grommunio / grommunio-web

plugins/smime/php/lib/Oids.php

Indentation +1959 added lines, -1959 removed lines

@@ -20,1963 +20,1963 @@
 */
 
 class Oids {
-	public $oids = [
-		'0.2.262.1.10*' => 'Telesec',
-		'0.2.262.1.10.0*' => 'extension',
-		'0.2.262.1.10.1*' => 'mechanism',
-		'0.2.262.1.10.1.0*' => 'authentication',
-		'0.2.262.1.10.1.0.1*' => 'passwordAuthentication',
-		'0.2.262.1.10.1.0.2*' => 'protectedPasswordAuthentication',
-		'0.2.262.1.10.1.0.3*' => 'oneWayX509Authentication',
-		'0.2.262.1.10.1.0.4*' => 'twoWayX509Authentication',
-		'0.2.262.1.10.1.0.5*' => 'threeWayX509Authentication',
-		'0.2.262.1.10.1.0.6*' => 'oneWayISO9798Authentication',
-		'0.2.262.1.10.1.0.7*' => 'twoWayISO9798Authentication',
-		'0.2.262.1.10.1.0.8*' => 'telekomAuthentication',
-		'0.2.262.1.10.1.1*' => 'signature',
-		'0.2.262.1.10.1.1.1*' => 'md4WithRSAAndISO9697',
-		'0.2.262.1.10.1.1.2*' => 'md4WithRSAAndTelesecSignatureStandard',
-		'0.2.262.1.10.1.1.3*' => 'md5WithRSAAndISO9697',
-		'0.2.262.1.10.1.1.4*' => 'md5WithRSAAndTelesecSignatureStandard',
-		'0.2.262.1.10.1.1.5*' => 'ripemd160WithRSAAndTelekomSignatureStandard',
-		'0.2.262.1.10.1.1.9*' => 'hbciRsaSignature',
-		'0.2.262.1.10.1.2*' => 'encryption',
-		'0.2.262.1.10.1.2.0*' => 'none',
-		'0.2.262.1.10.1.2.1*' => 'rsaTelesec',
-		'0.2.262.1.10.1.2.2*' => 'des',
-		'0.2.262.1.10.1.2.2.1*' => 'desECB',
-		'0.2.262.1.10.1.2.2.2*' => 'desCBC',
-		'0.2.262.1.10.1.2.2.3*' => 'desOFB',
-		'0.2.262.1.10.1.2.2.4*' => 'desCFB8',
-		'0.2.262.1.10.1.2.2.5*' => 'desCFB64',
-		'0.2.262.1.10.1.2.3*' => 'des3',
-		'0.2.262.1.10.1.2.3.1*' => 'des3ECB',
-		'0.2.262.1.10.1.2.3.2*' => 'des3CBC',
-		'0.2.262.1.10.1.2.3.3*' => 'des3OFB',
-		'0.2.262.1.10.1.2.3.4*' => 'des3CFB8',
-		'0.2.262.1.10.1.2.3.5*' => 'des3CFB64',
-		'0.2.262.1.10.1.2.4*' => 'magenta',
-		'0.2.262.1.10.1.2.5*' => 'idea',
-		'0.2.262.1.10.1.2.5.1*' => 'ideaECB',
-		'0.2.262.1.10.1.2.5.2*' => 'ideaCBC',
-		'0.2.262.1.10.1.2.5.3*' => 'ideaOFB',
-		'0.2.262.1.10.1.2.5.4*' => 'ideaCFB8',
-		'0.2.262.1.10.1.2.5.5*' => 'ideaCFB64',
-		'0.2.262.1.10.1.3*' => 'oneWayFunction',
-		'0.2.262.1.10.1.3.1*' => 'md4',
-		'0.2.262.1.10.1.3.2*' => 'md5',
-		'0.2.262.1.10.1.3.3*' => 'sqModNX509',
-		'0.2.262.1.10.1.3.4*' => 'sqModNISO',
-		'0.2.262.1.10.1.3.5*' => 'ripemd128',
-		'0.2.262.1.10.1.3.6*' => 'hashUsingBlockCipher',
-		'0.2.262.1.10.1.3.7*' => 'mac',
-		'0.2.262.1.10.1.3.8*' => 'ripemd160',
-		'0.2.262.1.10.1.4*' => 'fecFunction',
-		'0.2.262.1.10.1.4.1*' => 'reedSolomon',
-		'0.2.262.1.10.2*' => 'module',
-		'0.2.262.1.10.2.0*' => 'algorithms',
-		'0.2.262.1.10.2.1*' => 'attributeTypes',
-		'0.2.262.1.10.2.2*' => 'certificateTypes',
-		'0.2.262.1.10.2.3*' => 'messageTypes',
-		'0.2.262.1.10.2.4*' => 'plProtocol',
-		'0.2.262.1.10.2.5*' => 'smeAndComponentsOfSme',
-		'0.2.262.1.10.2.6*' => 'fec',
-		'0.2.262.1.10.2.7*' => 'usefulDefinitions',
-		'0.2.262.1.10.2.8*' => 'stefiles',
-		'0.2.262.1.10.2.9*' => 'sadmib',
-		'0.2.262.1.10.2.10*' => 'electronicOrder',
-		'0.2.262.1.10.2.11*' => 'telesecTtpAsymmetricApplication',
-		'0.2.262.1.10.2.12*' => 'telesecTtpBasisApplication',
-		'0.2.262.1.10.2.13*' => 'telesecTtpMessages',
-		'0.2.262.1.10.2.14*' => 'telesecTtpTimeStampApplication',
-		'0.2.262.1.10.3*' => 'objectClass',
-		'0.2.262.1.10.3.0*' => 'telesecOtherName',
-		'0.2.262.1.10.3.1*' => 'directory',
-		'0.2.262.1.10.3.2*' => 'directoryType',
-		'0.2.262.1.10.3.3*' => 'directoryGroup',
-		'0.2.262.1.10.3.4*' => 'directoryUser',
-		'0.2.262.1.10.3.5*' => 'symmetricKeyEntry',
-		'0.2.262.1.10.4*' => 'package',
-		'0.2.262.1.10.5*' => 'parameter',
-		'0.2.262.1.10.6*' => 'nameBinding',
-		'0.2.262.1.10.7*' => 'attribute',
-		'0.2.262.1.10.7.0*' => 'applicationGroupIdentifier',
-		'0.2.262.1.10.7.1*' => 'certificateType',
-		'0.2.262.1.10.7.2*' => 'telesecCertificate',
-		'0.2.262.1.10.7.3*' => 'certificateNumber',
-		'0.2.262.1.10.7.4*' => 'certificateRevocationList',
-		'0.2.262.1.10.7.5*' => 'creationDate',
-		'0.2.262.1.10.7.6*' => 'issuer',
-		'0.2.262.1.10.7.7*' => 'namingAuthority',
-		'0.2.262.1.10.7.8*' => 'publicKeyDirectory',
-		'0.2.262.1.10.7.9*' => 'securityDomain',
-		'0.2.262.1.10.7.10*' => 'subject',
-		'0.2.262.1.10.7.11*' => 'timeOfRevocation',
-		'0.2.262.1.10.7.12*' => 'userGroupReference',
-		'0.2.262.1.10.7.13*' => 'validity',
-		'0.2.262.1.10.7.14*' => 'zert93',
-		'0.2.262.1.10.7.15*' => 'securityMessEnv',
-		'0.2.262.1.10.7.16*' => 'anonymizedPublicKeyDirectory',
-		'0.2.262.1.10.7.17*' => 'telesecGivenName',
-		'0.2.262.1.10.7.18*' => 'nameAdditions',
-		'0.2.262.1.10.7.19*' => 'telesecPostalCode',
-		'0.2.262.1.10.7.20*' => 'nameDistinguisher',
-		'0.2.262.1.10.7.21*' => 'telesecCertificateList',
-		'0.2.262.1.10.7.22*' => 'teletrustCertificateList',
-		'0.2.262.1.10.7.23*' => 'x509CertificateList',
-		'0.2.262.1.10.7.24*' => 'timeOfIssue',
-		'0.2.262.1.10.7.25*' => 'physicalCardNumber',
-		'0.2.262.1.10.7.26*' => 'fileType',
-		'0.2.262.1.10.7.27*' => 'ctlFileIsArchive',
-		'0.2.262.1.10.7.28*' => 'emailAddress',
-		'0.2.262.1.10.7.29*' => 'certificateTemplateList',
-		'0.2.262.1.10.7.30*' => 'directoryName',
-		'0.2.262.1.10.7.31*' => 'directoryTypeName',
-		'0.2.262.1.10.7.32*' => 'directoryGroupName',
-		'0.2.262.1.10.7.33*' => 'directoryUserName',
-		'0.2.262.1.10.7.34*' => 'revocationFlag',
-		'0.2.262.1.10.7.35*' => 'symmetricKeyEntryName',
-		'0.2.262.1.10.7.36*' => 'glNumber',
-		'0.2.262.1.10.7.37*' => 'goNumber',
-		'0.2.262.1.10.7.38*' => 'gKeyData',
-		'0.2.262.1.10.7.39*' => 'zKeyData',
-		'0.2.262.1.10.7.40*' => 'ktKeyData',
-		'0.2.262.1.10.7.41*' => 'ktKeyNumber',
-		'0.2.262.1.10.7.51*' => 'timeOfRevocationGen',
-		'0.2.262.1.10.7.52*' => 'liabilityText',
-		'0.2.262.1.10.8*' => 'attributeGroup',
-		'0.2.262.1.10.9*' => 'action',
-		'0.2.262.1.10.10*' => 'notification',
-		'0.2.262.1.10.11*' => 'snmp-mibs',
-		'0.2.262.1.10.11.1*' => 'securityApplication',
-		'0.2.262.1.10.12*' => 'certAndCrlExtensionDefinitions',
-		'0.2.262.1.10.12.0*' => 'liabilityLimitationFlag',
-		'0.2.262.1.10.12.1*' => 'telesecCertIdExt',
-		'0.2.262.1.10.12.2*' => 'Telesec policyIdentifier',
-		'0.2.262.1.10.12.3*' => 'telesecPolicyQualifierID',
-		'0.2.262.1.10.12.4*' => 'telesecCRLFilteredExt',
-		'0.2.262.1.10.12.5*' => 'telesecCRLFilterExt',
-		'0.2.262.1.10.12.6*' => 'telesecNamingAuthorityExt',
-		'0.4.0.127.0.7*' => 'bsi',
-		'0.4.0.127.0.7.1*' => 'bsiEcc',
-		'0.4.0.127.0.7.1.1*' => 'bsifieldType',
-		'0.4.0.127.0.7.1.1.1*' => 'bsiPrimeField',
-		'0.4.0.127.0.7.1.1.2*' => 'bsiCharacteristicTwoField',
-		'0.4.0.127.0.7.1.1.2.3*' => 'bsiCharacteristicTwoBasis',
-		'0.4.0.127.0.7.1.1.2.3.1*' => 'bsiGnBasis',
-		'0.4.0.127.0.7.1.1.2.3.2*' => 'bsiTpBasis',
-		'0.4.0.127.0.7.1.1.2.3.3*' => 'bsiPpBasis',
-		'0.4.0.127.0.7.1.1.4.1*' => 'bsiEcdsaSignatures',
-		'0.4.0.127.0.7.1.1.4.1.1*' => 'bsiEcdsaWithSHA1',
-		'0.4.0.127.0.7.1.1.4.1.2*' => 'bsiEcdsaWithSHA224',
-		'0.4.0.127.0.7.1.1.4.1.3*' => 'bsiEcdsaWithSHA256',
-		'0.4.0.127.0.7.1.1.4.1.4*' => 'bsiEcdsaWithSHA384',
-		'0.4.0.127.0.7.1.1.4.1.5*' => 'bsiEcdsaWithSHA512',
-		'0.4.0.127.0.7.1.1.4.1.6*' => 'bsiEcdsaWithRIPEMD160',
-		'0.4.0.127.0.7.1.2*' => 'bsiEcKeyType',
-		'0.4.0.127.0.7.1.2.1*' => 'bsiEcPublicKey',
-		'0.4.0.127.0.7.1.5.1*' => 'bsiKaeg',
-		'0.4.0.127.0.7.1.5.1.1*' => 'bsiKaegWithX963KDF',
-		'0.4.0.127.0.7.1.5.1.2*' => 'bsiKaegWith3DESKDF',
-		'0.4.0.127.0.7.2.2.1*' => 'bsiPK',
-		'0.4.0.127.0.7.2.2.1.1*' => 'bsiPK_DH',
-		'0.4.0.127.0.7.2.2.1.2*' => 'bsiPK_ECDH',
-		'0.4.0.127.0.7.2.2.2*' => 'bsiTA',
-		'0.4.0.127.0.7.2.2.2.1*' => 'bsiTA_RSA',
-		'0.4.0.127.0.7.2.2.2.1.1*' => 'bsiTA_RSAv1_5_SHA1',
-		'0.4.0.127.0.7.2.2.2.1.2*' => 'bsiTA_RSAv1_5_SHA256',
-		'0.4.0.127.0.7.2.2.2.1.3*' => 'bsiTA_RSAPSS_SHA1',
-		'0.4.0.127.0.7.2.2.2.1.4*' => 'bsiTA_RSAPSS_SHA256',
-		'0.4.0.127.0.7.2.2.2.2*' => 'bsiTA_ECDSA',
-		'0.4.0.127.0.7.2.2.2.2.1*' => 'bsiTA_ECDSA_SHA1',
-		'0.4.0.127.0.7.2.2.2.2.2*' => 'bsiTA_ECDSA_SHA224',
-		'0.4.0.127.0.7.2.2.2.2.3*' => 'bsiTA_ECDSA_SHA256',
-		'0.4.0.127.0.7.2.2.3*' => 'bsiCA',
-		'0.4.0.127.0.7.2.2.3.1*' => 'bsiCA_DH',
-		'0.4.0.127.0.7.2.2.3.2*' => 'bsiCA_ECDH',
-		'0.4.0.127.0.7.3.1.2.1*' => 'bsiRoleEAC',
-		'0.4.0.1862*' => 'etsiQcsProfile',
-		'0.4.0.1862.1*' => 'etsiQcs',
-		'0.4.0.1862.1.1*' => 'etsiQcsCompliance',
-		'0.4.0.1862.1.2*' => 'etsiQcsLimitValue',
-		'0.4.0.1862.1.3*' => 'etsiQcsRetentionPeriod',
-		'0.4.0.1862.1.4*' => 'etsiQcsQcSSCD',
-		'0.9.2342.19200300.100.1.1*' => 'userID',
-		'0.9.2342.19200300.100.1.3*' => 'rfc822Mailbox',
-		'0.9.2342.19200300.100.1.25*' => 'domainComponent',
-		'1.0.10118.3.0.49*' => 'ripemd160',
-		'1.0.10118.3.0.50*' => 'ripemd128',
-		'1.0.10118.3.0.55*' => 'whirlpool',
-		'1.2.36.1.3.1.1.1*' => 'qgpki',
-		'1.2.36.1.3.1.1.1.1*' => 'qgpkiPolicies',
-		'1.2.36.1.3.1.1.1.1.1*' => 'qgpkiMedIntermedCA',
-		'1.2.36.1.3.1.1.1.1.1.1*' => 'qgpkiMedIntermedIndividual',
-		'1.2.36.1.3.1.1.1.1.1.2*' => 'qgpkiMedIntermedDeviceControl',
-		'1.2.36.1.3.1.1.1.1.1.3*' => 'qgpkiMedIntermedDevice',
-		'1.2.36.1.3.1.1.1.1.1.4*' => 'qgpkiMedIntermedAuthorisedParty',
-		'1.2.36.1.3.1.1.1.1.1.5*' => 'qgpkiMedIntermedDeviceSystem',
-		'1.2.36.1.3.1.1.1.1.2*' => 'qgpkiMedIssuingCA',
-		'1.2.36.1.3.1.1.1.1.2.1*' => 'qgpkiMedIssuingIndividual',
-		'1.2.36.1.3.1.1.1.1.2.2*' => 'qgpkiMedIssuingDeviceControl',
-		'1.2.36.1.3.1.1.1.1.2.3*' => 'qgpkiMedIssuingDevice',
-		'1.2.36.1.3.1.1.1.1.2.4*' => 'qgpkiMedIssuingAuthorisedParty',
-		'1.2.36.1.3.1.1.1.1.2.5*' => 'qgpkiMedIssuingClientAuth',
-		'1.2.36.1.3.1.1.1.1.2.6*' => 'qgpkiMedIssuingServerAuth',
-		'1.2.36.1.3.1.1.1.1.2.7*' => 'qgpkiMedIssuingDataProt',
-		'1.2.36.1.3.1.1.1.1.2.8*' => 'qgpkiMedIssuingTokenAuth',
-		'1.2.36.1.3.1.1.1.1.3*' => 'qgpkiBasicIntermedCA',
-		'1.2.36.1.3.1.1.1.1.3.1*' => 'qgpkiBasicIntermedDeviceSystem',
-		'1.2.36.1.3.1.1.1.1.4*' => 'qgpkiBasicIssuingCA',
-		'1.2.36.1.3.1.1.1.1.4.1*' => 'qgpkiBasicIssuingClientAuth',
-		'1.2.36.1.3.1.1.1.1.4.2*' => 'qgpkiBasicIssuingServerAuth',
-		'1.2.36.1.3.1.1.1.1.4.3*' => 'qgpkiBasicIssuingDataSigning',
-		'1.2.36.1.3.1.1.1.2*' => 'qgpkiAssuranceLevel',
-		'1.2.36.1.3.1.1.1.2.1*' => 'qgpkiAssuranceRudimentary',
-		'1.2.36.1.3.1.1.1.2.2*' => 'qgpkiAssuranceBasic',
-		'1.2.36.1.3.1.1.1.2.3*' => 'qgpkiAssuranceMedium',
-		'1.2.36.1.3.1.1.1.2.4*' => 'qgpkiAssuranceHigh',
-		'1.2.36.1.3.1.1.1.3*' => 'qgpkiCertFunction',
-		'1.2.36.1.3.1.1.1.3.1*' => 'qgpkiFunctionIndividual',
-		'1.2.36.1.3.1.1.1.3.2*' => 'qgpkiFunctionDevice',
-		'1.2.36.1.3.1.1.1.3.3*' => 'qgpkiFunctionAuthorisedParty',
-		'1.2.36.1.3.1.1.1.3.4*' => 'qgpkiFunctionDeviceControl',
-		'1.2.36.1.3.1.2*' => 'qpspki',
-		'1.2.36.1.3.1.2.1*' => 'qpspkiPolicies',
-		'1.2.36.1.3.1.2.1.2*' => 'qpspkiPolicyBasic',
-		'1.2.36.1.3.1.2.1.3*' => 'qpspkiPolicyMedium',
-		'1.2.36.1.3.1.2.1.4*' => 'qpspkiPolicyHigh',
-		'1.2.36.1.3.1.3.2*' => 'qtmrpki',
-		'1.2.36.1.3.1.3.2.1*' => 'qtmrpkiPolicies',
-		'1.2.36.1.3.1.3.2.2*' => 'qtmrpkiPurpose',
-		'1.2.36.1.3.1.3.2.2.1*' => 'qtmrpkiIndividual',
-		'1.2.36.1.3.1.3.2.2.2*' => 'qtmrpkiDeviceControl',
-		'1.2.36.1.3.1.3.2.2.3*' => 'qtmrpkiDevice',
-		'1.2.36.1.3.1.3.2.2.4*' => 'qtmrpkiAuthorisedParty',
-		'1.2.36.1.3.1.3.2.2.5*' => 'qtmrpkiDeviceSystem',
-		'1.2.36.1.3.1.3.2.3*' => 'qtmrpkiDevice',
-		'1.2.36.1.3.1.3.2.3.1*' => 'qtmrpkiDriverLicense',
-		'1.2.36.1.3.1.3.2.3.2*' => 'qtmrpkiIndustryAuthority',
-		'1.2.36.1.3.1.3.2.3.3*' => 'qtmrpkiMarineLicense',
-		'1.2.36.1.3.1.3.2.3.4*' => 'qtmrpkiAdultProofOfAge',
-		'1.2.36.1.3.1.3.2.3.5*' => 'qtmrpkiSam',
-		'1.2.36.1.3.1.3.2.4*' => 'qtmrpkiAuthorisedParty',
-		'1.2.36.1.3.1.3.2.4.1*' => 'qtmrpkiTransportInspector',
-		'1.2.36.1.3.1.3.2.4.2*' => 'qtmrpkiPoliceOfficer',
-		'1.2.36.1.3.1.3.2.4.3*' => 'qtmrpkiSystem',
-		'1.2.36.1.3.1.3.2.4.4*' => 'qtmrpkiLiquorLicensingInspector',
-		'1.2.36.1.3.1.3.2.4.5*' => 'qtmrpkiMarineEnforcementOfficer',
-		'1.2.36.1.333.1*' => 'australianBusinessNumber',
-		'1.2.36.68980861.1.1.2*' => 'signetPersonal',
-		'1.2.36.68980861.1.1.3*' => 'signetBusiness',
-		'1.2.36.68980861.1.1.4*' => 'signetLegal',
-		'1.2.36.68980861.1.1.10*' => 'signetPilot',
-		'1.2.36.68980861.1.1.11*' => 'signetIntraNet',
-		'1.2.36.68980861.1.1.20*' => 'signetPolicy',
-		'1.2.36.75878867.1.100.1.1*' => 'certificatesAustraliaPolicy',
-		'1.2.392.200011.61.1.1.1*' => 'mitsubishiSecurityAlgorithm',
-		'1.2.392.200011.61.1.1.1.1*' => 'misty1-cbc',
-		'1.2.410.200004.1.4*' => 'seedCBC',
-		'1.2.410.200004.1.7*' => 'seedMAC',
-		'1.2.410.200004.1.15*' => 'pbeWithSHA1AndSEED-CBC',
-		'1.2.410.200046.1.1*' => 'aria1AlgorithmModes',
-		'1.2.410.200046.1.1.1*' => 'aria128-ecb',
-		'1.2.410.200046.1.1.2*' => 'aria128-cbc',
-		'1.2.410.200046.1.1.3*' => 'aria128-cfb',
-		'1.2.410.200046.1.1.4*' => 'aria128-ofb',
-		'1.2.410.200046.1.1.5*' => 'aria128-ctr',
-		'1.2.410.200046.1.1.6*' => 'aria192-ecb',
-		'1.2.410.200046.1.1.7*' => 'aria192-cbc',
-		'1.2.410.200046.1.1.8*' => 'aria192-cfb',
-		'1.2.410.200046.1.1.9*' => 'aria192-ofb',
-		'1.2.410.200046.1.1.10*' => 'aria192-ctr',
-		'1.2.410.200046.1.1.11*' => 'aria256-ecb',
-		'1.2.410.200046.1.1.12*' => 'aria256-cbc',
-		'1.2.410.200046.1.1.13*' => 'aria256-ctr',
-		'1.2.410.200046.1.1.21*' => 'aria128-cmac',
-		'1.2.410.200046.1.1.22*' => 'aria192-cmac',
-		'1.2.410.200046.1.1.23*' => 'aria256-cmac',
-		'1.2.410.200046.1.1.31*' => 'aria128-ocb2',
-		'1.2.410.200046.1.1.32*' => 'aria192-ocb2',
-		'1.2.410.200046.1.1.33*' => 'aria256-ocb2',
-		'1.2.410.200046.1.1.34*' => 'aria128-gcm',
-		'1.2.410.200046.1.1.35*' => 'aria192-gcm',
-		'1.2.410.200046.1.1.36*' => 'aria256-gcm',
-		'1.2.410.200046.1.1.37*' => 'aria128-ccm',
-		'1.2.410.200046.1.1.38*' => 'aria192-ccm',
-		'1.2.410.200046.1.1.39*' => 'aria256-ccm',
-		'1.2.410.200046.1.1.40*' => 'aria128-keywrap',
-		'1.2.410.200046.1.1.41*' => 'aria192-keywrap',
-		'1.2.410.200046.1.1.42*' => 'aria256-keywrap',
-		'1.2.410.200046.1.1.43*' => 'aria128-keywrapWithPad',
-		'1.2.410.200046.1.1.44*' => 'aria192-keywrapWithPad',
-		'1.2.410.200046.1.1.45*' => 'aria256-keywrapWithPad',
-		'1.2.643.2.2.3*' => 'gostSignature',
-		'1.2.643.2.2.4*' => 'gost94Signature',
-		'1.2.643.2.2.20*' => 'gost94PublicKey',
-		'1.2.643.2.2.19*' => 'gostPublicKey',
-		'1.2.643.2.2.21*' => 'gostCipher',
-		'1.2.643.2.2.31.0*' => 'testCipherParams',
-		'1.2.643.2.2.31.1*' => 'cryptoProCipherA',
-		'1.2.643.2.2.31.2*' => 'cryptoProCipherB',
-		'1.2.643.2.2.31.3*' => 'cryptoProCipherC',
-		'1.2.643.2.2.31.4*' => 'cryptoProCipherD',
-		'1.2.643.2.2.31.5*' => 'oscar11Cipher',
-		'1.2.643.2.2.31.6*' => 'oscar10Cipher',
-		'1.2.643.2.2.31.7*' => 'ric1Cipher',
-		'1.2.643.2.2.9*' => 'gostDigest',
-		'1.2.643.2.2.30.0*' => 'testDigestParams',
-		'1.2.643.2.2.30.1*' => 'cryptoProDigestA',
-		'1.2.643.2.2.35.0*' => 'testSignParams',
-		'1.2.643.2.2.35.1*' => 'cryptoProSignA',
-		'1.2.643.2.2.35.2*' => 'cryptoProSignB',
-		'1.2.643.2.2.35.3*' => 'cryptoProSignC',
-		'1.2.643.2.2.36.0*' => 'cryptoProSignXA',
-		'1.2.643.2.2.36.1*' => 'cryptoProSignXB',
-		'1.2.643.2.2.14.0*' => 'nullMeshing',
-		'1.2.643.2.2.14.1*' => 'cryptoProMeshing',
-		'1.2.643.2.2.10*' => 'hmacGost',
-		'1.2.643.2.2.13.0*' => 'gostWrap',
-		'1.2.643.2.2.13.1*' => 'cryptoProWrap',
-		'1.2.643.2.2.96*' => 'cryptoProECDHWrap',
-		'1.2.752.34.1*' => 'seis-cp',
-		'1.2.752.34.1.1*' => 'SEIS high-assurance policyIdentifier',
-		'1.2.752.34.1.2*' => 'SEIS GAK policyIdentifier',
-		'1.2.752.34.2*' => 'SEIS pe',
-		'1.2.752.34.3*' => 'SEIS at',
-		'1.2.752.34.3.1*' => 'SEIS at-personalIdentifier',
-		'1.2.840.10040.1*' => 'module',
-		'1.2.840.10040.1.1*' => 'x9f1-cert-mgmt',
-		'1.2.840.10040.2*' => 'holdinstruction',
-		'1.2.840.10040.2.1*' => 'holdinstruction-none',
-		'1.2.840.10040.2.2*' => 'callissuer',
-		'1.2.840.10040.2.3*' => 'reject',
-		'1.2.840.10040.2.4*' => 'pickupToken',
-		'1.2.840.10040.3*' => 'attribute',
-		'1.2.840.10040.3.1*' => 'countersignature',
-		'1.2.840.10040.3.2*' => 'attribute-cert',
-		'1.2.840.10040.4*' => 'algorithm',
-		'1.2.840.10040.4.1*' => 'dsa',
-		'1.2.840.10040.4.2*' => 'dsa-match',
-		'1.2.840.10040.4.3*' => 'dsaWithSha1',
-		'1.2.840.10045.1*' => 'fieldType',
-		'1.2.840.10045.1.1*' => 'prime-field',
-		'1.2.840.10045.1.2*' => 'characteristic-two-field',
-		'1.2.840.10045.1.2.3*' => 'characteristic-two-basis',
-		'1.2.840.10045.1.2.3.1*' => 'onBasis',
-		'1.2.840.10045.1.2.3.2*' => 'tpBasis',
-		'1.2.840.10045.1.2.3.3*' => 'ppBasis',
-		'1.2.840.10045.2*' => 'publicKeyType',
-		'1.2.840.10045.2.1*' => 'ecPublicKey',
-		'1.2.840.10045.3.0.1*' => 'c2pnb163v1',
-		'1.2.840.10045.3.0.2*' => 'c2pnb163v2',
-		'1.2.840.10045.3.0.3*' => 'c2pnb163v3',
-		'1.2.840.10045.3.0.5*' => 'c2tnb191v1',
-		'1.2.840.10045.3.0.6*' => 'c2tnb191v2',
-		'1.2.840.10045.3.0.7*' => 'c2tnb191v3',
-		'1.2.840.10045.3.0.10*' => 'c2pnb208w1',
-		'1.2.840.10045.3.0.11*' => 'c2tnb239v1',
-		'1.2.840.10045.3.0.12*' => 'c2tnb239v2',
-		'1.2.840.10045.3.0.13*' => 'c2tnb239v3',
-		'1.2.840.10045.3.0.16*' => 'c2pnb272w1',
-		'1.2.840.10045.3.0.18*' => 'c2tnb359v1',
-		'1.2.840.10045.3.0.19*' => 'c2pnb368w1',
-		'1.2.840.10045.3.0.20*' => 'c2tnb431r1',
-		'1.2.840.10045.3.1.1*' => 'ansiX9p192r1',
-		'1.2.840.10045.3.1.1.1*' => 'prime192v1',
-		'1.2.840.10045.3.1.1.2*' => 'prime192v2',
-		'1.2.840.10045.3.1.1.3*' => 'prime192v3',
-		'1.2.840.10045.3.1.1.4*' => 'prime239v1',
-		'1.2.840.10045.3.1.1.5*' => 'prime239v2',
-		'1.2.840.10045.3.1.1.6*' => 'prime239v3',
-		'1.2.840.10045.3.1.1.7*' => 'prime256v1',
-		'1.2.840.10045.3.1.7*' => 'ansiX9p256r1',
-		'1.2.840.10045.4.1*' => 'ecdsaWithSHA1',
-		'1.2.840.10045.4.2*' => 'ecdsaWithRecommended',
-		'1.2.840.10045.4.3*' => 'ecdsaWithSpecified',
-		'1.2.840.10045.4.3.1*' => 'ecdsaWithSHA224',
-		'1.2.840.10045.4.3.2*' => 'ecdsaWithSHA256',
-		'1.2.840.10045.4.3.3*' => 'ecdsaWithSHA384',
-		'1.2.840.10045.4.3.4*' => 'ecdsaWithSHA512',
-		'1.2.840.10046.1*' => 'fieldType',
-		'1.2.840.10046.1.1*' => 'gf-prime',
-		'1.2.840.10046.2*' => 'numberType',
-		'1.2.840.10046.2.1*' => 'dhPublicKey',
-		'1.2.840.10046.3*' => 'scheme',
-		'1.2.840.10046.3.1*' => 'dhStatic',
-		'1.2.840.10046.3.2*' => 'dhEphem',
-		'1.2.840.10046.3.3*' => 'dhHybrid1',
-		'1.2.840.10046.3.4*' => 'dhHybrid2',
-		'1.2.840.10046.3.5*' => 'mqv2',
-		'1.2.840.10046.3.6*' => 'mqv1',
-		'1.2.840.10065.2.2*' => '?',
-		'1.2.840.10065.2.3*' => 'healthcareLicense',
-		'1.2.840.10065.2.3.1.1*' => 'license?',
-		'1.2.840.113533.7*' => 'nsn',
-		'1.2.840.113533.7.65*' => 'nsn-ce',
-		'1.2.840.113533.7.65.0*' => 'entrustVersInfo',
-		'1.2.840.113533.7.66*' => 'nsn-alg',
-		'1.2.840.113533.7.66.3*' => 'cast3CBC',
-		'1.2.840.113533.7.66.10*' => 'cast5CBC',
-		'1.2.840.113533.7.66.11*' => 'cast5MAC',
-		'1.2.840.113533.7.66.12*' => 'pbeWithMD5AndCAST5-CBC',
-		'1.2.840.113533.7.66.13*' => 'passwordBasedMac',
-		'1.2.840.113533.7.67*' => 'nsn-oc',
-		'1.2.840.113533.7.67.0*' => 'entrustUser',
-		'1.2.840.113533.7.68*' => 'nsn-at',
-		'1.2.840.113533.7.68.0*' => 'entrustCAInfo',
-		'1.2.840.113533.7.68.10*' => 'attributeCertificate',
-		'1.2.840.113549.1.1*' => 'pkcs-1',
-		'1.2.840.113549.1.1.1*' => 'rsaEncryption',
-		'1.2.840.113549.1.1.2*' => 'md2WithRSAEncryption',
-		'1.2.840.113549.1.1.3*' => 'md4WithRSAEncryption',
-		'1.2.840.113549.1.1.4*' => 'md5WithRSAEncryption',
-		'1.2.840.113549.1.1.5*' => 'sha1WithRSAEncryption',
-		'1.2.840.113549.1.1.7*' => 'rsaOAEP',
-		'1.2.840.113549.1.1.8*' => 'pkcs1-MGF',
-		'1.2.840.113549.1.1.9*' => 'rsaOAEP-pSpecified',
-		'1.2.840.113549.1.1.10*' => 'rsaPSS',
-		'1.2.840.113549.1.1.11*' => 'sha256WithRSAEncryption',
-		'1.2.840.113549.1.1.12*' => 'sha384WithRSAEncryption',
-		'1.2.840.113549.1.1.13*' => 'sha512WithRSAEncryption',
-		'1.2.840.113549.1.1.14*' => 'sha224WithRSAEncryption',
-		'1.2.840.113549.1.1.6*' => 'rsaOAEPEncryptionSET',
-		'1.2.840.113549.1.2*' => 'bsafeRsaEncr',
-		'1.2.840.113549.1.3*' => 'pkcs-3',
-		'1.2.840.113549.1.3.1*' => 'dhKeyAgreement',
-		'1.2.840.113549.1.5*' => 'pkcs-5',
-		'1.2.840.113549.1.5.1*' => 'pbeWithMD2AndDES-CBC',
-		'1.2.840.113549.1.5.3*' => 'pbeWithMD5AndDES-CBC',
-		'1.2.840.113549.1.5.4*' => 'pbeWithMD2AndRC2-CBC',
-		'1.2.840.113549.1.5.6*' => 'pbeWithMD5AndRC2-CBC',
-		'1.2.840.113549.1.5.9*' => 'pbeWithMD5AndXOR',
-		'1.2.840.113549.1.5.10*' => 'pbeWithSHAAndDES-CBC',
-		'1.2.840.113549.1.5.12*' => 'pkcs5PBKDF2',
-		'1.2.840.113549.1.5.13*' => 'pkcs5PBES2',
-		'1.2.840.113549.1.5.14*' => 'pkcs5PBMAC1',
-		'1.2.840.113549.1.7*' => 'pkcs-7',
-		'1.2.840.113549.1.7.1*' => 'data',
-		'1.2.840.113549.1.7.2*' => 'signedData',
-		'1.2.840.113549.1.7.3*' => 'envelopedData',
-		'1.2.840.113549.1.7.4*' => 'signedAndEnvelopedData',
-		'1.2.840.113549.1.7.5*' => 'digestedData',
-		'1.2.840.113549.1.7.6*' => 'encryptedData',
-		'1.2.840.113549.1.7.7*' => 'dataWithAttributes',
-		'1.2.840.113549.1.7.8*' => 'encryptedPrivateKeyInfo',
-		'1.2.840.113549.1.9*' => 'pkcs-9',
-		'1.2.840.113549.1.9.1*' => 'emailAddress',
-		'1.2.840.113549.1.9.2*' => 'unstructuredName',
-		'1.2.840.113549.1.9.3*' => 'contentType',
-		'1.2.840.113549.1.9.4*' => 'messageDigest',
-		'1.2.840.113549.1.9.5*' => 'signingTime',
-		'1.2.840.113549.1.9.6*' => 'countersignature',
-		'1.2.840.113549.1.9.7*' => 'challengePassword',
-		'1.2.840.113549.1.9.8*' => 'unstructuredAddress',
-		'1.2.840.113549.1.9.9*' => 'extendedCertificateAttributes',
-		'1.2.840.113549.1.9.10*' => 'issuerAndSerialNumber',
-		'1.2.840.113549.1.9.11*' => 'passwordCheck',
-		'1.2.840.113549.1.9.12*' => 'publicKey',
-		'1.2.840.113549.1.9.13*' => 'signingDescription',
-		'1.2.840.113549.1.9.14*' => 'extensionRequest',
-		'1.2.840.113549.1.9.15*' => 'sMIMECapabilities',
-		'1.2.840.113549.1.9.15.1*' => 'preferSignedData',
-		'1.2.840.113549.1.9.15.2*' => 'canNotDecryptAny',
-		'1.2.840.113549.1.9.15.3*' => 'receiptRequest',
-		'1.2.840.113549.1.9.15.4*' => 'receipt',
-		'1.2.840.113549.1.9.15.5*' => 'contentHints',
-		'1.2.840.113549.1.9.15.6*' => 'mlExpansionHistory',
-		'1.2.840.113549.1.9.16*' => 'id-sMIME',
-		'1.2.840.113549.1.9.16.0*' => 'id-mod',
-		'1.2.840.113549.1.9.16.0.1*' => 'id-mod-cms',
-		'1.2.840.113549.1.9.16.0.2*' => 'id-mod-ess',
-		'1.2.840.113549.1.9.16.0.3*' => 'id-mod-oid',
-		'1.2.840.113549.1.9.16.0.4*' => 'id-mod-msg-v3',
-		'1.2.840.113549.1.9.16.0.5*' => 'id-mod-ets-eSignature-88',
-		'1.2.840.113549.1.9.16.0.6*' => 'id-mod-ets-eSignature-97',
-		'1.2.840.113549.1.9.16.0.7*' => 'id-mod-ets-eSigPolicy-88',
-		'1.2.840.113549.1.9.16.0.8*' => 'id-mod-ets-eSigPolicy-88',
-		'1.2.840.113549.1.9.16.1*' => 'contentType',
-		'1.2.840.113549.1.9.16.1.1*' => 'receipt',
-		'1.2.840.113549.1.9.16.1.2*' => 'authData',
-		'1.2.840.113549.1.9.16.1.3*' => 'publishCert',
-		'1.2.840.113549.1.9.16.1.4*' => 'tSTInfo',
-		'1.2.840.113549.1.9.16.1.5*' => 'tDTInfo',
-		'1.2.840.113549.1.9.16.1.6*' => 'contentInfo',
-		'1.2.840.113549.1.9.16.1.7*' => 'dVCSRequestData',
-		'1.2.840.113549.1.9.16.1.8*' => 'dVCSResponseData',
-		'1.2.840.113549.1.9.16.1.9*' => 'compressedData',
-		'1.2.840.113549.1.9.16.1.10*' => 'scvpCertValRequest',
-		'1.2.840.113549.1.9.16.1.11*' => 'scvpCertValResponse',
-		'1.2.840.113549.1.9.16.1.12*' => 'scvpValPolRequest',
-		'1.2.840.113549.1.9.16.1.13*' => 'scvpValPolResponse',
-		'1.2.840.113549.1.9.16.1.14*' => 'attrCertEncAttrs',
-		'1.2.840.113549.1.9.16.1.15*' => 'tSReq',
-		'1.2.840.113549.1.9.16.1.16*' => 'firmwarePackage',
-		'1.2.840.113549.1.9.16.1.17*' => 'firmwareLoadReceipt',
-		'1.2.840.113549.1.9.16.1.18*' => 'firmwareLoadError',
-		'1.2.840.113549.1.9.16.1.19*' => 'contentCollection',
-		'1.2.840.113549.1.9.16.1.20*' => 'contentWithAttrs',
-		'1.2.840.113549.1.9.16.1.21*' => 'encKeyWithID',
-		'1.2.840.113549.1.9.16.1.22*' => 'encPEPSI',
-		'1.2.840.113549.1.9.16.1.23*' => 'authEnvelopedData',
-		'1.2.840.113549.1.9.16.1.24*' => 'routeOriginAttest',
-		'1.2.840.113549.1.9.16.1.25*' => 'symmetricKeyPackage',
-		'1.2.840.113549.1.9.16.1.26*' => 'rpkiManifest',
-		'1.2.840.113549.1.9.16.1.27*' => 'asciiTextWithCRLF',
-		'1.2.840.113549.1.9.16.1.28*' => 'xml',
-		'1.2.840.113549.1.9.16.1.29*' => 'pdf',
-		'1.2.840.113549.1.9.16.1.30*' => 'postscript',
-		'1.2.840.113549.1.9.16.1.31*' => 'timestampedData',
-		'1.2.840.113549.1.9.16.1.32*' => 'asAdjacencyAttest',
-		'1.2.840.113549.1.9.16.1.33*' => 'rpkiTrustAnchor',
-		'1.2.840.113549.1.9.16.1.34*' => 'trustAnchorList',
-		'1.2.840.113549.1.9.16.2*' => 'authenticatedAttributes',
-		'1.2.840.113549.1.9.16.2.1*' => 'receiptRequest',
-		'1.2.840.113549.1.9.16.2.2*' => 'securityLabel',
-		'1.2.840.113549.1.9.16.2.3*' => 'mlExpandHistory',
-		'1.2.840.113549.1.9.16.2.4*' => 'contentHint',
-		'1.2.840.113549.1.9.16.2.5*' => 'msgSigDigest',
-		'1.2.840.113549.1.9.16.2.6*' => 'encapContentType',
-		'1.2.840.113549.1.9.16.2.7*' => 'contentIdentifier',
-		'1.2.840.113549.1.9.16.2.8*' => 'macValue',
-		'1.2.840.113549.1.9.16.2.9*' => 'equivalentLabels',
-		'1.2.840.113549.1.9.16.2.10*' => 'contentReference',
-		'1.2.840.113549.1.9.16.2.11*' => 'encrypKeyPref',
-		'1.2.840.113549.1.9.16.2.12*' => 'signingCertificate',
-		'1.2.840.113549.1.9.16.2.13*' => 'smimeEncryptCerts',
-		'1.2.840.113549.1.9.16.2.14*' => 'timeStampToken',
-		'1.2.840.113549.1.9.16.2.15*' => 'sigPolicyId',
-		'1.2.840.113549.1.9.16.2.16*' => 'commitmentType',
-		'1.2.840.113549.1.9.16.2.17*' => 'signerLocation',
-		'1.2.840.113549.1.9.16.2.18*' => 'signerAttr',
-		'1.2.840.113549.1.9.16.2.19*' => 'otherSigCert',
-		'1.2.840.113549.1.9.16.2.20*' => 'contentTimestamp',
-		'1.2.840.113549.1.9.16.2.21*' => 'certificateRefs',
-		'1.2.840.113549.1.9.16.2.22*' => 'revocationRefs',
-		'1.2.840.113549.1.9.16.2.23*' => 'certValues',
-		'1.2.840.113549.1.9.16.2.24*' => 'revocationValues',
-		'1.2.840.113549.1.9.16.2.25*' => 'escTimeStamp',
-		'1.2.840.113549.1.9.16.2.26*' => 'certCRLTimestamp',
-		'1.2.840.113549.1.9.16.2.27*' => 'archiveTimeStamp',
-		'1.2.840.113549.1.9.16.2.28*' => 'signatureType',
-		'1.2.840.113549.1.9.16.2.29*' => 'dvcsDvc',
-		'1.2.840.113549.1.9.16.2.30*' => 'cekReference',
-		'1.2.840.113549.1.9.16.2.31*' => 'maxCEKDecrypts',
-		'1.2.840.113549.1.9.16.2.32*' => 'kekDerivationAlg',
-		'1.2.840.113549.1.9.16.2.33*' => 'intendedRecipients',
-		'1.2.840.113549.1.9.16.2.34*' => 'cmcUnsignedData',
-		'1.2.840.113549.1.9.16.2.35*' => 'fwPackageID',
-		'1.2.840.113549.1.9.16.2.36*' => 'fwTargetHardwareIDs',
-		'1.2.840.113549.1.9.16.2.37*' => 'fwDecryptKeyID',
-		'1.2.840.113549.1.9.16.2.38*' => 'fwImplCryptAlgs',
-		'1.2.840.113549.1.9.16.2.39*' => 'fwWrappedFirmwareKey',
-		'1.2.840.113549.1.9.16.2.40*' => 'fwCommunityIdentifiers',
-		'1.2.840.113549.1.9.16.2.41*' => 'fwPkgMessageDigest',
-		'1.2.840.113549.1.9.16.2.42*' => 'fwPackageInfo',
-		'1.2.840.113549.1.9.16.2.43*' => 'fwImplCompressAlgs',
-		'1.2.840.113549.1.9.16.2.44*' => 'etsAttrCertificateRefs',
-		'1.2.840.113549.1.9.16.2.45*' => 'etsAttrRevocationRefs',
-		'1.2.840.113549.1.9.16.2.46*' => 'binarySigningTime',
-		'1.2.840.113549.1.9.16.2.47*' => 'signingCertificateV2',
-		'1.2.840.113549.1.9.16.2.48*' => 'etsArchiveTimeStampV2',
-		'1.2.840.113549.1.9.16.2.49*' => 'erInternal',
-		'1.2.840.113549.1.9.16.2.50*' => 'erExternal',
-		'1.2.840.113549.1.9.16.2.51*' => 'multipleSignatures',
-		'1.2.840.113549.1.9.16.3.1*' => 'esDHwith3DES',
-		'1.2.840.113549.1.9.16.3.2*' => 'esDHwithRC2',
-		'1.2.840.113549.1.9.16.3.3*' => '3desWrap',
-		'1.2.840.113549.1.9.16.3.4*' => 'rc2Wrap',
-		'1.2.840.113549.1.9.16.3.5*' => 'esDH',
-		'1.2.840.113549.1.9.16.3.6*' => 'cms3DESwrap',
-		'1.2.840.113549.1.9.16.3.7*' => 'cmsRC2wrap',
-		'1.2.840.113549.1.9.16.3.8*' => 'zlib',
-		'1.2.840.113549.1.9.16.3.9*' => 'pwriKEK',
-		'1.2.840.113549.1.9.16.3.10*' => 'ssDH',
-		'1.2.840.113549.1.9.16.3.11*' => 'hmacWith3DESwrap',
-		'1.2.840.113549.1.9.16.3.12*' => 'hmacWithAESwrap',
-		'1.2.840.113549.1.9.16.3.13*' => 'md5XorExperiment',
-		'1.2.840.113549.1.9.16.3.14*' => 'rsaKEM',
-		'1.2.840.113549.1.9.16.3.15*' => 'authEnc128',
-		'1.2.840.113549.1.9.16.3.16*' => 'authEnc256',
-		'1.2.840.113549.1.9.16.4.1*' => 'certDist-ldap',
-		'1.2.840.113549.1.9.16.5.1*' => 'sigPolicyQualifier-spuri x',
-		'1.2.840.113549.1.9.16.5.2*' => 'sigPolicyQualifier-spUserNotice',
-		'1.2.840.113549.1.9.16.6.1*' => 'proofOfOrigin',
-		'1.2.840.113549.1.9.16.6.2*' => 'proofOfReceipt',
-		'1.2.840.113549.1.9.16.6.3*' => 'proofOfDelivery',
-		'1.2.840.113549.1.9.16.6.4*' => 'proofOfSender',
-		'1.2.840.113549.1.9.16.6.5*' => 'proofOfApproval',
-		'1.2.840.113549.1.9.16.6.6*' => 'proofOfCreation',
-		'1.2.840.113549.1.9.16.8.1*' => 'glUseKEK',
-		'1.2.840.113549.1.9.16.8.2*' => 'glDelete',
-		'1.2.840.113549.1.9.16.8.3*' => 'glAddMember',
-		'1.2.840.113549.1.9.16.8.4*' => 'glDeleteMember',
-		'1.2.840.113549.1.9.16.8.5*' => 'glRekey',
-		'1.2.840.113549.1.9.16.8.6*' => 'glAddOwner',
-		'1.2.840.113549.1.9.16.8.7*' => 'glRemoveOwner',
-		'1.2.840.113549.1.9.16.8.8*' => 'glkCompromise',
-		'1.2.840.113549.1.9.16.8.9*' => 'glkRefresh',
-		'1.2.840.113549.1.9.16.8.10*' => 'glFailInfo',
-		'1.2.840.113549.1.9.16.8.11*' => 'glaQueryRequest',
-		'1.2.840.113549.1.9.16.8.12*' => 'glaQueryResponse',
-		'1.2.840.113549.1.9.16.8.13*' => 'glProvideCert',
-		'1.2.840.113549.1.9.16.8.14*' => 'glUpdateCert',
-		'1.2.840.113549.1.9.16.8.15*' => 'glKey',
-		'1.2.840.113549.1.9.16.9*' => 'signatureTypeIdentifier',
-		'1.2.840.113549.1.9.16.9.1*' => 'originatorSig',
-		'1.2.840.113549.1.9.16.9.2*' => 'domainSig',
-		'1.2.840.113549.1.9.16.9.3*' => 'additionalAttributesSig',
-		'1.2.840.113549.1.9.16.9.4*' => 'reviewSig',
-		'1.2.840.113549.1.9.16.11*' => 'capabilities',
-		'1.2.840.113549.1.9.16.11.1*' => 'preferBinaryInside',
-		'1.2.840.113549.1.9.20*' => 'friendlyName (for PKCS #12)',
-		'1.2.840.113549.1.9.21*' => 'localKeyID (for PKCS #12)',
-		'1.2.840.113549.1.9.22*' => 'certTypes (for PKCS #12)',
-		'1.2.840.113549.1.9.22.1*' => 'x509Certificate (for PKCS #12)',
-		'1.2.840.113549.1.9.22.2*' => 'sdsiCertificate (for PKCS #12)',
-		'1.2.840.113549.1.9.23*' => 'crlTypes (for PKCS #12)',
-		'1.2.840.113549.1.9.23.1*' => 'x509Crl (for PKCS #12)',
-		'1.2.840.113549.1.9.24*' => 'pkcs9objectClass',
-		'1.2.840.113549.1.9.25*' => 'pkcs9attributes',
-		'1.2.840.113549.1.9.25.1*' => 'pkcs15Token',
-		'1.2.840.113549.1.9.25.2*' => 'encryptedPrivateKeyInfo',
-		'1.2.840.113549.1.9.25.3*' => 'randomNonce',
-		'1.2.840.113549.1.9.25.4*' => 'sequenceNumber',
-		'1.2.840.113549.1.9.25.5*' => 'pkcs7PDU',
-		'1.2.840.113549.1.9.26*' => 'pkcs9syntax',
-		'1.2.840.113549.1.9.27*' => 'pkcs9matchingRules',
-		'1.2.840.113549.1.12*' => 'pkcs-12',
-		'1.2.840.113549.1.12.1*' => 'pkcs-12-PbeIds',
-		'1.2.840.113549.1.12.1.1*' => 'pbeWithSHAAnd128BitRC4',
-		'1.2.840.113549.1.12.1.2*' => 'pbeWithSHAAnd40BitRC4',
-		'1.2.840.113549.1.12.1.3*' => 'pbeWithSHAAnd3-KeyTripleDES-CBC',
-		'1.2.840.113549.1.12.1.4*' => 'pbeWithSHAAnd2-KeyTripleDES-CBC',
-		'1.2.840.113549.1.12.1.5*' => 'pbeWithSHAAnd128BitRC2-CBC',
-		'1.2.840.113549.1.12.1.6*' => 'pbeWithSHAAnd40BitRC2-CBC',
-		'1.2.840.113549.1.12.2*' => 'pkcs-12-ESPVKID',
-		'1.2.840.113549.1.12.2.1*' => 'pkcs-12-PKCS8KeyShrouding',
-		'1.2.840.113549.1.12.3*' => 'pkcs-12-BagIds',
-		'1.2.840.113549.1.12.3.1*' => 'pkcs-12-keyBagId',
-		'1.2.840.113549.1.12.3.2*' => 'pkcs-12-certAndCRLBagId',
-		'1.2.840.113549.1.12.3.3*' => 'pkcs-12-secretBagId',
-		'1.2.840.113549.1.12.3.4*' => 'pkcs-12-safeContentsId',
-		'1.2.840.113549.1.12.3.5*' => 'pkcs-12-pkcs-8ShroudedKeyBagId',
-		'1.2.840.113549.1.12.4*' => 'pkcs-12-CertBagID',
-		'1.2.840.113549.1.12.4.1*' => 'pkcs-12-X509CertCRLBagID',
-		'1.2.840.113549.1.12.4.2*' => 'pkcs-12-SDSICertBagID',
-		'1.2.840.113549.1.12.5*' => 'pkcs-12-OID',
-		'1.2.840.113549.1.12.5.1*' => 'pkcs-12-PBEID',
-		'1.2.840.113549.1.12.5.1.1*' => 'pkcs-12-PBEWithSha1And128BitRC4',
-		'1.2.840.113549.1.12.5.1.2*' => 'pkcs-12-PBEWithSha1And40BitRC4',
-		'1.2.840.113549.1.12.5.1.3*' => 'pkcs-12-PBEWithSha1AndTripleDESCBC',
-		'1.2.840.113549.1.12.5.1.4*' => 'pkcs-12-PBEWithSha1And128BitRC2CBC',
-		'1.2.840.113549.1.12.5.1.5*' => 'pkcs-12-PBEWithSha1And40BitRC2CBC',
-		'1.2.840.113549.1.12.5.1.6*' => 'pkcs-12-PBEWithSha1AndRC4',
-		'1.2.840.113549.1.12.5.1.7*' => 'pkcs-12-PBEWithSha1AndRC2CBC',
-		'1.2.840.113549.1.12.5.2*' => 'pkcs-12-EnvelopingID',
-		'1.2.840.113549.1.12.5.2.1*' => 'pkcs-12-RSAEncryptionWith128BitRC4',
-		'1.2.840.113549.1.12.5.2.2*' => 'pkcs-12-RSAEncryptionWith40BitRC4',
-		'1.2.840.113549.1.12.5.2.3*' => 'pkcs-12-RSAEncryptionWithTripleDES',
-		'1.2.840.113549.1.12.5.3*' => 'pkcs-12-SignatureID',
-		'1.2.840.113549.1.12.5.3.1*' => 'pkcs-12-RSASignatureWithSHA1Digest',
-		'1.2.840.113549.1.12.10*' => 'pkcs-12Version1',
-		'1.2.840.113549.1.12.10.1*' => 'pkcs-12BadIds',
-		'1.2.840.113549.1.12.10.1.1*' => 'pkcs-12-keyBag',
-		'1.2.840.113549.1.12.10.1.2*' => 'pkcs-12-pkcs-8ShroudedKeyBag',
-		'1.2.840.113549.1.12.10.1.3*' => 'pkcs-12-certBag',
-		'1.2.840.113549.1.12.10.1.4*' => 'pkcs-12-crlBag',
-		'1.2.840.113549.1.12.10.1.5*' => 'pkcs-12-secretBag',
-		'1.2.840.113549.1.12.10.1.6*' => 'pkcs-12-safeContentsBag',
-		'1.2.840.113549.1.15.1*' => 'pkcs15modules',
-		'1.2.840.113549.1.15.2*' => 'pkcs15attributes',
-		'1.2.840.113549.1.15.3*' => 'pkcs15contentType',
-		'1.2.840.113549.1.15.3.1*' => 'pkcs15content',
-		'1.2.840.113549.2*' => 'digestAlgorithm',
-		'1.2.840.113549.2.2*' => 'md2',
-		'1.2.840.113549.2.4*' => 'md4',
-		'1.2.840.113549.2.5*' => 'md5',
-		'1.2.840.113549.2.7*' => 'hmacWithSHA1',
-		'1.2.840.113549.2.8*' => 'hmacWithSHA224',
-		'1.2.840.113549.2.9*' => 'hmacWithSHA256',
-		'1.2.840.113549.2.10*' => 'hmacWithSHA384',
-		'1.2.840.113549.2.11*' => 'hmacWithSHA512',
-		'1.2.840.113549.3*' => 'encryptionAlgorithm',
-		'1.2.840.113549.3.2*' => 'rc2CBC',
-		'1.2.840.113549.3.3*' => 'rc2ECB',
-		'1.2.840.113549.3.4*' => 'rc4',
-		'1.2.840.113549.3.5*' => 'rc4WithMAC',
-		'1.2.840.113549.3.6*' => 'desx-CBC',
-		'1.2.840.113549.3.7*' => 'des-EDE3-CBC',
-		'1.2.840.113549.3.8*' => 'rc5CBC',
-		'1.2.840.113549.3.9*' => 'rc5-CBCPad',
-		'1.2.840.113549.3.10*' => 'desCDMF',
-		'1.2.840.114021.1.6.1*' => 'Identrus unknown policyIdentifier',
-		'1.2.840.114021.4.1*' => 'identrusOCSP',
-		'1.2.840.113556.1.2.241*' => 'deliveryMechanism',
-		'1.2.840.113556.1.3.0*' => 'site-Addressing',
-		'1.2.840.113556.1.3.13*' => 'classSchema',
-		'1.2.840.113556.1.3.14*' => 'attributeSchema',
-		'1.2.840.113556.1.3.17*' => 'mailbox-Agent',
-		'1.2.840.113556.1.3.22*' => 'mailbox',
-		'1.2.840.113556.1.3.23*' => 'container',
-		'1.2.840.113556.1.3.46*' => 'mailRecipient',
-		'1.2.840.113556.1.2.281*' => 'ntSecurityDescriptor',
-		'1.2.840.113556.1.4.145*' => 'revision',
-		'1.2.840.113556.1.4.1327*' => 'pKIDefaultKeySpec',
-		'1.2.840.113556.1.4.1328*' => 'pKIKeyUsage',
-		'1.2.840.113556.1.4.1329*' => 'pKIMaxIssuingDepth',
-		'1.2.840.113556.1.4.1330*' => 'pKICriticalExtensions',
-		'1.2.840.113556.1.4.1331*' => 'pKIExpirationPeriod',
-		'1.2.840.113556.1.4.1332*' => 'pKIOverlapPeriod',
-		'1.2.840.113556.1.4.1333*' => 'pKIExtendedKeyUsage',
-		'1.2.840.113556.1.4.1334*' => 'pKIDefaultCSPs',
-		'1.2.840.113556.1.4.1335*' => 'pKIEnrollmentAccess',
-		'1.2.840.113556.1.4.1429*' => 'msPKI-RA-Signature',
-		'1.2.840.113556.1.4.1430*' => 'msPKI-Enrollment-Flag',
-		'1.2.840.113556.1.4.1431*' => 'msPKI-Private-Key-Flag',
-		'1.2.840.113556.1.4.1432*' => 'msPKI-Certificate-Name-Flag',
-		'1.2.840.113556.1.4.1433*' => 'msPKI-Minimal-Key-Size',
-		'1.2.840.113556.1.4.1434*' => 'msPKI-Template-Schema-Version',
-		'1.2.840.113556.1.4.1435*' => 'msPKI-Template-Minor-Revision',
-		'1.2.840.113556.1.4.1436*' => 'msPKI-Cert-Template-OID',
-		'1.2.840.113556.1.4.1437*' => 'msPKI-Supersede-Templates',
-		'1.2.840.113556.1.4.1438*' => 'msPKI-RA-Policies',
-		'1.2.840.113556.1.4.1439*' => 'msPKI-Certificate-Policy',
-		'1.2.840.113556.1.4.1674*' => 'msPKI-Certificate-Application-Policy',
-		'1.2.840.113556.1.4.1675*' => 'msPKI-RA-Application-Policies',
-		'1.2.840.113556.4.3*' => 'microsoftExcel',
-		'1.2.840.113556.4.4*' => 'titledWithOID',
-		'1.2.840.113556.4.5*' => 'microsoftPowerPoint',
-		'1.2.840.113628.114.1.7*' => 'adobePKCS7',
-		'1.2.840.113635.100*' => 'appleDataSecurity',
-		'1.2.840.113635.100.1*' => 'appleTrustPolicy',
-		'1.2.840.113635.100.1.1*' => 'appleISignTP',
-		'1.2.840.113635.100.1.2*' => 'appleX509Basic',
-		'1.2.840.113635.100.1.3*' => 'appleSSLPolicy',
-		'1.2.840.113635.100.1.4*' => 'appleLocalCertGenPolicy',
-		'1.2.840.113635.100.1.5*' => 'appleCSRGenPolicy',
-		'1.2.840.113635.100.1.6*' => 'appleCRLPolicy',
-		'1.2.840.113635.100.1.7*' => 'appleOCSPPolicy',
-		'1.2.840.113635.100.1.8*' => 'appleSMIMEPolicy',
-		'1.2.840.113635.100.1.9*' => 'appleEAPPolicy',
-		'1.2.840.113635.100.1.10*' => 'appleSWUpdateSigningPolicy',
-		'1.2.840.113635.100.1.11*' => 'appleIPSecPolicy',
-		'1.2.840.113635.100.1.12*' => 'appleIChatPolicy',
-		'1.2.840.113635.100.1.13*' => 'appleResourceSignPolicy',
-		'1.2.840.113635.100.1.14*' => 'applePKINITClientPolicy',
-		'1.2.840.113635.100.1.15*' => 'applePKINITServerPolicy',
-		'1.2.840.113635.100.1.16*' => 'appleCodeSigningPolicy',
-		'1.2.840.113635.100.1.17*' => 'applePackageSigningPolicy',
-		'1.2.840.113635.100.2*' => 'appleSecurityAlgorithm',
-		'1.2.840.113635.100.2.1*' => 'appleFEE',
-		'1.2.840.113635.100.2.2*' => 'appleASC',
-		'1.2.840.113635.100.2.3*' => 'appleFEE_MD5',
-		'1.2.840.113635.100.2.4*' => 'appleFEE_SHA1',
-		'1.2.840.113635.100.2.5*' => 'appleFEED',
-		'1.2.840.113635.100.2.6*' => 'appleFEEDEXP',
-		'1.2.840.113635.100.2.7*' => 'appleECDSA',
-		'1.2.840.113635.100.3*' => 'appleDotMacCertificate',
-		'1.2.840.113635.100.3.1*' => 'appleDotMacCertificateRequest',
-		'1.2.840.113635.100.3.2*' => 'appleDotMacCertificateExtension',
-		'1.2.840.113635.100.3.3*' => 'appleDotMacCertificateRequestValues',
-		'1.2.840.113635.100.4*' => 'appleExtendedKeyUsage',
-		'1.2.840.113635.100.4.1*' => 'appleCodeSigning',
-		'1.2.840.113635.100.4.1.1*' => 'appleCodeSigningDevelopment',
-		'1.2.840.113635.100.4.1.2*' => 'appleSoftwareUpdateSigning',
-		'1.2.840.113635.100.4.1.3*' => 'appleCodeSigningThirdParty',
-		'1.2.840.113635.100.4.1.4*' => 'appleResourceSigning',
-		'1.2.840.113635.100.4.2*' => 'appleIChatSigning',
-		'1.2.840.113635.100.4.3*' => 'appleIChatEncryption',
-		'1.2.840.113635.100.4.4*' => 'appleSystemIdentity',
-		'1.2.840.113635.100.4.5*' => 'appleCryptoEnv',
-		'1.2.840.113635.100.4.5.1*' => 'appleCryptoProductionEnv',
-		'1.2.840.113635.100.4.5.2*' => 'appleCryptoMaintenanceEnv',
-		'1.2.840.113635.100.4.5.3*' => 'appleCryptoTestEnv',
-		'1.2.840.113635.100.4.5.4*' => 'appleCryptoDevelopmentEnv',
-		'1.2.840.113635.100.4.6*' => 'appleCryptoQoS',
-		'1.2.840.113635.100.4.6.1*' => 'appleCryptoTier0QoS',
-		'1.2.840.113635.100.4.6.2*' => 'appleCryptoTier1QoS',
-		'1.2.840.113635.100.4.6.3*' => 'appleCryptoTier2QoS',
-		'1.2.840.113635.100.4.6.4*' => 'appleCryptoTier3QoS',
-		'1.2.840.113635.100.5*' => 'appleCertificatePolicies',
-		'1.2.840.113635.100.5.1*' => 'appleCertificatePolicyID',
-		'1.2.840.113635.100.5.2*' => 'appleDotMacCertificatePolicyID',
-		'1.2.840.113635.100.5.3*' => 'appleADCCertificatePolicyID',
-		'1.2.840.113635.100.6*' => 'appleCertificateExtensions',
-		'1.2.840.113635.100.6.1*' => 'appleCertificateExtensionCodeSigning',
-		'1.2.840.113635.100.6.1.1*' => 'appleCertificateExtensionAppleSigning',
-		'1.2.840.113635.100.6.1.2*' => 'appleCertificateExtensionADCDeveloperSigning',
-		'1.2.840.113635.100.6.1.3*' => 'appleCertificateExtensionADCAppleSigning',
-		'1.3.6.1.4.1.311.2.1.4*' => 'spcIndirectDataContext',
-		'1.3.6.1.4.1.311.2.1.10*' => 'spcAgencyInfo',
-		'1.3.6.1.4.1.311.2.1.11*' => 'spcStatementType',
-		'1.3.6.1.4.1.311.2.1.12*' => 'spcSpOpusInfo',
-		'1.3.6.1.4.1.311.2.1.14*' => 'certReqExtensions',
-		'1.3.6.1.4.1.311.2.1.15*' => 'spcPEImageData',
-		'1.3.6.1.4.1.311.2.1.18*' => 'spcRawFileData',
-		'1.3.6.1.4.1.311.2.1.19*' => 'spcStructuredStorageData',
-		'1.3.6.1.4.1.311.2.1.20*' => 'spcJavaClassData (type 1)',
-		'1.3.6.1.4.1.311.2.1.21*' => 'individualCodeSigning',
-		'1.3.6.1.4.1.311.2.1.22*' => 'commercialCodeSigning',
-		'1.3.6.1.4.1.311.2.1.25*' => 'spcLink (type 2)',
-		'1.3.6.1.4.1.311.2.1.26*' => 'spcMinimalCriteriaInfo',
-		'1.3.6.1.4.1.311.2.1.27*' => 'spcFinancialCriteriaInfo',
-		'1.3.6.1.4.1.311.2.1.28*' => 'spcLink (type 3)',
-		'1.3.6.1.4.1.311.3.2.1*' => 'timestampRequest',
-		'1.3.6.1.4.1.311.10.1*' => 'certTrustList',
-		'1.3.6.1.4.1.311.10.1.1*' => 'sortedCtl',
-		'1.3.6.1.4.1.311.10.2*' => 'nextUpdateLocation',
-		'1.3.6.1.4.1.311.10.3.1*' => 'certTrustListSigning',
-		'1.3.6.1.4.1.311.10.3.2*' => 'timeStampSigning',
-		'1.3.6.1.4.1.311.10.3.3*' => 'serverGatedCrypto',
-		'1.3.6.1.4.1.311.10.3.3.1*' => 'serialized',
-		'1.3.6.1.4.1.311.10.3.4*' => 'encryptedFileSystem',
-		'1.3.6.1.4.1.311.10.3.5*' => 'whqlCrypto',
-		'1.3.6.1.4.1.311.10.3.6*' => 'nt5Crypto',
-		'1.3.6.1.4.1.311.10.3.7*' => 'oemWHQLCrypto',
-		'1.3.6.1.4.1.311.10.3.8*' => 'embeddedNTCrypto',
-		'1.3.6.1.4.1.311.10.3.9*' => 'rootListSigner',
-		'1.3.6.1.4.1.311.10.3.10*' => 'qualifiedSubordination',
-		'1.3.6.1.4.1.311.10.3.11*' => 'keyRecovery',
-		'1.3.6.1.4.1.311.10.3.12*' => 'documentSigning',
-		'1.3.6.1.4.1.311.10.3.13*' => 'lifetimeSigning',
-		'1.3.6.1.4.1.311.10.3.14*' => 'mobileDeviceSoftware',
-		'1.3.6.1.4.1.311.10.3.15*' => 'smartDisplay',
-		'1.3.6.1.4.1.311.10.3.16*' => 'cspSignature',
-		'1.3.6.1.4.1.311.10.3.4.1*' => 'efsRecovery',
-		'1.3.6.1.4.1.311.10.4.1*' => 'yesnoTrustAttr',
-		'1.3.6.1.4.1.311.10.5.1*' => 'drm',
-		'1.3.6.1.4.1.311.10.5.2*' => 'drmIndividualization',
-		'1.3.6.1.4.1.311.10.6.1*' => 'licenses',
-		'1.3.6.1.4.1.311.10.6.2*' => 'licenseServer',
-		'1.3.6.1.4.1.311.10.7.1*' => 'keyidRdn',
-		'1.3.6.1.4.1.311.10.8.1*' => 'removeCertificate',
-		'1.3.6.1.4.1.311.10.9.1*' => 'crossCertDistPoints',
-		'1.3.6.1.4.1.311.10.10.1*' => 'cmcAddAttributes',
-		'1.3.6.1.4.1.311.10.11*' => 'certPropIdPrefix',
-		'1.3.6.1.4.1.311.10.11.4*' => 'certMd5HashPropId',
-		'1.3.6.1.4.1.311.10.11.20*' => 'certKeyIdentifierPropId',
-		'1.3.6.1.4.1.311.10.11.28*' => 'certIssuerSerialNumberMd5HashPropId',
-		'1.3.6.1.4.1.311.10.11.29*' => 'certSubjectNameMd5HashPropId',
-		'1.3.6.1.4.1.311.10.12.1*' => 'anyApplicationPolicy',
-		'1.3.6.1.4.1.311.13.1*' => 'renewalCertificate',
-		'1.3.6.1.4.1.311.13.2.1*' => 'enrolmentNameValuePair',
-		'1.3.6.1.4.1.311.13.2.2*' => 'enrolmentCSP',
-		'1.3.6.1.4.1.311.13.2.3*' => 'osVersion',
-		'1.3.6.1.4.1.311.16.4*' => 'microsoftRecipientInfo',
-		'1.3.6.1.4.1.311.17.1*' => 'pkcs12KeyProviderNameAttr',
-		'1.3.6.1.4.1.311.17.2*' => 'localMachineKeyset',
-		'1.3.6.1.4.1.311.17.3*' => 'pkcs12ExtendedAttributes',
-		'1.3.6.1.4.1.311.20.1*' => 'autoEnrollCtlUsage',
-		'1.3.6.1.4.1.311.20.2*' => 'enrollCerttypeExtension',
-		'1.3.6.1.4.1.311.20.2.1*' => 'enrollmentAgent',
-		'1.3.6.1.4.1.311.20.2.2*' => 'smartcardLogon',
-		'1.3.6.1.4.1.311.20.2.3*' => 'universalPrincipalName',
-		'1.3.6.1.4.1.311.20.3*' => 'certManifold',
-		'1.3.6.1.4.1.311.21.1*' => 'cAKeyCertIndexPair',
-		'1.3.6.1.4.1.311.21.5*' => 'caExchange',
-		'1.3.6.1.4.1.311.21.2*' => 'certSrvPreviousCertHash',
-		'1.3.6.1.4.1.311.21.3*' => 'crlVirtualBase',
-		'1.3.6.1.4.1.311.21.4*' => 'crlNextPublish',
-		'1.3.6.1.4.1.311.21.6*' => 'keyRecovery',
-		'1.3.6.1.4.1.311.21.7*' => 'certificateTemplate',
-		'1.3.6.1.4.1.311.21.9*' => 'rdnDummySigner',
-		'1.3.6.1.4.1.311.21.10*' => 'applicationCertPolicies',
-		'1.3.6.1.4.1.311.21.11*' => 'applicationPolicyMappings',
-		'1.3.6.1.4.1.311.21.12*' => 'applicationPolicyConstraints',
-		'1.3.6.1.4.1.311.21.13*' => 'archivedKey',
-		'1.3.6.1.4.1.311.21.14*' => 'crlSelfCDP',
-		'1.3.6.1.4.1.311.21.15*' => 'requireCertChainPolicy',
-		'1.3.6.1.4.1.311.21.16*' => 'archivedKeyCertHash',
-		'1.3.6.1.4.1.311.21.17*' => 'issuedCertHash',
-		'1.3.6.1.4.1.311.21.19*' => 'dsEmailReplication',
-		'1.3.6.1.4.1.311.21.20*' => 'requestClientInfo',
-		'1.3.6.1.4.1.311.21.21*' => 'encryptedKeyHash',
-		'1.3.6.1.4.1.311.21.22*' => 'certsrvCrossCaVersion',
-		'1.3.6.1.4.1.311.25.1*' => 'ntdsReplication',
-		'1.3.6.1.4.1.311.31.1*' => 'productUpdate',
-		'1.3.6.1.4.1.311.47.1.1*' => 'systemHealth',
-		'1.3.6.1.4.1.311.47.1.3*' => 'systemHealthLoophole',
-		'1.3.6.1.4.1.311.60.1.1*' => 'rootProgramFlags',
-		'1.3.6.1.4.1.311.61.1.1*' => 'kernelModeCodeSigning',
-		'1.3.6.1.4.1.311.60.2.1.1*' => 'jurisdictionOfIncorporationL',
-		'1.3.6.1.4.1.311.60.2.1.2*' => 'jurisdictionOfIncorporationSP',
-		'1.3.6.1.4.1.311.60.2.1.3*' => 'jurisdictionOfIncorporationC',
-		'1.3.6.1.4.1.311.88.2.1*' => 'originalFilename',
-		'1.3.6.1.4.1.188.7.1.1*' => 'ascom',
-		'1.3.6.1.4.1.188.7.1.1.1*' => 'ideaECB',
-		'1.3.6.1.4.1.188.7.1.1.2*' => 'ideaCBC',
-		'1.3.6.1.4.1.188.7.1.1.3*' => 'ideaCFB',
-		'1.3.6.1.4.1.188.7.1.1.4*' => 'ideaOFB',
-		'1.3.6.1.4.1.2428.10.1.1*' => 'UNINETT policyIdentifier',
-		'1.3.6.1.4.1.2712.10*' => 'ICE-TEL policyIdentifier',
-		'1.3.6.1.4.1.2786.1.1.1*' => 'ICE-TEL Italian policyIdentifier',
-		'1.3.6.1.4.1.3029.1.1.1*' => 'blowfishECB',
-		'1.3.6.1.4.1.3029.1.1.2*' => 'blowfishCBC',
-		'1.3.6.1.4.1.3029.1.1.3*' => 'blowfishCFB',
-		'1.3.6.1.4.1.3029.1.1.4*' => 'blowfishOFB',
-		'1.3.6.1.4.1.3029.1.2.1*' => 'elgamal',
-		'1.3.6.1.4.1.3029.1.2.1.1*' => 'elgamalWithSHA-1',
-		'1.3.6.1.4.1.3029.1.2.1.2*' => 'elgamalWithRIPEMD-160',
-		'1.3.6.1.4.1.3029.3.1.1*' => 'cryptlibPresenceCheck',
-		'1.3.6.1.4.1.3029.3.1.2*' => 'pkiBoot',
-		'1.3.6.1.4.1.3029.3.1.4*' => 'crlExtReason',
-		'1.3.6.1.4.1.3029.3.1.5*' => 'keyFeatures',
-		'1.3.6.1.4.1.3029.4.1*' => 'cryptlibContent',
-		'1.3.6.1.4.1.3029.4.1.1*' => 'cryptlibConfigData',
-		'1.3.6.1.4.1.3029.4.1.2*' => 'cryptlibUserIndex',
-		'1.3.6.1.4.1.3029.4.1.3*' => 'cryptlibUserInfo',
-		'1.3.6.1.4.1.3029.4.1.4*' => 'rtcsRequest',
-		'1.3.6.1.4.1.3029.4.1.5*' => 'rtcsResponse',
-		'1.3.6.1.4.1.3029.4.1.6*' => 'rtcsResponseExt',
-		'1.3.6.1.4.1.3029.42.11172.1*' => 'mpeg-1',
-		'1.3.6.1.4.1.3029.88.89.90.90.89*' => 'xYZZY policyIdentifier',
-		'1.3.6.1.4.1.3401.8.1.1*' => 'pgpExtension',
-		'1.3.6.1.4.1.3576.7*' => 'eciaAscX12Edi',
-		'1.3.6.1.4.1.3576.7.1*' => 'plainEDImessage',
-		'1.3.6.1.4.1.3576.7.2*' => 'signedEDImessage',
-		'1.3.6.1.4.1.3576.7.5*' => 'integrityEDImessage',
-		'1.3.6.1.4.1.3576.7.65*' => 'iaReceiptMessage',
-		'1.3.6.1.4.1.3576.7.97*' => 'iaStatusMessage',
-		'1.3.6.1.4.1.3576.8*' => 'eciaEdifact',
-		'1.3.6.1.4.1.3576.9*' => 'eciaNonEdi',
-		'1.3.6.1.4.1.4146*' => 'Globalsign',
-		'1.3.6.1.4.1.4146.1*' => 'globalsignPolicy',
-		'1.3.6.1.4.1.4146.1.10*' => 'globalsignDVPolicy',
-		'1.3.6.1.4.1.4146.1.20*' => 'globalsignOVPolicy',
-		'1.3.6.1.4.1.4146.1.30*' => 'globalsignTSAPolicy',
-		'1.3.6.1.4.1.4146.1.40*' => 'globalsignClientCertPolicy',
-		'1.3.6.1.4.1.4146.1.50*' => 'globalsignCodeSignPolicy',
-		'1.3.6.1.4.1.4146.1.60*' => 'globalsignRootSignPolicy',
-		'1.3.6.1.4.1.4146.1.70*' => 'globalsignTrustedRootPolicy',
-		'1.3.6.1.4.1.4146.1.80*' => 'globalsignEDIClientPolicy',
-		'1.3.6.1.4.1.4146.1.81*' => 'globalsignEDIServerPolicy',
-		'1.3.6.1.4.1.4146.1.90*' => 'globalsignTPMRootPolicy',
-		'1.3.6.1.4.1.4146.1.95*' => 'globalsignOCSPPolicy',
-		'1.3.6.1.4.1.5309.1.2.2*' => 'edelWebTSAPolicy',
-		'1.3.6.1.4.1.5472*' => 'timeproof',
-		'1.3.6.1.4.1.5472.1*' => 'tss',
-		'1.3.6.1.4.1.5472.1.1*' => 'tss80',
-		'1.3.6.1.4.1.5472.1.2*' => 'tss380',
-		'1.3.6.1.4.1.5472.1.3*' => 'tss400',
-		'1.3.6.1.4.1.5770.0.3*' => 'secondaryPractices',
-		'1.3.6.1.4.1.5770.0.4*' => 'physicianIdentifiers',
-		'1.3.6.1.4.1.6449.1.2.1.3.1*' => 'comodoPolicy',
-		'1.3.6.1.4.1.6449.1.3.5.2*' => 'validityModelX',
-		'1.3.6.1.4.1.8301.3.5.1*' => 'validityModelChain',
-		'1.3.6.1.4.1.8301.3.5.2*' => 'validityModelShell',
-		'1.3.6.1.4.1.8231.1*' => 'rolUnicoNacional',
-		'1.3.6.1.4.1.11591*' => 'gnu',
-		'1.3.6.1.4.1.11591.1*' => 'gnuRadius',
-		'1.3.6.1.4.1.11591.3*' => 'gnuRadar',
-		'1.3.6.1.4.1.11591.12*' => 'gnuDigestAlgorithm',
-		'1.3.6.1.4.1.11591.12.2*' => 'tiger',
-		'1.3.6.1.4.1.11591.13*' => 'gnuEncryptionAlgorithm',
-		'1.3.6.1.4.1.11591.13.2*' => 'serpent',
-		'1.3.6.1.4.1.11591.13.2.1*' => 'serpent128_ECB',
-		'1.3.6.1.4.1.11591.13.2.2*' => 'serpent128_CBC',
-		'1.3.6.1.4.1.11591.13.2.3*' => 'serpent128_OFB',
-		'1.3.6.1.4.1.11591.13.2.4*' => 'serpent128_CFB',
-		'1.3.6.1.4.1.11591.13.2.21*' => 'serpent192_ECB',
-		'1.3.6.1.4.1.11591.13.2.22*' => 'serpent192_CBC',
-		'1.3.6.1.4.1.11591.13.2.23*' => 'serpent192_OFB',
-		'1.3.6.1.4.1.11591.13.2.24*' => 'serpent192_CFB',
-		'1.3.6.1.4.1.11591.13.2.41*' => 'serpent256_ECB',
-		'1.3.6.1.4.1.11591.13.2.42*' => 'serpent256_CBC',
-		'1.3.6.1.4.1.11591.13.2.43*' => 'serpent256_OFB',
-		'1.3.6.1.4.1.11591.13.2.44*' => 'serpent256_CFB',
-		'1.3.6.1.4.1.16334.509.1.1*' => 'Northrop Grumman extKeyUsage?',
-		'1.3.6.1.4.1.16334.509.2.1*' => 'ngcClass1',
-		'1.3.6.1.4.1.16334.509.2.2*' => 'ngcClass2',
-		'1.3.6.1.4.1.16334.509.2.3*' => 'ngcClass3',
-		'1.3.6.1.5.5.7*' => 'pkix',
-		'1.3.6.1.5.5.7.0.12*' => 'attributeCert',
-		'1.3.6.1.5.5.7.1*' => 'privateExtension',
-		'1.3.6.1.5.5.7.1.1*' => 'authorityInfoAccess',
-		'1.3.6.1.5.5.7.1.2*' => 'biometricInfo',
-		'1.3.6.1.5.5.7.1.3*' => 'qcStatements',
-		'1.3.6.1.5.5.7.1.4*' => 'acAuditIdentity',
-		'1.3.6.1.5.5.7.1.5*' => 'acTargeting',
-		'1.3.6.1.5.5.7.1.6*' => 'acAaControls',
-		'1.3.6.1.5.5.7.1.7*' => 'ipAddrBlocks',
-		'1.3.6.1.5.5.7.1.8*' => 'autonomousSysIds',
-		'1.3.6.1.5.5.7.1.9*' => 'routerIdentifier',
-		'1.3.6.1.5.5.7.1.10*' => 'acProxying',
