK3iKXVyi6SwRkOiJekbztVKouELQlVhlhGacUOQ8ub+PTa4gRWKVHth68YmYW5k12/2B52CrzAndxCGewfN5KvDy5woQEDXHcJ+O9s53liYjZFNU5ceL+R48jUoXLVPuCmXFQKqo1N/t++lWR6icWy8tllHZGsr1GDVX0+EY+0gJUULR+SPzsAqt5IgCq0BlQ/iz4iLUS8fAoHs46AU3u/yHNRapBu3XOqKwCmQH2HNUufUZyD56cVaIBzE0ILWKwY7HaEcP28y0D/++OpqPz44c8YhwLcSdoIYJIOb3FzBVsq+1B23VeqTZ8IxpDkI4wumBLwJS+eJ136XBUegL1hQQv5BRrcN/XgJ9wyC43QN+d8LfBWUZQody7kKXC0KtratgHwwazCdxl8PR3p0aeXbveUBbJmyRQS27jDykncrYUrzkG8WRWhrW0tUR0CAwEAAQ==", "subject": "C=US, O=U.S. Government, OU=Department of State, OU=MRTD, OU=Certification Authorities, OU=U.S. Department of State MRTD CA", - "notBefore": "Nov 14 16:37:12 2019 GMT", - "notAfter": "May 14 17:07:12 2040 GMT", + "notBefore": "2019-11-14T16:37:12Z", + "notAfter": "2040-05-14T17:07:12Z", "serial": "4E32D03F" } ] diff --git a/playground/passport-input-gen/src/lib.rs b/playground/passport-input-gen/src/lib.rs index 9e3bb1cbf..e7b902411 100644 --- a/playground/passport-input-gen/src/lib.rs +++ b/playground/passport-input-gen/src/lib.rs @@ -1,22 +1,25 @@ pub mod mock_generator; pub mod mock_keys; -pub mod parser; +mod parser; use { crate::parser::{ binary::Binary, sod::SOD, types::{ - PassportError, MAX_DG1_SIZE, MAX_ECONTENT_SIZE, MAX_SIGNED_ATTRIBUTES_SIZE, - MAX_TBS_SIZE, SIG_BYTES, + PassportError, SignatureAlgorithmName, MAX_DG1_SIZE, MAX_ECONTENT_SIZE, + MAX_SIGNED_ATTRIBUTES_SIZE, MAX_TBS_SIZE, SIG_BYTES, + }, + utils::{ + find_offset, fit, load_csca_public_keys, to_fixed_array, to_u32, ASN1_HEADER_LEN, + ASN1_OCTET_STRING_TAG, }, - utils::{find_offset, fit, load_csca_public_keys, to_fixed_array, to_u32}, }, base64::{engine::general_purpose::STANDARD, Engine as _}, noir_bignum_paramgen::compute_barrett_reduction_parameter, rsa::{ - pkcs1::DecodeRsaPublicKey, pkcs1v15::Pkcs1v15Sign, pkcs8::DecodePublicKey, - traits::PublicKeyParts, BigUint, RsaPublicKey, + pkcs1::DecodeRsaPublicKey, pkcs8::DecodePublicKey, traits::PublicKeyParts, BigUint, + Pkcs1v15Sign, Pss, RsaPublicKey, }, sha2::{Digest, Sha256}, std::{fmt::Write as _, path::Path}, @@ -24,12 +27,12 @@ use { /// Parsed passport data pub struct PassportReader { - pub dg1: Binary, - pub sod: SOD, + dg1: Binary, + sod: SOD, /// Indicates whether this reader contains mock data or real passport data - pub mockdata: bool, + mockdata: bool, /// Optional CSCA public key when using mock data - pub csca_pubkey: Option, + csca_pubkey: Option, } /// Circuit inputs for Noir @@ -65,121 +68,131 @@ pub struct PassportValidityContent { impl PassportReader { /// Extract SignedAttributes (padded + size) - fn extract_signed_attrs(&self) -> ([u8; MAX_SIGNED_ATTRIBUTES_SIZE], usize) { - let signed_attrs = self.sod.signer_info.signed_attrs.bytes.to_number_array(); + fn extract_signed_attrs( + &self, + ) -> Result<([u8; MAX_SIGNED_ATTRIBUTES_SIZE], usize), PassportError> { + let signed_attrs = self.sod.signer_info.signed_attrs.bytes.as_bytes(); let size = signed_attrs.len(); - let padded = fit::(&signed_attrs); - (padded, size) + let padded = fit::(signed_attrs)?; + Ok((padded, size)) } /// Extract eContent (padded + size + raw bytes) - fn extract_econtent(&self) -> ([u8; MAX_ECONTENT_SIZE], usize, Vec) { - let econtent_bytes = self - .sod - .encap_content_info - .e_content - .bytes - .to_number_array(); + fn extract_econtent(&self) -> Result<([u8; MAX_ECONTENT_SIZE], usize, &[u8]), PassportError> { + let econtent_bytes = self.sod.encap_content_info.e_content.bytes.as_bytes(); let len = econtent_bytes.len(); - let padded = fit::(&econtent_bytes); - (padded, len, econtent_bytes) + let padded = fit::(econtent_bytes)?; + Ok((padded, len, econtent_bytes)) } /// Extract DSC public key, exponent, Barrett mu, and signature - fn extract_dsc(&self) -> ([u8; SIG_BYTES], u32, [u8; SIG_BYTES + 1], [u8; SIG_BYTES]) { + fn extract_dsc( + &self, + ) -> Result<([u8; SIG_BYTES], u32, [u8; SIG_BYTES + 1], [u8; SIG_BYTES]), PassportError> { let der = self .sod .certificate .tbs .subject_public_key_info .subject_public_key - .to_number_array(); - let pubkey = RsaPublicKey::from_pkcs1_der(&der).unwrap(); + .as_bytes(); + let pubkey = + RsaPublicKey::from_pkcs1_der(der).map_err(|_| PassportError::DscPublicKeyInvalid)?; - let modulus = to_fixed_array::(pubkey.n().to_bytes_be(), "DSC modulus"); - let exponent = to_u32(pubkey.e().to_bytes_be()); + let modulus = to_fixed_array::(&pubkey.n().to_bytes_be(), "DSC modulus")?; + let exponent = to_u32(pubkey.e().to_bytes_be())?; let barrett = to_fixed_array::<{ SIG_BYTES + 1 }>( - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + &compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), "DSC Barrett", - ); + )?; let signature = to_fixed_array::( - self.sod.signer_info.signature.to_number_array(), + self.sod.signer_info.signature.as_bytes(), "DSC signature", - ); + )?; - (modulus, exponent, barrett, signature) + Ok((modulus, exponent, barrett, signature)) } /// Extract CSCA public key, exponent, Barrett mu, and signature fn extract_csca( &self, idx: usize, - ) -> ( - [u8; SIG_BYTES * 2], - u32, - [u8; SIG_BYTES * 2 + 1], - [u8; SIG_BYTES * 2], - ) { - let csca_keys = load_csca_public_keys().unwrap(); - let usa_csca = csca_keys.get("USA").unwrap(); + ) -> Result< + ( + [u8; SIG_BYTES * 2], + u32, + [u8; SIG_BYTES * 2 + 1], + [u8; SIG_BYTES * 2], + ), + PassportError, + > { + let csca_keys = load_csca_public_keys().map_err(|_| PassportError::FailedToLoadCscaKeys)?; + let usa_csca = csca_keys.get("USA").ok_or(PassportError::NoUsaCsca)?; let der = STANDARD .decode(usa_csca[idx].public_key.as_bytes()) - .unwrap(); - let pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); + .map_err(|e| PassportError::Base64DecodingFailed(e.to_string()))?; + let pubkey = RsaPublicKey::from_public_key_der(&der) + .map_err(|_| PassportError::CscaPublicKeyInvalid)?; - let modulus = to_fixed_array::<{ SIG_BYTES * 2 }>(pubkey.n().to_bytes_be(), "CSCA modulus"); - let exponent = to_u32(pubkey.e().to_bytes_be()); + let modulus = + to_fixed_array::<{ SIG_BYTES * 2 }>(&pubkey.n().to_bytes_be(), "CSCA modulus")?; + let exponent = to_u32(pubkey.e().to_bytes_be())?; let barrett = to_fixed_array::<{ SIG_BYTES * 2 + 1 }>( - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + &compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), "CSCA Barrett", - ); + )?; let signature = to_fixed_array::<{ SIG_BYTES * 2 }>( - self.sod.certificate.signature.to_number_array(), + self.sod.certificate.signature.as_bytes(), "CSCA signature", - ); + )?; - (modulus, exponent, barrett, signature) + Ok((modulus, exponent, barrett, signature)) } /// Extract CSCA data from an in-memory public key (used for mock data) fn extract_csca_from_pubkey( &self, pubkey: &RsaPublicKey, - ) -> ( - [u8; SIG_BYTES * 2], - u32, - [u8; SIG_BYTES * 2 + 1], - [u8; SIG_BYTES * 2], - ) { - let modulus = to_fixed_array::<{ SIG_BYTES * 2 }>(pubkey.n().to_bytes_be(), "CSCA modulus"); - let exponent = to_u32(pubkey.e().to_bytes_be()); + ) -> Result< + ( + [u8; SIG_BYTES * 2], + u32, + [u8; SIG_BYTES * 2 + 1], + [u8; SIG_BYTES * 2], + ), + PassportError, + > { + let modulus = + to_fixed_array::<{ SIG_BYTES * 2 }>(&pubkey.n().to_bytes_be(), "CSCA modulus")?; + let exponent = to_u32(pubkey.e().to_bytes_be())?; let barrett = to_fixed_array::<{ SIG_BYTES * 2 + 1 }>( - compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), + &compute_barrett_reduction_parameter(&BigUint::from_bytes_be(&modulus)).to_bytes_be(), "CSCA Barrett", - ); + )?; let signature = to_fixed_array::<{ SIG_BYTES * 2 }>( - self.sod.certificate.signature.to_number_array(), + self.sod.certificate.signature.as_bytes(), "CSCA signature", - ); + )?; - (modulus, exponent, barrett, signature) + Ok((modulus, exponent, barrett, signature)) } /// Extract DSC certificate (padded + len + offset of modulus inside cert) fn extract_dsc_cert( &self, dsc_modulus: &[u8; SIG_BYTES], - ) -> ([u8; MAX_TBS_SIZE], usize, usize) { - let tbs_bytes = self.sod.certificate.tbs.bytes.to_number_array(); + ) -> Result<([u8; MAX_TBS_SIZE], usize, usize), PassportError> { + let tbs_bytes = self.sod.certificate.tbs.bytes.as_bytes(); let cert_len = tbs_bytes.len(); - let padded = fit::(&tbs_bytes); - let pubkey_offset = find_offset(&tbs_bytes, dsc_modulus, "DSC modulus in cert"); - (padded, cert_len, pubkey_offset) + let padded = fit::(tbs_bytes)?; + let pubkey_offset = find_offset(tbs_bytes, dsc_modulus, "DSC modulus in cert")?; + Ok((padded, cert_len, pubkey_offset)) } + /// Validate DG1, eContent, and signatures against DSC + CSCA pub fn validate(&self) -> Result { // 1. Check DG1 hash inside eContent - let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); + let dg1_hash = Sha256::digest(self.dg1.as_bytes()); let dg1_from_econtent = self .sod .encap_content_info @@ -187,30 +200,19 @@ impl PassportReader { .data_group_hash_values .values .get(&1) - .expect("DG1 hash missing") - .to_number_array(); + .ok_or(PassportError::MissingDg1Hash)? + .as_bytes(); - if dg1_from_econtent != dg1_hash.to_vec() { + if dg1_from_econtent != dg1_hash.as_slice() { return Err(PassportError::Dg1HashMismatch); } // 2. Check hash(eContent) inside SignedAttributes - let econtent_hash = Sha256::digest( - &self - .sod - .encap_content_info - .e_content - .bytes - .to_number_array(), - ); - let mut msg_digest = self - .sod - .signer_info - .signed_attrs - .message_digest - .to_number_array(); - if msg_digest.len() > 2 && msg_digest[0] == 0x04 { - msg_digest = msg_digest[2..].to_vec(); + let econtent_hash = Sha256::digest(self.sod.encap_content_info.e_content.bytes.as_bytes()); + let mut msg_digest = self.sod.signer_info.signed_attrs.message_digest.as_bytes(); + + if msg_digest.len() > ASN1_HEADER_LEN && msg_digest[0] == ASN1_OCTET_STRING_TAG { + msg_digest = &msg_digest[ASN1_HEADER_LEN..]; } if econtent_hash.as_slice() != msg_digest { @@ -218,33 +220,52 @@ impl PassportReader { } // 3. Verify SignedAttributes signature with DSC - let signed_attr_hash = - Sha256::digest(&self.sod.signer_info.signed_attrs.bytes.to_number_array()); + let signed_attr_hash = Sha256::digest(self.sod.signer_info.signed_attrs.bytes.as_bytes()); let dsc_pubkey_bytes = self .sod .certificate .tbs .subject_public_key_info .subject_public_key - .to_number_array(); - let dsc_pubkey = RsaPublicKey::from_pkcs1_der(&dsc_pubkey_bytes).expect("Invalid DSC key"); + .as_bytes(); + let dsc_pubkey = RsaPublicKey::from_pkcs1_der(dsc_pubkey_bytes) + .map_err(|_| PassportError::DscPublicKeyInvalid)?; - let dsc_signature = self.sod.signer_info.signature.to_number_array(); - dsc_pubkey - .verify( + let dsc_signature = self.sod.signer_info.signature.as_bytes(); + + let verify_result = match &self.sod.signer_info.signature_algorithm.name { + SignatureAlgorithmName::Sha256WithRsaEncryption + | SignatureAlgorithmName::RsaEncryption => dsc_pubkey.verify( Pkcs1v15Sign::new::(), - &signed_attr_hash, - &dsc_signature, - ) - .map_err(|_| PassportError::DscSignatureInvalid)?; + signed_attr_hash.as_slice(), + dsc_signature, + ), + SignatureAlgorithmName::RsassaPss => dsc_pubkey.verify( + Pss::new::(), + signed_attr_hash.as_slice(), + dsc_signature, + ), + unsupported => { + return Err(PassportError::UnsupportedSignatureAlgorithm(format!( + "{:?}", + unsupported + ))) + } + }; + verify_result.map_err(|_| PassportError::DscSignatureInvalid)?; - let tbs_bytes = &self.sod.certificate.tbs.bytes.to_number_array(); + // 4. Verify DSC certificate signature with CSCA + let tbs_bytes = self.sod.certificate.tbs.bytes.as_bytes(); let tbs_digest = Sha256::digest(tbs_bytes); - let csca_signature = &self.sod.certificate.signature.to_number_array(); + let csca_signature = self.sod.certificate.signature.as_bytes(); if let Some(key) = &self.csca_pubkey { - key.verify(Pkcs1v15Sign::new::(), &tbs_digest, csca_signature) - .map_err(|_| PassportError::CscaSignatureInvalid)?; + key.verify( + Pkcs1v15Sign::new::(), + tbs_digest.as_slice(), + csca_signature, + ) + .map_err(|_| PassportError::CscaSignatureInvalid)?; return Ok(0); } @@ -252,16 +273,22 @@ impl PassportReader { let usa_csca = all_csca.get("USA").ok_or(PassportError::NoUsaCsca)?; for (i, csca) in usa_csca.iter().enumerate() { - let der = STANDARD.decode(csca.public_key.as_bytes()).unwrap(); - let csca_pubkey = RsaPublicKey::from_public_key_der(&der).unwrap(); + let der = STANDARD + .decode(csca.public_key.as_bytes()) + .map_err(|e| PassportError::Base64DecodingFailed(e.to_string()))?; + let csca_pubkey = RsaPublicKey::from_public_key_der(&der) + .map_err(|_| PassportError::CscaPublicKeyInvalid)?; if csca_pubkey - .verify(Pkcs1v15Sign::new::(), &tbs_digest, csca_signature) + .verify( + Pkcs1v15Sign::new::(), + tbs_digest.as_slice(), + csca_signature, + ) .is_ok() { - return Ok(i); // Success, return CSCA index + return Ok(i); } } - Err(PassportError::CscaSignatureInvalid) } @@ -272,44 +299,44 @@ impl PassportReader { min_age_required: u8, max_age_required: u8, csca_key_index: usize, - ) -> CircuitInputs { + ) -> Result { // === Step 1. DG1 === - let dg1_padded = fit::(&self.dg1.to_number_array()); + let dg1_padded = fit::(self.dg1.as_bytes())?; let dg1_len = self.dg1.len(); // === Step 2. SignedAttributes === - let (signed_attrs, signed_attributes_size) = self.extract_signed_attrs(); + let (signed_attrs, signed_attributes_size) = self.extract_signed_attrs()?; // === Step 3. eContent === - let (econtent, econtent_len, econtent_bytes) = self.extract_econtent(); + let (econtent, econtent_len, econtent_bytes) = self.extract_econtent()?; // === Step 4. DSC === - let (dsc_modulus, dsc_exponent, dsc_barrett, dsc_signature) = self.extract_dsc(); + let (dsc_modulus, dsc_exponent, dsc_barrett, dsc_signature) = self.extract_dsc()?; // === Step 5. CSCA === let (csca_modulus, csca_exponent, csca_barrett, csca_signature) = if self.mockdata { let key = self .csca_pubkey .as_ref() - .expect("Missing CSCA public key for mock data"); - self.extract_csca_from_pubkey(key) + .ok_or(PassportError::MissingCscaMockKey)?; + self.extract_csca_from_pubkey(key)? } else { - self.extract_csca(csca_key_index) + self.extract_csca(csca_key_index)? }; // === Step 6. Offsets === - let dg1_hash = Sha256::digest(&self.dg1.to_number_array()); - let dg1_hash_offset = find_offset(&econtent_bytes, dg1_hash.as_slice(), "DG1 hash"); + let dg1_hash = Sha256::digest(self.dg1.as_bytes()); + let dg1_hash_offset = find_offset(econtent_bytes, dg1_hash.as_slice(), "DG1 hash")?; - let econtent_hash = Sha256::digest(&econtent_bytes); + let econtent_hash = Sha256::digest(econtent_bytes); let econtent_hash_offset = - find_offset(&signed_attrs, econtent_hash.as_slice(), "eContent hash"); + find_offset(&signed_attrs, econtent_hash.as_slice(), "eContent hash")?; // === Step 7. DSC Certificate === - let (dsc_cert, dsc_cert_len, dsc_pubkey_offset) = self.extract_dsc_cert(&dsc_modulus); + let (dsc_cert, dsc_cert_len, dsc_pubkey_offset) = self.extract_dsc_cert(&dsc_modulus)?; // === Step 8. Build CircuitInputs === - CircuitInputs { + Ok(CircuitInputs { dg1: dg1_padded, dg1_padded_length: dg1_len, current_date, @@ -334,48 +361,46 @@ impl PassportReader { dsc_cert, dsc_cert_len, }, - } + }) } } impl CircuitInputs { pub fn to_toml_string(&self) -> String { let mut out = String::new(); - writeln!(out, "dg1 = {:?}", self.dg1).unwrap(); - writeln!(out, "dg1_padded_length = {}", self.dg1_padded_length).unwrap(); - writeln!(out, "current_date = {}", self.current_date).unwrap(); - writeln!(out, "min_age_required = {}", self.min_age_required).unwrap(); - writeln!(out, "max_age_required = {}", self.max_age_required).unwrap(); - writeln!(out, "\n[passport_validity_contents]").unwrap(); + let _ = writeln!(out, "dg1 = {:?}", self.dg1); + let _ = writeln!(out, "dg1_padded_length = {}", self.dg1_padded_length); + let _ = writeln!(out, "current_date = {}", self.current_date); + let _ = writeln!(out, "min_age_required = {}", self.min_age_required); + let _ = writeln!(out, "max_age_required = {}", self.max_age_required); + let _ = writeln!(out, "\n[passport_validity_contents]"); let pvc = &self.passport_validity_contents; - writeln!(out, "signed_attributes = {:?}", pvc.signed_attributes).unwrap(); - writeln!( + let _ = writeln!(out, "signed_attributes = {:?}", pvc.signed_attributes); + let _ = writeln!( out, "signed_attributes_size = {}", pvc.signed_attributes_size - ) - .unwrap(); - writeln!(out, "econtent = {:?}", pvc.econtent).unwrap(); - writeln!(out, "econtent_len = {}", pvc.econtent_len).unwrap(); - writeln!(out, "dsc_signature = {:?}", pvc.dsc_signature).unwrap(); - writeln!(out, "dsc_rsa_exponent = {}", pvc.dsc_rsa_exponent).unwrap(); - writeln!(out, "dsc_pubkey = {:?}", pvc.dsc_pubkey).unwrap(); - writeln!(out, "dsc_barrett_mu = {:?}", pvc.dsc_barrett_mu).unwrap(); - writeln!(out, "csc_pubkey = {:?}", pvc.csc_pubkey).unwrap(); - writeln!(out, "csc_barrett_mu = {:?}", pvc.csc_barrett_mu).unwrap(); - writeln!(out, "dsc_cert_signature = {:?}", pvc.dsc_cert_signature).unwrap(); - writeln!(out, "csc_rsa_exponent = {}", pvc.csc_rsa_exponent).unwrap(); - writeln!(out, "dg1_hash_offset = {}", pvc.dg1_hash_offset).unwrap(); - writeln!(out, "econtent_hash_offset = {}", pvc.econtent_hash_offset).unwrap(); - writeln!( + ); + let _ = writeln!(out, "econtent = {:?}", pvc.econtent); + let _ = writeln!(out, "econtent_len = {}", pvc.econtent_len); + let _ = writeln!(out, "dsc_signature = {:?}", pvc.dsc_signature); + let _ = writeln!(out, "dsc_rsa_exponent = {}", pvc.dsc_rsa_exponent); + let _ = writeln!(out, "dsc_pubkey = {:?}", pvc.dsc_pubkey); + let _ = writeln!(out, "dsc_barrett_mu = {:?}", pvc.dsc_barrett_mu); + let _ = writeln!(out, "csc_pubkey = {:?}", pvc.csc_pubkey); + let _ = writeln!(out, "csc_barrett_mu = {:?}", pvc.csc_barrett_mu); + let _ = writeln!(out, "dsc_cert_signature = {:?}", pvc.dsc_cert_signature); + let _ = writeln!(out, "csc_rsa_exponent = {}", pvc.csc_rsa_exponent); + let _ = writeln!(out, "dg1_hash_offset = {}", pvc.dg1_hash_offset); + let _ = writeln!(out, "econtent_hash_offset = {}", pvc.econtent_hash_offset); + let _ = writeln!( out, "dsc_pubkey_offset_in_dsc_cert = {}", pvc.dsc_pubkey_offset_in_dsc_cert - ) - .unwrap(); - writeln!(out, "dsc_cert = {:?}", pvc.dsc_cert).unwrap(); - writeln!(out, "dsc_cert_len = {}", pvc.dsc_cert_len).unwrap(); + ); + let _ = writeln!(out, "dsc_cert = {:?}", pvc.dsc_cert); + let _ = writeln!