如何解决证书扩展的 ASN1 模块在哪里
我正在为 .net 中的证书请求编写 DER 解析器。 我以 RFC 2986 为基础,它描述了使用 ASN.1 模块的请求的大部分内容。
然而,它没有定义 extensionRequest 的结构(oid 1.2.840.113549.1.9.14)。我搜索了高低,但我无法找到另一个 rfc 或公开可用的文档,这些文档描述了它使用的结构、预期的类型等(即 extensionRequest 对象的 ASN.1 模块及其子项)
样本解码器:
SEQUENCE (3 elem)
SEQUENCE (4 elem)
INTEGER 0
SEQUENCE (14 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
NULL
BIT STRING (1120 bit) 001100001000000110001001000000101000000110000001000000001011111100011…
SEQUENCE (2 elem)
INTEGER (1024 bit) 134193393845175687447721541202995749257369077931432148182685911334902…
INTEGER 65537
[0] (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.13.2.3 osVersion (Microsoft attribute)
SET (1 elem)
IA5String 10.0.19042.2
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.20 requestClientInfo (Microsoft attribute)
SET (1 elem)
SEQUENCE (4 elem)
INTEGER 5
UTF8String EDITED
UTF8String EDITED\edited
UTF8String MMC.EXE
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.13.2.2 enrolmentCSP (Microsoft attribute)
SET (1 elem)
SEQUENCE (3 elem)
INTEGER 0
BMPString Microsoft Software Key Storage Provider
BIT STRING (0 bit)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF)
SET (1 elem)
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv This sequence vvvvvvvvvvvvvvvvvvvvvvvvv
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
OCTET STRING (153 byte) 308196A41430123110300E060355040B0C076469726E616D658204444E53318204444…
SEQUENCE (9 elem)
[4] (1 elem)
SEQUENCE (1 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String dirname
[2] (4 byte) DNS1
[2] (4 byte) DNS2
[1] (17 byte) othermail@mail.fr
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.25.1 ntdsReplication (Microsoft)
[0] (1 elem)
OCTET STRING (16 byte) ADC5FA58160E9F4ABB154A7DCEDC00A5
[7] (4 byte) 7F000002
[7] (16 byte) 00000000000000000000000000000001
[6] (3 byte) url
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 universalPrincipalName (Microsoft UPN)
[0] (1 elem)
UTF8String userprincipalname
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (20 byte) 87E201CF0B06CB290C98E7DF67796CF46AD9D507
OCTET STRING (20 byte) 87E201CF0B06CB290C98E7DF67796CF46AD9D507
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
BIT STRING (1024 bit) 101110000001101000110010011000110101111010001000011101110110001110000…
你知道我在哪里可以找到这些信息吗?
解决方法
证书扩展是 PKCS#9 请求属性。具体来说,RFC 2985 §5.4.2 中定义了 extensionRequest
属性类型:
extensionRequest ATTRIBUTE ::= {
WITH SYNTAX ExtensionRequest
SINGLE VALUE TRUE
ID pkcs-9-at-extensionRequest
}
ExtensionRequest ::= Extensions
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,critical BOOLEAN DEFAULT FALSE,extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
简单地说,属性值是一个 SEQUENCE OF Extension
类型。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。