-		'1.3.6.1.5.5.7.1.11*' => 'subjectInfoAccess',
-		'1.3.6.1.5.5.7.1.12*' => 'logoType',
-		'1.3.6.1.5.5.7.1.13*' => 'wlanSSID',
-		'1.3.6.1.5.5.7.2*' => 'policyQualifierIds',
-		'1.3.6.1.5.5.7.2.1*' => 'cps',
-		'1.3.6.1.5.5.7.2.2*' => 'unotice',
-		'1.3.6.1.5.5.7.2.3*' => 'textNotice',
-		'1.3.6.1.5.5.7.3*' => 'keyPurpose',
-		'1.3.6.1.5.5.7.3.1*' => 'serverAuth',
-		'1.3.6.1.5.5.7.3.2*' => 'clientAuth',
-		'1.3.6.1.5.5.7.3.3*' => 'codeSigning',
-		'1.3.6.1.5.5.7.3.4*' => 'emailProtection',
-		'1.3.6.1.5.5.7.3.5*' => 'ipsecEndSystem',
-		'1.3.6.1.5.5.7.3.6*' => 'ipsecTunnel',
-		'1.3.6.1.5.5.7.3.7*' => 'ipsecUser',
-		'1.3.6.1.5.5.7.3.8*' => 'timeStamping',
-		'1.3.6.1.5.5.7.3.9*' => 'ocspSigning',
-		'1.3.6.1.5.5.7.3.10*' => 'dvcs',
-		'1.3.6.1.5.5.7.3.11*' => 'sbgpCertAAServerAuth',
-		'1.3.6.1.5.5.7.3.13*' => 'eapOverPPP',
-		'1.3.6.1.5.5.7.3.14*' => 'eapOverLAN',
-		'1.3.6.1.5.5.7.4*' => 'cmpInformationTypes',
-		'1.3.6.1.5.5.7.4.1*' => 'caProtEncCert',
-		'1.3.6.1.5.5.7.4.2*' => 'signKeyPairTypes',
-		'1.3.6.1.5.5.7.4.3*' => 'encKeyPairTypes',
-		'1.3.6.1.5.5.7.4.4*' => 'preferredSymmAlg',
-		'1.3.6.1.5.5.7.4.5*' => 'caKeyUpdateInfo',
-		'1.3.6.1.5.5.7.4.6*' => 'currentCRL',
-		'1.3.6.1.5.5.7.4.7*' => 'unsupportedOIDs',
-		'1.3.6.1.5.5.7.4.10*' => 'keyPairParamReq',
-		'1.3.6.1.5.5.7.4.11*' => 'keyPairParamRep',
-		'1.3.6.1.5.5.7.4.12*' => 'revPassphrase',
-		'1.3.6.1.5.5.7.4.13*' => 'implicitConfirm',
-		'1.3.6.1.5.5.7.4.14*' => 'confirmWaitTime',
-		'1.3.6.1.5.5.7.4.15*' => 'origPKIMessage',
-		'1.3.6.1.5.5.7.4.16*' => 'suppLangTags',
-		'1.3.6.1.5.5.7.5*' => 'crmfRegistration',
-		'1.3.6.1.5.5.7.5.1*' => 'regCtrl',
-		'1.3.6.1.5.5.7.5.1.1*' => 'regToken',
-		'1.3.6.1.5.5.7.5.1.2*' => 'authenticator',
-		'1.3.6.1.5.5.7.5.1.3*' => 'pkiPublicationInfo',
-		'1.3.6.1.5.5.7.5.1.4*' => 'pkiArchiveOptions',
-		'1.3.6.1.5.5.7.5.1.5*' => 'oldCertID',
-		'1.3.6.1.5.5.7.5.1.6*' => 'protocolEncrKey',
-		'1.3.6.1.5.5.7.5.1.7*' => 'altCertTemplate',
-		'1.3.6.1.5.5.7.5.1.8*' => 'wtlsTemplate',
-		'1.3.6.1.5.5.7.5.2*' => 'utf8Pairs',
-		'1.3.6.1.5.5.7.5.2.1*' => 'utf8Pairs',
-		'1.3.6.1.5.5.7.5.2.2*' => 'certReq',
-		'1.3.6.1.5.5.7.6*' => 'algorithms',
-		'1.3.6.1.5.5.7.6.1*' => 'des40',
-		'1.3.6.1.5.5.7.6.2*' => 'noSignature',
-		'1.3.6.1.5.5.7.6.3*' => 'dh-sig-hmac-sha1',
-		'1.3.6.1.5.5.7.6.4*' => 'dh-pop',
-		'1.3.6.1.5.5.7.7*' => 'cmcControls',
-		'1.3.6.1.5.5.7.8*' => 'otherNames',
-		'1.3.6.1.5.5.7.8.1*' => 'personalData',
-		'1.3.6.1.5.5.7.8.2*' => 'userGroup',
-		'1.3.6.1.5.5.7.9*' => 'personalData',
-		'1.3.6.1.5.5.7.9.1*' => 'dateOfBirth',
-		'1.3.6.1.5.5.7.9.2*' => 'placeOfBirth',
-		'1.3.6.1.5.5.7.9.3*' => 'gender',
-		'1.3.6.1.5.5.7.9.4*' => 'countryOfCitizenship',
-		'1.3.6.1.5.5.7.9.5*' => 'countryOfResidence',
-		'1.3.6.1.5.5.7.10*' => 'attributeCertificate',
-		'1.3.6.1.5.5.7.10.1*' => 'authenticationInfo',
-		'1.3.6.1.5.5.7.10.2*' => 'accessIdentity',
-		'1.3.6.1.5.5.7.10.3*' => 'chargingIdentity',
-		'1.3.6.1.5.5.7.10.4*' => 'group',
-		'1.3.6.1.5.5.7.10.5*' => 'role',
-		'1.3.6.1.5.5.7.10.6*' => 'wlanSSID',
-		'1.3.6.1.5.5.7.11*' => 'personalData',
-		'1.3.6.1.5.5.7.11.1*' => 'pkixQCSyntax-v1',
-		'1.3.6.1.5.5.7.14.2*' => 'resourceCertificatePolicy',
-		'1.3.6.1.5.5.7.20*' => 'logo',
-		'1.3.6.1.5.5.7.20.1*' => 'logoLoyalty',
-		'1.3.6.1.5.5.7.20.2*' => 'logoBackground',
-		'1.3.6.1.5.5.7.48.1*' => 'ocsp',
-		'1.3.6.1.5.5.7.48.1.1*' => 'ocspBasic',
-		'1.3.6.1.5.5.7.48.1.2*' => 'ocspNonce',
-		'1.3.6.1.5.5.7.48.1.3*' => 'ocspCRL',
-		'1.3.6.1.5.5.7.48.1.4*' => 'ocspResponse',
-		'1.3.6.1.5.5.7.48.1.5*' => 'ocspNoCheck',
-		'1.3.6.1.5.5.7.48.1.6*' => 'ocspArchiveCutoff',
-		'1.3.6.1.5.5.7.48.1.7*' => 'ocspServiceLocator',
-		'1.3.6.1.5.5.7.48.2*' => 'caIssuers',
-		'1.3.6.1.5.5.7.48.3*' => 'timeStamping',
-		'1.3.6.1.5.5.7.48.4*' => 'dvcs',
-		'1.3.6.1.5.5.7.48.5*' => 'caRepository',
-		'1.3.6.1.5.5.7.48.7*' => 'signedObjectRepository',
-		'1.3.6.1.5.5.7.48.10*' => 'rpkiManifest',
-		'1.3.6.1.5.5.7.48.11*' => 'signedObject',
-		'1.3.6.1.5.5.8.1.1*' => 'hmacMD5',
-		'1.3.6.1.5.5.8.1.2*' => 'hmacSHA',
-		'1.3.6.1.5.5.8.1.3*' => 'hmacTiger',
-		'1.3.6.1.5.5.8.2.2*' => 'iKEIntermediate',
-		'1.3.12.2.1011.7.1*' => 'decEncryptionAlgorithm',
-		'1.3.12.2.1011.7.1.2*' => 'decDEA',
-		'1.3.12.2.1011.7.2*' => 'decHashAlgorithm',
-		'1.3.12.2.1011.7.2.1*' => 'decMD2',
-		'1.3.12.2.1011.7.2.2*' => 'decMD4',
-		'1.3.12.2.1011.7.3*' => 'decSignatureAlgorithm',
-		'1.3.12.2.1011.7.3.1*' => 'decMD2withRSA',
-		'1.3.12.2.1011.7.3.2*' => 'decMD4withRSA',
-		'1.3.12.2.1011.7.3.3*' => 'decDEAMAC',
-		'1.3.14.2.26.5*' => 'sha',
-		'1.3.14.3.2.1.1*' => 'rsa',
-		'1.3.14.3.2.2*' => 'md4WitRSA',
-		'1.3.14.3.2.3*' => 'md5WithRSA',
-		'1.3.14.3.2.4*' => 'md4WithRSAEncryption',
-		'1.3.14.3.2.2.1*' => 'sqmod-N',
-		'1.3.14.3.2.3.1*' => 'sqmod-NwithRSA',
-		'1.3.14.3.2.6*' => 'desECB',
-		'1.3.14.3.2.7*' => 'desCBC',
-		'1.3.14.3.2.8*' => 'desOFB',
-		'1.3.14.3.2.9*' => 'desCFB',
-		'1.3.14.3.2.10*' => 'desMAC',
-		'1.3.14.3.2.11*' => 'rsaSignature',
-		'1.3.14.3.2.12*' => 'dsa',
-		'1.3.14.3.2.13*' => 'dsaWithSHA',
-		'1.3.14.3.2.14*' => 'mdc2WithRSASignature',
-		'1.3.14.3.2.15*' => 'shaWithRSASignature',
-		'1.3.14.3.2.16*' => 'dhWithCommonModulus',
-		'1.3.14.3.2.17*' => 'desEDE',
-		'1.3.14.3.2.18*' => 'sha',
-		'1.3.14.3.2.19*' => 'mdc-2',
-		'1.3.14.3.2.20*' => 'dsaCommon',
-		'1.3.14.3.2.21*' => 'dsaCommonWithSHA',
-		'1.3.14.3.2.22*' => 'rsaKeyTransport',
-		'1.3.14.3.2.23*' => 'keyed-hash-seal',
-		'1.3.14.3.2.24*' => 'md2WithRSASignature',
-		'1.3.14.3.2.25*' => 'md5WithRSASignature',
-		'1.3.14.3.2.26*' => 'sha1',
-		'1.3.14.3.2.27*' => 'dsaWithSHA1',
-		'1.3.14.3.2.28*' => 'dsaWithCommonSHA1',
-		#        '1.3.14.3.2.29*' => 'sha-1WithRSAEncryption',
-		'1.3.14.3.2.29*' => 'sha1WithRSAEncryption',
-		'1.3.14.3.3.1*' => 'simple-strong-auth-mechanism',
-		'1.3.14.7.2.1.1*' => 'ElGamal',
-		'1.3.14.7.2.3.1*' => 'md2WithRSA',
-		'1.3.14.7.2.3.2*' => 'md2WithElGamal',
-		'1.3.36.1*' => 'document',
-		'1.3.36.1.1*' => 'finalVersion',
-		'1.3.36.1.2*' => 'draft',
-		'1.3.36.2*' => 'sio',
-		'1.3.36.2.1*' => 'sedu',
-		'1.3.36.3*' => 'algorithm',
-		'1.3.36.3.1*' => 'encryptionAlgorithm',
-		'1.3.36.3.1.1*' => 'des',
-		'1.3.36.3.1.1.1*' => 'desECB_pad',
-		'1.3.36.3.1.1.1.1*' => 'desECB_ISOpad',
-		'1.3.36.3.1.1.2.1*' => 'desCBC_pad',
-		'1.3.36.3.1.1.2.1.1*' => 'desCBC_ISOpad',
-		'1.3.36.3.1.3*' => 'des_3',
-		'1.3.36.3.1.3.1.1*' => 'des_3ECB_pad',
-		'1.3.36.3.1.3.1.1.1*' => 'des_3ECB_ISOpad',
-		'1.3.36.3.1.3.2.1*' => 'des_3CBC_pad',
-		'1.3.36.3.1.3.2.1.1*' => 'des_3CBC_ISOpad',
-		'1.3.36.3.1.2*' => 'idea',
-		'1.3.36.3.1.2.1*' => 'ideaECB',
-		'1.3.36.3.1.2.1.1*' => 'ideaECB_pad',
-		'1.3.36.3.1.2.1.1.1*' => 'ideaECB_ISOpad',
-		'1.3.36.3.1.2.2*' => 'ideaCBC',
-		'1.3.36.3.1.2.2.1*' => 'ideaCBC_pad',
-		'1.3.36.3.1.2.2.1.1*' => 'ideaCBC_ISOpad',
-		'1.3.36.3.1.2.3*' => 'ideaOFB',
-		'1.3.36.3.1.2.4*' => 'ideaCFB',
-		'1.3.36.3.1.4*' => 'rsaEncryption',
-		'1.3.36.3.1.4.512.17*' => 'rsaEncryptionWithlmod512expe17',
-		'1.3.36.3.1.5*' => 'bsi-1',
-		'1.3.36.3.1.5.1*' => 'bsi_1ECB_pad',
-		'1.3.36.3.1.5.2*' => 'bsi_1CBC_pad',
-		'1.3.36.3.1.5.2.1*' => 'bsi_1CBC_PEMpad',
-		'1.3.36.3.2*' => 'hashAlgorithm',
-		'1.3.36.3.2.1*' => 'ripemd160',
-		'1.3.36.3.2.2*' => 'ripemd128',
-		'1.3.36.3.2.3*' => 'ripemd256',
-		'1.3.36.3.2.4*' => 'mdc2singleLength',
-		'1.3.36.3.2.5*' => 'mdc2doubleLength',
-		'1.3.36.3.3*' => 'signatureAlgorithm',
-		'1.3.36.3.3.1*' => 'rsaSignature',
-		'1.3.36.3.3.1.1*' => 'rsaSignatureWithsha1',
-		'1.3.36.3.3.1.1.512.2*' => 'rsaSignatureWithsha1_l512_l2',
-		'1.3.36.3.3.1.1.640.2*' => 'rsaSignatureWithsha1_l640_l2',
-		'1.3.36.3.3.1.1.768.2*' => 'rsaSignatureWithsha1_l768_l2',
-		'1.3.36.3.3.1.1.896.2*' => 'rsaSignatureWithsha1_l896_l2',
-		'1.3.36.3.3.1.1.1024.2*' => 'rsaSignatureWithsha1_l1024_l2',
-		'1.3.36.3.3.1.1.512.3*' => 'rsaSignatureWithsha1_l512_l3',
-		'1.3.36.3.3.1.1.640.3*' => 'rsaSignatureWithsha1_l640_l3',
-		'1.3.36.3.3.1.1.768.3*' => 'rsaSignatureWithsha1_l768_l3',
-		'1.3.36.3.3.1.1.896.3*' => 'rsaSignatureWithsha1_l896_l3',
-		'1.3.36.3.3.1.1.1024.3*' => 'rsaSignatureWithsha1_l1024_l3',
-		'1.3.36.3.3.1.1.512.5*' => 'rsaSignatureWithsha1_l512_l5',
-		'1.3.36.3.3.1.1.640.5*' => 'rsaSignatureWithsha1_l640_l5',
-		'1.3.36.3.3.1.1.768.5*' => 'rsaSignatureWithsha1_l768_l5',
-		'1.3.36.3.3.1.1.896.5*' => 'rsaSignatureWithsha1_l896_l5',
-		'1.3.36.3.3.1.1.1024.5*' => 'rsaSignatureWithsha1_l1024_l5',
-		'1.3.36.3.3.1.1.512.9*' => 'rsaSignatureWithsha1_l512_l9',
-		'1.3.36.3.3.1.1.640.9*' => 'rsaSignatureWithsha1_l640_l9',
-		'1.3.36.3.3.1.1.768.9*' => 'rsaSignatureWithsha1_l768_l9',
-		'1.3.36.3.3.1.1.896.9*' => 'rsaSignatureWithsha1_l896_l9',
-		'1.3.36.3.3.1.1.1024.9*' => 'rsaSignatureWithsha1_l1024_l9',
-		'1.3.36.3.3.1.1.512.11*' => 'rsaSignatureWithsha1_l512_l11',
-		'1.3.36.3.3.1.1.640.11*' => 'rsaSignatureWithsha1_l640_l11',
-		'1.3.36.3.3.1.1.768.11*' => 'rsaSignatureWithsha1_l768_l11',
-		'1.3.36.3.3.1.1.896.11*' => 'rsaSignatureWithsha1_l896_l11',
-		'1.3.36.3.3.1.1.1024.11*' => 'rsaSignatureWithsha1_l1024_l11',
-		'1.3.36.3.3.1.2*' => 'rsaSignatureWithripemd160',
-		'1.3.36.3.3.1.2.512.2*' => 'rsaSignatureWithripemd160_l512_l2',
-		'1.3.36.3.3.1.2.640.2*' => 'rsaSignatureWithripemd160_l640_l2',
-		'1.3.36.3.3.1.2.768.2*' => 'rsaSignatureWithripemd160_l768_l2',
-		'1.3.36.3.3.1.2.896.2*' => 'rsaSignatureWithripemd160_l896_l2',
-		'1.3.36.3.3.1.2.1024.2*' => 'rsaSignatureWithripemd160_l1024_l2',
-		'1.3.36.3.3.1.2.512.3*' => 'rsaSignatureWithripemd160_l512_l3',
-		'1.3.36.3.3.1.2.640.3*' => 'rsaSignatureWithripemd160_l640_l3',
-		'1.3.36.3.3.1.2.768.3*' => 'rsaSignatureWithripemd160_l768_l3',
-		'1.3.36.3.3.1.2.896.3*' => 'rsaSignatureWithripemd160_l896_l3',
-		'1.3.36.3.3.1.2.1024.3*' => 'rsaSignatureWithripemd160_l1024_l3',
-		'1.3.36.3.3.1.2.512.5*' => 'rsaSignatureWithripemd160_l512_l5',
-		'1.3.36.3.3.1.2.640.5*' => 'rsaSignatureWithripemd160_l640_l5',
-		'1.3.36.3.3.1.2.768.5*' => 'rsaSignatureWithripemd160_l768_l5',
-		'1.3.36.3.3.1.2.896.5*' => 'rsaSignatureWithripemd160_l896_l5',
-		'1.3.36.3.3.1.2.1024.5*' => 'rsaSignatureWithripemd160_l1024_l5',
-		'1.3.36.3.3.1.2.512.9*' => 'rsaSignatureWithripemd160_l512_l9',
-		'1.3.36.3.3.1.2.640.9*' => 'rsaSignatureWithripemd160_l640_l9',
-		'1.3.36.3.3.1.2.768.9*' => 'rsaSignatureWithripemd160_l768_l9',
-		'1.3.36.3.3.1.2.896.9*' => 'rsaSignatureWithripemd160_l896_l9',
-		'1.3.36.3.3.1.2.1024.9*' => 'rsaSignatureWithripemd160_l1024_l9',
-		'1.3.36.3.3.1.2.512.11*' => 'rsaSignatureWithripemd160_l512_l11',
-		'1.3.36.3.3.1.2.640.11*' => 'rsaSignatureWithripemd160_l640_l11',
-		'1.3.36.3.3.1.2.768.11*' => 'rsaSignatureWithripemd160_l768_l11',
-		'1.3.36.3.3.1.2.896.11*' => 'rsaSignatureWithripemd160_l896_l11',
-		'1.3.36.3.3.1.2.1024.11*' => 'rsaSignatureWithripemd160_l1024_l11',
-		'1.3.36.3.3.1.3*' => 'rsaSignatureWithrimpemd128',
-		'1.3.36.3.3.1.4*' => 'rsaSignatureWithrimpemd256',
-		'1.3.36.3.3.2*' => 'ecsieSign',
-		'1.3.36.3.3.2.1*' => 'ecsieSignWithsha1',
-		'1.3.36.3.3.2.2*' => 'ecsieSignWithripemd160',
-		'1.3.36.3.3.2.3*' => 'ecsieSignWithmd2',
-		'1.3.36.3.3.2.4*' => 'ecsieSignWithmd5',
-		'1.3.36.3.3.2.8.1.1.1*' => 'brainpoolP160r1',
-		'1.3.36.3.3.2.8.1.1.2*' => 'brainpoolP160t1',
-		'1.3.36.3.3.2.8.1.1.3*' => 'brainpoolP192r1',
-		'1.3.36.3.3.2.8.1.1.4*' => 'brainpoolP192t1',
-		'1.3.36.3.3.2.8.1.1.5*' => 'brainpoolP224r1',
-		'1.3.36.3.3.2.8.1.1.6*' => 'brainpoolP224t1',
-		'1.3.36.3.3.2.8.1.1.7*' => 'brainpoolP256r1',
-		'1.3.36.3.3.2.8.1.1.8*' => 'brainpoolP256t1',
-		'1.3.36.3.3.2.8.1.1.9*' => 'brainpoolP320r1',
-		'1.3.36.3.3.2.8.1.1.10*' => 'brainpoolP320t1',
-		'1.3.36.3.3.2.8.1.1.11*' => 'brainpoolP384r1',
-		'1.3.36.3.3.2.8.1.1.12*' => 'brainpoolP384t1',
-		'1.3.36.3.3.2.8.1.1.13*' => 'brainpoolP512r1',
-		'1.3.36.3.3.2.8.1.1.14*' => 'brainpoolP512t1',
-		'1.3.36.3.4*' => 'signatureScheme',
-		'1.3.36.3.4.1*' => 'sigS_ISO9796-1',
-		'1.3.36.3.4.2*' => 'sigS_ISO9796-2',
-		'1.3.36.3.4.2.1*' => 'sigS_ISO9796-2Withred',
-		'1.3.36.3.4.2.2*' => 'sigS_ISO9796-2Withrsa',
-		'1.3.36.3.4.2.3*' => 'sigS_ISO9796-2Withrnd',
-		'1.3.36.4*' => 'attribute',
-		'1.3.36.5*' => 'policy',
-		'1.3.36.6*' => 'api',
-		'1.3.36.6.1*' => 'manufacturer-specific_api',
-		'1.3.36.6.1.1*' => 'utimaco-api',
-		'1.3.36.6.2*' => 'functionality-specific_api',
-		'1.3.36.7*' => 'keymgmnt',
-		'1.3.36.7.1*' => 'keyagree',
-		'1.3.36.7.1.1*' => 'bsiPKE',
-		'1.3.36.7.2*' => 'keytrans',
-		'1.3.36.7.2.1*' => 'encISO9796-2Withrsa',
-		'1.3.36.8.1.1*' => 'Teletrust SigGConform policyIdentifier',
-		'1.3.36.8.2.1*' => 'directoryService',
-		'1.3.36.8.3.1*' => 'dateOfCertGen',
-		'1.3.36.8.3.2*' => 'procuration',
-		'1.3.36.8.3.3*' => 'admission',
-		'1.3.36.8.3.4*' => 'monetaryLimit',
-		'1.3.36.8.3.5*' => 'declarationOfMajority',
-		'1.3.36.8.3.6*' => 'integratedCircuitCardSerialNumber',
-		'1.3.36.8.3.7*' => 'pKReference',
-		'1.3.36.8.3.8*' => 'restriction',
-		'1.3.36.8.3.9*' => 'retrieveIfAllowed',
-		'1.3.36.8.3.10*' => 'requestedCertificate',
-		'1.3.36.8.3.11*' => 'namingAuthorities',
-		'1.3.36.8.3.11.1*' => 'rechtWirtschaftSteuern',
-		'1.3.36.8.3.11.1.1*' => 'rechtsanwaeltin',
-		'1.3.36.8.3.11.1.2*' => 'rechtsanwalt',
-		'1.3.36.8.3.11.1.3*' => 'rechtsBeistand',
-		'1.3.36.8.3.11.1.4*' => 'steuerBeraterin',
-		'1.3.36.8.3.11.1.5*' => 'steuerBerater',
-		'1.3.36.8.3.11.1.6*' => 'steuerBevollmaechtigte',
-		'1.3.36.8.3.11.1.7*' => 'steuerBevollmaechtigter',
-		'1.3.36.8.3.11.1.8*' => 'notarin',
-		'1.3.36.8.3.11.1.9*' => 'notar',
-		'1.3.36.8.3.11.1.10*' => 'notarVertreterin',
-		'1.3.36.8.3.11.1.11*' => 'notarVertreter',
-		'1.3.36.8.3.11.1.12*' => 'notariatsVerwalterin',
-		'1.3.36.8.3.11.1.13*' => 'notariatsVerwalter',
-		'1.3.36.8.3.11.1.14*' => 'wirtschaftsPrueferin',
-		'1.3.36.8.3.11.1.15*' => 'wirtschaftsPruefer',
-		'1.3.36.8.3.11.1.16*' => 'vereidigteBuchprueferin',
-		'1.3.36.8.3.11.1.17*' => 'vereidigterBuchpruefer',
-		'1.3.36.8.3.11.1.18*' => 'patentAnwaeltin',
-		'1.3.36.8.3.11.1.19*' => 'patentAnwalt',
-		'1.3.36.8.3.12*' => 'certInDirSince',
-		'1.3.36.8.3.13*' => 'certHash',
-		'1.3.36.8.3.14*' => 'nameAtBirth',
-		'1.3.36.8.3.15*' => 'additionalInformation',
-		'1.3.36.8.4.1*' => 'personalData',
-		'1.3.36.8.4.8*' => 'restriction',
-		'1.3.36.8.5.1.1.1*' => 'rsaIndicateSHA1',
-		'1.3.36.8.5.1.1.2*' => 'rsaIndicateRIPEMD160',
-		'1.3.36.8.5.1.1.3*' => 'rsaWithSHA1',
-		'1.3.36.8.5.1.1.4*' => 'rsaWithRIPEMD160',
-		'1.3.36.8.5.1.2.1*' => 'dsaExtended',
-		'1.3.36.8.5.1.2.2*' => 'dsaWithRIPEMD160',
-		'1.3.36.8.6.1*' => 'cert',
-		'1.3.36.8.6.2*' => 'certRef',
-		'1.3.36.8.6.3*' => 'attrCert',
-		'1.3.36.8.6.4*' => 'attrRef',
-		'1.3.36.8.6.5*' => 'fileName',
-		'1.3.36.8.6.6*' => 'storageTime',
-		'1.3.36.8.6.7*' => 'fileSize',
-		'1.3.36.8.6.8*' => 'location',
-		'1.3.36.8.6.9*' => 'sigNumber',
-		'1.3.36.8.6.10*' => 'autoGen',
-		'1.3.36.8.7.1.1*' => 'ptAdobeILL',
-		'1.3.36.8.7.1.2*' => 'ptAmiPro',
-		'1.3.36.8.7.1.3*' => 'ptAutoCAD',
-		'1.3.36.8.7.1.4*' => 'ptBinary',
-		'1.3.36.8.7.1.5*' => 'ptBMP',
-		'1.3.36.8.7.1.6*' => 'ptCGM',
-		'1.3.36.8.7.1.7*' => 'ptCorelCRT',
-		'1.3.36.8.7.1.8*' => 'ptCorelDRW',
-		'1.3.36.8.7.1.9*' => 'ptCorelEXC',
-		'1.3.36.8.7.1.10*' => 'ptCorelPHT',
-		'1.3.36.8.7.1.11*' => 'ptDraw',
-		'1.3.36.8.7.1.12*' => 'ptDVI',
-		'1.3.36.8.7.1.13*' => 'ptEPS',
-		'1.3.36.8.7.1.14*' => 'ptExcel',
-		'1.3.36.8.7.1.15*' => 'ptGEM',
-		'1.3.36.8.7.1.16*' => 'ptGIF',
-		'1.3.36.8.7.1.17*' => 'ptHPGL',
-		'1.3.36.8.7.1.18*' => 'ptJPEG',
-		'1.3.36.8.7.1.19*' => 'ptKodak',
-		'1.3.36.8.7.1.20*' => 'ptLaTeX',
-		'1.3.36.8.7.1.21*' => 'ptLotus',
-		'1.3.36.8.7.1.22*' => 'ptLotusPIC',
-		'1.3.36.8.7.1.23*' => 'ptMacPICT',
-		'1.3.36.8.7.1.24*' => 'ptMacWord',
-		'1.3.36.8.7.1.25*' => 'ptMSWfD',
-		'1.3.36.8.7.1.26*' => 'ptMSWord',
-		'1.3.36.8.7.1.27*' => 'ptMSWord2',
-		'1.3.36.8.7.1.28*' => 'ptMSWord6',
-		'1.3.36.8.7.1.29*' => 'ptMSWord8',
-		'1.3.36.8.7.1.30*' => 'ptPDF',
-		'1.3.36.8.7.1.31*' => 'ptPIF',
-		'1.3.36.8.7.1.32*' => 'ptPostscript',
-		'1.3.36.8.7.1.33*' => 'ptRTF',
-		'1.3.36.8.7.1.34*' => 'ptSCITEX',
-		'1.3.36.8.7.1.35*' => 'ptTAR',
-		'1.3.36.8.7.1.36*' => 'ptTarga',
-		'1.3.36.8.7.1.37*' => 'ptTeX',
-		'1.3.36.8.7.1.38*' => 'ptText',
-		'1.3.36.8.7.1.39*' => 'ptTIFF',
-		'1.3.36.8.7.1.40*' => 'ptTIFF-FC',
-		'1.3.36.8.7.1.41*' => 'ptUID',
-		'1.3.36.8.7.1.42*' => 'ptUUEncode',
-		'1.3.36.8.7.1.43*' => 'ptWordPerfect x',
-		'1.3.36.8.7.1.45*' => 'ptWPGrph',
-		'1.3.101.1.4*' => 'thawte-ce',
-		'1.3.101.1.4.1*' => 'strongExtranet',
-		'1.3.132.0.1*' => 'sect163k1',
-		'1.3.132.0.2*' => 'sect163r1',
-		'1.3.132.0.3*' => 'sect239k1',
-		'1.3.132.0.4*' => 'sect113r1',
-		'1.3.132.0.5*' => 'sect113r2',
-		'1.3.132.0.6*' => 'secp112r1',
-		'1.3.132.0.7*' => 'secp112r2',
-		'1.3.132.0.8*' => 'secp160r1',
-		'1.3.132.0.9*' => 'secp160k1',
-		'1.3.132.0.10*' => 'secp256k1',
-		'1.3.132.0.15*' => 'sect163r2',
-		'1.3.132.0.16*' => 'sect283k1',
-		'1.3.132.0.17*' => 'sect283r1',
-		'1.3.132.0.22*' => 'sect131r1',
-		'1.3.132.0.23*' => 'sect131r2',
-		'1.3.132.0.24*' => 'sect193r1',
-		'1.3.132.0.25*' => 'sect193r2',
-		'1.3.132.0.26*' => 'sect233k1',
-		'1.3.132.0.27*' => 'sect233r1',
-		'1.3.132.0.28*' => 'secp128r1',
-		'1.3.132.0.29*' => 'secp128r2',
-		'1.3.132.0.30*' => 'secp160r2',
-		'1.3.132.0.31*' => 'secp192k1',
-		'1.3.132.0.32*' => 'secp224k1',
-		'1.3.132.0.33*' => 'secp224r1',
-		'1.3.132.0.34*' => 'secp384r1',
-		'1.3.132.0.35*' => 'secp521r1',
-		'1.3.132.0.36*' => 'sect409k1',
-		'1.3.132.0.37*' => 'sect409r1',
-		'1.3.132.0.38*' => 'sect571k1',
-		'1.3.132.0.39*' => 'sect571r1',
-		'2.5.4.0*' => 'objectClass',
-		'2.5.4.1*' => 'aliasedEntryName',
-		'2.5.4.2*' => 'knowledgeInformation',
-		'2.5.4.3*' => 'commonName',
-		'2.5.4.4*' => 'surname',
-		'2.5.4.5*' => 'serialNumber',
-		'2.5.4.6*' => 'countryName',
-		'2.5.4.7*' => 'localityName',
-		'2.5.4.7.1*' => 'collectiveLocalityName',
-		'2.5.4.8*' => 'stateOrProvinceName',
-		'2.5.4.8.1*' => 'collectiveStateOrProvinceName',
-		'2.5.4.9*' => 'streetAddress',
-		'2.5.4.9.1*' => 'collectiveStreetAddress',
-		'2.5.4.10*' => 'organizationName',
-		'2.5.4.10.1*' => 'collectiveOrganizationName',
-		'2.5.4.11*' => 'organizationalUnitName',
-		'2.5.4.11.1*' => 'collectiveOrganizationalUnitName',
-		'2.5.4.12*' => 'title',
-		'2.5.4.13*' => 'description',
-		'2.5.4.14*' => 'searchGuide',
-		'2.5.4.15*' => 'businessCategory',
-		'2.5.4.16*' => 'postalAddress',
-		'2.5.4.16.1*' => 'collectivePostalAddress',
-		'2.5.4.17*' => 'postalCode',
-		'2.5.4.17.1*' => 'collectivePostalCode',
-		'2.5.4.18*' => 'postOfficeBox',
-		'2.5.4.18.1*' => 'collectivePostOfficeBox',
-		'2.5.4.19*' => 'physicalDeliveryOfficeName',
-		'2.5.4.19.1*' => 'collectivePhysicalDeliveryOfficeName',
-		'2.5.4.20*' => 'telephoneNumber',
-		'2.5.4.20.1*' => 'collectiveTelephoneNumber',
-		'2.5.4.21*' => 'telexNumber',
-		'2.5.4.21.1*' => 'collectiveTelexNumber',
-		'2.5.4.22*' => 'teletexTerminalIdentifier',
-		'2.5.4.22.1*' => 'collectiveTeletexTerminalIdentifier',
-		'2.5.4.23*' => 'facsimileTelephoneNumber',
-		'2.5.4.23.1*' => 'collectiveFacsimileTelephoneNumber',
-		'2.5.4.24*' => 'x121Address',
-		'2.5.4.25*' => 'internationalISDNNumber',
-		'2.5.4.25.1*' => 'collectiveInternationalISDNNumber',
-		'2.5.4.26*' => 'registeredAddress',
-		'2.5.4.27*' => 'destinationIndicator',
-		'2.5.4.28*' => 'preferredDeliveryMehtod',
-		'2.5.4.29*' => 'presentationAddress',
-		'2.5.4.30*' => 'supportedApplicationContext',
-		'2.5.4.31*' => 'member',
-		'2.5.4.32*' => 'owner',
-		'2.5.4.33*' => 'roleOccupant',
-		'2.5.4.34*' => 'seeAlso',
-		'2.5.4.35*' => 'userPassword',
-		'2.5.4.36*' => 'userCertificate',
-		'2.5.4.37*' => 'caCertificate',
-		'2.5.4.38*' => 'authorityRevocationList',
-		'2.5.4.39*' => 'certificateRevocationList',
-		'2.5.4.40*' => 'crossCertificatePair',
-		'2.5.4.41*' => 'name',
-		'2.5.4.42*' => 'givenName',
-		'2.5.4.43*' => 'initials',
-		'2.5.4.44*' => 'generationQualifier',
-		'2.5.4.45*' => 'uniqueIdentifier',
-		'2.5.4.46*' => 'dnQualifier',
-		'2.5.4.47*' => 'enhancedSearchGuide',
-		'2.5.4.48*' => 'protocolInformation',
-		'2.5.4.49*' => 'distinguishedName',
-		'2.5.4.50*' => 'uniqueMember',
-		'2.5.4.51*' => 'houseIdentifier',
-		'2.5.4.52*' => 'supportedAlgorithms',
-		'2.5.4.53*' => 'deltaRevocationList',
-		'2.5.4.54*' => 'dmdName',
-		'2.5.4.55*' => 'clearance',
-		'2.5.4.56*' => 'defaultDirQop',
-		'2.5.4.57*' => 'attributeIntegrityInfo',
-		'2.5.4.58*' => 'attributeCertificate',
-		'2.5.4.59*' => 'attributeCertificateRevocationList',
-		'2.5.4.60*' => 'confKeyInfo',
-		'2.5.4.61*' => 'aACertificate',
-		'2.5.4.62*' => 'attributeDescriptorCertificate',
-		'2.5.4.63*' => 'attributeAuthorityRevocationList',
-		'2.5.4.64*' => 'familyInformation',
-		'2.5.4.65*' => 'pseudonym',
-		'2.5.4.66*' => 'communicationsService',
-		'2.5.4.67*' => 'communicationsNetwork',
-		'2.5.4.68*' => 'certificationPracticeStmt',
-		'2.5.4.69*' => 'certificatePolicy',
-		'2.5.4.70*' => 'pkiPath',
-		'2.5.4.71*' => 'privPolicy',
-		'2.5.4.72*' => 'role',
-		'2.5.4.73*' => 'delegationPath',
-		'2.5.4.74*' => 'protPrivPolicy',
-		'2.5.4.75*' => 'xMLPrivilegeInfo',
-		'2.5.4.76*' => 'xmlPrivPolicy',
-		'2.5.4.82*' => 'permission',
-		'2.5.6.0*' => 'top',
-		'2.5.6.1*' => 'alias',
-		'2.5.6.2*' => 'country',
-		'2.5.6.3*' => 'locality',
-		'2.5.6.4*' => 'organization',
-		'2.5.6.5*' => 'organizationalUnit',
-		'2.5.6.6*' => 'person',
-		'2.5.6.7*' => 'organizationalPerson',
-		'2.5.6.8*' => 'organizationalRole',
-		'2.5.6.9*' => 'groupOfNames',
-		'2.5.6.10*' => 'residentialPerson',
-		'2.5.6.11*' => 'applicationProcess',
-		'2.5.6.12*' => 'applicationEntity',
-		'2.5.6.13*' => 'dSA',
-		'2.5.6.14*' => 'device',
-		'2.5.6.15*' => 'strongAuthenticationUser',
-		'2.5.6.16*' => 'certificateAuthority',
-		'2.5.6.17*' => 'groupOfUniqueNames',
-		'2.5.6.21*' => 'pkiUser',
-		'2.5.6.22*' => 'pkiCA',
-		'2.5.8.1.1*' => 'rsa',
-		'2.5.29.1*' => 'authorityKeyIdentifier',
-		'2.5.29.2*' => 'keyAttributes',
-		'2.5.29.3*' => 'certificatePolicies',
-		'2.5.29.4*' => 'keyUsageRestriction',
-		'2.5.29.5*' => 'policyMapping',
-		'2.5.29.6*' => 'subtreesConstraint',
-		'2.5.29.7*' => 'subjectAltName',
-		'2.5.29.8*' => 'issuerAltName',
-		'2.5.29.9*' => 'subjectDirectoryAttributes',
-		'2.5.29.10*' => 'basicConstraints',
-		'2.5.29.11*' => 'nameConstraints',
-		'2.5.29.12*' => 'policyConstraints',
-		'2.5.29.13*' => 'basicConstraints',
-		'2.5.29.14*' => 'subjectKeyIdentifier',
-		'2.5.29.15*' => 'keyUsage',
-		'2.5.29.16*' => 'privateKeyUsagePeriod',
-		'2.5.29.17*' => 'subjectAltName',
-		'2.5.29.18*' => 'issuerAltName',
-		'2.5.29.19*' => 'basicConstraints',
-		'2.5.29.20*' => 'cRLNumber',
-		'2.5.29.21*' => 'cRLReason',
-		'2.5.29.22*' => 'expirationDate',
-		'2.5.29.23*' => 'instructionCode',
-		'2.5.29.24*' => 'invalidityDate',
-		'2.5.29.25*' => 'cRLDistributionPoints',
-		'2.5.29.26*' => 'issuingDistributionPoint',
-		'2.5.29.27*' => 'deltaCRLIndicator',
-		'2.5.29.28*' => 'issuingDistributionPoint',
-		'2.5.29.29*' => 'certificateIssuer',
-		'2.5.29.30*' => 'nameConstraints',
-		'2.5.29.31*' => 'cRLDistributionPoints',
-		'2.5.29.32*' => 'certificatePolicies',
-		'2.5.29.32.0*' => 'anyPolicy',
-		'2.5.29.33*' => 'policyMappings',
-		'2.5.29.34*' => 'policyConstraints',
-		'2.5.29.35*' => 'authorityKeyIdentifier',
-		'2.5.29.36*' => 'policyConstraints',
-		'2.5.29.37*' => 'extKeyUsage',
-		'2.5.29.37.0*' => 'anyExtendedKeyUsage',
-		'2.5.29.38*' => 'authorityAttributeIdentifier',
-		'2.5.29.39*' => 'roleSpecCertIdentifier',
-		'2.5.29.40*' => 'cRLStreamIdentifier',
-		'2.5.29.41*' => 'basicAttConstraints',
-		'2.5.29.42*' => 'delegatedNameConstraints',
-		'2.5.29.43*' => 'timeSpecification',
-		'2.5.29.44*' => 'cRLScope',
-		'2.5.29.45*' => 'statusReferrals',
-		'2.5.29.46*' => 'freshestCRL',
-		'2.5.29.47*' => 'orderedList',
-		'2.5.29.48*' => 'attributeDescriptor',
-		'2.5.29.49*' => 'userNotice',
-		'2.5.29.50*' => 'sOAIdentifier',
-		'2.5.29.51*' => 'baseUpdateTime',
-		'2.5.29.52*' => 'acceptableCertPolicies',
-		'2.5.29.53*' => 'deltaInfo',
-		'2.5.29.54*' => 'inhibitAnyPolicy',
-		'2.5.29.55*' => 'targetInformation',
-		'2.5.29.56*' => 'noRevAvail',
-		'2.5.29.57*' => 'acceptablePrivilegePolicies',
-		'2.5.29.58*' => 'toBeRevoked',
-		'2.5.29.59*' => 'revokedGroups',
-		'2.5.29.60*' => 'expiredCertsOnCRL',
-		'2.5.29.61*' => 'indirectIssuer',
-		'2.5.29.62*' => 'noAssertion',
-		'2.5.29.63*' => 'aAissuingDistributionPoint',
-		'2.5.29.64*' => 'issuedOnBehalfOf',
-		'2.5.29.65*' => 'singleUse',
-		'2.5.29.66*' => 'groupAC',
-		'2.5.29.67*' => 'allowedAttAss',
-		'2.5.29.68*' => 'attributeMappings',
-		'2.5.29.69*' => 'holderNameConstraints',
-		'2.16.840.1.101.2.1.1.1*' => 'sdnsSignatureAlgorithm',
-		'2.16.840.1.101.2.1.1.2*' => 'fortezzaSignatureAlgorithm',
-		'2.16.840.1.101.2.1.1.3*' => 'sdnsConfidentialityAlgorithm',
-		'2.16.840.1.101.2.1.1.4*' => 'fortezzaConfidentialityAlgorithm',
-		'2.16.840.1.101.2.1.1.5*' => 'sdnsIntegrityAlgorithm',
-		'2.16.840.1.101.2.1.1.6*' => 'fortezzaIntegrityAlgorithm',
-		'2.16.840.1.101.2.1.1.7*' => 'sdnsTokenProtectionAlgorithm',
-		'2.16.840.1.101.2.1.1.8*' => 'fortezzaTokenProtectionAlgorithm',
-		'2.16.840.1.101.2.1.1.9*' => 'sdnsKeyManagementAlgorithm',
-		'2.16.840.1.101.2.1.1.10*' => 'fortezzaKeyManagementAlgorithm',
-		'2.16.840.1.101.2.1.1.11*' => 'sdnsKMandSigAlgorithm',
-		'2.16.840.1.101.2.1.1.12*' => 'fortezzaKMandSigAlgorithm',
-		'2.16.840.1.101.2.1.1.13*' => 'suiteASignatureAlgorithm',
-		'2.16.840.1.101.2.1.1.14*' => 'suiteAConfidentialityAlgorithm',
-		'2.16.840.1.101.2.1.1.15*' => 'suiteAIntegrityAlgorithm',
-		'2.16.840.1.101.2.1.1.16*' => 'suiteATokenProtectionAlgorithm',
-		'2.16.840.1.101.2.1.1.17*' => 'suiteAKeyManagementAlgorithm',
-		'2.16.840.1.101.2.1.1.18*' => 'suiteAKMandSigAlgorithm',
-		'2.16.840.1.101.2.1.1.19*' => 'fortezzaUpdatedSigAlgorithm',
-		'2.16.840.1.101.2.1.1.20*' => 'fortezzaKMandUpdSigAlgorithms',
-		'2.16.840.1.101.2.1.1.21*' => 'fortezzaUpdatedIntegAlgorithm',
-		'2.16.840.1.101.2.1.1.22*' => 'keyExchangeAlgorithm',
-		'2.16.840.1.101.2.1.1.23*' => 'fortezzaWrap80Algorithm',
-		'2.16.840.1.101.2.1.1.24*' => 'kEAKeyEncryptionAlgorithm',
-		'2.16.840.1.101.2.1.2.1*' => 'rfc822MessageFormat',
-		'2.16.840.1.101.2.1.2.2*' => 'emptyContent',
-		'2.16.840.1.101.2.1.2.3*' => 'cspContentType',
-		'2.16.840.1.101.2.1.2.42*' => 'mspRev3ContentType',
-		'2.16.840.1.101.2.1.2.48*' => 'mspContentType',
-		'2.16.840.1.101.2.1.2.49*' => 'mspRekeyAgentProtocol',
-		'2.16.840.1.101.2.1.2.50*' => 'mspMMP',
-		'2.16.840.1.101.2.1.2.66*' => 'mspRev3-1ContentType',
-		'2.16.840.1.101.2.1.2.72*' => 'forwardedMSPMessageBodyPart',
-		'2.16.840.1.101.2.1.2.73*' => 'mspForwardedMessageParameters',
-		'2.16.840.1.101.2.1.2.74*' => 'forwardedCSPMsgBodyPart',
-		'2.16.840.1.101.2.1.2.75*' => 'cspForwardedMessageParameters',
-		'2.16.840.1.101.2.1.2.76*' => 'mspMMP2',
-		'2.16.840.1.101.2.1.3.1*' => 'sdnsSecurityPolicy',
-		'2.16.840.1.101.2.1.3.2*' => 'sdnsPRBAC',
-		'2.16.840.1.101.2.1.3.3*' => 'mosaicPRBAC',
-		'2.16.840.1.101.2.1.3.10*' => 'siSecurityPolicy',
-		'2.16.840.1.101.2.1.3.10.0*' => 'siNASP',
-		'2.16.840.1.101.2.1.3.10.1*' => 'siELCO',
-		'2.16.840.1.101.2.1.3.10.2*' => 'siTK',
-		'2.16.840.1.101.2.1.3.10.3*' => 'siDSAP',
-		'2.16.840.1.101.2.1.3.10.4*' => 'siSSSS',
-		'2.16.840.1.101.2.1.3.10.5*' => 'siDNASP',
-		'2.16.840.1.101.2.1.3.10.6*' => 'siBYEMAN',
-		'2.16.840.1.101.2.1.3.10.7*' => 'siREL-US',
-		'2.16.840.1.101.2.1.3.10.8*' => 'siREL-AUS',
-		'2.16.840.1.101.2.1.3.10.9*' => 'siREL-CAN',
-		'2.16.840.1.101.2.1.3.10.10*' => 'siREL_UK',
-		'2.16.840.1.101.2.1.3.10.11*' => 'siREL-NZ',
-		'2.16.840.1.101.2.1.3.10.12*' => 'siGeneric',
-		'2.16.840.1.101.2.1.3.11*' => 'genser',
-		'2.16.840.1.101.2.1.3.11.0*' => 'genserNations',
-		'2.16.840.1.101.2.1.3.11.1*' => 'genserComsec',
-		'2.16.840.1.101.2.1.3.11.2*' => 'genserAcquisition',
-		'2.16.840.1.101.2.1.3.11.3*' => 'genserSecurityCategories',
-		'2.16.840.1.101.2.1.3.11.3.0*' => 'genserTagSetName',
-		'2.16.840.1.101.2.1.3.12*' => 'defaultSecurityPolicy',
-		'2.16.840.1.101.2.1.3.13*' => 'capcoMarkings',
-		'2.16.840.1.101.2.1.3.13.0*' => 'capcoSecurityCategories',
-		'2.16.840.1.101.2.1.3.13.0.1*' => 'capcoTagSetName1',
-		'2.16.840.1.101.2.1.3.13.0.2*' => 'capcoTagSetName2',
-		'2.16.840.1.101.2.1.3.13.0.3*' => 'capcoTagSetName3',
-		'2.16.840.1.101.2.1.3.13.0.4*' => 'capcoTagSetName4',
-		'2.16.840.1.101.2.1.5.1*' => 'sdnsKeyManagementCertificate',
-		'2.16.840.1.101.2.1.5.2*' => 'sdnsUserSignatureCertificate',
-		'2.16.840.1.101.2.1.5.3*' => 'sdnsKMandSigCertificate',
-		'2.16.840.1.101.2.1.5.4*' => 'fortezzaKeyManagementCertificate',
-		'2.16.840.1.101.2.1.5.5*' => 'fortezzaKMandSigCertificate',
-		'2.16.840.1.101.2.1.5.6*' => 'fortezzaUserSignatureCertificate',
-		'2.16.840.1.101.2.1.5.7*' => 'fortezzaCASignatureCertificate',
-		'2.16.840.1.101.2.1.5.8*' => 'sdnsCASignatureCertificate',
-		'2.16.840.1.101.2.1.5.10*' => 'auxiliaryVector',
-		'2.16.840.1.101.2.1.5.11*' => 'mlReceiptPolicy',
-		'2.16.840.1.101.2.1.5.12*' => 'mlMembership',
-		'2.16.840.1.101.2.1.5.13*' => 'mlAdministrators',
-		'2.16.840.1.101.2.1.5.14*' => 'alid',
-		'2.16.840.1.101.2.1.5.20*' => 'janUKMs',
-		'2.16.840.1.101.2.1.5.21*' => 'febUKMs',
-		'2.16.840.1.101.2.1.5.22*' => 'marUKMs',
-		'2.16.840.1.101.2.1.5.23*' => 'aprUKMs',
-		'2.16.840.1.101.2.1.5.24*' => 'mayUKMs',
-		'2.16.840.1.101.2.1.5.25*' => 'junUKMs',
-		'2.16.840.1.101.2.1.5.26*' => 'julUKMs',
-		'2.16.840.1.101.2.1.5.27*' => 'augUKMs',
-		'2.16.840.1.101.2.1.5.28*' => 'sepUKMs',
-		'2.16.840.1.101.2.1.5.29*' => 'octUKMs',
-		'2.16.840.1.101.2.1.5.30*' => 'novUKMs',
-		'2.16.840.1.101.2.1.5.31*' => 'decUKMs',
-		'2.16.840.1.101.2.1.5.40*' => 'metaSDNSckl',
-		'2.16.840.1.101.2.1.5.41*' => 'sdnsCKL',
-		'2.16.840.1.101.2.1.5.42*' => 'metaSDNSsignatureCKL',
-		'2.16.840.1.101.2.1.5.43*' => 'sdnsSignatureCKL',
-		'2.16.840.1.101.2.1.5.44*' => 'sdnsCertificateRevocationList',
-		'2.16.840.1.101.2.1.5.45*' => 'fortezzaCertificateRevocationList',
-		'2.16.840.1.101.2.1.5.46*' => 'fortezzaCKL',
-		'2.16.840.1.101.2.1.5.47*' => 'alExemptedAddressProcessor',
-		'2.16.840.1.101.2.1.5.48*' => 'guard',
-		'2.16.840.1.101.2.1.5.49*' => 'algorithmsSupported',
-		'2.16.840.1.101.2.1.5.50*' => 'suiteAKeyManagementCertificate',
-		'2.16.840.1.101.2.1.5.51*' => 'suiteAKMandSigCertificate',
-		'2.16.840.1.101.2.1.5.52*' => 'suiteAUserSignatureCertificate',
-		'2.16.840.1.101.2.1.5.53*' => 'prbacInfo',
-		'2.16.840.1.101.2.1.5.54*' => 'prbacCAConstraints',
-		'2.16.840.1.101.2.1.5.55*' => 'sigOrKMPrivileges',
-		'2.16.840.1.101.2.1.5.56*' => 'commPrivileges',
-		'2.16.840.1.101.2.1.5.57*' => 'labeledAttribute',
-		'2.16.840.1.101.2.1.5.58*' => 'policyInformationFile',
-		'2.16.840.1.101.2.1.5.59*' => 'secPolicyInformationFile',
-		'2.16.840.1.101.2.1.5.60*' => 'cAClearanceConstraint',
-		'2.16.840.1.101.2.1.7.1*' => 'cspExtns',
-		'2.16.840.1.101.2.1.7.1.0*' => 'cspCsExtn',
-		'2.16.840.1.101.2.1.8.1*' => 'mISSISecurityCategories',
-		'2.16.840.1.101.2.1.8.2*' => 'standardSecurityLabelPrivileges',
-		'2.16.840.1.101.2.1.10.1*' => 'sigPrivileges',
-		'2.16.840.1.101.2.1.10.2*' => 'kmPrivileges',
-		'2.16.840.1.101.2.1.10.3*' => 'namedTagSetPrivilege',
-		'2.16.840.1.101.2.1.11.1*' => 'ukDemo',
-		'2.16.840.1.101.2.1.11.2*' => 'usDODClass2',
-		'2.16.840.1.101.2.1.11.3*' => 'usMediumPilot',
-		'2.16.840.1.101.2.1.11.4*' => 'usDODClass4',
-		'2.16.840.1.101.2.1.11.5*' => 'usDODClass3',
-		'2.16.840.1.101.2.1.11.6*' => 'usDODClass5',
-		'2.16.840.1.101.2.1.12.0*' => 'testSecurityPolicy',
-		'2.16.840.1.101.2.1.12.0.1*' => 'tsp1',
-		'2.16.840.1.101.2.1.12.0.1.0*' => 'tsp1SecurityCategories',
-		'2.16.840.1.101.2.1.12.0.1.0.0*' => 'tsp1TagSetZero',
-		'2.16.840.1.101.2.1.12.0.1.0.1*' => 'tsp1TagSetOne',
-		'2.16.840.1.101.2.1.12.0.1.0.2*' => 'tsp1TagSetTwo',
-		'2.16.840.1.101.2.1.12.0.2*' => 'tsp2',
-		'2.16.840.1.101.2.1.12.0.2.0*' => 'tsp2SecurityCategories',
-		'2.16.840.1.101.2.1.12.0.2.0.0*' => 'tsp2TagSetZero',
-		'2.16.840.1.101.2.1.12.0.2.0.1*' => 'tsp2TagSetOne',
-		'2.16.840.1.101.2.1.12.0.2.0.2*' => 'tsp2TagSetTwo',
-		'2.16.840.1.101.2.1.12.0.3*' => 'kafka',
-		'2.16.840.1.101.2.1.12.0.3.0*' => 'kafkaSecurityCategories',
-		'2.16.840.1.101.2.1.12.0.3.0.1*' => 'kafkaTagSetName1',
-		'2.16.840.1.101.2.1.12.0.3.0.2*' => 'kafkaTagSetName2',
-		'2.16.840.1.101.2.1.12.0.3.0.3*' => 'kafkaTagSetName3',
-		'2.16.840.1.101.2.1.12.1.1*' => 'tcp1',
-		'2.16.840.1.101.3.1*' => 'slabel',
-		'2.16.840.1.101.3.2*' => 'pki',
-		'2.16.840.1.101.3.2.1*' => 'NIST policyIdentifier',
-		'2.16.840.1.101.3.2.1.3.1*' => 'fbcaRudimentaryPolicy',
-		'2.16.840.1.101.3.2.1.3.2*' => 'fbcaBasicPolicy',
-		'2.16.840.1.101.3.2.1.3.3*' => 'fbcaMediumPolicy',
-		'2.16.840.1.101.3.2.1.3.4*' => 'fbcaHighPolicy',
-		'2.16.840.1.101.3.2.1.48.1*' => 'nistTestPolicy1',
-		'2.16.840.1.101.3.2.1.48.2*' => 'nistTestPolicy2',
-		'2.16.840.1.101.3.2.1.48.3*' => 'nistTestPolicy3',
-		'2.16.840.1.101.3.2.1.48.4*' => 'nistTestPolicy4',
-		'2.16.840.1.101.3.2.1.48.5*' => 'nistTestPolicy5',
-		'2.16.840.1.101.3.2.1.48.6*' => 'nistTestPolicy6',
-		'2.16.840.1.101.3.2.2*' => 'gak',
-		'2.16.840.1.101.3.2.2.1*' => 'kRAKey',
-		'2.16.840.1.101.3.2.3*' => 'extensions',
-		'2.16.840.1.101.3.2.3.1*' => 'kRTechnique',
-		'2.16.840.1.101.3.2.3.2*' => 'kRecoveryCapable',
-		'2.16.840.1.101.3.2.3.3*' => 'kR',
-		'2.16.840.1.101.3.2.4*' => 'keyRecoverySchemes',
-		'2.16.840.1.101.3.2.5*' => 'krapola',
-		'2.16.840.1.101.3.3*' => 'arpa',
-		'2.16.840.1.101.3.4*' => 'nistAlgorithm',
-		'2.16.840.1.101.3.4.1*' => 'aes',
-		'2.16.840.1.101.3.4.1.1*' => 'aes128-ECB',
-		'2.16.840.1.101.3.4.1.2*' => 'aes128-CBC',
-		'2.16.840.1.101.3.4.1.3*' => 'aes128-OFB',
-		'2.16.840.1.101.3.4.1.4*' => 'aes128-CFB',
-		'2.16.840.1.101.3.4.1.5*' => 'aes128-wrap',
-		'2.16.840.1.101.3.4.1.6*' => 'aes128-GCM',
-		'2.16.840.1.101.3.4.1.7*' => 'aes128-CCM',
-		'2.16.840.1.101.3.4.1.8*' => 'aes128-wrap-pad',
-		'2.16.840.1.101.3.4.1.21*' => 'aes192-ECB',
-		'2.16.840.1.101.3.4.1.22*' => 'aes192-CBC',
-		'2.16.840.1.101.3.4.1.23*' => 'aes192-OFB',
-		'2.16.840.1.101.3.4.1.24*' => 'aes192-CFB',
-		'2.16.840.1.101.3.4.1.25*' => 'aes192-wrap',
-		'2.16.840.1.101.3.4.1.26*' => 'aes192-GCM',
-		'2.16.840.1.101.3.4.1.27*' => 'aes192-CCM',
-		'2.16.840.1.101.3.4.1.28*' => 'aes192-wrap-pad',
-		'2.16.840.1.101.3.4.1.41*' => 'aes256-ECB',
-		'2.16.840.1.101.3.4.1.42*' => 'aes256-CBC',
-		'2.16.840.1.101.3.4.1.43*' => 'aes256-OFB',
-		'2.16.840.1.101.3.4.1.44*' => 'aes256-CFB',
-		'2.16.840.1.101.3.4.1.45*' => 'aes256-wrap',
-		'2.16.840.1.101.3.4.1.46*' => 'aes256-GCM',
-		'2.16.840.1.101.3.4.1.47*' => 'aes256-CCM',
-		'2.16.840.1.101.3.4.1.48*' => 'aes256-wrap-pad',
-		'2.16.840.1.101.3.4.2*' => 'hashAlgos',
-		'2.16.840.1.101.3.4.2.1*' => 'sha-256',
-		'2.16.840.1.101.3.4.2.2*' => 'sha-384',
-		'2.16.840.1.101.3.4.2.3*' => 'sha-512',
-		'2.16.840.1.101.3.4.2.4*' => 'sha-224',
-		'2.16.840.1.101.3.4.3.1*' => 'dsaWithSha224',
-		'2.16.840.1.101.3.4.3.2*' => 'dsaWithSha256',
-		'2.16.840.1.113719.1.2.8*' => 'novellAlgorithm',
-		'2.16.840.1.113719.1.2.8.22*' => 'desCbcIV8',
-		'2.16.840.1.113719.1.2.8.23*' => 'desCbcPadIV8',
-		'2.16.840.1.113719.1.2.8.24*' => 'desEDE2CbcIV8',
-		'2.16.840.1.113719.1.2.8.25*' => 'desEDE2CbcPadIV8',
-		'2.16.840.1.113719.1.2.8.26*' => 'desEDE3CbcIV8',
-		'2.16.840.1.113719.1.2.8.27*' => 'desEDE3CbcPadIV8',
-		'2.16.840.1.113719.1.2.8.28*' => 'rc5CbcPad',
-		'2.16.840.1.113719.1.2.8.29*' => 'md2WithRSAEncryptionBSafe1',
-		'2.16.840.1.113719.1.2.8.30*' => 'md5WithRSAEncryptionBSafe1',
-		'2.16.840.1.113719.1.2.8.31*' => 'sha1WithRSAEncryptionBSafe1',
-		'2.16.840.1.113719.1.2.8.32*' => 'lmDigest',
-		'2.16.840.1.113719.1.2.8.40*' => 'md2',
-		'2.16.840.1.113719.1.2.8.50*' => 'md5',
-		'2.16.840.1.113719.1.2.8.51*' => 'ikeHmacWithSHA1-RSA',
-		'2.16.840.1.113719.1.2.8.52*' => 'ikeHmacWithMD5-RSA',
-		'2.16.840.1.113719.1.2.8.69*' => 'rc2CbcPad',
-		'2.16.840.1.113719.1.2.8.82*' => 'sha-1',
-		'2.16.840.1.113719.1.2.8.92*' => 'rc2BSafe1Cbc',
-		'2.16.840.1.113719.1.2.8.95*' => 'md4',
-		'2.16.840.1.113719.1.2.8.130*' => 'md4Packet',
-		'2.16.840.1.113719.1.2.8.131*' => 'rsaEncryptionBsafe1',
-		'2.16.840.1.113719.1.2.8.132*' => 'nwPassword',
-		'2.16.840.1.113719.1.2.8.133*' => 'novellObfuscate-1',
-		'2.16.840.1.113719.1.9*' => 'pki',
-		'2.16.840.1.113719.1.9.4*' => 'pkiAttributeType',
-		'2.16.840.1.113719.1.9.4.1*' => 'securityAttributes',
-		'2.16.840.1.113719.1.9.4.2*' => 'relianceLimit',
-		'2.16.840.1.113730.1*' => 'cert-extension',
-		'2.16.840.1.113730.1.1*' => 'netscape-cert-type',
-		'2.16.840.1.113730.1.2*' => 'netscape-base-url',
-		'2.16.840.1.113730.1.3*' => 'netscape-revocation-url',
-		'2.16.840.1.113730.1.4*' => 'netscape-ca-revocation-url',
-		'2.16.840.1.113730.1.7*' => 'netscape-cert-renewal-url',
-		'2.16.840.1.113730.1.8*' => 'netscape-ca-policy-url',
-		'2.16.840.1.113730.1.9*' => 'HomePage-url',
-		'2.16.840.1.113730.1.10*' => 'EntityLogo',
-		'2.16.840.1.113730.1.11*' => 'UserPicture',
-		'2.16.840.1.113730.1.12*' => 'netscape-ssl-server-name',
-		'2.16.840.1.113730.1.13*' => 'netscape-comment',
-		'2.16.840.1.113730.2*' => 'data-type',
-		'2.16.840.1.113730.2.1*' => 'dataGIF',
-		'2.16.840.1.113730.2.2*' => 'dataJPEG',
-		'2.16.840.1.113730.2.3*' => 'dataURL',
-		'2.16.840.1.113730.2.4*' => 'dataHTML',
-		'2.16.840.1.113730.2.5*' => 'certSequence',
-		'2.16.840.1.113730.2.6*' => 'certURL',
-		'2.16.840.1.113730.3*' => 'directory',
-		'2.16.840.1.113730.3.1*' => 'ldapDefinitions',
-		'2.16.840.1.113730.3.1.1*' => 'carLicense',
-		'2.16.840.1.113730.3.1.2*' => 'departmentNumber',
-		'2.16.840.1.113730.3.1.3*' => 'employeeNumber',
-		'2.16.840.1.113730.3.1.4*' => 'employeeType',
-		'2.16.840.1.113730.3.2.2*' => 'inetOrgPerson',
-		'2.16.840.1.113730.4.1*' => 'serverGatedCrypto',
-		'2.16.840.1.113733.1.6.3*' => 'verisignCZAG',
-		'2.16.840.1.113733.1.6.6*' => 'verisignInBox',
-		'2.16.840.1.113733.1.6.11*' => 'verisignOnsiteJurisdictionHash',
-		'2.16.840.1.113733.1.6.13*' => 'Unknown Verisign VPN extension',
-		'2.16.840.1.113733.1.6.15*' => 'verisignServerID',
-		'2.16.840.1.113733.1.7.1.1*' => 'verisignCertPolicies95Qualifier1',
-		'2.16.840.1.113733.1.7.1.1.1*' => 'verisignCPSv1notice',
-		'2.16.840.1.113733.1.7.1.1.2*' => 'verisignCPSv1nsi',
-		'2.16.840.1.113733.1.7.23.6*' => 'VeriSign EV policy',
-		'2.16.840.1.113733.1.8.1*' => 'verisignISSStrongCrypto',
-		'2.16.840.1.113733.1*' => 'pki',
-		'2.16.840.1.113733.1.9*' => 'pkcs7Attribute',
-		'2.16.840.1.113733.1.9.2*' => 'messageType',
-		'2.16.840.1.113733.1.9.3*' => 'pkiStatus',
-		'2.16.840.1.113733.1.9.4*' => 'failInfo',
-		'2.16.840.1.113733.1.9.5*' => 'senderNonce',
-		'2.16.840.1.113733.1.9.6*' => 'recipientNonce',
-		'2.16.840.1.113733.1.9.7*' => 'transID',
-		'2.16.840.1.113733.1.9.8*' => 'extensionReq',
-		'2.16.840.1.114412.1.3.0.1*' => 'digiCertGlobalCAPolicy',
-		'2.16.840.1.114412.1.3.0.2*' => 'digiCertHighAssuranceEVCAPolicy',
-		'2.16.840.1.114412.1.3.0.3*' => 'digiCertGlobalRootCAPolicy',
-		'2.16.840.1.114412.1.3.0.4*' => 'digiCertAssuredIDRootCAPolicy',
-		'2.23.42.0*' => 'contentType',
-		'2.23.42.0.0*' => 'panData',
-		'2.23.42.0.1*' => 'panToken',
-		'2.23.42.0.2*' => 'panOnly',
-		'2.23.42.1*' => 'msgExt',
-		'2.23.42.2*' => 'field',
-		'2.23.42.2.0*' => 'fullName',
-		'2.23.42.2.1*' => 'givenName',
-		'2.23.42.2.2*' => 'familyName',
-		'2.23.42.2.3*' => 'birthFamilyName',
-		'2.23.42.2.4*' => 'placeName',
-		'2.23.42.2.5*' => 'identificationNumber',
-		'2.23.42.2.6*' => 'month',
-		'2.23.42.2.7*' => 'date',
-		'2.23.42.2.8*' => 'address',
-		'2.23.42.2.9*' => 'telephone',
-		'2.23.42.2.10*' => 'amount',
-		'2.23.42.2.11*' => 'accountNumber',
-		'2.23.42.2.12*' => 'passPhrase',
-		'2.23.42.3*' => 'attribute',
-		'2.23.42.3.0*' => 'cert',
-		'2.23.42.3.0.0*' => 'rootKeyThumb',
-		'2.23.42.3.0.1*' => 'additionalPolicy',
-		'2.23.42.4*' => 'algorithm',
-		'2.23.42.5*' => 'policy',
-		'2.23.42.5.0*' => 'root',
-		'2.23.42.6*' => 'module',
-		'2.23.42.7*' => 'certExt',
-		'2.23.42.7.0*' => 'hashedRootKey',
-		'2.23.42.7.1*' => 'certificateType',
-		'2.23.42.7.2*' => 'merchantData',
-		'2.23.42.7.3*' => 'cardCertRequired',
-		'2.23.42.7.4*' => 'tunneling',
-		'2.23.42.7.5*' => 'setExtensions',
-		'2.23.42.7.6*' => 'setQualifier',
-		'2.23.42.8*' => 'brand',
-		'2.23.42.8.1*' => 'IATA-ATA',
-		'2.23.42.8.4*' => 'VISA',
-		'2.23.42.8.5*' => 'MasterCard',
-		'2.23.42.8.30*' => 'Diners',
-		'2.23.42.8.34*' => 'AmericanExpress',
-		'2.23.42.8.6011*' => 'Novus',
-		'2.23.42.9*' => 'vendor',
-		'2.23.42.9.0*' => 'GlobeSet',
-		'2.23.42.9.1*' => 'IBM',
-		'2.23.42.9.2*' => 'CyberCash',
-		'2.23.42.9.3*' => 'Terisa',
-		'2.23.42.9.4*' => 'RSADSI',
-		'2.23.42.9.5*' => 'VeriFone',
-		'2.23.42.9.6*' => 'TrinTech',
-		'2.23.42.9.7*' => 'BankGate',
-		'2.23.42.9.8*' => 'GTE',
-		'2.23.42.9.9*' => 'CompuSource',
-		'2.23.42.9.10*' => 'Griffin',
-		'2.23.42.9.11*' => 'Certicom',
-		'2.23.42.9.12*' => 'OSS',
-		'2.23.42.9.13*' => 'TenthMountain',
-		'2.23.42.9.14*' => 'Antares',
-		'2.23.42.9.15*' => 'ECC',
-		'2.23.42.9.16*' => 'Maithean',
-		'2.23.42.9.17*' => 'Netscape',
-		'2.23.42.9.18*' => 'Verisign',
-		'2.23.42.9.19*' => 'BlueMoney',
-		'2.23.42.9.20*' => 'Lacerte',
-		'2.23.42.9.21*' => 'Fujitsu',
-		'2.23.42.9.22*' => 'eLab',
-		'2.23.42.9.23*' => 'Entrust',
-		'2.23.42.9.24*' => 'VIAnet',
-		'2.23.42.9.25*' => 'III',
-		'2.23.42.9.26*' => 'OpenMarket',
-		'2.23.42.9.27*' => 'Lexem',
-		'2.23.42.9.28*' => 'Intertrader',
-		'2.23.42.9.29*' => 'Persimmon',
-		'2.23.42.9.30*' => 'NABLE',
-		'2.23.42.9.31*' => 'espace-net',
-		'2.23.42.9.32*' => 'Hitachi',
-		'2.23.42.9.33*' => 'Microsoft',
-		'2.23.42.9.34*' => 'NEC',
-		'2.23.42.9.35*' => 'Mitsubishi',
-		'2.23.42.9.36*' => 'NCR',
-		'2.23.42.9.37*' => 'e-COMM',
-		'2.23.42.9.38*' => 'Gemplus',
-		'2.23.42.10*' => 'national',
-		'2.23.42.10.392*' => 'Japan',
-		'2.23.136.1.1.1*' => 'mRTDSignatureData',
-		'2.54.1775.2*' => 'hashedRootKey',
-		'2.54.1775.3*' => 'certificateType',
-		'2.54.1775.4*' => 'merchantData',
-		'2.54.1775.5*' => 'cardCertRequired',
-		'2.54.1775.6*' => 'tunneling',
-		'2.54.1775.7*' => 'setQualifier',
-		'2.54.1775.99*' => 'setData',
-		'1.3.6.1.4.1.6449.1.2.1.5.1*' => 'UTN-USERFirst EV policy',
-		'1.3.6.1.4.1.34697.2.1*' => 'AffirmTrust EV policy',
-		'1.3.6.1.4.1.34697.2.2*' => 'AffirmTrust EV policy',
-		'1.3.6.1.4.1.34697.2.3*' => 'AffirmTrust EV policy',
-		'1.3.6.1.4.1.34697.2.4*' => 'AffirmTrust EV policy',
-		'1.3.6.1.4.1.22234.2.5.2.3.1*' => 'CertPlus EV policy',
-		'1.3.6.1.4.1.6334.1.100.1*' => 'GTE CyberTrust EV policy',
-		'2.16.840.1.114412.2.1*' => 'DigiCert EV policy',
-		'2.16.528.1.1001.1.1.1.12.6.1.1.1*' => 'DigiNotar EV policy',
-		'2.16.840.1.114028.10.1.2*' => 'Entrust EV policy',
-		'1.3.6.1.4.1.14370.1.6*' => 'GeoTrust EV policy',
-		'1.3.6.1.4.1.4146.1.1*' => 'GlobalSign EV policy',
-		'2.16.840.1.114413.1.7.23.3*' => 'ValiCert EV policy',
-		'1.3.6.1.4.1.782.1.2.1.8.1*' => 'Network Solutions EV policy',
-		'1.3.6.1.4.1.8024.0.2.100.1.2*' => 'QuoVadis EV policy',
-		'2.16.840.1.114404.1.1.2.4.1*' => 'Secure Global EV policy',
-		'1.2.392.200091.100.721.1*' => 'Security Communication EV policy',
-		'1.3.6.1.4.1.23223.1.1.1*' => 'StartCom EV policy',
-		'2.16.840.1.114414.1.7.23.3*' => 'Starfield EV policy',
-		'2.16.756.1.89.1.2.1.1*' => 'SwissSign EV policy',
-		'2.16.840.1.113733.1.7.48.1*' => 'Thawte EV policy',
-		'2.16.840.1.114171.500.9*' => 'Wells Fargo EV policy',
-	];
+    public $oids = [
+        '0.2.262.1.10*' => 'Telesec',
+        '0.2.262.1.10.0*' => 'extension',
+        '0.2.262.1.10.1*' => 'mechanism',
+        '0.2.262.1.10.1.0*' => 'authentication',
+        '0.2.262.1.10.1.0.1*' => 'passwordAuthentication',
+        '0.2.262.1.10.1.0.2*' => 'protectedPasswordAuthentication',
+        '0.2.262.1.10.1.0.3*' => 'oneWayX509Authentication',
+        '0.2.262.1.10.1.0.4*' => 'twoWayX509Authentication',
+        '0.2.262.1.10.1.0.5*' => 'threeWayX509Authentication',
+        '0.2.262.1.10.1.0.6*' => 'oneWayISO9798Authentication',
+        '0.2.262.1.10.1.0.7*' => 'twoWayISO9798Authentication',
+        '0.2.262.1.10.1.0.8*' => 'telekomAuthentication',
+        '0.2.262.1.10.1.1*' => 'signature',
+        '0.2.262.1.10.1.1.1*' => 'md4WithRSAAndISO9697',
+        '0.2.262.1.10.1.1.2*' => 'md4WithRSAAndTelesecSignatureStandard',
+        '0.2.262.1.10.1.1.3*' => 'md5WithRSAAndISO9697',
+        '0.2.262.1.10.1.1.4*' => 'md5WithRSAAndTelesecSignatureStandard',
+        '0.2.262.1.10.1.1.5*' => 'ripemd160WithRSAAndTelekomSignatureStandard',
+        '0.2.262.1.10.1.1.9*' => 'hbciRsaSignature',
+        '0.2.262.1.10.1.2*' => 'encryption',
+        '0.2.262.1.10.1.2.0*' => 'none',
+        '0.2.262.1.10.1.2.1*' => 'rsaTelesec',
+        '0.2.262.1.10.1.2.2*' => 'des',
+        '0.2.262.1.10.1.2.2.1*' => 'desECB',
+        '0.2.262.1.10.1.2.2.2*' => 'desCBC',
+        '0.2.262.1.10.1.2.2.3*' => 'desOFB',
+        '0.2.262.1.10.1.2.2.4*' => 'desCFB8',
+        '0.2.262.1.10.1.2.2.5*' => 'desCFB64',
+        '0.2.262.1.10.1.2.3*' => 'des3',
+        '0.2.262.1.10.1.2.3.1*' => 'des3ECB',
+        '0.2.262.1.10.1.2.3.2*' => 'des3CBC',
+        '0.2.262.1.10.1.2.3.3*' => 'des3OFB',
+        '0.2.262.1.10.1.2.3.4*' => 'des3CFB8',
+        '0.2.262.1.10.1.2.3.5*' => 'des3CFB64',
+        '0.2.262.1.10.1.2.4*' => 'magenta',
+        '0.2.262.1.10.1.2.5*' => 'idea',
+        '0.2.262.1.10.1.2.5.1*' => 'ideaECB',
+        '0.2.262.1.10.1.2.5.2*' => 'ideaCBC',
+        '0.2.262.1.10.1.2.5.3*' => 'ideaOFB',
+        '0.2.262.1.10.1.2.5.4*' => 'ideaCFB8',
+        '0.2.262.1.10.1.2.5.5*' => 'ideaCFB64',
+        '0.2.262.1.10.1.3*' => 'oneWayFunction',
+        '0.2.262.1.10.1.3.1*' => 'md4',
+        '0.2.262.1.10.1.3.2*' => 'md5',
+        '0.2.262.1.10.1.3.3*' => 'sqModNX509',
+        '0.2.262.1.10.1.3.4*' => 'sqModNISO',
+        '0.2.262.1.10.1.3.5*' => 'ripemd128',
+        '0.2.262.1.10.1.3.6*' => 'hashUsingBlockCipher',
+        '0.2.262.1.10.1.3.7*' => 'mac',
+        '0.2.262.1.10.1.3.8*' => 'ripemd160',
+        '0.2.262.1.10.1.4*' => 'fecFunction',
+        '0.2.262.1.10.1.4.1*' => 'reedSolomon',
+        '0.2.262.1.10.2*' => 'module',
+        '0.2.262.1.10.2.0*' => 'algorithms',
+        '0.2.262.1.10.2.1*' => 'attributeTypes',
+        '0.2.262.1.10.2.2*' => 'certificateTypes',
+        '0.2.262.1.10.2.3*' => 'messageTypes',
+        '0.2.262.1.10.2.4*' => 'plProtocol',
+        '0.2.262.1.10.2.5*' => 'smeAndComponentsOfSme',
+        '0.2.262.1.10.2.6*' => 'fec',
+        '0.2.262.1.10.2.7*' => 'usefulDefinitions',
+        '0.2.262.1.10.2.8*' => 'stefiles',
+        '0.2.262.1.10.2.9*' => 'sadmib',
+        '0.2.262.1.10.2.10*' => 'electronicOrder',
+        '0.2.262.1.10.2.11*' => 'telesecTtpAsymmetricApplication',
+        '0.2.262.1.10.2.12*' => 'telesecTtpBasisApplication',
+        '0.2.262.1.10.2.13*' => 'telesecTtpMessages',
+        '0.2.262.1.10.2.14*' => 'telesecTtpTimeStampApplication',
+        '0.2.262.1.10.3*' => 'objectClass',
+        '0.2.262.1.10.3.0*' => 'telesecOtherName',
+        '0.2.262.1.10.3.1*' => 'directory',
+        '0.2.262.1.10.3.2*' => 'directoryType',
+        '0.2.262.1.10.3.3*' => 'directoryGroup',
+        '0.2.262.1.10.3.4*' => 'directoryUser',
+        '0.2.262.1.10.3.5*' => 'symmetricKeyEntry',
+        '0.2.262.1.10.4*' => 'package',
+        '0.2.262.1.10.5*' => 'parameter',
+        '0.2.262.1.10.6*' => 'nameBinding',
+        '0.2.262.1.10.7*' => 'attribute',
+        '0.2.262.1.10.7.0*' => 'applicationGroupIdentifier',
+        '0.2.262.1.10.7.1*' => 'certificateType',
+        '0.2.262.1.10.7.2*' => 'telesecCertificate',
+        '0.2.262.1.10.7.3*' => 'certificateNumber',
+        '0.2.262.1.10.7.4*' => 'certificateRevocationList',
+        '0.2.262.1.10.7.5*' => 'creationDate',
+        '0.2.262.1.10.7.6*' => 'issuer',
+        '0.2.262.1.10.7.7*' => 'namingAuthority',
+        '0.2.262.1.10.7.8*' => 'publicKeyDirectory',
+        '0.2.262.1.10.7.9*' => 'securityDomain',
+        '0.2.262.1.10.7.10*' => 'subject',
+        '0.2.262.1.10.7.11*' => 'timeOfRevocation',
+        '0.2.262.1.10.7.12*' => 'userGroupReference',
+        '0.2.262.1.10.7.13*' => 'validity',
+        '0.2.262.1.10.7.14*' => 'zert93',
+        '0.2.262.1.10.7.15*' => 'securityMessEnv',
+        '0.2.262.1.10.7.16*' => 'anonymizedPublicKeyDirectory',
+        '0.2.262.1.10.7.17*' => 'telesecGivenName',
+        '0.2.262.1.10.7.18*' => 'nameAdditions',
+        '0.2.262.1.10.7.19*' => 'telesecPostalCode',
+        '0.2.262.1.10.7.20*' => 'nameDistinguisher',
+        '0.2.262.1.10.7.21*' => 'telesecCertificateList',
+        '0.2.262.1.10.7.22*' => 'teletrustCertificateList',
+        '0.2.262.1.10.7.23*' => 'x509CertificateList',
+        '0.2.262.1.10.7.24*' => 'timeOfIssue',
+        '0.2.262.1.10.7.25*' => 'physicalCardNumber',
+        '0.2.262.1.10.7.26*' => 'fileType',
+        '0.2.262.1.10.7.27*' => 'ctlFileIsArchive',
+        '0.2.262.1.10.7.28*' => 'emailAddress',
+        '0.2.262.1.10.7.29*' => 'certificateTemplateList',
+        '0.2.262.1.10.7.30*' => 'directoryName',
+        '0.2.262.1.10.7.31*' => 'directoryTypeName',
+        '0.2.262.1.10.7.32*' => 'directoryGroupName',
+        '0.2.262.1.10.7.33*' => 'directoryUserName',
