¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­

´ðËܤ϶ô¤Ã¤Æ¤ë¤«°û¤ó¤Ç¤ë¤«¤Ç¤¹¤¬¡¢¤è¤¯¼ñÌ£¤Ç¥«¥é¥ª¥±¡¦PKI¡¦½ð̾¡¦Ç§¾Ú¡¦¥×¥í¥°¥é¥ß¥ó¥°¡¦¾ðÊ󥻥­¥å¥ê¥Æ¥£¤ò¤ä¤Ã¤Æ¤¤¤Þ¤¹¡£Î¹¹¥¤­¡£¥Æ¥ì¥Ó¹¥¤­¤Ç·ÝǽÄÌ

X.509

(¾®¥Í¥¿) Twitter REST APIÍѤξÚÌÀ½ñ¤ÎÀÚ¤êÂؤ¨

@raysato ¤µ¤ó¤ÎTL¤ò¸«¤Æ¤¤¤¿¤éTwitter¼Ò¤Î¿Í¤Î¥Ö¥í¥°¤ò¾Ò²ð¤·¤Æ¤¤¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤¬¤¢¤ê¤Þ¤·¤¿¡£

REST API SSL certificate updates
https://dev.twitter.com/blog/rest-api-ssl-certificate-updates
Twitter¤ÏAPIÍѤξÚÌÀ½ñ¤òÀÚ¤êÂؤ¨¤ë¤½¤¦¤Ç¤¹¡£

¤Þ¤¸¤«¡¼¡£api.twitter.com¤Î¾ÚÌÀ½ñ¤ò¸«¤Æ¤ß¤ë¤È¡¢ ³Î¤«¤ËÍ­¸ú´ü¸Â¤¬2013ǯ12·î31Æü¤Þ¤Ç¤Ë¤Ê¤Ã¤È¤ë¤Ê¡¼¡£
g2
¤Ç¤âapi.twitter.com¤Î¾ÚÌÀ½ñ¤Ï¤Á¤ã¤ó¤ÈRSA 2048bit ¤À¤«¤é¤¤¤¤¤¸¤ã¤ó¤È»×¤Ã¤Æ ¸«¤Æ¤ß¤¿¤é¡¢¤Ê¤ë¤Û¤É¥ë¡¼¥ÈCA RSA 1024bit X.509v1¾ÚÌÀ½ñ¤Ê¤ó¤À¤Í¡£¤½¤ê¤ã¤À¤á¤À¡£
path
ǧ¾Ú¥µ¡¼¥Ó¥¹¤Î¶¦Ḁ̈롼¥ë¤òºî¤Ã¤Æ¤¤¤ëCA Browser Forum¤Î¥¬¥¤¥É ¡ÖBaseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.5¡×¤È¤¤¤¦¤Î¤¬ ½Ð¤Æ¤¤¤Æ

2013-12-31
CAs SHALL confirm that the RSA Public Key is at least 2048 bits or that one of the following ECC curves is used: P-256, P-384, or P-521. A Root CA Certificate issued prior to 31 Dec. 2010 with an RSA key size less than 2048 bits MAY still serve as a trust anchor.
¤È¤¢¤ê¤Þ¤¹¡£RSA 2048bit̤Ëþ¤ÎCA¤Ï»È¤¨¤Ê¤¯¤Ê¤Ã¤Á¤ã¤¦¤ó¤À¤Ê¤¡¤È¡£

¤ä¤Ù¤ä¤Ù¡¢ÌÀÆü¤Î»ñÎÁ¤òºî¤é¤Ê¤¤¤È¡£

pathfinder¤È¤¤¤¦¾ÚÌÀ½ñ¤Î¥Ñ¥¹¸¡¾Ú¥Õ¥ê¡¼¥¦¥§¥¢»îÍÑʳƮµ­(µã) (Âè2ÏÃ)

°ìºòÆü¤Ï²ù¤·¤¤»×¤¤¤ò¤·¤¿¤Î¤Çw¡¢OpenSSL¤ÎDebian¸°ÀȼåÀ­¤Î»þ¤Ëºî¤Ã¤¿Ubuntu´Ä¶­¤ò°ú¤ÃÄ¥¤ê¤À¤·¤Æ¤­¤Æ¡¢pathfinder¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ß¤ë¤³¤È¤Ë¤·¤¿¡£

°Ê²¼¡¢È÷˺ϿŪ¤Ë¡¢¡¢¡¢

% aptitude install openssh-server
¢£ D-Bus¤Î¥Ó¥ë¥É¤ËɬÍפ½¤¦¤Ê¥Ñ¥Ã¥±¡¼¥¸¤Î¥¤¥ó¥¹¥È¡¼¥ë
% apt-get install -s dbus (1.1.20¤À¤Ã¤¿¤Î¤Ç¸Å¤¹¤®)¥Ñ¥Ã¥±¡¼¥¸¤Ï»È¤ï¤Ê¤«¤Ã¤¿
% apt-get install autoconf
% apt-get install automake
% apt-get install libtool
% apt-get install expat
% apt-get install libexpat1-dev
¢£ D-Bus¤Î¥Ó¥ë¥É
% ./configure
% make >& make.log &
% tail -f make.log
% make install
¢£ WvStreams¤Î¥Ó¥ë¥É¤È¥¤¥ó¥¹¥È¡¼¥ë
% ./configure
Configure: error: C++ preprocessor "/lib/cpp" ¤È½Ð¤¿¤Î¤Ç°Ê²¼¤ò¼Â¹Ô
% apt-get install g++
% apt-get install libssl-dev
% make >& make.log &
% tail -f make.log
% make install
¢£ pathfinder¤Î¥Ó¥ë¥É¤È¥¤¥ó¥¹¥È¡¼¥ë


ÅÓÃæ¡¢¥Ñ¥Ã¥±¡¼¥¸¤Î¥¤¥ó¥¹¥È¡¼¥ëÃæ¤ÇºÆµ¯Æ°¤òµá¤á¤é¤ì¤¿¤ó¤Ç¤¹¤¬¡¢ºÆµ¯Æ°¸å¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥À¥×¥¿¤¬Ç§¼±¤µ¤ì¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£orz

¤É¤¦¤ä¤éD-Bus¤¬°­¤µ¤ò¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£·ë¶É¡¢pathfinder¤Î¥¤¥ó¥¹¥È¡¼¥ë¤Þ¤Çé¤ê¤Ä¤±¤Þ¤»¤ó¤Ç¤·¤¿¡£

¤«¤Ê¤ê¿´¤¬ÀÞ¤ì¤Æ¤¤¤ë¡¢¡¢¡¢

¤¿¤«¤¬¥Ñ¥¹¸¡¾Ú¤Ê¤Î¤Ë¡¢¤É¤¦¤·¤Æ¤³¤ó¤Ê¤Ë¤â¡¢¤É¤¦¤Ç¤â¤è¤¤¥Ñ¥Ã¥±¡¼¥¸¤Ë°Í¸¤·¤Æ¤¤¤ë¤Î¤«¤È¡¢¡¢¡¢

pathfinder¤È¤¤¤¦¾ÚÌÀ½ñ¤Î¥Ñ¥¹¸¡¾Ú¥Õ¥ê¡¼¥¦¥§¥¢»îÍÑʳƮµ­(µã) (Âè1ÏÃ)

ËÜÅö¤Ï¤ä¤é¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤³¤È¤¬»³ÀѤ·¤Æ¤¤¤ë¤Î¤Ë¡¢¸½¼ÂƨÈò¤Çpathfinder¤È¤¤¤¦RFC 5280¤Î¥Ñ¥¹¸¡¾Ú¤Ë½àµò¤·¤¿¥Õ¥ê¡¼¥½¥Õ¥È¤¬¸ø³«¤µ¤ì¤¿¤è¤¦¤Ê¤Î¤ÇÁᮻ¤Æ¤ß¤¿¡£ÆÃħ¤Ï¤³¤ó¤Ê¤È¤³¤é¤·¤¤

¡¦¾ÚÌÀ½ñ¤Î½ð̾Ã͸¡¾Ú
¡¦Ì¾Á°¥Á¥§¡¼¥ó¸¡¾Ú
¡¦´ðËÜÀ©Ìó¤Î¸¡¾Ú
¡¦¾ÚÌÀ½ñ¥Ý¥ê¥·¤Î¸¡¾Ú(´Þ¥Ý¥ê¥·¡¼¥Þ¥Ã¥Ô¥ó¥°)
¡¦¸°»ÈÍÑË¡¤Î¸¡¾Ú
¡¦OCSP¤Ë¤è¤ë¼º¸ú¸¡¾Ú
¡¦¥Ö¥ê¥Ã¥¸CA¤ò´Þ¤à¥Ñ¥¹¸¡¾Ú¤Ë¤âÂбþ¤·¤Æ¤¤¤ë¤Ã¤Ý¤¤
¡¦AIA³ÈÄ¥¤Ë¤è¤ë¥Ñ¥¹¹½ÃÛ¤âÂбþ¤·¤Æ¤ë¤Ã¤Ý¤¤
¡¦C++¤Ç½ñ¤«¤ì¤Æ¤¤¤ë¤Ã¤Ý¤¤¡£

¥½¡¼¥¹¥³¡¼¥É¤Ï¤³¤³(code.google.com)¤«¤é¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤ë¤è¤¦¤Ç¡¢º£Æü¤Î»þÅÀ¤Ç¥Ð¡¼¥¸¥ç¥ó¤Ï1.1.2(2009.09.23ÈÇ)¤À¤Ã¤¿¡£

¥¤¥ó¥¹¥È¡¼¥ë


¥½¡¼¥¹¥³¡¼¥É¤Î¤ß¤ÎÇÛÉۤʤΤǡ¢¥Ó¥ë¥É¤·¤Ê¤¤¤È¤¤¤±¤Ê¤¤¡£cygwin´Ä¶­¤Ç¤ä¤ë¤³¤È¤Ë¤¹¤ë¡£°Ê²¼¤Î¤â¤Î¤¬Â¿Ê¬É¬Íפˤʤ롣
¡¦g++
¡¦cmake

¥¤¥ó¥¹¥È¡¼¥ëÀè¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤è¤¤¤Î¤Ç(cmake¤ò»È¤Ã¤¿¤³¤È¤Ê¤¤¤Î¤Ë)cmake°ìȯ¤·¤Æ¤ß¤ë¤³¤È¤Ë¤¹¤ë¡£

% cmake .


¤¢¤¨¤Ê¤¯¥¨¥é¡¼¤ÇÇÔÂà¡£²¿¤ä¤é¥µ¡¼¥É¥Ñ¡¼¥Æ¥£¡¼¤Î¥é¥¤¥Ö¥é¥ê¤È¤·¤Æ
¡¦D-Bus
¡¦WvStreams
¡¦OpenSSL (¤Þ¤¡¤³¤ì¤Ï¤¢¤ë¤±¤É)
¤¬É¬Íפʤó¤À¤½¤¦¤À¡£

¥Ð¡¼¥¸¥ç¥ó¤Î»ØÄê¤â̵¤¤¤Î¤Ç»ÅÊý¤Ê¤¯D-Bus¤Î¥µ¥¤¥È¤«¤édbus-1.3.0.zip¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤¿¡£Ê·°Ïµ¤Åª¤ËDebian¤Ê¤é¥Ð¥¤¥Ê¥ê¥Ñ¥Ã¥±¡¼¥¸¤¬¤¢¤ê¤½¤¦¤À¤Ã¤¿ orz

ƱÍͤËWvStreams¤Î¸ø¼°¥µ¥¤¥È¤«¤éé¤Ã¤Æ¡¢wvstreams-4.6.1.tar.gz¤òÍî¤È¤·¤Æ¤­¤¿¡£


ºÆÀï(1)¡§WvStreams¤Î¥Ó¥ë¥É



¸ø¼°¥µ¥¤¥È¤Î¥È¥Ã¥×¤Ë¿ÆÀڤˤâ¥Ó¥ë¥ÉË¡¤¬½ñ¤¤¤Æ¤¢¤ë¤Î¤ÇÍ­Æñ¤¯¤½¤ÎÄ̤ê¤ä¤ë¡£

% tar -xzvf wvstreams-4.6.1.tar.gz
% cd wvstreams-4.6.1
% ./configure
% make (as root:)
% make install


¤Ç¡¢"./configure"¤·¤Æ¤ß¤¿¤ó¤À¤±¤É¥¨¥é¡¼¤¬¡¢¡¢¡¢

configure: WARNING: DBUS is missing.
configure: WARNING: PAM is missing.
configure: WARNING: Qt is missing.
configure: WARNING: Valgrind is missing.
configure: WARNING: readline is missing.
configure: WARNING: both tr1/functional and boost/function.hpp are missing.
configure: error: Required dependencies missing: boost/function.hpp


tr1¤ä¤éboost¤Ã¤Æ²¿¤Ã¤ÆÄ´¤Ù¤Æ¤ß¤ë¤ËC++¤Îɸ½à¥é¥¤¥Ö¥é¥ê¤Î³ÈÄ¥°ÆTechnical Report 1¤Î¼ÂÁõ¤Î¤è¤¦¤À¡£ºÇ¶á¡¢C++¤ËÁ¤¤¤Î¤ÇÁ´Á³¤·¤é¤Ê¤«¤Ã¤¿¡£¤Ä¡Á¡Á¤«¡¢¤Ê¤ó¤Çg++¤Ë¤ÏÆþ¤Ã¤Æ¤Ê¤¤¤ó¤À¤í¤¦¡¢¡¢¡¢Ï·¿Í¤Ë¤Ï¥Ó¥ë¥É¤Ï¿É¤¤¤Î¤ÇÀ§Èóɸ½à¤ÇTR1¤ò¼ÂÁõ¤·¤Æ夭¤¿¤¤¡£

ÃÊ¡¹¡¢ÌÌÅݽ­¤¯¤Ê¤Ã¤Æ¤­¤¿orz

Boost¤Î¥¤¥ó¥¹¥È¡¼¥ë


Boost¤Î¸ø¼°¥µ¥¤¥È(www.boost.org)¤«¤é¥Ð¡¼¥¸¥ç¥ó1.40.0¤Î¥¢¡¼¥«¥¤¥Ö¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ(¤ª¤¤¤ª¤¤¥½¡¼¥¹tgz¤Ç40MB¤â¤¢¤ë¤è)¥Ó¥ë¥É¤·¤è¤¦¤È¤·¤¿¤ó¤Ç¤¹¤¬¡¢cygwin¤ÇÎɤ¯¸«¤¿¤éboost¥Ñ¥Ã¥±¡¼¥¸¤¢¤Ã¤¿¤è¡£Í­Æñ¤¯¥Ñ¥Ã¥±¡¼¥¸¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¡£cygwin¤òÎɤ¯¸«¤Þ¤·¤¿¤¬¡¢D-Bus¤ÈWvStreams¤Ï¥Ñ¥Ã¥±¡¼¥¸¤Ï̵¤¤¤³¤È¤ò³Îǧ¤·¤¿¡£

D-Bus¤Î¥¤¥ó¥¹¥È¡¼¥ë


WvStreams¤ÏD-Bus¤ò»È¤¦¤è¤¦¤Ê¤Î¤Ç¡¢D-Bus¤«¤éÀè¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Ë¤·¤¿¡£

% ./configure --prefix=/usr
% make
% su make install


¤Ç¤¤¤±¤ë¤½¤¦¤À¡£gettext¤Èexpat or libxml-2¤òɬÍפȤ¹¤ë¤é¤·¤¤¡£cygwin¤Îlibxml-2-devel¥Ñ¥Ã¥±¡¼¥¸¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¡£

¤Ç¡¢¤¨¤¨¤¤¤Ã¡¢¡¢¡¢¤Ã¤È"./configure"¤·¤Æ¤ß¤ë¤â"./configure"¤¬Ìµ¤¤¤¸¤ã¡Á¡Á¡Á¤ó¡£autoconf¤Ê¤Î¤«¤Ê¡£¤ï¤«¤é¤Ê¤¤¤Î¤Çcmake¥Ç¥£¥ì¥¯¥È¥ê¤Ë²¼¤ê¤Æ

% cd cmake
% cmake .


