如何知道哪个 X509 证书签署了另一个证书 (Java) [英] How to know which X509 Certificate Signed another Certificate (Java)

问题描述

在我的示例中有三个证书，假设它们形成一个链，但我还不知道它们中的哪个签署了哪个:

There are three certificates in my example, assume they form a chain but i don't know yet which of them signed which:

X509Certificate c1 = ....
X509Certificate c2 = ....
X509Certificate c2 = ....

我想知道哪个证书负责签署另一个证书.

I would like to know which certificate is responsible for signing the other certificate.

计划是获取AuthorityKeyIdentifier"并将其与SubjectKeyIdentifier".

The plan was to get the "AuthorityKeyIdentifier" and match it with the "SubjectKeyIdentifier".

import org.bouncycastle.asn1. DEROctetString;

private static String decodeKey(byte[] e) {
    DEROctetString octet = new DEROctetString(e);
    return octet.toString();
}

String subjectKeyId = decodeKey(c.getExtensionValue("2.5.29.14"));
String authorityKeyId = decodeKey(c.getExtensionValue("2.5.29.35"));

我得到以下证书(按链的顺序):主题/权威密钥 ID 对

Im getting the following for the certificates (in order of the chain): subject/authority key ID pair

解码后的SubjectKeyIdentifier和AuthorityKeyIdentifier的值:

Values of the SubjectKeyIdentifier and AuthorityKeyIdentifier after Decoding:

证书 1:(链的末端)

Certificate 1: (end of the chain)

#0416041482b7384a93aa9b10ef80bbd954e2f10ffb809cde
#04183016801482b7384a93aa9b10ef80bbd954e2f10ffb809cde

证书 2:由证书 1 签名

Certificate 2: Signed by Certificate 1

#04160414ab8059c365836d1d7d13bd19c3ec1a8f0d476aa3
#04183016801482b7384a93aa9b10ef80bbd954e2f10ffb809cde

证书 3:由证书 2 签名

Certificate 3: Signed by Certificate 2

(no SubjectKeyIdentifier - null bytes)
#041830168014ab8059c365836d1d7d13bd19c3ec1a8f0d476aa3

格式化和对齐以便于阅读(与顶部相同)

Formatted and Aligned for Easy Reading (Same thing as the one on top)

------------------------------------------------------------------------------
       01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
------------------------------------------------------------------------------
Certificate 1
#04 16 04 14       82 b7 38 4a 93 aa 9b 10 ef 80 bb d9 54 e2 f1 0f fb 80 9c de
#04 18 30 16 80 14 82 b7 38 4a 93 aa 9b 10 ef 80 bb d9 54 e2 f1 0f fb 80 9c de

Certificate 2
#04 16 04 14       ab 80 59 c3 65 83 6d 1d 7d 13 bd 19 c3 ec 1a 8f 0d 47 6a a3
#04 18 30 16 80 14 82 b7 38 4a 93 aa 9b 10 ef 80 bb d9 54 e2 f1 0f fb 80 9c de

Certificate 3
=== == == == == == == == == == == NO DATA  == == == == == == == == == == == ==
#04 18 30 16 80 14 ab 80 59 c3 65 83 6d 1d 7d 13 bd 19 c3 ec 1a 8f 0d 47 6a a3

我期望 c3 的 AuthorityKeyIdentifier 等同于 c2 的 SubjectKeyIdentifier.这里似乎不是这样.

I was expecting c3's AuthorityKeyIdentifier to be equivalent to c2's SubjectKeyIdentifier. that does not seem to be the case here.

结果的某些部分似乎匹配，我对SubjectKeyIdentifier"有一些想法 - 它总是以#04"开头，后跟内容的长度(以十六进制表示).我现在对如何解码SubjectKeyIdentifier"有了一定的想法，但是AuthorityKeyIdentifier"对我来说仍然是一个很大的谜.

some parts of the result seem to match, I have some idea on the "SubjectKeyIdentifier" - it always starts with '#04' followed by the length of the contents (in hex). I now have a certain idea on how to decode the "SubjectKeyIdentifier", but the "AuthorityKeyIdentifier" is still a big mystery to me.

相关SO 帖子

我解码有什么问题吗?为什么 AuthorityKeyIdentifier 与签署它的证书的 SubjectKeyIdentifier 不正确匹配?

Did i do anything wrong with the decoding? Why are the AuthorityKeyIdentifier not matching correctly against the SubjectKeyIdentifier of the certificate that signed it?

推荐答案

如果您查看 RFC5280 中 SKI 和 AKI 的 ASN.1 定义(按照您问题中的链接)，差异就很明显了:

If you take a look at the ASN.1 definition of SKI and AKI in RFC5280 (following the links in your question) the difference becomes obvious:

SubjectKeyIdentifier ::= KeyIdentifier

AuthorityKeyIdentifier ::= SEQUENCE {
  keyIdentifier             [0] KeyIdentifier           OPTIONAL,
  authorityCertIssuer       [1] GeneralNames            OPTIONAL,
  authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }

KeyIdentifier ::= OCTET STRING

因此，AKI 不是 OCTET STRING，而是三个可选元素的 SEQUENCE.这些元素之一是可以与 SKI 进行比较的八位字节字符串.

So, the AKI is not an OCTET STRING, but a SEQUENCE of three optional elements. One of these elements is the octet string that can be compared to an SKI.

区别编码规则 (DER) 确定这些 ASN.1 结构的字节表示.AKI 扩展的各个字节具有以下含义(参见 A Layman's Guide to a Subset ofASN.1、BER 和 DER):

The Distinguished Encoding Rules (DER) determine the byte representation of these ASN.1 structures. The individual bytes of an AKI extension have the following meaning (see A Layman's Guide to a Subset of ASN.1, BER, and DER):

04 18 30 16 80 14 82 b7 38 4a 93 aa 9b 10 ef 80 bb d9 54 e2 f1 0f fb 80 9c de

04 OCTET STRING
18 LENGTH
30 SEQUENCE
16 LENGTH
80 CONTEXT-SPECIFIC PRIMITIVE TAG 0
14 LENGTH
.. DATA

前两个字节 (04 18) 是扩展结构的一部分(如相关问题中所述为什么我的密钥标识符不匹配?)，实际的 AKI 扩展内容从30 16"开始.

The first two bytes (04 18) are part of the Extension structure (as explained in the related question Why doesn't my key identifier match?), the actual AKI extension content starts at "30 16".

用于解码 AKI 的 Java 代码应如下所示(使用 Bouncy Castle):

Your Java code for decoding the AKI should look like this (using Bouncy Castle):

byte[] extensionValue = cert.getExtensionValue("2.5.29.35");
byte[] octets = DEROctetString.getInstance(extensionValue).getOctets();
AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(octets);
byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
String keyIdentifierHex = new String(Hex.encode(keyIdentifier));

用于解码 SKI:

extensionValue = cert.getExtensionValue("2.5.29.14");
octets = DEROctetString.getInstance(extensionValue).getOctets();
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(octets);
keyIdentifier = subjectKeyIdentifier.getKeyIdentifier();
keyIdentifierHex = new String(Hex.encode(keyIdentifier));

此外，这两个扩展都是可选的.如果您的代码应该使用任意证书，则需要回退机制(例如验证签名).

Also, both extensions are optional. If your code should work with arbitrary certificates, then a fallback mechanism is necessary (like verifying the signatures).

这篇关于如何知道哪个 X509 证书签署了另一个证书 (Java)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！