+        '0.2.262.1.10.7.34*' => 'revocationFlag',
+        '0.2.262.1.10.7.35*' => 'symmetricKeyEntryName',
+        '0.2.262.1.10.7.36*' => 'glNumber',
+        '0.2.262.1.10.7.37*' => 'goNumber',
+        '0.2.262.1.10.7.38*' => 'gKeyData',
+        '0.2.262.1.10.7.39*' => 'zKeyData',
+        '0.2.262.1.10.7.40*' => 'ktKeyData',
+        '0.2.262.1.10.7.41*' => 'ktKeyNumber',
+        '0.2.262.1.10.7.51*' => 'timeOfRevocationGen',
+        '0.2.262.1.10.7.52*' => 'liabilityText',
+        '0.2.262.1.10.8*' => 'attributeGroup',
+        '0.2.262.1.10.9*' => 'action',
+        '0.2.262.1.10.10*' => 'notification',
+        '0.2.262.1.10.11*' => 'snmp-mibs',
+        '0.2.262.1.10.11.1*' => 'securityApplication',
+        '0.2.262.1.10.12*' => 'certAndCrlExtensionDefinitions',
+        '0.2.262.1.10.12.0*' => 'liabilityLimitationFlag',
+        '0.2.262.1.10.12.1*' => 'telesecCertIdExt',
+        '0.2.262.1.10.12.2*' => 'Telesec policyIdentifier',
+        '0.2.262.1.10.12.3*' => 'telesecPolicyQualifierID',
+        '0.2.262.1.10.12.4*' => 'telesecCRLFilteredExt',
+        '0.2.262.1.10.12.5*' => 'telesecCRLFilterExt',
+        '0.2.262.1.10.12.6*' => 'telesecNamingAuthorityExt',
+        '0.4.0.127.0.7*' => 'bsi',
+        '0.4.0.127.0.7.1*' => 'bsiEcc',
+        '0.4.0.127.0.7.1.1*' => 'bsifieldType',
+        '0.4.0.127.0.7.1.1.1*' => 'bsiPrimeField',
+        '0.4.0.127.0.7.1.1.2*' => 'bsiCharacteristicTwoField',
+        '0.4.0.127.0.7.1.1.2.3*' => 'bsiCharacteristicTwoBasis',
+        '0.4.0.127.0.7.1.1.2.3.1*' => 'bsiGnBasis',
+        '0.4.0.127.0.7.1.1.2.3.2*' => 'bsiTpBasis',
+        '0.4.0.127.0.7.1.1.2.3.3*' => 'bsiPpBasis',
+        '0.4.0.127.0.7.1.1.4.1*' => 'bsiEcdsaSignatures',
+        '0.4.0.127.0.7.1.1.4.1.1*' => 'bsiEcdsaWithSHA1',
+        '0.4.0.127.0.7.1.1.4.1.2*' => 'bsiEcdsaWithSHA224',
+        '0.4.0.127.0.7.1.1.4.1.3*' => 'bsiEcdsaWithSHA256',
+        '0.4.0.127.0.7.1.1.4.1.4*' => 'bsiEcdsaWithSHA384',
+        '0.4.0.127.0.7.1.1.4.1.5*' => 'bsiEcdsaWithSHA512',
+        '0.4.0.127.0.7.1.1.4.1.6*' => 'bsiEcdsaWithRIPEMD160',
+        '0.4.0.127.0.7.1.2*' => 'bsiEcKeyType',
+        '0.4.0.127.0.7.1.2.1*' => 'bsiEcPublicKey',
+        '0.4.0.127.0.7.1.5.1*' => 'bsiKaeg',
+        '0.4.0.127.0.7.1.5.1.1*' => 'bsiKaegWithX963KDF',
+        '0.4.0.127.0.7.1.5.1.2*' => 'bsiKaegWith3DESKDF',
+        '0.4.0.127.0.7.2.2.1*' => 'bsiPK',
+        '0.4.0.127.0.7.2.2.1.1*' => 'bsiPK_DH',
+        '0.4.0.127.0.7.2.2.1.2*' => 'bsiPK_ECDH',
+        '0.4.0.127.0.7.2.2.2*' => 'bsiTA',
+        '0.4.0.127.0.7.2.2.2.1*' => 'bsiTA_RSA',
+        '0.4.0.127.0.7.2.2.2.1.1*' => 'bsiTA_RSAv1_5_SHA1',
+        '0.4.0.127.0.7.2.2.2.1.2*' => 'bsiTA_RSAv1_5_SHA256',
+        '0.4.0.127.0.7.2.2.2.1.3*' => 'bsiTA_RSAPSS_SHA1',
+        '0.4.0.127.0.7.2.2.2.1.4*' => 'bsiTA_RSAPSS_SHA256',
+        '0.4.0.127.0.7.2.2.2.2*' => 'bsiTA_ECDSA',
+        '0.4.0.127.0.7.2.2.2.2.1*' => 'bsiTA_ECDSA_SHA1',
+        '0.4.0.127.0.7.2.2.2.2.2*' => 'bsiTA_ECDSA_SHA224',
+        '0.4.0.127.0.7.2.2.2.2.3*' => 'bsiTA_ECDSA_SHA256',
+        '0.4.0.127.0.7.2.2.3*' => 'bsiCA',
+        '0.4.0.127.0.7.2.2.3.1*' => 'bsiCA_DH',
+        '0.4.0.127.0.7.2.2.3.2*' => 'bsiCA_ECDH',
+        '0.4.0.127.0.7.3.1.2.1*' => 'bsiRoleEAC',
+        '0.4.0.1862*' => 'etsiQcsProfile',
+        '0.4.0.1862.1*' => 'etsiQcs',
+        '0.4.0.1862.1.1*' => 'etsiQcsCompliance',
+        '0.4.0.1862.1.2*' => 'etsiQcsLimitValue',
+        '0.4.0.1862.1.3*' => 'etsiQcsRetentionPeriod',
+        '0.4.0.1862.1.4*' => 'etsiQcsQcSSCD',
+        '0.9.2342.19200300.100.1.1*' => 'userID',
+        '0.9.2342.19200300.100.1.3*' => 'rfc822Mailbox',
+        '0.9.2342.19200300.100.1.25*' => 'domainComponent',
+        '1.0.10118.3.0.49*' => 'ripemd160',
+        '1.0.10118.3.0.50*' => 'ripemd128',
+        '1.0.10118.3.0.55*' => 'whirlpool',
+        '1.2.36.1.3.1.1.1*' => 'qgpki',
+        '1.2.36.1.3.1.1.1.1*' => 'qgpkiPolicies',
+        '1.2.36.1.3.1.1.1.1.1*' => 'qgpkiMedIntermedCA',
+        '1.2.36.1.3.1.1.1.1.1.1*' => 'qgpkiMedIntermedIndividual',
+        '1.2.36.1.3.1.1.1.1.1.2*' => 'qgpkiMedIntermedDeviceControl',
+        '1.2.36.1.3.1.1.1.1.1.3*' => 'qgpkiMedIntermedDevice',
+        '1.2.36.1.3.1.1.1.1.1.4*' => 'qgpkiMedIntermedAuthorisedParty',
+        '1.2.36.1.3.1.1.1.1.1.5*' => 'qgpkiMedIntermedDeviceSystem',
+        '1.2.36.1.3.1.1.1.1.2*' => 'qgpkiMedIssuingCA',
+        '1.2.36.1.3.1.1.1.1.2.1*' => 'qgpkiMedIssuingIndividual',
+        '1.2.36.1.3.1.1.1.1.2.2*' => 'qgpkiMedIssuingDeviceControl',
+        '1.2.36.1.3.1.1.1.1.2.3*' => 'qgpkiMedIssuingDevice',
+        '1.2.36.1.3.1.1.1.1.2.4*' => 'qgpkiMedIssuingAuthorisedParty',
+        '1.2.36.1.3.1.1.1.1.2.5*' => 'qgpkiMedIssuingClientAuth',
+        '1.2.36.1.3.1.1.1.1.2.6*' => 'qgpkiMedIssuingServerAuth',
+        '1.2.36.1.3.1.1.1.1.2.7*' => 'qgpkiMedIssuingDataProt',
+        '1.2.36.1.3.1.1.1.1.2.8*' => 'qgpkiMedIssuingTokenAuth',
+        '1.2.36.1.3.1.1.1.1.3*' => 'qgpkiBasicIntermedCA',
+        '1.2.36.1.3.1.1.1.1.3.1*' => 'qgpkiBasicIntermedDeviceSystem',
+        '1.2.36.1.3.1.1.1.1.4*' => 'qgpkiBasicIssuingCA',
+        '1.2.36.1.3.1.1.1.1.4.1*' => 'qgpkiBasicIssuingClientAuth',
+        '1.2.36.1.3.1.1.1.1.4.2*' => 'qgpkiBasicIssuingServerAuth',
+        '1.2.36.1.3.1.1.1.1.4.3*' => 'qgpkiBasicIssuingDataSigning',
+        '1.2.36.1.3.1.1.1.2*' => 'qgpkiAssuranceLevel',
+        '1.2.36.1.3.1.1.1.2.1*' => 'qgpkiAssuranceRudimentary',
+        '1.2.36.1.3.1.1.1.2.2*' => 'qgpkiAssuranceBasic',
+        '1.2.36.1.3.1.1.1.2.3*' => 'qgpkiAssuranceMedium',
+        '1.2.36.1.3.1.1.1.2.4*' => 'qgpkiAssuranceHigh',
+        '1.2.36.1.3.1.1.1.3*' => 'qgpkiCertFunction',
+        '1.2.36.1.3.1.1.1.3.1*' => 'qgpkiFunctionIndividual',
+        '1.2.36.1.3.1.1.1.3.2*' => 'qgpkiFunctionDevice',
+        '1.2.36.1.3.1.1.1.3.3*' => 'qgpkiFunctionAuthorisedParty',
+        '1.2.36.1.3.1.1.1.3.4*' => 'qgpkiFunctionDeviceControl',
+        '1.2.36.1.3.1.2*' => 'qpspki',
+        '1.2.36.1.3.1.2.1*' => 'qpspkiPolicies',
+        '1.2.36.1.3.1.2.1.2*' => 'qpspkiPolicyBasic',
+        '1.2.36.1.3.1.2.1.3*' => 'qpspkiPolicyMedium',
+        '1.2.36.1.3.1.2.1.4*' => 'qpspkiPolicyHigh',
+        '1.2.36.1.3.1.3.2*' => 'qtmrpki',
+        '1.2.36.1.3.1.3.2.1*' => 'qtmrpkiPolicies',
+        '1.2.36.1.3.1.3.2.2*' => 'qtmrpkiPurpose',
+        '1.2.36.1.3.1.3.2.2.1*' => 'qtmrpkiIndividual',
+        '1.2.36.1.3.1.3.2.2.2*' => 'qtmrpkiDeviceControl',
+        '1.2.36.1.3.1.3.2.2.3*' => 'qtmrpkiDevice',
+        '1.2.36.1.3.1.3.2.2.4*' => 'qtmrpkiAuthorisedParty',
+        '1.2.36.1.3.1.3.2.2.5*' => 'qtmrpkiDeviceSystem',
+        '1.2.36.1.3.1.3.2.3*' => 'qtmrpkiDevice',
+        '1.2.36.1.3.1.3.2.3.1*' => 'qtmrpkiDriverLicense',
+        '1.2.36.1.3.1.3.2.3.2*' => 'qtmrpkiIndustryAuthority',
+        '1.2.36.1.3.1.3.2.3.3*' => 'qtmrpkiMarineLicense',
+        '1.2.36.1.3.1.3.2.3.4*' => 'qtmrpkiAdultProofOfAge',
+        '1.2.36.1.3.1.3.2.3.5*' => 'qtmrpkiSam',
+        '1.2.36.1.3.1.3.2.4*' => 'qtmrpkiAuthorisedParty',
+        '1.2.36.1.3.1.3.2.4.1*' => 'qtmrpkiTransportInspector',
+        '1.2.36.1.3.1.3.2.4.2*' => 'qtmrpkiPoliceOfficer',
+        '1.2.36.1.3.1.3.2.4.3*' => 'qtmrpkiSystem',
+        '1.2.36.1.3.1.3.2.4.4*' => 'qtmrpkiLiquorLicensingInspector',
+        '1.2.36.1.3.1.3.2.4.5*' => 'qtmrpkiMarineEnforcementOfficer',
+        '1.2.36.1.333.1*' => 'australianBusinessNumber',
+        '1.2.36.68980861.1.1.2*' => 'signetPersonal',
+        '1.2.36.68980861.1.1.3*' => 'signetBusiness',
+        '1.2.36.68980861.1.1.4*' => 'signetLegal',
+        '1.2.36.68980861.1.1.10*' => 'signetPilot',
+        '1.2.36.68980861.1.1.11*' => 'signetIntraNet',
+        '1.2.36.68980861.1.1.20*' => 'signetPolicy',
+        '1.2.36.75878867.1.100.1.1*' => 'certificatesAustraliaPolicy',
+        '1.2.392.200011.61.1.1.1*' => 'mitsubishiSecurityAlgorithm',
+        '1.2.392.200011.61.1.1.1.1*' => 'misty1-cbc',
+        '1.2.410.200004.1.4*' => 'seedCBC',
+        '1.2.410.200004.1.7*' => 'seedMAC',
+        '1.2.410.200004.1.15*' => 'pbeWithSHA1AndSEED-CBC',
+        '1.2.410.200046.1.1*' => 'aria1AlgorithmModes',
+        '1.2.410.200046.1.1.1*' => 'aria128-ecb',
+        '1.2.410.200046.1.1.2*' => 'aria128-cbc',
+        '1.2.410.200046.1.1.3*' => 'aria128-cfb',
+        '1.2.410.200046.1.1.4*' => 'aria128-ofb',
+        '1.2.410.200046.1.1.5*' => 'aria128-ctr',
+        '1.2.410.200046.1.1.6*' => 'aria192-ecb',
+        '1.2.410.200046.1.1.7*' => 'aria192-cbc',
+        '1.2.410.200046.1.1.8*' => 'aria192-cfb',
+        '1.2.410.200046.1.1.9*' => 'aria192-ofb',
+        '1.2.410.200046.1.1.10*' => 'aria192-ctr',
+        '1.2.410.200046.1.1.11*' => 'aria256-ecb',
+        '1.2.410.200046.1.1.12*' => 'aria256-cbc',
+        '1.2.410.200046.1.1.13*' => 'aria256-ctr',
+        '1.2.410.200046.1.1.21*' => 'aria128-cmac',
+        '1.2.410.200046.1.1.22*' => 'aria192-cmac',
+        '1.2.410.200046.1.1.23*' => 'aria256-cmac',
+        '1.2.410.200046.1.1.31*' => 'aria128-ocb2',
+        '1.2.410.200046.1.1.32*' => 'aria192-ocb2',
+        '1.2.410.200046.1.1.33*' => 'aria256-ocb2',
+        '1.2.410.200046.1.1.34*' => 'aria128-gcm',
+        '1.2.410.200046.1.1.35*' => 'aria192-gcm',
+        '1.2.410.200046.1.1.36*' => 'aria256-gcm',
+        '1.2.410.200046.1.1.37*' => 'aria128-ccm',
+        '1.2.410.200046.1.1.38*' => 'aria192-ccm',
+        '1.2.410.200046.1.1.39*' => 'aria256-ccm',
+        '1.2.410.200046.1.1.40*' => 'aria128-keywrap',
+        '1.2.410.200046.1.1.41*' => 'aria192-keywrap',
+        '1.2.410.200046.1.1.42*' => 'aria256-keywrap',
+        '1.2.410.200046.1.1.43*' => 'aria128-keywrapWithPad',
+        '1.2.410.200046.1.1.44*' => 'aria192-keywrapWithPad',
+        '1.2.410.200046.1.1.45*' => 'aria256-keywrapWithPad',
+        '1.2.643.2.2.3*' => 'gostSignature',
+        '1.2.643.2.2.4*' => 'gost94Signature',
+        '1.2.643.2.2.20*' => 'gost94PublicKey',
+        '1.2.643.2.2.19*' => 'gostPublicKey',
+        '1.2.643.2.2.21*' => 'gostCipher',
+        '1.2.643.2.2.31.0*' => 'testCipherParams',
+        '1.2.643.2.2.31.1*' => 'cryptoProCipherA',
+        '1.2.643.2.2.31.2*' => 'cryptoProCipherB',
+        '1.2.643.2.2.31.3*' => 'cryptoProCipherC',
+        '1.2.643.2.2.31.4*' => 'cryptoProCipherD',
+        '1.2.643.2.2.31.5*' => 'oscar11Cipher',
+        '1.2.643.2.2.31.6*' => 'oscar10Cipher',
+        '1.2.643.2.2.31.7*' => 'ric1Cipher',
+        '1.2.643.2.2.9*' => 'gostDigest',
+        '1.2.643.2.2.30.0*' => 'testDigestParams',
+        '1.2.643.2.2.30.1*' => 'cryptoProDigestA',
+        '1.2.643.2.2.35.0*' => 'testSignParams',
+        '1.2.643.2.2.35.1*' => 'cryptoProSignA',
+        '1.2.643.2.2.35.2*' => 'cryptoProSignB',
+        '1.2.643.2.2.35.3*' => 'cryptoProSignC',
+        '1.2.643.2.2.36.0*' => 'cryptoProSignXA',
+        '1.2.643.2.2.36.1*' => 'cryptoProSignXB',
+        '1.2.643.2.2.14.0*' => 'nullMeshing',
+        '1.2.643.2.2.14.1*' => 'cryptoProMeshing',
+        '1.2.643.2.2.10*' => 'hmacGost',
+        '1.2.643.2.2.13.0*' => 'gostWrap',
+        '1.2.643.2.2.13.1*' => 'cryptoProWrap',
+        '1.2.643.2.2.96*' => 'cryptoProECDHWrap',
+        '1.2.752.34.1*' => 'seis-cp',
+        '1.2.752.34.1.1*' => 'SEIS high-assurance policyIdentifier',
+        '1.2.752.34.1.2*' => 'SEIS GAK policyIdentifier',
+        '1.2.752.34.2*' => 'SEIS pe',
+        '1.2.752.34.3*' => 'SEIS at',
+        '1.2.752.34.3.1*' => 'SEIS at-personalIdentifier',
+        '1.2.840.10040.1*' => 'module',
+        '1.2.840.10040.1.1*' => 'x9f1-cert-mgmt',
+        '1.2.840.10040.2*' => 'holdinstruction',
+        '1.2.840.10040.2.1*' => 'holdinstruction-none',
+        '1.2.840.10040.2.2*' => 'callissuer',
+        '1.2.840.10040.2.3*' => 'reject',
+        '1.2.840.10040.2.4*' => 'pickupToken',
+        '1.2.840.10040.3*' => 'attribute',
+        '1.2.840.10040.3.1*' => 'countersignature',
+        '1.2.840.10040.3.2*' => 'attribute-cert',
+        '1.2.840.10040.4*' => 'algorithm',
+        '1.2.840.10040.4.1*' => 'dsa',
+        '1.2.840.10040.4.2*' => 'dsa-match',
+        '1.2.840.10040.4.3*' => 'dsaWithSha1',
+        '1.2.840.10045.1*' => 'fieldType',
+        '1.2.840.10045.1.1*' => 'prime-field',
+        '1.2.840.10045.1.2*' => 'characteristic-two-field',
+        '1.2.840.10045.1.2.3*' => 'characteristic-two-basis',
+        '1.2.840.10045.1.2.3.1*' => 'onBasis',
+        '1.2.840.10045.1.2.3.2*' => 'tpBasis',
+        '1.2.840.10045.1.2.3.3*' => 'ppBasis',
+        '1.2.840.10045.2*' => 'publicKeyType',
+        '1.2.840.10045.2.1*' => 'ecPublicKey',
+        '1.2.840.10045.3.0.1*' => 'c2pnb163v1',
+        '1.2.840.10045.3.0.2*' => 'c2pnb163v2',
+        '1.2.840.10045.3.0.3*' => 'c2pnb163v3',
+        '1.2.840.10045.3.0.5*' => 'c2tnb191v1',
+        '1.2.840.10045.3.0.6*' => 'c2tnb191v2',
+        '1.2.840.10045.3.0.7*' => 'c2tnb191v3',
+        '1.2.840.10045.3.0.10*' => 'c2pnb208w1',
+        '1.2.840.10045.3.0.11*' => 'c2tnb239v1',
+        '1.2.840.10045.3.0.12*' => 'c2tnb239v2',
+        '1.2.840.10045.3.0.13*' => 'c2tnb239v3',
+        '1.2.840.10045.3.0.16*' => 'c2pnb272w1',
+        '1.2.840.10045.3.0.18*' => 'c2tnb359v1',
+        '1.2.840.10045.3.0.19*' => 'c2pnb368w1',
+        '1.2.840.10045.3.0.20*' => 'c2tnb431r1',
+        '1.2.840.10045.3.1.1*' => 'ansiX9p192r1',
+        '1.2.840.10045.3.1.1.1*' => 'prime192v1',
+        '1.2.840.10045.3.1.1.2*' => 'prime192v2',
+        '1.2.840.10045.3.1.1.3*' => 'prime192v3',
+        '1.2.840.10045.3.1.1.4*' => 'prime239v1',
+        '1.2.840.10045.3.1.1.5*' => 'prime239v2',
+        '1.2.840.10045.3.1.1.6*' => 'prime239v3',
+        '1.2.840.10045.3.1.1.7*' => 'prime256v1',
+        '1.2.840.10045.3.1.7*' => 'ansiX9p256r1',
+        '1.2.840.10045.4.1*' => 'ecdsaWithSHA1',
+        '1.2.840.10045.4.2*' => 'ecdsaWithRecommended',
+        '1.2.840.10045.4.3*' => 'ecdsaWithSpecified',
+        '1.2.840.10045.4.3.1*' => 'ecdsaWithSHA224',
+        '1.2.840.10045.4.3.2*' => 'ecdsaWithSHA256',
+        '1.2.840.10045.4.3.3*' => 'ecdsaWithSHA384',
+        '1.2.840.10045.4.3.4*' => 'ecdsaWithSHA512',
+        '1.2.840.10046.1*' => 'fieldType',
+        '1.2.840.10046.1.1*' => 'gf-prime',
+        '1.2.840.10046.2*' => 'numberType',
+        '1.2.840.10046.2.1*' => 'dhPublicKey',
+        '1.2.840.10046.3*' => 'scheme',
+        '1.2.840.10046.3.1*' => 'dhStatic',
+        '1.2.840.10046.3.2*' => 'dhEphem',
+        '1.2.840.10046.3.3*' => 'dhHybrid1',
+        '1.2.840.10046.3.4*' => 'dhHybrid2',
+        '1.2.840.10046.3.5*' => 'mqv2',
+        '1.2.840.10046.3.6*' => 'mqv1',
+        '1.2.840.10065.2.2*' => '?',
+        '1.2.840.10065.2.3*' => 'healthcareLicense',
+        '1.2.840.10065.2.3.1.1*' => 'license?',
+        '1.2.840.113533.7*' => 'nsn',
+        '1.2.840.113533.7.65*' => 'nsn-ce',
+        '1.2.840.113533.7.65.0*' => 'entrustVersInfo',
+        '1.2.840.113533.7.66*' => 'nsn-alg',
+        '1.2.840.113533.7.66.3*' => 'cast3CBC',
+        '1.2.840.113533.7.66.10*' => 'cast5CBC',
+        '1.2.840.113533.7.66.11*' => 'cast5MAC',
+        '1.2.840.113533.7.66.12*' => 'pbeWithMD5AndCAST5-CBC',
+        '1.2.840.113533.7.66.13*' => 'passwordBasedMac',
+        '1.2.840.113533.7.67*' => 'nsn-oc',
+        '1.2.840.113533.7.67.0*' => 'entrustUser',
+        '1.2.840.113533.7.68*' => 'nsn-at',
+        '1.2.840.113533.7.68.0*' => 'entrustCAInfo',
+        '1.2.840.113533.7.68.10*' => 'attributeCertificate',
+        '1.2.840.113549.1.1*' => 'pkcs-1',
+        '1.2.840.113549.1.1.1*' => 'rsaEncryption',
+        '1.2.840.113549.1.1.2*' => 'md2WithRSAEncryption',
+        '1.2.840.113549.1.1.3*' => 'md4WithRSAEncryption',
+        '1.2.840.113549.1.1.4*' => 'md5WithRSAEncryption',
+        '1.2.840.113549.1.1.5*' => 'sha1WithRSAEncryption',
+        '1.2.840.113549.1.1.7*' => 'rsaOAEP',
+        '1.2.840.113549.1.1.8*' => 'pkcs1-MGF',
+        '1.2.840.113549.1.1.9*' => 'rsaOAEP-pSpecified',
+        '1.2.840.113549.1.1.10*' => 'rsaPSS',
+        '1.2.840.113549.1.1.11*' => 'sha256WithRSAEncryption',
+        '1.2.840.113549.1.1.12*' => 'sha384WithRSAEncryption',
+        '1.2.840.113549.1.1.13*' => 'sha512WithRSAEncryption',
+        '1.2.840.113549.1.1.14*' => 'sha224WithRSAEncryption',
+        '1.2.840.113549.1.1.6*' => 'rsaOAEPEncryptionSET',
+        '1.2.840.113549.1.2*' => 'bsafeRsaEncr',
+        '1.2.840.113549.1.3*' => 'pkcs-3',
+        '1.2.840.113549.1.3.1*' => 'dhKeyAgreement',
+        '1.2.840.113549.1.5*' => 'pkcs-5',
+        '1.2.840.113549.1.5.1*' => 'pbeWithMD2AndDES-CBC',
+        '1.2.840.113549.1.5.3*' => 'pbeWithMD5AndDES-CBC',
+        '1.2.840.113549.1.5.4*' => 'pbeWithMD2AndRC2-CBC',
+        '1.2.840.113549.1.5.6*' => 'pbeWithMD5AndRC2-CBC',
+        '1.2.840.113549.1.5.9*' => 'pbeWithMD5AndXOR',
+        '1.2.840.113549.1.5.10*' => 'pbeWithSHAAndDES-CBC',
+        '1.2.840.113549.1.5.12*' => 'pkcs5PBKDF2',
+        '1.2.840.113549.1.5.13*' => 'pkcs5PBES2',
+        '1.2.840.113549.1.5.14*' => 'pkcs5PBMAC1',
+        '1.2.840.113549.1.7*' => 'pkcs-7',
+        '1.2.840.113549.1.7.1*' => 'data',
+        '1.2.840.113549.1.7.2*' => 'signedData',
+        '1.2.840.113549.1.7.3*' => 'envelopedData',
+        '1.2.840.113549.1.7.4*' => 'signedAndEnvelopedData',
+        '1.2.840.113549.1.7.5*' => 'digestedData',
+        '1.2.840.113549.1.7.6*' => 'encryptedData',
+        '1.2.840.113549.1.7.7*' => 'dataWithAttributes',
+        '1.2.840.113549.1.7.8*' => 'encryptedPrivateKeyInfo',
+        '1.2.840.113549.1.9*' => 'pkcs-9',
+        '1.2.840.113549.1.9.1*' => 'emailAddress',
+        '1.2.840.113549.1.9.2*' => 'unstructuredName',
+        '1.2.840.113549.1.9.3*' => 'contentType',
+        '1.2.840.113549.1.9.4*' => 'messageDigest',
+        '1.2.840.113549.1.9.5*' => 'signingTime',
+        '1.2.840.113549.1.9.6*' => 'countersignature',
+        '1.2.840.113549.1.9.7*' => 'challengePassword',
+        '1.2.840.113549.1.9.8*' => 'unstructuredAddress',
+        '1.2.840.113549.1.9.9*' => 'extendedCertificateAttributes',
+        '1.2.840.113549.1.9.10*' => 'issuerAndSerialNumber',
+        '1.2.840.113549.1.9.11*' => 'passwordCheck',
+        '1.2.840.113549.1.9.12*' => 'publicKey',
+        '1.2.840.113549.1.9.13*' => 'signingDescription',
+        '1.2.840.113549.1.9.14*' => 'extensionRequest',
+        '1.2.840.113549.1.9.15*' => 'sMIMECapabilities',
+        '1.2.840.113549.1.9.15.1*' => 'preferSignedData',
+        '1.2.840.113549.1.9.15.2*' => 'canNotDecryptAny',
+        '1.2.840.113549.1.9.15.3*' => 'receiptRequest',
+        '1.2.840.113549.1.9.15.4*' => 'receipt',
+        '1.2.840.113549.1.9.15.5*' => 'contentHints',
+        '1.2.840.113549.1.9.15.6*' => 'mlExpansionHistory',
+        '1.2.840.113549.1.9.16*' => 'id-sMIME',
+        '1.2.840.113549.1.9.16.0*' => 'id-mod',
+        '1.2.840.113549.1.9.16.0.1*' => 'id-mod-cms',
+        '1.2.840.113549.1.9.16.0.2*' => 'id-mod-ess',
+        '1.2.840.113549.1.9.16.0.3*' => 'id-mod-oid',
+        '1.2.840.113549.1.9.16.0.4*' => 'id-mod-msg-v3',
+        '1.2.840.113549.1.9.16.0.5*' => 'id-mod-ets-eSignature-88',
+        '1.2.840.113549.1.9.16.0.6*' => 'id-mod-ets-eSignature-97',
+        '1.2.840.113549.1.9.16.0.7*' => 'id-mod-ets-eSigPolicy-88',
+        '1.2.840.113549.1.9.16.0.8*' => 'id-mod-ets-eSigPolicy-88',
+        '1.2.840.113549.1.9.16.1*' => 'contentType',
+        '1.2.840.113549.1.9.16.1.1*' => 'receipt',
+        '1.2.840.113549.1.9.16.1.2*' => 'authData',
+        '1.2.840.113549.1.9.16.1.3*' => 'publishCert',
+        '1.2.840.113549.1.9.16.1.4*' => 'tSTInfo',
+        '1.2.840.113549.1.9.16.1.5*' => 'tDTInfo',
+        '1.2.840.113549.1.9.16.1.6*' => 'contentInfo',
+        '1.2.840.113549.1.9.16.1.7*' => 'dVCSRequestData',
+        '1.2.840.113549.1.9.16.1.8*' => 'dVCSResponseData',
+        '1.2.840.113549.1.9.16.1.9*' => 'compressedData',
+        '1.2.840.113549.1.9.16.1.10*' => 'scvpCertValRequest',
+        '1.2.840.113549.1.9.16.1.11*' => 'scvpCertValResponse',
+        '1.2.840.113549.1.9.16.1.12*' => 'scvpValPolRequest',
+        '1.2.840.113549.1.9.16.1.13*' => 'scvpValPolResponse',
+        '1.2.840.113549.1.9.16.1.14*' => 'attrCertEncAttrs',
+        '1.2.840.113549.1.9.16.1.15*' => 'tSReq',
+        '1.2.840.113549.1.9.16.1.16*' => 'firmwarePackage',
+        '1.2.840.113549.1.9.16.1.17*' => 'firmwareLoadReceipt',
+        '1.2.840.113549.1.9.16.1.18*' => 'firmwareLoadError',
+        '1.2.840.113549.1.9.16.1.19*' => 'contentCollection',
+        '1.2.840.113549.1.9.16.1.20*' => 'contentWithAttrs',
+        '1.2.840.113549.1.9.16.1.21*' => 'encKeyWithID',
+        '1.2.840.113549.1.9.16.1.22*' => 'encPEPSI',
+        '1.2.840.113549.1.9.16.1.23*' => 'authEnvelopedData',
+        '1.2.840.113549.1.9.16.1.24*' => 'routeOriginAttest',
+        '1.2.840.113549.1.9.16.1.25*' => 'symmetricKeyPackage',
+        '1.2.840.113549.1.9.16.1.26*' => 'rpkiManifest',
+        '1.2.840.113549.1.9.16.1.27*' => 'asciiTextWithCRLF',
+        '1.2.840.113549.1.9.16.1.28*' => 'xml',
+        '1.2.840.113549.1.9.16.1.29*' => 'pdf',
+        '1.2.840.113549.1.9.16.1.30*' => 'postscript',
+        '1.2.840.113549.1.9.16.1.31*' => 'timestampedData',
+        '1.2.840.113549.1.9.16.1.32*' => 'asAdjacencyAttest',
+        '1.2.840.113549.1.9.16.1.33*' => 'rpkiTrustAnchor',
+        '1.2.840.113549.1.9.16.1.34*' => 'trustAnchorList',
+        '1.2.840.113549.1.9.16.2*' => 'authenticatedAttributes',
+        '1.2.840.113549.1.9.16.2.1*' => 'receiptRequest',
+        '1.2.840.113549.1.9.16.2.2*' => 'securityLabel',
+        '1.2.840.113549.1.9.16.2.3*' => 'mlExpandHistory',
+        '1.2.840.113549.1.9.16.2.4*' => 'contentHint',
+        '1.2.840.113549.1.9.16.2.5*' => 'msgSigDigest',
+        '1.2.840.113549.1.9.16.2.6*' => 'encapContentType',
+        '1.2.840.113549.1.9.16.2.7*' => 'contentIdentifier',
+        '1.2.840.113549.1.9.16.2.8*' => 'macValue',
+        '1.2.840.113549.1.9.16.2.9*' => 'equivalentLabels',
+        '1.2.840.113549.1.9.16.2.10*' => 'contentReference',
+        '1.2.840.113549.1.9.16.2.11*' => 'encrypKeyPref',
+        '1.2.840.113549.1.9.16.2.12*' => 'signingCertificate',
+        '1.2.840.113549.1.9.16.2.13*' => 'smimeEncryptCerts',
+        '1.2.840.113549.1.9.16.2.14*' => 'timeStampToken',
+        '1.2.840.113549.1.9.16.2.15*' => 'sigPolicyId',
+        '1.2.840.113549.1.9.16.2.16*' => 'commitmentType',
+        '1.2.840.113549.1.9.16.2.17*' => 'signerLocation',
+        '1.2.840.113549.1.9.16.2.18*' => 'signerAttr',
+        '1.2.840.113549.1.9.16.2.19*' => 'otherSigCert',
+        '1.2.840.113549.1.9.16.2.20*' => 'contentTimestamp',
+        '1.2.840.113549.1.9.16.2.21*' => 'certificateRefs',
+        '1.2.840.113549.1.9.16.2.22*' => 'revocationRefs',
+        '1.2.840.113549.1.9.16.2.23*' => 'certValues',
+        '1.2.840.113549.1.9.16.2.24*' => 'revocationValues',
+        '1.2.840.113549.1.9.16.2.25*' => 'escTimeStamp',
+        '1.2.840.113549.1.9.16.2.26*' => 'certCRLTimestamp',
+        '1.2.840.113549.1.9.16.2.27*' => 'archiveTimeStamp',
+        '1.2.840.113549.1.9.16.2.28*' => 'signatureType',
+        '1.2.840.113549.1.9.16.2.29*' => 'dvcsDvc',
+        '1.2.840.113549.1.9.16.2.30*' => 'cekReference',
+        '1.2.840.113549.1.9.16.2.31*' => 'maxCEKDecrypts',
+        '1.2.840.113549.1.9.16.2.32*' => 'kekDerivationAlg',
+        '1.2.840.113549.1.9.16.2.33*' => 'intendedRecipients',
+        '1.2.840.113549.1.9.16.2.34*' => 'cmcUnsignedData',
+        '1.2.840.113549.1.9.16.2.35*' => 'fwPackageID',
+        '1.2.840.113549.1.9.16.2.36*' => 'fwTargetHardwareIDs',
+        '1.2.840.113549.1.9.16.2.37*' => 'fwDecryptKeyID',
+        '1.2.840.113549.1.9.16.2.38*' => 'fwImplCryptAlgs',
+        '1.2.840.113549.1.9.16.2.39*' => 'fwWrappedFirmwareKey',
+        '1.2.840.113549.1.9.16.2.40*' => 'fwCommunityIdentifiers',
+        '1.2.840.113549.1.9.16.2.41*' => 'fwPkgMessageDigest',
+        '1.2.840.113549.1.9.16.2.42*' => 'fwPackageInfo',
+        '1.2.840.113549.1.9.16.2.43*' => 'fwImplCompressAlgs',
+        '1.2.840.113549.1.9.16.2.44*' => 'etsAttrCertificateRefs',
+        '1.2.840.113549.1.9.16.2.45*' => 'etsAttrRevocationRefs',
+        '1.2.840.113549.1.9.16.2.46*' => 'binarySigningTime',
+        '1.2.840.113549.1.9.16.2.47*' => 'signingCertificateV2',
+        '1.2.840.113549.1.9.16.2.48*' => 'etsArchiveTimeStampV2',
+        '1.2.840.113549.1.9.16.2.49*' => 'erInternal',
+        '1.2.840.113549.1.9.16.2.50*' => 'erExternal',
+        '1.2.840.113549.1.9.16.2.51*' => 'multipleSignatures',
+        '1.2.840.113549.1.9.16.3.1*' => 'esDHwith3DES',
+        '1.2.840.113549.1.9.16.3.2*' => 'esDHwithRC2',
+        '1.2.840.113549.1.9.16.3.3*' => '3desWrap',
+        '1.2.840.113549.1.9.16.3.4*' => 'rc2Wrap',
+        '1.2.840.113549.1.9.16.3.5*' => 'esDH',
+        '1.2.840.113549.1.9.16.3.6*' => 'cms3DESwrap',
+        '1.2.840.113549.1.9.16.3.7*' => 'cmsRC2wrap',
+        '1.2.840.113549.1.9.16.3.8*' => 'zlib',
+        '1.2.840.113549.1.9.16.3.9*' => 'pwriKEK',
+        '1.2.840.113549.1.9.16.3.10*' => 'ssDH',
+        '1.2.840.113549.1.9.16.3.11*' => 'hmacWith3DESwrap',
+        '1.2.840.113549.1.9.16.3.12*' => 'hmacWithAESwrap',
+        '1.2.840.113549.1.9.16.3.13*' => 'md5XorExperiment',
+        '1.2.840.113549.1.9.16.3.14*' => 'rsaKEM',
+        '1.2.840.113549.1.9.16.3.15*' => 'authEnc128',
+        '1.2.840.113549.1.9.16.3.16*' => 'authEnc256',
+        '1.2.840.113549.1.9.16.4.1*' => 'certDist-ldap',
+        '1.2.840.113549.1.9.16.5.1*' => 'sigPolicyQualifier-spuri x',
+        '1.2.840.113549.1.9.16.5.2*' => 'sigPolicyQualifier-spUserNotice',
+        '1.2.840.113549.1.9.16.6.1*' => 'proofOfOrigin',
+        '1.2.840.113549.1.9.16.6.2*' => 'proofOfReceipt',
+        '1.2.840.113549.1.9.16.6.3*' => 'proofOfDelivery',
+        '1.2.840.113549.1.9.16.6.4*' => 'proofOfSender',
+        '1.2.840.113549.1.9.16.6.5*' => 'proofOfApproval',
+        '1.2.840.113549.1.9.16.6.6*' => 'proofOfCreation',
+        '1.2.840.113549.1.9.16.8.1*' => 'glUseKEK',
+        '1.2.840.113549.1.9.16.8.2*' => 'glDelete',
+        '1.2.840.113549.1.9.16.8.3*' => 'glAddMember',
+        '1.2.840.113549.1.9.16.8.4*' => 'glDeleteMember',
+        '1.2.840.113549.1.9.16.8.5*' => 'glRekey',
+        '1.2.840.113549.1.9.16.8.6*' => 'glAddOwner',
+        '1.2.840.113549.1.9.16.8.7*' => 'glRemoveOwner',
+        '1.2.840.113549.1.9.16.8.8*' => 'glkCompromise',
+        '1.2.840.113549.1.9.16.8.9*' => 'glkRefresh',
+        '1.2.840.113549.1.9.16.8.10*' => 'glFailInfo',
+        '1.2.840.113549.1.9.16.8.11*' => 'glaQueryRequest',
+        '1.2.840.113549.1.9.16.8.12*' => 'glaQueryResponse',
+        '1.2.840.113549.1.9.16.8.13*' => 'glProvideCert',
+        '1.2.840.113549.1.9.16.8.14*' => 'glUpdateCert',
+        '1.2.840.113549.1.9.16.8.15*' => 'glKey',
+        '1.2.840.113549.1.9.16.9*' => 'signatureTypeIdentifier',
+        '1.2.840.113549.1.9.16.9.1*' => 'originatorSig',
+        '1.2.840.113549.1.9.16.9.2*' => 'domainSig',
+        '1.2.840.113549.1.9.16.9.3*' => 'additionalAttributesSig',
+        '1.2.840.113549.1.9.16.9.4*' => 'reviewSig',
+        '1.2.840.113549.1.9.16.11*' => 'capabilities',
+        '1.2.840.113549.1.9.16.11.1*' => 'preferBinaryInside',
+        '1.2.840.113549.1.9.20*' => 'friendlyName (for PKCS #12)',
+        '1.2.840.113549.1.9.21*' => 'localKeyID (for PKCS #12)',
+        '1.2.840.113549.1.9.22*' => 'certTypes (for PKCS #12)',
+        '1.2.840.113549.1.9.22.1*' => 'x509Certificate (for PKCS #12)',
+        '1.2.840.113549.1.9.22.2*' => 'sdsiCertificate (for PKCS #12)',
+        '1.2.840.113549.1.9.23*' => 'crlTypes (for PKCS #12)',
+        '1.2.840.113549.1.9.23.1*' => 'x509Crl (for PKCS #12)',
+        '1.2.840.113549.1.9.24*' => 'pkcs9objectClass',
+        '1.2.840.113549.1.9.25*' => 'pkcs9attributes',
+        '1.2.840.113549.1.9.25.1*' => 'pkcs15Token',
+        '1.2.840.113549.1.9.25.2*' => 'encryptedPrivateKeyInfo',
+        '1.2.840.113549.1.9.25.3*' => 'randomNonce',
+        '1.2.840.113549.1.9.25.4*' => 'sequenceNumber',
+        '1.2.840.113549.1.9.25.5*' => 'pkcs7PDU',
+        '1.2.840.113549.1.9.26*' => 'pkcs9syntax',
+        '1.2.840.113549.1.9.27*' => 'pkcs9matchingRules',
+        '1.2.840.113549.1.12*' => 'pkcs-12',
+        '1.2.840.113549.1.12.1*' => 'pkcs-12-PbeIds',
+        '1.2.840.113549.1.12.1.1*' => 'pbeWithSHAAnd128BitRC4',
+        '1.2.840.113549.1.12.1.2*' => 'pbeWithSHAAnd40BitRC4',
+        '1.2.840.113549.1.12.1.3*' => 'pbeWithSHAAnd3-KeyTripleDES-CBC',
+        '1.2.840.113549.1.12.1.4*' => 'pbeWithSHAAnd2-KeyTripleDES-CBC',
+        '1.2.840.113549.1.12.1.5*' => 'pbeWithSHAAnd128BitRC2-CBC',
+        '1.2.840.113549.1.12.1.6*' => 'pbeWithSHAAnd40BitRC2-CBC',
+        '1.2.840.113549.1.12.2*' => 'pkcs-12-ESPVKID',
+        '1.2.840.113549.1.12.2.1*' => 'pkcs-12-PKCS8KeyShrouding',
+        '1.2.840.113549.1.12.3*' => 'pkcs-12-BagIds',
+        '1.2.840.113549.1.12.3.1*' => 'pkcs-12-keyBagId',
+        '1.2.840.113549.1.12.3.2*' => 'pkcs-12-certAndCRLBagId',
+        '1.2.840.113549.1.12.3.3*' => 'pkcs-12-secretBagId',
+        '1.2.840.113549.1.12.3.4*' => 'pkcs-12-safeContentsId',
+        '1.2.840.113549.1.12.3.5*' => 'pkcs-12-pkcs-8ShroudedKeyBagId',
+        '1.2.840.113549.1.12.4*' => 'pkcs-12-CertBagID',
+        '1.2.840.113549.1.12.4.1*' => 'pkcs-12-X509CertCRLBagID',
+        '1.2.840.113549.1.12.4.2*' => 'pkcs-12-SDSICertBagID',
+        '1.2.840.113549.1.12.5*' => 'pkcs-12-OID',
+        '1.2.840.113549.1.12.5.1*' => 'pkcs-12-PBEID',
+        '1.2.840.113549.1.12.5.1.1*' => 'pkcs-12-PBEWithSha1And128BitRC4',
+        '1.2.840.113549.1.12.5.1.2*' => 'pkcs-12-PBEWithSha1And40BitRC4',
+        '1.2.840.113549.1.12.5.1.3*' => 'pkcs-12-PBEWithSha1AndTripleDESCBC',
+        '1.2.840.113549.1.12.5.1.4*' => 'pkcs-12-PBEWithSha1And128BitRC2CBC',
+        '1.2.840.113549.1.12.5.1.5*' => 'pkcs-12-PBEWithSha1And40BitRC2CBC',
+        '1.2.840.113549.1.12.5.1.6*' => 'pkcs-12-PBEWithSha1AndRC4',
+        '1.2.840.113549.1.12.5.1.7*' => 'pkcs-12-PBEWithSha1AndRC2CBC',
+        '1.2.840.113549.1.12.5.2*' => 'pkcs-12-EnvelopingID',
+        '1.2.840.113549.1.12.5.2.1*' => 'pkcs-12-RSAEncryptionWith128BitRC4',
+        '1.2.840.113549.1.12.5.2.2*' => 'pkcs-12-RSAEncryptionWith40BitRC4',
+        '1.2.840.113549.1.12.5.2.3*' => 'pkcs-12-RSAEncryptionWithTripleDES',
+        '1.2.840.113549.1.12.5.3*' => 'pkcs-12-SignatureID',
+        '1.2.840.113549.1.12.5.3.1*' => 'pkcs-12-RSASignatureWithSHA1Digest',
+        '1.2.840.113549.1.12.10*' => 'pkcs-12Version1',
+        '1.2.840.113549.1.12.10.1*' => 'pkcs-12BadIds',
+        '1.2.840.113549.1.12.10.1.1*' => 'pkcs-12-keyBag',
+        '1.2.840.113549.1.12.10.1.2*' => 'pkcs-12-pkcs-8ShroudedKeyBag',
+        '1.2.840.113549.1.12.10.1.3*' => 'pkcs-12-certBag',
+        '1.2.840.113549.1.12.10.1.4*' => 'pkcs-12-crlBag',
+        '1.2.840.113549.1.12.10.1.5*' => 'pkcs-12-secretBag',
+        '1.2.840.113549.1.12.10.1.6*' => 'pkcs-12-safeContentsBag',
+        '1.2.840.113549.1.15.1*' => 'pkcs15modules',
+        '1.2.840.113549.1.15.2*' => 'pkcs15attributes',
+        '1.2.840.113549.1.15.3*' => 'pkcs15contentType',
+        '1.2.840.113549.1.15.3.1*' => 'pkcs15content',
+        '1.2.840.113549.2*' => 'digestAlgorithm',
+        '1.2.840.113549.2.2*' => 'md2',
+        '1.2.840.113549.2.4*' => 'md4',
+        '1.2.840.113549.2.5*' => 'md5',
+        '1.2.840.113549.2.7*' => 'hmacWithSHA1',
+        '1.2.840.113549.2.8*' => 'hmacWithSHA224',
+        '1.2.840.113549.2.9*' => 'hmacWithSHA256',
+        '1.2.840.113549.2.10*' => 'hmacWithSHA384',
+        '1.2.840.113549.2.11*' => 'hmacWithSHA512',
+        '1.2.840.113549.3*' => 'encryptionAlgorithm',
+        '1.2.840.113549.3.2*' => 'rc2CBC',
+        '1.2.840.113549.3.3*' => 'rc2ECB',
+        '1.2.840.113549.3.4*' => 'rc4',
+        '1.2.840.113549.3.5*' => 'rc4WithMAC',
+        '1.2.840.113549.3.6*' => 'desx-CBC',
+        '1.2.840.113549.3.7*' => 'des-EDE3-CBC',
+        '1.2.840.113549.3.8*' => 'rc5CBC',
+        '1.2.840.113549.3.9*' => 'rc5-CBCPad',
+        '1.2.840.113549.3.10*' => 'desCDMF',
+        '1.2.840.114021.1.6.1*' => 'Identrus unknown policyIdentifier',
+        '1.2.840.114021.4.1*' => 'identrusOCSP',
+        '1.2.840.113556.1.2.241*' => 'deliveryMechanism',
+        '1.2.840.113556.1.3.0*' => 'site-Addressing',
+        '1.2.840.113556.1.3.13*' => 'classSchema',
+        '1.2.840.113556.1.3.14*' => 'attributeSchema',
+        '1.2.840.113556.1.3.17*' => 'mailbox-Agent',
+        '1.2.840.113556.1.3.22*' => 'mailbox',
+        '1.2.840.113556.1.3.23*' => 'container',
+        '1.2.840.113556.1.3.46*' => 'mailRecipient',
+        '1.2.840.113556.1.2.281*' => 'ntSecurityDescriptor',
+        '1.2.840.113556.1.4.145*' => 'revision',
+        '1.2.840.113556.1.4.1327*' => 'pKIDefaultKeySpec',
+        '1.2.840.113556.1.4.1328*' => 'pKIKeyUsage',
+        '1.2.840.113556.1.4.1329*' => 'pKIMaxIssuingDepth',
+        '1.2.840.113556.1.4.1330*' => 'pKICriticalExtensions',
+        '1.2.840.113556.1.4.1331*' => 'pKIExpirationPeriod',
+        '1.2.840.113556.1.4.1332*' => 'pKIOverlapPeriod',
+        '1.2.840.113556.1.4.1333*' => 'pKIExtendedKeyUsage',
+        '1.2.840.113556.1.4.1334*' => 'pKIDefaultCSPs',
+        '1.2.840.113556.1.4.1335*' => 'pKIEnrollmentAccess',
+        '1.2.840.113556.1.4.1429*' => 'msPKI-RA-Signature',
+        '1.2.840.113556.1.4.1430*' => 'msPKI-Enrollment-Flag',
+        '1.2.840.113556.1.4.1431*' => 'msPKI-Private-Key-Flag',
+        '1.2.840.113556.1.4.1432*' => 'msPKI-Certificate-Name-Flag',
+        '1.2.840.113556.1.4.1433*' => 'msPKI-Minimal-Key-Size',
+        '1.2.840.113556.1.4.1434*' => 'msPKI-Template-Schema-Version',
+        '1.2.840.113556.1.4.1435*' => 'msPKI-Template-Minor-Revision',
+        '1.2.840.113556.1.4.1436*' => 'msPKI-Cert-Template-OID',
+        '1.2.840.113556.1.4.1437*' => 'msPKI-Supersede-Templates',
+        '1.2.840.113556.1.4.1438*' => 'msPKI-RA-Policies',
+        '1.2.840.113556.1.4.1439*' => 'msPKI-Certificate-Policy',
+        '1.2.840.113556.1.4.1674*' => 'msPKI-Certificate-Application-Policy',
+        '1.2.840.113556.1.4.1675*' => 'msPKI-RA-Application-Policies',
+        '1.2.840.113556.4.3*' => 'microsoftExcel',
+        '1.2.840.113556.4.4*' => 'titledWithOID',
+        '1.2.840.113556.4.5*' => 'microsoftPowerPoint',
+        '1.2.840.113628.114.1.7*' => 'adobePKCS7',
+        '1.2.840.113635.100*' => 'appleDataSecurity',
+        '1.2.840.113635.100.1*' => 'appleTrustPolicy',
+        '1.2.840.113635.100.1.1*' => 'appleISignTP',
+        '1.2.840.113635.100.1.2*' => 'appleX509Basic',
+        '1.2.840.113635.100.1.3*' => 'appleSSLPolicy',
+        '1.2.840.113635.100.1.4*' => 'appleLocalCertGenPolicy',
+        '1.2.840.113635.100.1.5*' => 'appleCSRGenPolicy',
+        '1.2.840.113635.100.1.6*' => 'appleCRLPolicy',
+        '1.2.840.113635.100.1.7*' => 'appleOCSPPolicy',
+        '1.2.840.113635.100.1.8*' => 'appleSMIMEPolicy',
+        '1.2.840.113635.100.1.9*' => 'appleEAPPolicy',
+        '1.2.840.113635.100.1.10*' => 'appleSWUpdateSigningPolicy',
+        '1.2.840.113635.100.1.11*' => 'appleIPSecPolicy',
+        '1.2.840.113635.100.1.12*' => 'appleIChatPolicy',
+        '1.2.840.113635.100.1.13*' => 'appleResourceSignPolicy',
+        '1.2.840.113635.100.1.14*' => 'applePKINITClientPolicy',
+        '1.2.840.113635.100.1.15*' => 'applePKINITServerPolicy',
+        '1.2.840.113635.100.1.16*' => 'appleCodeSigningPolicy',
+        '1.2.840.113635.100.1.17*' => 'applePackageSigningPolicy',
+        '1.2.840.113635.100.2*' => 'appleSecurityAlgorithm',
+        '1.2.840.113635.100.2.1*' => 'appleFEE',
+        '1.2.840.113635.100.2.2*' => 'appleASC',
+        '1.2.840.113635.100.2.3*' => 'appleFEE_MD5',
+        '1.2.840.113635.100.2.4*' => 'appleFEE_SHA1',
+        '1.2.840.113635.100.2.5*' => 'appleFEED',
+        '1.2.840.113635.100.2.6*' => 'appleFEEDEXP',
+        '1.2.840.113635.100.2.7*' => 'appleECDSA',
+        '1.2.840.113635.100.3*' => 'appleDotMacCertificate',
+        '1.2.840.113635.100.3.1*' => 'appleDotMacCertificateRequest',
+        '1.2.840.113635.100.3.2*' => 'appleDotMacCertificateExtension',
+        '1.2.840.113635.100.3.3*' => 'appleDotMacCertificateRequestValues',
+        '1.2.840.113635.100.4*' => 'appleExtendedKeyUsage',
+        '1.2.840.113635.100.4.1*' => 'appleCodeSigning',
+        '1.2.840.113635.100.4.1.1*' => 'appleCodeSigningDevelopment',
+        '1.2.840.113635.100.4.1.2*' => 'appleSoftwareUpdateSigning',
+        '1.2.840.113635.100.4.1.3*' => 'appleCodeSigningThirdParty',
+        '1.2.840.113635.100.4.1.4*' => 'appleResourceSigning',
+        '1.2.840.113635.100.4.2*' => 'appleIChatSigning',
+        '1.2.840.113635.100.4.3*' => 'appleIChatEncryption',
+        '1.2.840.113635.100.4.4*' => 'appleSystemIdentity',
+        '1.2.840.113635.100.4.5*' => 'appleCryptoEnv',
+        '1.2.840.113635.100.4.5.1*' => 'appleCryptoProductionEnv',
+        '1.2.840.113635.100.4.5.2*' => 'appleCryptoMaintenanceEnv',
+        '1.2.840.113635.100.4.5.3*' => 'appleCryptoTestEnv',
+        '1.2.840.113635.100.4.5.4*' => 'appleCryptoDevelopmentEnv',
+        '1.2.840.113635.100.4.6*' => 'appleCryptoQoS',
+        '1.2.840.113635.100.4.6.1*' => 'appleCryptoTier0QoS',
+        '1.2.840.113635.100.4.6.2*' => 'appleCryptoTier1QoS',
+        '1.2.840.113635.100.4.6.3*' => 'appleCryptoTier2QoS',
+        '1.2.840.113635.100.4.6.4*' => 'appleCryptoTier3QoS',
+        '1.2.840.113635.100.5*' => 'appleCertificatePolicies',
+        '1.2.840.113635.100.5.1*' => 'appleCertificatePolicyID',
+        '1.2.840.113635.100.5.2*' => 'appleDotMacCertificatePolicyID',
+        '1.2.840.113635.100.5.3*' => 'appleADCCertificatePolicyID',
+        '1.2.840.113635.100.6*' => 'appleCertificateExtensions',
+        '1.2.840.113635.100.6.1*' => 'appleCertificateExtensionCodeSigning',
+        '1.2.840.113635.100.6.1.1*' => 'appleCertificateExtensionAppleSigning',
+        '1.2.840.113635.100.6.1.2*' => 'appleCertificateExtensionADCDeveloperSigning',
+        '1.2.840.113635.100.6.1.3*' => 'appleCertificateExtensionADCAppleSigning',
+        '1.3.6.1.4.1.311.2.1.4*' => 'spcIndirectDataContext',
+        '1.3.6.1.4.1.311.2.1.10*' => 'spcAgencyInfo',
+        '1.3.6.1.4.1.311.2.1.11*' => 'spcStatementType',
+        '1.3.6.1.4.1.311.2.1.12*' => 'spcSpOpusInfo',
+        '1.3.6.1.4.1.311.2.1.14*' => 'certReqExtensions',
+        '1.3.6.1.4.1.311.2.1.15*' => 'spcPEImageData',
+        '1.3.6.1.4.1.311.2.1.18*' => 'spcRawFileData',
+        '1.3.6.1.4.1.311.2.1.19*' => 'spcStructuredStorageData',
+        '1.3.6.1.4.1.311.2.1.20*' => 'spcJavaClassData (type 1)',
+        '1.3.6.1.4.1.311.2.1.21*' => 'individualCodeSigning',
+        '1.3.6.1.4.1.311.2.1.22*' => 'commercialCodeSigning',
+        '1.3.6.1.4.1.311.2.1.25*' => 'spcLink (type 2)',
+        '1.3.6.1.4.1.311.2.1.26*' => 'spcMinimalCriteriaInfo',
+        '1.3.6.1.4.1.311.2.1.27*' => 'spcFinancialCriteriaInfo',
+        '1.3.6.1.4.1.311.2.1.28*' => 'spcLink (type 3)',
+        '1.3.6.1.4.1.311.3.2.1*' => 'timestampRequest',
+        '1.3.6.1.4.1.311.10.1*' => 'certTrustList',
+        '1.3.6.1.4.1.311.10.1.1*' => 'sortedCtl',
+        '1.3.6.1.4.1.311.10.2*' => 'nextUpdateLocation',
+        '1.3.6.1.4.1.311.10.3.1*' => 'certTrustListSigning',
+        '1.3.6.1.4.1.311.10.3.2*' => 'timeStampSigning',
+        '1.3.6.1.4.1.311.10.3.3*' => 'serverGatedCrypto',
+        '1.3.6.1.4.1.311.10.3.3.1*' => 'serialized',
+        '1.3.6.1.4.1.311.10.3.4*' => 'encryptedFileSystem',
+        '1.3.6.1.4.1.311.10.3.5*' => 'whqlCrypto',
+        '1.3.6.1.4.1.311.10.3.6*' => 'nt5Crypto',
+        '1.3.6.1.4.1.311.10.3.7*' => 'oemWHQLCrypto',
+        '1.3.6.1.4.1.311.10.3.8*' => 'embeddedNTCrypto',
+        '1.3.6.1.4.1.311.10.3.9*' => 'rootListSigner',
+        '1.3.6.1.4.1.311.10.3.10*' => 'qualifiedSubordination',
+        '1.3.6.1.4.1.311.10.3.11*' => 'keyRecovery',
+        '1.3.6.1.4.1.311.10.3.12*' => 'documentSigning',
+        '1.3.6.1.4.1.311.10.3.13*' => 'lifetimeSigning',
+        '1.3.6.1.4.1.311.10.3.14*' => 'mobileDeviceSoftware',
+        '1.3.6.1.4.1.311.10.3.15*' => 'smartDisplay',
+        '1.3.6.1.4.1.311.10.3.16*' => 'cspSignature',
+        '1.3.6.1.4.1.311.10.3.4.1*' => 'efsRecovery',
+        '1.3.6.1.4.1.311.10.4.1*' => 'yesnoTrustAttr',
+        '1.3.6.1.4.1.311.10.5.1*' => 'drm',
+        '1.3.6.1.4.1.311.10.5.2*' => 'drmIndividualization',
+        '1.3.6.1.4.1.311.10.6.1*' => 'licenses',
+        '1.3.6.1.4.1.311.10.6.2*' => 'licenseServer',
+        '1.3.6.1.4.1.311.10.7.1*' => 'keyidRdn',
+        '1.3.6.1.4.1.311.10.8.1*' => 'removeCertificate',
+        '1.3.6.1.4.1.311.10.9.1*' => 'crossCertDistPoints',
+        '1.3.6.1.4.1.311.10.10.1*' => 'cmcAddAttributes',
+        '1.3.6.1.4.1.311.10.11*' => 'certPropIdPrefix',
+        '1.3.6.1.4.1.311.10.11.4*' => 'certMd5HashPropId',
+        '1.3.6.1.4.1.311.10.11.20*' => 'certKeyIdentifierPropId',
+        '1.3.6.1.4.1.311.10.11.28*' => 'certIssuerSerialNumberMd5HashPropId',
+        '1.3.6.1.4.1.311.10.11.29*' => 'certSubjectNameMd5HashPropId',
+        '1.3.6.1.4.1.311.10.12.1*' => 'anyApplicationPolicy',
+        '1.3.6.1.4.1.311.13.1*' => 'renewalCertificate',
+        '1.3.6.1.4.1.311.13.2.1*' => 'enrolmentNameValuePair',
+        '1.3.6.1.4.1.311.13.2.2*' => 'enrolmentCSP',
+        '1.3.6.1.4.1.311.13.2.3*' => 'osVersion',
+        '1.3.6.1.4.1.311.16.4*' => 'microsoftRecipientInfo',
+        '1.3.6.1.4.1.311.17.1*' => 'pkcs12KeyProviderNameAttr',
+        '1.3.6.1.4.1.311.17.2*' => 'localMachineKeyset',
+        '1.3.6.1.4.1.311.17.3*' => 'pkcs12ExtendedAttributes',
+        '1.3.6.1.4.1.311.20.1*' => 'autoEnrollCtlUsage',
+        '1.3.6.1.4.1.311.20.2*' => 'enrollCerttypeExtension',
+        '1.3.6.1.4.1.311.20.2.1*' => 'enrollmentAgent',
+        '1.3.6.1.4.1.311.20.2.2*' => 'smartcardLogon',
+        '1.3.6.1.4.1.311.20.2.3*' => 'universalPrincipalName',
+        '1.3.6.1.4.1.311.20.3*' => 'certManifold',
+        '1.3.6.1.4.1.311.21.1*' => 'cAKeyCertIndexPair',
+        '1.3.6.1.4.1.311.21.5*' => 'caExchange',
+        '1.3.6.1.4.1.311.21.2*' => 'certSrvPreviousCertHash',
+        '1.3.6.1.4.1.311.21.3*' => 'crlVirtualBase',
+        '1.3.6.1.4.1.311.21.4*' => 'crlNextPublish',
+        '1.3.6.1.4.1.311.21.6*' => 'keyRecovery',
+        '1.3.6.1.4.1.311.21.7*' => 'certificateTemplate',
+        '1.3.6.1.4.1.311.21.9*' => 'rdnDummySigner',
+        '1.3.6.1.4.1.311.21.10*' => 'applicationCertPolicies',
+        '1.3.6.1.4.1.311.21.11*' => 'applicationPolicyMappings',
+        '1.3.6.1.4.1.311.21.12*' => 'applicationPolicyConstraints',
+        '1.3.6.1.4.1.311.21.13*' => 'archivedKey',
+        '1.3.6.1.4.1.311.21.14*' => 'crlSelfCDP',
+        '1.3.6.1.4.1.311.21.15*' => 'requireCertChainPolicy',
+        '1.3.6.1.4.1.311.21.16*' => 'archivedKeyCertHash',
+        '1.3.6.1.4.1.311.21.17*' => 'issuedCertHash',
+        '1.3.6.1.4.1.311.21.19*' => 'dsEmailReplication',
+        '1.3.6.1.4.1.311.21.20*' => 'requestClientInfo',
+        '1.3.6.1.4.1.311.21.21*' => 'encryptedKeyHash',
+        '1.3.6.1.4.1.311.21.22*' => 'certsrvCrossCaVersion',
+        '1.3.6.1.4.1.311.25.1*' => 'ntdsReplication',
+        '1.3.6.1.4.1.311.31.1*' => 'productUpdate',
+        '1.3.6.1.4.1.311.47.1.1*' => 'systemHealth',
+        '1.3.6.1.4.1.311.47.1.3*' => 'systemHealthLoophole',
+        '1.3.6.1.4.1.311.60.1.1*' => 'rootProgramFlags',
+        '1.3.6.1.4.1.311.61.1.1*' => 'kernelModeCodeSigning',
+        '1.3.6.1.4.1.311.60.2.1.1*' => 'jurisdictionOfIncorporationL',
+        '1.3.6.1.4.1.311.60.2.1.2*' => 'jurisdictionOfIncorporationSP',
+        '1.3.6.1.4.1.311.60.2.1.3*' => 'jurisdictionOfIncorporationC',
+        '1.3.6.1.4.1.311.88.2.1*' => 'originalFilename',
+        '1.3.6.1.4.1.188.7.1.1*' => 'ascom',
+        '1.3.6.1.4.1.188.7.1.1.1*' => 'ideaECB',
+        '1.3.6.1.4.1.188.7.1.1.2*' => 'ideaCBC',
+        '1.3.6.1.4.1.188.7.1.1.3*' => 'ideaCFB',
+        '1.3.6.1.4.1.188.7.1.1.4*' => 'ideaOFB',
+        '1.3.6.1.4.1.2428.10.1.1*' => 'UNINETT policyIdentifier',
+        '1.3.6.1.4.1.2712.10*' => 'ICE-TEL policyIdentifier',
+        '1.3.6.1.4.1.2786.1.1.1*' => 'ICE-TEL Italian policyIdentifier',
+        '1.3.6.1.4.1.3029.1.1.1*' => 'blowfishECB',
+        '1.3.6.1.4.1.3029.1.1.2*' => 'blowfishCBC',
+        '1.3.6.1.4.1.3029.1.1.3*' => 'blowfishCFB',
+        '1.3.6.1.4.1.3029.1.1.4*' => 'blowfishOFB',
+        '1.3.6.1.4.1.3029.1.2.1*' => 'elgamal',
+        '1.3.6.1.4.1.3029.1.2.1.1*' => 'elgamalWithSHA-1',
+        '1.3.6.1.4.1.3029.1.2.1.2*' => 'elgamalWithRIPEMD-160',
+        '1.3.6.1.4.1.3029.3.1.1*' => 'cryptlibPresenceCheck',
+        '1.3.6.1.4.1.3029.3.1.2*' => 'pkiBoot',
+        '1.3.6.1.4.1.3029.3.1.4*' => 'crlExtReason',
+        '1.3.6.1.4.1.3029.3.1.5*' => 'keyFeatures',
+        '1.3.6.1.4.1.3029.4.1*' => 'cryptlibContent',
+        '1.3.6.1.4.1.3029.4.1.1*' => 'cryptlibConfigData',
+        '1.3.6.1.4.1.3029.4.1.2*' => 'cryptlibUserIndex',
+        '1.3.6.1.4.1.3029.4.1.3*' => 'cryptlibUserInfo',
+        '1.3.6.1.4.1.3029.4.1.4*' => 'rtcsRequest',
+        '1.3.6.1.4.1.3029.4.1.5*' => 'rtcsResponse',
+        '1.3.6.1.4.1.3029.4.1.6*' => 'rtcsResponseExt',
+        '1.3.6.1.4.1.3029.42.11172.1*' => 'mpeg-1',
+        '1.3.6.1.4.1.3029.88.89.90.90.89*' => 'xYZZY policyIdentifier',
+        '1.3.6.1.4.1.3401.8.1.1*' => 'pgpExtension',
+        '1.3.6.1.4.1.3576.7*' => 'eciaAscX12Edi',
+        '1.3.6.1.4.1.3576.7.1*' => 'plainEDImessage',
+        '1.3.6.1.4.1.3576.7.2*' => 'signedEDImessage',
+        '1.3.6.1.4.1.3576.7.5*' => 'integrityEDImessage',
+        '1.3.6.1.4.1.3576.7.65*' => 'iaReceiptMessage',
+        '1.3.6.1.4.1.3576.7.97*' => 'iaStatusMessage',
+        '1.3.6.1.4.1.3576.8*' => 'eciaEdifact',
+        '1.3.6.1.4.1.3576.9*' => 'eciaNonEdi',
+        '1.3.6.1.4.1.4146*' => 'Globalsign',
+        '1.3.6.1.4.1.4146.1*' => 'globalsignPolicy',
+        '1.3.6.1.4.1.4146.1.10*' => 'globalsignDVPolicy',
+        '1.3.6.1.4.1.4146.1.20*' => 'globalsignOVPolicy',
+        '1.3.6.1.4.1.4146.1.30*' => 'globalsignTSAPolicy',
+        '1.3.6.1.4.1.4146.1.40*' => 'globalsignClientCertPolicy',
+        '1.3.6.1.4.1.4146.1.50*' => 'globalsignCodeSignPolicy',
+        '1.3.6.1.4.1.4146.1.60*' => 'globalsignRootSignPolicy',
+        '1.3.6.1.4.1.4146.1.70*' => 'globalsignTrustedRootPolicy',
+        '1.3.6.1.4.1.4146.1.80*' => 'globalsignEDIClientPolicy',
+        '1.3.6.1.4.1.4146.1.81*' => 'globalsignEDIServerPolicy',
+        '1.3.6.1.4.1.4146.1.90*' => 'globalsignTPMRootPolicy',
+        '1.3.6.1.4.1.4146.1.95*' => 'globalsignOCSPPolicy',
+        '1.3.6.1.4.1.5309.1.2.2*' => 'edelWebTSAPolicy',
+        '1.3.6.1.4.1.5472*' => 'timeproof',
+        '1.3.6.1.4.1.5472.1*' => 'tss',
+        '1.3.6.1.4.1.5472.1.1*' => 'tss80',
+        '1.3.6.1.4.1.5472.1.2*' => 'tss380',
+        '1.3.6.1.4.1.5472.1.3*' => 'tss400',
+        '1.3.6.1.4.1.5770.0.3*' => 'secondaryPractices',
+        '1.3.6.1.4.1.5770.0.4*' => 'physicianIdentifiers',
+        '1.3.6.1.4.1.6449.1.2.1.3.1*' => 'comodoPolicy',
+        '1.3.6.1.4.1.6449.1.3.5.2*' => 'validityModelX',
+        '1.3.6.1.4.1.8301.3.5.1*' => 'validityModelChain',
+        '1.3.6.1.4.1.8301.3.5.2*' => 'validityModelShell',
+        '1.3.6.1.4.1.8231.1*' => 'rolUnicoNacional',
+        '1.3.6.1.4.1.11591*' => 'gnu',
+        '1.3.6.1.4.1.11591.1*' => 'gnuRadius',
+        '1.3.6.1.4.1.11591.3*' => 'gnuRadar',
+        '1.3.6.1.4.1.11591.12*' => 'gnuDigestAlgorithm',
+        '1.3.6.1.4.1.11591.12.2*' => 'tiger',
+        '1.3.6.1.4.1.11591.13*' => 'gnuEncryptionAlgorithm',
+        '1.3.6.1.4.1.11591.13.2*' => 'serpent',
+        '1.3.6.1.4.1.11591.13.2.1*' => 'serpent128_ECB',
+        '1.3.6.1.4.1.11591.13.2.2*' => 'serpent128_CBC',
+        '1.3.6.1.4.1.11591.13.2.3*' => 'serpent128_OFB',
+        '1.3.6.1.4.1.11591.13.2.4*' => 'serpent128_CFB',
+        '1.3.6.1.4.1.11591.13.2.21*' => 'serpent192_ECB',
+        '1.3.6.1.4.1.11591.13.2.22*' => 'serpent192_CBC',
+        '1.3.6.1.4.1.11591.13.2.23*' => 'serpent192_OFB',
+        '1.3.6.1.4.1.11591.13.2.24*' => 'serpent192_CFB',
+        '1.3.6.1.4.1.11591.13.2.41*' => 'serpent256_ECB',
+        '1.3.6.1.4.1.11591.13.2.42*' => 'serpent256_CBC',
+        '1.3.6.1.4.1.11591.13.2.43*' => 'serpent256_OFB',
+        '1.3.6.1.4.1.11591.13.2.44*' => 'serpent256_CFB',
+        '1.3.6.1.4.1.16334.509.1.1*' => 'Northrop Grumman extKeyUsage?',
+        '1.3.6.1.4.1.16334.509.2.1*' => 'ngcClass1',
+        '1.3.6.1.4.1.16334.509.2.2*' => 'ngcClass2',
+        '1.3.6.1.4.1.16334.509.2.3*' => 'ngcClass3',
+        '1.3.6.1.5.5.7*' => 'pkix',
+        '1.3.6.1.5.5.7.0.12*' => 'attributeCert',
+        '1.3.6.1.5.5.7.1*' => 'privateExtension',
+        '1.3.6.1.5.5.7.1.1*' => 'authorityInfoAccess',
+        '1.3.6.1.5.5.7.1.2*' => 'biometricInfo',
+        '1.3.6.1.5.5.7.1.3*' => 'qcStatements',
+        '1.3.6.1.5.5.7.1.4*' => 'acAuditIdentity',
+        '1.3.6.1.5.5.7.1.5*' => 'acTargeting',
+        '1.3.6.1.5.5.7.1.6*' => 'acAaControls',
+        '1.3.6.1.5.5.7.1.7*' => 'ipAddrBlocks',
+        '1.3.6.1.5.5.7.1.8*' => 'autonomousSysIds',
+        '1.3.6.1.5.5.7.1.9*' => 'routerIdentifier',
+        '1.3.6.1.5.5.7.1.10*' => 'acProxying',
+        '1.3.6.1.5.5.7.1.11*' => 'subjectInfoAccess',
+        '1.3.6.1.5.5.7.1.12*' => 'logoType',