¤·¤Æ¤ß¤¿¡£cmake¤Ï¤¦¤Þ¤¯¤¤¤Ã¤¿¤è¤¦¤À¡£¤Ç¡¢

% make


¤¦¡Á¡Á¤à¡¢¥Ó¥ë¥É¥¨¥é¡¼¤À¡£

cmake¤Ï¤À¤á¤ß¤¿¤¤¤À¡£"autoconf"¤Ë¤¹¤ë¤«¡¢¡¢¡¢¡¢»ÅÊý¤Ê¤¯¡¢cygwin¤Îautoconf¡¢automake¡¢libtool(libtoolize¤¬Æþ¤Ã¤Æ¤¤¤ë)¤Î¥Ñ¥Ã¥±¡¼¥¸¤òÄɲ乤롣¤Ç¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥óÍѤΥ¹¥¯¥ê¥×¥È¤¬¤¢¤ë¤è¤¦¤Ê¤Î¤Ç¼Â¹Ô¤·¤Æ¤ß¤ë¡£

% ./autogen.sh


MD4¤Ë´Ø¤·¤Æ·Ù¹ð¤¬½Ð¤¿¤¬Ìµ»ë¤·¤Æ¤·¤Þ¤Ã¤¿¡£

Now type 'make' to compile dbus.


¤È½Ð¤¿¤Î¤Ç¡¢¤É¤¦¤ä¤é"./configure"¥Õ¥¡¥¤¥ë¤ÎÀ¸À®¤È¼Â¹Ô¤Ï¤¦¤Þ¤¯¤¤¤Ã¤¿¤è¤¦¤À¡£

% make


¤Ç¡¢¥¨¥é¡¼¡£¤É¤¦¤ä¤éshared libraryÈǤò¤Ä¤¯¤ë¤¿¤á¤Î¥ª¥×¥·¥ç¥ó¤¬´Ö°ã¤Ã¤Æ¤¤¤ë¤è¤¦¤À¡£libtool¤Þ¤ï¤ê¤Îµ­½Ò¤¬¤¤¤±¤Ê¤¤¤Î¤«¤â¤·¤ì¤Ê¤¤¡£ÌÌÅݤʤΤÇstatic¤À¤±¤Ë¤·¤Æ¤·¤Þ¤¦¡£

% ./configure --enable-static --disable-shared


¤Ç¡¢

% make >& make.log &
% tail -f make.log


¤È¤ê¤¢¤¨¤º¡¢D-Bus¤Î¥Ó¥ë¥É¤Ï½çÄ´¤Ë¿Ê¤ó¤Ç¤¤¤ë¤è¤¦¤Ë¸«¤¨¤ë¡¢¡¢¡¢¤È»×¤Ã¤¿¤é¥³¥±¤¿¡£Â¿Ê¬aclocal.m4¡¢acinclude.m4¤Î¥Þ¥¯¥í¤¬½èÍý¤Ç¤­¤Æ¤¤¤Ê¤¤¤Ã¤Ý¤¤¡£autoconf¤«¤éÌá¤ë¤«¡£

¤µ¤­¤Û¤É¤Î"autogen.sh"¤Î¼Â¹Ô»þ¤Î·Ù¹ð¤Ç¤Ï¡¢

libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.


¤È½Ð¤Æ¤¤¤¿¤Î¤Ç¡¢"configure.in"¤ò¤¤¤¸¤Ã¤Æ

½¤ÀµÁ°
AC_INIT(dbus, [dbus_version])
½¤Àµ¸å
AC_INIT(dbus, [dbus_version])
AC_CONFIG_MACRO_DIR([m4])


¤È¤¹¤ë¤³¤È¤Ë¤·¤Æ¡¢ºÆÅÙ "autogen.sh" ¤ò¼Â¹Ô¤·¤¿¡£·Ù¹ð¤Ï̵¤¯¤Ê¤ê̵»ö "configure" ¤¬¼Â¹Ô¤µ¤ì¤¿¤è¤¦¤À¡£(Ëè²ó¤³¤ó¤Ê¤³¤È¤ò½ñ¤¤¤Æ¤¤¤ë¡£)¤Þ¤¿¡¢static¥é¥¤¥Ö¥é¥ê¤Î¤ß¤Ë¤¹¤ë¤è¤¦configure¤òºÆ¼Â¹Ô¤·¤Æ¥Ó¥ë¥É¤¹¤ë¡£

% ./configure --enable-static --disable-shared
% make >& make.log &
% tail -f make.log


¤¦¡Á¤à¤À¤á¤À¥¨¥é¡¼¤À¡Á¡Á¡Á¡£dbus-sysdeps-unix.c¤¬¥À¥á¤Ã¤Ý¤¤¡£

D-Bus¤ò¥½¡¼¥¹¤«¤écygwin¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤Î¤ÏÄü¤á¤ë¤³¤È¤Ë¤¹¤ë¡£

¤¿¤Þ¤¿¤Þ¡¢D-Bus¤ò¤Á¤ç¤Ã¤È¸Å¤¤¤±¤Écygwin¥Ñ¥Ã¥±¡¼¥¸¤Ë¤·¤ÆÇۤäƤ¤¤ë¤È¤³¤í¤òȯ¸«¤·¤¿¤Î¤Ç¤³¤ì¤ò»È¤Ã¤Æ¤ß¤ë¤³¤È¤Ë¤¹¤ë¡£

http://ftp.daum.net/cygwin/release-2/dbus/


URL¤ò»ØÄꤷ¤ÆÉáÄ̤ˤϥ»¥Ã¥È¥¢¥Ã¥×¤Ç¤­¤Ê¤«¤Ã¤¿¤Î¤Ç¡¢¥Ñ¥Ã¥±¡¼¥¸¥Õ¥¡¥¤¥ë(.bz2)¤ò¼ê¤Ç¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¡¢

- dbus-1.2.16-1.tar.bz2
- libdbus1_3-1.2.16-1.tar.bz2
- libdbus1-devel-1.2.16-1.tar.bz2
¤ò /tmp ¤Ê¤É¤Ç
% bunzip2 -dc dbus-1.2.16-1.tar.bz2 | tar xvf -
¤·¤Æ¡¢
% cp -r usr /
% cp -r etc/dbus-1 /etc
etc/{postinstall,preremove}¤ò»²¹Í¤Ë
% mkdir -p /var/lib/dbus
% /usr/bin/dbus-uuidgen --ensure


¤¹¤ì¤Ð¡¢D-Bus 1.2.16¤Î¥Ñ¥Ã¥±¡¼¥¸¤Ï¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤¿¤Î¤Ç¤Ï¤Ê¤¤¤«¤È»×¤¦¡£

Ť«¤Ã¤¿¡¢¡¢¡¢orz

ºÆÀWvStreams¤Î¥¤¥ó¥¹¥È¡¼¥ë



WvStreams¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ËÌá¤ë¤³¤È¤Ë¤¹¤ë¡£

% ./configure


D-Bus¤Ï1.2.14°Ê¾å¤¬É¬Íפʤ褦¤À¡£D-Bus¤¬»È¤¨¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤ò°ì±þ³Îǧ¤·¤¿¡£

configure: WARNING: DBUS is missing.
configure: WARNING: PAM is missing.
configure: WARNING: Qt is missing.
configure: WARNING: Valgrind is missing.
configure: WARNING: readline is missing.
configure: WARNING: both tr1/functional and boost/function.hpp are missing.
configure: error: Required dependencies missing: boost/function.hpp


ÁêÊѤï¤é¤º¡¢D-Bus¤¬Ìµ¤¯¡¢Boost¤â̵¤¤¤ÈÅܤé¤ì¤¿orz

% ./configure --with-dbus --with-openssl


pkg-config¤¬¤¤¤ë¤ß¤¿¤¤¤À¤¾¡£cygwin¤Î¥Ñ¥Ã¥±¡¼¥¸¤òÄɲä·¤¿¡£ÃÊ¡¹¡¢Æ¬¤­¤¿¡£ÁêÊѤï¤é¤ºTR1¤«Boost¤Ç¤ÏÅܤé¤ì¤ë¡£

cygwin¤ÎBoost¤Î¥Ñ¥Ã¥±¡¼¥¸¤Î¥¤¥ó¥¯¥ë¡¼¥É¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤ò¸«¤Æ¤ß¤¿¤é

/usr/include/boost ¤¬¤Ê¤¤¤Î¤Ç
% cd /usr/include
% ln -s boost-1_33_1/boost boost


¤³¤ì¤Ç¡¢¤è¤¦¤ä¤¯ configure ¤Ï¤¦¤Þ¤¯Ä̤ä¿(¤ä¤ì¤ä¤ì)¡£¥Ó¥ë¥É¤·¤Æ¤ß¤ë¡£

% make >& make.log &
% tail -f make.log


¤¢¤é¤é¡¢¡¢¡¢ºÆÅÙ configure ¤·¤Á¤ã¤Ã¤Æ¤ë(µã)¡£µ¤Ä¹¤ËÂԤĤ³¤È¤Ë¤¹¤ë¡£¤¢¤é¤é¡¢¤ä¤Ã¤Ñ¤ê¥À¥á¤À¤Ã¤¿¡£

./include/wvtask.h:27:22: ucontext.h: No such file or directory
./include/wvtask.h:57: error: `ucontext_t' does not name a type


cygwin¤ÏUser Thread Context¤¬¼ÂÁõ¤µ¤ì¤Æ¤¤¤Ê¤¤¤Î¤Ç"ucontext.h"¤â̵¤¤¤¿¤á¡¢¤½¤ê¤ã¥Ó¥ë¥É¤Ç¤­¤Ê¤¤¤ï¤±¤À¡£

¤¦¤à¤à¡¢»ÄÇ°¡¢º£Æü¤Ï¤³¤ì¤¯¤é¤¤¤Ç¡¢¡¢¡¢

ÊýË¡¤¬Â¾¤Ë¸«¤Ä¤«¤é¤Ê¤¤¤è¤¦¤Ê¤écygwin¤Ï¤¢¤­¤é¤á¤Æ¡¢Debian(Ubuntu)¤Ç¥Ó¥ë¥É¤·¤Æ¤ß¤ë¤³¤È¤Ë¤·¤Þ¤¹¡£

Black Hat:SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñÃæ¤ÎCN¤ÎOID½èÍýÉÔ¶ñ¹ç¤òÆͤ¤¤¿¹¶·â(³¤­1)

Á°²ó¤Ï¡¢BlackHat¤Ç¾Ò²ð¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÂоݥۥ¹¥È̾¤ò³ÊǼ¤¹¤ëCN(common name)°À­¤Î½èÍý¤ÎÉÔ¶ñ¹ç¤òÆͤ¤¤¿ÀȼåÀ­¤Ë¤Ä¤¤¤Æ¾Ò²ð¤·¤Þ¤·¤¿¡£

º£Æü¤Ï¡¢¼ÂºÝ¤Ë¥Æ¥¹¥È¥µ¡¼¥Ð¡¼¤òΩ¤Á¾å¤²¤Æ¥Ö¥é¥¦¥¶¤ÇÀܳ¤¹¤ë¤È¤É¤¦¤Ê¤ë¤Î¤«»î¤·¤Æ¤ß¤Þ¤¹¡£

Challenge PKI Test Suite(²þ)¤Îµ¡Ç½ÄɲÃ


¼ê»ý¤Á¤Î¾õÂÖ¤ÎTest Suite¤Ç¤Ï¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤Î¥ª¥Ö¥¸¥§¥¯¥È¼±Ê̻ҤˤĤ¤¤Æ
(1) ¥ª¥Ö¥¸¥§¥¯¥È¼±Ê̻ҤΥµ¥Ö¼±Ê̻ҤÇÂ礭¤ÊÀ°¿ô¤ò»ØÄꤹ¤ë¤È·å¤¬°î¤ì¤ë(µ¡ÃΤΥХ°)
(2) X.690¤Ë°ãÈ¿¤·¤Æ0x80¤Ç¥Ñ¥Ç¥£¥ó¥°¤·¤Æ¥¨¥ó¥³¡¼¥É¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£
¤È¤¤¤Ã¤¿¾õÂ֤Ǥ·¤¿¡£
RDN¤Î°À­¥¿¥¤¥×¤òɽ¤¹ÊýË¡¤È¤·¤Æ°Ê²¼¤Î¥µ¥Ý¡¼¥È¤òÄɲ䷤ơ¢¥Æ¥¹¥È¥³¡¼¥É¤òÄɲä·¤Þ¤·¤¿¡£
(1) CN, OU, O, C, serialNumber¤Ê¤É°À­¥¿¥¤¥×¤ò̾Á°¤Ç»ØÄê¤Ç¤­¤ë¡£(¸½¹Ô)
(2) 1.2.3.4 ¤Î¤è¤¦¤Ë½½¿Ê¥«¥ó¥Þ¶èÀÚ¤ê¤ÇOID¤ò»ØÄê¤Ç¤­¤ë¡£(¸½¹Ô¡¢·å°î¤ì¤Î¥Ð¥°)
(3) #550403 ¤Î¤è¤¦¤Ë16¿Ê¿ô¤Ç°À­¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤ë¡£(µ¡Ç½ÄɲÃ)

¾ÚÌÀ½ñ¤ÎÀ¸À®


SSL¥µ¡¼¥Ð¡¼¤Î¥Û¥¹¥È̾¤Ë°Ê²¼¤Î2¤Ä¤ò²¾Äꤷ¤Æȯ¹Ô¤·¤Þ¤¹¡£
CN=www.evil3.jp: °­°Õ¤Î¤¢¤ë¹¶·â¼Ô¤¬ËÜÅö¤Ë½ê»ý¤·¤Æ¤¤¤ë¥É¥á¥¤¥ó¤Î¥Û¥¹¥È
CN'=www.good-bank.com: º¾µ½ÂоݤΥۥ¹¥È