(out, "dsc_cert_len = {}", pvc.dsc_cert_len); out } diff --git a/playground/passport-input-gen/src/mock_generator.rs b/playground/passport-input-gen/src/mock_generator.rs index 17fcc22f3..a5ca0baa4 100644 --- a/playground/passport-input-gen/src/mock_generator.rs +++ b/playground/passport-input-gen/src/mock_generator.rs @@ -33,7 +33,6 @@ pub fn dg1_bytes_with_birthdate_expiry_date(birthdate: &[u8; 6], expiry: &[u8; 6 } /// Generate a synthetic SOD structure for the given DG1 and key pairs. -#[allow(clippy::too_many_arguments)] pub fn generate_fake_sod( dg1: &[u8], dsc_priv: &RsaPrivateKey, @@ -102,8 +101,16 @@ pub fn generate_fake_sod( parameters: None, }, issuer: "CSCA".to_string(), - validity_not_before: "".to_string(), - validity_not_after: "".to_string(), + validity_not_before: chrono::Utc::now() + - chrono::Duration::from_std(std::time::Duration::from_secs( + 5 * 365 * 24 * 60 * 60, + )) + .expect("valid duration before 5 years"), // before 5 year date + validity_not_after: chrono::Utc::now() + + chrono::Duration::from_std(std::time::Duration::from_secs( + 5 * 365 * 24 * 60 * 60, + )) + .expect("valid duration after 5 years"), // after 5 years subject: "DSC".to_string(), subject_public_key_info: SubjectPublicKeyInfo { signature_algorithm: SignatureAlgorithm { @@ -143,7 +150,7 @@ mod tests { PassportReader, }, base64::{engine::general_purpose::STANDARD, Engine as _}, - chrono::{Date, Utc}, + chrono::Utc, rsa::pkcs8::DecodePrivateKey, }; @@ -181,7 +188,9 @@ mod tests { let current_date = Utc::now(); let current_timestamp = current_date.timestamp() as u64; - let inputs = reader.to_circuit_inputs(current_timestamp, 18, 70, 0); + let inputs = reader + .to_circuit_inputs(current_timestamp, 18, 70, 0) + .expect("to circuit inputs"); let _toml_output = inputs.to_toml_string(); println!("{}", _toml_output); diff --git a/playground/passport-input-gen/src/parser/binary.rs b/playground/passport-input-gen/src/parser/binary.rs index 11e810c9a..2755ac7d5 100644 --- a/playground/passport-input-gen/src/parser/binary.rs +++ b/playground/passport-input-gen/src/parser/binary.rs @@ -37,8 +37,8 @@ impl Binary { String::from_utf8_lossy(&self.data).to_string() } - pub fn to_number_array(&self) -> Vec { - self.data.clone() + pub fn as_bytes(&self) -> &[u8] { + &self.data } pub fn to_hex(&self) -> String { diff --git a/playground/passport-input-gen/src/parser/dsc.rs b/playground/passport-input-gen/src/parser/dsc.rs index a635b0a91..8c0c0fc6d 100644 --- a/playground/passport-input-gen/src/parser/dsc.rs +++ b/playground/passport-input-gen/src/parser/dsc.rs @@ -1,12 +1,13 @@ use { crate::parser::{ binary::Binary, - oid_registry::load_oids, - types::{SignatureAlgorithm, SignatureAlgorithmName}, + oid_registry::REGISTRY, + types::{PassportError, SignatureAlgorithm, SignatureAlgorithmName}, utils::{get_oid_name, strip_length_prefix, OidEntry}, }, + chrono::{DateTime, Utc}, std::collections::HashMap, - x509_parser::prelude::*, + x509_parser::{parse_x509_certificate, prelude::X509Certificate, x509::X509Name}, }; #[derive(Debug, Clone)] @@ -15,8 +16,8 @@ pub struct TbsCertificate { pub serial_number: Binary, pub signature_algorithm: SignatureAlgorithm, pub issuer: String, - pub validity_not_before: String, - pub validity_not_after: String, + pub validity_not_before: DateTime, + pub validity_not_after: DateTime, pub subject: String, pub subject_public_key_info: SubjectPublicKeyInfo, pub issuer_unique_id: Option, @@ -61,56 +62,63 @@ impl DSC { } /// Parses a DER-encoded X.509 certificate into a `DSC`. - pub fn from_der(binary: &Binary) -> DSC { + pub fn from_der(binary: &Binary) -> Result { let der = strip_length_prefix(binary); let (_, cert) = parse_x509_certificate(&der.data).expect("X509 decode failed"); Self::from_x509(cert) } /// Converts a parsed `X509Certificate` into the internal `DSC` struct. - pub fn from_x509(cert: X509Certificate<'_>) -> DSC { - let registry = load_oids(); + fn from_x509(cert: X509Certificate<'_>) -> Result { let tbs = cert.tbs_certificate; let tbs_bytes = Binary::from_slice(tbs.as_ref()); + let not_before = tbs.validity.not_before.to_datetime(); + let not_before_utc = + DateTime::::from_timestamp(not_before.unix_timestamp(), not_before.nanosecond()) + .ok_or_else(|| PassportError::InvalidDate("Invalid not_before time".to_string()))?; + + let not_after = tbs.validity.not_after.to_datetime(); + let not_after_utc = + DateTime::::from_timestamp(not_after.unix_timestamp(), not_after.nanosecond()) + .ok_or_else(|| PassportError::InvalidDate("Invalid not_after time".to_string()))?; + // Helper function to create SignatureAlgorithm from AlgorithmIdentifier - let create_signature_algorithm = |alg_id: &x509_parser::x509::AlgorithmIdentifier<'_>| { - let name = SignatureAlgorithmName::from_oid(&alg_id.algorithm.to_string()) - .expect("Unsupported signature algorithm"); + let create_signature_algorithm = |alg_id: &x509_parser::x509::AlgorithmIdentifier<'_>| -> Result { + let name = SignatureAlgorithmName::from_oid(&alg_id.algorithm.to_string()).ok_or_else( + || PassportError::UnsupportedSignatureAlgorithm(alg_id.algorithm.to_string()), + )?; let parameters = alg_id .parameters .as_ref() .map(|p| Binary::from_slice(p.data)); - SignatureAlgorithm { name, parameters } + Ok(SignatureAlgorithm { name, parameters }) }; - let tbs_signature_algorithm = create_signature_algorithm(&tbs.signature); - let cert_signature_algorithm = create_signature_algorithm(&cert.signature_algorithm); - let spki_algorithm = create_signature_algorithm(&tbs.subject_pki.algorithm); + let tbs_signature_algorithm = create_signature_algorithm(&tbs.signature)?; + let cert_signature_algorithm = create_signature_algorithm(&cert.signature_algorithm)?; + let spki_algorithm = create_signature_algorithm(&tbs.subject_pki.algorithm)?; let subject_public_key_info = SubjectPublicKeyInfo { signature_algorithm: spki_algorithm, subject_public_key: Binary::from_slice(&tbs.subject_pki.subject_public_key.data), }; - let extensions = tbs - .extensions() - .iter() - .map(|ext| { - let oid_str = ext.oid.to_string(); - let name = get_oid_name(&oid_str, ®istry); - (name, (ext.critical, Binary::from_slice(ext.value))) - }) - .collect(); + let mut extensions = HashMap::new(); + for ext in tbs.extensions() { + let oid_str = ext.oid.to_string(); + let name = get_oid_name(&oid_str, ®ISTRY); + extensions.insert(name, (ext.critical, Binary::from_slice(ext.value))); + } let tbs_struct = TbsCertificate { version: tbs.version().0, serial_number: Binary::from_slice(tbs.raw_serial()), signature_algorithm: tbs_signature_algorithm, - issuer: Self::format_name(&tbs.issuer, ®istry), - validity_not_before: tbs.validity.not_before.to_string(), - validity_not_after: tbs.validity.not_after.to_string(), - subject: Self::format_name(&tbs.subject, ®istry), + issuer: Self::format_name(&tbs.issuer, ®ISTRY), + validity_not_before: not_before_utc, + validity_not_after: not_after_utc, + subject: Self::format_name(&tbs.subject, ®ISTRY), subject_public_key_info, issuer_unique_id: tbs .issuer_uid @@ -124,10 +132,10 @@ impl DSC { bytes: tbs_bytes, }; - DSC { + Ok(DSC { tbs: tbs_struct, signature_algorithm: cert_signature_algorithm, signature: Binary::from_slice(&cert.signature_value.data), - } + }) } } diff --git a/playground/passport-input-gen/src/parser/mod.rs b/playground/passport-input-gen/src/parser/mod.rs index 85a3ab3bd..e0c34d076 100644 --- a/playground/passport-input-gen/src/parser/mod.rs +++ b/playground/passport-input-gen/src/parser/mod.rs @@ -1,6 +1,6 @@ -pub mod binary; -pub mod dsc; +pub(crate) mod binary; +pub(crate) mod dsc; mod oid_registry; -pub mod sod; -pub mod types; -pub mod utils; +pub(crate) mod sod; +pub(crate) mod types; +pub(crate) mod utils; diff --git a/playground/passport-input-gen/src/parser/oid_registry.rs b/playground/passport-input-gen/src/parser/oid_registry.rs index 684dd4c39..bc39c03a4 100644 --- a/playground/passport-input-gen/src/parser/oid_registry.rs +++ b/playground/passport-input-gen/src/parser/oid_registry.rs @@ -1,5 +1,8 @@ -use {crate::parser::utils::OidEntry, std::collections::HashMap}; +use {crate::parser::utils::OidEntry, lazy_static::lazy_static, std::collections::HashMap}; +lazy_static! { + pub static ref REGISTRY: HashMap<&'static str, OidEntry> = load_oids(); +} /// Returns a lookup table for the Object Identifiers that are relevant to the /// passport input generator. /// @@ -20,7 +23,7 @@ use {crate::parser::utils::OidEntry, std::collections::HashMap}; /// /// Keeping the list focused makes it clear which identifiers we rely on and /// avoids carrying around a huge hard-coded list that is difficult to audit. -pub fn load_oids() -> HashMap<&'static str, OidEntry> { +fn load_oids() -> HashMap<&'static str, OidEntry> { HashMap::from([ // PKCS#9 signed attributes used in CMS / SOD structures ("1.2.840.113549.1.9.3", OidEntry { diff --git a/playground/passport-input-gen/src/parser/sod.rs b/playground/passport-input-gen/src/parser/sod.rs index 1a8ee0aa2..877fcccbb 100644 --- a/playground/passport-input-gen/src/parser/sod.rs +++ b/playground/passport-input-gen/src/parser/sod.rs @@ -2,11 +2,11 @@ use { crate::parser::{ binary::Binary, dsc::DSC, - oid_registry::load_oids, + oid_registry::REGISTRY, types::{ DataGroupHashValues, DigestAlgorithm, EContent, EncapContentInfo, - IssuerAndSerialNumber, LDSSecurityObject, SignatureAlgorithm, SignatureAlgorithmName, - SignedAttrs, SignerIdentifier, SignerInfo, + IssuerAndSerialNumber, LDSSecurityObject, PassportError, SignatureAlgorithm, + SignatureAlgorithmName, SignedAttrs, SignerIdentifier, SignerInfo, }, utils::{ get_hash_algo_name, get_oid_name, oid_to_string, strip_length_prefix, version_from, @@ -33,75 +33,99 @@ impl SOD { fn parse_signed_attrs( signer_info_raw: &rasn_cms::SignerInfo, registry: &HashMap<&'static str, OidEntry>, - ) -> SignedAttrs { + ) -> Result { let mut signed_attr_map: HashMap = HashMap::new(); - let mut reconstructed_signed_attrs: Vec = vec![]; + let mut reconstructed_signed_attrs: Vec = Vec::new(); - for attr in signer_info_raw.signed_attrs.clone().unwrap_or_default() { + let attrs = + signer_info_raw + .signed_attrs + .as_ref() + .ok_or(PassportError::MissingRequiredField( + "signedAttrs".to_string(), + ))?; + + for attr in attrs { let oid_str = oid_to_string(&attr.r#type); let name = get_oid_name(&oid_str, registry); let val = attr .values .first() - .expect("No value in Attribute") + .ok_or(PassportError::DataNotFound(format!( + "No value in attribute with OID: {}", + oid_str + )))? .as_bytes(); signed_attr_map.insert(name, Binary::from_slice(val)); - reconstructed_signed_attrs.push(attr); + reconstructed_signed_attrs.push(attr.clone()); } let signed_attrs_set = BTreeSet::from_iter(reconstructed_signed_attrs); - let reconstructed_block = - der::encode(&signed_attrs_set).expect("Failed to encode reconstructed signedAttrs"); + let reconstructed_block = der::encode(&signed_attrs_set) + .map_err(|e| PassportError::Asn1DecodingFailed(e.to_string()))?; let message_digest = signed_attr_map .get("messageDigest") - .expect("No messageDigest found") + .ok_or(PassportError::MissingRequiredField( + "messageDigest".to_string(), + ))? .clone(); - let signing_time = signed_attr_map.get("signingTime").map(|time_attr| { - der::decode::(&time_attr.data) - .expect("Failed to decode signingTime") - }); + let signing_time = signed_attr_map + .get("signingTime") + .map(|time_attr| { + der::decode::(&time_attr.data) + .map_err(|e| PassportError::Asn1DecodingFailed(e.to_string())) + }) + .transpose()?; - let content_type_bytes = signed_attr_map - .get("contentType") - .expect("No ContentType found in the map"); + let content_type_bytes = + signed_attr_map + .get("contentType") + .ok_or(PassportError::MissingRequiredField( + "contentType".to_string(), + ))?; - let content_type_oid: rasn::types::ObjectIdentifier = - der::decode(&content_type_bytes.data).expect("Failed to decode contentType OID"); + let content_type_oid: rasn::types::ObjectIdentifier = der::decode(&content_type_bytes.data) + .map_err(|e| PassportError::Asn1DecodingFailed(e.to_string()))?; let oid_string = oid_to_string(&content_type_oid); - SignedAttrs { + Ok(SignedAttrs { bytes: Binary::from_slice(&reconstructed_block), content_type: get_oid_name(&oid_string, registry), message_digest, signing_time, - } + }) } /// Extracts and parses the DSC (Document Signer Certificate) from a /// `SignedData` structure. - fn parse_certificate(signed_data: &SignedData) -> DSC { - let certificates = signed_data - .certificates - .as_ref() - .expect("No certificates field in SOD"); + fn parse_certificate(signed_data: &SignedData) -> Result { + let certificates = + signed_data + .certificates + .as_ref() + .ok_or(PassportError::MissingRequiredField( + "certificates".to_string(), + ))?; if certificates.is_empty() { - panic!