14.2. 使用方法および出力
CMCResponse の目的は、CMC 応答を解析することです。12章CMCRequest (CMC 要求の作成) で説明されているように、CMC 要求が生成され、CMC 形式で応答を返す CMC プロファイルに送信されます。一般的なユースケースの 1 つとして、HttpClient などのツールを使用してリクエストを送信し、応答を取得します。その応答は CMCResponse に送信され、解析されます。
最初のステップでは、HttpClient がリクエストを送信するために使用する
.cfg ファイルを作成します。
#host: host name for the http server host=server.example.com #port: port number port=9444 #secure: true for secure connection, false for nonsecure connection secure=true #input: full path for the enrollment request, the content must be in binary format input=/tmp/cfu/cmcReq.myCMC #output: full path for the response in binary format output=/tmp/cfu/cmcResponse.myCMC #dbdir: directory for cert8.db, key3.db and secmod.db #This parameter will be ignored if secure=false dbdir=/tmp/cfu #clientmode: true for client authentication, false for no client authentication #This parameter will be ignored if secure=false clientmode=false #password: password for cert8.db #This parameter will be ignored if secure=false and clientauth=false password=netscape #nickname: nickname for client certificate #This parameter will be ignored if clientmode=false nickname= #servlet: servlet name servlet=/ca/ee/ca/profileSubmitCMCFull
その設定ファイルは HttpClient に渡され、バイナリー CMC 応答を受け取ります。
# HttpClient HttpClient.cfg Total number of bytes read = 2667 handshake happened Total number of bytes read = 2287 MIII6wYJKoZIhvcNAQcCoIII3DCCCNgCAQMxDjAMBghghkgBZQMEAQUAMDUGCCsG AQUFBwwDoCkEJzAlMB8wHQIBAQYIKwYBBQUHBwExDjAMAgEAMAcCBQD4M0pfMAAw AKCCBrowggLsMIIB1KADAgECAgEaMA0GCSqGSIb3DQEBCwUAMFExHjAcBgNVBAoT FVNqY1JlZGhhdCBEb21haW4gMDEyNDEPMA0GA1UECxMGcGtpLWNhMR4wHAYDVQQD ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwMzA4MTY0MTMwWhcNMTEwOTA0 MTY0MTMwWjAMMQowCAYDVQQDEwF4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDhZcSEFI3vYqNWHsHIH/BDrcVHLuHNuifuSE0fgyirNAwI7IwVReB/I2b1NWSy qh2+9PYIFeScVjXvh7p9GU7GmLL4p+Tdpx3YD1JVrumbn6W2uGvMf8UgNx8OxFgk uKy3Z9ohd30xoTi/hEKoDKxUXN6BY93UPwKLQ7Fpo9RDvQIDAQABo4GXMIGUMB8G A1UdIwQYMBaAFNdAZbpGItJ9Yx6gyL8LrfwNKnR7MEIGCCsGAQUFBwEBBDYwNDAy BggrBgEFBQcwAYYmaHR0cDovL3Bhdy5zamMucmVkaGF0LmNvbTo5MTgwL2NhL29j c3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD BDANBgkqhkiG9w0BAQsFAAOCAQEAQxdBWvoc5/0SKUGdWvhs4NPqU1cX4fjjUW8t famLXyk37K7PZM/f4wIso37OuQUQO/tuGR0+8EoBD8NfFJwGcMLb1XIfR/2n/Ndq TmT6qRnuCST4ucQBEtE8rYkFYZQ5Z22N8QPBjiNvoO5qs8X9xMzmbJrjSyNwGJHl UBDLhyqgVLzdl80UycoFQPPp8vi4/+2/e1+FFRUjtGgNE1Yc5DdrTeST3h5nA/uS