+        '1.3.6.1.5.5.7.1.13*' => 'wlanSSID',
+        '1.3.6.1.5.5.7.2*' => 'policyQualifierIds',
+        '1.3.6.1.5.5.7.2.1*' => 'cps',
+        '1.3.6.1.5.5.7.2.2*' => 'unotice',
+        '1.3.6.1.5.5.7.2.3*' => 'textNotice',
+        '1.3.6.1.5.5.7.3*' => 'keyPurpose',
+        '1.3.6.1.5.5.7.3.1*' => 'serverAuth',
+        '1.3.6.1.5.5.7.3.2*' => 'clientAuth',
+        '1.3.6.1.5.5.7.3.3*' => 'codeSigning',
+        '1.3.6.1.5.5.7.3.4*' => 'emailProtection',
+        '1.3.6.1.5.5.7.3.5*' => 'ipsecEndSystem',
+        '1.3.6.1.5.5.7.3.6*' => 'ipsecTunnel',
+        '1.3.6.1.5.5.7.3.7*' => 'ipsecUser',
+        '1.3.6.1.5.5.7.3.8*' => 'timeStamping',
+        '1.3.6.1.5.5.7.3.9*' => 'ocspSigning',
+        '1.3.6.1.5.5.7.3.10*' => 'dvcs',
+        '1.3.6.1.5.5.7.3.11*' => 'sbgpCertAAServerAuth',
+        '1.3.6.1.5.5.7.3.13*' => 'eapOverPPP',
+        '1.3.6.1.5.5.7.3.14*' => 'eapOverLAN',
+        '1.3.6.1.5.5.7.4*' => 'cmpInformationTypes',
+        '1.3.6.1.5.5.7.4.1*' => 'caProtEncCert',
+        '1.3.6.1.5.5.7.4.2*' => 'signKeyPairTypes',
+        '1.3.6.1.5.5.7.4.3*' => 'encKeyPairTypes',
+        '1.3.6.1.5.5.7.4.4*' => 'preferredSymmAlg',
+        '1.3.6.1.5.5.7.4.5*' => 'caKeyUpdateInfo',
+        '1.3.6.1.5.5.7.4.6*' => 'currentCRL',
+        '1.3.6.1.5.5.7.4.7*' => 'unsupportedOIDs',
+        '1.3.6.1.5.5.7.4.10*' => 'keyPairParamReq',
+        '1.3.6.1.5.5.7.4.11*' => 'keyPairParamRep',
+        '1.3.6.1.5.5.7.4.12*' => 'revPassphrase',
+        '1.3.6.1.5.5.7.4.13*' => 'implicitConfirm',
+        '1.3.6.1.5.5.7.4.14*' => 'confirmWaitTime',
+        '1.3.6.1.5.5.7.4.15*' => 'origPKIMessage',
+        '1.3.6.1.5.5.7.4.16*' => 'suppLangTags',
+        '1.3.6.1.5.5.7.5*' => 'crmfRegistration',
+        '1.3.6.1.5.5.7.5.1*' => 'regCtrl',
+        '1.3.6.1.5.5.7.5.1.1*' => 'regToken',
+        '1.3.6.1.5.5.7.5.1.2*' => 'authenticator',
+        '1.3.6.1.5.5.7.5.1.3*' => 'pkiPublicationInfo',
+        '1.3.6.1.5.5.7.5.1.4*' => 'pkiArchiveOptions',
+        '1.3.6.1.5.5.7.5.1.5*' => 'oldCertID',
+        '1.3.6.1.5.5.7.5.1.6*' => 'protocolEncrKey',
+        '1.3.6.1.5.5.7.5.1.7*' => 'altCertTemplate',
+        '1.3.6.1.5.5.7.5.1.8*' => 'wtlsTemplate',
+        '1.3.6.1.5.5.7.5.2*' => 'utf8Pairs',
+        '1.3.6.1.5.5.7.5.2.1*' => 'utf8Pairs',
+        '1.3.6.1.5.5.7.5.2.2*' => 'certReq',
+        '1.3.6.1.5.5.7.6*' => 'algorithms',
+        '1.3.6.1.5.5.7.6.1*' => 'des40',
+        '1.3.6.1.5.5.7.6.2*' => 'noSignature',
+        '1.3.6.1.5.5.7.6.3*' => 'dh-sig-hmac-sha1',
+        '1.3.6.1.5.5.7.6.4*' => 'dh-pop',
+        '1.3.6.1.5.5.7.7*' => 'cmcControls',
+        '1.3.6.1.5.5.7.8*' => 'otherNames',
+        '1.3.6.1.5.5.7.8.1*' => 'personalData',
+        '1.3.6.1.5.5.7.8.2*' => 'userGroup',
+        '1.3.6.1.5.5.7.9*' => 'personalData',
+        '1.3.6.1.5.5.7.9.1*' => 'dateOfBirth',
+        '1.3.6.1.5.5.7.9.2*' => 'placeOfBirth',
+        '1.3.6.1.5.5.7.9.3*' => 'gender',
+        '1.3.6.1.5.5.7.9.4*' => 'countryOfCitizenship',
+        '1.3.6.1.5.5.7.9.5*' => 'countryOfResidence',
+        '1.3.6.1.5.5.7.10*' => 'attributeCertificate',
+        '1.3.6.1.5.5.7.10.1*' => 'authenticationInfo',
+        '1.3.6.1.5.5.7.10.2*' => 'accessIdentity',
+        '1.3.6.1.5.5.7.10.3*' => 'chargingIdentity',
+        '1.3.6.1.5.5.7.10.4*' => 'group',
+        '1.3.6.1.5.5.7.10.5*' => 'role',
+        '1.3.6.1.5.5.7.10.6*' => 'wlanSSID',
+        '1.3.6.1.5.5.7.11*' => 'personalData',
+        '1.3.6.1.5.5.7.11.1*' => 'pkixQCSyntax-v1',
+        '1.3.6.1.5.5.7.14.2*' => 'resourceCertificatePolicy',
+        '1.3.6.1.5.5.7.20*' => 'logo',
+        '1.3.6.1.5.5.7.20.1*' => 'logoLoyalty',
+        '1.3.6.1.5.5.7.20.2*' => 'logoBackground',
+        '1.3.6.1.5.5.7.48.1*' => 'ocsp',
+        '1.3.6.1.5.5.7.48.1.1*' => 'ocspBasic',
+        '1.3.6.1.5.5.7.48.1.2*' => 'ocspNonce',
+        '1.3.6.1.5.5.7.48.1.3*' => 'ocspCRL',
+        '1.3.6.1.5.5.7.48.1.4*' => 'ocspResponse',
+        '1.3.6.1.5.5.7.48.1.5*' => 'ocspNoCheck',
+        '1.3.6.1.5.5.7.48.1.6*' => 'ocspArchiveCutoff',
+        '1.3.6.1.5.5.7.48.1.7*' => 'ocspServiceLocator',
+        '1.3.6.1.5.5.7.48.2*' => 'caIssuers',
+        '1.3.6.1.5.5.7.48.3*' => 'timeStamping',
+        '1.3.6.1.5.5.7.48.4*' => 'dvcs',
+        '1.3.6.1.5.5.7.48.5*' => 'caRepository',
+        '1.3.6.1.5.5.7.48.7*' => 'signedObjectRepository',
+        '1.3.6.1.5.5.7.48.10*' => 'rpkiManifest',
+        '1.3.6.1.5.5.7.48.11*' => 'signedObject',
+        '1.3.6.1.5.5.8.1.1*' => 'hmacMD5',
+        '1.3.6.1.5.5.8.1.2*' => 'hmacSHA',
+        '1.3.6.1.5.5.8.1.3*' => 'hmacTiger',
+        '1.3.6.1.5.5.8.2.2*' => 'iKEIntermediate',
+        '1.3.12.2.1011.7.1*' => 'decEncryptionAlgorithm',
+        '1.3.12.2.1011.7.1.2*' => 'decDEA',
+        '1.3.12.2.1011.7.2*' => 'decHashAlgorithm',
+        '1.3.12.2.1011.7.2.1*' => 'decMD2',
+        '1.3.12.2.1011.7.2.2*' => 'decMD4',
+        '1.3.12.2.1011.7.3*' => 'decSignatureAlgorithm',
+        '1.3.12.2.1011.7.3.1*' => 'decMD2withRSA',
+        '1.3.12.2.1011.7.3.2*' => 'decMD4withRSA',
+        '1.3.12.2.1011.7.3.3*' => 'decDEAMAC',
+        '1.3.14.2.26.5*' => 'sha',
+        '1.3.14.3.2.1.1*' => 'rsa',
+        '1.3.14.3.2.2*' => 'md4WitRSA',
+        '1.3.14.3.2.3*' => 'md5WithRSA',
+        '1.3.14.3.2.4*' => 'md4WithRSAEncryption',
+        '1.3.14.3.2.2.1*' => 'sqmod-N',
+        '1.3.14.3.2.3.1*' => 'sqmod-NwithRSA',
+        '1.3.14.3.2.6*' => 'desECB',
+        '1.3.14.3.2.7*' => 'desCBC',
+        '1.3.14.3.2.8*' => 'desOFB',
+        '1.3.14.3.2.9*' => 'desCFB',
+        '1.3.14.3.2.10*' => 'desMAC',
+        '1.3.14.3.2.11*' => 'rsaSignature',
+        '1.3.14.3.2.12*' => 'dsa',
+        '1.3.14.3.2.13*' => 'dsaWithSHA',
+        '1.3.14.3.2.14*' => 'mdc2WithRSASignature',
+        '1.3.14.3.2.15*' => 'shaWithRSASignature',
+        '1.3.14.3.2.16*' => 'dhWithCommonModulus',
+        '1.3.14.3.2.17*' => 'desEDE',
+        '1.3.14.3.2.18*' => 'sha',
+        '1.3.14.3.2.19*' => 'mdc-2',
+        '1.3.14.3.2.20*' => 'dsaCommon',
+        '1.3.14.3.2.21*' => 'dsaCommonWithSHA',
+        '1.3.14.3.2.22*' => 'rsaKeyTransport',
+        '1.3.14.3.2.23*' => 'keyed-hash-seal',
+        '1.3.14.3.2.24*' => 'md2WithRSASignature',
+        '1.3.14.3.2.25*' => 'md5WithRSASignature',
+        '1.3.14.3.2.26*' => 'sha1',
+        '1.3.14.3.2.27*' => 'dsaWithSHA1',
+        '1.3.14.3.2.28*' => 'dsaWithCommonSHA1',
+        #        '1.3.14.3.2.29*' => 'sha-1WithRSAEncryption',
+        '1.3.14.3.2.29*' => 'sha1WithRSAEncryption',
+        '1.3.14.3.3.1*' => 'simple-strong-auth-mechanism',
+        '1.3.14.7.2.1.1*' => 'ElGamal',
+        '1.3.14.7.2.3.1*' => 'md2WithRSA',
+        '1.3.14.7.2.3.2*' => 'md2WithElGamal',
+        '1.3.36.1*' => 'document',
+        '1.3.36.1.1*' => 'finalVersion',
+        '1.3.36.1.2*' => 'draft',
+        '1.3.36.2*' => 'sio',
+        '1.3.36.2.1*' => 'sedu',
+        '1.3.36.3*' => 'algorithm',
+        '1.3.36.3.1*' => 'encryptionAlgorithm',
+        '1.3.36.3.1.1*' => 'des',
+        '1.3.36.3.1.1.1*' => 'desECB_pad',
+        '1.3.36.3.1.1.1.1*' => 'desECB_ISOpad',
+        '1.3.36.3.1.1.2.1*' => 'desCBC_pad',
+        '1.3.36.3.1.1.2.1.1*' => 'desCBC_ISOpad',
+        '1.3.36.3.1.3*' => 'des_3',
+        '1.3.36.3.1.3.1.1*' => 'des_3ECB_pad',
+        '1.3.36.3.1.3.1.1.1*' => 'des_3ECB_ISOpad',
+        '1.3.36.3.1.3.2.1*' => 'des_3CBC_pad',
+        '1.3.36.3.1.3.2.1.1*' => 'des_3CBC_ISOpad',
+        '1.3.36.3.1.2*' => 'idea',
+        '1.3.36.3.1.2.1*' => 'ideaECB',
+        '1.3.36.3.1.2.1.1*' => 'ideaECB_pad',
+        '1.3.36.3.1.2.1.1.1*' => 'ideaECB_ISOpad',
+        '1.3.36.3.1.2.2*' => 'ideaCBC',
+        '1.3.36.3.1.2.2.1*' => 'ideaCBC_pad',
+        '1.3.36.3.1.2.2.1.1*' => 'ideaCBC_ISOpad',
+        '1.3.36.3.1.2.3*' => 'ideaOFB',
+        '1.3.36.3.1.2.4*' => 'ideaCFB',
+        '1.3.36.3.1.4*' => 'rsaEncryption',
+        '1.3.36.3.1.4.512.17*' => 'rsaEncryptionWithlmod512expe17',
+        '1.3.36.3.1.5*' => 'bsi-1',
+        '1.3.36.3.1.5.1*' => 'bsi_1ECB_pad',
+        '1.3.36.3.1.5.2*' => 'bsi_1CBC_pad',
+        '1.3.36.3.1.5.2.1*' => 'bsi_1CBC_PEMpad',
+        '1.3.36.3.2*' => 'hashAlgorithm',
+        '1.3.36.3.2.1*' => 'ripemd160',
+        '1.3.36.3.2.2*' => 'ripemd128',
+        '1.3.36.3.2.3*' => 'ripemd256',
+        '1.3.36.3.2.4*' => 'mdc2singleLength',
+        '1.3.36.3.2.5*' => 'mdc2doubleLength',
+        '1.3.36.3.3*' => 'signatureAlgorithm',
+        '1.3.36.3.3.1*' => 'rsaSignature',
+        '1.3.36.3.3.1.1*' => 'rsaSignatureWithsha1',
+        '1.3.36.3.3.1.1.512.2*' => 'rsaSignatureWithsha1_l512_l2',
+        '1.3.36.3.3.1.1.640.2*' => 'rsaSignatureWithsha1_l640_l2',
+        '1.3.36.3.3.1.1.768.2*' => 'rsaSignatureWithsha1_l768_l2',
+        '1.3.36.3.3.1.1.896.2*' => 'rsaSignatureWithsha1_l896_l2',
+        '1.3.36.3.3.1.1.1024.2*' => 'rsaSignatureWithsha1_l1024_l2',
+        '1.3.36.3.3.1.1.512.3*' => 'rsaSignatureWithsha1_l512_l3',
+        '1.3.36.3.3.1.1.640.3*' => 'rsaSignatureWithsha1_l640_l3',
+        '1.3.36.3.3.1.1.768.3*' => 'rsaSignatureWithsha1_l768_l3',
+        '1.3.36.3.3.1.1.896.3*' => 'rsaSignatureWithsha1_l896_l3',
+        '1.3.36.3.3.1.1.1024.3*' => 'rsaSignatureWithsha1_l1024_l3',
+        '1.3.36.3.3.1.1.512.5*' => 'rsaSignatureWithsha1_l512_l5',
+        '1.3.36.3.3.1.1.640.5*' => 'rsaSignatureWithsha1_l640_l5',
+        '1.3.36.3.3.1.1.768.5*' => 'rsaSignatureWithsha1_l768_l5',
+        '1.3.36.3.3.1.1.896.5*' => 'rsaSignatureWithsha1_l896_l5',
+        '1.3.36.3.3.1.1.1024.5*' => 'rsaSignatureWithsha1_l1024_l5',
+        '1.3.36.3.3.1.1.512.9*' => 'rsaSignatureWithsha1_l512_l9',
+        '1.3.36.3.3.1.1.640.9*' => 'rsaSignatureWithsha1_l640_l9',
+        '1.3.36.3.3.1.1.768.9*' => 'rsaSignatureWithsha1_l768_l9',
+        '1.3.36.3.3.1.1.896.9*' => 'rsaSignatureWithsha1_l896_l9',
+        '1.3.36.3.3.1.1.1024.9*' => 'rsaSignatureWithsha1_l1024_l9',
+        '1.3.36.3.3.1.1.512.11*' => 'rsaSignatureWithsha1_l512_l11',
+        '1.3.36.3.3.1.1.640.11*' => 'rsaSignatureWithsha1_l640_l11',
+        '1.3.36.3.3.1.1.768.11*' => 'rsaSignatureWithsha1_l768_l11',
+        '1.3.36.3.3.1.1.896.11*' => 'rsaSignatureWithsha1_l896_l11',
+        '1.3.36.3.3.1.1.1024.11*' => 'rsaSignatureWithsha1_l1024_l11',
+        '1.3.36.3.3.1.2*' => 'rsaSignatureWithripemd160',
+        '1.3.36.3.3.1.2.512.2*' => 'rsaSignatureWithripemd160_l512_l2',
+        '1.3.36.3.3.1.2.640.2*' => 'rsaSignatureWithripemd160_l640_l2',
+        '1.3.36.3.3.1.2.768.2*' => 'rsaSignatureWithripemd160_l768_l2',
+        '1.3.36.3.3.1.2.896.2*' => 'rsaSignatureWithripemd160_l896_l2',
+        '1.3.36.3.3.1.2.1024.2*' => 'rsaSignatureWithripemd160_l1024_l2',
+        '1.3.36.3.3.1.2.512.3*' => 'rsaSignatureWithripemd160_l512_l3',
+        '1.3.36.3.3.1.2.640.3*' => 'rsaSignatureWithripemd160_l640_l3',
+        '1.3.36.3.3.1.2.768.3*' => 'rsaSignatureWithripemd160_l768_l3',
+        '1.3.36.3.3.1.2.896.3*' => 'rsaSignatureWithripemd160_l896_l3',
+        '1.3.36.3.3.1.2.1024.3*' => 'rsaSignatureWithripemd160_l1024_l3',
+        '1.3.36.3.3.1.2.512.5*' => 'rsaSignatureWithripemd160_l512_l5',
+        '1.3.36.3.3.1.2.640.5*' => 'rsaSignatureWithripemd160_l640_l5',
+        '1.3.36.3.3.1.2.768.5*' => 'rsaSignatureWithripemd160_l768_l5',
+        '1.3.36.3.3.1.2.896.5*' => 'rsaSignatureWithripemd160_l896_l5',
+        '1.3.36.3.3.1.2.1024.5*' => 'rsaSignatureWithripemd160_l1024_l5',
+        '1.3.36.3.3.1.2.512.9*' => 'rsaSignatureWithripemd160_l512_l9',
+        '1.3.36.3.3.1.2.640.9*' => 'rsaSignatureWithripemd160_l640_l9',
+        '1.3.36.3.3.1.2.768.9*' => 'rsaSignatureWithripemd160_l768_l9',
+        '1.3.36.3.3.1.2.896.9*' => 'rsaSignatureWithripemd160_l896_l9',
+        '1.3.36.3.3.1.2.1024.9*' => 'rsaSignatureWithripemd160_l1024_l9',
+        '1.3.36.3.3.1.2.512.11*' => 'rsaSignatureWithripemd160_l512_l11',
+        '1.3.36.3.3.1.2.640.11*' => 'rsaSignatureWithripemd160_l640_l11',
+        '1.3.36.3.3.1.2.768.11*' => 'rsaSignatureWithripemd160_l768_l11',
+        '1.3.36.3.3.1.2.896.11*' => 'rsaSignatureWithripemd160_l896_l11',
+        '1.3.36.3.3.1.2.1024.11*' => 'rsaSignatureWithripemd160_l1024_l11',
+        '1.3.36.3.3.1.3*' => 'rsaSignatureWithrimpemd128',
+        '1.3.36.3.3.1.4*' => 'rsaSignatureWithrimpemd256',
+        '1.3.36.3.3.2*' => 'ecsieSign',
+        '1.3.36.3.3.2.1*' => 'ecsieSignWithsha1',
+        '1.3.36.3.3.2.2*' => 'ecsieSignWithripemd160',
+        '1.3.36.3.3.2.3*' => 'ecsieSignWithmd2',
+        '1.3.36.3.3.2.4*' => 'ecsieSignWithmd5',
+        '1.3.36.3.3.2.8.1.1.1*' => 'brainpoolP160r1',
+        '1.3.36.3.3.2.8.1.1.2*' => 'brainpoolP160t1',
+        '1.3.36.3.3.2.8.1.1.3*' => 'brainpoolP192r1',
+        '1.3.36.3.3.2.8.1.1.4*' => 'brainpoolP192t1',
+        '1.3.36.3.3.2.8.1.1.5*' => 'brainpoolP224r1',
+        '1.3.36.3.3.2.8.1.1.6*' => 'brainpoolP224t1',
+        '1.3.36.3.3.2.8.1.1.7*' => 'brainpoolP256r1',
+        '1.3.36.3.3.2.8.1.1.8*' => 'brainpoolP256t1',
+        '1.3.36.3.3.2.8.1.1.9*' => 'brainpoolP320r1',
+        '1.3.36.3.3.2.8.1.1.10*' => 'brainpoolP320t1',
+        '1.3.36.3.3.2.8.1.1.11*' => 'brainpoolP384r1',
+        '1.3.36.3.3.2.8.1.1.12*' => 'brainpoolP384t1',
+        '1.3.36.3.3.2.8.1.1.13*' => 'brainpoolP512r1',
+        '1.3.36.3.3.2.8.1.1.14*' => 'brainpoolP512t1',
+        '1.3.36.3.4*' => 'signatureScheme',
+        '1.3.36.3.4.1*' => 'sigS_ISO9796-1',
+        '1.3.36.3.4.2*' => 'sigS_ISO9796-2',
+        '1.3.36.3.4.2.1*' => 'sigS_ISO9796-2Withred',
+        '1.3.36.3.4.2.2*' => 'sigS_ISO9796-2Withrsa',
+        '1.3.36.3.4.2.3*' => 'sigS_ISO9796-2Withrnd',
+        '1.3.36.4*' => 'attribute',
+        '1.3.36.5*' => 'policy',
+        '1.3.36.6*' => 'api',
+        '1.3.36.6.1*' => 'manufacturer-specific_api',
+        '1.3.36.6.1.1*' => 'utimaco-api',
+        '1.3.36.6.2*' => 'functionality-specific_api',
+        '1.3.36.7*' => 'keymgmnt',
+        '1.3.36.7.1*' => 'keyagree',
+        '1.3.36.7.1.1*' => 'bsiPKE',
+        '1.3.36.7.2*' => 'keytrans',
+        '1.3.36.7.2.1*' => 'encISO9796-2Withrsa',
+        '1.3.36.8.1.1*' => 'Teletrust SigGConform policyIdentifier',
+        '1.3.36.8.2.1*' => 'directoryService',
+        '1.3.36.8.3.1*' => 'dateOfCertGen',
+        '1.3.36.8.3.2*' => 'procuration',
+        '1.3.36.8.3.3*' => 'admission',
+        '1.3.36.8.3.4*' => 'monetaryLimit',
+        '1.3.36.8.3.5*' => 'declarationOfMajority',
+        '1.3.36.8.3.6*' => 'integratedCircuitCardSerialNumber',
+        '1.3.36.8.3.7*' => 'pKReference',
+        '1.3.36.8.3.8*' => 'restriction',
+        '1.3.36.8.3.9*' => 'retrieveIfAllowed',
+        '1.3.36.8.3.10*' => 'requestedCertificate',
+        '1.3.36.8.3.11*' => 'namingAuthorities',
+        '1.3.36.8.3.11.1*' => 'rechtWirtschaftSteuern',
+        '1.3.36.8.3.11.1.1*' => 'rechtsanwaeltin',
+        '1.3.36.8.3.11.1.2*' => 'rechtsanwalt',
+        '1.3.36.8.3.11.1.3*' => 'rechtsBeistand',
+        '1.3.36.8.3.11.1.4*' => 'steuerBeraterin',
+        '1.3.36.8.3.11.1.5*' => 'steuerBerater',
+        '1.3.36.8.3.11.1.6*' => 'steuerBevollmaechtigte',
+        '1.3.36.8.3.11.1.7*' => 'steuerBevollmaechtigter',
+        '1.3.36.8.3.11.1.8*' => 'notarin',
+        '1.3.36.8.3.11.1.9*' => 'notar',
+        '1.3.36.8.3.11.1.10*' => 'notarVertreterin',
+        '1.3.36.8.3.11.1.11*' => 'notarVertreter',
+        '1.3.36.8.3.11.1.12*' => 'notariatsVerwalterin',
+        '1.3.36.8.3.11.1.13*' => 'notariatsVerwalter',
+        '1.3.36.8.3.11.1.14*' => 'wirtschaftsPrueferin',
+        '1.3.36.8.3.11.1.15*' => 'wirtschaftsPruefer',
+        '1.3.36.8.3.11.1.16*' => 'vereidigteBuchprueferin',
+        '1.3.36.8.3.11.1.17*' => 'vereidigterBuchpruefer',
+        '1.3.36.8.3.11.1.18*' => 'patentAnwaeltin',
+        '1.3.36.8.3.11.1.19*' => 'patentAnwalt',
+        '1.3.36.8.3.12*' => 'certInDirSince',
+        '1.3.36.8.3.13*' => 'certHash',
+        '1.3.36.8.3.14*' => 'nameAtBirth',
+        '1.3.36.8.3.15*' => 'additionalInformation',
+        '1.3.36.8.4.1*' => 'personalData',
+        '1.3.36.8.4.8*' => 'restriction',
+        '1.3.36.8.5.1.1.1*' => 'rsaIndicateSHA1',
+        '1.3.36.8.5.1.1.2*' => 'rsaIndicateRIPEMD160',
+        '1.3.36.8.5.1.1.3*' => 'rsaWithSHA1',
+        '1.3.36.8.5.1.1.4*' => 'rsaWithRIPEMD160',
+        '1.3.36.8.5.1.2.1*' => 'dsaExtended',
+        '1.3.36.8.5.1.2.2*' => 'dsaWithRIPEMD160',
+        '1.3.36.8.6.1*' => 'cert',
+        '1.3.36.8.6.2*' => 'certRef',
+        '1.3.36.8.6.3*' => 'attrCert',
+        '1.3.36.8.6.4*' => 'attrRef',
+        '1.3.36.8.6.5*' => 'fileName',
+        '1.3.36.8.6.6*' => 'storageTime',
+        '1.3.36.8.6.7*' => 'fileSize',
+        '1.3.36.8.6.8*' => 'location',
+        '1.3.36.8.6.9*' => 'sigNumber',
+        '1.3.36.8.6.10*' => 'autoGen',
+        '1.3.36.8.7.1.1*' => 'ptAdobeILL',
+        '1.3.36.8.7.1.2*' => 'ptAmiPro',
+        '1.3.36.8.7.1.3*' => 'ptAutoCAD',
+        '1.3.36.8.7.1.4*' => 'ptBinary',
+        '1.3.36.8.7.1.5*' => 'ptBMP',
+        '1.3.36.8.7.1.6*' => 'ptCGM',
+        '1.3.36.8.7.1.7*' => 'ptCorelCRT',
+        '1.3.36.8.7.1.8*' => 'ptCorelDRW',
+        '1.3.36.8.7.1.9*' => 'ptCorelEXC',
+        '1.3.36.8.7.1.10*' => 'ptCorelPHT',
+        '1.3.36.8.7.1.11*' => 'ptDraw',
+        '1.3.36.8.7.1.12*' => 'ptDVI',
+        '1.3.36.8.7.1.13*' => 'ptEPS',
+        '1.3.36.8.7.1.14*' => 'ptExcel',
+        '1.3.36.8.7.1.15*' => 'ptGEM',
+        '1.3.36.8.7.1.16*' => 'ptGIF',
+        '1.3.36.8.7.1.17*' => 'ptHPGL',
+        '1.3.36.8.7.1.18*' => 'ptJPEG',
+        '1.3.36.8.7.1.19*' => 'ptKodak',
+        '1.3.36.8.7.1.20*' => 'ptLaTeX',
+        '1.3.36.8.7.1.21*' => 'ptLotus',
+        '1.3.36.8.7.1.22*' => 'ptLotusPIC',
+        '1.3.36.8.7.1.23*' => 'ptMacPICT',
+        '1.3.36.8.7.1.24*' => 'ptMacWord',
+        '1.3.36.8.7.1.25*' => 'ptMSWfD',
+        '1.3.36.8.7.1.26*' => 'ptMSWord',
+        '1.3.36.8.7.1.27*' => 'ptMSWord2',
+        '1.3.36.8.7.1.28*' => 'ptMSWord6',
+        '1.3.36.8.7.1.29*' => 'ptMSWord8',
+        '1.3.36.8.7.1.30*' => 'ptPDF',
+        '1.3.36.8.7.1.31*' => 'ptPIF',
+        '1.3.36.8.7.1.32*' => 'ptPostscript',
+        '1.3.36.8.7.1.33*' => 'ptRTF',
+        '1.3.36.8.7.1.34*' => 'ptSCITEX',
+        '1.3.36.8.7.1.35*' => 'ptTAR',
+        '1.3.36.8.7.1.36*' => 'ptTarga',
+        '1.3.36.8.7.1.37*' => 'ptTeX',
+        '1.3.36.8.7.1.38*' => 'ptText',
+        '1.3.36.8.7.1.39*' => 'ptTIFF',
+        '1.3.36.8.7.1.40*' => 'ptTIFF-FC',
+        '1.3.36.8.7.1.41*' => 'ptUID',
+        '1.3.36.8.7.1.42*' => 'ptUUEncode',
+        '1.3.36.8.7.1.43*' => 'ptWordPerfect x',
+        '1.3.36.8.7.1.45*' => 'ptWPGrph',
+        '1.3.101.1.4*' => 'thawte-ce',
+        '1.3.101.1.4.1*' => 'strongExtranet',
+        '1.3.132.0.1*' => 'sect163k1',
+        '1.3.132.0.2*' => 'sect163r1',
+        '1.3.132.0.3*' => 'sect239k1',
+        '1.3.132.0.4*' => 'sect113r1',
+        '1.3.132.0.5*' => 'sect113r2',
+        '1.3.132.0.6*' => 'secp112r1',
+        '1.3.132.0.7*' => 'secp112r2',
+        '1.3.132.0.8*' => 'secp160r1',
+        '1.3.132.0.9*' => 'secp160k1',
+        '1.3.132.0.10*' => 'secp256k1',
+        '1.3.132.0.15*' => 'sect163r2',
+        '1.3.132.0.16*' => 'sect283k1',
+        '1.3.132.0.17*' => 'sect283r1',
+        '1.3.132.0.22*' => 'sect131r1',
+        '1.3.132.0.23*' => 'sect131r2',
+        '1.3.132.0.24*' => 'sect193r1',
+        '1.3.132.0.25*' => 'sect193r2',
+        '1.3.132.0.26*' => 'sect233k1',
+        '1.3.132.0.27*' => 'sect233r1',
+        '1.3.132.0.28*' => 'secp128r1',
+        '1.3.132.0.29*' => 'secp128r2',
+        '1.3.132.0.30*' => 'secp160r2',
+        '1.3.132.0.31*' => 'secp192k1',
+        '1.3.132.0.32*' => 'secp224k1',
+        '1.3.132.0.33*' => 'secp224r1',
+        '1.3.132.0.34*' => 'secp384r1',
+        '1.3.132.0.35*' => 'secp521r1',
+        '1.3.132.0.36*' => 'sect409k1',
+        '1.3.132.0.37*' => 'sect409r1',
+        '1.3.132.0.38*' => 'sect571k1',
+        '1.3.132.0.39*' => 'sect571r1',
+        '2.5.4.0*' => 'objectClass',
+        '2.5.4.1*' => 'aliasedEntryName',
+        '2.5.4.2*' => 'knowledgeInformation',
+        '2.5.4.3*' => 'commonName',
+        '2.5.4.4*' => 'surname',
+        '2.5.4.5*' => 'serialNumber',
+        '2.5.4.6*' => 'countryName',
+        '2.5.4.7*' => 'localityName',
+        '2.5.4.7.1*' => 'collectiveLocalityName',
+        '2.5.4.8*' => 'stateOrProvinceName',
+        '2.5.4.8.1*' => 'collectiveStateOrProvinceName',
+        '2.5.4.9*' => 'streetAddress',
+        '2.5.4.9.1*' => 'collectiveStreetAddress',
+        '2.5.4.10*' => 'organizationName',
+        '2.5.4.10.1*' => 'collectiveOrganizationName',
+        '2.5.4.11*' => 'organizationalUnitName',
+        '2.5.4.11.1*' => 'collectiveOrganizationalUnitName',
+        '2.5.4.12*' => 'title',
+        '2.5.4.13*' => 'description',
+        '2.5.4.14*' => 'searchGuide',
+        '2.5.4.15*' => 'businessCategory',
+        '2.5.4.16*' => 'postalAddress',
+        '2.5.4.16.1*' => 'collectivePostalAddress',
+        '2.5.4.17*' => 'postalCode',
+        '2.5.4.17.1*' => 'collectivePostalCode',
+        '2.5.4.18*' => 'postOfficeBox',
+        '2.5.4.18.1*' => 'collectivePostOfficeBox',
+        '2.5.4.19*' => 'physicalDeliveryOfficeName',
+        '2.5.4.19.1*' => 'collectivePhysicalDeliveryOfficeName',
+        '2.5.4.20*' => 'telephoneNumber',
+        '2.5.4.20.1*' => 'collectiveTelephoneNumber',
+        '2.5.4.21*' => 'telexNumber',
+        '2.5.4.21.1*' => 'collectiveTelexNumber',
+        '2.5.4.22*' => 'teletexTerminalIdentifier',
+        '2.5.4.22.1*' => 'collectiveTeletexTerminalIdentifier',
+        '2.5.4.23*' => 'facsimileTelephoneNumber',
+        '2.5.4.23.1*' => 'collectiveFacsimileTelephoneNumber',
+        '2.5.4.24*' => 'x121Address',
+        '2.5.4.25*' => 'internationalISDNNumber',
+        '2.5.4.25.1*' => 'collectiveInternationalISDNNumber',
+        '2.5.4.26*' => 'registeredAddress',
+        '2.5.4.27*' => 'destinationIndicator',
+        '2.5.4.28*' => 'preferredDeliveryMehtod',
+        '2.5.4.29*' => 'presentationAddress',
+        '2.5.4.30*' => 'supportedApplicationContext',
+        '2.5.4.31*' => 'member',
+        '2.5.4.32*' => 'owner',
+        '2.5.4.33*' => 'roleOccupant',
+        '2.5.4.34*' => 'seeAlso',
+        '2.5.4.35*' => 'userPassword',
+        '2.5.4.36*' => 'userCertificate',
+        '2.5.4.37*' => 'caCertificate',
+        '2.5.4.38*' => 'authorityRevocationList',
+        '2.5.4.39*' => 'certificateRevocationList',
+        '2.5.4.40*' => 'crossCertificatePair',
+        '2.5.4.41*' => 'name',
+        '2.5.4.42*' => 'givenName',
+        '2.5.4.43*' => 'initials',
+        '2.5.4.44*' => 'generationQualifier',
+        '2.5.4.45*' => 'uniqueIdentifier',
+        '2.5.4.46*' => 'dnQualifier',
+        '2.5.4.47*' => 'enhancedSearchGuide',
+        '2.5.4.48*' => 'protocolInformation',
+        '2.5.4.49*' => 'distinguishedName',
+        '2.5.4.50*' => 'uniqueMember',
+        '2.5.4.51*' => 'houseIdentifier',
+        '2.5.4.52*' => 'supportedAlgorithms',
+        '2.5.4.53*' => 'deltaRevocationList',
+        '2.5.4.54*' => 'dmdName',
+        '2.5.4.55*' => 'clearance',
+        '2.5.4.56*' => 'defaultDirQop',
+        '2.5.4.57*' => 'attributeIntegrityInfo',
+        '2.5.4.58*' => 'attributeCertificate',
+        '2.5.4.59*' => 'attributeCertificateRevocationList',
+        '2.5.4.60*' => 'confKeyInfo',
+        '2.5.4.61*' => 'aACertificate',
+        '2.5.4.62*' => 'attributeDescriptorCertificate',
+        '2.5.4.63*' => 'attributeAuthorityRevocationList',
+        '2.5.4.64*' => 'familyInformation',
+        '2.5.4.65*' => 'pseudonym',
+        '2.5.4.66*' => 'communicationsService',
+        '2.5.4.67*' => 'communicationsNetwork',
+        '2.5.4.68*' => 'certificationPracticeStmt',
+        '2.5.4.69*' => 'certificatePolicy',
+        '2.5.4.70*' => 'pkiPath',
+        '2.5.4.71*' => 'privPolicy',
+        '2.5.4.72*' => 'role',
+        '2.5.4.73*' => 'delegationPath',
+        '2.5.4.74*' => 'protPrivPolicy',
+        '2.5.4.75*' => 'xMLPrivilegeInfo',
+        '2.5.4.76*' => 'xmlPrivPolicy',
+        '2.5.4.82*' => 'permission',
+        '2.5.6.0*' => 'top',
+        '2.5.6.1*' => 'alias',
+        '2.5.6.2*' => 'country',
+        '2.5.6.3*' => 'locality',
+        '2.5.6.4*' => 'organization',
+        '2.5.6.5*' => 'organizationalUnit',
+        '2.5.6.6*' => 'person',
+        '2.5.6.7*' => 'organizationalPerson',
+        '2.5.6.8*' => 'organizationalRole',
+        '2.5.6.9*' => 'groupOfNames',
+        '2.5.6.10*' => 'residentialPerson',
+        '2.5.6.11*' => 'applicationProcess',
+        '2.5.6.12*' => 'applicationEntity',
+        '2.5.6.13*' => 'dSA',
+        '2.5.6.14*' => 'device',
+        '2.5.6.15*' => 'strongAuthenticationUser',
+        '2.5.6.16*' => 'certificateAuthority',
+        '2.5.6.17*' => 'groupOfUniqueNames',
+        '2.5.6.21*' => 'pkiUser',
+        '2.5.6.22*' => 'pkiCA',
+        '2.5.8.1.1*' => 'rsa',
+        '2.5.29.1*' => 'authorityKeyIdentifier',
+        '2.5.29.2*' => 'keyAttributes',
+        '2.5.29.3*' => 'certificatePolicies',
+        '2.5.29.4*' => 'keyUsageRestriction',
+        '2.5.29.5*' => 'policyMapping',
+        '2.5.29.6*' => 'subtreesConstraint',
+        '2.5.29.7*' => 'subjectAltName',
+        '2.5.29.8*' => 'issuerAltName',
+        '2.5.29.9*' => 'subjectDirectoryAttributes',
+        '2.5.29.10*' => 'basicConstraints',
+        '2.5.29.11*' => 'nameConstraints',
+        '2.5.29.12*' => 'policyConstraints',
+        '2.5.29.13*' => 'basicConstraints',
+        '2.5.29.14*' => 'subjectKeyIdentifier',
+        '2.5.29.15*' => 'keyUsage',
+        '2.5.29.16*' => 'privateKeyUsagePeriod',
+        '2.5.29.17*' => 'subjectAltName',
+        '2.5.29.18*' => 'issuerAltName',
+        '2.5.29.19*' => 'basicConstraints',
+        '2.5.29.20*' => 'cRLNumber',
+        '2.5.29.21*' => 'cRLReason',
+        '2.5.29.22*' => 'expirationDate',
+        '2.5.29.23*' => 'instructionCode',
+        '2.5.29.24*' => 'invalidityDate',
+        '2.5.29.25*' => 'cRLDistributionPoints',
+        '2.5.29.26*' => 'issuingDistributionPoint',
+        '2.5.29.27*' => 'deltaCRLIndicator',
+        '2.5.29.28*' => 'issuingDistributionPoint',
+        '2.5.29.29*' => 'certificateIssuer',
+        '2.5.29.30*' => 'nameConstraints',
+        '2.5.29.31*' => 'cRLDistributionPoints',
+        '2.5.29.32*' => 'certificatePolicies',
+        '2.5.29.32.0*' => 'anyPolicy',
+        '2.5.29.33*' => 'policyMappings',
+        '2.5.29.34*' => 'policyConstraints',
+        '2.5.29.35*' => 'authorityKeyIdentifier',
+        '2.5.29.36*' => 'policyConstraints',
+        '2.5.29.37*' => 'extKeyUsage',
+        '2.5.29.37.0*' => 'anyExtendedKeyUsage',
+        '2.5.29.38*' => 'authorityAttributeIdentifier',
+        '2.5.29.39*' => 'roleSpecCertIdentifier',
+        '2.5.29.40*' => 'cRLStreamIdentifier',
+        '2.5.29.41*' => 'basicAttConstraints',
+        '2.5.29.42*' => 'delegatedNameConstraints',
+        '2.5.29.43*' => 'timeSpecification',
+        '2.5.29.44*' => 'cRLScope',
+        '2.5.29.45*' => 'statusReferrals',
+        '2.5.29.46*' => 'freshestCRL',
+        '2.5.29.47*' => 'orderedList',
+        '2.5.29.48*' => 'attributeDescriptor',
+        '2.5.29.49*' => 'userNotice',
+        '2.5.29.50*' => 'sOAIdentifier',
+        '2.5.29.51*' => 'baseUpdateTime',
+        '2.5.29.52*' => 'acceptableCertPolicies',
+        '2.5.29.53*' => 'deltaInfo',
+        '2.5.29.54*' => 'inhibitAnyPolicy',
+        '2.5.29.55*' => 'targetInformation',
+        '2.5.29.56*' => 'noRevAvail',
+        '2.5.29.57*' => 'acceptablePrivilegePolicies',
+        '2.5.29.58*' => 'toBeRevoked',
+        '2.5.29.59*' => 'revokedGroups',
+        '2.5.29.60*' => 'expiredCertsOnCRL',
+        '2.5.29.61*' => 'indirectIssuer',
+        '2.5.29.62*' => 'noAssertion',
+        '2.5.29.63*' => 'aAissuingDistributionPoint',
+        '2.5.29.64*' => 'issuedOnBehalfOf',
+        '2.5.29.65*' => 'singleUse',
+        '2.5.29.66*' => 'groupAC',
+        '2.5.29.67*' => 'allowedAttAss',
+        '2.5.29.68*' => 'attributeMappings',
+        '2.5.29.69*' => 'holderNameConstraints',
+        '2.16.840.1.101.2.1.1.1*' => 'sdnsSignatureAlgorithm',
+        '2.16.840.1.101.2.1.1.2*' => 'fortezzaSignatureAlgorithm',
+        '2.16.840.1.101.2.1.1.3*' => 'sdnsConfidentialityAlgorithm',
+        '2.16.840.1.101.2.1.1.4*' => 'fortezzaConfidentialityAlgorithm',
+        '2.16.840.1.101.2.1.1.5*' => 'sdnsIntegrityAlgorithm',
+        '2.16.840.1.101.2.1.1.6*' => 'fortezzaIntegrityAlgorithm',
+        '2.16.840.1.101.2.1.1.7*' => 'sdnsTokenProtectionAlgorithm',
+        '2.16.840.1.101.2.1.1.8*' => 'fortezzaTokenProtectionAlgorithm',
+        '2.16.840.1.101.2.1.1.9*' => 'sdnsKeyManagementAlgorithm',
+        '2.16.840.1.101.2.1.1.10*' => 'fortezzaKeyManagementAlgorithm',
+        '2.16.840.1.101.2.1.1.11*' => 'sdnsKMandSigAlgorithm',
+        '2.16.840.1.101.2.1.1.12*' => 'fortezzaKMandSigAlgorithm',
+        '2.16.840.1.101.2.1.1.13*' => 'suiteASignatureAlgorithm',
+        '2.16.840.1.101.2.1.1.14*' => 'suiteAConfidentialityAlgorithm',
+        '2.16.840.1.101.2.1.1.15*' => 'suiteAIntegrityAlgorithm',
+        '2.16.840.1.101.2.1.1.16*' => 'suiteATokenProtectionAlgorithm',
+        '2.16.840.1.101.2.1.1.17*' => 'suiteAKeyManagementAlgorithm',
+        '2.16.840.1.101.2.1.1.18*' => 'suiteAKMandSigAlgorithm',
+        '2.16.840.1.101.2.1.1.19*' => 'fortezzaUpdatedSigAlgorithm',
+        '2.16.840.1.101.2.1.1.20*' => 'fortezzaKMandUpdSigAlgorithms',
+        '2.16.840.1.101.2.1.1.21*' => 'fortezzaUpdatedIntegAlgorithm',
+        '2.16.840.1.101.2.1.1.22*' => 'keyExchangeAlgorithm',
+        '2.16.840.1.101.2.1.1.23*' => 'fortezzaWrap80Algorithm',
+        '2.16.840.1.101.2.1.1.24*' => 'kEAKeyEncryptionAlgorithm',
+        '2.16.840.1.101.2.1.2.1*' => 'rfc822MessageFormat',
+        '2.16.840.1.101.2.1.2.2*' => 'emptyContent',
+        '2.16.840.1.101.2.1.2.3*' => 'cspContentType',
+        '2.16.840.1.101.2.1.2.42*' => 'mspRev3ContentType',
+        '2.16.840.1.101.2.1.2.48*' => 'mspContentType',
+        '2.16.840.1.101.2.1.2.49*' => 'mspRekeyAgentProtocol',
+        '2.16.840.1.101.2.1.2.50*' => 'mspMMP',
+        '2.16.840.1.101.2.1.2.66*' => 'mspRev3-1ContentType',
+        '2.16.840.1.101.2.1.2.72*' => 'forwardedMSPMessageBodyPart',
+        '2.16.840.1.101.2.1.2.73*' => 'mspForwardedMessageParameters',
+        '2.16.840.1.101.2.1.2.74*' => 'forwardedCSPMsgBodyPart',
+        '2.16.840.1.101.2.1.2.75*' => 'cspForwardedMessageParameters',
+        '2.16.840.1.101.2.1.2.76*' => 'mspMMP2',
+        '2.16.840.1.101.2.1.3.1*' => 'sdnsSecurityPolicy',
+        '2.16.840.1.101.2.1.3.2*' => 'sdnsPRBAC',
+        '2.16.840.1.101.2.1.3.3*' => 'mosaicPRBAC',
+        '2.16.840.1.101.2.1.3.10*' => 'siSecurityPolicy',
+        '2.16.840.1.101.2.1.3.10.0*' => 'siNASP',
+        '2.16.840.1.101.2.1.3.10.1*' => 'siELCO',
+        '2.16.840.1.101.2.1.3.10.2*' => 'siTK',
+        '2.16.840.1.101.2.1.3.10.3*' => 'siDSAP',
+        '2.16.840.1.101.2.1.3.10.4*' => 'siSSSS',
+        '2.16.840.1.101.2.1.3.10.5*' => 'siDNASP',
+        '2.16.840.1.101.2.1.3.10.6*' => 'siBYEMAN',
+        '2.16.840.1.101.2.1.3.10.7*' => 'siREL-US',
+        '2.16.840.1.101.2.1.3.10.8*' => 'siREL-AUS',
+        '2.16.840.1.101.2.1.3.10.9*' => 'siREL-CAN',
+        '2.16.840.1.101.2.1.3.10.10*' => 'siREL_UK',
+        '2.16.840.1.101.2.1.3.10.11*' => 'siREL-NZ',
+        '2.16.840.1.101.2.1.3.10.12*' => 'siGeneric',
+        '2.16.840.1.101.2.1.3.11*' => 'genser',
+        '2.16.840.1.101.2.1.3.11.0*' => 'genserNations',
+        '2.16.840.1.101.2.1.3.11.1*' => 'genserComsec',
+        '2.16.840.1.101.2.1.3.11.2*' => 'genserAcquisition',
+        '2.16.840.1.101.2.1.3.11.3*' => 'genserSecurityCategories',
+        '2.16.840.1.101.2.1.3.11.3.0*' => 'genserTagSetName',
+        '2.16.840.1.101.2.1.3.12*' => 'defaultSecurityPolicy',
+        '2.16.840.1.101.2.1.3.13*' => 'capcoMarkings',
+        '2.16.840.1.101.2.1.3.13.0*' => 'capcoSecurityCategories',
+        '2.16.840.1.101.2.1.3.13.0.1*' => 'capcoTagSetName1',
+        '2.16.840.1.101.2.1.3.13.0.2*' => 'capcoTagSetName2',
+        '2.16.840.1.101.2.1.3.13.0.3*' => 'capcoTagSetName3',
+        '2.16.840.1.101.2.1.3.13.0.4*' => 'capcoTagSetName4',
+        '2.16.840.1.101.2.1.5.1*' => 'sdnsKeyManagementCertificate',
+        '2.16.840.1.101.2.1.5.2*' => 'sdnsUserSignatureCertificate',
+        '2.16.840.1.101.2.1.5.3*' => 'sdnsKMandSigCertificate',
+        '2.16.840.1.101.2.1.5.4*' => 'fortezzaKeyManagementCertificate',
+        '2.16.840.1.101.2.1.5.5*' => 'fortezzaKMandSigCertificate',
+        '2.16.840.1.101.2.1.5.6*' => 'fortezzaUserSignatureCertificate',
+        '2.16.840.1.101.2.1.5.7*' => 'fortezzaCASignatureCertificate',
+        '2.16.840.1.101.2.1.5.8*' => 'sdnsCASignatureCertificate',
+        '2.16.840.1.101.2.1.5.10*' => 'auxiliaryVector',
+        '2.16.840.1.101.2.1.5.11*' => 'mlReceiptPolicy',
+        '2.16.840.1.101.2.1.5.12*' => 'mlMembership',
+        '2.16.840.1.101.2.1.5.13*' => 'mlAdministrators',
+        '2.16.840.1.101.2.1.5.14*' => 'alid',
+        '2.16.840.1.101.2.1.5.20*' => 'janUKMs',
+        '2.16.840.1.101.2.1.5.21*' => 'febUKMs',
+        '2.16.840.1.101.2.1.5.22*' => 'marUKMs',
+        '2.16.840.1.101.2.1.5.23*' => 'aprUKMs',
+        '2.16.840.1.101.2.1.5.24*' => 'mayUKMs',
+        '2.16.840.1.101.2.1.5.25*' => 'junUKMs',
+        '2.16.840.1.101.2.1.5.26*' => 'julUKMs',
+        '2.16.840.1.101.2.1.5.27*' => 'augUKMs',
+        '2.16.840.1.101.2.1.5.28*' => 'sepUKMs',
+        '2.16.840.1.101.2.1.5.29*' => 'octUKMs',
+        '2.16.840.1.101.2.1.5.30*' => 'novUKMs',
+        '2.16.840.1.101.2.1.5.31*' => 'decUKMs',
+        '2.16.840.1.101.2.1.5.40*' => 'metaSDNSckl',
+        '2.16.840.1.101.2.1.5.41*' => 'sdnsCKL',
+        '2.16.840.1.101.2.1.5.42*' => 'metaSDNSsignatureCKL',
+        '2.16.840.1.101.2.1.5.43*' => 'sdnsSignatureCKL',
+        '2.16.840.1.101.2.1.5.44*' => 'sdnsCertificateRevocationList',
+        '2.16.840.1.101.2.1.5.45*' => 'fortezzaCertificateRevocationList',
+        '2.16.840.1.101.2.1.5.46*' => 'fortezzaCKL',
+        '2.16.840.1.101.2.1.5.47*' => 'alExemptedAddressProcessor',
+        '2.16.840.1.101.2.1.5.48*' => 'guard',
+        '2.16.840.1.101.2.1.5.49*' => 'algorithmsSupported',
+        '2.16.840.1.101.2.1.5.50*' => 'suiteAKeyManagementCertificate',
+        '2.16.840.1.101.2.1.5.51*' => 'suiteAKMandSigCertificate',
+        '2.16.840.1.101.2.1.5.52*' => 'suiteAUserSignatureCertificate',
+        '2.16.840.1.101.2.1.5.53*' => 'prbacInfo',
+        '2.16.840.1.101.2.1.5.54*' => 'prbacCAConstraints',
+        '2.16.840.1.101.2.1.5.55*' => 'sigOrKMPrivileges',
+        '2.16.840.1.101.2.1.5.56*' => 'commPrivileges',
+        '2.16.840.1.101.2.1.5.57*' => 'labeledAttribute',
+        '2.16.840.1.101.2.1.5.58*' => 'policyInformationFile',
+        '2.16.840.1.101.2.1.5.59*' => 'secPolicyInformationFile',
+        '2.16.840.1.101.2.1.5.60*' => 'cAClearanceConstraint',
+        '2.16.840.1.101.2.1.7.1*' => 'cspExtns',
+        '2.16.840.1.101.2.1.7.1.0*' => 'cspCsExtn',
+        '2.16.840.1.101.2.1.8.1*' => 'mISSISecurityCategories',
+        '2.16.840.1.101.2.1.8.2*' => 'standardSecurityLabelPrivileges',
+        '2.16.840.1.101.2.1.10.1*' => 'sigPrivileges',
+        '2.16.840.1.101.2.1.10.2*' => 'kmPrivileges',
+        '2.16.840.1.101.2.1.10.3*' => 'namedTagSetPrivilege',
+        '2.16.840.1.101.2.1.11.1*' => 'ukDemo',
+        '2.16.840.1.101.2.1.11.2*' => 'usDODClass2',
+        '2.16.840.1.101.2.1.11.3*' => 'usMediumPilot',
+        '2.16.840.1.101.2.1.11.4*' => 'usDODClass4',
+        '2.16.840.1.101.2.1.11.5*' => 'usDODClass3',
+        '2.16.840.1.101.2.1.11.6*' => 'usDODClass5',
+        '2.16.840.1.101.2.1.12.0*' => 'testSecurityPolicy',
+        '2.16.840.1.101.2.1.12.0.1*' => 'tsp1',
+        '2.16.840.1.101.2.1.12.0.1.0*' => 'tsp1SecurityCategories',
+        '2.16.840.1.101.2.1.12.0.1.0.0*' => 'tsp1TagSetZero',
+        '2.16.840.1.101.2.1.12.0.1.0.1*' => 'tsp1TagSetOne',
+        '2.16.840.1.101.2.1.12.0.1.0.2*' => 'tsp1TagSetTwo',
+        '2.16.840.1.101.2.1.12.0.2*' => 'tsp2',
+        '2.16.840.1.101.2.1.12.0.2.0*' => 'tsp2SecurityCategories',
+        '2.16.840.1.101.2.1.12.0.2.0.0*' => 'tsp2TagSetZero',
+        '2.16.840.1.101.2.1.12.0.2.0.1*' => 'tsp2TagSetOne',
+        '2.16.840.1.101.2.1.12.0.2.0.2*' => 'tsp2TagSetTwo',
+        '2.16.840.1.101.2.1.12.0.3*' => 'kafka',
+        '2.16.840.1.101.2.1.12.0.3.0*' => 'kafkaSecurityCategories',
+        '2.16.840.1.101.2.1.12.0.3.0.1*' => 'kafkaTagSetName1',
+        '2.16.840.1.101.2.1.12.0.3.0.2*' => 'kafkaTagSetName2',
+        '2.16.840.1.101.2.1.12.0.3.0.3*' => 'kafkaTagSetName3',
+        '2.16.840.1.101.2.1.12.1.1*' => 'tcp1',
+        '2.16.840.1.101.3.1*' => 'slabel',
+        '2.16.840.1.101.3.2*' => 'pki',
+        '2.16.840.1.101.3.2.1*' => 'NIST policyIdentifier',
+        '2.16.840.1.101.3.2.1.3.1*' => 'fbcaRudimentaryPolicy',
+        '2.16.840.1.101.3.2.1.3.2*' => 'fbcaBasicPolicy',
+        '2.16.840.1.101.3.2.1.3.3*' => 'fbcaMediumPolicy',
+        '2.16.840.1.101.3.2.1.3.4*' => 'fbcaHighPolicy',
+        '2.16.840.1.101.3.2.1.48.1*' => 'nistTestPolicy1',
+        '2.16.840.1.101.3.2.1.48.2*' => 'nistTestPolicy2',
+        '2.16.840.1.101.3.2.1.48.3*' => 'nistTestPolicy3',
+        '2.16.840.1.101.3.2.1.48.4*' => 'nistTestPolicy4',
+        '2.16.840.1.101.3.2.1.48.5*' => 'nistTestPolicy5',
+        '2.16.840.1.101.3.2.1.48.6*' => 'nistTestPolicy6',
+        '2.16.840.1.101.3.2.2*' => 'gak',
+        '2.16.840.1.101.3.2.2.1*' => 'kRAKey',
+        '2.16.840.1.101.3.2.3*' => 'extensions',
+        '2.16.840.1.101.3.2.3.1*' => 'kRTechnique',
+        '2.16.840.1.101.3.2.3.2*' => 'kRecoveryCapable',
+        '2.16.840.1.101.3.2.3.3*' => 'kR',
+        '2.16.840.1.101.3.2.4*' => 'keyRecoverySchemes',
+        '2.16.840.1.101.3.2.5*' => 'krapola',
+        '2.16.840.1.101.3.3*' => 'arpa',
+        '2.16.840.1.101.3.4*' => 'nistAlgorithm',
+        '2.16.840.1.101.3.4.1*' => 'aes',
+        '2.16.840.1.101.3.4.1.1*' => 'aes128-ECB',
+        '2.16.840.1.101.3.4.1.2*' => 'aes128-CBC',
+        '2.16.840.1.101.3.4.1.3*' => 'aes128-OFB',
+        '2.16.840.1.101.3.4.1.4*' => 'aes128-CFB',
+        '2.16.840.1.101.3.4.1.5*' => 'aes128-wrap',
+        '2.16.840.1.101.3.4.1.6*' => 'aes128-GCM',
+        '2.16.840.1.101.3.4.1.7*' => 'aes128-CCM',
+        '2.16.840.1.101.3.4.1.8*' => 'aes128-wrap-pad',
+        '2.16.840.1.101.3.4.1.21*' => 'aes192-ECB',
+        '2.16.840.1.101.3.4.1.22*' => 'aes192-CBC',
+        '2.16.840.1.101.3.4.1.23*' => 'aes192-OFB',
+        '2.16.840.1.101.3.4.1.24*' => 'aes192-CFB',
+        '2.16.840.1.101.3.4.1.25*' => 'aes192-wrap',
+        '2.16.840.1.101.3.4.1.26*' => 'aes192-GCM',
+        '2.16.840.1.101.3.4.1.27*' => 'aes192-CCM',
+        '2.16.840.1.101.3.4.1.28*' => 'aes192-wrap-pad',
+        '2.16.840.1.101.3.4.1.41*' => 'aes256-ECB',
+        '2.16.840.1.101.3.4.1.42*' => 'aes256-CBC',
+        '2.16.840.1.101.3.4.1.43*' => 'aes256-OFB',
+        '2.16.840.1.101.3.4.1.44*' => 'aes256-CFB',
+        '2.16.840.1.101.3.4.1.45*' => 'aes256-wrap',
+        '2.16.840.1.101.3.4.1.46*' => 'aes256-GCM',
+        '2.16.840.1.101.3.4.1.47*' => 'aes256-CCM',
+        '2.16.840.1.101.3.4.1.48*' => 'aes256-wrap-pad',
+        '2.16.840.1.101.3.4.2*' => 'hashAlgos',
+        '2.16.840.1.101.3.4.2.1*' => 'sha-256',
+        '2.16.840.1.101.3.4.2.2*' => 'sha-384',
+        '2.16.840.1.101.3.4.2.3*' => 'sha-512',
+        '2.16.840.1.101.3.4.2.4*' => 'sha-224',
+        '2.16.840.1.101.3.4.3.1*' => 'dsaWithSha224',
+        '2.16.840.1.101.3.4.3.2*' => 'dsaWithSha256',
+        '2.16.840.1.113719.1.2.8*' => 'novellAlgorithm',
+        '2.16.840.1.113719.1.2.8.22*' => 'desCbcIV8',
+        '2.16.840.1.113719.1.2.8.23*' => 'desCbcPadIV8',
+        '2.16.840.1.113719.1.2.8.24*' => 'desEDE2CbcIV8',
+        '2.16.840.1.113719.1.2.8.25*' => 'desEDE2CbcPadIV8',
+        '2.16.840.1.113719.1.2.8.26*' => 'desEDE3CbcIV8',
+        '2.16.840.1.113719.1.2.8.27*' => 'desEDE3CbcPadIV8',
+        '2.16.840.1.113719.1.2.8.28*' => 'rc5CbcPad',
+        '2.16.840.1.113719.1.2.8.29*' => 'md2WithRSAEncryptionBSafe1',
+        '2.16.840.1.113719.1.2.8.30*' => 'md5WithRSAEncryptionBSafe1',
+        '2.16.840.1.113719.1.2.8.31*' => 'sha1WithRSAEncryptionBSafe1',
+        '2.16.840.1.113719.1.2.8.32*' => 'lmDigest',
+        '2.16.840.1.113719.1.2.8.40*' => 'md2',
+        '2.16.840.1.113719.1.2.8.50*' => 'md5',
+        '2.16.840.1.113719.1.2.8.51*' => 'ikeHmacWithSHA1-RSA',
+        '2.16.840.1.113719.1.2.8.52*' => 'ikeHmacWithMD5-RSA',
+        '2.16.840.1.113719.1.2.8.69*' => 'rc2CbcPad',
+        '2.16.840.1.113719.1.2.8.82*' => 'sha-1',
+        '2.16.840.1.113719.1.2.8.92*' => 'rc2BSafe1Cbc',
+        '2.16.840.1.113719.1.2.8.95*' => 'md4',
+        '2.16.840.1.113719.1.2.8.130*' => 'md4Packet',
+        '2.16.840.1.113719.1.2.8.131*' => 'rsaEncryptionBsafe1',
+        '2.16.840.1.113719.1.2.8.132*' => 'nwPassword',
+        '2.16.840.1.113719.1.2.8.133*' => 'novellObfuscate-1',
+        '2.16.840.1.113719.1.9*' => 'pki',
+        '2.16.840.1.113719.1.9.4*' => 'pkiAttributeType',
+        '2.16.840.1.113719.1.9.4.1*' => 'securityAttributes',
+        '2.16.840.1.113719.1.9.4.2*' => 'relianceLimit',
+        '2.16.840.1.113730.1*' => 'cert-extension',
+        '2.16.840.1.113730.1.1*' => 'netscape-cert-type',
+        '2.16.840.1.113730.1.2*' => 'netscape-base-url',
+        '2.16.840.1.113730.1.3*' => 'netscape-revocation-url',
+        '2.16.840.1.113730.1.4*' => 'netscape-ca-revocation-url',
+        '2.16.840.1.113730.1.7*' => 'netscape-cert-renewal-url',
+        '2.16.840.1.113730.1.8*' => 'netscape-ca-policy-url',
+        '2.16.840.1.113730.1.9*' => 'HomePage-url',
+        '2.16.840.1.113730.1.10*' => 'EntityLogo',
+        '2.16.840.1.113730.1.11*' => 'UserPicture',
+        '2.16.840.1.113730.1.12*' => 'netscape-ssl-server-name',
+        '2.16.840.1.113730.1.13*' => 'netscape-comment',
+        '2.16.840.1.113730.2*' => 'data-type',
+        '2.16.840.1.113730.2.1*' => 'dataGIF',
+        '2.16.840.1.113730.2.2*' => 'dataJPEG',
+        '2.16.840.1.113730.2.3*' => 'dataURL',
+        '2.16.840.1.113730.2.4*' => 'dataHTML',
+        '2.16.840.1.113730.2.5*' => 'certSequence',
+        '2.16.840.1.113730.2.6*' => 'certURL',
+        '2.16.840.1.113730.3*' => 'directory',
+        '2.16.840.1.113730.3.1*' => 'ldapDefinitions',
+        '2.16.840.1.113730.3.1.1*' => 'carLicense',
+        '2.16.840.1.113730.3.1.2*' => 'departmentNumber',
+        '2.16.840.1.113730.3.1.3*' => 'employeeNumber',
+        '2.16.840.1.113730.3.1.4*' => 'employeeType',
+        '2.16.840.1.113730.3.2.2*' => 'inetOrgPerson',
+        '2.16.840.1.113730.4.1*' => 'serverGatedCrypto',
+        '2.16.840.1.113733.1.6.3*' => 'verisignCZAG',
+        '2.16.840.1.113733.1.6.6*' => 'verisignInBox',
+        '2.16.840.1.113733.1.6.11*' => 'verisignOnsiteJurisdictionHash',
+        '2.16.840.1.113733.1.6.13*' => 'Unknown Verisign VPN extension',
+        '2.16.840.1.113733.1.6.15*' => 'verisignServerID',
+        '2.16.840.1.113733.1.7.1.1*' => 'verisignCertPolicies95Qualifier1',
+        '2.16.840.1.113733.1.7.1.1.1*' => 'verisignCPSv1notice',
+        '2.16.840.1.113733.1.7.1.1.2*' => 'verisignCPSv1nsi',
+        '2.16.840.1.113733.1.7.23.6*' => 'VeriSign EV policy',
+        '2.16.840.1.113733.1.8.1*' => 'verisignISSStrongCrypto',
+        '2.16.840.1.113733.1*' => 'pki',
+        '2.16.840.1.113733.1.9*' => 'pkcs7Attribute',
+        '2.16.840.1.113733.1.9.2*' => 'messageType',
+        '2.16.840.1.113733.1.9.3*' => 'pkiStatus',
+        '2.16.840.1.113733.1.9.4*' => 'failInfo',
+        '2.16.840.1.113733.1.9.5*' => 'senderNonce',
+        '2.16.840.1.113733.1.9.6*' => 'recipientNonce',
+        '2.16.840.1.113733.1.9.7*' => 'transID',
+        '2.16.840.1.113733.1.9.8*' => 'extensionReq',
+        '2.16.840.1.114412.1.3.0.1*' => 'digiCertGlobalCAPolicy',
+        '2.16.840.1.114412.1.3.0.2*' => 'digiCertHighAssuranceEVCAPolicy',
+        '2.16.840.1.114412.1.3.0.3*' => 'digiCertGlobalRootCAPolicy',
+        '2.16.840.1.114412.1.3.0.4*' => 'digiCertAssuredIDRootCAPolicy',
+        '2.23.42.0*' => 'contentType',
+        '2.23.42.0.0*' => 'panData',
+        '2.23.42.0.1*' => 'panToken',
+        '2.23.42.0.2*' => 'panOnly',
+        '2.23.42.1*' => 'msgExt',
+        '2.23.42.2*' => 'field',
+        '2.23.42.2.0*' => 'fullName',
+        '2.23.42.2.1*' => 'givenName',
+        '2.23.42.2.2*' => 'familyName',
+        '2.23.42.2.3*' => 'birthFamilyName',
+        '2.23.42.2.4*' => 'placeName',
+        '2.23.42.2.5*' => 'identificationNumber',
+        '2.23.42.2.6*' => 'month',
+        '2.23.42.2.7*' => 'date',
+        '2.23.42.2.8*' => 'address',
+        '2.23.42.2.9*' => 'telephone',
+        '2.23.42.2.10*' => 'amount',
+        '2.23.42.2.11*' => 'accountNumber',
+        '2.23.42.2.12*' => 'passPhrase',
+        '2.23.42.3*' => 'attribute',
+        '2.23.42.3.0*' => 'cert',
+        '2.23.42.3.0.0*' => 'rootKeyThumb',
+        '2.23.42.3.0.1*' => 'additionalPolicy',
+        '2.23.42.4*' => 'algorithm',
+        '2.23.42.5*' => 'policy',
+        '2.23.42.5.0*' => 'root',
+        '2.23.42.6*' => 'module',
+        '2.23.42.7*' => 'certExt',
+        '2.23.42.7.0*' => 'hashedRootKey',
+        '2.23.42.7.1*' => 'certificateType',
+        '2.23.42.7.2*' => 'merchantData',
+        '2.23.42.7.3*' => 'cardCertRequired',
+        '2.23.42.7.4*' => 'tunneling',
+        '2.23.42.7.5*' => 'setExtensions',
+        '2.23.42.7.6*' => 'setQualifier',
+        '2.23.42.8*' => 'brand',
+        '2.23.42.8.1*' => 'IATA-ATA',
+        '2.23.42.8.4*' => 'VISA',
+        '2.23.42.8.5*' => 'MasterCard',
+        '2.23.42.8.30*' => 'Diners',
+        '2.23.42.8.34*' => 'AmericanExpress',
+        '2.23.42.8.6011*' => 'Novus',
+        '2.23.42.9*' => 'vendor',
+        '2.23.42.9.0*' => 'GlobeSet',
+        '2.23.42.9.1*' => 'IBM',
+        '2.23.42.9.2*' => 'CyberCash',
+        '2.23.42.9.3*' => 'Terisa',
+        '2.23.42.9.4*' => 'RSADSI',
+        '2.23.42.9.5*' => 'VeriFone',
+        '2.23.42.9.6*' => 'TrinTech',
+        '2.23.42.9.7*' => 'BankGate',
+        '2.23.42.9.8*' => 'GTE',
+        '2.23.42.9.9*' => 'CompuSource',
+        '2.23.42.9.10*' => 'Griffin',
+        '2.23.42.9.11*' => 'Certicom',
+        '2.23.42.9.12*' => 'OSS',
+        '2.23.42.9.13*' => 'TenthMountain',
+        '2.23.42.9.14*' => 'Antares',
+        '2.23.42.9.15*' => 'ECC',
+        '2.23.42.9.16*' => 'Maithean',
+        '2.23.42.9.17*' => 'Netscape',
+        '2.23.42.9.18*' => 'Verisign',
+        '2.23.42.9.19*' => 'BlueMoney',
+        '2.23.42.9.20*' => 'Lacerte',
+        '2.23.42.9.21*' => 'Fujitsu',
+        '2.23.42.9.22*' => 'eLab',
+        '2.23.42.9.23*' => 'Entrust',
+        '2.23.42.9.24*' => 'VIAnet',
+        '2.23.42.9.25*' => 'III',
+        '2.23.42.9.26*' => 'OpenMarket',
+        '2.23.42.9.27*' => 'Lexem',
+        '2.23.42.9.28*' => 'Intertrader',
+        '2.23.42.9.29*' => 'Persimmon',
+        '2.23.42.9.30*' => 'NABLE',
+        '2.23.42.9.31*' => 'espace-net',
+        '2.23.42.9.32*' => 'Hitachi',
+        '2.23.42.9.33*' => 'Microsoft',
+        '2.23.42.9.34*' => 'NEC',
+        '2.23.42.9.35*' => 'Mitsubishi',
+        '2.23.42.9.36*' => 'NCR',
+        '2.23.42.9.37*' => 'e-COMM',
+        '2.23.42.9.38*' => 'Gemplus',
+        '2.23.42.10*' => 'national',
+        '2.23.42.10.392*' => 'Japan',
+        '2.23.136.1.1.1*' => 'mRTDSignatureData',
+        '2.54.1775.2*' => 'hashedRootKey',
+        '2.54.1775.3*' => 'certificateType',
+        '2.54.1775.4*' => 'merchantData',
+        '2.54.1775.5*' => 'cardCertRequired',
+        '2.54.1775.6*' => 'tunneling',
+        '2.54.1775.7*' => 'setQualifier',
+        '2.54.1775.99*' => 'setData',
+        '1.3.6.1.4.1.6449.1.2.1.5.1*' => 'UTN-USERFirst EV policy',
+        '1.3.6.1.4.1.34697.2.1*' => 'AffirmTrust EV policy',
+        '1.3.6.1.4.1.34697.2.2*' => 'AffirmTrust EV policy',
+        '1.3.6.1.4.1.34697.2.3*' => 'AffirmTrust EV policy',
+        '1.3.6.1.4.1.34697.2.4*' => 'AffirmTrust EV policy',
+        '1.3.6.1.4.1.22234.2.5.2.3.1*' => 'CertPlus EV policy',
+        '1.3.6.1.4.1.6334.1.100.1*' => 'GTE CyberTrust EV policy',
+        '2.16.840.1.114412.2.1*' => 'DigiCert EV policy',
+        '2.16.528.1.1001.1.1.1.12.6.1.1.1*' => 'DigiNotar EV policy',
+        '2.16.840.1.114028.10.1.2*' => 'Entrust EV policy',
+        '1.3.6.1.4.1.14370.1.6*' => 'GeoTrust EV policy',
+        '1.3.6.1.4.1.4146.1.1*' => 'GlobalSign EV policy',
+        '2.16.840.1.114413.1.7.23.3*' => 'ValiCert EV policy',
+        '1.3.6.1.4.1.782.1.2.1.8.1*' => 'Network Solutions EV policy',
+        '1.3.6.1.4.1.8024.0.2.100.1.2*' => 'QuoVadis EV policy',
+        '2.16.840.1.114404.1.1.2.4.1*' => 'Secure Global EV policy',
+        '1.2.392.200091.100.721.1*' => 'Security Communication EV policy',
+        '1.3.6.1.4.1.23223.1.1.1*' => 'StartCom EV policy',
+        '2.16.840.1.114414.1.7.23.3*' => 'Starfield EV policy',
+        '2.16.756.1.89.1.2.1.1*' => 'SwissSign EV policy',
+        '2.16.840.1.113733.1.7.48.1*' => 'Thawte EV policy',
+        '2.16.840.1.114171.500.9*' => 'Wells Fargo EV policy',
+    ];
 }