("No DSC certificate found in SOD"); - } - if certificates.len() > 1 { - eprintln!("Warning: Found multiple DSC certificates"); + return Err(PassportError::MissingRequiredField( + "DSC certificate".to_string(), + )); } let dsc = certificates .first() - .expect("Failed to extract X.509 Certificate"); + .ok_or(PassportError::X509ParsingFailed( + "Failed to extract X.509 Certificate".to_string(), + ))?; let dsc_cert = match dsc { rasn_cms::CertificateChoices::Certificate(c) => c, - _ => panic!("Unsupported certificate type"), + _ => return Err(PassportError::InvalidCertificateType), }; - let dsc_der = der::encode(&**dsc_cert).expect("Failed to encode DSC certificate"); + let dsc_der = der::encode(&**dsc_cert) + .map_err(|e| PassportError::X509ParsingFailed(e.to_string()))?; let dsc_binary = Binary::from_slice(&dsc_der); DSC::from_der(&dsc_binary) } @@ -111,25 +135,29 @@ impl SOD { fn parse_encap_content_info( signed_data: &SignedData, registry: &HashMap<&'static str, OidEntry>, - ) -> EncapContentInfo { + ) -> Result { let econtent_bytes = signed_data .encap_content_info .content .as_ref() - .expect("No eContent found"); + .ok_or(PassportError::MissingRequiredField("eContent".to_string()))?; - let econtent: LDSSecurityObject = - der::decode(econtent_bytes).expect("Failed to decode LDS Security Object"); + let econtent: LDSSecurityObject = der::decode(econtent_bytes) + .map_err(|e| PassportError::Asn1DecodingFailed(e.to_string()))?; let content_type = &signed_data.encap_content_info.content_type; let econtent_oid = get_oid_name(&oid_to_string(content_type), registry); - let econtent_vec = signed_data.encap_content_info.content.clone().unwrap(); + let econtent_vec = signed_data.encap_content_info.content.clone().ok_or( + PassportError::MissingRequiredField("eContent data".to_string()), + )?; let econtent_binary = Binary::from_slice(&econtent_vec); let hash_algorithm_oid = oid_to_string(&econtent.hash_algorithm.algorithm); let hash_algorithm_name = get_hash_algo_name(&hash_algorithm_oid, registry); - let hash_algorithm = DigestAlgorithm::from_name(&hash_algorithm_name) - .expect("Unsupported hash algorithm in eContent"); + let hash_algorithm = DigestAlgorithm::from_name(&hash_algorithm_name).ok_or( + PassportError::UnsupportedDigestAlgorithm(hash_algorithm_name), + )?; + let mut data_group_hash_values_map = DataGroupHashValues { values: HashMap::new(), }; @@ -145,7 +173,7 @@ impl SOD { .insert(dg_number, hash_value); } - EncapContentInfo { + Ok(EncapContentInfo { e_content_type: econtent_oid, e_content: EContent { version: version_from(&econtent.version), @@ -153,27 +181,27 @@ impl SOD { data_group_hash_values: data_group_hash_values_map, bytes: econtent_binary, }, - } + }) } /// Parses a `SignerInfo` structure into a custom `SignerInfo` model. fn parse_signer_info( signer_info_raw: &rasn_cms::SignerInfo, registry: &HashMap<&'static str, OidEntry>, - ) -> SignerInfo { - let signed_attrs = Self::parse_signed_attrs(signer_info_raw, registry); + ) -> Result { + let signed_attrs = Self::parse_signed_attrs(signer_info_raw, registry)?; let signer_version = version_from(&signer_info_raw.version); - let signed_digest_algorithm_oid = DigestAlgorithm::from_name(&get_oid_name( - &oid_to_string(&signer_info_raw.digest_algorithm.algorithm), - registry, - )) - .expect("Unsupported digest algorithm"); + let digest_oid_str = oid_to_string(&signer_info_raw.digest_algorithm.algorithm); + let digest_name = get_oid_name(&digest_oid_str, registry); + let signed_digest_algorithm_oid = DigestAlgorithm::from_name(&digest_name) + .ok_or(PassportError::UnsupportedDigestAlgorithm(digest_name))?; - let signature_algorithm_name = - oid_to_string(&signer_info_raw.signature_algorithm.algorithm); - let signature_algorithm = SignatureAlgorithmName::from_oid(&signature_algorithm_name) - .expect("Unsupported signature algorithm"); + let signature_algorithm_oid = oid_to_string(&signer_info_raw.signature_algorithm.algorithm); + let signature_algorithm = SignatureAlgorithmName::from_oid(&signature_algorithm_oid) + .ok_or(PassportError::UnsupportedSignatureAlgorithm( + signature_algorithm_oid, + ))?; let signature_parameters = signer_info_raw .signature_algorithm @@ -183,18 +211,19 @@ impl SOD { let signature = Binary::from_slice(&signer_info_raw.signature); let signer_identifier = Self::parse_signer_identifier(signer_info_raw.sid.clone()); - SignerInfo { + let signing_time = signed_attrs.signing_time.and_then(|ut| { + let time_str = ut.to_string(); + chrono::DateTime::parse_from_rfc3339(&format!("{}T00:00:00Z", time_str)) + .ok() + .map(|dt| dt.with_timezone(&chrono::Utc)) + }); + Ok(SignerInfo { version: signer_version, signed_attrs: SignedAttrs { - content_type: signed_attrs.content_type, + content_type: signed_attrs.content_type, message_digest: signed_attrs.message_digest, - signing_time: signed_attrs.signing_time.map(|ut| { - let time_str = ut.to_string(); - chrono::DateTime::parse_from_rfc3339(&format!("{}T00:00:00Z", time_str)) - .unwrap_or_else(|_| chrono::Utc::now().into()) - .with_timezone(&chrono::Utc) - }), - bytes: signed_attrs.bytes, + signing_time, + bytes: signed_attrs.bytes, }, digest_algorithm: signed_digest_algorithm_oid, signature_algorithm: SignatureAlgorithm { @@ -203,7 +232,7 @@ impl SOD { }, signature, sid: signer_identifier, - } + }) } /// Parses the signer identifier (SID) from the `SignerInfo`. @@ -252,55 +281,53 @@ impl SOD { /// Entry point: parses a full SOD (Security Object Document) from raw DER /// bytes. - pub fn from_der(binary: &mut Binary) -> SOD { + pub fn from_der(binary: &mut Binary) -> Result { *binary = strip_length_prefix(binary); - let hex_der = hex::decode(binary.to_hex().trim_start_matches("0x")).unwrap(); - let content_info: ContentInfo = der::decode(&hex_der).expect("CMS decode failed"); - let signed_data: SignedData = - der::decode(content_info.content.as_bytes()).expect("SignedData decode failed"); + let content_info: ContentInfo = der::decode(&binary.data) + .map_err(|e| PassportError::CmsParsingFailed(e.to_string()))?; + let signed_data: SignedData = der::decode(content_info.content.as_bytes()) + .map_err(|e| PassportError::CmsParsingFailed(e.to_string()))?; + if signed_data.signer_infos.is_empty() { - panic!