ËÜÍè¤Ê¤é¤ÐCN(2.5.4.3=0x550403)¤Ç¤¢¤ë¤è¤¦¤ÊOID¤ò¡¢ñÙ¤¹¤¿¤á¤Î¥Ë¥»¤ÎCN(CN')¤Îºî¤êÊý¤È¤·¤Æ¤Ï°Ê²¼¤Î2¤Ä¤Ç¹Ô¤¤¤Þ¤¹¡£

(1) ËöÈø"3"¤òX.690¤Ë°ãÈ¿¤·¤Æ0x80(Ê£¿ô²Ä)¤Ç¥Ñ¥Ç¥£¥ó¥°¤¹¤ë(0x05048003)
(2) ËöÈø"3"¤ò64bitÀ°¿ô¤Ç·å¤¢¤Õ¤ì¤·¤¿¸å"3"¤È¤Ê¤ëÃͤȤ¹¤ë¡£

ÊýË¡(2)¤Ë¤Ä¤¤¤Æ¤Ï¡¢·å°î¤ì¤¹¤ë¿ô¤ò"0x010000000000000003"(9¥Ð¥¤¥È)¤È¤·¤Æ¡¢¤³¤ì¤ò¥Ó¥Ã¥Èɽ¸½¤Ë¤·ËöÈø¤è¤ê7¥Ó¥Ã¥È¤Çʬ³ä¤·¤Æ¤³¤ì¤ò¥Ð¥¤¥È¤È¤·¡¢ËöÈø¤ò½ü¤­8¥Ó¥Ã¥ÈÌܤò1¤È¤·¡¢"2.5.4."¤ÎÉôʬ¤òÏ¢·ë¤¹¤ë¤È¡¢0x82808080808080808003¤È¤Ê¤ê¤Þ¤¹¡£

OpenSSL 0.9.8k¤Ç¤Ï¤É¤¦¸«¤¨¤ë¡©


OpenSSL¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¤É¤Î¤è¤¦¤Ë¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤¬É½¼¨¤µ¤ì¤ë¤Î¤«³Îǧ¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¢£¥³¥Þ¥ó¥É
% openssl x509 -in ¾ÚÌÀ½ñ -noout -text
¢£OIDËöÈø"3"¤¬0x8003¤Î¾ì¹ç(X.690°ãÈ¿¤Î¥¼¥í¥Ñ¥Ç¥£¥ó¥°)
Subject: C=JP, O=Evil-CN-OID, CN=www.evil3.jp/2.5.4.3=www.good-bank.com
¢£OIDËöÈø"3"¤¬0x82808080808080808003(64bitÀ°¿ô·å°î¤ì)
Subject: C=JP, O=Evil-CN-OID, CN=www.evil3.jp/2.5.4.18446744073709551619=www.good-bank.com


CN¥â¥É¥­¤Ï¤Á¤ã¤ó¤È¶èÊ̤·¤Æɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£CN¤Ï2.5.4.3¤Ê¤ó¤Ç¤¹¤¬¡¢0x80¥Ñ¥Ç¥£¥ó¥°¤µ¤ì¤¿¤â¤Î¤È¤Ï¤­¤Á¤ó¤È¶èÊ̤·¤Æ¤¤¤Þ¤¹¡£(18446744073709551619¤Ï0x010000000000000003¤Î10¿Ê¿ôɽ¸½¤Ç¤¹¡£)

dumpasn1¤Ç¤Îɽ¼¨


¢£ËÜʪ¤ÎCN(common name)¤Îɽ¼¨
SEQUENCE {
#06 03 55 04 03
OBJECT IDENTIFIER commonName (2 5 4 3)
#13 0C 77 77 77 2E 65 76 69 6C 33 2E 6A 70
PrintableString 'www.evil3.jp'
}

¢£¥Ë¥»¤ÎCN­¡(X.690°ãÈ¿¤Î0x80¥Ñ¥Ç¥£¥ó¥°)
SEQUENCE {
#06 04 55 04 80 03
OBJECT IDENTIFIER '2 5 4 3'
#13 11 77 77 77 2E 67 6F 6F 64 2D 62 61 6E 6B 2E 63 6F 6D
PrintableString 'www.good-bank.com'
}

¢£¥Ë¥»¤ÎCN­¢(64¥Ó¥Ã¥ÈÀ°¿ô·å°î¤ì)
SEQUENCE {
#06 0C 55 04 82 80 80 80 80 80 80 80 80 03
OBJECT IDENTIFIER '2 5 4 3'
#13 11 77 77 77 2E 67 6F 6F 64 2D 62 61 6E 6B 2E 63 6F 6D
PrintableString 'www.good-bank.com'
}


­¡¤â­¢¤âɽ¼¨¾å¤ÏËÜÅö¤ÎCN¤È¶èÊ̤Ǥ­¤Æ¤¤¤Þ¤¹¡£¤·¤«¤·¤Ê¤¬¤é­¢¤Ç¤Ï¡¢OBJECT IDENTIFIER '2 5 4 3'¤È¤Ê¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤ª¤ê¡¢À°¿ô¤Î·å°î¤ì¤¬µ¯¤­¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

¤Þ¤º¤ÏÀµ¼°¤Ê(°­¤¤¿Í¤Î)URL¤ËÀܳ


cnoid01

¤Á¤ã¤ó¤ÈÀµ¤·¤¯SSLÀܳ¤Ç¤­¤Æ¤Þ¤¹¤ó¤Ç¡¢¤³¤ì¤ÏÌäÂê̵¤·¡£

FireFox 3.5.2¤Ç¥Ë¥»CN¤Î¥Û¥¹¥È¤ËÀܳ


¤½¤ì¤Ç¤Ï¡¢¼¡¤ËX.690¤Ë°ãÈ¿¤·¤Æ0x80¤Ç¥Ñ¥Ç¥£¥ó¥°¤·¤Æ¤¢¤ë¥Ë¥»CN¤ÎURL "https://www.good-bank.com/" ¤ËÀܳ¤·¤Æ¤ß¤Þ¤¹¡£
cnoid02-ff35-err-yellow

¤ª¤ª¡¢¤Á¤ã¤ó¤È·Ù¹ð½Ð¤Þ¤¹¤Í¡£¥¨¥é¥¤¡£
cnoid02-ff35-dlg

¤ª¤ª¡¢¤Á¤ã¤ó¤È¥À¥¤¥¢¥í¥°¤Þ¤Ç¡¢¡¢¡¢¥á¥Ã¥»¡¼¥¸¤Ë¤â±³¤¬Ìµ¤¯¤Æ¹¥´¶¤¬»ý¤Æ¤Þ¤¹¡£¤Á¤Ê¤ß¤Ë¾ÚÌÀ½ñ¤Ï¤³¤ó¤Ê´¶¤¸¤Çɽ¼¨¤µ¤ì¤Þ¤¹¡£
cnoid03-ff35-crtdlg

cnoid04-ff35-crtdlg

¥Ë¥»CN¤Ë¤Ä¤¤¤Æ¡¢Ê¸»ú²½¤±¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¤Þ¤¡¡¢²ø¤·¤¤¤È¤ï¤«¤ê¤Þ¤¹¡£

64bitÀ°¿ô·å¤¢¤Õ¤ì¤¹¤ë¾ì¹ç¤Ç¤â¡¢É½¼¨¤ÏƱ¤¸¤À¤Ã¤¿¤Î¤Ç¡¢¥­¥ã¥×¥Á¥ã¤Ï³ä°¦¤·¤Þ¤¹¡£

Internet Explorer 8¤Ç¥Ë¥»CN¤Î¥Û¥¹¥È¤ËÀܳ


Àè½µ¤¢¤¿¤ê¤ËWindows Update¤·¤¿¡¢¤Û¤ÜºÇ¿·¤À¤È»×¤¦IE8¤Ç¥Ë¥»CN¤ÎURL¤ËÀܳ¤·¤Æ¤ß¤Þ¤·¤¿¡£
cnoid06-ie8-goodbank

°ìÀÚ·Ù¹ð¤Ê¤¯¥Ë¥»CN¤Î¥µ¥¤¥È¤ËÀܳ¤Ç¤­¤Æ¤·¤Þ¤¤¤Þ¤¹¤Í¡£
cnoid07

¾ÚÌÀ½ñ¥À¥¤¥¢¥í¥°¤Ç´Ñ¤Æ¤ß¤ë¤ÈX.690°ãÈ¿¤Î0x80¥Ñ¥Ç¥£¥ó¥°¤Ç¤âÀ°¿ô·å°î¤ì¤Ç¤âɽ¼¨¾å¤ÏCN(common name)¤Ç¤¢¤ë¤È¤·¤Æɽ¼¨¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤¹¡£

Google Chrome 2¤Ç¥Ë¥»CN¥µ¥¤¥È¤ËÀܳ


º£Æü¤Î»þÅÀ¤ÇºÇ¿·¤À¤È»×¤¦Google Chrome 2.0.172.43¤ÇƱÍͤËÀܳ¤·¤Æ¤ß¤Þ¤·¤¿¡£
cnoid09

¤³¤Á¤é¤â·Ù¹ð¤Ê¤¯Àܳ¤Ç¤­¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
cnoid10

¾ÚÌÀ½ñ¤âwww.good-bank.comÍѤÇÌäÂê¤Ê¤¤¤³¤È¤Ë¤Ê¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¤Í¡£

Opera 9.5¤ÇÀܳ


¤³¤Î¾¤ËOpera for Windows 9.50 build10063¤Ç¤â»î¤·¤Æ¤ß¤¿¤ó¤Ç¤¹¤¬¡¢Opera¼«ÂΤ¬DNS¤Ç°ú¤±¤Ê¤¤¥Û¥¹¥È¤Ïɽ¼¨¤¬¤Ç¤­¤Ê¤¤¤è¤¦¤Êµ¤¤¬¤¹¤ë¤ó¤Ç¤¹(¥í¡¼¥«¥ëPC¤Îhttp://192.168.1.133/Åù¤Ç¤âÀܳÉÔǽ)¡£¤½¤Î¤¿¤á¥Æ¥¹¥È¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£
cnoid-opera-01

¤È¡¢¡¢¡¢»×¤Ã¤¿¤éñ¤Ë;·×¤Ê¥×¥í¥­¥·¤¬ÀßÄꤵ¤ì¤Æ¤¤¤¿¤À¤±¤Ç¤·¤¿¡£¤¹¤ß¤Þ¤»¤ó¡£µ¿¤Ã¤Æ¥´¥á¥ó¥è¡£µ¤¤ò¼è¤êľ¤·¤ÆÀܳ¤·¤Æ¤ß¤Þ¤¹¡£¤Þ¤º¤Ï¡¢(²ø¤·¤¤¤±¤É)Àµ¤·¤¤HTTPSÀܳ¡£
cnoid-opera-02

¤Þ¤¡¡¢°ÂÁ´¤Ç¤¹(¾Ð)¡£
cnoid-opera-03


¼¡¤Ë¥Ë¥»CN¤Î¥µ¥¤¥È¤ËÀܳ¤·¤Æ¤ß¤Þ¤¹¡£
cnoid-opera-04

cnoid-opera-05

¤Á¤ã¤ó¤È¿ÆÀڤʷٹ𤬤Ǥޤ¹¡£¤â¤¦¤Á¤ç¤Ã¤È¿§¤¬ÊѤï¤Ã¤¿¤ê¥¤¥ó¥Ñ¥¯¥È¤¬¤¢¤ë·Ù¹ð¤À¤È¤¤¤¤¤ó¤Ç¤¹¤±¤É¤Í¡£

¤³¤ì¤â¡¢¤É¤Ã¤Á¤Î¥Ë¥»CN¤Ç¤â·ë²Ì¤ÏƱ¤¸¤Ç¤·¤¿¡£

Opera¤ÎºÇ¿·ÈǤϸ½»þÅÀ¤Ç9.64¤À¤½¤¦¤Ç¡¢¤Á¤ç¤Ã¤È¸Å¤¤¤ä¤Ä¤Ç¤¹¤¬¡¢¥Ë¥»CN OIDÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¤Á¤ã¤ó¤ÈÂбþ¤µ¤ì¤Æ¤¤¤ë¤Ã¤Æ¤³¤È¤Ç¡¢¡¢¡¢

ruby + httpclient2


ruby¤Èhttpclient2¤Î¥â¥¸¥å¡¼¥ë¤Ç¤â»î¤·¤Æ¤ß¤Þ¤·¤¿¡£OpenSSL¥Ù¡¼¥¹¤Ç¤¹¤¬¡¢¥Ë¥»CN¥µ¥¤¥È¤ËÀܳ¤¹¤ë¤È¤Á¤ã¤ó¤È¥¨¥é¡¼¤Ë¤Ê¤Ã¤Æ¤¯¤ì¤Þ¤¹¡£
/usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check': hostname was not match with the server certificate (OpenSSL::SSL::SSLError)


°Ê¾å¡¢¤³¤ó¤Ê´¶¤¸¤Ç¼Â¸³Êó¹ð¤Ç¤·¤¿¡£

¤Ç¤Ï¤Ç¤Ï

¢¨Ãí°Õ¡§¤³¤Îµ­»ö¤Î¥¦¥£¥ó¥É¥¦¥­¥ã¥×¥Á¥ã²èÁü¤Ï¡¢Í¾·×¤ÊÉôʬ¡¢¶õÇò¤Ê¤É¤ò½ü¤¯¤¿¤á¤Ë¥È¥ê¥ß¥ó¥°¤·¤¿¤ê¡¢¶õÇò¤Îºï½üÅù¤Î²Ã¹©¤ò¤·¤Æ¤¤¤Þ¤¹¡£

´ØÏ¢µ­»ö



Black Hat¤Î¾ÚÌÀ½ñNull Termination¹¶·â (¤½¤Î4:ÈÖ³°ÊÔ RubyÊÔ)

°ìÏ¢¤ÎNull Termination¹¶·â¤Îµ­»ö¤ÎÈÖ³°ÊԤȤ·¤Æ¡¢Ruby¤Îhttpclient2¤Ê¤é¤É¤¦¤Ê¤Î¤«¡¢¤Á¤ç¤Ã¤È»î¤·¤Æ¤ß¤Þ¤·¤¿¡£

