解析ASN.1,Bouncy Castle下的OCSPRequest结构
上次把ASN.1解析得到了具体对象,但是难以理解对应的意义。这次是解析为Bouncy Castle下的OCSPRequest结构。
先了解一下OCSPRequest的结构:
public class OCSPRequest
extends ASN1Object
{
TBSRequest tbsRequest;
Signature optionalSignature;
}
public class TBSRequest
extends ASN1Object
{
private static final ASN1Integer V1 = new ASN1Integer(0);
ASN1Integer version;
GeneralName requestorName;
ASN1Sequence requestList;
Extensions requestExtensions;
}
public class Signature
extends ASN1Object
{
AlgorithmIdentifier signatureAlgorithm;
DERBitString signature;
ASN1Sequence certs;
}
public class AlgorithmIdentifier
extends ASN1Object
{
private ASN1ObjectIdentifier algorithm;
private ASN1Encodable parameters;
}
public class Request
extends ASN1Object
{
CertID reqCert;
Extensions singleRequestExtensions;
}
更多结构可点进去查看。
给定这样一个Bouncy Castle的signedReq:
String signedReq =
"MIIC9jBAMD4wPDA6MAkGBSsOAwIaBQAEFENv0Y4OeruVGFKQSrDhdfbiG4RHBBTc"
+ "Mr1fP+mZAxbF2ZdehWxn6mtAngIBAaCCArAwggKsMA0GCSqGSIb3DQEBBQUAA4GB"
+ "AAzHBm4nL5AcRQB3Jkz7ScNeZF+GbRZ0p4kBDTnqi3IeESuso12yJhpqqyijdnj5"
+ "gd4/GsSAgdluLHyYZ6wgozV7G9MDXCnFnG4PBUW05HaVX81JYAp+amVyU0NOgNrG"
+ "90npVBsHb0o+UlkxNgMiEbSkp/TeGb6YURsYKhmwp7BgoIICFTCCAhEwggINMIIB"
+ "dqADAgECAgEBMA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0"
+ "bGUxCzAJBgNVBAYTAkFVMB4XDTA0MTAyNDEzNDc0M1oXDTA1MDIwMTEzNDc0M1ow"
+ "JTEWMBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI"
+ "hvcNAQEBBQADgY0AMIGJAoGBAJBmLeIzthMHUeTkOeJ76iBxcMHY31o/i3a9VT12"
+ "y2FcS/ejJmeUCMTdtwl5alOwXY66vF4DyT1VU/nJG3mHpSoqq7qrMXOIFGcXg1Wf"
+ "oJRrQgTOLdQ6bod7i9ME/EjEJy70orh0nVS7NGcu0R5TjcbLde2J5zxjb/W9wqfy"
+ "RovJAgMBAAGjTTBLMB0GA1UdDgQWBBTcMr1fP+mZAxbF2ZdehWxn6mtAnjAfBgNV"
+ "HSMEGDAWgBTcMr1fP+mZAxbF2ZdehWxn6mtAnjAJBgNVHRMEAjAAMA0GCSqGSIb3"
+ "DQEBBAUAA4GBAF/4EH1KkNrNxocJPIp7lThmG1KIVYESIadowMowrbok46ESofRF"
+ "OIPku07W+e1Y1Y1KXLIiPMG3IGwrBrn04iLsbbBUiN37BcC/VyT4xKJ2MYscGjKL"
+ "ua/9bU0lOyeTRAwqb8towWRd5lLYAI3RQ7dhStUTFp3Vqd803PJ/cpR6";
下面是解析代码:
byte[] d64 = Base64.decode(signedReq); ASN1InputStream asn1InputStream = new ASN1InputStream(d64); OCSPRequest req = null; try { req = OCSPRequest.getInstance(asn1InputStream.readObject()); } catch (IOException e) { e.printStackTrace(); } //tbsRequest部分 TBSRequest tbsRequest = req.getTbsRequest(); //Version ASN1Integer asn1Integer = tbsRequest.getVersion(); //generalName GeneralName generalName = tbsRequest.getRequestorName(); //requestList ASN1Sequence requestList = tbsRequest.getRequestList(); System.out.println("tbsRequest值:"); System.out.println("version:" + asn1Integer); System.out.println("generalName:" + generalName); //extensions Extensions extensions = tbsRequest.getRequestExtensions(); System.out.println("extensions:" + extensions); //遍历requestList得到request for (ASN1Encodable request : requestList) { //request强制转换为Request类型 Request re = Request.getInstance(request); /* Request结构 *Request extends ASN1Object{ * CertID reqCert; * Extensions singleRequestExtensions; * }*/ //reqCert CertID reqCert = re.getReqCert(); /* CertID结构 CertID extends ASN1Object{ * AlgorithmIdentifier