("No SignerInfos found"); - } - if signed_data.signer_infos.len() > 1 { - eprintln!("Warning: Found multiple SignerInfos"); + return Err(PassportError::DataNotFound( + "No SignerInfos found".to_string(), + )); } + let signer_info_raw = signed_data .signer_infos .first() - .expect("No SignerInfo found") + .ok_or(PassportError::DataNotFound( + "No SignerInfo found".to_string(), + ))? .clone(); - if signer_info_raw.signed_attrs.is_none() { - panic!("No signedAttrs found in SignerInfo"); - } - let registry = load_oids(); + let digest_algorithms: Vec = signed_data .digest_algorithms .iter() .filter_map(|alg| { let oid_str = oid_to_string(&alg.algorithm); - let name = get_hash_algo_name(&oid_str, ®istry); - if let Some(digest_alg) = DigestAlgorithm::from_name(&name) { - Some(digest_alg) - } else { - eprintln!("Unknown digest algorithm: {}", name); - None - } + let name = get_hash_algo_name(&oid_str, ®ISTRY); + DigestAlgorithm::from_name(&name) }) .collect(); - let certificate = Self::parse_certificate(&signed_data); - let encap_content_info = Self::parse_encap_content_info(&signed_data, ®istry); - let signer_info = Self::parse_signer_info(&signer_info_raw, ®istry); + + let certificate = Self::parse_certificate(&signed_data)?; + let encap_content_info = Self::parse_encap_content_info(&signed_data, ®ISTRY)?; + let signer_info = Self::parse_signer_info(&signer_info_raw, ®ISTRY)?; let sod_version = version_from(&signed_data.version); - SOD { + + Ok(SOD { version: sod_version, digest_algorithms, encap_content_info, signer_info, certificate, bytes: binary.clone(), - } + }) } } + #[cfg(test)] mod tests { use super::*; @@ -309,7 +336,7 @@ mod tests { fn parse_sod() -> SOD { let mut sod_bytes = Binary::from_base64(FIXTURE_EF_SOD).unwrap(); - SOD::from_der(&mut sod_bytes) + SOD::from_der(&mut sod_bytes).unwrap() } #[test] @@ -360,8 +387,16 @@ mod tests { let sod = parse_sod(); let cert = &sod.certificate; let tbs = &cert.tbs; - assert_eq!(tbs.validity_not_before, "Dec 16 21:43:18 2013 +00:00"); - assert_eq!(tbs.validity_not_after, "Dec 11 21:43:18 2014 +00:00"); + + let expected_not_before = chrono::DateTime::parse_from_rfc3339("2013-12-16T21:43:18+00:00") + .unwrap() + .with_timezone(&chrono::Utc); + let expected_not_after = chrono::DateTime::parse_from_rfc3339("2014-12-11T21:43:18+00:00") + .unwrap() + .with_timezone(&chrono::Utc); + + assert_eq!(tbs.validity_not_before, expected_not_before); + assert_eq!(tbs.validity_not_after, expected_not_after); assert_eq!( tbs.issuer, "countryName=DE, organizationName=HJP Consulting, organizationalUnitName=Country \ diff --git a/playground/passport-input-gen/src/parser/types.rs b/playground/passport-input-gen/src/parser/types.rs index 28f79c940..fa3e93f85 100644 --- a/playground/passport-input-gen/src/parser/types.rs +++ b/playground/passport-input-gen/src/parser/types.rs @@ -127,14 +127,6 @@ impl SignatureAlgorithmName { } } -#[derive(Debug, Clone)] -pub struct DataGroupInfo { - pub group_number: u32, - pub name: String, - pub hash: Vec, - pub value: Vec, -} - /// DataGroupNumber ::= INTEGER (1..16) pub type DataGroupNumber = Integer; @@ -188,4 +180,38 @@ pub enum PassportError { NoUsaCsca, #[error("CSCA signature verification failed")] CscaSignatureInvalid, + #[error("DSC Public key invalid")] + DscPublicKeyInvalid, + #[error("CSCA Public key invalid")] + CscaPublicKeyInvalid, + #[error("Data too large for buffer: {0}")] + BufferOverflow(String), + #[error("RSA exponent too large")] + RsaExponentTooLarge, + #[error("Required data not found: {0}")] + DataNotFound(String), + #[error("Unsupported signature algorithm: {0}")] + UnsupportedSignatureAlgorithm(String), + #[error("CMS parsing failed: {0}")] + CmsParsingFailed(String), + #[error("X.509 certificate parsing failed: {0}")] + X509ParsingFailed(String), + #[error("ASN.1 decoding failed: {0}")] + Asn1DecodingFailed(String), + #[error("Base64 decoding failed: {0}")] + Base64DecodingFailed(String), + #[error("Missing required field: {0}")] + MissingRequiredField(String), + #[error("Invalid certificate type")] + InvalidCertificateType, + #[error("Missing DG1 hash in eContent")] + MissingDg1Hash, + #[error("Missing CSCA public key for mock data")] + MissingCscaMockKey, + #[error("Failed to load CSCA public keys")] + FailedToLoadCscaKeys, + #[error("Invalid date: {0}")] + InvalidDate(String), + #[error("Unsupported digest algorithm: {0}")] + UnsupportedDigestAlgorithm(String), } diff --git a/playground/passport-input-gen/src/parser/utils.rs b/playground/passport-input-gen/src/parser/utils.rs index 7fc0eafc3..65b54f70e 100644 --- a/playground/passport-input-gen/src/parser/utils.rs +++ b/playground/passport-input-gen/src/parser/utils.rs @@ -1,10 +1,10 @@ use { - crate::parser::binary::Binary, + crate::parser::{binary::Binary, types::PassportError}, serde::Deserialize, - std::{cell::RefCell, collections::HashMap, fs}, + std::{collections::HashMap, fs}, }; -#[derive(Debug)] +#[derive(Debug, Clone)] pub struct OidEntry { pub d: &'static str, pub c: &'static str, @@ -46,61 +46,65 @@ pub fn version_from(value: &rasn::types::Integer) -> u32 { value.to_u32_digits().1.first().copied().unwrap_or(0) } -pub fn fit(data: &[u8]) -> [u8; N] { +pub fn fit(data: &[u8]) -> Result<[u8; N], PassportError> { + if data.len() > N { + return Err(PassportError::BufferOverflow(format!