plugins/smime/php/lib/Der.php

Indentation +262 added lines, -262 removed lines

@@ -5,269 +5,269 @@
 require_once 'Oids.php';
 
 class Der extends Oids {
-	protected $tag;
-	protected $len;
-	protected $value;
-	protected $class;
-	protected $constructed;
-	protected $buffer;
-	protected $stack = [];
-	protected $i;
-	private $ignoredextensions = [
-		'netscape-cert-type' => 1,
-	];
-	private $id;
-
-	protected function init($der) {
-		$this->buffer = $der;
-		$this->i = 0;
-		$this->id = uniqid();
-	}
-
-	protected function dump($note = '') {
-		$z = strlen($this->buffer) - $this->i;
-		print_r("{$note}\n");
-		print_r("len: {$z}\n");
-		print_r(chunk_split(bin2hex(substr($this->buffer, $this->i)), 2, ':'));
-		echo "\n";
-	}
-
-	protected function pr($note = '') {
-		$savei = $this->i;
-		$byte = ord($this->buffer[$this->i++]);
-		$tag = $byte & 0x1F;
-		$class = $byte & 0xC0;
-		$constructed = $byte & 0x20;
-		$len = $this->vallen();
-		$this->i = $savei;
-		print_r("{$note}\n");
-		print_r("i  : {$this->i}\n");
-		print_r("len: {$len}\n");
-		print_r("class:   {$class}\n");
-		print_r("tag  :   {$tag}\n");
-		print_r(chunk_split(bin2hex(substr($this->buffer, $this->i, min(32, strlen($this->buffer) - $this->i))) . "\n", 2, ':'));
-		print_r("---\n");
-	}
-
-	private function tlv($expectedtag = null) {
-		$byte = ord($this->buffer[$this->i++]);
-		$this->tag = $byte & 0x1F;
-		if ($expectedtag < 0) {
-			$this->tag = $expectedtag = -$expectedtag;
-		}
-		if ($expectedtag && $expectedtag != $this->tag) {
-			trigger_error("expected tag == {$expectedtag}, got {$this->tag} {$this->id}\n", E_USER_ERROR);
-		}
-		$this->class = $byte & 0xC0;
-		$this->constructed = $byte & 0x20;
-		$this->len = $this->vallen();
-	}
-
-	protected function next($expectedtag = null) {
-		$this->tlv($expectedtag);
-		if ($this->constructed) {
-			return;
-		}
-		$value = substr($this->buffer, $this->i, $this->len);
-		if ($this->class == 0 || $this->class == 0x80) {
-			if ($this->tag == 2 || $this->tag == 10) { # ints and enums
-				$int = 0;
-				foreach (str_split($value) as $byte) {
-					$int = bcmul($int, '256', 0);
-					$int = bcadd($int, ord($byte), 0);
-				}
-				$this->value = $int;
-			}
-			elseif ($this->tag == 1) { # boolean
-				$this->value = ord($value) != 0;
-			}
-			elseif ($this->tag == 3) { # bit string
-				$this->value = $value;
-			}
-			elseif ($this->tag == 5) { # null
-				$this->value = null;
-			}
-			else {
-				$this->value = $value;
-			}
-		}
-		$this->i += $this->len;
-
-		return $this->value;
-	}
-
-	protected function der($expectedtag = null, $pass = false) {
-		$oldi = $this->i;
-		$this->tlv($expectedtag);
-		$i = $this->i;
-		if (!$pass) {
-			$this->i = $oldi;
-		}
-		else {
-			$this->i += $this->len;
-		}
-
-		return substr($this->buffer, $oldi, $this->len + $i - $oldi);
-	}
-
-	/*
+    protected $tag;
+    protected $len;
+    protected $value;
+    protected $class;
+    protected $constructed;
+    protected $buffer;
+    protected $stack = [];
+    protected $i;
+    private $ignoredextensions = [
+        'netscape-cert-type' => 1,
+    ];
+    private $id;
+
+    protected function init($der) {
+        $this->buffer = $der;
+        $this->i = 0;
+        $this->id = uniqid();
+    }
+
+    protected function dump($note = '') {
+        $z = strlen($this->buffer) - $this->i;
+        print_r("{$note}\n");
+        print_r("len: {$z}\n");
+        print_r(chunk_split(bin2hex(substr($this->buffer, $this->i)), 2, ':'));
+        echo "\n";
+    }
+
+    protected function pr($note = '') {
+        $savei = $this->i;
+        $byte = ord($this->buffer[$this->i++]);
+        $tag = $byte & 0x1F;
+        $class = $byte & 0xC0;
+        $constructed = $byte & 0x20;
+        $len = $this->vallen();
+        $this->i = $savei;
+        print_r("{$note}\n");
+        print_r("i  : {$this->i}\n");
+        print_r("len: {$len}\n");
+        print_r("class:   {$class}\n");
+        print_r("tag  :   {$tag}\n");
+        print_r(chunk_split(bin2hex(substr($this->buffer, $this->i, min(32, strlen($this->buffer) - $this->i))) . "\n", 2, ':'));
+        print_r("---\n");
+    }
+
+    private function tlv($expectedtag = null) {
+        $byte = ord($this->buffer[$this->i++]);
+        $this->tag = $byte & 0x1F;
+        if ($expectedtag < 0) {
+            $this->tag = $expectedtag = -$expectedtag;
+        }
+        if ($expectedtag && $expectedtag != $this->tag) {
+            trigger_error("expected tag == {$expectedtag}, got {$this->tag} {$this->id}\n", E_USER_ERROR);
+        }
+        $this->class = $byte & 0xC0;
+        $this->constructed = $byte & 0x20;
+        $this->len = $this->vallen();
+    }
+
+    protected function next($expectedtag = null) {
+        $this->tlv($expectedtag);
+        if ($this->constructed) {
+            return;
+        }
+        $value = substr($this->buffer, $this->i, $this->len);
+        if ($this->class == 0 || $this->class == 0x80) {
+            if ($this->tag == 2 || $this->tag == 10) { # ints and enums
+                $int = 0;
+                foreach (str_split($value) as $byte) {
+                    $int = bcmul($int, '256', 0);
+                    $int = bcadd($int, ord($byte), 0);
+                }
+                $this->value = $int;
+            }
+            elseif ($this->tag == 1) { # boolean
+                $this->value = ord($value) != 0;
+            }
+            elseif ($this->tag == 3) { # bit string
+                $this->value = $value;
+            }
+            elseif ($this->tag == 5) { # null
+                $this->value = null;
+            }
+            else {
+                $this->value = $value;
+            }
+        }
+        $this->i += $this->len;
+
+        return $this->value;
+    }
+
+    protected function der($expectedtag = null, $pass = false) {
+        $oldi = $this->i;
+        $this->tlv($expectedtag);
+        $i = $this->i;
+        if (!$pass) {
+            $this->i = $oldi;
+        }
+        else {
+            $this->i += $this->len;
+        }
+
+        return substr($this->buffer, $oldi, $this->len + $i - $oldi);
+    }
+
+    /*
 	 * if provided with a tag and the tag is equal to the current tag
 	 * peek considers it EXPLICIT, consumes it and return true
 	 */
-	protected function peek($tag = null) {
-		$t = null;
-		if ($this->i < end($this->stack)) {
-			$t = ord($this->buffer[$this->i]) & 0x1F;
-		}
-		if ($tag !== null) {
-			if ($t === $tag) {
-				$this->next($tag);
-
-				return true;
-			}
-
-			return false;
-		}
-
-		return $t;
-	}
-
-	protected function vallen() {
-		$byte = ord($this->buffer[$this->i++]);
-		$res = $len = $byte & 0x7F;
-		if ($byte >= 0x80) {
-			$res = 0;
-			for ($c = 0; $c < $len; ++$c) {
-				$res = $res * 256 + ord($this->buffer[$this->i++]);
-			}
-		}
-
-		return $res;
-	}
-
-	protected function beginsequence($tag = 16) {
-		$this->begin($tag);
-	}
-
-	protected function beginset($tag = 17) {
-		$this->begin($tag);
-	}
-
-	protected function begin($tag) {
-		$this->next($tag);
-		array_push($this->stack, $this->i + $this->len);
-	}
-
-	protected function in() {
-		return $this->i < end($this->stack);
-	}
-
-	protected function end() {
-		$end = array_pop($this->stack);
-		if ($end != $this->i) {
-			trigger_error("sequence or set length does not match: {$end} != {$this->i}", E_USER_ERROR);
-		}
-	}
-
-	protected function extensions() {
-		$this->beginsequence();
-		$extns = [];
-		while ($this->in()) {
-			$this->beginsequence();
-			$extnID = $this->oid();
-			$theext['critical'] = $this->peek(1);
-			$theext['extnValue'] = $this->next(4);
-
-			try {
-				if (method_exists($this, $extnID)) {
-					$theext['extnValue'] = call_user_func([$this, $extnID], $theext['extnValue']);
-				}
-				elseif (!empty($ignoredextensions['$extnID'])) {
-					trigger_error("Unknown extension {$extnID}", E_USER_ERROR);
-				}
-				else {
-					$theext['extnValue'] = chunk_split(bin2hex($theext['extnValue']), 2, ':');
-				}
-			}
-			catch (\Exception $e) {
-				$theext['extnValue'] = chunk_split(bin2hex($theext['extnValue']), 2, ':');
-			}
-			$this->end();
-			$extns[$extnID] = $theext;
-		}
-		$this->end();
-
-		return $extns;
-	}
-
-	protected function signatureAlgorithm() {
-		$this->beginsequence();
-		$salg = $this->oid();
-		if ($this->in()) {
-			$this->next(); # alg param - ignore for now
-		}
-		$this->end();
-
-		return $salg;
-	}
-
-	protected function name($tag = null) {
-		$this->beginsequence($tag);  # seq of RDN
-		$res = [];
-		while ($this->in()) {
-			$parts = [];
-			$this->beginset(); # set of AttributeTypeAndValue
-			while ($this->in()) {
-				$this->beginsequence();
-				$parts[$this->oid()] = $this->next(); # AttributeValue
-				$this->end();
-			}
-			$this->end();
-			$res[] = $parts;
-		}
-		$this->end();
-
-		return $res;
-	}
-
-	protected function oid($tag = 6) {
-		$v = $this->oid_($this->next($tag));
-		if (isset($this->oids[$v])) {
-			return $this->oids[$v];
-		}
-
-		return $v;
-	}
-
-	protected function oid_($oid) {
-		$len = strlen($oid);
-		$v = "";
-		$n = 0;
-		for ($c = 0; $c < $len; ++$c) {
-			$x = ord($oid[$c]);
-			$n = $n * 128 + ($x & 0x7F);
-			if ($x <= 127) {
-				$v .= $v ? '.' . $n : ((int) ($n / 40) . '.' . ($n % 40));
-				$n = 0;
-			}
-		}
-
-		return $v . '*';
-	}
-
-	protected function time($tag = null) {
-		$time = $this->next($tag);
-		if ($this->tag == 23) {
-			$time = (substr($time, 0, 2) < 50 ? '20' : '19') . $time;
-		}
-		elseif ($this->tag != 24) {
-			trigger_error('expected der utc or generalized time', E_USER_ERROR);
-		}
-
-		return $time;
-	}
-
-	protected function keyident($tag = 4) {
-		return chunk_split(bin2hex($this->next($tag)), 2, ':');
-	}
+    protected function peek($tag = null) {
+        $t = null;
+        if ($this->i < end($this->stack)) {
+            $t = ord($this->buffer[$this->i]) & 0x1F;
+        }
+        if ($tag !== null) {
+            if ($t === $tag) {
+                $this->next($tag);
+
+                return true;
+            }
+
+            return false;
+        }
+
+        return $t;
+    }
+
+    protected function vallen() {
+        $byte = ord($this->buffer[$this->i++]);
+        $res = $len = $byte & 0x7F;
+        if ($byte >= 0x80) {
+            $res = 0;
+            for ($c = 0; $c < $len; ++$c) {
+                $res = $res * 256 + ord($this->buffer[$this->i++]);
+            }
+        }
+
+        return $res;
+    }
+
+    protected function beginsequence($tag = 16) {
+        $this->begin($tag);
+    }
+
+    protected function beginset($tag = 17) {
+        $this->begin($tag);
+    }
+
+    protected function begin($tag) {
+        $this->next($tag);
+        array_push($this->stack, $this->i + $this->len);
+    }
+
+    protected function in() {
+        return $this->i < end($this->stack);
+    }
+
+    protected function end() {
+        $end = array_pop($this->stack);
+        if ($end != $this->i) {
+            trigger_error("sequence or set length does not match: {$end} != {$this->i}", E_USER_ERROR);
+        }
+    }
+
+    protected function extensions() {
+        $this->beginsequence();
+        $extns = [];
+        while ($this->in()) {
+            $this->beginsequence();
+            $extnID = $this->oid();
+            $theext['critical'] = $this->peek(1);
+            $theext['extnValue'] = $this->next(4);
+
+            try {
+                if (method_exists($this, $extnID)) {
+                    $theext['extnValue'] = call_user_func([$this, $extnID], $theext['extnValue']);
+                }
+                elseif (!empty($ignoredextensions['$extnID'])) {
+                    trigger_error("Unknown extension {$extnID}", E_USER_ERROR);
+                }
+                else {
+                    $theext['extnValue'] = chunk_split(bin2hex($theext['extnValue']), 2, ':');
+                }
+            }
+            catch (\Exception $e) {
+                $theext['extnValue'] = chunk_split(bin2hex($theext['extnValue']), 2, ':');
+            }
+            $this->end();
+            $extns[$extnID] = $theext;
+        }
+        $this->end();
+
+        return $extns;
+    }
+
+    protected function signatureAlgorithm() {
+        $this->beginsequence();
+        $salg = $this->oid();
+        if ($this->in()) {
+            $this->next(); # alg param - ignore for now
+        }
+        $this->end();
+
+        return $salg;
+    }
+
+    protected function name($tag = null) {
+        $this->beginsequence($tag);  # seq of RDN
+        $res = [];
+        while ($this->in()) {
+            $parts = [];
+            $this->beginset(); # set of AttributeTypeAndValue
+            while ($this->in()) {
+                $this->beginsequence();
+                $parts[$this->oid()] = $this->next(); # AttributeValue
+                $this->end();
+            }
+            $this->end();
+            $res[] = $parts;
+        }
+        $this->end();
+
+        return $res;
+    }
+
+    protected function oid($tag = 6) {
+        $v = $this->oid_($this->next($tag));
+        if (isset($this->oids[$v])) {
+            return $this->oids[$v];
+        }
+
+        return $v;
+    }
+
+    protected function oid_($oid) {
+        $len = strlen($oid);
+        $v = "";
+        $n = 0;
+        for ($c = 0; $c < $len; ++$c) {
+            $x = ord($oid[$c]);
+            $n = $n * 128 + ($x & 0x7F);
+            if ($x <= 127) {
+                $v .= $v ? '.' . $n : ((int) ($n / 40) . '.' . ($n % 40));
+                $n = 0;
+            }
+        }
+
+        return $v . '*';
+    }
+
+    protected function time($tag = null) {
+        $time = $this->next($tag);
+        if ($this->tag == 23) {
+            $time = (substr($time, 0, 2) < 50 ? '20' : '19') . $time;
+        }
+        elseif ($this->tag != 24) {
+            trigger_error('expected der utc or generalized time', E_USER_ERROR);
+        }
+
+        return $time;
+    }
+
+    protected function keyident($tag = 4) {
+        return chunk_split(bin2hex($this->next($tag)), 2, ':');
+    }
 }

Spacing +1 added lines, -1 removed lines

@@ -212,7 +212,7 @@
 	}
 
 	protected function name($tag = null) {
-		$this->beginsequence($tag);  # seq of RDN
+		$this->beginsequence($tag); # seq of RDN
 		$res = [];
 		while ($this->in()) {
 			$parts = [];

Braces +9 added lines, -18 removed lines

@@ -77,17 +77,13 @@ 
 					$int = bcadd($int, ord($byte), 0);
 				}
 				$this->value = $int;
-			}
-			elseif ($this->tag == 1) { # boolean
+			} elseif ($this->tag == 1) { # boolean
 				$this->value = ord($value) != 0;
-			}
-			elseif ($this->tag == 3) { # bit string
+			} elseif ($this->tag == 3) { # bit string
 				$this->value = $value;
-			}
-			elseif ($this->tag == 5) { # null
+			} elseif ($this->tag == 5) { # null
 				$this->value = null;
-			}
-			else {
+			} else {
 				$this->value = $value;
 			}
 		}
@@ -102,8 +98,7 @@ 
 		$i = $this->i;
 		if (!$pass) {
 			$this->i = $oldi;
-		}
-		else {
+		} else {
 			$this->i += $this->len;
 		}
 
@@ -181,15 +176,12 @@ 
 			try {
 				if (method_exists($this, $extnID)) {
 					$theext['extnValue'] = call_user_func([$this, $extnID], $theext['extnValue']);
-				}
-				elseif (!empty($ignoredextensions['$extnID'])) {
+				} elseif (!empty($ignoredextensions['$extnID'])) {
 					trigger_error("Unknown extension {$extnID}", E_USER_ERROR);
-				}
-				else {
+				} else {
 					$theext['extnValue'] = chunk_split(bin2hex($theext['extnValue']), 2, ':');
 				}
-			}
-			catch (\Exception $e) {
+			} catch (\Exception $e) {
 				$theext['extnValue'] = chunk_split(bin2hex($theext['extnValue']), 2, ':');
 			}
 			$this->end();
@@ -259,8 +251,7 @@ 
 		$time = $this->next($tag);
 		if ($this->tag == 23) {
 			$time = (substr($time, 0, 2) < 50 ? '20' : '19') . $time;
-		}
-		elseif ($this->tag != 24) {
+		} elseif ($this->tag != 24) {
 			trigger_error('expected der utc or generalized time', E_USER_ERROR);
 		}
 

plugins/smime/php/class.pluginsmimemodule.php

Indentation +252 added lines, -252 removed lines

@@ -7,289 +7,289 @@
 define('CHANGE_PASSPHRASE_WRONG', 3);
 
 class PluginSmimeModule extends Module {
-	/**
-	 * Constructor.
-	 *
-	 * @param int    $id            unique id
-	 * @param string $folderentryid Entryid of the folder. Data will be selected from this folder.
-	 * @param array  $data          list of all actions
-	 */
-	public function __construct($id, $data) {
-		$this->store = $GLOBALS['mapisession']->getDefaultMessageStore();
-		parent::__construct($id, $data);
-	}
+    /**
+     * Constructor.
+     *
+     * @param int    $id            unique id
+     * @param string $folderentryid Entryid of the folder. Data will be selected from this folder.
+     * @param array  $data          list of all actions
+     */
+    public function __construct($id, $data) {
+        $this->store = $GLOBALS['mapisession']->getDefaultMessageStore();
+        parent::__construct($id, $data);
+    }
 
-	/**
-	 * Executes all the actions in the $data variable.
-	 *
-	 * @return bool true on success or false on failure
-	 */
-	public function execute() {
-		foreach ($this->data as $actionType => $actionData) {
-			if (isset($actionType)) {
-				try {
-					switch ($actionType) {
-						case 'certificate':
-							$data = $this->verifyCertificate($actionData);
-							$response = [
-								'type' => 3,
-								'status' => $data['status'],
-								'message' => $data['message'],
-								'data' => $data['data'],
-							];
-							$this->addActionData('certificate', $response);
-							$GLOBALS['bus']->addData($this->getResponseData());
-							break;
+    /**
+     * Executes all the actions in the $data variable.
+     *
+     * @return bool true on success or false on failure
+     */
+    public function execute() {
+        foreach ($this->data as $actionType => $actionData) {
+            if (isset($actionType)) {
+                try {
+                    switch ($actionType) {
+                        case 'certificate':
+                            $data = $this->verifyCertificate($actionData);
+                            $response = [
+                                'type' => 3,
+                                'status' => $data['status'],
+                                'message' => $data['message'],
+                                'data' => $data['data'],
+                            ];
+                            $this->addActionData('certificate', $response);
+                            $GLOBALS['bus']->addData($this->getResponseData());
+                            break;
 
-						case 'passphrase':
-							$data = $this->verifyPassphrase($actionData);
-							$response = [
-								'type' => 3,
-								'status' => $data['status'],
-							];
-							$this->addActionData('passphrase', $response);
-							$GLOBALS['bus']->addData($this->getResponseData());
-							break;
+                        case 'passphrase':
+                            $data = $this->verifyPassphrase($actionData);
+                            $response = [
+                                'type' => 3,
+                                'status' => $data['status'],
+                            ];
+                            $this->addActionData('passphrase', $response);
+                            $GLOBALS['bus']->addData($this->getResponseData());
+                            break;
 