hashAlgorithm; * ASN1OctetString issuerNameHash; * ASN1OctetString issuerKeyHash; * ASN1Integer serialNumber; * }*/ AlgorithmIdentifier hashAlgorithm = reqCert.getHashAlgorithm(); /* * AlgorithmIdentifiextends ASN1Object{ * ASN1ObjectIdentifier algorithm; * ASN1Encodable parameters; * } * */ ASN1ObjectIdentifier algorithm = hashAlgorithm.getAlgorithm(); ASN1Encodable parameters = hashAlgorithm.getParameters(); System.out.println("hashAlgorithm.algorithm:" + algorithm); System.out.println("hashAlgorithm.parameters:" + parameters); ASN1OctetString issuerKeyHash = reqCert.getIssuerKeyHash(); ASN1OctetString issuerNameHash = reqCert.getIssuerNameHash(); ASN1Integer serialNumber = reqCert.getSerialNumber(); /* System.out.println("hashAlgorithm:" + hashAlgorithm);*/ System.out.println("issuerKeyHash:" + issuerKeyHash); System.out.println("issuerNameHash:" + issuerNameHash); System.out.println("serialNumber:" + serialNumber); //singleRequestExtensions Extensions singleRequestExtensions = re.getSingleRequestExtensions(); System.out.println("singleRequestExtensions:" + singleRequestExtensions); } //signature部分 Signature signature = req.getOptionalSignature(); /*signature结构 * Signature extends ASN1Object{ * AlgorithmIdentifier signatureAlgorithm; * DERBitString signature; * ASN1Sequence certs;} * */ System.out.println("signature值:"); if (signature == null) { System.out.println("signature为空"); } else { AlgorithmIdentifier algorithmIdentifier = signature.getSignatureAlgorithm(); ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm(); ASN1Encodable parameters = algorithmIdentifier.getParameters(); System.out.println("hashAlgorithm.algorithm:" + algorithm); System.out.println("hashAlgorithm.parameters:" + parameters); DERBitString derBitString = signature.getSignature(); System.out.println("signature:" + derBitString); ASN1Sequence certs = signature.getCerts(); for (ASN1Encodable cert : certs) { //cert强制转换为Certificate类型 Certificate ce = Certificate.getInstance(cert); ASN1Integer version = ce.getVersion(); DERBitString ceSignature = ce.getSignature(); TBSCertificate tbsCertificate = ce.getTBSCertificate(); SubjectPublicKeyInfo subjectPublicKeyInfo = tbsCertificate.getSubjectPublicKeyInfo(); DERBitString publicKeyData = subjectPublicKeyInfo.getPublicKeyData(); ASN1Integer serialNumber = ce.getSerialNumber(); AlgorithmIdentifier signatureAlgorithm = ce.getSignatureAlgorithm(); Time endDate = ce.getEndDate(); X500Name issuer = ce.getIssuer(); System.out.println("cert.Version:" + version); System.out.println("cert.Signature:" + ceSignature); System.out.println("cert.tbsCertificate.SubjectPublicKeyInfo.PublicKeyData:" + publicKeyData); System.out.println("cert.serialNumber:" + serialNumber); System.out.println("cert.signatureAlgorithm.Parameters:" + signatureAlgorithm.getParameters()); System.out.println("cert.signatureAlgorithm.Algorithm:" + signatureAlgorithm.getAlgorithm()); System.out.println("cert.endDate:" + endDate); System.out.println("cert.issuer:" + issuer); System.out.println("cert.StartDate:" + ce.getStartDate()); } }
main方法调用一下:
解析完成!