¤³¤³¤Ë¤Ï¤³¤ó¤Ê¤³¤È¤¬½ñ¤¤¤Æ¤¢¤ë¤Î¤Ç

Ruby¤Înet/https¤è¤ê
Ãí°Õ¡£net/https ¤Ï RFC2818 ¤Î 3.1 ¤ËÄê¤á¤é¤ì¤¿¡Ö¥µ¡¼¥Ð¡¼¤Î¾ÚÌÀ½ñ¤Ëµ­ºÜ¤µ¤ì¤¿¿È¸µ¤Î¥Á¥§¥Ã¥¯¡×¤ò¼«¤é¤Ï¤·¤Ê¤¤¡£Àܳ¤·¤Æ¤¤¤ë¤Ï¤º¤Î¥µ¡¼¥Ð¤Î¥Û¥¹¥È̾¤È¾ÚÌÀ½ñ¤Ëµ­ºÜ¤µ¤ì¤Æ¤¤¤ë¥Û¥¹¥È̾¤¬°ìÃפ¹¤ë¤«¤ò¥é¥¤¥Ö¥é¥ê¤Î»ÈÍѼԤ¬³Æ¼«¼ÂÁõ¤¹¤ëɬÍפ¬¤¢¤ë¡£


Ruby¤Ï¥Û¥¹¥È̾¤Î°ìÃ׳Îǧ¤Ï¤·¤Æ¤Ê¤¤¤Î¤«¤È»×¤Ã¤¿¤é¡¢gotoyuzo¤µ¤ó¤ä¡¢nahi¤µ¤ó¤¬¡ÖRuby News 2007.10.04: net/https¥é¥¤¥Ö¥é¥ê¤Ë¤ª¤±¤ë¡ÖÃæ´Ö¼Ô¤Ë¤è¤ë¤Ê¤ê¤¹¤Þ¤·¹¶·â¡×¤ËÂФ¹¤ëÀȼåÀ­¤Ë¤Ä¤¤¤Æ¡×¤Ë½ñ¤«¤ì¤Æ¤¤¤ëÄ̤ꡢ¤Á¤ã¤ó¤È¥Û¥¹¥È̾¤Î°ìÃ׳Îǧ¤Ï¤·¤Æ¤¤¤ë¤È¶µ¤¨¤Æ¤¯¤ì¤Þ¤·¤¿¡£

¤½¤ì¤Ç¤Ï¤È¡¢Ruby(¤ÎOpenSSL)¤Ç¤ÏNull Termination¤ÎÌäÂê¤Ïµ¯¤­¤Ê¤¤¤Î¤«¤È³Îǧ¤·¤Æ¤ß¤Þ¤·¤¿¡£OpenSSL¤Ç¤ÏNull¤¬¤¢¤Ã¤Æ¤â¼±ÊÌ̾¤Î°À­ÃͤÏÀµ¤·¤¯"\00"¤Î¤è¤¦¤Ë¼èÆÀ¤Ç¤­¤ë¤Î¤Ç¿ʬÌäÂê̵¤¤¤À¤í¤¦¤È»×¤¦¤ï¤±¤Ç¤¹¤¬¡¢¡¢¡¢

Ruby¤Ï¤Á¤ç¤Ã¤È½ñ¤±¤ëÄøÅÙ¤ÇËؤÉÁÇ¿ÍƱÁ³¤Ê¤ó¤Ç¡¢¤¤¤í¤¤¤í½àÈ÷¤¬É¬ÍפǤ¹¡£¤¤¤í¤¤¤í¹Í¤¨¤¿µó¶ç¡¢´Êñ¤½¤¦¤Ê¤ó¤Ç¤³¤ó¤Ê´Ä¶­¤Ç»î¤¹¤³¤È¤Ë¤·¤Þ¤·¤¿¡£

¡¦cygwin¾å¤ÎRuby 1.8.7-p72
¡¦rubygems¤ò»È¤¦
¡¦http-client2¤ò»È¤¦

¥»¥Ã¥È¥¢¥Ã¥×



Ruby¤ò­¤¹¤È¤³¤Þ¤Ç¤Ï¡¢cygwin¤Î¥Ñ¥Ã¥±¡¼¥¸¤ÇÉáÄ̤ˤä¤Ã¤Æ¡¢

gems¤ò­¤¹¤Ë¤Ï¤³¤Î¥µ¥¤¥È¤«¤érubygems-1.3.5.tgz¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ²òÅष¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤Þ¤¹¡£

http://rubyforge.org/frs/?group_id=126»²¾È
% tar xvfz rubygems-1.3.5.tgz
% cd rubygems*
% ruby setup.rb


http-client2¤Ï

http://raa.ruby-lang.org/project/httpclient/2.1.4
% gem install httpclient --source http://dev.ctor.org/download/


°Ê¾å¤Ç¤¹¡£¤¹¤´¤¤¤Ê¤¡¡¢¥»¥Ã¥È¥¢¥Ã¥×¤Ï´Êñ¤Ç¤¹¡£

¤Ç¡¢Àܳ



Null Termination¾ÚÌÀ½ñ¤ÎÀßÄꤵ¤ì¤¿¥Ë¥»¥µ¡¼¥Ð¡¼¤òΩ¤Á¾å¤²¤È¤¤¤Æ¡¢°Ê²¼¤Î¤è¤¦¤ÊRuby¤Î¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤·¤Þ¤¹¡£¥Æ¥¹¥È¤Ê¤ó¤Ç¡¢¥ë¡¼¥È¤À¤±Äɲ䷤Ȥ«¤Ê¤¤¤È¤¤¤±¤Þ¤»¤ó¡£

#!/usr/bin/ruby
require 'rubygems'
require 'httpclient'
URL = 'https://test.ibm.com/' #¥Ë¥»¤Î¥Û¥¹¥È
clnt = HTTPClient.new
clnt.ssl_config.set_trust_ca("00-ECOM-TEST-ROOTCA-SIG.pem")
puts clnt.get_content(URL)


¤Ç¡¢Áá®Àܳ¡£

/usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check': hostname was not match with the server certificate (OpenSSL::SSL::SSLError)
¡¡¡¡from /usr/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:260:in `post_connection_check'


¤È¥¨¥é¡¼É½¼¨¤µ¤ì

test.ibm.com
¤È
Subject: C=JP, O=Evil2, CN=test.ibm.com\x00.evil.jp
¤È¤Ï°ìÃפ·¤Ê¤¤


¤È¡¢Àµ¤·¤¯¥¨¥é¡¼¤È¤Ê¤ê¤Þ¤·¤¿¡£¤µ¤¹¤¬¡¢nahi¤µ¤ó¤Îhttp-client2¤Ï´Êñ¤À¤·¡¢¤Á¤ã¤ó¤È¤·¤Æ¤Þ¤¹¤Í¤§¡£¤Á¤ç¤Ã¤ÈRuby¤Ë²þ½¡¤·¤¿¤¯¤Ê¤Ã¤Á¤ã¤¤¤Þ¤¹¤Í¤§(¾Ð)

gotoyuzo¤µ¤ó¡¢nahi¤µ¤ó¡¢¤¢¤ê¤¬¤È¤¦¤´¤¶¤¤¤Þ¤·¤¿¡££í¡Ê¡²¡¡¡²¡Ë£í

º£Æü¤Î¤Ä¤Ö¤ä¤­


httpclient´Êñ¤Ë¤Ä¤«¤¨¤Æ¤«¤Ê¤êÎɤ¤¤ó¤Ç¤¹¤¬¡¢set_trust_ca¤È¤«¾ÚÌÀ½ñÆɤ߹þ¤à»þ¡¢DER¤Ç¤âPEM¤Ç¤âÆɤá¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤ë¤È¡¢À¨¤¯¥¦¥ì¥·¥¤¤Ê¤¡¤È»×¤¤¤Þ¤·¤¿¡£¤¢¤È¡¢ÊÌ·ï¤Çsqlite3-ruby¤òÆþ¤ì¤¿¤¤¤ó¤Ç¤¹¤¬¡¢cygwin¾å¤Ç¤«¤Ê¤ê¤Æ¤³¤º¤Ã¤Æ¤Þ¤¹(µã)¡£¤³¤ÎÆó¤Ä¤¬²ò·è¤¹¤ì¤Ð¥à¥Õ¥Õ¥×¥í¥¸¥§¥¯¥È¤ÎPerl¤Î¤ä¤Ä¤òRuby¤Ë°Ü¤¹¤«¤Ê¤¡¤È»×¤Ã¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢¤Ï¤Æ¤µ¤Æ¡¢¤É¤¦¤Ê¤ë¤³¤È¤ä¤é¡¢¡¢¡¢








ÊƹñGSA¤ÇSCVP

DigitalIDNews | GSA rolling out PKI validation service
The General Services Administration will unveil Central Certificate Validator program that will of perform certificate path discovery and validation (PD-VAL) in compliance with RFC 5280 in support of PKI-based authentication mechanisms described in FIPS 201.


¤À¤½¤¦¤À¡¢¡¢¡¢

ÊƹñÀ¯ÉÜĴãģ(GSA)¤Ç¤Ï¾ÚÌÀ½ñ¤Îǧ¾Ú¥Ñ¥¹¸¡¾Ú¤Î¤¿¤á¤Î¸¡¾Ú¥µ¡¼¥Ð¡¼¤Ç¤¢¤ëSCVP¤¬»È¤¨¤ë¤è¤¦¤Ë¤Ê¤ë¤½¤¦¤Ç¤¹¡£CoreStreet¤Ê¤Î¤«¤Ê¡¢¡¢¡¢¤Á¤ç¤Ã¤È¤ª¤â¤·¤í¤½¤¦¡£

Mac OS X¤Î¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤Ã¤¿¤é¡¢¡¢¡¢

ºÇ¶á¡¢Miyakawa¤µ¤ó¤¬Å¬³Ê¾ÚÌÀ½ñ(QC:Qualified Certificate)¤ÎÏÀʸ¤ò¼¹É®¤µ¤ì¤Æ¤¤¤Æ¡¢²¿²ó¤«¥É¥é¥Õ¥È¸«¤»¤Æ¤¤¤¿¤À¤¤¤¿¤êÅÅÏäò夤¤¿¤ê¤·¤Æ¤Þ¤¹¤¬¡¢Mac OS X¤Î¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤Î³ÈÄ¥Îΰè¤Îɽ¼¨¤¬¥ª¥â¥·¥í¥¤¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¤¤¤¦¤Î¤Ç¡Ö¤½¤ê¤ã¡¢À§È󸫤»¤Æ¤¯¤À¤µ¤¤¡×¤È¸À¤Ã¤¿¤é²÷¤¯¥Ö¥í¥°¤Ë¥¢¥Ã¥×¤·¤Æ²¼¤µ¤¤¤Þ¤·¤¿¡£¤½¤Î²èÁü¤¬¤³¤Á¤é¡¢¡¢¡¢¡¢




¿Þ1: Mac OS X¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¤Î¥­¥ã¥×¥Á¥ã (½Ðŵ¡§Miyakawa¤µ¤ó¤Î¥Ö¥í¥°(2009.05.26))

¤®¤ã¤Ü¡Á¡Á¡Á¡Á¡Á¡¢¤Ê¤ó¤¸¤ã¤³¤ê¤ã¡Á¡Á¡Á¡Á(¾Ð)

¾ò·ïÉÕ¤­¾ÚÌÀ½ñÌÀºÙ½ñ(1.3.6.1.5.5.7.1.3)


¡Ö¾ò·ïÉÕ¤­¾ÚÌÀ½ñÌÀºÙ½ñ¡×¤Ã¤Æ¡¢¤¢¡Á¡Á¤¿¡¢¼«Æ°¼Ö±¿Å¾Ìȵö¾Ú¤Î¡Ö´ã¶ÀÅù¡×¤È¤«¤¤¤¦¾ò·ïÉդοÈʬ¾ÚÌÀ½ñ¤Î¹¹¿·ÈñÍѤÎÌÀºÙ½ñ¤ß¤¿¤¤¤Ëʹ¤³¤¨¤Þ¤¹¤è¤¹¤Í¡£¤É¤ó¤Ê¾ÚÌÀ½ñ³ÈÄ¥¤Ê¤ó¤À¤Ã¤Ä¡Á¡Á¡Á¤Î¡ª¡ª¡ª

¤³¤ì¤ÏOID¤«¤é¤¹¤ë¤ËRFC 3979 3.2.6 Qualified Certificate Statements(Ŭ³Ê¾ÚÌÀ½ñÀë¸À¤Þ¤¿¤ÏQCÀë¸À)¤È¤¤¤¦¡¢¡Ö¤³¤Î¾ÚÌÀ½ñ¤ÏŬ³Ê¾ÚÌÀ½ñ¤Ç¤¹¤è¡×¤Ã¤Æ¤¤¤¦¤³¤È¤ò¤¢¤é¤ï¤¹³ÈÄ¥¤Ê¤ó¤Ç¤¹¤¬

¡¦Qualified(Ŭ³Ê)¢ª¤Ê¤¼¤«¡Ö¾ò·ïÉÕ¤­¡×
¡¦Certificate(¾ÚÌÀ½ñ)¢ª¤³¤ì¤Ï¹ç¤Ã¤Æ¤ë(¾Ð)
¡¦Statement(Àë¸À)¢ª¤³¤ì¤â¡¢¤Ê¤¼¤«¡ÖÌÀºÙ½ñ¡×

¤Ã¤Æ¤¤¤¦¤è¤¦¤Ê¡¢ÊªÀ¨¤¤Ìõ¸ì¤Ë¤Ê¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¡£

¾¤Ë¤â¡Ö¾ÚÌÀ½ñ±¿ÍÑÌÀºÙ½ñ¡×¤Ê¤ó¤Æµ­½Ò¤¬¤¢¤Ã¤Æ¡¢¤³¤ì¤Ã¤Æ¡Ö¤ªÂð¤Îǧ¾Ú¶É±¿ÍѤ·¤Æ¤¢¤²¤ë¤±¤É¡¢º£·î¤ÎÌÀºÙ¤Ï¤³¤ó¤Ê´¶¤¸¤Í¡¢¡¢¡¢¡×¤ß¤¿¤¤¤ËÆɤá¤Á¤ã¤¤¤Þ¤¹¤¬¡¢¤³¤ì¤Ã¤Æ¡ÖCertification Pracitice Statement(ǧ¾Ú¶É±¿Íѵ¬Äê¤È¤«Ç§¾Ú¼Â»Üµ¬Äê¤È¤«¸Æ¤Ð¤ì¤ë)¡×¤Ã¤Æ¤â¤Î¤Ç¤¹¡£²¿¤«ÊÌʪ¤Ëʹ¤³¤¨¤Þ¤¹¤è¤Í¡£¤¢¤È¡Ö¾ÚÌÀ½ñ¸°¼±ÊÌ»Ò(2.5.29.35)¡×¤Ã¤Æ¡¢¤³¤ì¼çÂμԸ°¼±ÊÌ»Ò(Subject Key Identifier)¤È´ª°ã¤¤¤µ¤ì¤ëÊý¤¬¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢¤³¤ìOID¤«¤é¤¹¤ë¤Ëȯ¹Ô¼Ô¸°¼±ÊÌ»Ò(Authority Key Identifier)¤Î¤³¤È¤Ç¤¹¡£Á´¤¯µÕ¤Î°ÕÌ£¤Ë¤Ê¤Ã¤Á¤ã¤¦¤ó¤Ç»ß¤á¤ÆÍߤ·¤¤¤Ç¤¹¡£Ìõ¤»¤Ê¤¤¤Ê¤éÌõ¤µ¤Ê¤­¤ã¤¤¤¤¤Î¤Ë¡¢¡¢¡¢¡¢¡¢¡¢