-						case 'changepassphrase':
-							$data = $this->changePassphrase($actionData);
-							if ($data === CHANGE_PASSPHRASE_SUCCESS) {
-								// Reset cached passphrase.
-								$encryptionStore = EncryptionStore::getInstance();
-								withPHPSession(function () use ($encryptionStore) {
-									$encryptionStore->add('smime', '');
-								});
-							}
-							$response = [
-								'type' => 3,
-								'code' => $data,
-							];
-							$this->addActionData('changepassphrase', $response);
-							$GLOBALS['bus']->addData($this->getResponseData());
-							break;
+                        case 'changepassphrase':
+                            $data = $this->changePassphrase($actionData);
+                            if ($data === CHANGE_PASSPHRASE_SUCCESS) {
+                                // Reset cached passphrase.
+                                $encryptionStore = EncryptionStore::getInstance();
+                                withPHPSession(function () use ($encryptionStore) {
+                                    $encryptionStore->add('smime', '');
+                                });
+                            }
+                            $response = [
+                                'type' => 3,
+                                'code' => $data,
+                            ];
+                            $this->addActionData('changepassphrase', $response);
+                            $GLOBALS['bus']->addData($this->getResponseData());
+                            break;
 
-						case 'list':
-							$data = $this->getPublicCertificates();
-							$this->addActionData('list', $data);
-							$GLOBALS['bus']->addData($this->getResponseData());
-							break;
+                        case 'list':
+                            $data = $this->getPublicCertificates();
+                            $this->addActionData('list', $data);
+                            $GLOBALS['bus']->addData($this->getResponseData());
+                            break;
 
-						case 'delete':
-							// FIXME: handle multiple deletes? Separate function?
-							$entryid = $actionData['entryid'];
-							$root = mapi_msgstore_openentry($this->store, null);
-							mapi_folder_deletemessages($root, [hex2bin($entryid)]);
+                        case 'delete':
+                            // FIXME: handle multiple deletes? Separate function?
+                            $entryid = $actionData['entryid'];
+                            $root = mapi_msgstore_openentry($this->store, null);
+                            mapi_folder_deletemessages($root, [hex2bin($entryid)]);
 
-							$this->sendFeedback(true);
-							break;
+                            $this->sendFeedback(true);
+                            break;
 
-						default:
-							$this->handleUnknownActionType($actionType);
-					}
-				}
-				catch (Exception $e) {
-					$this->sendFeedback(false, parent::errorDetailsFromException($e));
-				}
-			}
-		}
-	}
+                        default:
+                            $this->handleUnknownActionType($actionType);
+                    }
+                }
+                catch (Exception $e) {
+                    $this->sendFeedback(false, parent::errorDetailsFromException($e));
+                }
+            }
+        }
+    }
 
-	/**
-	 * Verifies the users private certificate,
-	 * returns array with three statuses and a message key containing a message for the user.
-	 * 1. There is a certificate and valid
-	 * 2. There is a certificate and not valid
-	 * 3. No certificate
-	 * FIXME: in the future we might support multiple private certs.
-	 *
-	 * @param array $data which contains the data send from JavaScript
-	 *
-	 * @return array $data which returns two keys containing the certificate
-	 */
-	public function verifyCertificate($data) {
-		$message = '';
-		$status = false;
+    /**
+     * Verifies the users private certificate,
+     * returns array with three statuses and a message key containing a message for the user.
+     * 1. There is a certificate and valid
+     * 2. There is a certificate and not valid
+     * 3. No certificate
+     * FIXME: in the future we might support multiple private certs.
+     *
+     * @param array $data which contains the data send from JavaScript
+     *
+     * @return array $data which returns two keys containing the certificate
+     */
+    public function verifyCertificate($data) {
+        $message = '';
+        $status = false;
 
-		$privateCerts = getMAPICert($this->store);
-		$certIdx = -1;
+        $privateCerts = getMAPICert($this->store);
+        $certIdx = -1;
 
-		// No certificates
-		if (!$privateCerts || count($privateCerts) === 0) {
-			$message = _('No certificate avaliable');
-		}
-		else {
-			// For each certificate in MAPI store
-			$smtpAddress = $GLOBALS['mapisession']->getSMTPAddress();
-			for ($i = 0, $cnt = count($privateCerts); $i < $cnt; ++$i) {
-				// Check if certificate is still valid
-				// TODO: create a more generic function which verifyies if the certificate is valid
-				// And remove possible duplication from plugin.smime.php->onUploadCertificate
-				if ($privateCerts[$i][PR_MESSAGE_DELIVERY_TIME] < time()) { // validTo
-					$message = _('Private certificate is not valid yet, unable to sign email');
-				}
-				elseif ($privateCerts[$i][PR_CLIENT_SUBMIT_TIME] >= time()) { // validFrom
-					$message = _('Private certificate has been expired, unable to sign email');
-				}
-				elseif (strcasecmp($privateCerts[$i][PR_SUBJECT], $smtpAddress) !== 0) {
-					$message = _('Private certificate does not match email address');
-				}
-				else {
-					$status = true;
-					$message = '';
-					$certIdx = $i;
-				}
-			}
-		}
+        // No certificates
+        if (!$privateCerts || count($privateCerts) === 0) {
+            $message = _('No certificate avaliable');
+        }
+        else {
+            // For each certificate in MAPI store
+            $smtpAddress = $GLOBALS['mapisession']->getSMTPAddress();
+            for ($i = 0, $cnt = count($privateCerts); $i < $cnt; ++$i) {
+                // Check if certificate is still valid
+                // TODO: create a more generic function which verifyies if the certificate is valid
+                // And remove possible duplication from plugin.smime.php->onUploadCertificate
+                if ($privateCerts[$i][PR_MESSAGE_DELIVERY_TIME] < time()) { // validTo
+                    $message = _('Private certificate is not valid yet, unable to sign email');
+                }
+                elseif ($privateCerts[$i][PR_CLIENT_SUBMIT_TIME] >= time()) { // validFrom
+                    $message = _('Private certificate has been expired, unable to sign email');
+                }
+                elseif (strcasecmp($privateCerts[$i][PR_SUBJECT], $smtpAddress) !== 0) {
+                    $message = _('Private certificate does not match email address');
+                }
+                else {
+                    $status = true;
+                    $message = '';
+                    $certIdx = $i;
+                }
+            }
+        }
 
-		return [
-			'message' => $message,
-			'status' => $status,
-			'data' => [
-				'validto' => $privateCerts[$certIdx][PR_MESSAGE_DELIVERY_TIME] ?? '',
-				'validFrom' => $privateCerts[$certIdx][PR_CLIENT_SUBMIT_TIME] ?? '',
-				'subject' => $privateCerts[$certIdx][PR_SUBJECT] ?? 'Unknown',
-			],
-		];
-	}
+        return [
+            'message' => $message,
+            'status' => $status,
+            'data' => [
+                'validto' => $privateCerts[$certIdx][PR_MESSAGE_DELIVERY_TIME] ?? '',
+                'validFrom' => $privateCerts[$certIdx][PR_CLIENT_SUBMIT_TIME] ?? '',
+                'subject' => $privateCerts[$certIdx][PR_SUBJECT] ?? 'Unknown',
+            ],
+        ];
+    }
 
-	/**
-	 * Verify if the supplied passphrase unlocks the private certificate stored in the mapi
-	 * userstore.
-	 *
-	 * @param array $data which contains the data send from JavaScript
-	 *
-	 * @return array $data which contains a key 'stats'
-	 */
-	public function verifyPassphrase($data) {
-		$result = readPrivateCert($this->store, $data['passphrase']);
+    /**
+     * Verify if the supplied passphrase unlocks the private certificate stored in the mapi
+     * userstore.
+     *
+     * @param array $data which contains the data send from JavaScript
+     *
+     * @return array $data which contains a key 'stats'
+     */
+    public function verifyPassphrase($data) {
+        $result = readPrivateCert($this->store, $data['passphrase']);
 
-		if ($result) {
-			$encryptionStore = EncryptionStore::getInstance();
-			if (encryptionStoreExpirationSupport()) {
-				$encryptionStore->add('smime', $data['passphrase'], time() + (5 * 60));
-			}
-			else {
-				withPHPSession(function () use ($encryptionStore, $data) {
-					$encryptionStore->add('smime', $data['passphrase']);
-				});
-			}
-			$result = true;
-		}
-		else {
-			$result = false;
-		}
+        if ($result) {
+            $encryptionStore = EncryptionStore::getInstance();
+            if (encryptionStoreExpirationSupport()) {
+                $encryptionStore->add('smime', $data['passphrase'], time() + (5 * 60));
+            }
+            else {
+                withPHPSession(function () use ($encryptionStore, $data) {
+                    $encryptionStore->add('smime', $data['passphrase']);
+                });
+            }
+            $result = true;
+        }
+        else {
+            $result = false;
+        }
 
-		return [
-			'status' => $result,
-		];
-	}
+        return [
+            'status' => $result,
+        ];
+    }
 
-	/**
-	 * Returns data for the JavaScript CertificateStore 'list' call.
-	 *
-	 * @return array $data which contains a list of public certificates
-	 */
-	public function getPublicCertificates() {
-		$items = [];
-		$data['page'] = [];
+    /**
+     * Returns data for the JavaScript CertificateStore 'list' call.
+     *
+     * @return array $data which contains a list of public certificates
+     */
+    public function getPublicCertificates() {
+        $items = [];
+        $data['page'] = [];
 
-		$root = mapi_msgstore_openentry($this->store, null);
-		$table = mapi_folder_getcontentstable($root, MAPI_ASSOCIATED);
+        $root = mapi_msgstore_openentry($this->store, null);
+        $table = mapi_folder_getcontentstable($root, MAPI_ASSOCIATED);
 
-		// restriction for public/private certificates which are stored in the root associated folder
-		$restrict = [RES_OR, [
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_MESSAGE_CLASS,
-					VALUE => [PR_MESSAGE_CLASS => "WebApp.Security.Public"],
-				],
-			],
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_MESSAGE_CLASS,
-					VALUE => [PR_MESSAGE_CLASS => "WebApp.Security.Private"],
-				],
-			], ],
-		];
-		mapi_table_restrict($table, $restrict, TBL_BATCH);
-		mapi_table_sort($table, [PR_MESSAGE_DELIVERY_TIME => TABLE_SORT_DESCEND], TBL_BATCH);
-		$certs = mapi_table_queryallrows($table, [PR_SUBJECT, PR_ENTRYID, PR_MESSAGE_DELIVERY_TIME, PR_CLIENT_SUBMIT_TIME, PR_MESSAGE_CLASS, PR_SENDER_NAME, PR_SENDER_EMAIL_ADDRESS, PR_SUBJECT_PREFIX, PR_RECEIVED_BY_NAME, PR_INTERNET_MESSAGE_ID], $restrict);
-		foreach ($certs as $cert) {
-			$item = [];
-			$item['entryid'] = bin2hex($cert[PR_ENTRYID]);
-			$item['email'] = $cert[PR_SUBJECT];
-			$item['validto'] = $cert[PR_MESSAGE_DELIVERY_TIME];
-			$item['validfrom'] = $cert[PR_CLIENT_SUBMIT_TIME];
-			$item['serial'] = $cert[PR_SENDER_NAME];
-			$item['issued_by'] = $cert[PR_SENDER_EMAIL_ADDRESS];
-			$item['issued_to'] = $cert[PR_SUBJECT_PREFIX];
-			$item['fingerprint_sha1'] = $cert[PR_RECEIVED_BY_NAME];
-			$item['fingerprint_md5'] = $cert[PR_INTERNET_MESSAGE_ID];
-			$item['type'] = strtolower($cert[PR_MESSAGE_CLASS]) == 'webapp.security.public' ? 'public' : 'private';
-			array_push($items, ['props' => $item]);
-		}
-		$data['page']['start'] = 0;
-		$data['page']['rowcount'] = mapi_table_getrowcount($table);
-		$data['page']['totalrowcount'] = $data['page']['rowcount'];
+        // restriction for public/private certificates which are stored in the root associated folder
+        $restrict = [RES_OR, [
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_MESSAGE_CLASS,
+                    VALUE => [PR_MESSAGE_CLASS => "WebApp.Security.Public"],
+                ],
+            ],
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_MESSAGE_CLASS,
+                    VALUE => [PR_MESSAGE_CLASS => "WebApp.Security.Private"],
+                ],
+            ], ],
+        ];
+        mapi_table_restrict($table, $restrict, TBL_BATCH);
+        mapi_table_sort($table, [PR_MESSAGE_DELIVERY_TIME => TABLE_SORT_DESCEND], TBL_BATCH);
+        $certs = mapi_table_queryallrows($table, [PR_SUBJECT, PR_ENTRYID, PR_MESSAGE_DELIVERY_TIME, PR_CLIENT_SUBMIT_TIME, PR_MESSAGE_CLASS, PR_SENDER_NAME, PR_SENDER_EMAIL_ADDRESS, PR_SUBJECT_PREFIX, PR_RECEIVED_BY_NAME, PR_INTERNET_MESSAGE_ID], $restrict);
+        foreach ($certs as $cert) {
+            $item = [];
+            $item['entryid'] = bin2hex($cert[PR_ENTRYID]);
+            $item['email'] = $cert[PR_SUBJECT];
+            $item['validto'] = $cert[PR_MESSAGE_DELIVERY_TIME];
+            $item['validfrom'] = $cert[PR_CLIENT_SUBMIT_TIME];
+            $item['serial'] = $cert[PR_SENDER_NAME];
+            $item['issued_by'] = $cert[PR_SENDER_EMAIL_ADDRESS];
+            $item['issued_to'] = $cert[PR_SUBJECT_PREFIX];
+            $item['fingerprint_sha1'] = $cert[PR_RECEIVED_BY_NAME];
+            $item['fingerprint_md5'] = $cert[PR_INTERNET_MESSAGE_ID];
+            $item['type'] = strtolower($cert[PR_MESSAGE_CLASS]) == 'webapp.security.public' ? 'public' : 'private';
+            array_push($items, ['props' => $item]);
+        }
+        $data['page']['start'] = 0;
+        $data['page']['rowcount'] = mapi_table_getrowcount($table);
+        $data['page']['totalrowcount'] = $data['page']['rowcount'];
 
-		return array_merge($data, ['item' => $items]);
-	}
+        return array_merge($data, ['item' => $items]);
+    }
 
-	/*
+    /*
 	 * Changes the passphrase of an already stored certificatem by generating
 	 * a new PKCS12 container.
 	 *
 	 * @param Array $actionData contains the passphrase and new passphrase
 	 * return Number error number
 	 */
-	public function changePassphrase($actionData) {
-		$certs = readPrivateCert($this->store, $actionData['passphrase']);
+    public function changePassphrase($actionData) {
+        $certs = readPrivateCert($this->store, $actionData['passphrase']);
 
-		if (empty($certs)) {
-			return CHANGE_PASSPHRASE_WRONG;
-		}
+        if (empty($certs)) {
+            return CHANGE_PASSPHRASE_WRONG;
+        }
 
-		$cert = $this->pkcs12_change_passphrase($certs, $actionData['new_passphrase']);
+        $cert = $this->pkcs12_change_passphrase($certs, $actionData['new_passphrase']);
 
-		if ($cert === false) {
-			return CHANGE_PASSPHRASE_ERROR;
-		}
+        if ($cert === false) {
+            return CHANGE_PASSPHRASE_ERROR;
+        }
 
-		$mapiCerts = getMAPICert($this->store);
-		$mapiCert = $mapiCerts[0] ?? [];
-		if (!$mapiCert || empty($mapiCert)) {
-			return CHANGE_PASSPHRASE_ERROR;
-		}
-		$privateCert = mapi_msgstore_openentry($this->store, $mapiCert[PR_ENTRYID]);
+        $mapiCerts = getMAPICert($this->store);
+        $mapiCert = $mapiCerts[0] ?? [];
+        if (!$mapiCert || empty($mapiCert)) {
+            return CHANGE_PASSPHRASE_ERROR;
+        }
+        $privateCert = mapi_msgstore_openentry($this->store, $mapiCert[PR_ENTRYID]);
 
-		$msgBody = base64_encode($cert);
-		$stream = mapi_openproperty($privateCert, PR_BODY, IID_IStream, 0, MAPI_CREATE | MAPI_MODIFY);
-		mapi_stream_setsize($stream, strlen($msgBody));
-		mapi_stream_write($stream, $msgBody);
-		mapi_stream_commit($stream);
-		mapi_message_savechanges($privateCert);
+        $msgBody = base64_encode($cert);
+        $stream = mapi_openproperty($privateCert, PR_BODY, IID_IStream, 0, MAPI_CREATE | MAPI_MODIFY);
+        mapi_stream_setsize($stream, strlen($msgBody));
+        mapi_stream_write($stream, $msgBody);
+        mapi_stream_commit($stream);
+        mapi_message_savechanges($privateCert);
 
-		return CHANGE_PASSPHRASE_SUCCESS;
-	}
+        return CHANGE_PASSPHRASE_SUCCESS;
+    }
 
-	/**
-	 * Generate a new  PKCS#12 certificate store file with a new passphrase.
-	 *
-	 * @param array  $certs          the original certificate
-	 * @param string $passphrase     the passphrase
-	 * @param mixed  $new_passphrase
-	 *
-	 * @return mixed boolean or string certificate
-	 */
-	public function pkcs12_change_passphrase($certs, $new_passphrase) {
-		$cert = "";
-		$extracerts = isset($certs['extracerts']) ? $certs['extracerts'] : [];
-		if (openssl_pkcs12_export($certs['cert'], $cert, $certs['pkey'], $new_passphrase, ['extracerts' => $extracerts])) {
-			return $cert;
-		}
+    /**
+     * Generate a new  PKCS#12 certificate store file with a new passphrase.
+     *
+     * @param array  $certs          the original certificate
+     * @param string $passphrase     the passphrase
+     * @param mixed  $new_passphrase
+     *
+     * @return mixed boolean or string certificate
+     */
+    public function pkcs12_change_passphrase($certs, $new_passphrase) {
+        $cert = "";
+        $extracerts = isset($certs['extracerts']) ? $certs['extracerts'] : [];
+        if (openssl_pkcs12_export($certs['cert'], $cert, $certs['pkey'], $new_passphrase, ['extracerts' => $extracerts])) {
+            return $cert;
+        }
 
-		return false;
-	}
+        return false;
+    }
 }

Spacing +2 added lines, -2 removed lines

@@ -56,7 +56,7 @@ 
 							if ($data === CHANGE_PASSPHRASE_SUCCESS) {
 								// Reset cached passphrase.
 								$encryptionStore = EncryptionStore::getInstance();
-								withPHPSession(function () use ($encryptionStore) {
+								withPHPSession(function() use ($encryptionStore) {
 									$encryptionStore->add('smime', '');
 								});
 							}
@@ -169,7 +169,7 @@ 
 				$encryptionStore->add('smime', $data['passphrase'], time() + (5 * 60));
 			}
 			else {
-				withPHPSession(function () use ($encryptionStore, $data) {
+				withPHPSession(function() use ($encryptionStore, $data) {
 					$encryptionStore->add('smime', $data['passphrase']);
 				});
 			}

Braces +7 added lines, -14 removed lines

@@ -86,8 +86,7 @@ 
 						default:
 							$this->handleUnknownActionType($actionType);
 					}
-				}
-				catch (Exception $e) {
+				} catch (Exception $e) {
 					$this->sendFeedback(false, parent::errorDetailsFromException($e));
 				}
 			}
@@ -116,8 +115,7 @@ 
 		// No certificates
 		if (!$privateCerts || count($privateCerts) === 0) {
 			$message = _('No certificate avaliable');
-		}
-		else {
+		} else {
 			// For each certificate in MAPI store
 			$smtpAddress = $GLOBALS['mapisession']->getSMTPAddress();
 			for ($i = 0, $cnt = count($privateCerts); $i < $cnt; ++$i) {
@@ -126,14 +124,11 @@ 
 				// And remove possible duplication from plugin.smime.php->onUploadCertificate
 				if ($privateCerts[$i][PR_MESSAGE_DELIVERY_TIME] < time()) { // validTo
 					$message = _('Private certificate is not valid yet, unable to sign email');
-				}
-				elseif ($privateCerts[$i][PR_CLIENT_SUBMIT_TIME] >= time()) { // validFrom
+				} elseif ($privateCerts[$i][PR_CLIENT_SUBMIT_TIME] >= time()) { // validFrom
 					$message = _('Private certificate has been expired, unable to sign email');
-				}
-				elseif (strcasecmp($privateCerts[$i][PR_SUBJECT], $smtpAddress) !== 0) {
+				} elseif (strcasecmp($privateCerts[$i][PR_SUBJECT], $smtpAddress) !== 0) {
 					$message = _('Private certificate does not match email address');
-				}
-				else {
+				} else {
 					$status = true;
 					$message = '';
 					$certIdx = $i;
@@ -167,15 +162,13 @@ 
 			$encryptionStore = EncryptionStore::getInstance();
 			if (encryptionStoreExpirationSupport()) {
 				$encryptionStore->add('smime', $data['passphrase'], time() + (5 * 60));
-			}
-			else {
+			} else {
 				withPHPSession(function () use ($encryptionStore, $data) {
 					$encryptionStore->add('smime', $data['passphrase']);
 				});
 			}
 			$result = true;
-		}
-		else {
+		} else {
 			$result = false;
 		}
 

plugins/smime/php/plugin.smime.php

Indentation +1107 added lines, -1107 removed lines

@@ -34,520 +34,520 @@ 
 define('OPENSSL_RECIPIENT_CERTIFICATE_MISMATCH', '21070073');
 
 class Pluginsmime extends Plugin {
-	/**
-	 * decrypted/verified message.
-	 */
-	private $message = [];
-
-	/**
-	 * Default MAPI Message Store.
-	 */
-	private $store;
-
-	/**
-	 * Last openssl error string.
-	 */
-	private $openssl_error = "";
-
-	/**
-	 * Called to initialize the plugin and register for hooks.
-	 */
-	public function init() {
-		$this->registerHook('server.core.settings.init.before');
-		$this->registerHook('server.util.parse_smime.signed');
-		$this->registerHook('server.util.parse_smime.encrypted');
-		$this->registerHook('server.module.itemmodule.open.after');
-		$this->registerHook('server.core.operations.submitmessage');
-		$this->registerHook('server.upload_attachment.upload');
-		$this->registerHook('server.module.createmailitemmodule.beforesend');
-		$this->registerHook('server.index.load.custom');
-
-		if (version_compare(phpversion(), '5.4', '<')) {
-			$this->cipher = OPENSSL_CIPHER_3DES;
-		}
-		else {
-			$this->cipher = PLUGIN_SMIME_CIPHER;
-		}
-	}
-
-	/**
-	 * Default message store.
-	 *
-	 * @return object MAPI Message store
-	 */
-	public function getStore() {
-		if (!$this->store) {
-			$this->store = $GLOBALS['mapisession']->getDefaultMessageStore();
-		}
-
-		return $this->store;
-	}
-
-	/**
-	 * Process the incoming events that where fired by the client.
-	 *
-	 * @param string $eventID Identifier of the hook
-	 * @param array  $data    Reference to the data of the triggered hook
-	 */
-	public function execute($eventID, &$data) {
-		switch ($eventID) {
-			// Register plugin
-			case 'server.core.settings.init.before':
-				$this->onBeforeSettingsInit($data);
-				break;
-			// Verify a signed or encrypted message when an email is opened
-			case 'server.util.parse_smime.signed':
-				$this->onSignedMessage($data);
-				break;
-
-			case 'server.util.parse_smime.encrypted':
-				$this->onEncrypted($data);
-				break;
-			// Add S/MIME property, which is send to the client
-			case 'server.module.itemmodule.open.after':
-				$this->onAfterOpen($data);
-				break;
-			// Catch uploaded certificate
-			case 'server.upload_attachment.upload':
-				$this->onUploadCertificate($data);
-				break;
-			// Sign email before sending
-			case 'server.core.operations.submitmessage':
-				$this->onBeforeSend($data);
-				break;
-			// Verify that we have public certificates for all recipients
-			case 'server.module.createmailitemmodule.beforesend':
-				$this->onCertificateCheck($data);
-				break;
-
-			case 'server.index.load.custom':
-				if ($data['name'] === 'smime_passphrase') {
-					include 'templates/passphrase.tpl.php';
-
-					exit();
-				}
-				if ($data['name'] === 'smime_passphrasecheck') {
-					// No need to do anything, this is just used to trigger
-					// the browser's autofill save password dialog.
-					exit();
-				}
-				break;
-		}
-	}
-
-	/**
-	 * Function checks if public certificate exists for all recipients and creates an error
-	 * message for the frontend which includes the email address of the missing public
-	 * certificates.
-	 *
-	 * If my own certificate is missing, a different error message is shown which informs the
-	 * user that his own public certificate is missing and required for reading encrypted emails
-	 * in the 'Sent items' folder.
-	 *
-	 * @param array $data Reference to the data of the triggered hook
-	 */
-	public function onCertificateCheck($data) {
-		$entryid = $data['entryid'];
-		// FIXME: unittests, save trigger will pass $entryid is 0 (which will open the root folder and not the message we want)
-		if ($entryid === false) {
-			return;
-		}
-
-		if (!isset($data['action']['props']['smime']) || empty($data['action']['props']['smime'])) {
-			return;
-		}
-
-		$message = mapi_msgstore_openentry($data['store'], $entryid);
-		$module = $data['moduleObject'];
-		$data['success'] = true;
-
-		$messageClass = mapi_getprops($message, [PR_MESSAGE_CLASS]);
-		$messageClass = $messageClass[PR_MESSAGE_CLASS];
-		if ($messageClass !== 'IPM.Note.SMIME' && $messageClass !== 'IPM.Note.SMIME.SignedEncrypt') {
-			return;
-		}
-
-		$recipients = $data['action']['props']['smime'];
-		$missingCerts = [];
-
-		foreach ($recipients as $recipient) {
-			$email = $recipient['email'];
-
-			if (!$this->pubcertExists($email, $recipient['internal'])) {
-				array_push($missingCerts, $email);
-			}
-		}
-
-		if (empty($missingCerts)) {
-			return;
-		}
-
-		function missingMyself($email) {
-			return $GLOBALS['mapisession']->getSMTPAddress() === $email;
-		}
-
-		if (array_filter($missingCerts, "missingMyself") === []) {
-			$errorMsg = _('Missing public certificates for the following recipients: ') . implode(', ', $missingCerts) . _('. Please contact your system administrator for details');
-		}
-		else {
-			$errorMsg = _("Your public certificate is not installed. Without this certificate, you will not be able to read encrypted messages you have sent to others.");
-		}
-
-		$module->sendFeedback(false, ["type" => ERROR_GENERAL, "info" => ['display_message' => $errorMsg]]);
-		$data['success'] = false;
-	}
-
-	/**
-	 * Function which verifies a message.
-	 *
-	 * TODO: Clean up flow
-	 *
-	 * @param mixed $message
-	 * @param mixed $eml
-	 */
-	public function verifyMessage($message, $eml) {
-		$userCert = '';
-		$tmpUserCert = tempnam(sys_get_temp_dir(), true);
-		$importMessageCert = true;
-		$fromGAB = false;
-
-		// TODO: worth to split fetching public certificate in a separate function?
-
-		// If user entry exists in GAB, try to retrieve public cert
-		// Public certificate from GAB in combination with LDAP saved in PR_EMS_AB_TAGGED_X509_CERT
-		$userProps = mapi_getprops($message, [PR_SENT_REPRESENTING_ENTRYID, PR_SENT_REPRESENTING_NAME]);
-		if (isset($userProps[PR_SENT_REPRESENTING_ENTRYID])) {
-			try {
-				$user = mapi_ab_openentry($GLOBALS['mapisession']->getAddressbook(), $userProps[PR_SENT_REPRESENTING_ENTRYID]);
-				$gabCert = $this->getGABCert($user);
-				if (!empty($gabCert)) {
-					$fromGAB = true;
-					// Put empty string into file? dafuq?
-					file_put_contents($tmpUserCert, $userCert);
-				}
-			}
-			catch (MAPIException $e) {
-				$msg = "[smime] Unable to open PR_SENT_REPRESENTING_ENTRYID. Maybe %s was does not exists or deleted from server.";
-				Log::write(LOGLEVEL_ERROR, sprintf($msg, $userProps[PR_SENT_REPRESENTING_NAME]));
-				error_log("[smime] Unable to open PR_SENT_REPRESENTING_NAME: " . print_r($userProps[PR_SENT_REPRESENTING_NAME], true));
-				$this->message['success'] = SMIME_NOPUB;
-				$this->message['info'] = SMIME_USER_DETECT_FAILURE;
-			}
-		}
-
-		// When downloading an email as eml, $GLOBALS['operations'] isn't set, so add a check so that downloading works
-		// If the certificate is already fetch from the GAB, skip checking the userStore.
-		if (!$fromGAB && isset($GLOBALS['operations'])) {
-			$senderAddressArray = $this->getSenderAddress($message);
-			$senderAddressArray = $senderAddressArray['props'];
-			if ($senderAddressArray['address_type'] === 'SMTP') {
-				$emailAddr = $senderAddressArray['email_address'];
-			}
-			else {
-				$emailAddr = $senderAddressArray['smtp_address'];
-			}
-
-			// User not in AB,
-			// so get email address from either PR_SENT_REPRESENTING_NAME, PR_SEARCH_KEY or PR_SENT_REPRESENTING_SEARCH_KEY
-			// of the message
-			if (!$emailAddr) {
-				if (!empty($userProps[PR_SENT_REPRESENTING_NAME])) {
-					$emailAddr = $userProps[PR_SENT_REPRESENTING_NAME];
-				}
-				else {
-					$searchKeys = mapi_getprops($message, [PR_SEARCH_KEY, PR_SENT_REPRESENTING_SEARCH_KEY]);
-					$searchKey = $searchKeys[PR_SEARCH_KEY] ?? $searchKeys[PR_SENT_REPRESENTING_SEARCH_KEY];
-					if ($searchKey) {
-						$emailAddr = $trim(strtolower(explode(':', $searchKey)[1]));
-					}
-				}
-			}
-
-			if ($emailAddr) {
-				// Get all public certificates of $emailAddr stored on the server
-				$userCerts = $this->getPublicKey($emailAddr, true);
-			}
-		}
-
-		// Save signed message in a random file
-		$tmpfname = tempnam(sys_get_temp_dir(), true);
-		file_put_contents($tmpfname, $eml);
-
-		// Create random file for saving the signed message
-		$outcert = tempnam(sys_get_temp_dir(), true);
-
-		// Verify signed message
-		// Returns True if verified, False if tampered or signing certificate invalid OR -1 on error
-		if (count($userCerts) > 0) {
-			// Try to verify a certificate in the MAPI store
-			foreach ($userCerts as $userCert) {
-				$userCert = base64_decode($userCert);
-				// Save signed message in a random file
-				$tmpfname = tempnam(sys_get_temp_dir(), true);
-				file_put_contents($tmpfname, $eml);
-
-				// Create random file for saving the signed message
-				$outcert = tempnam(sys_get_temp_dir(), true);
-
-				if (!empty($userCert)) { // Check MAPI UserStore
-					file_put_contents($tmpUserCert, $userCert);
-				}
-				$signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOINTERN, $outcert, explode(';', PLUGIN_SMIME_CACERTS), $tmpUserCert);
-				$openssl_error_code = $this->extract_openssl_error();
-				$this->validateSignedMessage($signed_ok, $openssl_error_code);
-				// Check if we need to import a newer certificate
-				$importCert = file_get_contents($outcert);
-				$parsedImportCert = openssl_x509_parse($importCert);
-				$parsedUserCert = openssl_x509_parse($userCert);
-				if ($signed_ok && $openssl_error_code !== OPENSSL_CA_VERIFY_FAIL) { // CA Checks out
-					$caCerts = $this->extractCAs($tmpfname);
-					// If validTo and validFrom are more in the future, emailAddress matches and OCSP check is valid, import newer certificate
-					if ($parsedImportCert['validTo'] > $parsedUserCert['validTo'] && $parsedImportCert['validFrom'] > $parsedUserCert['validFrom'] &&
-						getCertEmail($parsedImportCert) === getCertEmail($parsedUserCert) && verifyOCSP($importCert, $caCerts, $this->message) &&
-						$importMessageCert !== false) {
-						// Redundant
-						$importMessageCert = true;
-					}
-					else {
-						$importMessageCert = false;
-						verifyOCSP($userCert, $caCerts, $this->message);
-						break;
-					}
-				}
-			}
-		}
-		else {
-			// Works. Just leave it.
-			$signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOSIGS, $outcert, explode(';', PLUGIN_SMIME_CACERTS));
-			$openssl_error_code = $this->extract_openssl_error();
-			$this->validateSignedMessage($signed_ok, $openssl_error_code);
-
-			// OCSP check
-			if ($signed_ok && $openssl_error_code !== OPENSSL_CA_VERIFY_FAIL) { // CA Checks out
-				$userCert = file_get_contents($outcert);
-				$parsedImportCert = openssl_x509_parse($userCert);
-
-				$caCerts = $this->extractCAs($tmpfname);
-				if (!is_array($parsedImportCert) || !verifyOCSP($userCert, $caCerts, $this->message)) {
-					$importMessageCert = false;
-				}
-				// We don't have a certificate from the MAPI UserStore or LDAP, so we will set $userCert to $importCert
-				// so that we can verify the message according to the be imported certificate.
-			}
-			else { // No pubkey
-				$importMessageCert = false;
-				Log::write(LOGLEVEL_INFO, sprintf("[smime] Unable to verify message without public key, openssl error: '%s'", $this->openssl_error));
-				$this->message['success'] = SMIME_STATUS_FAIL;
-				$this->message['info'] = SMIME_CA;
-			}
-		}
-		// Certificate is newer or not yet imported to the user store and not revoked
-		// If certificate is from the GAB, then don't import it.
-		if ($importMessageCert && !$fromGAB) {
-			$signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOSIGS, $outcert, explode(';', PLUGIN_SMIME_CACERTS));
-			$openssl_error_code = $this->extract_openssl_error();
-			$this->validateSignedMessage($signed_ok, $openssl_error_code);
-			$userCert = file_get_contents($outcert);
-			$parsedImportCert = openssl_x509_parse($userCert);
-			// FIXME: doing this in importPublicKey too...
-			$certEmail = getCertEmail($parsedImportCert);
-			if (!empty($certEmail)) {
-				$this->importCertificate($userCert, $parsedImportCert, 'public', true);
-			}
-		}
-
-		// Remove extracted certificate from openssl_pkcs7_verify
-		unlink($outcert);
-
-		// remove the temporary file
-		unlink($tmpfname);
-
-		// Clean up temp cert
-		unlink($tmpUserCert);
-	}
-
-	/**
-	 * Function which decrypts an encrypted message.
-	 * The key should be unlocked and stored in the EncryptionStore for a successful decrypt
-	 * If the key isn't in the session, we give the user a message to unlock his certificate.
-	 *
-	 * @param {mixed} $data array of data from hook
-	 */
-	public function onEncrypted($data) {
-		// Cert unlocked, decode message
-		$this->message['success'] = SMIME_STATUS_INFO;
-		$this->message['info'] = SMIME_DECRYPT_FAILURE;
-
-		$this->message['type'] = 'encrypted';
-		$encryptionStore = EncryptionStore::getInstance();
-		$pass = $encryptionStore->get('smime');
-		if (isset($pass) && !empty($pass)) {
-			$certs = readPrivateCert($this->getStore(), $pass, false);
-			// create random file for saving the encrypted and body message
-			$tmpFile = tempnam(sys_get_temp_dir(), true);
-			$tmpDecrypted = tempnam(sys_get_temp_dir(), true);
-
-			// Write mime header. Because it's not provided in the attachment, otherwise openssl won't parse it
-			$fp = fopen($tmpFile, 'w');
-			fwrite($fp, "Content-Type: application/pkcs7-mime; name=\"smime.p7m\"; smime-type=enveloped-data\n");
-			fwrite($fp, "Content-Transfer-Encoding: base64\nContent-Disposition: attachment; filename=\"smime.p7m\"\n");
-			fwrite($fp, "Content-Description: S/MIME Encrypted Message\n\n");
-			fwrite($fp, chunk_split(base64_encode($data['data']), 72) . "\n");
-			fclose($fp);
-
-			$decryptStatus = false;
-			// If multiple private certs were decrypted with supplied password
-			if (!$certs['cert'] && count($certs) > 0) {
-				foreach ($certs as $cert) {
-					$decryptStatus = openssl_pkcs7_decrypt($tmpFile, $tmpDecrypted, $cert['cert'], [$cert['pkey'], $pass]);
-					if ($decryptStatus !== false) {
-						break;
-					}
-				}
-			}
-			else {
-				$decryptStatus = openssl_pkcs7_decrypt($tmpFile, $tmpDecrypted, $certs['cert'], [$certs['pkey'], $pass]);
-			}
-
-			$content = file_get_contents($tmpDecrypted);
-			// Handle OL empty body Outlook Signed & Encrypted mails.
-			// The S/MIME plugin has to extract the body from the signed message.
-			if (strpos($content, 'signed-data') !== false) {
-				$this->message['type'] = 'encryptsigned';
-				$olcert = tempnam(sys_get_temp_dir(), true);
-				$olmsg = tempnam(sys_get_temp_dir(), true);
-				openssl_pkcs7_verify($tmpDecrypted, PKCS7_NOVERIFY, $olcert);
-				openssl_pkcs7_verify($tmpDecrypted, PKCS7_NOVERIFY, $olcert, [], $olcert, $olmsg);
-				$content = file_get_contents($olmsg);
-				unlink($olmsg);
-				unlink($olcert);
-			}
-
-			$copyProps = mapi_getprops($data['message'], [PR_MESSAGE_DELIVERY_TIME, PR_SENDER_ENTRYID, PR_SENT_REPRESENTING_ENTRYID]);
-			mapi_inetmapi_imtomapi($GLOBALS['mapisession']->getSession(), $data['store'], $GLOBALS['mapisession']->getAddressbook(), $data['message'], $content, ['parse_smime_signed' => true]);
-			// Manually set time back to the received time, since mapi_inetmapi_imtomapi overwrites this
-			mapi_setprops($data['message'], $copyProps);
-
-			// remove temporary files
-			unlink($tmpFile);
-			unlink($tmpDecrypted);
-
-			// mapi_inetmapi_imtomapi removes the PR_MESSAGE_CLASS = 'IPM.Note.SMIME.MultipartSigned'
-			// So we need to check if the message was also signed by looking at the MIME_TAG in the eml
-			if (strpos($content, 'multipart/signed') !== false || strpos($content, 'signed-data') !== false) {
-				$this->message['type'] = 'encryptsigned';
-				$this->verifyMessage($data['message'], $content);
-			}
-			elseif ($decryptStatus) {
-				$this->message['info'] = SMIME_DECRYPT_SUCCESS;
-				$this->message['success'] = SMIME_STATUS_SUCCESS;
-			}
-			elseif ($this->extract_openssl_error() === OPENSSL_RECIPIENT_CERTIFICATE_MISMATCH) {
-				error_log("[smime] Error when decrypting email, openssl error: " . print_r($this->openssl_error, true));
-				Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Error when decrypting email, openssl error: '%s'", $this->openssl_error));
-				$this->message['info'] = SMIME_DECRYPT_CERT_MISMATCH;
-				$this->message['success'] = SMIME_STATUS_FAIL;
-			}
-		}
-		else {
-			$this->message['info'] = SMIME_UNLOCK_CERT;
-		}
-
-		if (!encryptionStoreExpirationSupport()) {
-			withPHPSession(function () use ($encryptionStore) {
-				$encryptionStore->add('smime', '');
-			});
-		}
-	}
-
-	/**
-	 * Function which calls verifyMessage to verify if the message isn't malformed during transport.
-	 *
-	 * @param {mixed} $data array of data from hook
-	 */
-	public function onSignedMessage($data) {
-		$this->message['type'] = 'signed';
-		$this->verifyMessage($data['message'], $data['data']);
-	}
-
-	/**
-	 * General function which parses the openssl_pkcs7_verify return value and the errors generated by
-	 * openssl_error_string().
-	 *
-	 * @param mixed $openssl_return
-	 * @param mixed $openssl_errors
-	 */
-	public function validateSignedMessage($openssl_return, $openssl_errors) {
-		if ($openssl_return === -1) {
-			$this->message['info'] = SMIME_ERROR;
-			$this->message['success'] = SMIME_STATUS_FAIL;
-		// Verification was successful
-		}
-		elseif ($openssl_return) {
-			$this->message['info'] = SMIME_SUCCESS;
-			$this->message['success'] = SMIME_STATUS_SUCCESS;
-		// Verification was not successful, display extra information.
-		}
-		else {
-			$this->message['success'] = SMIME_STATUS_FAIL;
-			if ($openssl_errors === OPENSSL_CA_VERIFY_FAIL) {
-				$this->message['info'] = SMIME_CA;
-			}
-			else { // Catch general errors
-				$this->message['info'] = SMIME_ERROR;
-			}
-		}
-	}
-
-	/**
-	 * Set smime key in $data array, which is send back to client
-	 * Since we can't create this array key in the hooks:
-	 * 'server.util.parse_smime.signed'
-	 * 'server.util.parse_smime.encrypted'.
-	 *
-	 * TODO: investigate if we can move away from this hook
-	 *
-	 * @param {mixed} $data
-	 */
-	public function onAfterOpen($data) {
-		if (isset($this->message) && !empty($this->message)) {
-			$data['data']['item']['props']['smime'] = $this->message;
-		}
-	}
-
-	/**
-	 * Handles the uploaded certificate in the settingsmenu in grommunio Web
-	 * - Opens the certificate with provided passphrase
-	 * - Checks if it can be used for signing/decrypting
-	 * - Verifies that the email address is equal to the
-	 * - Verifies that the certificate isn't expired and inform user.
-	 *
-	 * @param {mixed} $data
-	 */
-	public function onUploadCertificate($data) {
-		if ($data['sourcetype'] === 'certificate') {
-			$passphrase = $_POST['passphrase'];
-			$saveCert = false;
-			$tmpname = $data['tmpname'];
-			$message = '';
-
-			$certificate = file_get_contents($tmpname);
-			$emailAddress = $GLOBALS['mapisession']->getSMTPAddress();
-			list($message, $publickey, $publickeyData) = validateUploadedPKCS($certificate, $passphrase, $emailAddress);
-
-			// All checks completed successful
-			// Store private cert in users associated store (check for duplicates)
-			if (empty($message)) {
-				$certMessage = getMAPICert($this->getStore());
-				// TODO: update to serialNumber check
-				if ($certMessage && $certMessage[0][PR_MESSAGE_DELIVERY_TIME] == $publickeyData['validTo_time_t']) {
-					$message = _('Certificate is already stored on the server');
-				}
-				else {
-					$saveCert = true;
-					$root = mapi_msgstore_openentry($this->getStore(), null);
-					// Remove old certificate
-					/*
+    /**
+     * decrypted/verified message.
+     */
+    private $message = [];
+
+    /**
+     * Default MAPI Message Store.
+     */
+    private $store;
+
+    /**
+     * Last openssl error string.
+     */
+    private $openssl_error = "";
+
+    /**
+     * Called to initialize the plugin and register for hooks.
+     */
+    public function init() {
+        $this->registerHook('server.core.settings.init.before');
+        $this->registerHook('server.util.parse_smime.signed');
+        $this->registerHook('server.util.parse_smime.encrypted');
+        $this->registerHook('server.module.itemmodule.open.after');
+        $this->registerHook('server.core.operations.submitmessage');
+        $this->registerHook('server.upload_attachment.upload');
+        $this->registerHook('server.module.createmailitemmodule.beforesend');
+        $this->registerHook('server.index.load.custom');
+
+        if (version_compare(phpversion(), '5.4', '<')) {
+            $this->cipher = OPENSSL_CIPHER_3DES;
+        }
+        else {
+            $this->cipher = PLUGIN_SMIME_CIPHER;
+        }
+    }
+
+    /**
+     * Default message store.
+     *
+     * @return object MAPI Message store
+     */
+    public function getStore() {
+        if (!$this->store) {
+            $this->store = $GLOBALS['mapisession']->getDefaultMessageStore();
+        }
+
+        return $this->store;
+    }
+
+    /**
+     * Process the incoming events that where fired by the client.
+     *
+     * @param string $eventID Identifier of the hook
+     * @param array  $data    Reference to the data of the triggered hook
+     */
+    public function execute($eventID, &$data) {
+        switch ($eventID) {
+            // Register plugin
+            case 'server.core.settings.init.before':
+                $this->onBeforeSettingsInit($data);
+                break;
+            // Verify a signed or encrypted message when an email is opened
+            case 'server.util.parse_smime.signed':
+                $this->onSignedMessage($data);
+                break;
+
+            case 'server.util.parse_smime.encrypted':
+                $this->onEncrypted($data);
+                break;
+            // Add S/MIME property, which is send to the client
+            case 'server.module.itemmodule.open.after':
+                $this->onAfterOpen($data);
+                break;
+            // Catch uploaded certificate
+            case 'server.upload_attachment.upload':
+                $this->onUploadCertificate($data);
+                break;
+            // Sign email before sending
+            case 'server.core.operations.submitmessage':
+                $this->onBeforeSend($data);
+                break;
+            // Verify that we have public certificates for all recipients
+            case 'server.module.createmailitemmodule.beforesend':
+                $this->onCertificateCheck($data);
+                break;
+
+            case 'server.index.load.custom':
+                if ($data['name'] === 'smime_passphrase') {
+                    include 'templates/passphrase.tpl.php';
+
+                    exit();
+                }
+                if ($data['name'] === 'smime_passphrasecheck') {
+                    // No need to do anything, this is just used to trigger
+                    // the browser's autofill save password dialog.
+                    exit();
+                }
+                break;
+        }
+    }
+
+    /**
+     * Function checks if public certificate exists for all recipients and creates an error
+     * message for the frontend which includes the email address of the missing public
+     * certificates.
+     *
+     * If my own certificate is missing, a different error message is shown which informs the
+     * user that his own public certificate is missing and required for reading encrypted emails
+     * in the 'Sent items' folder.
+     *
+     * @param array $data Reference to the data of the triggered hook
+     */
+    public function onCertificateCheck($data) {
+        $entryid = $data['entryid'];
+        // FIXME: unittests, save trigger will pass $entryid is 0 (which will open the root folder and not the message we want)
+        if ($entryid === false) {
+            return;
+        }
+
+        if (!isset($data['action']['props']['smime']) || empty($data['action']['props']['smime'])) {
+            return;
+        }
+
+        $message = mapi_msgstore_openentry($data['store'], $entryid);
+        $module = $data['moduleObject'];
+        $data['success'] = true;
+
+        $messageClass = mapi_getprops($message, [PR_MESSAGE_CLASS]);
+        $messageClass = $messageClass[PR_MESSAGE_CLASS];
+        if ($messageClass !== 'IPM.Note.SMIME' && $messageClass !== 'IPM.Note.SMIME.SignedEncrypt') {
+            return;
+        }
+
+        $recipients = $data['action']['props']['smime'];
+        $missingCerts = [];
+
+        foreach ($recipients as $recipient) {
+            $email = $recipient['email'];
+
+            if (!$this->pubcertExists($email, $recipient['internal'])) {
+                array_push($missingCerts, $email);
+            }
+        }
+
+        if (empty($missingCerts)) {
+            return;
+        }
+
+        function missingMyself($email) {
+            return $GLOBALS['mapisession']->getSMTPAddress() === $email;
+        }
+
+        if (array_filter($missingCerts, "missingMyself") === []) {
+            $errorMsg = _('Missing public certificates for the following recipients: ') . implode(', ', $missingCerts) . _('. Please contact your system administrator for details');
+        }
+        else {
+            $errorMsg = _("Your public certificate is not installed. Without this certificate, you will not be able to read encrypted messages you have sent to others.");
+        }
+
+        $module->sendFeedback(false, ["type" => ERROR_GENERAL, "info" => ['display_message' => $errorMsg]]);
+        $data['success'] = false;
+    }
+
+    /**
+     * Function which verifies a message.
+     *
+     * TODO: Clean up flow
+     *
+     * @param mixed $message
+     * @param mixed $eml
+     */
+    public function verifyMessage($message, $eml) {
+        $userCert = '';
+        $tmpUserCert = tempnam(sys_get_temp_dir(), true);
+        $importMessageCert = true;
+        $fromGAB = false;
+
+        // TODO: worth to split fetching public certificate in a separate function?
+
+        // If user entry exists in GAB, try to retrieve public cert
+        // Public certificate from GAB in combination with LDAP saved in PR_EMS_AB_TAGGED_X509_CERT
+        $userProps = mapi_getprops($message, [PR_SENT_REPRESENTING_ENTRYID, PR_SENT_REPRESENTING_NAME]);
+        if (isset($userProps[PR_SENT_REPRESENTING_ENTRYID])) {
+            try {
+                $user = mapi_ab_openentry($GLOBALS['mapisession']->getAddressbook(), $userProps[PR_SENT_REPRESENTING_ENTRYID]);
+                $gabCert = $this->getGABCert($user);
+                if (!empty($gabCert)) {
+                    $fromGAB = true;
+                    // Put empty string into file? dafuq?
+                    file_put_contents($tmpUserCert, $userCert);
+                }
+            }
+            catch (MAPIException $e) {
+                $msg = "[smime] Unable to open PR_SENT_REPRESENTING_ENTRYID. Maybe %s was does not exists or deleted from server.";
+                Log::write(LOGLEVEL_ERROR, sprintf($msg, $userProps[PR_SENT_REPRESENTING_NAME]));
+                error_log("[smime] Unable to open PR_SENT_REPRESENTING_NAME: " . print_r($userProps[PR_SENT_REPRESENTING_NAME], true));
+                $this->message['success'] = SMIME_NOPUB;
+                $this->message['info'] = SMIME_USER_DETECT_FAILURE;
+            }
+        }
+
+        // When downloading an email as eml, $GLOBALS['operations'] isn't set, so add a check so that downloading works
+        // If the certificate is already fetch from the GAB, skip checking the userStore.
+        if (!$fromGAB && isset($GLOBALS['operations'])) {
+            $senderAddressArray = $this->getSenderAddress($message);
+            $senderAddressArray = $senderAddressArray['props'];
+            if ($senderAddressArray['address_type'] === 'SMTP') {
+                $emailAddr = $senderAddressArray['email_address'];
+            }
+            else {
+                $emailAddr = $senderAddressArray['smtp_address'];
+            }
+
+            // User not in AB,
+            // so get email address from either PR_SENT_REPRESENTING_NAME, PR_SEARCH_KEY or PR_SENT_REPRESENTING_SEARCH_KEY
+            // of the message
+            if (!$emailAddr) {
+                if (!empty($userProps[PR_SENT_REPRESENTING_NAME])) {
+                    $emailAddr = $userProps[PR_SENT_REPRESENTING_NAME];
+                }
+                else {
+                    $searchKeys = mapi_getprops($message, [PR_SEARCH_KEY, PR_SENT_REPRESENTING_SEARCH_KEY]);
+                    $searchKey = $searchKeys[PR_SEARCH_KEY] ?? $searchKeys[PR_SENT_REPRESENTING_SEARCH_KEY];
+                    if ($searchKey) {
+                        $emailAddr = $trim(strtolower(explode(':', $searchKey)[1]));
+                    }
+                }
+            }
+
+            if ($emailAddr) {
+                // Get all public certificates of $emailAddr stored on the server
+                $userCerts = $this->getPublicKey($emailAddr, true);
+            }
+        }
+
+        // Save signed message in a random file
+        $tmpfname = tempnam(sys_get_temp_dir(), true);
+        file_put_contents($tmpfname, $eml);
+
+        // Create random file for saving the signed message
+        $outcert = tempnam(sys_get_temp_dir(), true);
+
+        // Verify signed message
+        // Returns True if verified, False if tampered or signing certificate invalid OR -1 on error
+        if (count($userCerts) > 0) {
+            // Try to verify a certificate in the MAPI store
+            foreach ($userCerts as $userCert) {
+                $userCert = base64_decode($userCert);
+                // Save signed message in a random file
+                $tmpfname = tempnam(sys_get_temp_dir(), true);
+                file_put_contents($tmpfname, $eml);
+
+                // Create random file for saving the signed message
+                $outcert = tempnam(sys_get_temp_dir(), true);
+
+                if (!empty($userCert)) { // Check MAPI UserStore
+                    file_put_contents($tmpUserCert, $userCert);
+                }
+                $signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOINTERN, $outcert, explode(';', PLUGIN_SMIME_CACERTS), $tmpUserCert);
+                $openssl_error_code = $this->extract_openssl_error();
+                $this->validateSignedMessage($signed_ok, $openssl_error_code);
+                // Check if we need to import a newer certificate
+                $importCert = file_get_contents($outcert);
+                $parsedImportCert = openssl_x509_parse($importCert);
+                $parsedUserCert = openssl_x509_parse($userCert);
+                if ($signed_ok && $openssl_error_code !== OPENSSL_CA_VERIFY_FAIL) { // CA Checks out
+                    $caCerts = $this->extractCAs($tmpfname);
+                    // If validTo and validFrom are more in the future, emailAddress matches and OCSP check is valid, import newer certificate
+                    if ($parsedImportCert['validTo'] > $parsedUserCert['validTo'] && $parsedImportCert['validFrom'] > $parsedUserCert['validFrom'] &&
+                        getCertEmail($parsedImportCert) === getCertEmail($parsedUserCert) && verifyOCSP($importCert, $caCerts, $this->message) &&
+                        $importMessageCert !== false) {
+                        // Redundant
+                        $importMessageCert = true;
+                    }
+                    else {
+                        $importMessageCert = false;
+                        verifyOCSP($userCert, $caCerts, $this->message);
+                        break;
+                    }
+                }
+            }
+        }
+        else {
+            // Works. Just leave it.
+            $signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOSIGS, $outcert, explode(';', PLUGIN_SMIME_CACERTS));
+            $openssl_error_code = $this->extract_openssl_error();
+            $this->validateSignedMessage($signed_ok, $openssl_error_code);
+
+            // OCSP check
+            if ($signed_ok && $openssl_error_code !== OPENSSL_CA_VERIFY_FAIL) { // CA Checks out
+                $userCert = file_get_contents($outcert);
+                $parsedImportCert = openssl_x509_parse($userCert);
+
+                $caCerts = $this->extractCAs($tmpfname);
+                if (!is_array($parsedImportCert) || !verifyOCSP($userCert, $caCerts, $this->message)) {
+                    $importMessageCert = false;
+                }
+                // We don't have a certificate from the MAPI UserStore or LDAP, so we will set $userCert to $importCert
+                // so that we can verify the message according to the be imported certificate.
+            }
+            else { // No pubkey
+                $importMessageCert = false;
+                Log::write(LOGLEVEL_INFO, sprintf("[smime] Unable to verify message without public key, openssl error: '%s'", $this->openssl_error));
+                $this->message['success'] = SMIME_STATUS_FAIL;
+                $this->message['info'] = SMIME_CA;
+            }
+        }
+        // Certificate is newer or not yet imported to the user store and not revoked
+        // If certificate is from the GAB, then don't import it.
+        if ($importMessageCert && !$fromGAB) {
+            $signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOSIGS, $outcert, explode(';', PLUGIN_SMIME_CACERTS));
+            $openssl_error_code = $this->extract_openssl_error();
+            $this->validateSignedMessage($signed_ok, $openssl_error_code);
+            $userCert = file_get_contents($outcert);
+            $parsedImportCert = openssl_x509_parse($userCert);
+            // FIXME: doing this in importPublicKey too...
+            $certEmail = getCertEmail($parsedImportCert);
+            if (!empty($certEmail)) {
+                $this->importCertificate($userCert, $parsedImportCert, 'public', true);
+            }
+        }
+
+        // Remove extracted certificate from openssl_pkcs7_verify
+        unlink($outcert);
+
+        // remove the temporary file
+        unlink($tmpfname);
+
+        // Clean up temp cert
+        unlink($tmpUserCert);
+    }
+
+    /**
+     * Function which decrypts an encrypted message.
+     * The key should be unlocked and stored in the EncryptionStore for a successful decrypt
+     * If the key isn't in the session, we give the user a message to unlock his certificate.
+     *
+     * @param {mixed} $data array of data from hook
+     */
+    public function onEncrypted($data) {
+        // Cert unlocked, decode message
+        $this->message['success'] = SMIME_STATUS_INFO;
+        $this->message['info'] = SMIME_DECRYPT_FAILURE;
+
+        $this->message['type'] = 'encrypted';
+        $encryptionStore = EncryptionStore::getInstance();
+        $pass = $encryptionStore->get('smime');
+        if (isset($pass) && !empty($pass)) {
+            $certs = readPrivateCert($this->getStore(), $pass, false);
+            // create random file for saving the encrypted and body message
+            $tmpFile = tempnam(sys_get_temp_dir(), true);
+            $tmpDecrypted = tempnam(sys_get_temp_dir(), true);
+
+            // Write mime header. Because it's not provided in the attachment, otherwise openssl won't parse it
+            $fp = fopen($tmpFile, 'w');
+            fwrite($fp, "Content-Type: application/pkcs7-mime; name=\"smime.p7m\"; smime-type=enveloped-data\n");
+            fwrite($fp, "Content-Transfer-Encoding: base64\nContent-Disposition: attachment; filename=\"smime.p7m\"\n");
+            fwrite($fp, "Content-Description: S/MIME Encrypted Message\n\n");
+            fwrite($fp, chunk_split(base64_encode($data['data']), 72) . "\n");
+            fclose($fp);
+
+            $decryptStatus = false;
+            // If multiple private certs were decrypted with supplied password
+            if (!$certs['cert'] && count($certs) > 0) {
+                foreach ($certs as $cert) {
+                    $decryptStatus = openssl_pkcs7_decrypt($tmpFile, $tmpDecrypted, $cert['cert'], [$cert['pkey'], $pass]);
+                    if ($decryptStatus !== false) {
+                        break;
+                    }
+                }
+            }
+            else {
+                $decryptStatus = openssl_pkcs7_decrypt($tmpFile, $tmpDecrypted, $certs['cert'], [$certs['pkey'], $pass]);
+            }
+
+            $content = file_get_contents($tmpDecrypted);
+            // Handle OL empty body Outlook Signed & Encrypted mails.
+            // The S/MIME plugin has to extract the body from the signed message.
+            if (strpos($content, 'signed-data') !== false) {
+                $this->message['type'] = 'encryptsigned';
+                $olcert = tempnam(sys_get_temp_dir(), true);
+                $olmsg = tempnam(sys_get_temp_dir(), true);
+                openssl_pkcs7_verify($tmpDecrypted, PKCS7_NOVERIFY, $olcert);
+                openssl_pkcs7_verify($tmpDecrypted, PKCS7_NOVERIFY, $olcert, [], $olcert, $olmsg);
+                $content = file_get_contents($olmsg);
+                unlink($olmsg);
+                unlink($olcert);
+            }
+
+            $copyProps = mapi_getprops($data['message'], [PR_MESSAGE_DELIVERY_TIME, PR_SENDER_ENTRYID, PR_SENT_REPRESENTING_ENTRYID]);
+            mapi_inetmapi_imtomapi($GLOBALS['mapisession']->getSession(), $data['store'], $GLOBALS['mapisession']->getAddressbook(), $data['message'], $content, ['parse_smime_signed' => true]);
+            // Manually set time back to the received time, since mapi_inetmapi_imtomapi overwrites this
+            mapi_setprops($data['message'], $copyProps);
+
+            // remove temporary files
+            unlink($tmpFile);
+            unlink($tmpDecrypted);
+
+            // mapi_inetmapi_imtomapi removes the PR_MESSAGE_CLASS = 'IPM.Note.SMIME.MultipartSigned'
+            // So we need to check if the message was also signed by looking at the MIME_TAG in the eml
+            if (strpos($content, 'multipart/signed') !== false || strpos($content, 'signed-data') !== false) {
+                $this->message['type'] = 'encryptsigned';
+                $this->verifyMessage($data['message'], $content);
+            }
+            elseif ($decryptStatus) {
+                $this->message['info'] = SMIME_DECRYPT_SUCCESS;
+                $this->message['success'] = SMIME_STATUS_SUCCESS;
+            }
+            elseif ($this->extract_openssl_error() === OPENSSL_RECIPIENT_CERTIFICATE_MISMATCH) {
+                error_log("[smime] Error when decrypting email, openssl error: " . print_r($this->openssl_error, true));
+                Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Error when decrypting email, openssl error: '%s'", $this->openssl_error));
+                $this->message['info'] = SMIME_DECRYPT_CERT_MISMATCH;
+                $this->message['success'] = SMIME_STATUS_FAIL;
+            }
+        }
+        else {
+            $this->message['info'] = SMIME_UNLOCK_CERT;
+        }
+
+        if (!encryptionStoreExpirationSupport()) {
+            withPHPSession(function () use ($encryptionStore) {
+                $encryptionStore->add('smime', '');
+            });
+        }
+    }
+
+    /**
+     * Function which calls verifyMessage to verify if the message isn't malformed during transport.
+     *
+     * @param {mixed} $data array of data from hook
+     */
+    public function onSignedMessage($data) {
+        $this->message['type'] = 'signed';
+        $this->verifyMessage($data['message'], $data['data']);
+    }
+
+    /**
+     * General function which parses the openssl_pkcs7_verify return value and the errors generated by
+     * openssl_error_string().
+     *
+     * @param mixed $openssl_return
+     * @param mixed $openssl_errors
+     */
+    public function validateSignedMessage($openssl_return, $openssl_errors) {
+        if ($openssl_return === -1) {
+            $this->message['info'] = SMIME_ERROR;
+            $this->message['success'] = SMIME_STATUS_FAIL;
+        // Verification was successful
+        }
+        elseif ($openssl_return) {
+            $this->message['info'] = SMIME_SUCCESS;
+            $this->message['success'] = SMIME_STATUS_SUCCESS;
+        // Verification was not successful, display extra information.
+        }
+        else {
+            $this->message['success'] = SMIME_STATUS_FAIL;
+            if ($openssl_errors === OPENSSL_CA_VERIFY_FAIL) {
+                $this->message['info'] = SMIME_CA;
+            }
+            else { // Catch general errors
+                $this->message['info'] = SMIME_ERROR;
+            }
+        }
+    }
+
+    /**
+     * Set smime key in $data array, which is send back to client
+     * Since we can't create this array key in the hooks:
+     * 'server.util.parse_smime.signed'
+     * 'server.util.parse_smime.encrypted'.
+     *
+     * TODO: investigate if we can move away from this hook
+     *
+     * @param {mixed} $data
+     */
+    public function onAfterOpen($data) {
+        if (isset($this->message) && !empty($this->message)) {
+            $data['data']['item']['props']['smime'] = $this->message;
+        }
+    }
+
+    /**
+     * Handles the uploaded certificate in the settingsmenu in grommunio Web
+     * - Opens the certificate with provided passphrase
+     * - Checks if it can be used for signing/decrypting
+     * - Verifies that the email address is equal to the
+     * - Verifies that the certificate isn't expired and inform user.
+     *
+     * @param {mixed} $data
+     */
+    public function onUploadCertificate($data) {
+        if ($data['sourcetype'] === 'certificate') {
+            $passphrase = $_POST['passphrase'];
+            $saveCert = false;
+            $tmpname = $data['tmpname'];
+            $message = '';
+
+            $certificate = file_get_contents($tmpname);
+            $emailAddress = $GLOBALS['mapisession']->getSMTPAddress();
+            list($message, $publickey, $publickeyData) = validateUploadedPKCS($certificate, $passphrase, $emailAddress);
+
+            // All checks completed successful
+            // Store private cert in users associated store (check for duplicates)
+            if (empty($message)) {
+                $certMessage = getMAPICert($this->getStore());
+                // TODO: update to serialNumber check
+                if ($certMessage && $certMessage[0][PR_MESSAGE_DELIVERY_TIME] == $publickeyData['validTo_time_t']) {
+                    $message = _('Certificate is already stored on the server');
+                }
+                else {
+                    $saveCert = true;
+                    $root = mapi_msgstore_openentry($this->getStore(), null);
+                    // Remove old certificate
+                    /*
 					if($certMessage) {
 						// Delete private key
 						mapi_folder_deletemessages($root, array($certMessage[PR_ENTRYID]));
@@ -562,597 +562,597 @@ 
 						$message = _('Certificate uploaded');
 					}*/
 