htQRHj8fzSjE/07zEyMFc/IAmCV3xWkiQK2uHJBrYBKFYVEZ7YJQ6sO/q/lUdv3H 5x6YqEWMqqEJhxru6PRhHKU8WeECu+Z5O+wfIa7BOCjz+AVvLDCCA8YwggKuoAMC AQICAQEwDQYJKoZIhvcNAQELBQAwUTEeMBwGA1UEChMVU2pjUmVkaGF0IERvbWFp biAwMTI0MQ8wDQYDVQQLEwZwa2ktY2ExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1 dGhvcml0eTAeFw0xMTAxMjQyMzU2MTJaFw0xOTAxMjQyMzU2MTJaMFExHjAcBgNV BAoTFVNqY1JlZGhhdCBEb21haW4gMDEyNDEPMA0GA1UECxMGcGtpLWNhMR4wHAYD VQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDZUWf2/BRZ//BYFV14OLHErs04Getf7qYnts7dJ/4WNnjEWIdd rZaHF5OuFmBERLygBSxfKWDH6Gc5XcpafbxFgoRFnfDqjjOqXCkacZ6YTUjrE5QB YfkGw6577rAoOt4na+Fi4hD/dnV2RKSLNZtGwl5yjhdlYqNAl+1TPF9oh0FSjqCE M6L7JSnPsbf+afx8vbxQxfi8n+XQZ090bHLf0/mdaTZx3kuW579vKMV0XUp56zzx BFQ6to4/pNYY3uG9WiFbhMhoHClq5Z8mV0nouJ2NFg5hL/y4KMeqPkMlRJizMnVo /BuXdF63kGWJHvfl0ujhTWofHxVS1vhgnqrZAgMBAAGjgagwgaUwHwYDVR0jBBgw FoAU10BlukYi0n1jHqDIvwut/A0qdHswDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B Af8EBAMCAcYwHQYDVR0OBBYEFNdAZbpGItJ9Yx6gyL8LrfwNKnR7MEIGCCsGAQUF BwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3Bhdy5zamMucmVkaGF0LmNvbTo5 MTgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBABHxGsnTSMxDunFBJ8PUN2i3 +VHEUPyvsIIH77QTd95qEA+mejJjhokIf7Nm4MA7WIKAp8IZC5aUIIGWdkf0OG+y 1ebcxwdfr+NC2bAuG0OgT5FCF+YM6AmTSYjZTOAXPrYPdjFiGCo+cx6+soIYiQE6 /O7wWFMXlDkx+3eYvV+kyArH/ABG+dFjBT2qFvRnLU8HpVWJYIOenRQt8GPNW3RA a9EiA5dZVve1rqD1PiYdTgNAADXGJToeY/X8jpbKnHVF4T0FLE6tjrttI6Tq4dAM Ogh6UN0uK2CUoOzBGyN5UBTmqQHzqq5dXt5H4KIKCCBEJoTjq46VJ0HPvQu5f4Ax ggHMMIIByAIBAzBWMFExHjAcBgNVBAoTFVNqY1JlZGhhdCBEb21haW4gMDEyNDEP MA0GA1UECxMGcGtpLWNhMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkC AQEwDAYIYIZIAWUDBAEFAKBKMBcGCSqGSIb3DQEJAzEKBggrBgEFBQcMAzAvBgkq hkiG9w0BCQQxIgQgXUsQ5rl+G2aiKpAp68LLdF7uOcPDOYbWlacKxpwKfZIwDQYJ KoZIhvcNAQEBBQAEggEAa4fQfye0ogzxpFYZd98JNZlTuWeluDBv+HwZeIaRWYn4 /YlbZyn98gBaX5V1NNXsmRO1D8iKa7O+4XORweFnEdzqLDQCzN/TFsnKqT8dYHQT iY4kd2msBOqYa+x3ZKZoEGvRlPMCRXBMTKfSmq963NT7hCZyLA2jmATs4eYrNyQp xHPzxrUy0Ftj/NJKNb6g3JtSinUp9RkNMArAyg0ORFCcRbCRQNmxYIFkTyE7/yVY uaRyE7XIPoBqdo5BWgsQlD7GxK0PeSzTBoqmygLu7gZZfx7pghV4YrXIiYtgMafA GQwiK2Jj1zs/eRR3MN3TvhSYTzavNxq7MXGQVavLQQ== The response in binary format is stored in /tmp/jsmith/cmcResponse.myCMC
HttpClient 応答の最後の部分は、CMC 応答ファイルがどこにあるかを示し、そのファイルは CMCResponse で使用できます。CMCResponse がファイルを解析すると、応答の pretty-print バージョンが表示されます。
# CMCResponse -d . -i cmcResponse.myCMC
Certificates:
Certificate:
Data:
Version: v3
Serial Number: 0x1A
Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Issuer: CN=Certificate Authority,OU=pki-ca,O=SjcRedhat Domain 0124
Validity:
Not Before: Tuesday, March 8, 2011 8:41:30 AM PST America/Los_Angeles
Not After: Sunday, September 4, 2011 9:41:30 AM PDT America/Los_Angeles
Subject: CN=x
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (1024 bits) :
E1:65:C4:84:14:8D:EF:62:A3:56:1E:C1:C8:1F:F0:43:
AD:C5:47:2E:E1:CD:BA:27:EE:48:4D:1F:83:28:AB:34:
0C:08:EC:8C:15:45:E0:7F:23:66:F5:35:64:B2:AA:1D:
BE:F4:F6:08:15:E4:9C:56:35:EF:87:BA:7D:19:4E:C6:
98:B2:F8:A7:E4:DD:A7:1D:D8:0F:52:55:AE:E9:9B:9F:
A5:B6:B8:6B:CC:7F:C5:20:37:1F:0E:C4:58:24:B8:AC:
B7:67:DA:21:77:7D:31:A1:38:BF:84:42:A8:0C:AC:54:
5C:DE:81:63:DD:D4:3F:02:8B:43:B1:69:A3:D4:43:BD
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
D7:40:65:BA:46:22:D2:7D:63:1E:A0:C8:BF:0B:AD:FC:
0D:2A:74:7B
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:34:30:32:06:08:2B:06:01:05:05:07:30:01:86:26:
68:74:74:70:3A:2F:2F:70:61:77:2E:73:6A:63:2E:72:
65:64:68:61:74:2E:63:6F:6D:3A:39:31:38:30:2F:63:
61:2F:6F:63:73:70
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.4
Signature:
Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Signature:
43:17:41:5A:FA:1C:E7:FD:12:29:41:9D:5A:F8:6C:E0:
D3:EA:53:57:17:E1:F8:E3:51:6F:2D:7D:A9:8B:5F:29:
37:EC:AE:CF:64:CF:DF:E3:02:2C:A3:7E:CE:B9:05:10:
3B:FB:6E:19:1D:3E:F0:4A:01:0F:C3:5F:14:9C:06:70:
C2:DB:D5:72:1F:47:FD:A7:FC:D7:6A:4E:64:FA:A9:19:
EE:09:24:F8:B9:C4:01:12:D1:3C:AD:89:05:61:94:39:
67:6D:8D:F1:03:C1:8E:23:6F:A0:EE:6A:B3:C5:FD:C4:
CC:E6:6C:9A:E3:4B:23:70:18:91:E5:50:10:CB:87:2A:
A0:54:BC:DD:97:CD:14:C9:CA:05:40:F3:E9:F2:F8:B8:
FF:ED:BF:7B:5F:85:15:15:23:B4:68:0D:13:56:1C:E4:
37:6B:4D:E4:93:DE:1E:67:03:FB:92:86:D4:11:1E:3F:
1F:CD:28:C4:FF:4E:F3:13:23:05:73:F2:00:98:25:77:
C5:69:22:40:AD:AE:1C:90:6B:60:12:85:61:51:19:ED:
82:50:EA:C3:BF:AB:F9:54:76:FD:C7:E7:1E:98:A8:45:
8C:AA:A1:09:87:1A:EE:E8:F4:61:1C:A5:3C:59:E1:02:
BB:E6:79:3B:EC:1F:21:AE:C1:38:28:F3:F8:05:6F:2C
FingerPrint
Certificate:
Data:
Version: v3
Serial Number: 0x1
Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Issuer: CN=Certificate Authority,OU=pki-ca,O=SjcRedhat Domain 0124
Validity:
Not Before: Monday, January 24, 2011 3:56:12 PM PST America/Los_Angeles
Not After: Thursday, January 24, 2019 3:56:12 PM PST America/Los_Angeles
Subject: CN=Certificate Authority,OU=pki-ca,O=SjcRedhat Domain 0124
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (2048 bits) :
