ohaya wrote:
>
> Hi,
>
> My apologies for this post, but I've just had very little luck in
> getting information on working with Netscape Certificate Management
> System (CMS), and I gather that a number of people that might be
> familiar with it are here.
>
> I'm working on a project where we need to retrieve/pull some information
> from the CMS' "internal databases" (which are LDAP directories). To
> this end, I've installed CMS 6.2 (on a Linux machine), and so far, I can
> pull some of what I need from the directory. In particular, the
> information that I really need is in the userCertificate attribute in
> the ou=certificateRepository subtree, and in the requestAttributes in
> the ou=ca subtree.
>
> Actually, working with the userCertificate attribute is not so much of a
> problem, as that looks like a base64 encoding of the issued
> certificates, but working with the requestAttributes attribute has been
> problematic. It's also a base64 encoding of some kind of binary blob.
> It looks like it has the original certificate request (base64-encoded)
> embedded in it, but I haven't been able to determine how to "parse" the
> overall blob to extract the "fields" within the blob (e.g.,
> request_name, etc.).
> I've been looking at the CMS SDK for some hints, but frankly, I'm a bit
> lost :(.
>
> Again, my apologies if this post is off-topic. I've been looking into
> this for awhile, so if anyone can help, I'd very much appreciate it!!
>
> Jim
Hi,
FYI, here's a portion a dump of one of the requestAttributes that I
pulled from the CMS directory. This was for a server certificate
request. This kind of looks like a file created by serializing a Java
object ("req_issued_cert")?
00000000 AC ED 00 05 74 00 0F 72-65 71 5F 69 73 73 75 65
....t..req_issue
00000010 64 5F 63 65 72 74 75 72-00 02 5B 42 AC F3 17 F8
d_certur..[B....
00000020 06 08 54 E0 02 00 00 78-70 00 00 03 08 AC ED 00
..T....xp.......
00000030 05 73 72 00 33 6E 65 74-73 63 61 70 65 2E 73 65
.sr.3netscape.se
00000040 63 75 72 69 74 79 2E 78-35 30 39 2E 58 35 30 39
curity.x509.X509
00000050 43 65 72 74 49 6D 70 6C-24 43 65 72 74 69 66 69
CertImpl$Certifi
00000060 63 61 74 65 52 65 70 31-B7 B9 E3 43 D3 33 68 27
cateRep1...C.3h'
00000070 02 00 02 5B 00 05 64 61-74 61 31 74 00 02 5B 42
...[..data1t..[B
00000080 4C 00 05 74 79 70 65 31-74 00 12 4C 6A 61 76 61
L..type1t..Ljava
00000090 2F 6C 61 6E 67 2F 53 74-72 69 6E 67 3B 78 70 75
/lang/String;xpu
000000A0 72 00 02 5B 42 AC F3 17-F8 06 08 54 E0 02 00 00
r..[B......T....
000000B0 78 70 00 00 02 77 30 82-02 73 30 82 01 DC A0 03
xp...w0..s0.....
000000C0 02 01 02 02 01 0A 30 0D-06 09 2A 86 48 86 F7 0D
......0...*.H...
000000D0 01 01 05 05 00 30 6D 31-0B 30 09 06 03 55 04 06
.....0m1.0...U..
000000E0 13 02 55 53 31 0B 30 09-06 03 55 04 08 13 02 56
..US1.0...U....V
000000F0 41 31 0F 30 0D 06 03 55-04 07 13 06 4F 61 6B 74
A1.0...U....Oakt
00000100 6F 6E 31 0E 30 0C 06 03-55 04 0A 13 05 4A 69 6D
on1.0...U....Jim
00000110 43 6F 31 12 30 10 06 03-55 04 0B 13 09 54 65 73
Co1.0...U....Tes
00000120 74 20 44 65 70 74 31 1C-30 1A 06 03 55 04 03 13 t
Dept1.0...U...
00000130 13 43 65 72 74 69 66 69-63 61 74 65 20 4D 61 6E .Certificate
Man
00000140 61 67 65 72 30 1E 17 0D-30 34 30 36 32 39 32 31
ager0...04062921
00000150 35 30 31 37 5A 17 0D 30-34 31 32 32 36 32 31 35
5017Z..041226215
00000160 30 31 37 5A 30 6B 31 17-30 15 06 03 55 04 03 13
017Z0k1.0...U...
00000170 0E 6A 69 6D 6E 65 77 2E-66 6F 6F 2E 63 6F 6D 31
.jimnew.foo.com1
00000180 14 30 12 06 03 55 04 0B-13 0B 54 65 73 74 20 44
.0...U....Test D
00000190 65 70 74 20 33 31 0F 30-0D 06 03 55 04 0A 13 06 ept
31.0...U....
000001A0 4A 69 6D 63 6F 33 31 0F-30 0D 06 03 55 04 07 13
Jimco31.0...U...