( + "data size {} exceeds buffer size {}", + data.len(), + N + ))); + } let mut buf = [0u8; N]; - let len = data.len().min(N); - buf[..len].copy_from_slice(&data[..len]); - buf + buf[..data.len()].copy_from_slice(data); + Ok(buf) } #[derive(Deserialize)] pub struct CscaKey { - pub filename: String, - pub public_key: String, + #[serde(rename = "filename")] + pub _filename: String, + pub public_key: String, // pub subject: String, #[serde(rename = "notBefore")] - pub not_before: String, + pub _not_before: String, #[serde(rename = "notAfter")] - pub not_after: String, - pub serial: String, -} - -thread_local! { - static CSCA_JSON_PATH: RefCell> = RefCell::new(None); + pub _not_after: String, + #[serde(rename = "serial")] + pub _serial: String, } -pub fn set_csca_json_path(path: Option) { - CSCA_JSON_PATH.with(|p| *p.borrow_mut() = path); -} +pub const ASN1_OCTET_STRING_TAG: u8 = 0x04; +pub const ASN1_HEADER_LEN: usize = 2; pub fn load_csca_public_keys() -> Result>, Box> { - let path = CSCA_JSON_PATH - .with(|p| p.borrow().clone()) - .unwrap_or_else(|| "csca_registry/csca_public_key.json".to_string()); + let path = "csca_registry/csca_public_key.json"; let file_content = fs::read_to_string(path)?; let csca_keys: HashMap> = serde_json::from_str(&file_content)?; Ok(csca_keys) } -pub fn to_fixed_array(bytes: Vec, label: &str) -> [u8; N] { - bytes - .try_into() - .unwrap_or_else(|_| panic!("{label} not {N} bytes")) +pub fn to_fixed_array(bytes: &[u8], label: &str) -> Result<[u8; N], PassportError> { + bytes.try_into().map_err(|_| { + PassportError::BufferOverflow(format!( + "{label} must be exactly {N} bytes, got {}", + bytes.len() + )) + }) } -pub fn to_u32(bytes: Vec) -> u32 { +pub fn to_u32(bytes: Vec) -> Result { if bytes.len() > 4 { - panic!("RSA exponent too large"); + return Err(PassportError::RsaExponentTooLarge); } let mut buf = [0u8; 4]; buf[4 - bytes.len()..].copy_from_slice(&bytes); - u32::from_be_bytes(buf) + Ok(u32::from_be_bytes(buf)) } -pub fn find_offset(haystack: &[u8], needle: &[u8], label: &str) -> usize { +pub fn find_offset(haystack: &[u8], needle: &[u8], label: &str) -> Result { haystack .windows(needle.len()) .position(|w| w == needle) - .unwrap_or_else(|| panic!("{label} not found")) + .ok_or_else(|| PassportError::DataNotFound(label.to_string())) } From bce9885a1d957c4bab10ce4408168a2a553667bc Mon Sep 17 00:00:00 2001 From: 0xvikasrushi <0xvikas@gmail.com> Date: Wed, 17 Sep 2025 22:15:31 +0530 Subject: [PATCH 10/10] feat: add readme to passport input gen --- playground/passport-input-gen/README.md | 110 ++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 playground/passport-input-gen/README.md diff --git a/playground/passport-input-gen/README.md b/playground/passport-input-gen/README.md new file mode 100644 index 000000000..da843e60b --- /dev/null +++ b/playground/passport-input-gen/README.md @@ -0,0 +1,110 @@ +# Passport Input Generator + +A Rust crate for parsing passport data and generating circuit inputs for Noir Circuits. + +## Overview + +This crate provides functionality to: + +- Parse passport Machine Readable Zone (MRZ) data from DG1 and SOD +- Validate passport signatures using DSC and CSCA certificates +- Generate mock passport data for testing +- Convert passport data to circuit inputs for Noir zero-knowledge circuits + +### `PassportReader` + +Main structure for reading and validating passport data. + +**Structure:** + +```rust +pub struct PassportReader { + dg1: Binary, // DG1 (Machine Readable Zone) data + sod: SOD, // Security Object Document + mockdata: bool, // Flag indicating mock vs real passport data + csca_pubkey: Option, // Optional CSCA public key for mock data +} +``` + +**Key Behavior:** + +- When `mockdata: false`: The reader searches for existing CSCA keys from a predefined set. Currently supports USA CSCA keys loaded from the system. The `validate()` method iterates through all available USA CSCA keys to find one that successfully validates the passport signature. + +- When `mockdata: true`: The reader uses the provided `csca_pubkey` for validation. This is useful for testing with synthetic passport data generated using mock keys. + +**Methods:** + +- `validate() -> Result` - Validates the passport signatures and returns the CSCA key index used. For mock data, always returns index 0. For real data, returns the index of the USA CSCA key that successfully validated the passport. +- `to_circuit_inputs(current_date: u64, min_age_required: u8, max_age_required: u8, csca_key_index: usize) -> Result` - Converts passport data to circuit inputs + +#### `CircuitInputs` + +Contains all necessary inputs for Noir circuits. + +**Methods:** + +- `to_toml_string() -> String` - Converts circuit inputs to TOML format string +- `save_to_toml_file>(path: P) -> std::io::Result<()>` - Saves circuit inputs to a TOML file + +### Mock Data Generation + +#### `mock_generator` module + +**Functions:** + +- `dg1_bytes_with_birthdate_expiry_date(birthdate: &[u8; 6], expiry: &[u8; 6]) -> Vec` - Generates fake DG1 data with specified birth and expiry dates (format: YYMMDD) +- `generate_fake_sod(dg1: &[u8], dsc_priv: &RsaPrivateKey, dsc_pub: &RsaPublicKey, csca_priv: &RsaPrivateKey, _csca_pub: &RsaPublicKey) -> SOD` - Creates a synthetic SOD structure for testing + +#### `mock_keys` module + +**Constants:** + +- `MOCK_CSCA_PRIV_KEY_B64: &str` - Base64-encoded mock CSCA private key for testing +- `MOCK_DSC_PRIV_KEY_B64: &str` - Base64-encoded mock DSC private key for testing + +## Usage Example + +```rust +use passport_input_gen::{PassportReader, mock_generator, mock_keys}; +use base64::{engine::general_purpose::STANDARD, Engine as _}; +use rsa::{RsaPrivateKey, pkcs8::DecodePrivateKey}; + +// Load mock keys +let csca_der = STANDARD.decode(mock_keys::MOCK_CSCA_PRIV_KEY_B64)?; +let csca_priv = RsaPrivateKey::from_pkcs8_der(&csca_der)?; +let csca_pub = csca_priv.to_public_key(); + +let dsc_der = STANDARD.decode(mock_keys::MOCK_DSC_PRIV_KEY_B64)?; +let dsc_priv = RsaPrivateKey::from_pkcs8_der(&dsc_der)?; +let dsc_pub = dsc_priv.to_public_key(); + +// Generate mock passport data +let dg1 = mock_generator::dg1_bytes_with_birthdate_expiry_date(b"900101", b"300101"); +let sod = mock_generator::generate_fake_sod(&dg1, &dsc_priv, &dsc_pub, &csca_priv, &csca_pub); + +// Create passport reader +let reader = PassportReader { + dg1: Binary::from_slice(&dg1), + sod, + mockdata: true, + csca_pubkey: Some(csca_pub), +}; + +// Validate passport +let csca_index = reader.validate()?; + +// Generate circuit inputs +let current_timestamp = chrono::Utc::now().timestamp() as u64; +let inputs = reader.to_circuit_inputs(current_timestamp, 18, 70, csca_index)?; + +// Export to TOML +inputs.save_to_toml_file("circuit_inputs.toml")?; +``` + +## Testing + +The crate includes tests for mock data generation and validation. Run tests with: + +```bash +cargo test +```