²¤½£°Ñ°÷²ñ(EC)¤Ç¤Ï¡¢¡ÖÅŻҽð̾¤Ë·¸¤ë²¤½£»ØÎá¡×¤È¤¤¤¦¤Î¤òȯ¹Ô¤·¤Æ¤ª¤ê¡¢¤½¤³¤Ç¤Ï¼«Á³¿Í¤Î¼ê½ñ¤­½ð̾¤ÈƱÅù¤ÎˡŪ¸ú²Ì¤ò»ý¤ÄÅŻҽð̾¤òŬ³Ê½ð̾(Qualified Signature)¤È°ÌÃ֤Ť±¤Æ¡¢Å¬³Ê½ð̾¤Ç¤¢¤ë¤¿¤á¤Ë¤Ï

(1)Àè¿Ê½ð̾(Advanced Electronic Signature):¾ÚÌÀ½ñ¤ò»ý¤ÄËܿͤ¬½ð̾¤·¤¿¤³¤È¤ò¸·Ì©¤ËÆÃÄê¤Ç¤­¤ë½ð̾(CAdES¡¦XAdES¡¦PAdES¤Ê¤É)
(2)¥»¥­¥å¥¢¤Ê½ð̾À¸À®¥Ç¥Ð¥¤¥¹(SSCD:IC¥«¡¼¥É¡¢¥½¥Õ¥È¥¦¥§¥¢¥È¡¼¥¯¥óÅù)¤Ë¤è¤ëÅŻҽð̾
(3)¤½¤·¤Æ¼«Á³¿Í¤Î¤ß¤Ëȯ¹Ô¤¹¤ë¸·³Ê¤ÊËܿͳÎǧ¹Ô¤Ã¤¿Å¬³Ê¾ÚÌÀ½ñ(QC)¤òÍѤ¤¤¿ÅŻҽð̾

¤Î3¤Ä¤¬Í×·ï¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤¬¡¢¡Ö¾ò·ïÉÕ¤­¾ÚÌÀ½ñÌÀºÙ½ñ¡×¤Ê¤ó¤ÆÌõ¤µ¤ì¤¿Æü¤Ë¤Ï¡¢²¤½£°Ñ°÷²ñ¤Î¿Í¤â¤¦¤«¤Ð¤ì¤Þ¤¹¤Þ¤¤¡¢¡¢¡¢¡¢

iPhone¤Î¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤â¤Ê¤«¤Ê¤«¥Þ¥Ë¥¢¥Ã¥¯¤Ê¤â¤Î¤Þ¤ÇÂбþ¤·¤Æ¤¤¤Æ¥¹¥´¥¤¤ÈI¤µ¤ó¤¬¶µ¤¨¤Æ¤¯¤ì¤¿¤ó¤Ç¤¹¤¬¡¢Mac OS X¤ÈƱ¤¸¤ÇʪÀ¨¤¤Ìõ¤Î¤Ï¤º¤Ç¤¹¤è¤Í¡¢¡¢¡¢¡¢¡¢¡¢(¡äI¤µ¤ó¥­¥ã¥×¤Ã¤Æ¸«¤»¤Æ¤¯¤À¤µ¡Á¡Á¡Á¤¤)

Miyakawa¤µ¤ó¤Î»ý¤Ã¤Æ¤¤¤ë¾ÚÌÀ½ñ¡¢»ä¤âÍߤ·¤¤¤Ê¤¡¡¢¡¢¡¢¤È»×¤Ã¤Æ¡¢¤Á¤ç¤Ã¤ÈÄ´¤Ù¤Æ¤ß¤¿¤é¥Ó¥ó¥´¡¢¡¢¡¢¡¢¥ê¥Ý¥¸¥È¥ê¤Ë¤¢¤ê¤Þ¤·¤¿¡£¥Ù¥ë¥®¡¼¤ÎeID¤Ïǧ¾ÚÍѤȽð̾ÍѤÈʬ¤±¤Æ¤¤¤Æ¡¢¥¹¥Ú¥¤¥ó¤È¤«¤Î¤È°ã¤Ã¤ÆÀ¸ÂÎǧ¾Ú¤Î¾ðÊó¤Ï̵¤¤¤ó¤Ç¤¹¤Í¡£

¾å¤Î¥­¥ã¥×¥Á¥ã¤Çɽ¼¨¤µ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ¤ÈƱ¤¸È¯¹Ô¼Ô¤Î¥²¥Ã¥È¤Ç¤­¤¿¾ÚÌÀ½ñ¤òÇÁ¤¤¤Æ¤ß¤ë¤È¡¢QCÀë¸À³ÈÄ¥¤Ë¤ÏETSI TS 101 862 v1.3.3 (2006-01)¤Çµ¬Äꤵ¤ì¤Æ¤¤¤ë

id-etsi-qcs-QcCompliance 0.4.0.1862.1.1


¤¬¤¢¤Ã¤Æ¡¢Àè¤Û¤É¤Î²¤½£°Ñ°÷²ñ(EC)¤ÎÅŻҽð̾»ØÎá¤Ë½àµò¤·¤Æȯ¹Ô¤µ¤ì¤¿Å¬³Ê¾ÚÌÀ½ñ¤ò¼¨¤¹Ãͤ¬Æþ¤Ã¤Æ¤¤¤Þ¤·¤¿¡£

º£¹¹¤Ê¤¬¤éNIST PKITS

NIST PKITS(PKI Test Suite) Path Validation Testing Program¤È¤ÏÊƹñɸ½àµ»½Ñ¶É(NIST:National Institute of Standards and Technology)¤Ç2004ǯ¤Ë³«È¯¤µ¤ì¤¿¡¢RFC 3280¤Çµ¬Äꤵ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Ñ¥¹¸¡¾Ú¤òÀµ¤·¤¯¼ÂÁõ¤µ¤ì¤Æ¤¤¤ë¤«³Îǧ¤Ç¤­¤ë¥Æ¥¹¥È¥±¡¼¥¹¤Î¥»¥Ã¥È¤Ç¤¹¡£

¥É¥­¥å¥á¥ó¥È¡¢¥Æ¥¹¥ÈÍѤξÚÌÀ½ñ¡¦CRL¡¦¥ê¥Ý¥¸¥È¥ê(LDAP¥µ¡¼¥Ð¡¼)¡¦CMS½ð̾¥Ç¡¼¥¿¤¬¸ø³«¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢Ã¯¤Ç¤â¥À¥¦¥ó¥í¡¼¥É¤·¤Æ»î¤¹¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ÎÌŪ¤Ë¤Ï¡¢






¥Æ¥¹¥È¥±¡¼¥¹¿ô¤À¤¤¤¿¤¤250
¥Æ¥¹¥È²Äǽ¤Ê¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¿ô224
¾ÚÌÀ½ñ¤Î¿ô405
CRL¤Î¿ô175


¤È¤¤¤¦¤Ê¤«¤Ê¤«¡¢¤â¤Î¤¹¤´¤¤¤â¤Î¤Ç¡¢¤³¤ó¤Ê¤Î¼ê¤Ç°ì¤Ä°ì¤Ä¤ä¤Ã¤Æ¤¤¤¿¤éÆü¤¬Êë¤ì¤Á¤ã¤¦¤°¤é¤¤¤ä¤ê¹ÃÈ夬¤Î¤¢¤ë¥Æ¥¹¥È¤Ç¤¹¡£

Java·Ï¤Î¼ÂÁõ¤ÇApache Ant+JUnit¥Ù¡¼¥¹¤Ç¥Æ¥¹¥È¤·¤¿¤¤



Apache Ant¤Ï¸À¤ï¤º¤ÈÃΤ줿make¥³¥Þ¥ó¥É¤ÎÂå¤ï¤ê¤È¤Ê¤ë¥³¥ó¥Ñ¥¤¥ë¤ä¥Ó¥ë¥É¤Ê¤É¤·¤Æ¤¯¤ì¤ëÍ­Æñ¤¤¥Ä¡¼¥ë¤Ç¤¹¡£JUnit¤ÏJava¤ÎñÂΥƥ¹¥È¤Î¥Õ¥ì¡¼¥à¥ï¡¼¥¯¤Ç¤¹¤Í¡£

Challenge PKI Test Suite¤Ç¤Ï¡¢¥Æ¥¹¥È¤ò¥´¥Ã¥½¥êÆ°¤«¤¹¤è¤¦¤ÊPerl¥¹¥¯¥ê¥×¥È¤òºî¤Ã¤ÆÆ°¤«¤·¤Æ¤¤¤Þ¤·¤¿¤¬¡¢´û¸¤ÎNIST PKITS¤Ç»È¤ª¤¦¤È¤¹¤ë¤È¾ÚÌÀ½ñ¤äCRL¤Ê¤É¥Æ¥¹¥È¥Ç¡¼¥¿¤ò¤¤¤Á¤¤¤Á¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÅêÆþ¤¹¤ëɬÍפ¬¤¢¤Ã¤Æ¤«¤Ê¤êÌÌÅݤǤ·¤¿¡£

¥Ñ¥¹¸¡¾Ú¥¯¥é¥¤¥¢¥ó¥È¤¬Java¥Ù¡¼¥¹¤Î»þ¤ËAnt+JUnit¤ÎÁȤ߹ç¤ï¤»¤Ç¤â¤¦¾¯¤·¥·¥ó¥×¥ë¤Ë¡¢PKITS¤Î¥Ç¥£¥ì¥¯¥È¥ê¹½À®¤òÀ¸¤«¤·¤Ê¤¬¤é¥Æ¥¹¥È¤Ç¤­¤Ê¤¤¤«¤Ê¡¢¡¢¡¢¤È¹Í¤¨¤Æ¤¤¤Þ¤·¤¿¡£Á°¤ÎChallenge PKI¤¬¸Å¤¤NIST¤Î¥Æ¥¹¥È¥±¡¼¥¹¤ò»²¾È¤Ë¤·¤Æ¤¤¤¿¤Î¤Ç¡¢¿·¤·¤¤(¤È¤¤¤Ã¤Æ¤â2004ǯ¤Ç¤¹¤¬)¥Æ¥¹¥È¥±¡¼¥¹¡¢¥Õ¥¡¥¤¥ë¹½À®¤ËÂбþ¤µ¤»¤¿¤¤¤È»×¤Ã¤Æ¤¤¤Þ¤·¤¿¡£

Sun¤ÎCertPathValidator¤Ç¤Á¤ç¤Ã¤Èµ¤¤Ë¤Ê¤Ã¤Æ¤¤¤¿¤³¤È¤â¤¢¤Ã¤¿¤ê¤·¤¿¤Î¤Ç¡¢ºòÆü¤Á¤ç¤Ã¤È»þ´Ö¤¬¤¢¤Ã¤¿¤Î¤Çºî¤Ã¤Æ¤ß¤Þ¤·¤¿¡£

¼Â¸½ÊýË¡



´ðËܤϡ¢¡ÖPKITS¤òAnt+JUnit¤Ç¥Ñ¥Ñ¥Ã¤È¤ä¤Ã¤Æ¥ì¥Ý¡¼¥ÈºîÀ®¤â¤½¤Á¤é¤Ë¤ªÇ¤¤»¤·¤¿¤¤¡×¤Ã¤Æ¤³¤È¤Ç¤¹¡£¥Æ¥¹¥È¤Î¼Â»Ü¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ê´¶¤¸¤Î¥Æ¥¹¥È¥±¡¼¥¹¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤òJava¤Îproperties¥Õ¥¡¥¤¥ë¤Çºî¤Ã¤Æ¥Æ¥¹¥È¤µ¤»¤Þ¤¹¡£ÀßÄê¥Õ¥¡¥¤¥ë¤Ë¤Ï¸¡¾ÚÂоݤξÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤È¡¢CRL¤Î¥Õ¥¡¥¤¥ë̾¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£

# t040101_ValidSignaturesTest1.cfg
path.crt.1=TrustAnchorRootCertificate.crt
path.crt.2=GoodCACert.crt
path.crt.3=ValidCertificatePathTest1EE.crt
path.crl.1=TrustAnchorRootCRL.crl
path.crl.2=GoodCACRL.crl


¸¡¾Ú¥Ñ¥é¥á¡¼¥¿¤âƱ¤¸¤¯¥Ç¥Õ¥©¥ë¥È¤ò¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ë¤ÇÍ¿¤¨¤Þ¤¹¡£¥Æ¥¹¥È¥±¡¼¥¹¥Õ¥¡¥¤¥ë¤Ë¤âÎã³°¤ò½ñ¤±¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤­¤Þ¤¹¡£

input.initial-policy-set=2.5.29.32.0
input.initial-explicit-policy=0
input.initial-policy-mapping-inhibit=0
input.initial-inhibit-any-policy=0


¤Ç¡¢¤³¤Î¥Æ¥¹¥È¥±¡¼¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤ò250¶á¤¯¼ê¤Çºî¤ë¤Î¤Ï¤¨¤é¤¯ÌÌÅݤʤΤǥƥ¹¥È¥±¡¼¥¹Àß·×½ñ¤ÎPDF¤«¤é¼«Æ°¤Çºî¤ì¤Ê¤¤¤«¤È¹Í¤¨¤Þ¤·¤¿¡£¥Æ¥¹¥È¥±¡¼¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤Î¼«Æ°Ãê½Ð¤Ç¤Ï°Ê²¼¤Î¤è¤¦¤Ê¤³¤È¤ò¤·¤Þ¤¹¡£

¡¦pdf2text ¤òÍѤ¤ PKITS.pdf ¤Î¥Æ¥¹¥È¥±¡¼¥¹Éôʬ(4¾Ï)¤ò¥Æ¥­¥¹¥È¤Ë¤¹¤ë
¡¦²þ¹Ô¤ÎÍð¤ì¤Ê¤É¥¹¥¯¥ê¥×¥È¤Ç¼«Æ°½¤Àµ¤¹¤ë
¡¦¥µ¥Ö¥µ¥Ö¥»¥¯¥·¥ç¥ó̾¤«¤é¥Æ¥¹¥È¥±¡¼¥¹Ì¾¤ò¼èÆÀ
¡¦¤½¤ÎÃæ¤Îµ­½Ò¤è¤ê¸¡¾ÚÂоݤξÚÌÀ½ñ¡¦CRL̾¤ò¼èÆÀ
¡¦¥Æ¥¹¥È¥±¡¼¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤òÀ¸À®

¥Æ¥¹¥È¥±¡¼¥¹ÀßÄê¥Õ¥¡¥¤¥ë·²¤è¤ê¥Ñ¥¹¸¡¾Ú¤òJUnit¥Æ¥¹¥È¤Ë¤è¤ê¹Ô¤¦Java¤Î¥³¡¼¥É¤ò¼«Æ°À¸À®¤¹¤ë¤è¤¦¤Ê¥¹¥¯¥ê¥×¥È¤òºî¤ê¤Þ¤·¤¿¡£

JUnitñÂΥƥ¹¥È¤Î¥¯¥é¥¹

package pkits.auto;

import java.util.*;
import junit.framework.TestCase;
import pkits.util.*;

¢­4.1¾Ï "Signature Verification Test"¤ÎÀá¤Î¥Æ¥¹¥È
public class T0401_SignatureVerificationTest extends PKITSTestCase {
¡¡public T0401_SignatureVerificationTest(String name) { super(name); }

¡¡protected void setUp() {}
¡¡protected void tearDown() {}

¡¡¢­4.1.1Àá "Valid Signatures Test1" ¤Î¥Æ¥¹¥È¤òÀßÄê¥Õ¥¡¥¤¥ë¤ò»ØÄꤷ¼Â¹Ô
¡¡public void test_t040101_ValidSignaturesTest1() throws Exception {
¡¡¡¡doPKITSTestCase("t040101_ValidSignaturesTest1");
¡¡}
¡¡¢¬¥³¥ì¤ò¥Æ¥¹¥È¥±¡¼¥¹¿ô¤À¤±
¡¡¡§°Ê²¼Î¬
}


¥¯¥é¥¹¤ÎƬ¤ÎÉôʬ¤ò"T0401_"¤Ë¤·¤¿¤ê¡¢¥Æ¥¹¥È¥á¥½¥Ã¥É¤ò"test_t040101_"¤Î¤è¤¦¤ËÀáÈÖ¹æ¤ò´Þ¤à¤è¤¦¤Ë¤·¤Æ¤ª¤¯¤È¡¢¥Æ¥¹¥È¥±¡¼¥¹·ë²Ì¤Î¥ì¥Ý¡¼¥È¤¬Àá¤Î½ç¤Ë¤­¤ì¤¤¤Ëɽ¼¨¤µ¤ì¤ë¤Î¤ÇÎɤ¤¤È»×¤¤¤Þ¤¹¡£

¥Æ¥¹¥È¤Î´üÂÔÃͤǤ¹¤¬¡¢´ðËÜŪ¤Ë¤Ï¥Æ¥¹¥È¥±¡¼¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤Î̾Á°"*_Valid*"¡¢"*_Invalid*" ¤ÇÍ­¸ú¡¢Ìµ¸ú¤òȽÃǤ·¤Þ¤¹¡£Ã¢¤·¡¢4.8Àá¤Î¾ÚÌÀ½ñ¥Ý¥ê¥·¤Î¥Æ¥¹¥È¤Ê¤É¤Ç¤Ï¡¢¥Æ¥¹¥È¥á¥½¥Ã¥É¤¬"test_t04080101_AllCertificatesSamePolicyTest1"¤Î¤è¤¦¤ËValid/Invalid¤Ï½ñ¤«¤ì¤Æ¤¤¤Ê¤¯¤Æ¡¢°ì¤Ä¤Î¥Æ¥¹¥È¤ÎÃæ¤Ç1¡Á4¤Î¥Ý¥ê¥·½èÍý¤Î¾ò·ï¤òÊѤ¨¤Æ¥Æ¥¹¥È¤¹¤ë¤Î¤Ç½ñ¤«¤ì¤Æ¤¤¤Ê¤¤¤ï¤±¤Ç¤¹¡£¤³¤ì¤Ï¡¢ÌÌÅݤǤ¹¤¬¼ê¤ÇÀßÄê¥Õ¥¡¥¤¥ë¤òʬ¤±¤Æ¥Æ¥¹¥È¥±¡¼¥¹Ãæ¤Ë´üÂÔÃͤò½ñ¤¯¤è¤¦¤Ë¤·¤Þ¤·¤¿¡£

# t040801_AllCertificatesSamePolicyTest1.cfg
expectValue=INVALID
input.initial-policy-set=2.16.840.1.101.3.2.1.48.2
input.initial-explicit-policy=1


¤ÇCertPathValidator¤ò¼ÂºÝ¤ËÆ°¤«¤¹Á´¤Æ¤Î¥Æ¥¹¥È¤ÎÃê¾Ý¿Æ¥¯¥é¥¹¤òºî¤Ã¤Æºî¶È¤ÏÂçÂΤª¤·¤Þ¤¤¤Ç¤¹¡£

¼Â¹Ô¤·¤Æ¤ß¤ë¤È¡¢¡¢¡¢¡¢

¤³¤³¤Þ¤Ç¤ªÁ·Î©¤Æ¤Ç¤­¤ì¤Ð¸å¤Ï "ant test" °ìȯ¤ÇÆ°¤«¤¹¤À¤±¡£

% ant test
Buildfile: build.xml
init:
prepare:
[echo] ----------- NIST PKITS Test Runner 0.9.1 [2009] --------
prepare-src:
prepare-resource:
compile:
test:
[junit] Running pkits.auto.T0401_SignatureVerificationTest
[junit] Tests run: 6, Failures: 0, Errors: 0, Time elapsed: 2.139 sec
¡§Ãæά
[junit] Running pkits.auto.T0404_BasicCertificateRevocationTestsTest
[junit] Tests run: 21, Failures: 1, Errors: 0, Time elapsed: 1.921 sec
[junit] Test pkits.auto.T0404_BasicCertificateRevocationTestsTest FAILED
¡§Ãæά
[junitreport] Processing reports\TESTS-TestSuites.xml to null507600500
[junitreport] Transform time: 2874ms
BUILD SUCCESSFUL
Total time: 45 seconds


pkits01pub



250¤Î¥Æ¥¹¥È¥±¡¼¥¹¤Ç11¸Ä¼ºÇÔ¡¢¤Ä¤Þ¤ê´üÂÔÃͤÈÉÔ°ìÃפȤʤäƤ¤¤Þ¤¹¡£

pkits02pub



¼ºÇÔ¤·¤¿¤Î¤Ï¤É¤ì¤âCRL´Ø·¸¤Î¤ä¤Ä¤Ç¤¹¡£Sun¤Î¼ÂÁõ¤ÏIndirect CRL¤È¤«Delta CRL¤È¤«¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢ÅöÁ³¤È¤¤¤¨¤ÐÅöÁ³¡¢¡¢¡¢¡¢

pkits03pub



¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤Delta CRL¤Î¥Æ¥¹¥È·ë²Ì¤Î¤µ¤é¤Ê¤ë¾ÜºÙ¤Ï¤³¤ó¤Ê¤Î¡£
Invalid¤Î¥Æ¥¹¥È¥±¡¼¥¹¤Ç̵¸ú¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤ÏÂçÄñCertPathValidatorException¤Ê¤ó¤Ç¤¹¤¬¡¢´üÂÔÃÍÄ̤êÎã³°¤¬È¯À¸¤·¤¿¾ì¹çJUnit¤ÎñÂΥƥ¹¥È¤È¤·¤Æ¤ÏÀ®¸ù¤Ç¡¢¤¹¤ë¤È¤É¤¦¤¤¤¦Íýͳ¤ÇÎ㳰ȯÀ¸¤·¤¿¤«¤é¥Æ¥¹¥ÈÀ®¸ù¤À¤Ã¤¿¤Î¤«¤ò·ë²Ìɽ¤Çɽ¼¨¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¤ó¤Ç¤¹¤è¤Í¡£¤³¤ì¤Ï¡¢¤Á¤ç¤Ã¤Èº¤¤Ã¤¿¤È¤³¤í¡£

»ÅÊý¤Ê¤¯¡¢É¸½à½ÐÎϤò¸«¤¿¤ê¤·¤Þ¤¹¡£

°Ê¾å¡¢¤³¤ó¤Ê´¶¤¸¤ÇApache Ant¤ÈJUnit¤ÇNIST PKITS Path Validation Test¤òÆ°¤«¤¹¤³¤È¤¬¤Ç¤­¡¢½¸·×·ë²Ì¤Îɽ¼¨¤Ë¤Ä¤¤¤Æ¤â¤Û¤ÜËþ­¤Ç¤­¤ë¤â¤Î¤¬´°À®¤·¤Þ¤·¤¿¡£¥Ñ¥Á¥Ñ¥Á¡Ê¡°¡°£ö

¤¤¤ä¡Á¡Á¡¢ºÇ½é¤«¤éXML¤«²¿¤«¤Ç¥Æ¥¹¥È¥±¡¼¥¹½ñ¤¤¤Æ¤¯¤ì¤ì¤Ð¶ìÏ«¤â¾¯¤Ê¤¤¤ó¤¹¤±¤É¤Í¡¢¡¢¡¢¡¢

º£²ó¤ÏJUnit¤ÏJUnit 3.8¤È¤¤¤¦¸Å¤¤¤Î¤ò»È¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢º£¤ÏJUnit¤Ï4.5¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢¤½¤ì¤è¤ê¤âTestNG¤ÎÊý¤¬ÃíÌܤµ¤ì¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¡¢¡¢¡¢¡¢ÃΤé¤Ê¤«¤Ã¤¿¡¢¡¢¡¢¤½¤í¤½¤íTestNG¤ËÀÚ¤êÂؤ¨¤ë»þ¤¬Í褿¤Î¤«¤â¡¢¡¢¡¢¡¢¡¢

JUnit 4.x¤Ï¥Æ¥¹¥È·ë²Ì¤ÎError¤¬Ìµ¤¯¤Ê¤Ã¤ÆSuccess/Failure¤À¤±¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤Ã¤¿¤Î¤Ç¡¢¤³¤ì¤Ï¤Á¤ç¤Ã¤Èº¤¤Ã¤¿¤â¤ó¤Ç¤¹¡£TestNG¤â¤³¤ì¤ÏƱ¤¸¤Ã¤Ý¤¤¡©¡©¡©¤¢¤ÈJUnit 4.x¤âTestNG¤âJava 1.5°Ê¹ß¤Î¥¢¥Î¥Æ¡¼¥·¥ç¥óµ¡Ç½¤ò»È¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢¸Å¤¤Java 1.4¤ò»È¤¤Â³¤±¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¾ì¹ç¤Ë¤Á¤ç¤Ã¤Èº¤¤Ã¤Æ¤¤¤Þ¤¹¡£


Sun Java CertPathBuilder¤ÎÎã³°¤Î¥¤¥±¥º

¤¢¤ë¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤¬¿®Íꤹ¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤«¤éé¤Ã¤ÆÍ­¸ú¤Ç¤¢¤ë¤«¤É¤¦¤«È½Äꤹ¤ë¤¿¤á¤Ëǧ¾Ú¥Ñ¥¹¸¡¾Ú(Certification Path Validation)¤È¤¤¤¦½èÍý¤ò¹Ô¤¤¤Þ¤¹¡£

¤³¤ì¤Ï¡¢HTTPS¤ÇÊݸ¤ì¤¿¥µ¥¤¥È¤ËÀܳ¤¹¤ë»þ¤äS/MIME½ð̾¥á¡¼¥ë¤ò³«¤¯ºÝ¤Ë¼Â¤Ï΢¤Ç¹Ô¤ï¤ì¤Æ¤¤¤ë¤È¤Ã¤Æ¤â½ÅÍפʽèÍý¤Ç¤¹¡£

Java ¤Ç¤ÏCertPathBuilder¤ÈCertPathValidator¤È¤¤¤¦¥¯¥é¥¹¤¬¤¢¤ê¡¢»ÅÁȤßŪ¤Ë¤ÏX.509¸ø³«¸°¾ÚÌÀ½ñ¤Ë¸Â¤é¤ºÈÆÍÑŪ¤Ë¾ÚÌÀ½ñ¤Î¥Ñ¥¹¤¬¸¡¾Ú¤Ç¤­¤¿¤ê¡¢¤¤¤í¤¤¤í¤Ê²ñ¼Ò¤Î¼ÂÁõ¤·¤¿¥¢¥ë¥´¥ê¥º¥à¡¢¼ÂÁõÊýË¡¤¬ÁªÂò¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

Sun Java ¤Ë¤ÏRFC 3280½àµò¤Î¥Ñ¥¹¸¡¾Ú¼ÂÁõ¤¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢¤³¤ì¤Ë´ð¤Å¤¯X.509¾ÚÌÀ½ñ¤Î¥Ñ¥¹¸¡¾Ú¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£


CertPathBuilder¤ÎSun¥×¥í¥Ð¥¤¥À¤ÎPKIX¥¢¥ë¥´¥ê¥º¥à
¸¡¾ÚÂоݾÚÌÀ½ñ¡¢Ãæ´Ö¾ÚÌÀ½ñ¡¢CRL¡¢¾ÚÌÀ½ñ¤äCRL¤ò¼èÆÀ¤¹¤ëLDAP¥Ç¥£¥ì¥¯¥È¥ê¡¢OCSP¥ì¥¹¥Ý¥ó¥À¤ÎÀßÄê¡¢¥È¥é¥¹¥È¥¢¥ó¥«¤È¤Ê¤ë¥ë¡¼¥È¾ÚÌÀ½ñ·²¤ò»ØÄꤹ¤ë¤³¤È¤Ë¤è¤ê¡¢¼«Æ°Åª¤Ë¥Ñ¥¹¹½ÃÛ¤È(¶¹µÁ¤Î)¥Ñ¥¹¸¡¾Ú¤òƱ»þ¤Ë¹Ô¤¦¤³¤È¤Ë¤è¤ê¸¡¾ÚÂоݾÚÌÀ½ñ¤Î¥Ñ¥¹¤¬Í­¸ú¤Ç¤¢¤ë¤«¤òȽÄꤷ¤Þ¤¹¡£ÆâÉô¤ÇCertPathValidator¤Î¼ÂÁõ¤¬»È¤ï¤ì¤Æ¤¤¤ë¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
CertPathValidator¤ÎSun¥×¥í¥Ð¥¤¥À¤ÎPKIX¥¢¥ë¥´¥ê¥º¥à
¸¡¾ÚÂоݾÚÌÀ½ñ¤«¤é¥È¥é¥¹¥È¥¢¥ó¥«¤È¤Ê¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Î°ì¤Ä¼êÁ°¤Þ¤Ç¤Î¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó(CertPath)¤òÍ¿¤¨¤ë¤³¤È¤Ë¤è¤ê¡¢(¶¹µÁ¤Î)¥Ñ¥¹¸¡¾Ú¤ò¹Ô¤¤¤Þ¤¹¡£