000001B0 06 4F 61 6B 74 6F 6E 31-0B 30 09 06 03 55 04 08
.Oakton1.0...U..
000001C0 13 02 56 41 31 0B 30 09-06 03 55 04 06 13 02 55
..VA1.0...U....U
000001D0 53 30 81 9F 30 0D 06 09-2A 86 48 86 F7 0D 01 01
S0..0...*.H.....
000001E0 01 05 00 03 81 8D 00 30-81 89 02 81 81 00 A3 57
.......0.......W
000001F0 31 EA 7F 90 A6 34 81 C9-35 BB 5E 9B 82 6D CD FB
1...4..5.^..m..
00000200 90 DF E7 44 5B AC B7 A8-2B FC 50 B2 CD 48 A2 33
...D[...+.P..H.3
00000210 12 B3 29 C7 0B 80 76 13-F1 F2 87 FD 4E FE 40 5E
..)[EMAIL PROTECTED]
00000220 7A 82 DB 0D AB D2 5A 0F-70 D6 13 D6 51 52 B2 9B
z.....Z.p...QR..
00000230 CF 89 1A 93 5D 33 04 28-6E 72 81 85 23 24 84 8D
....]3.(nr..#$..
00000240 C7 10 FD 93 9B A6 BB 7B-3F 86 E8 2F 30 36 DA 72
.......{?../06.r
00000250 62 27 DA F6 DD B2 F1 0C-95 35 73 B4 01 A7 B6 1F
b'.......5s.....
00000260 26 BC 1C 88 1A DE DB 24-30 7F F6 E9 1C 17 02 03
&......$0......
00000270 01 00 01 A3 25 30 23 30-0E 06 03 55 1D 0F 01 01
....%0#0...U....
00000280 FF 04 04 03 02 04 F0 30-11 06 09 60 86 48 01 86
.......0...`.H..
00000290 F8 42 01 01 04 04 03 02-06 40 30 0D 06 09 2A 86
[EMAIL PROTECTED]
000002A0 48 86 F7 0D 01 01 05 05-00 03 81 81 00 7A 96 D2
H............z..
000002B0 4C DB C6 5A 13 6A C4 8A-4E D2 54 3A E0 5A D4 57
L..Z.j..N.T:.Z.W
000002C0 F0 05 D7 20 6A 05 EA 6D-C3 D7 30 33 E0 2D B7 8F ...
j..m..03.-..
000002D0 FB 35 C8 2F E3 B2 53 47-D0 7A 05 ED F4 AC 4C 2C
.5./..SG.z....L,
000002E0 21 C6 45 DD 83 6D 4D A0-3B C8 81 ED 94 59 EF E4
!.E..mM.;....Y..
000002F0 99 98 51 00 D0 37 14 7B-B0 B3 12 2C CF 1C 94 7E
..Q..7.{...,...~
00000300 FB 27 74 4D 1E 74 CA D7-AB 63 E9 BE F7 5A 6D B1
.'tM.t...c...Zm.
00000310 D2 24 CC 7C C9 AE 36 DD-88 2A DA 50 70 ED 91 A2
.$.|..6..*.Pp...
00000320 63 E9 50 4D FC 24 10 A8-7A DA 4D C3 8C 74 00 05
c.PM.$..z.M..t..
00000330 58 2E 35 30 39 74 00 0C-72 65 71 75 65 73 74 4E
X.509t..requestN
00000340 6F 74 65 73 75 71 00 7E-00 01 00 00 00 28 AC ED
otesuq.~.....(..
00000350 00 05 74 00 21 54 45 53-54 20 53 45 52 56 45 52 ..t.!TEST
SERVER
00000360 20 43 45 52 54 20 46 4F-52 20 52 45 51 55 45 53 CERT FOR
REQUES
00000370 54 20 23 31 30 37 74 00-0B 72 65 71 75 65 73 74 T
#107t..request
00000380 54 79 70 65 75 71 00 7E-00 01 00 00 00 11 AC ED
Typeuq.~........
00000390 00 05 74 00 0A 65 6E 72-6F 6C 6C 6D 65 6E 74 74
..t..enrollmentt
000003A0 00 10 69 73 45 6E 63 72-79 70 74 69 6F 6E 43 65
..isEncryptionCe
000003B0 72 74 75 71 00 7E 00 01-00 00 00 0B AC ED 00 05
rtuq.~..........
000003C0 74 00 04 74 72 75 65 74-00 0C 63 65 72 74 5F 72
t..truet..cert_r
000003D0 65 71 75 65 73 74 75 71-00 7E 00 01 00 00 04 DF
equestuq.~......
000003E0 AC ED 00 05 74 04 D8 2D-2D 2D 2D 2D 42 45 47 49
....t..-----BEGI
000003F0 4E 20 4E 45 57 20 43 45-52 54 49 46 49 43 41 54 N NEW
CERTIFICAT
00000400 45 20 52 45 51 55 45 53-54 2D 2D 2D 2D 2D 0D 0A E
REQUEST-----..
