Как добавить подписанный параметр OCSP RESPONSE в ASN1 PKCS7
Занимался подписанием строки. Обычная подпись проходит. Теперь нужно было добавить подписанные параметры.
Нет проблем с добавлением строк:
void add_signed_printable_string(PKCS7_SIGNER_INFO *si, char *oid, char *str)
{
ASN1_PRINTABLESTRING *os;
signed_string_nid = OBJ_create(oid, str, str);
os=ASN1_PRINTABLESTRING_new();
M_ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
PKCS7_add_signed_attribute(si,signed_string_nid, V_ASN1_PRINTABLESTRING,(char *)os);
}
С добавлением типа контента все также понятно:
PKCS7_add_attrib_content_type(si, OBJ_nid2obj(OID_SIGNED_CONTENT_TYPE));
Но теперь вам нужно добавить объект X509_NAME а также OCSP ответ.
Как вообще такие объекты правильно добавляются?
Я пытался добавить X509_NAME путем ручной записи всех параметров, но это занимает очень много времени.
Вы должны получить что-то вроде этого (добавить то же, что в 1.3.6.1.4.1.6801.2.8 и 1.3.6.1.5.5.7.48.1.1):
[0] (7 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.13 signingDescription (PKCS #9)
SET (1 elem)
PrintableString ESEDO
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.1 data (PKCS #7)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2018-11-13 12:08:20 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) 166182C25D404360359A8961F9A861F4A11567C9BC0D01BF81EC647E1CA59331
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.77
SET (1 elem)
UTF8String Как дебажить ошибки.docx
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.6801.2.8
SET (1 elem)
SEQUENCE (10 elem)
SET (1 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.4 surname (X.520 DN component)
UTF8String ТЕСТ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN123128350133
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String ТОВАРИЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ "777"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN123840007123
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.42 givenName (X.520 DN component)
UTF8String ТЕСТ
SET (1 elem)
SEQUENCE (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1 ocspBasic (OCSP)
SET (1 elem)
OCTET STRING (1 elem)
SEQUENCE (2 elem)
ENUMERATED
[0] (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1 ocspBasic (OCSP)
OCTET STRING (1 elem)
SEQUENCE (4 elem)
SEQUENCE (4 elem)
[1] (1 elem)
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String OCSP RESPONDER
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN761231300313
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String АКЦИОНЕРНОЕ ОБЩЕСТВО "НАЦИОНАЛЬНЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN000740000728
GeneralizedTime 2018-11-13 12:08:12 UTC
SEQUENCE (1 elem)
SEQUENCE (3 elem)
SEQUENCE (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.3.1
NULL
OCTET STRING (32 byte) CB71EA9140B5F7D0A761D820E5FBE12C8FFB771B954165D8FC7387758D424F9A
OCTET STRING (32 byte) 640A1103E2579C4AFDBC3306E07AC6AA1473FA0E2E7DD005F3E6254195D828AA
INTEGER (159 bit) 616944972507369995033056199378545336054600461801
[0]
GeneralizedTime 2018-11-13 12:08:12 UTC
[1] (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.2 ocspNonce (OCSP)
OCTET STRING (1 elem)
OCTET STRING ¤}Z
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.9
OCTET STRING (1 elem)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
BIT STRING (512 bit) 1011010110100000001011110110010101000001111111110100110110001111100011…
[0] (1 elem)
SEQUENCE (1 elem)
SEQUENCE (3 elem)
SEQUENCE (8 elem)
[0] (1 elem)
INTEGER 2
INTEGER (158 bit) 272744986983533272580483628423012745646484689418
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
SEQUENCE (2 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String ҰЛТТЫҚ КУӘЛАНДЫРУШЫ ОРТАЛЫҚ (GOST)
SEQUENCE (2 elem)
UTCTime 2018-08-11 18:00:55 UTC
UTCTime 2019-08-11 18:00:55 UTC
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String OCSP RESPONDER
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN761231300313
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String АКЦИОНЕРНОЕ ОБЩЕСТВО "НАЦИОНАЛЬНЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN000740000728
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.1
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.1.1
OBJECT IDENTIFIER 1.2.398.3.10.1.3.1.1.0
BIT STRING (1 elem)
OCTET STRING (64 byte) D20F80BBB987C85D946C54C3AB994F7887BDA2FE5C9C392A30AB615B407765CD8D3D78…
[3] (1 elem)
SEQUENCE (7 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.37 extKeyUsage (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.9 ocspSigning (PKIX key purpose)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.35 authorityKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
[0] (4 byte) 5B6A73E9
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
OCTET STRING (20 byte) 042ECC160C088D0915A0F66BDD9F8205D9F56A0E
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.31 cRLDistributionPoints (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
[0] (1 elem)
[0] (2 elem)
[6] http://crl.pki.gov.kz/nca_gost.crl
[6] http://crl1.pki.gov.kz/nca_gost.crl
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.46 freshestCRL (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
[0] (1 elem)
[0] (2 elem)
[6] http://crl.pki.gov.kz/nca_d_gost.crl
[6] http://crl1.pki.gov.kz/nca_d_gost.crl
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 authorityInfoAccess (PKIX private extension)
OCTET STRING (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 caIssuers (PKIX subject/authority info access descriptor)
[6] http://pki.gov.kz/cert/nca_gost.cer
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 ocsp (PKIX)
[6] http://ocsp.pki.gov.kz
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.5 ocspNoCheck (OCSP)
OCTET STRING (0 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
BIT STRING (512 bit) 1001000111110101000101110111000111010000111111101010101010010100110110…