D9:51:67:F6:FC:14:59:FF:F0:58:15:5D:78:38:B1:C4:
AE:CD:38:19:EB:5F:EE:A6:27:B6:CE:DD:27:FE:16:36:
78:C4:58:87:5D:AD:96:87:17:93:AE:16:60:44:44:BC:
A0:05:2C:5F:29:60:C7:E8:67:39:5D:CA:5A:7D:BC:45:
82:84:45:9D:F0:EA:8E:33:AA:5C:29:1A:71:9E:98:4D:
48:EB:13:94:01:61:F9:06:C3:AE:7B:EE:B0:28:3A:DE:
27:6B:E1:62:E2:10:FF:76:75:76:44:A4:8B:35:9B:46:
C2:5E:72:8E:17:65:62:A3:40:97:ED:53:3C:5F:68:87:
41:52:8E:A0:84:33:A2:FB:25:29:CF:B1:B7:FE:69:FC:
7C:BD:BC:50:C5:F8:BC:9F:E5:D0:67:4F:74:6C:72:DF:
D3:F9:9D:69:36:71:DE:4B:96:E7:BF:6F:28:C5:74:5D:
4A:79:EB:3C:F1:04:54:3A:B6:8E:3F:A4:D6:18:DE:E1:
BD:5A:21:5B:84:C8:68:1C:29:6A:E5:9F:26:57:49:E8:
B8:9D:8D:16:0E:61:2F:FC:B8:28:C7:AA:3E:43:25:44:
98:B3:32:75:68:FC:1B:97:74:5E:B7:90:65:89:1E:F7:
E5:D2:E8:E1:4D:6A:1F:1F:15:52:D6:F8:60:9E:AA:D9
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
D7:40:65:BA:46:22:D2:7D:63:1E:A0:C8:BF:0B:AD:FC:
0D:2A:74:7B
Identifier: Basic Constraints - 2.5.29.19
Critical: yes
Is CA: yes
Path Length Constraint: UNLIMITED
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key CertSign
Crl Sign
Identifier: Subject Key Identifier - 2.5.29.14
Critical: no
Key Identifier:
D7:40:65:BA:46:22:D2:7D:63:1E:A0:C8:BF:0B:AD:FC:
0D:2A:74:7B
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:34:30:32:06:08:2B:06:01:05:05:07:30:01:86:26:
68:74:74:70:3A:2F:2F:70:61:77:2E:73:6A:63:2E:72:
65:64:68:61:74:2E:63:6F:6D:3A:39:31:38:30:2F:63:
61:2F:6F:63:73:70
Signature:
Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
Signature:
11:F1:1A:C9:D3:48:CC:43:BA:71:41:27:C3:D4:37:68:
B7:F9:51:C4:50:FC:AF:B0:82:07:EF:B4:13:77:DE:6A:
10:0F:A6:7A:32:63:86:89:08:7F:B3:66:E0:C0:3B:58:
82:80:A7:C2:19:0B:96:94:20:81:96:76:47:F4:38:6F:
B2:D5:E6:DC:C7:07:5F:AF:E3:42:D9:B0:2E:1B:43:A0:
4F:91:42:17:E6:0C:E8:09:93:49:88:D9:4C:E0:17:3E:
B6:0F:76:31:62:18:2A:3E:73:1E:BE:B2:82:18:89:01:
3A:FC:EE:F0:58:53:17:94:39:31:FB:77:98:BD:5F:A4:
C8:0A:C7:FC:00:46:F9:D1:63:05:3D:AA:16:F4:67:2D:
4F:07:A5:55:89:60:83:9E:9D:14:2D:F0:63:CD:5B:74:
40:6B:D1:22:03:97:59:56:F7:B5:AE:A0:F5:3E:26:1D:
4E:03:40:00:35:C6:25:3A:1E:63:F5:FC:8E:96:CA:9C:
75:45:E1:3D:05:2C:4E:AD:8E:BB:6D:23:A4:EA:E1:D0:
0C:3A:08:7A:50:DD:2E:2B:60:94:A0:EC:C1:1B:23:79:
50:14:E6:A9:01:F3:AA:AE:5D:5E:DE:47:E0:A2:0A:08:
20:44:26:84:E3:AB:8E:95:27:41:CF:BD:0B:B9:7F:80
FingerPrint
Number of controls is 1
Control #0: CMCStatusInfo
OID: {1 3 6 1 5 5 7 7 1}
BodyList: 4164110943
Status: SUCCESS