00000410 4D 49 49 44 52 6A 43 43-41 71 38 43 41 51 41 77
MIIDRjCCAq8CAQAw
00000420 61 7A 45 58 4D 42 55 47-41 31 55 45 41 78 4D 4F
azEXMBUGA1UEAxMO
00000430 61 6D 6C 74 62 6D 56 33-4C 6D 5A 76 62 79 35 6A
amltbmV3LmZvby5j
00000440 62 32 30 78 46 44 41 53-42 67 4E 56 42 41 73 54
b20xFDASBgNVBAsT
00000450 0D 0A 43 31 52 6C 63 33-51 67 52 47 56 77 64 43
..C1Rlc3QgRGVwdC
.
snip
.
00000870 0D 0A 4C 67 69 39 74 50-74 38 47 77 6D 30 58 4C
..Lgi9tPt8Gwm0XL
00000880 39 4A 63 45 4E 48 75 72-79 55 6B 6F 74 54 6E 73
9JcENHuryUkotTns
00000890 72 48 6F 51 6B 3D 0D 0A-2D 2D 2D 2D 2D 45 4E 44
rHoQk=..-----END
000008A0 20 4E 45 57 20 43 45 52-54 49 46 49 43 41 54 45 NEW
CERTIFICATE
000008B0 20 52 45 51 55 45 53 54-2D 2D 2D 2D 2D 0D 0A 74
REQUEST-----..t
000008C0 00 07 70 72 6F 66 69 6C-65 75 71 00 7E 00 01 00
..profileuq.~...
000008D0 00 00 0B AC ED 00 05 74-00 04 74 72 75 65 74 00
.......t..truet.
000008E0 11 63 65 72 74 5F 72 65-71 75 65 73 74 5F 74 79
.cert_request_ty
000008F0 70 65 75 71 00 7E 00 01-00 00 00 0D AC ED 00 05
peuq.~..........
00000900 74 00 06 70 6B 63 73 31-30 74 00 0F 72 65 71 75
t..pkcs10t..requ
00000910 65 73 74 6F 72 5F 70 68-6F 6E 65 75 71 00 7E 00
estor_phoneuq.~.
00000920 01 00 00 00 13 AC ED 00-05 74 00 0C 31 30 37 2D
.........t..107-
00000930 31 30 37 2D 31 31 30 37-74 00 0A 72 65 71 5F 6C
107-1107t..req_l
00000940 6F 63 61 6C 65 75 71 00-7E 00 01 00 00 00 80 AC
ocaleuq.~.....�.
00000950 ED 00 05 73 72 00 10 6A-61 76 61 2E 75 74 69 6C
...sr..java.util
00000960 2E 4C 6F 63 61 6C 65 7E-F8 11 60 9C 30 F9 EC 03
.Locale~..`.0...
00000970 00 04 49 00 08 68 61 73-68 63 6F 64 65 4C 00 07
..I..hashcodeL..
00000980 63 6F 75 6E 74 72 79 74-00 12 4C 6A 61 76 61 2F
countryt..Ljava/
00000990 6C 61 6E 67 2F 53 74 72-69 6E 67 3B 4C 00 08 6C
lang/String;L..l
.
snip
.
00001350 4C 6E 65 74 73 63 61 70-65 2F 73 65 63 75 72 69
Lnetscape/securi
00001360 74 79 2F 78 35 30 39 2F-58 35 30 30 4E 61 6D 65
ty/x509/X500Name
00001370 3B 78 70 77 6D 30 6B 31-17 30 15 06 03 55 04 03
;xpwm0k1.0...U..
00001380 13 0E 6A 69 6D 6E 65 77-2E 66 6F 6F 2E 63 6F 6D
..jimnew.foo.com
00001390 31 14 30 12 06 03 55 04-0B 13 0B 54 65 73 74 20
1.0...U....Test
000013A0 44 65 70 74 20 33 31 0F-30 0D 06 03 55 04 0A 13 Dept
31.0...U...
000013B0 06 4A 69 6D 63 6F 33 31-0F 30 0D 06 03 55 04 07
.Jimco31.0...U..
000013C0 13 06 4F 61 6B 74 6F 6E-31 0B 30 09 06 03 55 04
..Oakton1.0...U.
000013D0 08 13 02 56 41 31 0B 30-09 06 03 55 04 06 13 02
...VA1.0...U....
000013E0 55 53 78 74 00 0C 70 72-6F 66 69 6C 65 53 65 74
USxt..profileSet
000013F0 49 64 75 71 00 7E 00 01-00 00 00 0B AC ED 00 05
Iduq.~..........
00001400 74 00 04 73 65 74 31 70-
t..set1p
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