Sun PKIX¤ÎCertPathBuilder¤Î¥Ñ¥¹¹½ÃÛ¤ò¥¶¥Ã¥¯¥ê¿Þ¤Ë¤·¤¿¤Î¤¬°Ê²¼¡¢¡¢¡¢

pathbuild02



Sun¥×¥í¥Ð¥¤¥À¤ÎCertPathBuilder¤ÎPKIX¥¢¥ë¥´¥ê¥º¥à¼ÂÁõ¤Ê¤ó¤Ç¤¹¤¬¡¢¤³¤ì¤¬¡¢¤Þ¤¿¤Á¤ç¤Ã¤È¥¤¥±¥º¤Ê¼ÂÁõ¤Ë¤Ê¤Ã¤Æ¤¤¤Æ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤È¤¤¤¦¤«Îã³°½èÍý¤¬¤È¤Æ¤âÉÔ¿ÆÀڤʤó¤Ç¤¹¡£

¥Ñ¥¹¤ò¹½ÃÛ¤¹¤ë¤¿¤á¤Î¾ÚÌÀ½ñ¤¬ÉÔ­¤·¤Æ¤¤¤¿¤ê¡¢CRL¤¬¼èÆÀ¤Ç¤­¤Ê¤«¤Ã¤¿¤ê¡¢¼º¸ú¤·¤Æ¤¤¤¿¤ê¡¢´ü¸ÂÀÚ¤ì¤À¤Ã¤¿¤ê¡¢¸°ÍÑÅÓ¤¬´Ö°ã¤Ã¤Æ¤¤¤¿¤ê¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Ë¤¢¤ë¤Ù¤­´ðËÜÀ©Ìó¤ÎcA¥Õ¥é¥°¤¬TRUE¤Ç¤Ê¤«¤Ã¤¿¤ê¤¹¤ë¤ÈÎã³°¤¬È¯À¸¤·¤Þ¤¹¤¬¡¢¤É¤ó¤ÊÍýͳ¤Ç¤¢¤Ã¤Æ¤âÁ´¤¯Æ±¤¸

sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target


¤È¤¤¤¦Îã³°¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£¤³¤ì¤¸¤ã²¿¤¬¥¨¥é¡¼Íýͳ¤À¤Ã¤¿¤Î¤«¤µ¤Ã¤Ñ¤ê¤ï¤«¤é¤Ê¤¤¡Ê¡°¡°¡¨¥á¥Ã¥»¡¼¥¸ "unable to find valid ..." ¤Ç¤°¤°¤Ã¤Æ¤ß¤ë¤È³§¤µ¤ó¥¨¥é¡¼Íýͳ¤¬¤ï¤«¤é¤ºº¤¤Ã¤Æ¤ª¤é¤ì¤ëÍͻҡ¢¡¢¡¢¡¢

CertPathBuilderException¥¯¥é¥¹¤Ç¤ÏgetCause()¥á¥½¥Ã¥É¤Ë¤è¤ê¡¢¤½¤ÎÎã³°¤¬È¯À¸¤·¤¿¸µ¤Î¸¶°ø¤È¤Ê¤ëÎã³°¤ò¼èÆÀ¤Ç¤­¤ë¤ó¤Ç¤¹¤¬¡¢Sun¤Î¼ÂÁõ¤Ç¤Ï¿¼¤µÍ¥Àèõº÷¤Î¤»¤¤¤«¡©¡ªÉÔ¿ÆÀڤʤΤ«¡©¡ª¤³¤ì¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¤¿¤á¡¢¥Ñ¥¹¹½ÃÛ¡¦¸¡¾Ú¤Ë¼ºÇÔ¤·¤¿¸¶°ø¤¬¤ï¤«¤é¤Ê¤¤¤ó¤Ç¤¹¡£

¥Ñ¥¹¤Î¿¼¤µÍ¥Àèõº÷¤È¤Ï


Sun¤ÎCertPathBuilder¤ÎPKIX¥¢¥ë¥´¥ê¥º¥à¤Î¼ÂÁõ¤Ç¤Ï¥Ñ¥¹¤ò¸«¤Ä¤±¤ëºÝ¡¢ÉýÍ¥Àèõº÷¤È¿¼¤µÍ¥Àèõº÷¤Î¤¦¤Á¿¼¤µÍ¥Àèõº÷¤¬»È¤ï¤ì¤Æ¤¤¤Þ¤¹¡£(¿Í¹©ÃÎǽ·Ï¤ÎÊý¡¢Prolog·Ï¤ÎÊý¤Ï¤è¤¯¤´Â¸ÃΡ¢¡¢¡¢¡Ê¡°¡°¡¨)

°Ê²¼¤Î¤è¤¦¤Ê¾¯¤·Ê£»¨¤ÊPKI¥â¥Ç¥ë¤Ç¹Í¤¨¤Æ¸«¤Þ¤·¤ç¤¦¡£

cpb01



¤³¤³¤Ç¤Ï¿®Íꤹ¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤«¤é¥¨¥ó¥É¥¨¥ó¥Æ¥£¥Æ¥£¾ÚÌÀ½ñ¤Þ¤Ç3Ä̤ê¤Î¥Ñ¥¹¤¬¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¤½¤Î¤¦¤Á2¤Ä¤Ï̵¸ú¤Ê¥Ñ¥¹¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

¡¦ROOT¢ªAAA¤ÎCA¾ÚÌÀ½ñ¤Ï¾ÚÌÀ½ñÍ­¸ú´ü¸Â¤¬ÀÚ¤ì¤Æ¤¤¤ë¤Î¤Ç̵¸ú
¡¦ROOT¢ªBBB¤ÎCA¾ÚÌÀ½ñ¤Ï´ðËÜÀ©Ìó¤ËcA=TRUE¤¬Ìµ¤¤¤¿¤á̵¸ú

Sun¤ÎCertPathBuilder¤Ç¥Ñ¥¹¹½ÃÛ¤·¤¿¾ì¹ç¤Î¡¢¥Ñ¥¹¹½ÃÛ¤Çé¤Ã¤Æ¤ß¤¿½ç½ø¤ò¿ÞÀ⤷¤¿¤Î¤¬°Ê²¼¤Ç¤¹¡£

cpb02



Sun¼ÂÁõ¤Ç¤Ï¥¨¥ó¥É¥¨¥ó¥Æ¥£¥Æ¥£¾ÚÌÀ½ñ¤«¤é»Ï¤á¤Æ¥È¥é¥¹¥È¥¢¥ó¥«¤Ç¤¢¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Þ¤Ç¿¼¤µÍ¥Àèõº÷¤Ç¥Ñ¥¹¹½ÃÛ¤ò»î¤ß¤Þ¤¹¡£¿¼¤µÍ¥Àè¤È¤Ï¡¢¤Ö¤Ã¤Á¤ã¤±¤Á¤ã¤¦¤È¡Ö¹Ô¤±¤ë½ê¤Þ¤Ç¹Ô¤¯¡×¡¢
Ƨ¤ß½Ð¤»¤Ð¤½¤Î°ì­¤¬Æ»¤È¤Ê¤ê¡¢¤½¤Î°ì­¤¬Æ»¤È¤Ê¤ë¡£Ì¤鷺¹Ô¤±¤è¡£¹Ô¤±¤Ð¤ï¤«¤ë¤µ¡£¤¢¤ê¤¬¤È¤¦¡ª
Ū¤Ê¥¢¥ó¥È¥Ë¥ªÃöÌÚ¤Î̾¸À¤ÎÍͤʥ¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£

(1) ¥¨¥ó¥É¥¨¥ó¥Æ¥£¥Æ¥£¾ÚÌÀ½ñHHH¢«GGG¤«¤é¥Ñ¥¹¹½ÃÛ³«»Ï
(2) CA¾ÚÌÀ½ñ GGG¢«EEE¡¢EEE¢«BBB ¤òé¤ë¡£
¡¡¡¡¡¡¤½¤ÎºÝ¤ËÅÔÅÙ¡¢¸Ä¡¹¤ÎÄɲ䵤ì¤ë¾ÚÌÀ½ñ¤ËÂФ·¤Æ½ð̾ÃÍ¡¢
¡¡¡¡¡¡¼±ÊÌ̾Á°¤Î°ìÃס¢¸°ÍÑÅÓ¡¢³Æ¼ïÀ©Ìó¤Î½èÍý¼º¸ú¸¡¾Ú¤Ê¤É¤ò¹Ô¤¦¡£
(3) BBB¢«ROOT¾ÚÌÀ½ñ¤Î´ðËÜÀ©Ìó³ÈÄ¥¤ËcA=TRUE¤¬Ìµ¤¤¤Î¤ÇGGG¤ËÌá¤ë
(4) CA¾ÚÌÀ½ñ GGG¢«DDD¡¢DDD¢«AAA ¤òé¤ë¡£
(5) BBB¢«ROOT¾ÚÌÀ½ñ¤Ï´ü¸ÂÀÚ¤ì¤Ê¤Î¤ÇGGG¤ËÌá¤ë¡£
(6) CA¾ÚÌÀ½ñ GGG¢«FFF¡¢FFF¢«CCC¡¢CCC¢«ROOT ¤òé¤ë¡£
(7) ¥È¥é¥¹¥È¥¢¥ó¥«¤Þ¤Çé¤ì¤¿¤Î¤Ç(6)¤¬Í­¸ú¤Ê¥Ñ¥¹¤È¤Ê¤ê
¡¡¡¡¡¡¥Ñ¥¹¹½ÃÛ¡¦¸¡¾Ú¤Ï´°Î»¡£

ÉýÍ¥Àè¤Î¾ì¹ç¡¢ÅÓÃæÁªÂò»è¤òÁ´¤ÆÊú¤¨¤¿¤Þ¤Þõº÷¤¹¤ë¤Î¤Ç¿¤¯¥á¥â¥ê¤ò¾ÃÈñ¤¹¤ë¤È¸À¤ï¤ì¤Æ¤¤¤Þ¤¹¡£¤½¤¦¤·¤¿°ÕÌ£¤Ç¤Ï¿¼¤µÍ¥Àè¤Ï¤Þ¤¡¡¢ÂÅÅö¤«¤Ê¤È¡¢¡¢¡¢

Sun PKIX CertPathBuilder¼ÂÁõ¤ÎÎã³°¤Î¥¤¥±¥º



¤¿¤À¡¢¼¡¤Î¤è¤¦¤Ê¥±¡¼¥¹¤Î¾ì¹ç¡¢¥Ñ¥¹¹½ÃÛ¤ò»î¤ß¤Æ·ë¶É¤ÏÍ­¸ú¤Ê¥Ñ¥¹¤¬¸«¤Ä¤«¤é¤Ê¤¤¤¿¤á¡Öunable to find valid certification path to requested target(Í׵ᤵ¤ì¤¿ÂоÝ(¾ÚÌÀ½ñ)¤ËÂФ¹¤ëÍ­¸ú¤Êǧ¾Ú¥Ñ¥¹¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó)¡×¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

cpb03



¤³¤ÎºÝ¤ÎCertPathBuilderExceptionÎã³°¤ÎgetCause()¤Ë¤Ï²¿¤âÆþ¤Ã¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢²¿¸Î¥Ñ¥¹¹½ÃÛ¡¦¸¡¾Ú¤Ë¼ºÇÔ¤·¤¿¤Î¤«¤Ï(ÉáÄ̤Ï)Ææ¤Î¤Þ¤Þ¤Ç¤¹¡£¤»¤á¤Æ¥Ñ¥¹¹½ÃÛ¼ºÇԤ赤òºÇ¸å¤Ëµ¯¤³¤·¤¿Îã³°¤¬getCause()¤ËÀßÄꤵ¤ì¤Æ¤¤¤ì¤Ð·ë¹½Íýͳ¤¬¤ï¤«¤ë¤â¤ó¤Ê¤ó¤Ç¤¹¤±¤É¡¢»ÄÇ°¤Ê¤¬¤é¤½¤¦¤Ê¤Ã¤Æ¤Þ¤»¤ó¡£¿¼¤µÍ¥Àèõº÷¤Ê¤Î¤Ç¡ÖÁ°¤ÎÎã³°¤Ê¤ó¤«¤¤¤Á¤¤¤ÁÊݸ¤·¤Æ¤ª¤¯¤«¤¡¡ª¡ª¡×¤È¤¤¤¦¼ÂÁõ¤Ê¤ó¤Ç¤·¤ç¤¦¡£

ºÇ¸å¤ËȯÀ¸¤·¤¿Îã³°¤ògetCause()¤ËÀßÄꤹ¤ë¤À¤±¤À¤È²¼¤Î¤è¤¦¤Ê¥±¡¼¥¹¤Ç¤ÏËܼÁŪ¤ÊÌäÂ꤬¤ï¤«¤é¤Ê¤¤¥±¡¼¥¹¤â¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¤Þ¤¡¡¢¤½¤ì¤Ï¸½¾õ¤Î²¿¤â̵¤¤¤è¤ê¤Ï¤Þ¤·¤ß¤¿¤¤¤Ê´¶¤¸¤Ç»Ä¤·¤Æ¤ª¤¤¤ÆÍߤ·¤¤¤Ê¤¡¡¢¡¢¡¢¡¢

cpb04



¥Ñ¥¹¹½ÃÛ¤Çé¤Ã¤¿½ç½ø¤¬²¿¸Î¤ï¤«¤ë¤«¡©



¤Ç¤Ï¡¢²¿¸Î¾å¤ÎÊý¤Î¿Þ¤ÇSun PKIX CertPathBuilder¤¬Ã©¤Ã¤¿¥Ñ¥¹¹½ÃÛ½ç½ø¤¬¤ï¤«¤Ã¤¿¤«¤È¤¤¤¦¤È¥í¥°¤ò¸«¤¿¤«¤é¤Ê¤ó¤Ç¤¹¡£CertPathBuilder¤äCertPathValidator¤Ç¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë "-Djava.security.debug=certpath"¤Î¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤ì¤Ð¥Ç¥Ð¥Ã¥°¥í¥°¤¬É¸½à½ÐÎϤËɽ¼¨¤µ¤ì¤Þ¤¹¡£
% java -Djava.security.debug=certpath [CertPath¤ò»È¤Ã¤¿Java¥×¥í¥°¥é¥à]


¤¿¤À¡¢¤³¤³¤«¤é½Ð¤Æ¤¯¤ë¥í¥°¤Ïº£¤Þ¤Ç¸«¤Æ¤­¤¿¥í¥°¤ÎÃæ¤Ç¤Ï¡ÖÃæ¤Î²¼¡×¤°¤é¤¤¤Î¥À¥á¤µ²Ã¸º¤Ç¡¢Â¿Ê¬´Ñ¤Æ¤â¤¦¤ó¤¶¤ê¤¹¤ë¤À¤±¤À¤È»×¤¤¤Þ¤¹¡£

