top page > computer > haskell > coding > pkcs7 > rfc5280
更新日:
文責: 重城良国

RFC 5280

(工事中)

4.1. Basic Certificate Fields

RFC 5280 4.1.(工事中)参照。

data Certificate = Certificate {
	tbsCertificate :: TBSCertificate,
	signatureAlgorithm :: AlgorithmIdentifier,
	signatureValue :: BitString
	} deriving Show
data TBSCertificate = ...

rfc5280_4_1.hs

4.1.1. Certificate Fields

RFC 5280 4.1.1参照。

4.1.1.2 signatureAlgorithm

Asn1Container.hs, rfc5280_4_1_1_2.hs

前提知識

AlgorithmIdentifier ::= SEQUENCE {
	algorithm		OBJECT IDENTIFIER,
	parameters		ANY DEFINED BY algorithm OPTIONAL }

RFC 3279, 4055, 4491, 5480, 5758参照。

とりあえずRFC 3279の範囲内で値を作成することにする。以下の値がある。

3つのRSAアルゴリズムはパラメータ部がNULL型となり、それ以外の2つはパラメータ部を省略する。

型の定義

data AlgorithmIdentifier = AlgorithmIdentifier HashId CryptoId
	deriving Show
data HashId = Md2 | Md5 | Sha1 deriving Show
data CryptoId = Rsa | Dsa | Ecdsa deriving Show

AlgorithmIdentifier型からAsn1Containerへのマッピング関数

algIdToAsn1c :: AlgorithmIdentifier -> Maybe Asn1Container
algIdToAsn1c (AlgorithmIdentifier Md2 Rsa) = Just $
	CntSequence [CntAtom $ OID [1, 2, 840, 113549, 1, 1, 2], CntAtom Null]
algIdToAsn1c (AlgorithmIdentifier Md5 Rsa) = Just $
	CntSequence [CntAtom $ OID [1, 2, 840, 113549, 1, 1, 4], CntAtom Null]
algIdToAsn1c (AlgorithmIdentifier Sha1 Rsa) = Just $
	CntSequence [CntAtom $ OID [1, 2, 840, 113549, 1, 1, 5], CntAtom Null]
algIdToAsn1c (AlgorithmIdentifier Sha1 Dsa) = Just $
	CntSequence [CntAtom $ OID [1, 2, 840, 10040, 4, 3]]
algIdToAsn1c (AlgorithmIdentifier Sha1 Ecdsa) = Just $
	CntSequence [CntAtom $ OID [1, 2, 840, 10045, 4, 1]]
algIdToAsn1c _ = Nothing

Asn1ContainerからAlgorithmIdentifier型へのマッピング

asn1cToAlgId :: Asn1Container -> Maybe AlgorithmIdentifier
asn1cToAlgId (CntSequence
	[CntAtom (OID [1, 2, 840, 113549, 1, 1, 2]), CntAtom Null]) =
	Just $ AlgorithmIdentifier Md2 Rsa
asn1cToAlgId (CntSequence
	[CntAtom (OID [1, 2, 840, 113549, 1, 1, 4]), CntAtom Null]) =
	Just $ AlgorithmIdentifier Md5 Rsa
asn1cToAlgId (CntSequence
	[CntAtom (OID [1, 2, 840, 113549, 1, 1, 5]), CntAtom Null]) =
	Just $ AlgorithmIdentifier Sha1 Rsa
asn1cToAlgId (CntSequence
	[CntAtom (OID [1, 2, 840, 10040, 4, 3])]) =
	Just $ AlgorithmIdentifier Sha1 Dsa
asn1cToAlgId (CntSequence
	[CntAtom (OID [1, 2, 840, 10040, 4, 3])]) =
	Just $ AlgorithmIdentifier Sha1 Ecdsa
asn1cToAlgId _ = Nothing

4.1.1.3 signatureValue

署名つきデータ

data Signed = {
	signedObject :: ByteString,
	signatureAlgorithm :: AlgorithmIdentifier,
	signatureValue :: SignatureValue }
data SignatureValue
	= RsaSignature Integer
	| DsaSignature {
		dsaSignatureR :: Integer,
		dsaSignatureS :: Integer }

署名の検証

validate :: SignatureValue -> Bool
validate sd = digest (signatureAlgorithm sd) (signedObject sd) ==
	encrypt (signatureAlgorithm sd) (signatureValue sd)

(作成中)

4.1.2 TBSCertificate

(作成中)

正当なCSSです! HTML5 Powered with CSS3 / styling, and Semantics