使用 BouncyCastle 从 DER 文件解析 AttributeCertificate 时遇到未知标记

Unknown tag encountered parsing AttributeCertificate from DER file with BouncyCastle

我在使用 BouncyCastle Java API.

解析 DER 属性证书时遇到问题

错误

这是我尝试使用的代码。我首先将证书文件读取为名为 stream 的 InputStream,然后尝试将其转换为 Bouncycastle AttributeCertificate 对象:

ASN1InputStream derIn = new ASN1InputStream(stream);
ASN1Sequence seq = (ASN1Sequence) derIn.readObject();

AttributeCertificate cert = AttributeCertificate.getInstance(seq); <-- exception here
ac = new X509AttributeCertificateHolder(cert); 

第三行导致 IllegalArgumentException:

IllegalArgumentException: unknown object in getInstance: org.bouncycastle.asn1.ASN1Integer
    at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source)
    at org.bouncycastle.asn1.x509.IssuerSerial.getInstance(Unknown Source)
    at org.bouncycastle.asn1.x509.Holder.getInstance(Unknown Source)
    at org.bouncycastle.asn1.x509.AttributeCertificateInfo.getInstance(Unknown Source)
    ...

Bouncycastle 还会抛出一个 IOException 表示遇到 "unknown tag":

java.io.IOException: unknown tag 28 encountered
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    ...

分析

我已经链接了我正在尝试解析的证书文件 here 证书本身是使用 OpenSSL 生成的。

该证书还包括我正在使用的 ABAC 凭据,这是一个简单的字符串:

[some_uuid].experiment_create <- [some_uuid].partner.experiment_create

我查看了 "unknown tag 28",似乎 ASN.1 标签 28 表示一个 UniversalString。我在网上发现 "the UniversalString type models a Unicode character string implicitly serialized into UTF-32 big endian."

这对我来说表明证书中可能存在字符编码问题。但是当我使用 openssl asn1parse 查看证书文件时,它似乎很好:

0:d=0  hl=4 l= 660 cons: SEQUENCE          
4:d=1  hl=4 l= 509 cons: SEQUENCE          
8:d=2  hl=2 l=   3 cons: cont [ 0 ]        
10:d=3  hl=2 l=   1 prim: INTEGER           :02
13:d=2  hl=2 l=   1 prim: INTEGER           :00
16:d=2  hl=2 l=  13 cons: SEQUENCE          
18:d=3  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
29:d=3  hl=2 l=   0 prim: NULL              
31:d=2  hl=2 l=  51 cons: SEQUENCE          
33:d=3  hl=2 l=  49 cons: SET               
35:d=4  hl=2 l=  47 cons: SEQUENCE          
37:d=5  hl=2 l=   3 prim: OBJECT            :commonName
42:d=5  hl=2 l=  40 prim: UTF8STRING        :bf3a72c271f661dae81647a16c1babf3a52da28e
84:d=2  hl=2 l=  30 cons: SEQUENCE          
86:d=3  hl=2 l=  13 prim: UTCTIME           :170828213103Z
101:d=3  hl=2 l=  13 prim: UTCTIME           :270826213103Z
116:d=2  hl=2 l=  51 cons: SEQUENCE          
118:d=3  hl=2 l=  49 cons: SET               
120:d=4  hl=2 l=  47 cons: SEQUENCE          
122:d=5  hl=2 l=   3 prim: OBJECT            :commonName
127:d=5  hl=2 l=  40 prim: UTF8STRING        :bf3a72c271f661dae81647a16c1babf3a52da28e
169:d=2  hl=3 l= 159 cons: SEQUENCE          
172:d=3  hl=2 l=  13 cons: SEQUENCE          
174:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
185:d=4  hl=2 l=   0 prim: NULL              
187:d=3  hl=3 l= 141 prim: BIT STRING        
331:d=2  hl=3 l= 183 cons: cont [ 3 ]        
334:d=3  hl=3 l= 180 cons: SEQUENCE          
337:d=4  hl=3 l= 144 cons: SEQUENCE          
340:d=5  hl=2 l=   8 prim: OBJECT            :id-aca-group
350:d=5  hl=3 l= 131 prim: OCTET STRING      [HEX DUMP]:0C8180626633613732633237316636363164616538313634376131366331626162663361353264613238652E6578706572696D656E745F637265617465203C2D20626633613732633237316636363164616538313634376131366331626162663361353264613238652E706172746E65722E6578706572696D656E745F637265617465
484:d=4  hl=2 l=  31 cons: SEQUENCE          
486:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
491:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014162E4EF6CD52F37CD2EDDFBEA484E70D6CDE9048
517:d=1  hl=2 l=  13 cons: SEQUENCE          
519:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
530:d=2  hl=2 l=   0 prim: NULL              
532:d=1  hl=3 l= 129 prim: BIT STRING        