¤Ç¡¢¥Ñ¥¹¹½ÃÛ¤Çé¤Ã¤¿½ç¤ò´Ñ¤ë¤Ë¤Ï°Ê²¼¤è¤¦¤ÊdepthFirstSearchForward¤ÎÉôʬ¤ò¸«¤ì¤Ð¤è¤¤¤Ç¤¹¡£


certpath: SunCertPathBuilder.depthFirstSearchForward(CN=HHH, C=JP, State [
issuerDN of last cert: null
traversedCACerts: 0
init: true
keyParamsNeeded: false
subjectNamesTraversed:
[]]
)
¡¦¡¦¡¦Ãæά¡¦¡¦¡¦
certpath: SunCertPathBuilder.depthFirstSearchForward(CN=ROOT, C=JP, State [
issuerDN of last cert: CN=ROOT, C=JP
traversedCACerts: 3
init: false
keyParamsNeeded: false
subjectNamesTraversed:
[CN=GGG, C=JP, CN=HHH, C=JP, CN=CCC, C=JP, CN=FFF, C=JP]]
)


¤³¤ì¤ò´Ñ¤Æ¤¤¤¯¤ÈHHH¢ªGGG¢ªEEE¢ªBBB¡ß¸åÌá¤ê¢ªDDD¢ªAAA¡ß¸åÌá¤ê¢ªFFF¢ªCCC¢ªROOT¡û¤ÈÆóÅ٤μºÇԤˤâ¤á¤²¤º¤Ëé¤Ã¤¿¤ó¤À¤¡¤Ê¤¡¡¢¡¢¡¢´èÄ¥¤Ã¤¿¤Ê¤¡¡¢¡¢¡¢¡¢¤è¤·¤è¤·¡¢¡¢¡¢¤È¤¤¤¦É÷¤Ë´¶³´¿¼¤¤¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£

¥í¥°¤ò´Ñ¤Æ¤âAAA¢«ROOT¤äBBB¢«ROOT¤Î¾ÚÌÀ½ñ¤Ç´ðËÜÀ©¸Â¤Ë°ãÈ¿¤·¤Æ¤¤¤ë¤«¤é¤È¤«¡¢´ü¸ÂÀÚ¤ì¤À¤«¤é¤È¤«¡¢¤½¤¦¤·¤¿Íýͳ¤Ï¥í¥°¤Ë¤ÏÁ´¤¯½ñ¤«¤ì¤Æ¤¤¤Þ¤»¤ó¡£

3Ëܥѥ¹¤¬¤¢¤ë¤¦¤Á²¿¸Î¤½¤Î½ç½ø¤ÇÁª¤ó¤À¤«¡©



HHH¢ªGGG¤Èé¤Ã¤Æ¡¢¼¡¤ËEEE¡¢DDD¡¢FFF¤Î¤É¤ì¤òÁª¤ó¤Ç¤âÎɤ¤¤è¤¦¤Êµ¤¤¬¤·¤Þ¤¹¤¬¡¢É¬¤ºEEE¡¢DDD¡¢FFF¤Î½ç½ø¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

¾ÚÌÀ½ñ¤òõ¤¹ºÝ¤ÎÆþ¤ìʪ¤È¤·¤ÆArrayList¤ò¥Ù¡¼¥¹¤Ë¤·¤¿CollectionCertStore¤ò»È¤Ã¤Æ¤¤¤¿¤ó¤Ç¤¹¤¬¡¢¤½¤³¤ËÃæ´Ö¾ÚÌÀ½ñ¤ò²Ã¤¨¤ë½ç½ø¤Ë°Í¸¤·¤Æ¤¤¤ë¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£

·ë¶É CertPathBuilder ¤¬½Ð¤¹Îã³°¤ÏÁ´¤¯Ìò¤ËΩ¤¿¤Ê¤¤



¤È¤¤¤¦¤ï¤±¤Ç¡¢Sun PKIX CertPathBuilder¤ÎÅǤ¯Îã³°¤ä¥í¥°¤Ï¤È¤¤¤¦¤Î¤Ï¡¢¤É¤Î¤è¤¦¤ÊÍýͳ¤Ç¥Ñ¥¹¹½ÃÛ¡¦¸¡¾Ú¤Î¼ºÇÔ¤·¤¿¤Î¤«¤ï¤«¤é¤Ê¤¤¤¿¤á»È¤¤Êª¤Ë¤Ê¤é¤º¡¢¡¢¤¿¤À¡Öunable to find valid certification path to requested target¡×¤ÎÎã³°¥á¥Ã¥»¡¼¥¸¤¬¶õ¤·¤¯¤âÆÀ¤é¤ì¤ë¤À¤±¤È¤¤¤¦¤³¤È¤¬¤ª¤ï¤«¤ê失¤¿¤«¤È»×¤¤¤Þ¤¹¡£

¤Ç¤Ï¥Ñ¥¹¹½ÃÛ¡¦¸¡¾Ú¤¬¥À¥áÍýͳ¤òÃΤꤿ¤­¤ã¤É¤¦¤¹¤ë¤«¡©



SSL¥µ¡¼¥Ð¡¼Ç§¾Ú¤Ç¤Ï¿¤¯¤Î¾ì¹çSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¡¦É¬ÍפÊÃæ´ÖCA¾ÚÌÀ½ñ¡¦¥ë¡¼¥È¾ÚÌÀ½ñ¤¬¥Á¥§¡¼¥ó¤Î·Á¤Ç¤´¤Ã¤½¤êÁ÷¤é¤ì¤Æ¤­¤Þ¤¹¤·¡¢S/MIME½ð̾¥á¡¼¥ë¤äCAdES/XAdESĹ´ü½ð̾¤Î¾ì¹ç¤Ê¤ó¤«¤â¸¡¾Ú¤¹¤Ù¤­¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬³µ¤Í¤ï¤«¤Ã¤Æ¤¤¤ë»þ¤¬¤¢¤ê¤Þ¤¹¡£

¼«Ê¬¤Ç¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò
¡¦¼çÂμԡ¦È¯¹Ô¼Ô¤Î̾Á°¤Î°ìÃפÇ
¡¦½ð̾ÃͤΰìÃפÇ
ºî¤ë¤³¤È¤â¤Ç¤­¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£

¤½¤ó¤Ê¤È¤­¤Ï¡¢¼«Ê¬¤Ç´Ê°×¥Ñ¥¹¹½ÃۤǾÚÌÀ½ñ¥Á¥§¡¼¥óºî¤Ã¤ÆCertPath¥ª¥Ö¥¸¥§¥¯¥È¤òÀ¸À®¤·¡¢CertPathValidator¤Ç(¶¹µÁ¤Î)¥Ñ¥¹¸¡¾Ú¤À¤±¤ò¹Ô¤¦¤Î¤¬¤¤¤¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

Î㤨¤Ð¡¢º£²ó¤Î¥±¡¼¥¹¤Ç¸À¤¨¤Ð

¼«Á°¤Ç¥Ñ¥¹¹½ÃÛ¤À¤±¤·¤Æ¡¢¥Ñ¥¹¸¡¾Ú¤ÏCertPathValidator¤ò»È¤¨¤Ð¡¢

HHH¢ªGGG¢ªDDD¢ªAAA¢ªROOT¤Î¥Ñ¥¹¤Î´ü¸ÂÀڤ쥨¥é¡¼¤Ê¤é
¡ß¼ºÇÔ¡§ timestamp check failed
¡ß¼ºÇÔÍýͳ¾ÜºÙ¡§ NotAfter: Sun Jan 02 09:00:00 JST 2000


HHH¢ªGGG¢ªEEE¢ªBBB¢ªROOT¤Î¥Ñ¥¹¤Î´ðËÜÀ©Ìó¤ÎcA=TRUEÉÔ­¥¨¥é¡¼¤Ê¤é
¡ß¼ºÇÔ¡§ basic constraints check failed: this is not a CA certificate


¤È¡¢Îã³°CertPathValidatorException¤ÎgetMessage()¤ÇÍýͳ¤¬¤ï¤«¤Ã¤Æ¥¹¥Ã¥­¥ê¤·¤Þ¤¹¡£

º£²ó¤Ï¤³¤ì¤Þ¤¿¥Þ¥Ë¥¢¥Ã¥¯¤Ê¥Í¥¿¤Ç¤´¤á¤ó¤Ê¤µ¤¤¤Í¡£

¼«Ê¬¤Ç¤â¥Ñ¥¹¹½ÃÛ¤·¤Æ¤ß¤¿¤¯¤Ê¤Ã¤¿¤éº£²ó¤Î¾ÚÌÀ½ñ¥»¥Ã¥È¤Ï¤³¤Á¤é¤«¤é¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤Þ¤¹¡£

¡ã»²¹Í¥ê¥ó¥¯¡ä
¡¦Sun J2SE 6 - Java PKI API¥×¥í¥°¥é¥Þ¡¼¥º¥¬¥¤¥É
¡¦Sun J2SE 6 - Java°Å¹æ²½¥¢¡¼¥­¥Æ¥¯¥Á¥ã¡¼(JCA) ¥ê¥Õ¥¡¥ì¥ó¥¹¥¬¥¤¥É
¡¦Sun J2SE 6 - java.security.cert¥Ñ¥Ã¥±¡¼¥¸
¡¦IPA: ÅÅ»ÒÀ¯ÉܾðÊ󥻥­¥å¥ê¥Æ¥£Áê¸ß±¿Íѻٱ絻½Ñ¤Î³«È¯
¡¡¡¦GPKI¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¼ÂÁõ¥¬¥¤¥ÉÊó¹ð½ñ (PDF 831KB)
¡¡¡¡¡¡5¾Ï¡§Java¤Ë¤è¤ë¾ÚÌÀ½ñ¥Ñ¥¹¹½ÃÛ¡¦¥Ñ¥¹¸¡¾Ú¤Î¼ÂÁõ¤ÎÀâÌÀ

OpenSSL¤ÇÂбþ¤·¤Æ¤¤¤ëDirectoryStringType°ìÍ÷

¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­ : OpenSSL¤ÇNumericString¤ÎÆþ¤Ã¤¿¾ÚÌÀ½ñ¤¬Æɤ߹þ¤á¤Ê¤¤ - livedoor Blog¡Ê¥Ö¥í¥°¡Ë
RFC 3280¤Ç¤Ïµ¬Äê³°¤Ë¤Ê¤ê¤Þ¤¹¤¬¼±ÊÌ̾¤ËNumericString¤ò´Þ¤à¾ÚÌÀ½ñ¤òºî¤Ã¤Æ¤ß¤Æ¡¢¤½¤ÎPKCS#12¤òºî¤í¤¦¤ÈOpenSSL¤ÇÆɤ߹þ¤Þ¤»¤Æ¤ß¤¿¤é¸«»ö¤Ë¥¨¥é¡¼¤Ë¤Ê¤ê¤Þ¤·¤¿¡£


Á°¤Î¥Ö¥í¥°¤ÇOpenSSL¤ÇNumericString¤ò¼±ÊÌ̾¤Ë´Þ¤à¾ÚÌÀ½ñ¤òÆɤ߹þ¤à¤È¥¨¥é¡¼¤Ë¤Ê¤ë¤È½ñ¤­¤Þ¤·¤¿¤¬Â¾¤Ï¤É¤¦¤Ê¤Î¤«(Ê̤ÎÄ´ºº¤Î¤Ä¤¤¤Ç¤Ë)Ä´¤Ù¤Æ¤Þ¤È¤á¤Æ¤ß¤¿¤Î¤¬°Ê²¼¤Ç¤¹¡£














DirectoryString
Type
TagOpenSSL
¥µ¥Ý¡¼¥È¢¨1
RFC3280
Issuer¢¨2
RFC3280
Subject¢¨3
UTF8String0c¡û¡û¡û
NumericString12¡ß¡ß¡ß
PrintableString13¡û¡û¡û
TeletexString14¡û¡û¡û
VideotexString15¡ß¡ß¡ß
IA5String16¡û¡ß¡û
GraphicString19¡ß¡ß¡ß
VisibleString1a¡ß¡ß¡ß
GeneralString1b¡ß¡ß¡ß
UniversalString1c¡û¡û¡û
BMPString1e¡û¡û¡û



¢¨1: OpenSSL 0.9.8h¤Ç¾ÚÌÀ½ñ¼±ÊÌ̾¤Ç»È¤ï¤ì¤Æ¤¤¤ë¤â¤Î¤òÆɤ߹þ¤ó¤ÀºÝ¡¢¥¨¥é¡¼½ªÎ»¤·¤Ê¤±¤ì¤Ð¡Ö¡û¡×
¢¨2: RFC 3280 4.1.2.4¤ÇIssuer¤Ë»È¤Ã¤Æ¤è¤¤¤È¤·¤Æ¤¤¤ëDirectoryString Type¤Ç¤¢¤ë¤«
¢¨3: RFC 3280 4.1.2.6 Subject¤Ç¤ÏIssuer¤Î¤â¤Î¤Ë²Ã¤¨²áµî¤È¤Î¸ß´¹À­¤«¤é¥á¡¼¥ë¥¢¥É¥ì¥¹¤ËIA5String¤ò¤Ä¤«¤Ã¤Æ¤â¤è¤¤¡£


X.680¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ëʸ»úÎó¤ò°·¤¦¥×¥ê¥ß¥Æ¥£¥Ö¤ò¥ê¥¹¥È¤Ë¤·¤Þ¤·¤¿¡£OpenSSL¤Ï0.9.8h¤Ç³Îǧ¤·¤Þ¤·¤¿¡£RFC 3280¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ëDirectoryString Type¤·¤«¥µ¥Ý¡¼¥È¤·¤Æ¤Ê¤¤¤ó¤Ç¤¹¤Í¡£

Æɤá¤Ê¤«¤Ã¤¿¤È¤­¤Î¥¨¥é¡¼¤Ï¤³¤ó¤Ê´¶¤¸¤Ç¤¹¡£

% openssl x509 -inform DER -noout -txt -in EE-ECOM-XMLDN-DS-VIDEOTEX-ASCII.cer
unable to load certificate
24264:error:0D07808C:asn1 encoding routines:ASN1_ITEM_EX_D2I:mstring wrong tag:tasn_dec.c:228:Type=ASN1_PRINTABLE
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=value, Type=X509_NAME_ENTRY
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:710:
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=issuer, Type=X509_CINF
24264:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=cert_info, Type=X509


ºÇ¿·µ­»ö
Categories
Archives
Twitter
µ­»öGoogle¸¡º÷

ËÜ¥Ö¥í¥°Æâ¤òGoogle¸¡º÷
Yahoo!¥¢¥¯¥»¥¹²òÀÏ
Travel Advisor
µ­»ö¸¡º÷
QR¥³¡¼¥É
QR¥³¡¼¥É
  • ¥é¥¤¥Ö¥É¥¢¥Ö¥í¥°