-					$this->importCertificate($certificate, $publickeyData, 'private');
-
-					// Check if the user has a public key in the GAB.
-					$store_props = mapi_getprops($this->getStore(), [PR_USER_ENTRYID]);
-					$user = mapi_ab_openentry($GLOBALS['mapisession']->getAddressbook(), $store_props[PR_USER_ENTRYID]);
-
-					$this->importCertificate($publickey, $publickeyData, 'public', true);
-				}
-			}
-
-			$returnfiles = [];
-			$returnfiles[] = [
-				'props' => [
-					'attach_num' => -1,
-					'size' => $data['size'],
-					'name' => $data['name'],
-					'cert' => $saveCert,
-					'cert_warning' => $message,
-				],
-			];
-			$data['returnfiles'] = $returnfiles;
-		}
-	}
-
-	/**
-	 * This function handles the 'beforesend' hook which is triggered before sending the email.
-	 * If the PR_MESSAGE_CLASS is set to a signed email (IPM.Note.SMIME.Multipartsigned), this function
-	 * will convert the mapi message to RFC822, sign the eml and attach the signed email to the mapi message.
-	 *
-	 * @param {mixed} $data from php hook
-	 */
-	public function onBeforeSend(&$data) {
-		$store = $data['store'];
-		$message = $data['message'];
-
-		// Retrieve message class
-		$props = mapi_getprops($message, [PR_MESSAGE_CLASS, PR_EC_IMAP_EMAIL]);
-		$messageClass = $props[PR_MESSAGE_CLASS];
-
-		if (isset($messageClass) && (stripos($messageClass, 'IPM.Note.SMIME') !== false)) {
-			// FIXME: for now return when we are going to sign but we don't have the passphrase set
-			// This should never happen sign
-			$encryptionStore = \EncryptionStore::getInstance();
-			if (($messageClass === 'IPM.Note.SMIME.SignedEncrypt' || $messageClass === 'IPM.Note.SMIME.MultipartSigned') &&
-				!$encryptionStore->get('smime')) {
-				return;
-			}
-			// NOTE: setting message class to IPM.Note, so that mapi_inetmapi_imtoinet converts the message to plain email
-			// and doesn't fail when handling the attachments.
-			mapi_setprops($message, [PR_MESSAGE_CLASS => 'IPM.Note']);
-			mapi_savechanges($message);
-
-			// If RFC822-formatted stream is already available in PR_EC_IMAP_EMAIL property
-			// than directly use it, generate otherwise.
-			if (isset($props[PR_EC_IMAP_EMAIL]) || propIsError(PR_EC_IMAP_EMAIL, $props) == MAPI_E_NOT_ENOUGH_MEMORY) {
-				// Stream the message to properly get the PR_EC_IMAP_EMAIL property
-				$emlMessageStream = mapi_openproperty($message, PR_EC_IMAP_EMAIL, IID_IStream, 0, 0);
-			}
-			else {
-				// Read the message as RFC822-formatted e-mail stream.
-				$emlMessageStream = mapi_inetmapi_imtoinet($GLOBALS['mapisession']->getSession(), $GLOBALS['mapisession']->getAddressbook(), $message, []);
-			}
-
-			// Remove all attachments, since they are stored in the attached signed message
-			$atable = mapi_message_getattachmenttable($message);
-			$rows = mapi_table_queryallrows($atable, [PR_ATTACH_MIME_TAG, PR_ATTACH_NUM]);
-			foreach ($rows as $row) {
-				$attnum = $row[PR_ATTACH_NUM];
-				mapi_message_deleteattach($message, $attnum);
-			}
-
-			// create temporary files
-			$tmpSendEmail = tempnam(sys_get_temp_dir(), true);
-			$tmpSendSmimeEmail = tempnam(sys_get_temp_dir(), true);
-
-			// Save message stream to a file
-			$stat = mapi_stream_stat($emlMessageStream);
-
-			$fhandle = fopen($tmpSendEmail, 'w');
-			$buffer = null;
-			for ($i = 0; $i < $stat["cb"]; $i += BLOCK_SIZE) {
-				// Write stream
-				$buffer = mapi_stream_read($emlMessageStream, BLOCK_SIZE);
-				fwrite($fhandle, $buffer, strlen($buffer));
-			}
-			fclose($fhandle);
-
-			// Create attachment for S/MIME message
-			$signedAttach = mapi_message_createattach($message);
-			$smimeProps = [
-				PR_ATTACH_LONG_FILENAME => 'smime.p7m',
-				PR_DISPLAY_NAME => 'smime.p7m',
-				PR_ATTACH_METHOD => ATTACH_BY_VALUE,
-				PR_ATTACH_MIME_TAG => 'multipart/signed',
-				PR_ATTACHMENT_HIDDEN => true,
-			];
-
-			// Sign then Encrypt email
-			switch ($messageClass) {
-				case 'IPM.Note.SMIME.SignedEncrypt':
-					$tmpFile = tempnam(sys_get_temp_dir(), true);
-					$this->sign($tmpSendEmail, $tmpFile, $message, $signedAttach, $smimeProps);
-					$this->encrypt($tmpFile, $tmpSendSmimeEmail, $message, $signedAttach, $smimeProps);
-					unlink($tmpFile);
-					break;
-
-				case 'IPM.Note.SMIME.MultipartSigned':
-					$this->sign($tmpSendEmail, $tmpSendSmimeEmail, $message, $signedAttach, $smimeProps);
-					break;
-
-				case 'IPM.Note.SMIME':
-					$this->encrypt($tmpSendEmail, $tmpSendSmimeEmail, $message, $signedAttach, $smimeProps);
-					break;
-			}
-
-			// Save the signed message as attachment of the send email
-			$stream = mapi_openproperty($signedAttach, PR_ATTACH_DATA_BIN, IID_IStream, 0, MAPI_CREATE | MAPI_MODIFY);
-			$handle = fopen($tmpSendSmimeEmail, 'r');
-			while (!feof($handle)) {
-				$contents = fread($handle, BLOCK_SIZE);
-				mapi_stream_write($stream, $contents);
-			}
-			fclose($handle);
-
-			mapi_stream_commit($stream);
-
-			// remove tmp files
-			unlink($tmpSendSmimeEmail);
-			unlink($tmpSendEmail);
-
-			mapi_savechanges($signedAttach);
-			mapi_savechanges($message);
-		}
-	}
-
-	/**
-	 * Function to sign an email.
-	 *
-	 * @param object $infile       File eml to be encrypted
-	 * @param object $outfile      File
-	 * @param object $message      Mapi Message Object
-	 * @param object $signedAttach
-	 * @param array  $smimeProps
-	 */
-	public function sign(&$infile, &$outfile, &$message, &$signedAttach, $smimeProps) {
-		// Set mesageclass back to IPM.Note.SMIME.MultipartSigned
-		mapi_setprops($message, [PR_MESSAGE_CLASS => 'IPM.Note.SMIME.MultipartSigned']);
-		mapi_setprops($signedAttach, $smimeProps);
-
-		// Obtain private certificate
-		$encryptionStore = EncryptionStore::getInstance();
-		// Only the newest one is returned
-		$certs = readPrivateCert($this->getStore(), $encryptionStore->get('smime'));
-
-		// Retrieve intermediate CA's for verification, if available
-		if (isset($certs['extracerts'])) {
-			$tmpFile = tempnam(sys_get_temp_dir(), true);
-			file_put_contents($tmpFile, implode('', $certs['extracerts']));
-			$ok = openssl_pkcs7_sign($infile, $outfile, $certs['cert'], [$certs['pkey'], ''], [], PKCS7_DETACHED, $tmpFile);
-			if (!$ok) {
-				Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Unable to sign message with intermediate certificates, openssl error: '%s'", @openssl_error_string()));
-			}
-			unlink($tmpFile);
-		}
-		else {
-			$ok = openssl_pkcs7_sign($infile, $outfile, $certs['cert'], [$certs['pkey'], ''], [], PKCS7_DETACHED);
-			if (!$ok) {
-				Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Unable to sign message, openssl error: '%s'", @openssl_error_string()));
-			}
-		}
-	}
-
-	/**
-	 * Function to encrypt an email.
-	 *
-	 * @param object $infile       File eml to be encrypted
-	 * @param object $outfile      File
-	 * @param object $message      Mapi Message Object
-	 * @param object $signedAttach
-	 * @param array  $smimeProps
-	 */
-	public function encrypt(&$infile, &$outfile, &$message, &$signedAttach, $smimeProps) {
-		mapi_setprops($message, [PR_MESSAGE_CLASS => 'IPM.Note.SMIME']);
-		$smimeProps[PR_ATTACH_MIME_TAG] = "application/pkcs7-mime";
-		mapi_setprops($signedAttach, $smimeProps);
-
-		$publicCerts = $this->getPublicKeyForMessage($message);
-		// Always append our own certificate, so that the mail can be decrypted in 'Sent items'
-		// Prefer GAB public certificate above MAPI Store certificate.
-		$email = $GLOBALS['mapisession']->getSMTPAddress();
-		$user = $this->getGABUser($email);
-		$cert = $this->getGABCert($user);
-		if (empty($cert)) {
-			$cert = base64_decode($this->getPublicKey($email));
-		}
-
-		if (!empty($cert)) {
-			array_push($publicCerts, $cert);
-		}
-
-		$ok = openssl_pkcs7_encrypt($infile, $outfile, $publicCerts, [], 0, $this->cipher);
-		if (!$ok) {
-			error_log("[smime] unable to encrypt message, openssl error: " . print_r(@openssl_error_string(), true));
-			Log::Write(LOGLEVEL_ERROR, sprintf("[smime] unable to encrypt message, openssl error: '%s'", @openssl_error_string()));
-		}
-		$tmpEml = file_get_contents($outfile);
-
-		// Grab the base64 data, since MAPI requires it saved as decoded base64 string.
-		// FIXME: we can do better here
-		$matches = explode("\n\n", $tmpEml);
-		$base64 = str_replace("\n", "", $matches[1]);
-		file_put_contents($outfile, base64_decode($base64));
-
-		// Empty the body
-		mapi_setprops($message, [PR_BODY => ""]);
-	}
-
-	/**
-	 * Function which fetches the public certificates for all recipients (TO/CC/BCC) of a message
-	 * Always get the certificate of an address which expires last.
-	 *
-	 * @param object $message Mapi Message Object
-	 *
-	 * @return array of public certificates
-	 */
-	public function getPublicKeyForMessage($message) {
-		$recipientTable = mapi_message_getrecipienttable($message);
-		$recips = mapi_table_queryallrows($recipientTable, [PR_SMTP_ADDRESS, PR_RECIPIENT_TYPE, PR_ADDRTYPE], [RES_OR, [
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_RECIPIENT_TYPE,
-					VALUE => MAPI_BCC,
-				],
-			],
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_RECIPIENT_TYPE,
-					VALUE => MAPI_CC,
-				],
-			],
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_RECIPIENT_TYPE,
-					VALUE => MAPI_TO,
-				],
-			],
-		]]);
-
-		$publicCerts = [];
-		$storeCert = '';
-		$gabCert = '';
-
-		foreach ($recips as $recip) {
-			$emailAddr = $recip[PR_SMTP_ADDRESS];
-			$addrType = $recip[PR_ADDRTYPE];
-
-			if ($addrType === "ZARAFA" || $addrType === "EX") {
-				$user = $this->getGABUser($emailAddr);
-				$gabCert = $this->getGABCert($user);
-			}
-
-			$storeCert = $this->getPublicKey($emailAddr);
-
-			if (!empty($gabCert)) {
-				array_push($publicCerts, $gabCert);
-			}
-			elseif (!empty($storeCert)) {
-				array_push($publicCerts, base64_decode($storeCert));
-			}
-		}
-
-		return $publicCerts;
-	}
-
-	/**
-	 * Retrieves the public certificates stored in the MAPI UserStore and belonging to the
-	 * emailAdddress, returns "" if there is no certificate for that user.
-	 *
-	 * @param {String} emailAddress
-	 * @param mixed $emailAddress
-	 * @param mixed $multiple
-	 *
-	 * @return {String} $certificate
-	 */
-	public function getPublicKey($emailAddress, $multiple = false) {
-		$certificates = [];
-
-		$certs = getMAPICert($this->getStore(), 'WebApp.Security.Public', $emailAddress);
-
-		if ($certs && count($certs) > 0) {
-			foreach ($certs as $cert) {
-				$pubkey = mapi_msgstore_openentry($this->getStore(), $cert[PR_ENTRYID]);
-				$certificate = "";
-				if ($pubkey != false) {
-					// retrieve pkcs#11 certificate from body
-					$stream = mapi_openproperty($pubkey, PR_BODY, IID_IStream, 0, 0);
-					$stat = mapi_stream_stat($stream);
-					mapi_stream_seek($stream, 0, STREAM_SEEK_SET);
-					for ($i = 0; $i < $stat['cb']; $i += 1024) {
-						$certificate .= mapi_stream_read($stream, 1024);
-					}
-					array_push($certificates, $certificate);
-				}
-			}
-		}
-
-		return $multiple ? $certificates : ($certificates[0] ?? '');
-	}
-
-	/**
-	 * Function which is used to check if there is a public certificate for the provided emailAddress.
-	 *
-	 * @param {String} emailAddress emailAddres of recipient
-	 * @param {Boolean} gabUser is the user of PR_ADDRTYPE == ZARAFA
-	 * @param mixed $emailAddress
-	 * @param mixed $gabUser
-	 *
-	 * @return {Boolean} true if public certificate exists
-	 */
-	public function pubcertExists($emailAddress, $gabUser = false) {
-		if ($gabUser) {
-			$user = $this->getGABUser($emailAddress);
-			$gabCert = $this->getGABCert($user);
-			if ($user && !empty($gabCert)) {
-				return true;
-			}
-		}
-
-		$root = mapi_msgstore_openentry($this->getStore(), null);
-		$table = mapi_folder_getcontentstable($root, MAPI_ASSOCIATED);
-
-		// Restriction for public certificates which are from the recipient of the email, are active and have the correct message_class
-		$restrict = [RES_AND, [
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_MESSAGE_CLASS,
-					VALUE => [PR_MESSAGE_CLASS => "WebApp.Security.Public"],
-				],
-			],
-			[RES_PROPERTY,
-				[
-					RELOP => RELOP_EQ,
-					ULPROPTAG => PR_SUBJECT,
-					VALUE => [PR_SUBJECT => $emailAddress],
-				],
-			],
-		]];
-		mapi_table_restrict($table, $restrict, TBL_BATCH);
-		mapi_table_sort($table, [PR_MESSAGE_DELIVERY_TIME => TABLE_SORT_DESCEND], TBL_BATCH);
-
-		$rows = mapi_table_queryallrows($table, [PR_SUBJECT, PR_ENTRYID, PR_MESSAGE_DELIVERY_TIME, PR_CLIENT_SUBMIT_TIME], $restrict);
-
-		return !empty($rows);
-	}
-
-	/**
-	 * Helper functions which extracts the errors from openssl_error_string()
-	 * Example error from openssl_error_string(): error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
-	 * Note that openssl_error_string() returns an error when verifying is successful, this is a bug in PHP https://bugs.php.net/bug.php?id=50713.
-	 *
-	 * @return {String}
-	 */
-	public function extract_openssl_error() {
-		// TODO: should catch more errors by using while($error = @openssl_error_string())
-		$this->openssl_error = @openssl_error_string();
-		$openssl_error_code = 0;
-		if ($this->openssl_error) {
-			$openssl_error_list = explode(":", $this->openssl_error);
-			$openssl_error_code = $openssl_error_list[1];
-		}
-
-		return $openssl_error_code;
-	}
-
-	/**
-	 * Extract the intermediate certificates from the signed email. Uses kopano_smime's
-	 * two functions, to extract the PKCS#7 blob and then converts the PKCS#7 blob to
-	 * X509 certificates using kopano_pkcs7_read.
-	 *
-	 * @param string $emlfile - the s/mime message
-	 *
-	 * @return array a list of extracted intermediate certificates
-	 */
-	public function extractCAs($emlfile) {
-		$php72 = version_compare(phpversion(), "7.2.0") >= 0;
-		$phpcompat = function_exists('kopano_pkcs7_verify') && function_exists('kopano_pkcs7_read');
-		if (!$phpcompat && !$php72) {
-			return [];
-		}
-
-		$certfile = tempnam(sys_get_temp_dir(), true);
-		$outfile = tempnam(sys_get_temp_dir(), true);
-		$p7bfile = tempnam(sys_get_temp_dir(), true);
-
-		if ($php72) {
-			openssl_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile);
-			openssl_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile, [], $certfile, $outfile, $p7bfile);
-		}
-		else {
-			kopano_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile);
-			kopano_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile, [], $certfile, $outfile, $p7bfile);
-		}
-
-		$cas = [];
-		$p7b = file_get_contents($p7bfile);
-		if ($php72) {
-			openssl_pkcs7_read($p7b, $cas);
-		}
-		else {
-			// FIXME: Without the error_log, kopano_pkcs7_verify does not work (wtf).
-			error_log($p7b);
-			kopano_pkcs7_read($p7b, $cas);
-		}
-		unlink($certfile);
-		unlink($outfile);
-		unlink($p7bfile);
-
-		return $cas;
-	}
-
-	/**
-	 * Imports certificate in the MAPI Root Associated Folder.
-	 *
-	 * Private key, always insert certificate
-	 * Public key, check if we already have one stored
-	 *
-	 * @param string $cert     certificate body as a string
-	 * @param mixed  $certData an array with the parsed certificate data
-	 * @param string $type     certificate type, default 'public'
-	 * @param bool   $force    force import the certificate even though we have one already stored in the MAPI Store.
-	 *                         FIXME: remove $force in the future and move the check for newer certificate in this function.
-	 */
-	public function importCertificate($cert, $certData, $type = 'public', $force = false) {
-		$certEmail = getCertEmail($certData);
-		if (!$this->pubcertExists($certEmail) || $force || $type === 'private') {
-			$issued_by = "";
-			foreach (array_keys($certData['issuer']) as $key) {
-				$issued_by .= $key . '=' . $certData['issuer'][$key] . "\n";
-			}
-
-			$root = mapi_msgstore_openentry($this->getStore(), null);
-			$assocMessage = mapi_folder_createmessage($root, MAPI_ASSOCIATED);
-			// TODO: write these properties down.
-			mapi_setprops($assocMessage, [
-				PR_SUBJECT => $certEmail,
-				PR_MESSAGE_CLASS => $type == 'public' ? 'WebApp.Security.Public' : 'WebApp.Security.Private',
-				PR_MESSAGE_DELIVERY_TIME => $certData['validTo_time_t'],
-				PR_CLIENT_SUBMIT_TIME => $certData['validFrom_time_t'],
-				PR_SENDER_NAME => $certData['serialNumber'], // serial
-				PR_SENDER_EMAIL_ADDRESS => $issued_by, // Issuer To
-				PR_SUBJECT_PREFIX => '',
-				PR_RECEIVED_BY_NAME => $this->fingerprint_cert($cert, 'sha1'), // SHA1 Fingerprint
-				PR_INTERNET_MESSAGE_ID => $this->fingerprint_cert($cert), // MD5 FingerPrint
-			]);
-			// Save attachment
-			$msgBody = base64_encode($cert);
-			$stream = mapi_openproperty($assocMessage, PR_BODY, IID_IStream, 0, MAPI_CREATE | MAPI_MODIFY);
-			mapi_stream_setsize($stream, strlen($msgBody));
-			mapi_stream_write($stream, $msgBody);
-			mapi_stream_commit($stream);
-			mapi_message_savechanges($assocMessage);
-		}
-	}
-
-	/**
-	 * Function which returns the fingerprint (hash) of the certificate.
-	 *
-	 * @param {string} $cert certificate body as a string
-	 * @param {string} $hash optional hash algorithm
-	 * @param mixed $body
-	 */
-	public function fingerprint_cert($body, $hash = 'md5') {
-		// TODO: Note for PHP > 5.6 we can use openssl_x509_fingerprint
-		$body = str_replace('-----BEGIN CERTIFICATE-----', '', $body);
-		$body = str_replace('-----END CERTIFICATE-----', '', $body);
-		$body = base64_decode($body);
-
-		if ($hash === 'sha1') {
-			$fingerprint = sha1($body);
-		}
-		else {
-			$fingerprint = md5($body);
-		}
-
-		// Format 1000AB as 10:00:AB
-		return strtoupper(implode(':', str_split($fingerprint, 2)));
-	}
-
-	/**
-	 * Retrieve the GAB User.
-	 *
-	 * FIXME: ideally this would be a public function in grommunio Web.
-	 *
-	 * @param string $email the email address of the user
-	 *
-	 * @return mixed $user boolean if false else MAPIObject
-	 */
-	public function getGABUser($email) {
-		$addrbook = $GLOBALS["mapisession"]->getAddressbook();
-		$userArr = [[PR_DISPLAY_NAME => $email]];
-		$user = false;
-
-		try {
-			$user = mapi_ab_resolvename($addrbook, $userArr, EMS_AB_ADDRESS_LOOKUP);
-			$user = mapi_ab_openentry($addrbook, $user[0][PR_ENTRYID]);
-		}
-		catch (MAPIException $e) {
-			$e->setHandled();
-		}
-
-		return $user;
-	}
-
-	/**
-	 * Retrieve the PR_EMS_AB_TAGGED_X509_CERT.
-	 *
-	 * @param MAPIObject $user the GAB user
-	 *
-	 * @return string $cert the certificate, empty if not found
-	 */
-	public function getGABCert($user) {
-		$cert = '';
-		$userCertArray = mapi_getprops($user, [PR_EMS_AB_TAGGED_X509_CERT]);
-		if (isset($userCertArray[PR_EMS_AB_TAGGED_X509_CERT])) {
-			$cert = der2pem($userCertArray[PR_EMS_AB_TAGGED_X509_CERT][0]);
-		}
-
-		return $cert;
-	}
-
-	/**
-	 * Called when the core Settings class is initialized and ready to accept sysadmin default
-	 * settings. Registers the sysadmin defaults for the example plugin.
-	 *
-	 * @param {mixed} $data Reference to the data of the triggered hook
-	 */
-	public function onBeforeSettingsInit(&$data) {
-		$data['settingsObj']->addSysAdminDefaults([
-			'zarafa' => [
-				'v1' => [
-					'plugins' => [
-						'smime' => [
-							'enable' => defined('PLUGIN_SMIME_USER_DEFAULT_ENABLE_SMIME') && PLUGIN_SMIME_USER_DEFAULT_ENABLE_SMIME,
-							'passphrase_cache' => defined('PLUGIN_SMIME_PASSPHRASE_REMEMBER_BROWSER') && PLUGIN_SMIME_PASSPHRASE_REMEMBER_BROWSER,
-						],
-					],
-				],
-			],
-		]);
-	}
-
-	/**
-	 * Get sender structure of the MAPI Message.
-	 *
-	 * @param mapimessage $mapiMessage MAPI Message resource from which we need to get the sender
-	 *
-	 * @return array with properties
-	 */
-	public function getSenderAddress($mapiMessage) {
-		if (!method_exists($GLOBALS['operations'], 'getSenderAddress')) {
-			$messageProps = mapi_getprops($mapiMessage, [PR_SENT_REPRESENTING_ENTRYID, PR_SENDER_ENTRYID]);
-			$senderEntryID = isset($messageProps[PR_SENT_REPRESENTING_ENTRYID]) ? $messageProps[PR_SENT_REPRESENTING_ENTRYID] : $messageProps[PR_SENDER_ENTRYID];
-
-			try {
-				$senderUser = mapi_ab_openentry($GLOBALS["mapisession"]->getAddressbook(), $senderEntryID);
-				if ($senderUser) {
-					$userprops = mapi_getprops($senderUser, [PR_ADDRTYPE, PR_DISPLAY_NAME, PR_EMAIL_ADDRESS, PR_SMTP_ADDRESS, PR_OBJECT_TYPE, PR_RECIPIENT_TYPE, PR_DISPLAY_TYPE, PR_DISPLAY_TYPE_EX, PR_ENTRYID]);
-
-					$senderStructure = [];
-					$senderStructure["props"]['entryid'] = bin2hex($userprops[PR_ENTRYID]);
-					$senderStructure["props"]['display_name'] = isset($userprops[PR_DISPLAY_NAME]) ? $userprops[PR_DISPLAY_NAME] : '';
-					$senderStructure["props"]['email_address'] = isset($userprops[PR_EMAIL_ADDRESS]) ? $userprops[PR_EMAIL_ADDRESS] : '';
-					$senderStructure["props"]['smtp_address'] = isset($userprops[PR_SMTP_ADDRESS]) ? $userprops[PR_SMTP_ADDRESS] : '';
-					$senderStructure["props"]['address_type'] = isset($userprops[PR_ADDRTYPE]) ? $userprops[PR_ADDRTYPE] : '';
-					$senderStructure["props"]['object_type'] = $userprops[PR_OBJECT_TYPE];
-					$senderStructure["props"]['recipient_type'] = MAPI_TO;
-					$senderStructure["props"]['display_type'] = isset($userprops[PR_DISPLAY_TYPE]) ? $userprops[PR_DISPLAY_TYPE] : MAPI_MAILUSER;
-					$senderStructure["props"]['display_type_ex'] = isset($userprops[PR_DISPLAY_TYPE_EX]) ? $userprops[PR_DISPLAY_TYPE_EX] : MAPI_MAILUSER;
-				}
-			}
-			catch (MAPIException $e) {
-				Log::write(LOGLEVEL_ERROR, sprintf("%s %s", $e, $userProps[PR_SENT_REPRESENTING_NAME]));
-			}
-
-			return $senderStructure;
-		}
-
-		return $GLOBALS["operations"]->getSenderAddress($mapiMessage);
-	}
+                    $this->importCertificate($certificate, $publickeyData, 'private');
+
+                    // Check if the user has a public key in the GAB.
+                    $store_props = mapi_getprops($this->getStore(), [PR_USER_ENTRYID]);
+                    $user = mapi_ab_openentry($GLOBALS['mapisession']->getAddressbook(), $store_props[PR_USER_ENTRYID]);
+
+                    $this->importCertificate($publickey, $publickeyData, 'public', true);
+                }
+            }
+
+            $returnfiles = [];
+            $returnfiles[] = [
+                'props' => [
+                    'attach_num' => -1,
+                    'size' => $data['size'],
+                    'name' => $data['name'],
+                    'cert' => $saveCert,
+                    'cert_warning' => $message,
+                ],
+            ];
+            $data['returnfiles'] = $returnfiles;
+        }
+    }
+
+    /**
+     * This function handles the 'beforesend' hook which is triggered before sending the email.
+     * If the PR_MESSAGE_CLASS is set to a signed email (IPM.Note.SMIME.Multipartsigned), this function
+     * will convert the mapi message to RFC822, sign the eml and attach the signed email to the mapi message.
+     *
+     * @param {mixed} $data from php hook
+     */
+    public function onBeforeSend(&$data) {
+        $store = $data['store'];
+        $message = $data['message'];
+
+        // Retrieve message class
+        $props = mapi_getprops($message, [PR_MESSAGE_CLASS, PR_EC_IMAP_EMAIL]);
+        $messageClass = $props[PR_MESSAGE_CLASS];
+
+        if (isset($messageClass) && (stripos($messageClass, 'IPM.Note.SMIME') !== false)) {
+            // FIXME: for now return when we are going to sign but we don't have the passphrase set
+            // This should never happen sign
+            $encryptionStore = \EncryptionStore::getInstance();
+            if (($messageClass === 'IPM.Note.SMIME.SignedEncrypt' || $messageClass === 'IPM.Note.SMIME.MultipartSigned') &&
+                !$encryptionStore->get('smime')) {
+                return;
+            }
+            // NOTE: setting message class to IPM.Note, so that mapi_inetmapi_imtoinet converts the message to plain email
+            // and doesn't fail when handling the attachments.
+            mapi_setprops($message, [PR_MESSAGE_CLASS => 'IPM.Note']);
+            mapi_savechanges($message);
+
+            // If RFC822-formatted stream is already available in PR_EC_IMAP_EMAIL property
+            // than directly use it, generate otherwise.
+            if (isset($props[PR_EC_IMAP_EMAIL]) || propIsError(PR_EC_IMAP_EMAIL, $props) == MAPI_E_NOT_ENOUGH_MEMORY) {
+                // Stream the message to properly get the PR_EC_IMAP_EMAIL property
+                $emlMessageStream = mapi_openproperty($message, PR_EC_IMAP_EMAIL, IID_IStream, 0, 0);
+            }
+            else {
+                // Read the message as RFC822-formatted e-mail stream.
+                $emlMessageStream = mapi_inetmapi_imtoinet($GLOBALS['mapisession']->getSession(), $GLOBALS['mapisession']->getAddressbook(), $message, []);
+            }
+
+            // Remove all attachments, since they are stored in the attached signed message
+            $atable = mapi_message_getattachmenttable($message);
+            $rows = mapi_table_queryallrows($atable, [PR_ATTACH_MIME_TAG, PR_ATTACH_NUM]);
+            foreach ($rows as $row) {
+                $attnum = $row[PR_ATTACH_NUM];
+                mapi_message_deleteattach($message, $attnum);
+            }
+
+            // create temporary files
+            $tmpSendEmail = tempnam(sys_get_temp_dir(), true);
+            $tmpSendSmimeEmail = tempnam(sys_get_temp_dir(), true);
+
+            // Save message stream to a file
+            $stat = mapi_stream_stat($emlMessageStream);
+
+            $fhandle = fopen($tmpSendEmail, 'w');
+            $buffer = null;
+            for ($i = 0; $i < $stat["cb"]; $i += BLOCK_SIZE) {
+                // Write stream
+                $buffer = mapi_stream_read($emlMessageStream, BLOCK_SIZE);
+                fwrite($fhandle, $buffer, strlen($buffer));
+            }
+            fclose($fhandle);
+
+            // Create attachment for S/MIME message
+            $signedAttach = mapi_message_createattach($message);
+            $smimeProps = [
+                PR_ATTACH_LONG_FILENAME => 'smime.p7m',
+                PR_DISPLAY_NAME => 'smime.p7m',
+                PR_ATTACH_METHOD => ATTACH_BY_VALUE,
+                PR_ATTACH_MIME_TAG => 'multipart/signed',
+                PR_ATTACHMENT_HIDDEN => true,
+            ];
+
+            // Sign then Encrypt email
+            switch ($messageClass) {
+                case 'IPM.Note.SMIME.SignedEncrypt':
+                    $tmpFile = tempnam(sys_get_temp_dir(), true);
+                    $this->sign($tmpSendEmail, $tmpFile, $message, $signedAttach, $smimeProps);
+                    $this->encrypt($tmpFile, $tmpSendSmimeEmail, $message, $signedAttach, $smimeProps);
+                    unlink($tmpFile);
+                    break;
+
+                case 'IPM.Note.SMIME.MultipartSigned':
+                    $this->sign($tmpSendEmail, $tmpSendSmimeEmail, $message, $signedAttach, $smimeProps);
+                    break;
+
+                case 'IPM.Note.SMIME':
+                    $this->encrypt($tmpSendEmail, $tmpSendSmimeEmail, $message, $signedAttach, $smimeProps);
+                    break;
+            }
+
+            // Save the signed message as attachment of the send email
+            $stream = mapi_openproperty($signedAttach, PR_ATTACH_DATA_BIN, IID_IStream, 0, MAPI_CREATE | MAPI_MODIFY);
+            $handle = fopen($tmpSendSmimeEmail, 'r');
+            while (!feof($handle)) {
+                $contents = fread($handle, BLOCK_SIZE);
+                mapi_stream_write($stream, $contents);
+            }
+            fclose($handle);
+
+            mapi_stream_commit($stream);
+
+            // remove tmp files
+            unlink($tmpSendSmimeEmail);
+            unlink($tmpSendEmail);
+
+            mapi_savechanges($signedAttach);
+            mapi_savechanges($message);
+        }
+    }
+
+    /**
+     * Function to sign an email.
+     *
+     * @param object $infile       File eml to be encrypted
+     * @param object $outfile      File
+     * @param object $message      Mapi Message Object
+     * @param object $signedAttach
+     * @param array  $smimeProps
+     */
+    public function sign(&$infile, &$outfile, &$message, &$signedAttach, $smimeProps) {
+        // Set mesageclass back to IPM.Note.SMIME.MultipartSigned
+        mapi_setprops($message, [PR_MESSAGE_CLASS => 'IPM.Note.SMIME.MultipartSigned']);
+        mapi_setprops($signedAttach, $smimeProps);
+
+        // Obtain private certificate
+        $encryptionStore = EncryptionStore::getInstance();
+        // Only the newest one is returned
+        $certs = readPrivateCert($this->getStore(), $encryptionStore->get('smime'));
+
+        // Retrieve intermediate CA's for verification, if available
+        if (isset($certs['extracerts'])) {
+            $tmpFile = tempnam(sys_get_temp_dir(), true);
+            file_put_contents($tmpFile, implode('', $certs['extracerts']));
+            $ok = openssl_pkcs7_sign($infile, $outfile, $certs['cert'], [$certs['pkey'], ''], [], PKCS7_DETACHED, $tmpFile);
+            if (!$ok) {
+                Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Unable to sign message with intermediate certificates, openssl error: '%s'", @openssl_error_string()));
+            }
+            unlink($tmpFile);
+        }
+        else {
+            $ok = openssl_pkcs7_sign($infile, $outfile, $certs['cert'], [$certs['pkey'], ''], [], PKCS7_DETACHED);
+            if (!$ok) {
+                Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Unable to sign message, openssl error: '%s'", @openssl_error_string()));
+            }
+        }
+    }
+
+    /**
+     * Function to encrypt an email.
+     *
+     * @param object $infile       File eml to be encrypted
+     * @param object $outfile      File
+     * @param object $message      Mapi Message Object
+     * @param object $signedAttach
+     * @param array  $smimeProps
+     */
+    public function encrypt(&$infile, &$outfile, &$message, &$signedAttach, $smimeProps) {
+        mapi_setprops($message, [PR_MESSAGE_CLASS => 'IPM.Note.SMIME']);
+        $smimeProps[PR_ATTACH_MIME_TAG] = "application/pkcs7-mime";
+        mapi_setprops($signedAttach, $smimeProps);
+
+        $publicCerts = $this->getPublicKeyForMessage($message);
+        // Always append our own certificate, so that the mail can be decrypted in 'Sent items'
+        // Prefer GAB public certificate above MAPI Store certificate.
+        $email = $GLOBALS['mapisession']->getSMTPAddress();
+        $user = $this->getGABUser($email);
+        $cert = $this->getGABCert($user);
+        if (empty($cert)) {
+            $cert = base64_decode($this->getPublicKey($email));
+        }
+
+        if (!empty($cert)) {
+            array_push($publicCerts, $cert);
+        }
+
+        $ok = openssl_pkcs7_encrypt($infile, $outfile, $publicCerts, [], 0, $this->cipher);
+        if (!$ok) {
+            error_log("[smime] unable to encrypt message, openssl error: " . print_r(@openssl_error_string(), true));
+            Log::Write(LOGLEVEL_ERROR, sprintf("[smime] unable to encrypt message, openssl error: '%s'", @openssl_error_string()));
+        }
+        $tmpEml = file_get_contents($outfile);
+
+        // Grab the base64 data, since MAPI requires it saved as decoded base64 string.
+        // FIXME: we can do better here
+        $matches = explode("\n\n", $tmpEml);
+        $base64 = str_replace("\n", "", $matches[1]);
+        file_put_contents($outfile, base64_decode($base64));
+
+        // Empty the body
+        mapi_setprops($message, [PR_BODY => ""]);
+    }
+
+    /**
+     * Function which fetches the public certificates for all recipients (TO/CC/BCC) of a message
+     * Always get the certificate of an address which expires last.
+     *
+     * @param object $message Mapi Message Object
+     *
+     * @return array of public certificates
+     */
+    public function getPublicKeyForMessage($message) {
+        $recipientTable = mapi_message_getrecipienttable($message);
+        $recips = mapi_table_queryallrows($recipientTable, [PR_SMTP_ADDRESS, PR_RECIPIENT_TYPE, PR_ADDRTYPE], [RES_OR, [
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_RECIPIENT_TYPE,
+                    VALUE => MAPI_BCC,
+                ],
+            ],
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_RECIPIENT_TYPE,
+                    VALUE => MAPI_CC,
+                ],
+            ],
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_RECIPIENT_TYPE,
+                    VALUE => MAPI_TO,
+                ],
+            ],
+        ]]);
+
+        $publicCerts = [];
+        $storeCert = '';
+        $gabCert = '';
+
+        foreach ($recips as $recip) {
+            $emailAddr = $recip[PR_SMTP_ADDRESS];
+            $addrType = $recip[PR_ADDRTYPE];
+
+            if ($addrType === "ZARAFA" || $addrType === "EX") {
+                $user = $this->getGABUser($emailAddr);
+                $gabCert = $this->getGABCert($user);
+            }
+
+            $storeCert = $this->getPublicKey($emailAddr);
+
+            if (!empty($gabCert)) {
+                array_push($publicCerts, $gabCert);
+            }
+            elseif (!empty($storeCert)) {
+                array_push($publicCerts, base64_decode($storeCert));
+            }
+        }
+
+        return $publicCerts;
+    }
+
+    /**
+     * Retrieves the public certificates stored in the MAPI UserStore and belonging to the
+     * emailAdddress, returns "" if there is no certificate for that user.
+     *
+     * @param {String} emailAddress
+     * @param mixed $emailAddress
+     * @param mixed $multiple
+     *
+     * @return {String} $certificate
+     */
+    public function getPublicKey($emailAddress, $multiple = false) {
+        $certificates = [];
+
+        $certs = getMAPICert($this->getStore(), 'WebApp.Security.Public', $emailAddress);
+
+        if ($certs && count($certs) > 0) {
+            foreach ($certs as $cert) {
+                $pubkey = mapi_msgstore_openentry($this->getStore(), $cert[PR_ENTRYID]);
+                $certificate = "";
+                if ($pubkey != false) {
+                    // retrieve pkcs#11 certificate from body
+                    $stream = mapi_openproperty($pubkey, PR_BODY, IID_IStream, 0, 0);
+                    $stat = mapi_stream_stat($stream);
+                    mapi_stream_seek($stream, 0, STREAM_SEEK_SET);
+                    for ($i = 0; $i < $stat['cb']; $i += 1024) {
+                        $certificate .= mapi_stream_read($stream, 1024);
+                    }
+                    array_push($certificates, $certificate);
+                }
+            }
+        }
+
+        return $multiple ? $certificates : ($certificates[0] ?? '');
+    }
+
+    /**
+     * Function which is used to check if there is a public certificate for the provided emailAddress.
+     *
+     * @param {String} emailAddress emailAddres of recipient
+     * @param {Boolean} gabUser is the user of PR_ADDRTYPE == ZARAFA
+     * @param mixed $emailAddress
+     * @param mixed $gabUser
+     *
+     * @return {Boolean} true if public certificate exists
+     */
+    public function pubcertExists($emailAddress, $gabUser = false) {
+        if ($gabUser) {
+            $user = $this->getGABUser($emailAddress);
+            $gabCert = $this->getGABCert($user);
+            if ($user && !empty($gabCert)) {
+                return true;
+            }
+        }
+
+        $root = mapi_msgstore_openentry($this->getStore(), null);
+        $table = mapi_folder_getcontentstable($root, MAPI_ASSOCIATED);
+
+        // Restriction for public certificates which are from the recipient of the email, are active and have the correct message_class
+        $restrict = [RES_AND, [
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_MESSAGE_CLASS,
+                    VALUE => [PR_MESSAGE_CLASS => "WebApp.Security.Public"],
+                ],
+            ],
+            [RES_PROPERTY,
+                [
+                    RELOP => RELOP_EQ,
+                    ULPROPTAG => PR_SUBJECT,
+                    VALUE => [PR_SUBJECT => $emailAddress],
+                ],
+            ],
+        ]];
+        mapi_table_restrict($table, $restrict, TBL_BATCH);
+        mapi_table_sort($table, [PR_MESSAGE_DELIVERY_TIME => TABLE_SORT_DESCEND], TBL_BATCH);
+
+        $rows = mapi_table_queryallrows($table, [PR_SUBJECT, PR_ENTRYID, PR_MESSAGE_DELIVERY_TIME, PR_CLIENT_SUBMIT_TIME], $restrict);
+
+        return !empty($rows);
+    }
+
+    /**
+     * Helper functions which extracts the errors from openssl_error_string()
+     * Example error from openssl_error_string(): error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
+     * Note that openssl_error_string() returns an error when verifying is successful, this is a bug in PHP https://bugs.php.net/bug.php?id=50713.
+     *
+     * @return {String}
+     */
+    public function extract_openssl_error() {
+        // TODO: should catch more errors by using while($error = @openssl_error_string())
+        $this->openssl_error = @openssl_error_string();
+        $openssl_error_code = 0;
+        if ($this->openssl_error) {
+            $openssl_error_list = explode(":", $this->openssl_error);
+            $openssl_error_code = $openssl_error_list[1];
+        }
+
+        return $openssl_error_code;
+    }
+
+    /**
+     * Extract the intermediate certificates from the signed email. Uses kopano_smime's
+     * two functions, to extract the PKCS#7 blob and then converts the PKCS#7 blob to
+     * X509 certificates using kopano_pkcs7_read.
+     *
+     * @param string $emlfile - the s/mime message
+     *
+     * @return array a list of extracted intermediate certificates
+     */
+    public function extractCAs($emlfile) {
+        $php72 = version_compare(phpversion(), "7.2.0") >= 0;
+        $phpcompat = function_exists('kopano_pkcs7_verify') && function_exists('kopano_pkcs7_read');
+        if (!$phpcompat && !$php72) {
+            return [];
+        }
+
+        $certfile = tempnam(sys_get_temp_dir(), true);
+        $outfile = tempnam(sys_get_temp_dir(), true);
+        $p7bfile = tempnam(sys_get_temp_dir(), true);
+
+        if ($php72) {
+            openssl_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile);
+            openssl_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile, [], $certfile, $outfile, $p7bfile);
+        }
+        else {
+            kopano_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile);
+            kopano_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile, [], $certfile, $outfile, $p7bfile);
+        }
+
+        $cas = [];
+        $p7b = file_get_contents($p7bfile);
+        if ($php72) {
+            openssl_pkcs7_read($p7b, $cas);
+        }
+        else {
+            // FIXME: Without the error_log, kopano_pkcs7_verify does not work (wtf).
+            error_log($p7b);
+            kopano_pkcs7_read($p7b, $cas);
+        }
+        unlink($certfile);
+        unlink($outfile);
+        unlink($p7bfile);
+
+        return $cas;
+    }
+
+    /**
+     * Imports certificate in the MAPI Root Associated Folder.
+     *
+     * Private key, always insert certificate
+     * Public key, check if we already have one stored
+     *
+     * @param string $cert     certificate body as a string
+     * @param mixed  $certData an array with the parsed certificate data
+     * @param string $type     certificate type, default 'public'
+     * @param bool   $force    force import the certificate even though we have one already stored in the MAPI Store.
+     *                         FIXME: remove $force in the future and move the check for newer certificate in this function.
+     */
+    public function importCertificate($cert, $certData, $type = 'public', $force = false) {
+        $certEmail = getCertEmail($certData);
+        if (!$this->pubcertExists($certEmail) || $force || $type === 'private') {
+            $issued_by = "";
+            foreach (array_keys($certData['issuer']) as $key) {
+                $issued_by .= $key . '=' . $certData['issuer'][$key] . "\n";
+            }
+
+            $root = mapi_msgstore_openentry($this->getStore(), null);
+            $assocMessage = mapi_folder_createmessage($root, MAPI_ASSOCIATED);
+            // TODO: write these properties down.
+            mapi_setprops($assocMessage, [
+                PR_SUBJECT => $certEmail,
+                PR_MESSAGE_CLASS => $type == 'public' ? 'WebApp.Security.Public' : 'WebApp.Security.Private',
+                PR_MESSAGE_DELIVERY_TIME => $certData['validTo_time_t'],
+                PR_CLIENT_SUBMIT_TIME => $certData['validFrom_time_t'],
+                PR_SENDER_NAME => $certData['serialNumber'], // serial
+                PR_SENDER_EMAIL_ADDRESS => $issued_by, // Issuer To
+                PR_SUBJECT_PREFIX => '',
+                PR_RECEIVED_BY_NAME => $this->fingerprint_cert($cert, 'sha1'), // SHA1 Fingerprint
+                PR_INTERNET_MESSAGE_ID => $this->fingerprint_cert($cert), // MD5 FingerPrint
+            ]);
+            // Save attachment
+            $msgBody = base64_encode($cert);
+            $stream = mapi_openproperty($assocMessage, PR_BODY, IID_IStream, 0, MAPI_CREATE | MAPI_MODIFY);
+            mapi_stream_setsize($stream, strlen($msgBody));
+            mapi_stream_write($stream, $msgBody);
+            mapi_stream_commit($stream);
+            mapi_message_savechanges($assocMessage);
+        }
+    }
+
+    /**
+     * Function which returns the fingerprint (hash) of the certificate.
+     *
+     * @param {string} $cert certificate body as a string
+     * @param {string} $hash optional hash algorithm
+     * @param mixed $body
+     */
+    public function fingerprint_cert($body, $hash = 'md5') {
+        // TODO: Note for PHP > 5.6 we can use openssl_x509_fingerprint
+        $body = str_replace('-----BEGIN CERTIFICATE-----', '', $body);
+        $body = str_replace('-----END CERTIFICATE-----', '', $body);
+        $body = base64_decode($body);
+
+        if ($hash === 'sha1') {
+            $fingerprint = sha1($body);
+        }
+        else {
+            $fingerprint = md5($body);
+        }
+
+        // Format 1000AB as 10:00:AB
+        return strtoupper(implode(':', str_split($fingerprint, 2)));
+    }
+
+    /**
+     * Retrieve the GAB User.
+     *
+     * FIXME: ideally this would be a public function in grommunio Web.
+     *
+     * @param string $email the email address of the user
+     *
+     * @return mixed $user boolean if false else MAPIObject
+     */
+    public function getGABUser($email) {
+        $addrbook = $GLOBALS["mapisession"]->getAddressbook();
+        $userArr = [[PR_DISPLAY_NAME => $email]];
+        $user = false;
+
+        try {
+            $user = mapi_ab_resolvename($addrbook, $userArr, EMS_AB_ADDRESS_LOOKUP);
+            $user = mapi_ab_openentry($addrbook, $user[0][PR_ENTRYID]);
+        }
+        catch (MAPIException $e) {
+            $e->setHandled();
+        }
+
+        return $user;
+    }
+
+    /**
+     * Retrieve the PR_EMS_AB_TAGGED_X509_CERT.
+     *
+     * @param MAPIObject $user the GAB user
+     *
+     * @return string $cert the certificate, empty if not found
+     */
+    public function getGABCert($user) {
+        $cert = '';
+        $userCertArray = mapi_getprops($user, [PR_EMS_AB_TAGGED_X509_CERT]);
+        if (isset($userCertArray[PR_EMS_AB_TAGGED_X509_CERT])) {
+            $cert = der2pem($userCertArray[PR_EMS_AB_TAGGED_X509_CERT][0]);
+        }
+
+        return $cert;
+    }
+
+    /**
+     * Called when the core Settings class is initialized and ready to accept sysadmin default
+     * settings. Registers the sysadmin defaults for the example plugin.
+     *
+     * @param {mixed} $data Reference to the data of the triggered hook
+     */
+    public function onBeforeSettingsInit(&$data) {
+        $data['settingsObj']->addSysAdminDefaults([
+            'zarafa' => [
+                'v1' => [
+                    'plugins' => [
+                        'smime' => [
+                            'enable' => defined('PLUGIN_SMIME_USER_DEFAULT_ENABLE_SMIME') && PLUGIN_SMIME_USER_DEFAULT_ENABLE_SMIME,
+                            'passphrase_cache' => defined('PLUGIN_SMIME_PASSPHRASE_REMEMBER_BROWSER') && PLUGIN_SMIME_PASSPHRASE_REMEMBER_BROWSER,
+                        ],
+                    ],
+                ],
+            ],
+        ]);
+    }
+
+    /**
+     * Get sender structure of the MAPI Message.
+     *
+     * @param mapimessage $mapiMessage MAPI Message resource from which we need to get the sender
+     *
+     * @return array with properties
+     */
+    public function getSenderAddress($mapiMessage) {
+        if (!method_exists($GLOBALS['operations'], 'getSenderAddress')) {
+            $messageProps = mapi_getprops($mapiMessage, [PR_SENT_REPRESENTING_ENTRYID, PR_SENDER_ENTRYID]);
+            $senderEntryID = isset($messageProps[PR_SENT_REPRESENTING_ENTRYID]) ? $messageProps[PR_SENT_REPRESENTING_ENTRYID] : $messageProps[PR_SENDER_ENTRYID];
+
+            try {
+                $senderUser = mapi_ab_openentry($GLOBALS["mapisession"]->getAddressbook(), $senderEntryID);
+                if ($senderUser) {
+                    $userprops = mapi_getprops($senderUser, [PR_ADDRTYPE, PR_DISPLAY_NAME, PR_EMAIL_ADDRESS, PR_SMTP_ADDRESS, PR_OBJECT_TYPE, PR_RECIPIENT_TYPE, PR_DISPLAY_TYPE, PR_DISPLAY_TYPE_EX, PR_ENTRYID]);
+
+                    $senderStructure = [];
+                    $senderStructure["props"]['entryid'] = bin2hex($userprops[PR_ENTRYID]);
+                    $senderStructure["props"]['display_name'] = isset($userprops[PR_DISPLAY_NAME]) ? $userprops[PR_DISPLAY_NAME] : '';
+                    $senderStructure["props"]['email_address'] = isset($userprops[PR_EMAIL_ADDRESS]) ? $userprops[PR_EMAIL_ADDRESS] : '';
+                    $senderStructure["props"]['smtp_address'] = isset($userprops[PR_SMTP_ADDRESS]) ? $userprops[PR_SMTP_ADDRESS] : '';
+                    $senderStructure["props"]['address_type'] = isset($userprops[PR_ADDRTYPE]) ? $userprops[PR_ADDRTYPE] : '';
+                    $senderStructure["props"]['object_type'] = $userprops[PR_OBJECT_TYPE];
+                    $senderStructure["props"]['recipient_type'] = MAPI_TO;
+                    $senderStructure["props"]['display_type'] = isset($userprops[PR_DISPLAY_TYPE]) ? $userprops[PR_DISPLAY_TYPE] : MAPI_MAILUSER;
+                    $senderStructure["props"]['display_type_ex'] = isset($userprops[PR_DISPLAY_TYPE_EX]) ? $userprops[PR_DISPLAY_TYPE_EX] : MAPI_MAILUSER;
+                }
+            }
+            catch (MAPIException $e) {
+                Log::write(LOGLEVEL_ERROR, sprintf("%s %s", $e, $userProps[PR_SENT_REPRESENTING_NAME]));
+            }
+
+            return $senderStructure;
+        }
+
+        return $GLOBALS["operations"]->getSenderAddress($mapiMessage);
+    }
 }

Spacing +1 added lines, -1 removed lines

@@ -454,7 +454,7 @@
 		}
 
 		if (!encryptionStoreExpirationSupport()) {
-			withPHPSession(function () use ($encryptionStore) {
+			withPHPSession(function() use ($encryptionStore) {
 				$encryptionStore->add('smime', '');
 			});
 		}

Braces +24 added lines, -48 removed lines

@@ -64,8 +64,7 @@ 
 
 		if (version_compare(phpversion(), '5.4', '<')) {
 			$this->cipher = OPENSSL_CIPHER_3DES;
-		}
-		else {
+		} else {
 			$this->cipher = PLUGIN_SMIME_CIPHER;
 		}
 	}
@@ -188,8 +187,7 @@ 
 
 		if (array_filter($missingCerts, "missingMyself") === []) {
 			$errorMsg = _('Missing public certificates for the following recipients: ') . implode(', ', $missingCerts) . _('. Please contact your system administrator for details');
-		}
-		else {
+		} else {
 			$errorMsg = _("Your public certificate is not installed. Without this certificate, you will not be able to read encrypted messages you have sent to others.");
 		}
 
@@ -225,8 +223,7 @@ 
 					// Put empty string into file? dafuq?
 					file_put_contents($tmpUserCert, $userCert);
 				}
-			}
-			catch (MAPIException $e) {
+			} catch (MAPIException $e) {
 				$msg = "[smime] Unable to open PR_SENT_REPRESENTING_ENTRYID. Maybe %s was does not exists or deleted from server.";
 				Log::write(LOGLEVEL_ERROR, sprintf($msg, $userProps[PR_SENT_REPRESENTING_NAME]));
 				error_log("[smime] Unable to open PR_SENT_REPRESENTING_NAME: " . print_r($userProps[PR_SENT_REPRESENTING_NAME], true));
@@ -242,8 +239,7 @@ 
 			$senderAddressArray = $senderAddressArray['props'];
 			if ($senderAddressArray['address_type'] === 'SMTP') {
 				$emailAddr = $senderAddressArray['email_address'];
-			}
-			else {
+			} else {
 				$emailAddr = $senderAddressArray['smtp_address'];
 			}
 
@@ -253,8 +249,7 @@ 
 			if (!$emailAddr) {
 				if (!empty($userProps[PR_SENT_REPRESENTING_NAME])) {
 					$emailAddr = $userProps[PR_SENT_REPRESENTING_NAME];
-				}
-				else {
+				} else {
 					$searchKeys = mapi_getprops($message, [PR_SEARCH_KEY, PR_SENT_REPRESENTING_SEARCH_KEY]);
 					$searchKey = $searchKeys[PR_SEARCH_KEY] ?? $searchKeys[PR_SENT_REPRESENTING_SEARCH_KEY];
 					if ($searchKey) {
@@ -307,16 +302,14 @@ 
 						$importMessageCert !== false) {
 						// Redundant
 						$importMessageCert = true;
-					}
-					else {
+					} else {
 						$importMessageCert = false;
 						verifyOCSP($userCert, $caCerts, $this->message);
 						break;
 					}
 				}
 			}
-		}
-		else {
+		} else {
 			// Works. Just leave it.
 			$signed_ok = openssl_pkcs7_verify($tmpfname, PKCS7_NOSIGS, $outcert, explode(';', PLUGIN_SMIME_CACERTS));
 			$openssl_error_code = $this->extract_openssl_error();
@@ -333,8 +326,7 @@ 
 				}
 				// We don't have a certificate from the MAPI UserStore or LDAP, so we will set $userCert to $importCert
 				// so that we can verify the message according to the be imported certificate.
-			}
-			else { // No pubkey
+			} else { // No pubkey
 				$importMessageCert = false;
 				Log::write(LOGLEVEL_INFO, sprintf("[smime] Unable to verify message without public key, openssl error: '%s'", $this->openssl_error));
 				$this->message['success'] = SMIME_STATUS_FAIL;
@@ -404,8 +396,7 @@ 
 						break;
 					}
 				}
-			}
-			else {
+			} else {
 				$decryptStatus = openssl_pkcs7_decrypt($tmpFile, $tmpDecrypted, $certs['cert'], [$certs['pkey'], $pass]);
 			}
 
@@ -437,19 +428,16 @@ 
 			if (strpos($content, 'multipart/signed') !== false || strpos($content, 'signed-data') !== false) {
 				$this->message['type'] = 'encryptsigned';
 				$this->verifyMessage($data['message'], $content);
-			}
-			elseif ($decryptStatus) {
+			} elseif ($decryptStatus) {
 				$this->message['info'] = SMIME_DECRYPT_SUCCESS;
 				$this->message['success'] = SMIME_STATUS_SUCCESS;
-			}
-			elseif ($this->extract_openssl_error() === OPENSSL_RECIPIENT_CERTIFICATE_MISMATCH) {
+			} elseif ($this->extract_openssl_error() === OPENSSL_RECIPIENT_CERTIFICATE_MISMATCH) {
 				error_log("[smime] Error when decrypting email, openssl error: " . print_r($this->openssl_error, true));
 				Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Error when decrypting email, openssl error: '%s'", $this->openssl_error));
 				$this->message['info'] = SMIME_DECRYPT_CERT_MISMATCH;
 				$this->message['success'] = SMIME_STATUS_FAIL;
 			}
-		}
-		else {
+		} else {
 			$this->message['info'] = SMIME_UNLOCK_CERT;
 		}
 
@@ -482,18 +470,15 @@ 
 			$this->message['info'] = SMIME_ERROR;
 			$this->message['success'] = SMIME_STATUS_FAIL;
 		// Verification was successful
-		}
-		elseif ($openssl_return) {
+		} elseif ($openssl_return) {
 			$this->message['info'] = SMIME_SUCCESS;
 			$this->message['success'] = SMIME_STATUS_SUCCESS;
 		// Verification was not successful, display extra information.
-		}
-		else {
+		} else {
 			$this->message['success'] = SMIME_STATUS_FAIL;
 			if ($openssl_errors === OPENSSL_CA_VERIFY_FAIL) {
 				$this->message['info'] = SMIME_CA;
-			}
-			else { // Catch general errors
+			} else { // Catch general errors
 				$this->message['info'] = SMIME_ERROR;
 			}
 		}
@@ -542,8 +527,7 @@ 
 				// TODO: update to serialNumber check
 				if ($certMessage && $certMessage[0][PR_MESSAGE_DELIVERY_TIME] == $publickeyData['validTo_time_t']) {
 					$message = _('Certificate is already stored on the server');
-				}
-				else {
+				} else {
 					$saveCert = true;
 					$root = mapi_msgstore_openentry($this->getStore(), null);
 					// Remove old certificate
@@ -619,8 +603,7 @@ 
 			if (isset($props[PR_EC_IMAP_EMAIL]) || propIsError(PR_EC_IMAP_EMAIL, $props) == MAPI_E_NOT_ENOUGH_MEMORY) {
 				// Stream the message to properly get the PR_EC_IMAP_EMAIL property
 				$emlMessageStream = mapi_openproperty($message, PR_EC_IMAP_EMAIL, IID_IStream, 0, 0);
-			}
-			else {
+			} else {
 				// Read the message as RFC822-formatted e-mail stream.
 				$emlMessageStream = mapi_inetmapi_imtoinet($GLOBALS['mapisession']->getSession(), $GLOBALS['mapisession']->getAddressbook(), $message, []);
 			}
@@ -725,8 +708,7 @@ 
 				Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Unable to sign message with intermediate certificates, openssl error: '%s'", @openssl_error_string()));
 			}
 			unlink($tmpFile);
-		}
-		else {
+		} else {
 			$ok = openssl_pkcs7_sign($infile, $outfile, $certs['cert'], [$certs['pkey'], ''], [], PKCS7_DETACHED);
 			if (!$ok) {
 				Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Unable to sign message, openssl error: '%s'", @openssl_error_string()));
@@ -830,8 +812,7 @@ 
 
 			if (!empty($gabCert)) {
 				array_push($publicCerts, $gabCert);
-			}
-			elseif (!empty($storeCert)) {
+			} elseif (!empty($storeCert)) {
 				array_push($publicCerts, base64_decode($storeCert));
 			}
 		}
@@ -963,8 +944,7 @@ 
 		if ($php72) {
 			openssl_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile);
 			openssl_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile, [], $certfile, $outfile, $p7bfile);
-		}
-		else {
+		} else {
 			kopano_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile);
 			kopano_pkcs7_verify($emlfile, PKCS7_NOVERIFY, $certfile, [], $certfile, $outfile, $p7bfile);
 		}
@@ -973,8 +953,7 @@ 
 		$p7b = file_get_contents($p7bfile);
 		if ($php72) {
 			openssl_pkcs7_read($p7b, $cas);
-		}
-		else {
+		} else {
 			// FIXME: Without the error_log, kopano_pkcs7_verify does not work (wtf).
 			error_log($p7b);
 			kopano_pkcs7_read($p7b, $cas);
@@ -1045,8 +1024,7 @@ 
 
 		if ($hash === 'sha1') {
 			$fingerprint = sha1($body);
-		}
-		else {
+		} else {
 			$fingerprint = md5($body);
 		}
 
@@ -1071,8 +1049,7 @@ 
 		try {
 			$user = mapi_ab_resolvename($addrbook, $userArr, EMS_AB_ADDRESS_LOOKUP);
 			$user = mapi_ab_openentry($addrbook, $user[0][PR_ENTRYID]);
-		}
-		catch (MAPIException $e) {
+		} catch (MAPIException $e) {
 			$e->setHandled();
 		}
 
@@ -1145,8 +1122,7 @@ 
 					$senderStructure["props"]['display_type'] = isset($userprops[PR_DISPLAY_TYPE]) ? $userprops[PR_DISPLAY_TYPE] : MAPI_MAILUSER;
 					$senderStructure["props"]['display_type_ex'] = isset($userprops[PR_DISPLAY_TYPE_EX]) ? $userprops[PR_DISPLAY_TYPE_EX] : MAPI_MAILUSER;
 				}
-			}
-			catch (MAPIException $e) {
+			} catch (MAPIException $e) {
 				Log::write(LOGLEVEL_ERROR, sprintf("%s %s", $e, $userProps[PR_SENT_REPRESENTING_NAME]));
 			}
 

plugins/smime/php/class.certificate.php

Indentation +372 added lines, -372 removed lines

@@ -17,405 +17,405 @@
 define('OCSP_CERT_STATUS_UNKOWN', 3);
 
 class OCSPException extends Exception {
-	private $status;
+    private $status;
 
-	public function setCertStatus($status) {
-		$this->status = $status;
-	}
+    public function setCertStatus($status) {
+        $this->status = $status;
+    }
 
-	public function getCertStatus() {
-		if (!$this->status) {
-			return;
-		}
+    public function getCertStatus() {
+        if (!$this->status) {
+            return;
+        }
 
-		if ($this->code !== OCSP_CERT_STATUS) {
-			return;
-		}
+        if ($this->code !== OCSP_CERT_STATUS) {
+            return;
+        }
 
-		switch ($this->status) {
-			case 'good':
-				return OCSP_CERT_STATUS_GOOD;
+        switch ($this->status) {
+            case 'good':
+                return OCSP_CERT_STATUS_GOOD;
 
-			case 'revoked':
-				return OCSP_CERT_STATUS_REVOKED;
+            case 'revoked':
+                return OCSP_CERT_STATUS_REVOKED;
 