其他程序似乎也能正常工作; openssl x509 提供此输出:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf3a72c271f661dae81647a16c1babf3a52da28e
        Validity
            Not Before: Aug 28 21:31:03 2017 GMT
            Not After : Aug 26 21:31:03 2027 GMT
        Subject: CN=bf3a72c271f661dae81647a16c1babf3a52da28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c5:d4:35:49:4d:bd:ee:9a:93:51:a4:e1:46:df:
                    46:c0:1e:f6:b1:85:70:4d:31:2b:20:6f:ab:82:16:
                    b4:9d:3e:ea:f3:38:53:e2:7b:be:36:37:f3:11:7f:
                    90:5d:aa:ad:e7:e8:61:3c:46:8d:7a:69:4d:c6:89:
                    e2:f7:07:d9:3f:b0:5d:f7:ee:40:e5:86:48:7b:4c:
                    0e:0f:11:0c:96:41:e6:99:02:17:df:4e:60:3d:d0:
                    42:b5:dc:22:e0:64:6d:ad:17:22:b7:a2:15:ec:dd:
                    89:c2:b4:58:01:64:d7:db:fe:62:1e:c5:40:0c:e0:
                    b9:12:7e:fe:4c:31:65:e6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            id-aca-group: 
                ...bf3a72c271f661dae81647a16c1babf3a52da28e.experiment_create <- bf3a72c271f661dae81647a16c1babf3a52da28e.partner.experiment_create
            X509v3 Authority Key Identifier: 
                keyid:16:2E:4E:F6:CD:52:F3:7C:D2:ED:DF:BE:A4:84:E7:0D:6C:DE:90:48

    Signature Algorithm: sha256WithRSAEncryption
         1e:0f:2a:7a:cf:95:77:0f:5c:48:f3:12:c4:b9:8a:5a:d9:b9:
         62:1c:60:0c:a0:13:70:f3:c5:aa:de:6d:6f:92:7f:0d:a2:3b:
         c9:bd:cc:45:6c:4b:21:8d:32:81:8b:af:13:6e:a3:96:18:05:
         3b:83:fb:8c:3b:2a:d8:87:22:56:9e:4b:1d:06:e6:7f:ba:36:
         89:e8:c6:8a:5a:9e:2c:9b:44:5e:19:fe:68:13:12:93:48:df:
         f9:34:42:01:d5:62:c1:ca:e4:e2:3b:86:b7:4c:75:ba:60:5b:
         c9:f7:68:9a:b0:b5:1c:33:01:5e:77:c0:7c:13:11:e1:09:67:
         42:dd

基于这些,我找不到证书有任何明显的错误。我能找到的唯一线索是 ASN1InputStream.java 的 Bouncycastle 源代码块,它抛出了我发现的异常:

// Build an object given its tag and the number of bytes to construct it from.
    protected ASN1Primitive buildObject(
        int       tag,
        int       tagNo,
        int       length)
        throws IOException
    {
        ...
        if (isConstructed)
        {
            // TODO There are other tags that may be constructed (e.g. BIT_STRING)
            switch (tagNo)
            {
                case OCTET_STRING:
                    //
                    // yes, people actually do this...
                    //
                    ASN1EncodableVector v = buildDEREncodableVector(defIn);
                    ASN1OctetString[] strings = new ASN1OctetString[v.size()];

                    for (int i = 0; i != strings.length; i++)
                    {
                        strings[i] = (ASN1OctetString)v.get(i);
                    }

                    return new BEROctetString(strings);
                case SEQUENCE:
                    if (lazyEvaluate)
                    {
                        return new LazyEncodedSequence(defIn.toByteArray());
                    }
                    else
                    {
                        return DERFactory.createSequence(buildDEREncodableVector(defIn));   
                    }
                case SET:
                    return DERFactory.createSet(buildDEREncodableVector(defIn));
                case EXTERNAL:
                    return new DERExternal(buildDEREncodableVector(defIn));                
                default:
                    throw new IOException("unknown tag " + tagNo + " encountered");
            }
        }

        return createPrimitiveDERObject(tagNo, defIn, tmpBuffers);
    }

似乎支持这些 "other tags that may be constructed,",包括标记 28,尚未编码,但我不确定我的证书在哪里损坏或如何修复标记。

谁能指出我正确的方向?谢谢。

您的证书不是有效的属性证书,它是一个(接近有效的)public密钥证书,尽管它包含一个用于使用的扩展 OID具有不符合标准定义的内容结构的属性证书(在 rfc3281/5755 中定义)。 openssl x509 仅处理 public-密钥证书; OpenSSL 根本不支持属性证书(除非您使用低级 asn1 例程并自己实现所有内容)。 BC 两者都支持,但实际上几乎没有人使用属性证书。

public-密钥和属性证书的外包装是旧的 SIGNED 宏,因此该级别解析成功。第一个字段实际上是错误的——AttributeCertificateInfo 应该以包含 1(而不是 2)的 version INTEGER 开头,而你的实际 TBSCertificate 以包含 2 的有效 version [context0] EXPLICIT INTEGER 开头——但 BC 没有捕捉到这一点,因为根据v1 版本中的 source 是可选的和默认的。然后它会尝试解析 Holder ,这应该是几个标记的 OPTIONAL 项目的 SEQUENCE,实际上是标记的 INTEGER 版本;我不确定在检测到此错误之前它是如何设法解析 Holder.IssuerSerial 的。我不知道它在哪里或如何找到标签 28。

可能不是你的情况,但我在解析 OCSP 响应时遇到了类似的错误:

java.io.IOException: unknown tag 28 encountered
    at org.bouncycastle.asn1.ASN1InputStream.buildObject(Unknown Source)
    at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Source)
    at org.bouncycastle.cert.ocsp.OCSPResp.<init>(Unknown Source)
    ...

在我获取 OCSP 响应的请求中缺少值为 application/ocsp-request 的 header Content-Type,因此我从 Bouncy Castle[=23= 获取了无效数据]观点

您应该检查 InputStream/ASN1InputStream/ASN1Sequence 您正在尝试消费。