-			default:
-				return OCSP_CERT_STATUS_UNKOWN;
-			}
-	}
+            default:
+                return OCSP_CERT_STATUS_UNKOWN;
+            }
+    }
 }
 
 function tempErrorHandler($errno, $errstr, $errfile, $errline) {
-	return true;
+    return true;
 }
 
 class Certificate {
-	private $cert;
-	private $data;
-
-	public function __construct($cert, $issuer = '') {
-		// XXX: error handling
-		$this->data = openssl_x509_parse($cert);
-		$this->cert = $cert;
-		$this->issuer = $issuer;
-	}
-
-	/**
-	 * The name of the certificate in DN notation.
-	 *
-	 * @return {string} the name of the certificate
-	 */
-	public function getName() {
-		return $this->data['name'];
-	}
-
-	/**
-	 * Issuer of the certificate.
-	 *
-	 * @return string The issuer of the certificate in DN notation
-	 */
-	public function getIssuerName() {
-		$issuer = '';
-		foreach ($this->data['issuer'] as $key => $value) {
-			$issuer .= "/{$key}={$value}";
-		}
-
-		return $issuer;
-	}
-
-	/**
-	 * Converts X509 DER format string to PEM format.
-	 *
-	 * @param {string} X509 Certificate in DER format
-	 * @param mixed $cert
-	 *
-	 * @return {string} X509 Certificate in PEM format
-	 */
-	protected function der2pem($cert) {
-		return "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($cert), 64, "\n") . "-----END CERTIFICATE-----\n";
-	}
-
-	/**
-	 * Converts X509 PEM format string to DER format.
-	 *
-	 * @param {string} X509 Certificate in PEM format
-	 * @param mixed $pem_data
-	 *
-	 * @return {string} X509 Certificate in DER format
-	 */
-	protected function pem2der($pem_data) {
-		$begin = "CERTIFICATE-----";
-		$end = "-----END";
-		$pem_data = substr($pem_data, strpos($pem_data, $begin) + strlen($begin));
-		$pem_data = substr($pem_data, 0, strpos($pem_data, $end));
-
-		return base64_decode($pem_data);
-	}
-
-	/**
-	 * The subject/emailAddress or subjectAltName.
-	 *
-	 * @return string The email address belonging to the certificate
-	 */
-	public function emailAddress() {
-		$certEmailAddress = "";
-		// If subject/emailAddress is not set, try subjectAltName
-		if (isset($this->data['subject']['emailAddress'])) {
-			$certEmailAddress = $this->data['subject']['emailAddress'];
-		}
-		elseif (isset($this->data['extensions'], $this->data['extensions']['subjectAltName'])
-			) {
-			// Example [subjectAltName] => email:foo@bar.com
-			$tmp = explode('email:', $this->data['extensions']['subjectAltName']);
-			// Only get the first match
-			if (isset($tmp[1]) && !empty($tmp[1])) {
-				$certEmailAddress = $tmp[1];
-			}
-		}
-
-		return $certEmailAddress;
-	}
-
-	/**
-	 * Return the certificate in DER format.
-	 *
-	 * @return string certificate in DER format
-	 */
-	public function der() {
-		return $this->pem2der($this->cert);
-	}
-
-	/**
-	 * Return the certificate in PEM format.
-	 *
-	 * @return string certificate in PEM format
-	 */
-	public function pem() {
-		return $this->cert;
-	}
-
-	/**
-	 * The beginning of the valid period of the certificate.
-	 *
-	 * @return int timestamp from which the certificate is valid
-	 */
-	public function validFrom() {
-		return $this->data['validFrom_time_t'];
-	}
-
-	/**
-	 * The end of the valid period of the certificate.
-	 *
-	 * @return int timestamp from which the certificate is invalid
-	 */
-	public function validTo() {
-		return $this->data['validTo_time_t'];
-	}
-
-	/**
-	 * Determines if the certificate is valid.
-	 *
-	 * @return bool the valid status
-	 */
-	public function valid() {
-		$time = time();
-
-		return $time > $this->validFrom() && $time < $this->validTo();
-	}
-
-	/**
-	 * The caURL of the certififcate.
-	 *
-	 * @return string return an empty string or the CA URL
-	 */
-	public function caURL() {
-		$authorityInfoAccess = $this->authorityInfoAccess();
-		if (preg_match("/CA Issuers - URI:(.*)/", $authorityInfoAccess, $matches)) {
-			return array_pop($matches);
-		}
-
-		return '';
-	}
-
-	/**
-	 * The OCSP URL of the certificate.
-	 *
-	 * @return string return an empty string or the OCSP URL
-	 */
-	public function ocspURL() {
-		$authorityInfoAccess = $this->authorityInfoAccess();
-		if (preg_match("/OCSP - URI:(.*)/", $authorityInfoAccess, $matches)) {
-			return array_pop($matches);
-		}
-
-		return '';
-	}
-
-	/**
-	 * Internal helper to obtain the authorityInfoAccess information.
-	 *
-	 * @return string authorityInfoAccess if set
-	 */
-	protected function authorityInfoAccess() {
-		if (!isset($this->data['extensions'])) {
-			return '';
-		}
-
-		if (!isset($this->data['extensions']['authorityInfoAccess'])) {
-			return '';
-		}
-
-		return $this->data['extensions']['authorityInfoAccess'];
-	}
-
-	/**
-	 * The fingerprint (hash) of the certificate body.
-	 *
-	 * @param string hash_algorithm either sha1 or md5
-	 * @param mixed $hash_algorithm
-	 *
-	 * @return string the hash of the certificate's body
-	 */
-	public function fingerprint($hash_algorithm = "md5") {
-		$body = str_replace('-----BEGIN CERTIFICATE-----', '', $this->cert);
-		$body = str_replace('-----END CERTIFICATE-----', '', $body);
-		$body = base64_decode($body);
-		if ($hash_algorithm === 'sha1') {
-			$fingerprint = sha1($body);
-		}
-		else {
-			$fingerprint = md5($body);
-		}
-		// Format 1000AB as 10:00:AB
-		return strtoupper(implode(':', str_split($fingerprint, 2)));
-	}
-
-	/**
-	 * The issuer of this certificate.
-	 *
-	 * @return Certificate the issuer certificate
-	 */
-	public function issuer() {
-		if (!empty($this->issuer)) {
-			return $this->issuer;
-		}
-		$cert = '';
-		$ch = curl_init();
-		curl_setopt($ch, CURLOPT_URL, $this->caURL());
-		curl_setopt($ch, CURLOPT_FAILONERROR, true);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-
-		// HTTP Proxy settings
-		if (defined('PLUGIN_SMIME_PROXY') && PLUGIN_SMIME_PROXY != '') {
-			curl_setopt($ch, CURLOPT_PROXY, PLUGIN_SMIME_PROXY);
-		}
-		if (defined('PLUGIN_SMIME_PROXY_PORT') && PLUGIN_SMIME_PROXY_PORT != '') {
-			curl_setopt($ch, CURLOPT_PROXYPORT, PLUGIN_SMIME_PROXY_PORT);
-		}
-		if (defined('PLUGIN_SMIME_PROXY_USERPWD') && PLUGIN_SMIME_PROXY_USERPWD != '') {
-			curl_setopt($ch, CURLOPT_PROXYUSERPWD, PLUGIN_SMIME_PROXY_USERPWD);
-		}
-
-		$output = curl_exec($ch);
-		$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-		$curl_error = curl_error($ch);
-		if (!$curl_error && $http_status === 200) {
-			$cert = $this->der2pem($output);
-		}
-		else {
-			Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Error when downloading internmediate certificate '%s', http status: '%s'", $curl_error, $http_status));
-		}
-		curl_close($ch);
-
-		return new Certificate($cert);
-	}
-
-	/**
-	 * Set the issuer of a certificate.
-	 *
-	 * @param string the issuer certificate
-	 * @param mixed $issuer
-	 */
-	public function setIssuer($issuer) {
-		if (is_object($issuer)) {
-			$this->issuer = $issuer;
-		}
-	}
-
-	/**
-	 * Verify the certificate status using OCSP.
-	 *
-	 * @return bool verification succeeded or failed
-	 */
-	public function verify() {
-		$message = [];
-
-		if (!$this->valid()) {
-			throw new OCSPException('Certificate expired', OCSP_CERT_EXPIRED);
-		}
-
-		$issuer = $this->issuer();
-		if (!is_object($issuer)) {
-			throw new OCSPException('No issuer', OCSP_NO_ISSUER);
-		}
-
-		/* Set custom error handler since the nemid ocsp library uses
+    private $cert;
+    private $data;
+
+    public function __construct($cert, $issuer = '') {
+        // XXX: error handling
+        $this->data = openssl_x509_parse($cert);
+        $this->cert = $cert;
+        $this->issuer = $issuer;
+    }
+
+    /**
+     * The name of the certificate in DN notation.
+     *
+     * @return {string} the name of the certificate
+     */
+    public function getName() {
+        return $this->data['name'];
+    }
+
+    /**
+     * Issuer of the certificate.
+     *
+     * @return string The issuer of the certificate in DN notation
+     */
+    public function getIssuerName() {
+        $issuer = '';
+        foreach ($this->data['issuer'] as $key => $value) {
+            $issuer .= "/{$key}={$value}";
+        }
+
+        return $issuer;
+    }
+
+    /**
+     * Converts X509 DER format string to PEM format.
+     *
+     * @param {string} X509 Certificate in DER format
+     * @param mixed $cert
+     *
+     * @return {string} X509 Certificate in PEM format
+     */
+    protected function der2pem($cert) {
+        return "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($cert), 64, "\n") . "-----END CERTIFICATE-----\n";
+    }
+
+    /**
+     * Converts X509 PEM format string to DER format.
+     *
+     * @param {string} X509 Certificate in PEM format
+     * @param mixed $pem_data
+     *
+     * @return {string} X509 Certificate in DER format
+     */
+    protected function pem2der($pem_data) {
+        $begin = "CERTIFICATE-----";
+        $end = "-----END";
+        $pem_data = substr($pem_data, strpos($pem_data, $begin) + strlen($begin));
+        $pem_data = substr($pem_data, 0, strpos($pem_data, $end));
+
+        return base64_decode($pem_data);
+    }
+
+    /**
+     * The subject/emailAddress or subjectAltName.
+     *
+     * @return string The email address belonging to the certificate
+     */
+    public function emailAddress() {
+        $certEmailAddress = "";
+        // If subject/emailAddress is not set, try subjectAltName
+        if (isset($this->data['subject']['emailAddress'])) {
+            $certEmailAddress = $this->data['subject']['emailAddress'];
+        }
+        elseif (isset($this->data['extensions'], $this->data['extensions']['subjectAltName'])
+            ) {
+            // Example [subjectAltName] => email:foo@bar.com
+            $tmp = explode('email:', $this->data['extensions']['subjectAltName']);
+            // Only get the first match
+            if (isset($tmp[1]) && !empty($tmp[1])) {
+                $certEmailAddress = $tmp[1];
+            }
+        }
+
+        return $certEmailAddress;
+    }
+
+    /**
+     * Return the certificate in DER format.
+     *
+     * @return string certificate in DER format
+     */
+    public function der() {
+        return $this->pem2der($this->cert);
+    }
+
+    /**
+     * Return the certificate in PEM format.
+     *
+     * @return string certificate in PEM format
+     */
+    public function pem() {
+        return $this->cert;
+    }
+
+    /**
+     * The beginning of the valid period of the certificate.
+     *
+     * @return int timestamp from which the certificate is valid
+     */
+    public function validFrom() {
+        return $this->data['validFrom_time_t'];
+    }
+
+    /**
+     * The end of the valid period of the certificate.
+     *
+     * @return int timestamp from which the certificate is invalid
+     */
+    public function validTo() {
+        return $this->data['validTo_time_t'];
+    }
+
+    /**
+     * Determines if the certificate is valid.
+     *
+     * @return bool the valid status
+     */
+    public function valid() {
+        $time = time();
+
+        return $time > $this->validFrom() && $time < $this->validTo();
+    }
+
+    /**
+     * The caURL of the certififcate.
+     *
+     * @return string return an empty string or the CA URL
+     */
+    public function caURL() {
+        $authorityInfoAccess = $this->authorityInfoAccess();
+        if (preg_match("/CA Issuers - URI:(.*)/", $authorityInfoAccess, $matches)) {
+            return array_pop($matches);
+        }
+
+        return '';
+    }
+
+    /**
+     * The OCSP URL of the certificate.
+     *
+     * @return string return an empty string or the OCSP URL
+     */
+    public function ocspURL() {
+        $authorityInfoAccess = $this->authorityInfoAccess();
+        if (preg_match("/OCSP - URI:(.*)/", $authorityInfoAccess, $matches)) {
+            return array_pop($matches);
+        }
+
+        return '';
+    }
+
+    /**
+     * Internal helper to obtain the authorityInfoAccess information.
+     *
+     * @return string authorityInfoAccess if set
+     */
+    protected function authorityInfoAccess() {
+        if (!isset($this->data['extensions'])) {
+            return '';
+        }
+
+        if (!isset($this->data['extensions']['authorityInfoAccess'])) {
+            return '';
+        }
+
+        return $this->data['extensions']['authorityInfoAccess'];
+    }
+
+    /**
+     * The fingerprint (hash) of the certificate body.
+     *
+     * @param string hash_algorithm either sha1 or md5
+     * @param mixed $hash_algorithm
+     *
+     * @return string the hash of the certificate's body
+     */
+    public function fingerprint($hash_algorithm = "md5") {
+        $body = str_replace('-----BEGIN CERTIFICATE-----', '', $this->cert);
+        $body = str_replace('-----END CERTIFICATE-----', '', $body);
+        $body = base64_decode($body);
+        if ($hash_algorithm === 'sha1') {
+            $fingerprint = sha1($body);
+        }
+        else {
+            $fingerprint = md5($body);
+        }
+        // Format 1000AB as 10:00:AB
+        return strtoupper(implode(':', str_split($fingerprint, 2)));
+    }
+
+    /**
+     * The issuer of this certificate.
+     *
+     * @return Certificate the issuer certificate
+     */
+    public function issuer() {
+        if (!empty($this->issuer)) {
+            return $this->issuer;
+        }
+        $cert = '';
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, $this->caURL());
+        curl_setopt($ch, CURLOPT_FAILONERROR, true);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+        // HTTP Proxy settings
+        if (defined('PLUGIN_SMIME_PROXY') && PLUGIN_SMIME_PROXY != '') {
+            curl_setopt($ch, CURLOPT_PROXY, PLUGIN_SMIME_PROXY);
+        }
+        if (defined('PLUGIN_SMIME_PROXY_PORT') && PLUGIN_SMIME_PROXY_PORT != '') {
+            curl_setopt($ch, CURLOPT_PROXYPORT, PLUGIN_SMIME_PROXY_PORT);
+        }
+        if (defined('PLUGIN_SMIME_PROXY_USERPWD') && PLUGIN_SMIME_PROXY_USERPWD != '') {
+            curl_setopt($ch, CURLOPT_PROXYUSERPWD, PLUGIN_SMIME_PROXY_USERPWD);
+        }
+
+        $output = curl_exec($ch);
+        $http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        $curl_error = curl_error($ch);
+        if (!$curl_error && $http_status === 200) {
+            $cert = $this->der2pem($output);
+        }
+        else {
+            Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Error when downloading internmediate certificate '%s', http status: '%s'", $curl_error, $http_status));
+        }
+        curl_close($ch);
+
+        return new Certificate($cert);
+    }
+
+    /**
+     * Set the issuer of a certificate.
+     *
+     * @param string the issuer certificate
+     * @param mixed $issuer
+     */
+    public function setIssuer($issuer) {
+        if (is_object($issuer)) {
+            $this->issuer = $issuer;
+        }
+    }
+
+    /**
+     * Verify the certificate status using OCSP.
+     *
+     * @return bool verification succeeded or failed
+     */
+    public function verify() {
+        $message = [];
+
+        if (!$this->valid()) {
+            throw new OCSPException('Certificate expired', OCSP_CERT_EXPIRED);
+        }
+
+        $issuer = $this->issuer();
+        if (!is_object($issuer)) {
+            throw new OCSPException('No issuer', OCSP_NO_ISSUER);
+        }
+
+        /* Set custom error handler since the nemid ocsp library uses
 		 * trigger_error() to throw errors when it cannot parse certain
 		 * x509 fields which are not required for the OCSP Request.
 		 * Also when receiving the OCSP request, the OCSP library
 		 * triggers errors when the request does not adhere to the
 		 * standard.
 		 */
-		set_error_handler("tempErrorHandler");
-
-		$x509 = new \WAYF\X509();
-		$issuer = $x509->certificate($issuer->der());
-		$certificate = $x509->certificate($this->der());
-
-		$ocspclient = new \WAYF\OCSP();
-		$certID = $ocspclient->certOcspID(
-			[
-				'issuerName' => $issuer['tbsCertificate']['subject_der'],
-				// remember to skip the first byte it is the number of
-				// unused bits and it is always 0 for keys and certificates
-				'issuerKey' => substr($issuer['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], 1),
-				'serialNumber_der' => $certificate['tbsCertificate']['serialNumber_der'],
-			],
-			'sha1'
-		);
-
-		$ocspreq = $ocspclient->request([$certID]);
-
-		$stream_options = [
-			'http' => [
-				'ignore_errors' => false,
-				'method' => 'POST',
-				'header' => 'Content-type: application/ocsp-request' . "\r\n",
-				'content' => $ocspreq,
-				'timeout' => 1,
-			],
-		];
-
-		// Do the OCSP request
-		$context = stream_context_create($stream_options);
-		$derresponse = file_get_contents($this->ocspURL(), null, $context);
-		// OCSP service not available, import certificate, but show a warning.
-		if ($derresponse === false) {
-			throw new OCSPException('No response', OCSP_NO_RESPONSE);
-		}
-		$ocspresponse = $ocspclient->response($derresponse);
-
-		// Restore the previous error handler
-		restore_error_handler();
-
-		// responseStatuses: successful, malformedRequest,
-		// internalError, tryLater, sigRequired, unauthorized.
-		if (isset($ocspresponse['responseStatus']) &&
-			$ocspresponse['responseStatus'] !== 'successful') {
-			throw new OCSPException('Response status' . $ocspresponse['responseStatus'], OCSP_RESPONSE_STATUS);
-		}
-
-		$resp = $ocspresponse['responseBytes']['BasicOCSPResponse']['tbsResponseData']['responses'][0];
-		/*
+        set_error_handler("tempErrorHandler");
+
+        $x509 = new \WAYF\X509();
+        $issuer = $x509->certificate($issuer->der());
+        $certificate = $x509->certificate($this->der());
+
+        $ocspclient = new \WAYF\OCSP();
+        $certID = $ocspclient->certOcspID(
+            [
+                'issuerName' => $issuer['tbsCertificate']['subject_der'],
+                // remember to skip the first byte it is the number of
+                // unused bits and it is always 0 for keys and certificates
+                'issuerKey' => substr($issuer['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'], 1),
+                'serialNumber_der' => $certificate['tbsCertificate']['serialNumber_der'],
+            ],
+            'sha1'
+        );
+
+        $ocspreq = $ocspclient->request([$certID]);
+
+        $stream_options = [
+            'http' => [
+                'ignore_errors' => false,
+                'method' => 'POST',
+                'header' => 'Content-type: application/ocsp-request' . "\r\n",
+                'content' => $ocspreq,
+                'timeout' => 1,
+            ],
+        ];
+
+        // Do the OCSP request
+        $context = stream_context_create($stream_options);
+        $derresponse = file_get_contents($this->ocspURL(), null, $context);
+        // OCSP service not available, import certificate, but show a warning.
+        if ($derresponse === false) {
+            throw new OCSPException('No response', OCSP_NO_RESPONSE);
+        }
+        $ocspresponse = $ocspclient->response($derresponse);
+
+        // Restore the previous error handler
+        restore_error_handler();
+
+        // responseStatuses: successful, malformedRequest,
+        // internalError, tryLater, sigRequired, unauthorized.
+        if (isset($ocspresponse['responseStatus']) &&
+            $ocspresponse['responseStatus'] !== 'successful') {
+            throw new OCSPException('Response status' . $ocspresponse['responseStatus'], OCSP_RESPONSE_STATUS);
+        }
+
+        $resp = $ocspresponse['responseBytes']['BasicOCSPResponse']['tbsResponseData']['responses'][0];
+        /*
 		 * OCSP response status, possible values are: good, revoked,
 		 * unknown according to the RFC
 		 * https://www.ietf.org/rfc/rfc2560.txt
 		 */
-		if ($resp['certStatus'] !== 'good') {
-			// Certificate status is not good, revoked or unknown
-			$exception = new OCSPException('Certificate status ' . $resp['certStatus'], OCSP_CERT_STATUS);
-			$exception->setCertStatus($resp['certStatus']);
+        if ($resp['certStatus'] !== 'good') {
+            // Certificate status is not good, revoked or unknown
+            $exception = new OCSPException('Certificate status ' . $resp['certStatus'], OCSP_CERT_STATUS);
+            $exception->setCertStatus($resp['certStatus']);
 
-			throw $exception;
-		}
+            throw $exception;
+        }
 
-		/* Check if:
+        /* Check if:
 		 * - hash algorithm is equal
 		 * - check if issuerNamehash is the same from response
 		 * - check if issuerKeyHash is the same from response
 		 * - check if serialNumber is the same from response
 		 */
-		if ($resp['certID']['hashAlgorithm'] !== 'sha1' &&
-			$resp['certID']['issuerNameHash'] !== $certID['issuerNameHash'] &&
-			$resp['certID']['issuerKeyHash'] !== $certID['issuerKeyHash'] &&
-			$resp['certID']['serialNumber'] !== $certID['serialNumber']) {
-			// OCSP Revocation, mismatch between original and checked certificate
-			throw new OCSPException('Certificate mismatch', OCSP_CERT_MISMATCH);
-		}
-
-		// check if OCSP revocation update is recent
-		$now = new DateTime(gmdate('YmdHis\Z'));
-		$thisUpdate = new DateTime($resp['thisUpdate']);
-
-		// Check if update time is earlier then our own time
-		if (!isset($resp['nextupdate']) && $thisUpdate > $now) {
-			throw new OCSPException('Update time earlier then our own time', OCSP_RESPONSE_TIME_EARLY);
-		}
-
-		// Current time should be between thisUpdate and nextUpdate.
-		if ($thisUpdate > $now && $now > new DateTime($resp['nextUpdate'])) {
-			// OCSP Revocation status not current
-			throw new OCSPException('Current time not between thisUpdate and nextUpdate', OCSP_RESPONSE_TIME_INVALID);
-		}
-	}
+        if ($resp['certID']['hashAlgorithm'] !== 'sha1' &&
+            $resp['certID']['issuerNameHash'] !== $certID['issuerNameHash'] &&
+            $resp['certID']['issuerKeyHash'] !== $certID['issuerKeyHash'] &&
+            $resp['certID']['serialNumber'] !== $certID['serialNumber']) {
+            // OCSP Revocation, mismatch between original and checked certificate
+            throw new OCSPException('Certificate mismatch', OCSP_CERT_MISMATCH);
+        }
+
+        // check if OCSP revocation update is recent
+        $now = new DateTime(gmdate('YmdHis\Z'));
+        $thisUpdate = new DateTime($resp['thisUpdate']);
+
+        // Check if update time is earlier then our own time
+        if (!isset($resp['nextupdate']) && $thisUpdate > $now) {
+            throw new OCSPException('Update time earlier then our own time', OCSP_RESPONSE_TIME_EARLY);
+        }
+
+        // Current time should be between thisUpdate and nextUpdate.
+        if ($thisUpdate > $now && $now > new DateTime($resp['nextUpdate'])) {
+            // OCSP Revocation status not current
+            throw new OCSPException('Current time not between thisUpdate and nextUpdate', OCSP_RESPONSE_TIME_INVALID);
+        }
+    }
 }

Braces +3 added lines, -6 removed lines

@@ -122,8 +122,7 @@ 
 		// If subject/emailAddress is not set, try subjectAltName
 		if (isset($this->data['subject']['emailAddress'])) {
 			$certEmailAddress = $this->data['subject']['emailAddress'];
-		}
-		elseif (isset($this->data['extensions'], $this->data['extensions']['subjectAltName'])
+		} elseif (isset($this->data['extensions'], $this->data['extensions']['subjectAltName'])
 			) {
 			// Example [subjectAltName] => email:foo@bar.com
 			$tmp = explode('email:', $this->data['extensions']['subjectAltName']);
@@ -242,8 +241,7 @@ 
 		$body = base64_decode($body);
 		if ($hash_algorithm === 'sha1') {
 			$fingerprint = sha1($body);
-		}
-		else {
+		} else {
 			$fingerprint = md5($body);
 		}
 		// Format 1000AB as 10:00:AB
@@ -281,8 +279,7 @@ 
 		$curl_error = curl_error($ch);
 		if (!$curl_error && $http_status === 200) {
 			$cert = $this->der2pem($output);
-		}
-		else {
+		} else {
 			Log::Write(LOGLEVEL_ERROR, sprintf("[smime] Error when downloading internmediate certificate '%s', http status: '%s'", $curl_error, $http_status));
 		}
 		curl_close($ch);

plugins/smime/php/util.php

Indentation +173 added lines, -173 removed lines

@@ -13,21 +13,21 @@ 
  * @param {Mixed} $certificate certificate data
  */
 function getCertEmail($certificate) {
-	$certEmailAddress = "";
-	// If subject/emailAddress is not set, try subjectAltName
-	if (isset($certificate['subject']['emailAddress'])) {
-		$certEmailAddress = $certificate['subject']['emailAddress'];
-	}
-	elseif (isset($certificate['extensions'], $certificate['extensions']['subjectAltName'])) {
-		// Example [subjectAltName] => email:foo@bar.com
-		$tmp = explode('email:', $certificate['extensions']['subjectAltName']);
-		// Only get the first match
-		if (isset($tmp[1]) && !empty($tmp[1])) {
-			$certEmailAddress = $tmp[1];
-		}
-	}
-
-	return $certEmailAddress;
+    $certEmailAddress = "";
+    // If subject/emailAddress is not set, try subjectAltName
+    if (isset($certificate['subject']['emailAddress'])) {
+        $certEmailAddress = $certificate['subject']['emailAddress'];
+    }
+    elseif (isset($certificate['extensions'], $certificate['extensions']['subjectAltName'])) {
+        // Example [subjectAltName] => email:foo@bar.com
+        $tmp = explode('email:', $certificate['extensions']['subjectAltName']);
+        // Only get the first match
+        if (isset($tmp[1]) && !empty($tmp[1])) {
+            $certEmailAddress = $tmp[1];
+        }
+    }
+
+    return $certEmailAddress;
 }
 
 /**
@@ -40,40 +40,40 @@ 
  * @return {MAPIObject} the mapi message containing the private certificate, returns false if no certificate is found
  */
 function getMAPICert($store, $type = 'WebApp.Security.Private', $emailAddress = '') {
-	$root = mapi_msgstore_openentry($store, null);
-	$table = mapi_folder_getcontentstable($root, MAPI_ASSOCIATED);
-
-	$restrict = [RES_PROPERTY,
-		[
-			RELOP => RELOP_EQ,
-			ULPROPTAG => PR_MESSAGE_CLASS,
-			VALUE => [PR_MESSAGE_CLASS => $type],
-		],
-	];
-	if ($type == 'WebApp.Security.Public' && !empty($emailAddress)) {
-		$restrict = [RES_AND, [
-			$restrict,
-			[RES_CONTENT,
-				[
-					FUZZYLEVEL => FL_FULLSTRING | FL_IGNORECASE,
-					ULPROPTAG => PR_SUBJECT,
-					VALUE => [PR_SUBJECT => $emailAddress],
-				],
-			],
-		]];
-	}
-
-	// PR_MESSAGE_DELIVERY_TIME validTo / PR_CLIENT_SUBMIT_TIME validFrom
-	mapi_table_restrict($table, $restrict, TBL_BATCH);
-	mapi_table_sort($table, [PR_MESSAGE_DELIVERY_TIME => TABLE_SORT_DESCEND], TBL_BATCH);
-
-	$privateCerts = mapi_table_queryallrows($table, [PR_ENTRYID, PR_SUBJECT, PR_MESSAGE_DELIVERY_TIME, PR_CLIENT_SUBMIT_TIME], $restrict);
-
-	if ($privateCerts && count($privateCerts) > 0) {
-		return $privateCerts;
-	}
-
-	return false;
+    $root = mapi_msgstore_openentry($store, null);
+    $table = mapi_folder_getcontentstable($root, MAPI_ASSOCIATED);
+
+    $restrict = [RES_PROPERTY,
+        [
+            RELOP => RELOP_EQ,
+            ULPROPTAG => PR_MESSAGE_CLASS,
+            VALUE => [PR_MESSAGE_CLASS => $type],
+        ],
+    ];
+    if ($type == 'WebApp.Security.Public' && !empty($emailAddress)) {
+        $restrict = [RES_AND, [
+            $restrict,
+            [RES_CONTENT,
+                [
+                    FUZZYLEVEL => FL_FULLSTRING | FL_IGNORECASE,
+                    ULPROPTAG => PR_SUBJECT,
+                    VALUE => [PR_SUBJECT => $emailAddress],
+                ],
+            ],
+        ]];
+    }
+
+    // PR_MESSAGE_DELIVERY_TIME validTo / PR_CLIENT_SUBMIT_TIME validFrom
+    mapi_table_restrict($table, $restrict, TBL_BATCH);
+    mapi_table_sort($table, [PR_MESSAGE_DELIVERY_TIME => TABLE_SORT_DESCEND], TBL_BATCH);
+
+    $privateCerts = mapi_table_queryallrows($table, [PR_ENTRYID, PR_SUBJECT, PR_MESSAGE_DELIVERY_TIME, PR_CLIENT_SUBMIT_TIME], $restrict);
+
+    if ($privateCerts && count($privateCerts) > 0) {
+        return $privateCerts;
+    }
+
+    return false;
 }
 
 /**
@@ -88,34 +88,34 @@ 
  * @return {Mixed} collection of certificates, empty if none if decrypting fails or stored private certificate isn't found
  */
 function readPrivateCert($store, $passphrase, $singleCert = true) {
-	$unlockedCerts = [];
-	// Get all private certificates saved in the store
-	$privateCerts = getMAPICert($store);
-	if ($singleCert) {
-		$privateCerts = [$privateCerts[0]];
-	}
-
-	// Get messages from certificates
-	foreach ($privateCerts as $privateCert) {
-		$privateCertMessage = mapi_msgstore_openentry($store, $privateCert[PR_ENTRYID]);
-		if ($privateCertMessage !== false) {
-			$pkcs12 = "";
-			$certs = [];
-			// Read pkcs12 cert from message
-			$stream = mapi_openproperty($privateCertMessage, PR_BODY, IID_IStream, 0, 0);
-			$stat = mapi_stream_stat($stream);
-			mapi_stream_seek($stream, 0, STREAM_SEEK_SET);
-			for ($i = 0; $i < $stat['cb']; $i += 1024) {
-				$pkcs12 .= mapi_stream_read($stream, 1024);
-			}
-			$ok = openssl_pkcs12_read(base64_decode($pkcs12), $certs, $passphrase);
-			if ($ok !== false) {
-				array_push($unlockedCerts, $certs);
-			}
-		}
-	}
-
-	return ($singleCert !== false && count($unlockedCerts) > 0) ? $unlockedCerts[0] : $unlockedCerts;
+    $unlockedCerts = [];
+    // Get all private certificates saved in the store
+    $privateCerts = getMAPICert($store);
+    if ($singleCert) {
+        $privateCerts = [$privateCerts[0]];
+    }
+
+    // Get messages from certificates
+    foreach ($privateCerts as $privateCert) {
+        $privateCertMessage = mapi_msgstore_openentry($store, $privateCert[PR_ENTRYID]);
+        if ($privateCertMessage !== false) {
+            $pkcs12 = "";
+            $certs = [];
+            // Read pkcs12 cert from message
+            $stream = mapi_openproperty($privateCertMessage, PR_BODY, IID_IStream, 0, 0);
+            $stat = mapi_stream_stat($stream);
+            mapi_stream_seek($stream, 0, STREAM_SEEK_SET);
+            for ($i = 0; $i < $stat['cb']; $i += 1024) {
+                $pkcs12 .= mapi_stream_read($stream, 1024);
+            }
+            $ok = openssl_pkcs12_read(base64_decode($pkcs12), $certs, $passphrase);
+            if ($ok !== false) {
+                array_push($unlockedCerts, $certs);
+            }
+        }
+    }
+
+    return ($singleCert !== false && count($unlockedCerts) > 0) ? $unlockedCerts[0] : $unlockedCerts;
 }
 
 /**
@@ -127,7 +127,7 @@ 
  * @return {string} X509 Certificate in PEM format
  */
 function der2pem($certificate) {
-	return "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($certificate), 64, "\n") . "-----END CERTIFICATE-----\n";
+    return "-----BEGIN CERTIFICATE-----\n" . chunk_split(base64_encode($certificate), 64, "\n") . "-----END CERTIFICATE-----\n";
 }
 
 /**
@@ -150,55 +150,55 @@ 
  * @return {Boolean} true is OCSP verification has succeeded or when there is no OCSP support, false if it hasn't
  */
 function verifyOCSP($certificate, $extracerts = [], &$message) {
-	if (!PLUGIN_SMIME_ENABLE_OCSP) {
-		$message['success'] = SMIME_STATUS_SUCCESS;
-		$message['info'] = SMIME_OCSP_DISABLED;
+    if (!PLUGIN_SMIME_ENABLE_OCSP) {
+        $message['success'] = SMIME_STATUS_SUCCESS;
+        $message['info'] = SMIME_OCSP_DISABLED;
 
-		return true;
-	}
+        return true;
+    }
 
-	$pubcert = new Certificate($certificate);
+    $pubcert = new Certificate($certificate);
 
-	/*
+    /*
 	 * Walk over the provided extra intermediate certificates and setup the issuer
 	 * chain.
 	 */
-	$parent = $pubcert;
-	while ($cert = array_shift($extracerts)) {
-		$cert = new Certificate($cert);
-
-		if ($cert->getName() === $pubcert->getName()) {
-			continue;
-		}
-
-		if ($cert->getName() === $parent->getIssuerName()) {
-			$parent->setIssuer($cert);
-			$parent = $cert;
-		}
-	}
-
-	try {
-		$pubcert->verify();
-		$issuer = $pubcert->issuer();
-		if ($issuer->issuer()) {
-			$issuer->verify();
-		}
-	}
-	catch (OCSPException $e) {
-		if ($e->getCode() === OCSP_CERT_STATUS && $e->getCertStatus() == OCSP_CERT_STATUS_REVOKED) {
-			$message['info'] = SMIME_REVOKED;
-			$message['success'] = SMIME_STATUS_PARTIAL;
-
-			return false;
-		}
-		error_log(sprintf("[SMIME] OCSP verification warning: '%s'", $e->getMessage()));
-	}
-
-	// Certificate does not support OCSP
-	$message['info'] = SMIME_SUCCESS;
-	$message['success'] = SMIME_STATUS_SUCCESS;
-
-	return true;
+    $parent = $pubcert;
+    while ($cert = array_shift($extracerts)) {
+        $cert = new Certificate($cert);
+
+        if ($cert->getName() === $pubcert->getName()) {
+            continue;
+        }
+
+        if ($cert->getName() === $parent->getIssuerName()) {
+            $parent->setIssuer($cert);
+            $parent = $cert;
+        }
+    }
+
+    try {
+        $pubcert->verify();
+        $issuer = $pubcert->issuer();
+        if ($issuer->issuer()) {
+            $issuer->verify();
+        }
+    }
+    catch (OCSPException $e) {
+        if ($e->getCode() === OCSP_CERT_STATUS && $e->getCertStatus() == OCSP_CERT_STATUS_REVOKED) {
+            $message['info'] = SMIME_REVOKED;
+            $message['success'] = SMIME_STATUS_PARTIAL;
+
+            return false;
+        }
+        error_log(sprintf("[SMIME] OCSP verification warning: '%s'", $e->getMessage()));
+    }
+
+    // Certificate does not support OCSP
+    $message['info'] = SMIME_SUCCESS;
+    $message['success'] = SMIME_STATUS_SUCCESS;
+
+    return true;
 }
 
 /* Validate the certificate of a user, set an error message.
@@ -208,48 +208,48 @@ 
  * @param string $emailAddres the users email address (must match certificate email)
  */
 function validateUploadedPKCS($certificate, $passphrase, $emailAddress) {
-	if (!openssl_pkcs12_read($certificate, $certs, $passphrase)) {
-		return [_('Unable to decrypt certificate'), '', ''];
-	}
-
-	$message = '';
-	$data = [];
-	$privatekey = $certs['pkey'];
-	$publickey = $certs['cert'];
-	$extracerts = isset($certs['extracerts']) ? $certs['extracerts'] : [];
-	$publickeyData = openssl_x509_parse($publickey);
-
-	if ($publickeyData) {
-		$certEmailAddress = getCertEmail($publickeyData);
-		$validFrom = $publickeyData['validFrom_time_t'];
-		$validTo = $publickeyData['validTo_time_t'];
-
-		// Check priv key for signing capabilities
-		if (!openssl_x509_checkpurpose($privatekey, X509_PURPOSE_SMIME_SIGN)) {
-			$message = _('Private key can\'t be used to sign email');
-		}
-		// Check if the certificate owner matches the grommunio Web users email address
-		elseif (strcasecmp($certEmailAddress, $emailAddress) !== 0) {
-			$message = _('Certificate email address doesn\'t match grommunio Web account ') . $certEmailAddress;
-		}
-		// Check if certificate is not expired, still import the certificate since a user wants to decrypt his old email
-		elseif ($validTo < time()) {
-			$message = _('Certificate was expired on ') . date('Y-m-d', $validTo) . '. ' . _('Certificate has not been imported');
-		}
-		// Check if the certificate is validFrom date is not in the future
-		elseif ($validFrom > time()) {
-			$message = _('Certificate is not yet valid ') . date('Y-m-d', $validFrom) . '. ' . _('Certificate has not been imported');
-		}
-		// We allow users to import private certificate which have no OCSP support
-		elseif (!verifyOCSP($certs['cert'], $extracerts, $data)) {
-			$message = _('Certificate is revoked');
-		}
-	}
-	else { // Can't parse public certificate pkcs#12 file might be corrupt
-		$message = _('Unable to read public certificate');
-	}
-
-	return [$message, $publickey, $publickeyData];
+    if (!openssl_pkcs12_read($certificate, $certs, $passphrase)) {
+        return [_('Unable to decrypt certificate'), '', ''];
+    }
+
+    $message = '';
+    $data = [];
+    $privatekey = $certs['pkey'];
+    $publickey = $certs['cert'];
+    $extracerts = isset($certs['extracerts']) ? $certs['extracerts'] : [];
+    $publickeyData = openssl_x509_parse($publickey);
+
+    if ($publickeyData) {
+        $certEmailAddress = getCertEmail($publickeyData);
+        $validFrom = $publickeyData['validFrom_time_t'];
+        $validTo = $publickeyData['validTo_time_t'];
+
+        // Check priv key for signing capabilities
+        if (!openssl_x509_checkpurpose($privatekey, X509_PURPOSE_SMIME_SIGN)) {
+            $message = _('Private key can\'t be used to sign email');
+        }
+        // Check if the certificate owner matches the grommunio Web users email address
+        elseif (strcasecmp($certEmailAddress, $emailAddress) !== 0) {
+            $message = _('Certificate email address doesn\'t match grommunio Web account ') . $certEmailAddress;
+        }
+        // Check if certificate is not expired, still import the certificate since a user wants to decrypt his old email
+        elseif ($validTo < time()) {
+            $message = _('Certificate was expired on ') . date('Y-m-d', $validTo) . '. ' . _('Certificate has not been imported');
+        }
+        // Check if the certificate is validFrom date is not in the future
+        elseif ($validFrom > time()) {
+            $message = _('Certificate is not yet valid ') . date('Y-m-d', $validFrom) . '. ' . _('Certificate has not been imported');
+        }
+        // We allow users to import private certificate which have no OCSP support
+        elseif (!verifyOCSP($certs['cert'], $extracerts, $data)) {
+            $message = _('Certificate is revoked');
+        }
+    }
+    else { // Can't parse public certificate pkcs#12 file might be corrupt
+        $message = _('Unable to read public certificate');
+    }
+
+    return [$message, $publickey, $publickeyData];
 }
 
 /**
@@ -258,9 +258,9 @@ 
  * @return {boolean} true is expiration is supported
  */
 function encryptionStoreExpirationSupport() {
-	$refClass = new ReflectionClass('EncryptionStore');
+    $refClass = new ReflectionClass('EncryptionStore');
 
-	return count($refClass->getMethod('add')->getParameters()) === 3;
+    return count($refClass->getMethod('add')->getParameters()) === 3;
 }
 
 /**
@@ -270,14 +270,14 @@ 
  * @param mixed $sessionOpened
  */
 function withPHPSession($func, $sessionOpened = false) {
-	if (session_status() === PHP_SESSION_NONE) {
-		session_start();
-		$sessionOpened = true;
-	}
+    if (session_status() === PHP_SESSION_NONE) {
+        session_start();
+        $sessionOpened = true;
+    }
 
-	$func();
+    $func();
 
-	if ($sessionOpened) {
-		session_write_close();
-	}
+    if ($sessionOpened) {
+        session_write_close();
+    }
 }

Braces +3 added lines, -6 removed lines

@@ -17,8 +17,7 @@ 
 	// If subject/emailAddress is not set, try subjectAltName
 	if (isset($certificate['subject']['emailAddress'])) {
 		$certEmailAddress = $certificate['subject']['emailAddress'];
-	}
-	elseif (isset($certificate['extensions'], $certificate['extensions']['subjectAltName'])) {
+	} elseif (isset($certificate['extensions'], $certificate['extensions']['subjectAltName'])) {
 		// Example [subjectAltName] => email:foo@bar.com
 		$tmp = explode('email:', $certificate['extensions']['subjectAltName']);
 		// Only get the first match
@@ -183,8 +182,7 @@ 
 		if ($issuer->issuer()) {
 			$issuer->verify();
 		}
-	}
-	catch (OCSPException $e) {
+	} catch (OCSPException $e) {
 		if ($e->getCode() === OCSP_CERT_STATUS && $e->getCertStatus() == OCSP_CERT_STATUS_REVOKED) {
 			$message['info'] = SMIME_REVOKED;
 			$message['success'] = SMIME_STATUS_PARTIAL;
@@ -244,8 +242,7 @@ 
 		elseif (!verifyOCSP($certs['cert'], $extracerts, $data)) {
 			$message = _('Certificate is revoked');
 		}
-	}
-	else { // Can't parse public certificate pkcs#12 file might be corrupt
+	} else { // Can't parse public certificate pkcs#12 file might be corrupt
 		$message = _('Unable to read public certificate');
 	}
 

server/includes/download_message.php

Indentation +154 added lines, -154 removed lines

@@ -12,167 +12,167 @@
  * It extends the DownloadBase class.
  */
 class DownloadMessage extends DownloadBase {
-	/**
-	 * Function get message-stream using respective mapi function.
-	 * It also sends the eml file to the client.
-	 */
-	public function downloadMessageAsFile() {
-		if ($this->message && $this->store) {
-			// get message properties.
-			$messageProps = mapi_getprops($this->message, [PR_SUBJECT, PR_EC_IMAP_EMAIL, PR_MESSAGE_CLASS]);
-
-			$stream = $this->getEmlStream($messageProps);
-
-			$filename = (!empty($messageProps[PR_SUBJECT])) ? $messageProps[PR_SUBJECT] : _('Untitled');
-			$filename .= '.eml';
-
-			// Set the file length
-			$stat = mapi_stream_stat($stream);
-
-			$this->setNecessaryHeaders($filename, $stat['cb']);
-
-			// Read whole message and echo it.
-			for ($i = 0; $i < $stat['cb']; $i += BLOCK_SIZE) {
-				// Print stream
-				echo mapi_stream_read($stream, BLOCK_SIZE);
-
-				// Need to discard the buffer contents to prevent memory
-				// exhaustion while echoing large content.
-				ob_flush();
-			}
-		}
-	}
-
-	/**
-	 * Function will create a ZIP archive and add eml files into the same.
-	 * It also configures necessary header information which required to send the ZIP file to client.
-	 * Send ZIP to the client if all the requested eml files included successfully into the same.
-	 */
-	public function downloadMessageAsZipFile() {
-		if ($this->store) {
-			// Generate random ZIP file name at default temporary path of PHP
-			$randomZipName = tempnam(sys_get_temp_dir(), 'zip');
-
-			// Create an open zip archive.
-			$zip = new ZipArchive();
-			$result = $zip->open($randomZipName, ZipArchive::CREATE);
-
-			if ($result === true) {
-				for ($index = 0, $count = count($this->entryIds); $index < $count; ++$index) {
-					$this->message = mapi_msgstore_openentry($this->store, hex2bin($this->entryIds[$index]));
-
-					// get message properties.
-					$messageProps = mapi_getprops($this->message, [PR_SUBJECT, PR_EC_IMAP_EMAIL, PR_MESSAGE_CLASS]);
-
-					$stream = $this->getEmlStream($messageProps);
-					$stat = mapi_stream_stat($stream);
-
-					// Get the stream
-					$datastring = '';
-					for ($i = 0; $i < $stat['cb']; $i += BLOCK_SIZE) {
-						$datastring .= mapi_stream_read($stream, BLOCK_SIZE);
-						// Need to discard the buffer contents to prevent memory
-						// exhaustion.
-						ob_flush();
-					}
-
-					$filename = (!empty($messageProps[PR_SUBJECT])) ? $messageProps[PR_SUBJECT] : _('Untitled');
-					$filename .= '.eml';
-
-					$filename = $this->handleDuplicateFileNames($filename);
-					// Remove slashes to prevent unwanted directories to be created in the zip file.
-					$filename = str_replace('\\', '_', $filename);
-					$filename = str_replace('/', '_', $filename);
-
-					// Add file into zip by stream
-					$zip->addFromString($filename, $datastring);
-				}
-			}
-			else {
-				$zip->close();
-				// Remove the zip file to avoid unnecessary disk-space consumption
-				unlink($randomZipName);
-
-				// Throw exception if ZIP is not created successfully
-				throw new ZarafaException(_("ZIP is not created successfully"));
-			}
-
-			$zip->close();
-
-			// Set the headers
-			header('Pragma: public');
-			header('Expires: 0'); // set expiration time
-			header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-			header('Content-Disposition: attachment; filename="' . addslashes(browserDependingHTTPHeaderEncode(_("Messages") . date(" d-m-Y") . ".zip")) . '"');
-			header('Content-Transfer-Encoding: binary');
-			header('Content-Type:  application/zip');
-			header('Content-Length: ' . filesize($randomZipName));
-
-			// Send the actual response as ZIP file
-			readfile($randomZipName);
-
-			// Remove the zip file to avoid unnecessary disk-space consumption
-			unlink($randomZipName);
-		}
-	}
-
-	/**
-	 * Function will obtain stream from the message, For email messages it will open email as
-	 * inet object and get the stream content as eml format, when user has IMAP enabled.
-	 * The below mentioned properties are configured with the whole message as a stream in it, while IMAP is enabled:
-	 * PR_EC_IMAP_EMAIL
-	 * PR_EC_IMAP_EMAIL_SIZE
-	 * PR_EC_IMAP_BODY
-	 * PR_EC_IMAP_BODYSTRUCTURE.
-	 *
-	 * @param array $messageProps properties of this particular message
-	 *
-	 * @return Stream $stream the eml stream obtained from message
-	 */
-	public function getEmlStream($messageProps) {
-		// If RFC822-formatted stream is already available in PR_EC_IMAP_EMAIL property
-		// than directly use it, generate otherwise.
-		if (isset($messageProps[PR_EC_IMAP_EMAIL]) || propIsError(PR_EC_IMAP_EMAIL, $messageProps) == MAPI_E_NOT_ENOUGH_MEMORY) {
-			// Stream the message to properly get the PR_EC_IMAP_EMAIL property
-			$stream = mapi_openproperty($this->message, PR_EC_IMAP_EMAIL, IID_IStream, 0, 0);
-		}
-		else {
-			// Get addressbook for current session
-			$addrBook = $GLOBALS['mapisession']->getAddressbook();
-
-			// Read the message as RFC822-formatted e-mail stream.
-			$stream = mapi_inetmapi_imtoinet($GLOBALS['mapisession']->getSession(), $addrBook, $this->message, []);
-		}
-
-		return $stream;
-	}
-
-	/**
-	 * Check received data and decide either the eml file or
-	 * ZIP file is requested to be downloaded.
-	 */
-	public function download() {
-		if ($this->allAsZip) {
-			// download multiple eml messages in a ZIP file
-			$this->downloadMessageAsZipFile();
-		}
-		else {
-			// download message as file
-			$this->downloadMessageAsFile();
-		}
-	}
+    /**
+     * Function get message-stream using respective mapi function.
+     * It also sends the eml file to the client.
+     */
+    public function downloadMessageAsFile() {
+        if ($this->message && $this->store) {
+            // get message properties.
+            $messageProps = mapi_getprops($this->message, [PR_SUBJECT, PR_EC_IMAP_EMAIL, PR_MESSAGE_CLASS]);
+
+            $stream = $this->getEmlStream($messageProps);
+
+            $filename = (!empty($messageProps[PR_SUBJECT])) ? $messageProps[PR_SUBJECT] : _('Untitled');
+            $filename .= '.eml';
+
+            // Set the file length
+            $stat = mapi_stream_stat($stream);
+
+            $this->setNecessaryHeaders($filename, $stat['cb']);
+
+            // Read whole message and echo it.
+            for ($i = 0; $i < $stat['cb']; $i += BLOCK_SIZE) {
+                // Print stream
+                echo mapi_stream_read($stream, BLOCK_SIZE);
+
+                // Need to discard the buffer contents to prevent memory
+                // exhaustion while echoing large content.
+                ob_flush();
+            }
+        }
+    }
+
+    /**
+     * Function will create a ZIP archive and add eml files into the same.
+     * It also configures necessary header information which required to send the ZIP file to client.
+     * Send ZIP to the client if all the requested eml files included successfully into the same.
+     */
+    public function downloadMessageAsZipFile() {
+        if ($this->store) {
+            // Generate random ZIP file name at default temporary path of PHP
+            $randomZipName = tempnam(sys_get_temp_dir(), 'zip');
+
+            // Create an open zip archive.
+            $zip = new ZipArchive();
+            $result = $zip->open($randomZipName, ZipArchive::CREATE);
+
+            if ($result === true) {
+                for ($index = 0, $count = count($this->entryIds); $index < $count; ++$index) {
+                    $this->message = mapi_msgstore_openentry($this->store, hex2bin($this->entryIds[$index]));
+
+                    // get message properties.
+                    $messageProps = mapi_getprops($this->message, [PR_SUBJECT, PR_EC_IMAP_EMAIL, PR_MESSAGE_CLASS]);
+
+                    $stream = $this->getEmlStream($messageProps);
+                    $stat = mapi_stream_stat($stream);
+
+                    // Get the stream
+                    $datastring = '';
+                    for ($i = 0; $i < $stat['cb']; $i += BLOCK_SIZE) {
+                        $datastring .= mapi_stream_read($stream, BLOCK_SIZE);
+                        // Need to discard the buffer contents to prevent memory
+                        // exhaustion.
+                        ob_flush();
+                    }
+
+                    $filename = (!empty($messageProps[PR_SUBJECT])) ? $messageProps[PR_SUBJECT] : _('Untitled');
+                    $filename .= '.eml';
+
+                    $filename = $this->handleDuplicateFileNames($filename);
+                    // Remove slashes to prevent unwanted directories to be created in the zip file.
+                    $filename = str_replace('\\', '_', $filename);
+                    $filename = str_replace('/', '_', $filename);
+
+                    // Add file into zip by stream
+                    $zip->addFromString($filename, $datastring);
+                }
+            }
+            else {
+                $zip->close();
+                // Remove the zip file to avoid unnecessary disk-space consumption
+                unlink($randomZipName);
+
+                // Throw exception if ZIP is not created successfully
+                throw new ZarafaException(_("ZIP is not created successfully"));
+            }
+
+            $zip->close();
+
+            // Set the headers
+            header('Pragma: public');
+            header('Expires: 0'); // set expiration time
+            header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+            header('Content-Disposition: attachment; filename="' . addslashes(browserDependingHTTPHeaderEncode(_("Messages") . date(" d-m-Y") . ".zip")) . '"');
+            header('Content-Transfer-Encoding: binary');
+            header('Content-Type:  application/zip');
+            header('Content-Length: ' . filesize($randomZipName));
+
+            // Send the actual response as ZIP file
+            readfile($randomZipName);
+
+            // Remove the zip file to avoid unnecessary disk-space consumption
+            unlink($randomZipName);
+        }
+    }
+
+    /**
+     * Function will obtain stream from the message, For email messages it will open email as
+     * inet object and get the stream content as eml format, when user has IMAP enabled.
+     * The below mentioned properties are configured with the whole message as a stream in it, while IMAP is enabled:
+     * PR_EC_IMAP_EMAIL
+     * PR_EC_IMAP_EMAIL_SIZE
+     * PR_EC_IMAP_BODY
+     * PR_EC_IMAP_BODYSTRUCTURE.
+     *
+     * @param array $messageProps properties of this particular message
+     *
+     * @return Stream $stream the eml stream obtained from message
+     */
+    public function getEmlStream($messageProps) {
+        // If RFC822-formatted stream is already available in PR_EC_IMAP_EMAIL property
+        // than directly use it, generate otherwise.
+        if (isset($messageProps[PR_EC_IMAP_EMAIL]) || propIsError(PR_EC_IMAP_EMAIL, $messageProps) == MAPI_E_NOT_ENOUGH_MEMORY) {
+            // Stream the message to properly get the PR_EC_IMAP_EMAIL property
+            $stream = mapi_openproperty($this->message, PR_EC_IMAP_EMAIL, IID_IStream, 0, 0);
+        }
+        else {
+            // Get addressbook for current session
+            $addrBook = $GLOBALS['mapisession']->getAddressbook();
+
+            // Read the message as RFC822-formatted e-mail stream.
+            $stream = mapi_inetmapi_imtoinet($GLOBALS['mapisession']->getSession(), $addrBook, $this->message, []);
+        }
+
+        return $stream;
+    }
+
+    /**
+     * Check received data and decide either the eml file or
+     * ZIP file is requested to be downloaded.
+     */
+    public function download() {
+        if ($this->allAsZip) {
+            // download multiple eml messages in a ZIP file
+            $this->downloadMessageAsZipFile();
+        }
+        else {
+            // download message as file
+            $this->downloadMessageAsFile();
+        }
+    }
 }
 
 // create instance of class to download message as file
 $messageInstance = new DownloadMessage();
 
 try {
-	// initialize variables
-	$messageInstance->init($_GET);
+    // initialize variables
+    $messageInstance->init($_GET);
 
-	// download message
-	$messageInstance->download();
+    // download message
+    $messageInstance->download();
 }
 catch (Exception $e) {
-	$messageInstance->handleSaveMessageException($e);
+    $messageInstance->handleSaveMessageException($e);
 }

Braces +4 added lines, -8 removed lines

@@ -87,8 +87,7 @@ 
 					// Add file into zip by stream
 					$zip->addFromString($filename, $datastring);
 				}
-			}
-			else {
+			} else {
 				$zip->close();
 				// Remove the zip file to avoid unnecessary disk-space consumption
 				unlink($randomZipName);
@@ -135,8 +134,7 @@ 
 		if (isset($messageProps[PR_EC_IMAP_EMAIL]) || propIsError(PR_EC_IMAP_EMAIL, $messageProps) == MAPI_E_NOT_ENOUGH_MEMORY) {
 			// Stream the message to properly get the PR_EC_IMAP_EMAIL property
 			$stream = mapi_openproperty($this->message, PR_EC_IMAP_EMAIL, IID_IStream, 0, 0);
-		}
-		else {
+		} else {
 			// Get addressbook for current session
 			$addrBook = $GLOBALS['mapisession']->getAddressbook();
 
@@ -155,8 +153,7 @@ 
 		if ($this->allAsZip) {
 			// download multiple eml messages in a ZIP file
 			$this->downloadMessageAsZipFile();
-		}
-		else {
+		} else {
 			// download message as file
 			$this->downloadMessageAsFile();
 		}
@@ -172,7 +169,6 @@ 
 
 	// download message
 	$messageInstance->download();
-}
-catch (Exception $e) {
+} catch (Exception $e) {
 	$messageInstance->handleSaveMessageException($e);
 }

server/includes/logger/class.filelog.php

Indentation +76 added lines, -76 removed lines

@@ -1,89 +1,89 @@
 <?php
 
-	class FileLog extends Logger {
-		/**
-		 * @var string
-		 */
-		private $logToUserFile = "";
+    class FileLog extends Logger {
+        /**
+         * @var string
+         */
+        private $logToUserFile = "";
 
-		/**
-		 * Writes a log message to the general log.
-		 *
-		 * @param {Number}        $loglevel       one of the defined LOGLEVELS
-		 * @param {string}        $message        The log message which we want to log in user specific log file
-		 * @param {boolean|array} $detailMessage  (optional) The detailed log message. it can be Error/Exception array.
-		 * @param {boolean|array} $request        (optional) The request log the the request data which sent by the user
-		 * @param mixed $logLevel
-		 */
-		protected function Write($logLevel, $message, $detailMessage, $request) {
-			$dir = LOG_FILE_DIR;
-			if (substr(LOG_FILE_DIR, -1) != "/") {
-				$dir .= "/";
-			}
+        /**
+         * Writes a log message to the general log.
+         *
+         * @param {Number}        $loglevel       one of the defined LOGLEVELS
+         * @param {string}        $message        The log message which we want to log in user specific log file
+         * @param {boolean|array} $detailMessage  (optional) The detailed log message. it can be Error/Exception array.
+         * @param {boolean|array} $request        (optional) The request log the the request data which sent by the user
+         * @param mixed $logLevel
+         */
+        protected function Write($logLevel, $message, $detailMessage, $request) {
+            $dir = LOG_FILE_DIR;
+            if (substr(LOG_FILE_DIR, -1) != "/") {
+                $dir .= "/";
+            }
 
-			// If users directory not created then create it first.
-			if (!is_dir($dir)) {
-				if (empty($dir)) {
-					error_log("Log directory has not configured. provide valid directory path.");
+            // If users directory not created then create it first.
+            if (!is_dir($dir)) {
+                if (empty($dir)) {
+                    error_log("Log directory has not configured. provide valid directory path.");
 
-					return;
-				}
-				if (mkdir($dir, 0777, true) === false) {
-					error_log("Problem in creating log folder " . $dir);
+                    return;
+                }
+                if (mkdir($dir, 0777, true) === false) {
+                    error_log("Problem in creating log folder " . $dir);
 
-					return;
-				}
-			}
-			$data = $this->BuildLogString($logLevel, $message, $detailMessage, $request) . PHP_EOL;
-			file_put_contents($dir . $this->getLogToUserFile(), $data, FILE_APPEND);
-		}
+                    return;
+                }
+            }
+            $data = $this->BuildLogString($logLevel, $message, $detailMessage, $request) . PHP_EOL;
+            file_put_contents($dir . $this->getLogToUserFile(), $data, FILE_APPEND);
+        }
 
-		/**
-		 * Get the log user file.
-		 *
-		 * @return string
-		 */
-		private function getLogToUserFile() {
-			if (strlen($this->logToUserFile) == 0) {
-				$this->setLogToUserFile($this->getUser() . ".log");
-			}
+        /**
+         * Get the log user file.
+         *
+         * @return string
+         */
+        private function getLogToUserFile() {
+            if (strlen($this->logToUserFile) == 0) {
+                $this->setLogToUserFile($this->getUser() . ".log");
+            }
 
-			return $this->logToUserFile;
-		}
+            return $this->logToUserFile;
+        }
 
-		/**
-		 * Set user log-file relative to log directory.
-		 *
-		 * @param string $value
-		 */
-		private function setLogToUserFile($value) {
-			$this->logToUserFile = $value;
-		}
+        /**
+         * Set user log-file relative to log directory.
+         *
+         * @param string $value
+         */
+        private function setLogToUserFile($value) {
+            $this->logToUserFile = $value;
+        }
 
-		/**
-		 * Returns the string to be logged.
-		 *
-		 * @param {Number}        $loglevel       one of the defined LOGLEVELS
-		 * @param {string}        $message        The log message which we want to log in user specific log file
-		 * @param {boolean|array} $detailMessage  (optional) The detailed log message. it can be Error/Exception array.
-		 * @param {boolean|array} $request        (optional) The request log the the request data which sent by the user
-		 *
-		 * @return string
-		 */
-		public function BuildLogString($loglevel, $message, $detailMessage = false, $request = false) {
-			$dateTime = strftime("%d-%b-%Y %H:%M:%S");
-			$log = "[" . $dateTime . "] ";
-			$log .= $this->GetLogLevelString($loglevel);
-			$log .= ' ' . $message;
+        /**
+         * Returns the string to be logged.
+         *
+         * @param {Number}        $loglevel       one of the defined LOGLEVELS
+         * @param {string}        $message        The log message which we want to log in user specific log file
+         * @param {boolean|array} $detailMessage  (optional) The detailed log message. it can be Error/Exception array.
+         * @param {boolean|array} $request        (optional) The request log the the request data which sent by the user
+         *
+         * @return string
+         */
+        public function BuildLogString($loglevel, $message, $detailMessage = false, $request = false) {
+            $dateTime = strftime("%d-%b-%Y %H:%M:%S");
+            $log = "[" . $dateTime . "] ";
+            $log .= $this->GetLogLevelString($loglevel);
+            $log .= ' ' . $message;
 
-			if ($detailMessage) {
-				$log .= ' :' . var_export($detailMessage, true) . "\r\n";
-			}
+            if ($detailMessage) {
+                $log .= ' :' . var_export($detailMessage, true) . "\r\n";
+            }
 
-			if ($request) {
-				$log .= ' Request:' . var_export($request, true) . "\r\n";
-			}
+            if ($request) {
+                $log .= ' Request:' . var_export($request, true) . "\r\n";
+            }
 
-			return $log;
-		}
-	}
+            return $log;
+        }
+    }

server/includes/logger/class.baselogger.php

Indentation +161 added lines, -161 removed lines

@@ -1,163 +1,163 @@
 <?php
 
-	abstract class Logger {
-		/**
-		 * @var string
-		 */
-		protected $user = '';
-
-		/**
-		 * @var array
-		 */
-		protected $specialLogUsers = [];
-
-		/**
-		 * Only used as a cache value for IsUserInSpecialLogUsers.
-		 *
-		 * @var array
-		 */
-		private $isUserInSpecialLogUsers = [];
-
-		/**
-		 * Only used as a cache value for IsAuthUserInSpecialLogUsers function.
-		 *
-		 * @var bool
-		 */
-		private $isAuthUserInSpecialLogUsers = false;
-
-		/**
-		 * Returns the current user.
-		 *
-		 * @return string
-		 */
-		public function GetUser() {
-			return $this->user;
-		}
-
-		/**
-		 * Sets the current user.
-		 *
-		 * @param array $value user information which is currently login
-		 */
-		public function SetUser($value) {
-			$this->user = $value;
-		}
-
-		/**
-		 * Indicates if special log users are known.
-		 *
-		 * @return bool True if we do have to log some specific user. False otherwise.
-		 */
-		public function HasSpecialLogUsers() {
-			return !empty($this->specialLogUsers);
-		}
-
-		/**
-		 * Indicates if the user is in the special log users.
-		 *
-		 * @param string $user
-		 *
-		 * @return bool
-		 */
-		public function IsUserInSpecialLogUsers($user) {
-			if (isset($this->isUserInSpecialLogUsers[$user])) {
-				return true;
-			}
-			if ($this->HasSpecialLogUsers()) {
-				$specialLogUsers = $this->GetSpecialLogUsers();
-				if (array_search($user, $specialLogUsers, true) !== false) {
-					$this->isUserInSpecialLogUsers[$user] = true;
-
-					return true;
-				}
-			}
-
-			return false;
-		}
-
-		/**
-		 * Returns the current special log users array.
-		 *
-		 * @return array
-		 */
-		public function GetSpecialLogUsers() {
-			return $this->specialLogUsers;
-		}
-
-		/**
-		 * Sets the current special log users array.
-		 */
-		public function SetSpecialLogUsers(array $value) {
-			$this->isUserInSpecialLogUsers = []; // reset cache
-			$this->specialLogUsers = $value;
-		}
-
-		/**
-		 * Check that the current login user is in the special log user array.
-		 * This call is equivalent to `$this->IsUserInSpecialLogUsers($this->GetUser())` at the exception that this
-		 * call uses cache so there won't be more than one check to the specialLogUser for the login user.
-		 *
-		 * @return bool true if user exist in special log user array else false
-		 */
-		public function IsAuthUserInSpecialLogUsers() {
-			if ($this->isAuthUserInSpecialLogUsers) {
-				return true;
-			}
-			if ($this->IsUserInSpecialLogUsers($this->GetUser())) {
-				$this->isAuthUserInSpecialLogUsers = true;
-
-				return true;
-			}
-
-			return false;
-		}
-
-		/**
-		 * Logs a message with a given log level.
-		 *
-		 * @param {int} $logLevel The log level which will be configured in config file
-		 * @param {string} $message The log message which we want to log in user specific log file
-		 * @param {boolean|array} $detailMessage (optional) The detailed log message. it can be Error/Exception array.
-		 * @param {boolean|array} $request (optional) The request log the the request data which sent by the user
-		 */
-		public function Log($logLevel, $message, $detailMessage = false, $request = false) {
-			if ($logLevel <= LOG_USER_LEVEL) {
-				if ($this->IsAuthUserInSpecialLogUsers()) {
-					$this->Write($logLevel, $message, $detailMessage, $request);
-				}
-			}
-		}
-
-		/**
-		 * Returns the string representation of the given $loglevel.
-		 *
-		 * @param {int} $loglevel one of the LOGLEVELs
-		 *
-		 * @return string
-		 */
-		protected function GetLogLevelString($loglevel) {
-			switch ($loglevel) {
-				case LOGLEVEL_OFF:          return ""; break;
-
-				case LOGLEVEL_FATAL:        return "[FATAL]"; break;
-
-				case LOGLEVEL_ERROR:        return "[ERROR]"; break;
-
-				case LOGLEVEL_WARN:         return "[WARN]"; break;
-
-				case LOGLEVEL_INFO:         return "[INFO]"; break;
-
-				case LOGLEVEL_DEBUG:        return "[DEBUG]"; break;
-			}
-		}
-
-		/**
-		 * Writes a log message to the general log.
-		 *
-		 * @param {int} $logLevel The log level which will be configured in config file
-		 * @param {string} $message The log message which we want to log in user specific log file
-		 * @param {boolean|array} $detailMessage (optional) The detailed log message. it can be Error/Exception array.
-		 * @param {boolean|array} $request (optional) The request log the the request data which sent by the user
-		 */
-		abstract protected function Write($logLevel, $message, $detailMessage, $request);
-	}
+    abstract class Logger {
+        /**
+         * @var string
+         */
+        protected $user = '';
+
+        /**
+         * @var array
+         */
+        protected $specialLogUsers = [];
+
+        /**
+         * Only used as a cache value for IsUserInSpecialLogUsers.
+         *
+         * @var array
+         */
+        private $isUserInSpecialLogUsers = [];
+
+        /**
+         * Only used as a cache value for IsAuthUserInSpecialLogUsers function.
+         *
+         * @var bool
+         */
+        private $isAuthUserInSpecialLogUsers = false;
+
+        /**
+         * Returns the current user.
+         *
+         * @return string
+         */
+        public function GetUser() {
+            return $this->user;
+        }
+
+        /**
+         * Sets the current user.
+         *
+         * @param array $value user information which is currently login
+         */
+        public function SetUser($value) {
+            $this->user = $value;
+        }
+
+        /**
+         * Indicates if special log users are known.
+         *
+         * @return bool True if we do have to log some specific user. False otherwise.
+         */
+        public function HasSpecialLogUsers() {
+            return !empty($this->specialLogUsers);
+        }
+
+        /**
+         * Indicates if the user is in the special log users.
+         *
+         * @param string $user
+         *
+         * @return bool
+         */
+        public function IsUserInSpecialLogUsers($user) {
+            if (isset($this->isUserInSpecialLogUsers[$user])) {
+                return true;
+            }
+            if ($this->HasSpecialLogUsers()) {
+                $specialLogUsers = $this->GetSpecialLogUsers();
+                if (array_search($user, $specialLogUsers, true) !== false) {
+                    $this->isUserInSpecialLogUsers[$user] = true;
+
+                    return true;
+                }
+            }
+
+            return false;
+        }
+
+        /**
+         * Returns the current special log users array.
+         *
+         * @return array
+         */
+        public function GetSpecialLogUsers() {
+            return $this->specialLogUsers;
+        }
+
+        /**
+         * Sets the current special log users array.
+         */
+        public function SetSpecialLogUsers(array $value) {
+            $this->isUserInSpecialLogUsers = []; // reset cache
+            $this->specialLogUsers = $value;
+        }
+
+        /**
+         * Check that the current login user is in the special log user array.
+         * This call is equivalent to `$this->IsUserInSpecialLogUsers($this->GetUser())` at the exception that this
+         * call uses cache so there won't be more than one check to the specialLogUser for the login user.
+         *
+         * @return bool true if user exist in special log user array else false
+         */
+        public function IsAuthUserInSpecialLogUsers() {
+            if ($this->isAuthUserInSpecialLogUsers) {
+                return true;
+            }
+            if ($this->IsUserInSpecialLogUsers($this->GetUser())) {
+                $this->isAuthUserInSpecialLogUsers = true;
+
+                return true;
+            }
+
+            return false;
+        }
+
+        /**
+         * Logs a message with a given log level.
+         *
+         * @param {int} $logLevel The log level which will be configured in config file
+         * @param {string} $message The log message which we want to log in user specific log file
+         * @param {boolean|array} $detailMessage (optional) The detailed log message. it can be Error/Exception array.
+         * @param {boolean|array} $request (optional) The request log the the request data which sent by the user
+         */
+        public function Log($logLevel, $message, $detailMessage = false, $request = false) {
+            if ($logLevel <= LOG_USER_LEVEL) {
+                if ($this->IsAuthUserInSpecialLogUsers()) {
+                    $this->Write($logLevel, $message, $detailMessage, $request);
+                }
+            }
+        }
+
+        /**
+         * Returns the string representation of the given $loglevel.
+         *
+         * @param {int} $loglevel one of the LOGLEVELs
+         *
+         * @return string
+         */
+        protected function GetLogLevelString($loglevel) {
+            switch ($loglevel) {
+                case LOGLEVEL_OFF:          return ""; break;
+
+                case LOGLEVEL_FATAL:        return "[FATAL]"; break;
+
+                case LOGLEVEL_ERROR:        return "[ERROR]"; break;
+
+                case LOGLEVEL_WARN:         return "[WARN]"; break;
+
+                case LOGLEVEL_INFO:         return "[INFO]"; break;
+
+                case LOGLEVEL_DEBUG:        return "[DEBUG]"; break;
+            }
+        }
+
+        /**
+         * Writes a log message to the general log.
+         *
+         * @param {int} $logLevel The log level which will be configured in config file
+         * @param {string} $message The log message which we want to log in user specific log file
+         * @param {boolean|array} $detailMessage (optional) The detailed log message. it can be Error/Exception array.
+         * @param {boolean|array} $request (optional) The request log the the request data which sent by the user
+         */
+        abstract protected function Write($logLevel, $message, $detailMessage, $request);
+    }