查询序列号为1a100000000000077bb3证书状态正常。
CA返回结果base64编码:
MIIDVAoBAKCCA00wggNJBgkrBgEFBQcwAQEEggM6MIIDNjCBsaIWBBSDjElBbyMNnQGX2szskGIksemLgxgPMjAyNDA2MjUwMTQ3MDhaMG0wazBDMAkGBSsOAwIaBQAEFPlqT9OhW4oRiUMHI5zjLpTICveDBBQ7tzM6XYrLOqbGMk+5RBXJFdN4sQIKGhAAAAAAAAd7s4AAGA8yMDI0MDYyNTAxNDcwOFqgERgPMjAyNDA2MjYwMTQ3MDhaoRcwFTATBgkrBgEFBQcwAQIEBgGQTRNM9jAKBggqgRzPVQGDdQNIADBFAiEAvyO4wyZZLD3fEIGBTxdEKr5s+Tn3YOxP7lk3xrNi0nkCIBcdygqVnOzbuwF1SwM8hV9atv9XiGurEiNJ9JYtZ+ANoIICKDCCAiQwggIgMIIBxaADAgECAgwxAGAMY03iICJSEAAwDAYIKoEcz1UBg3UFADBEMQswCQYDVQQGEwJDTjENMAsGA1UECgwEQkpDQTENMAsGA1UECwwEQkpDQTEXMBUGA1UEAwwOQmVpamluZyBTTTIgQ0EwHhcNMjIwMjIzMTYwMDAwWhcNMzIwMjIzMTU1OTU5WjBtMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpSmluZzEQMA4GA1UEBwwHQmVpSmluZzENMAsGA1UECgwEQkpDQTENMAsGA1UECwwEQkpDQTEcMBoGA1UEAwwTQmVpamluZyBTTTIgQ0EgT0NTUDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABF6E/ushcrKjqCZygW/PpU73ZG1Ra72yN9ZFozwlIVNEO7O42KHR0aO8nyHGOwaCrwFdkI59Z9wcNTElBjfiUkujcjBwMA4GA1UdDwEB/wQEAwIGwDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBSDjElBbyMNnQGX2szskGIksemLgzAfBgNVHSMEGDAWgBQf5s/Uj8UiKpdKKYoV5xbJkjTEtjAMBggqgRzPVQGDdQUAA0cAMEQCIBhvkB+NR4ex9KB/QsqhOc5mrRvHaHwh99dJxcZpt+fUAiBqJrIA+IcDmLNUwqttbz2ukRMqdn0hUelTmvInsESIsg==
ASN1查看:
ENUMERATED:reponseStatus响应状态,这里为0(successful)。具体状态码定义如下
OCSPResponseStatus ::= ENUMERATED {
successful (0), -- Response has valid confirmations
malformedRequest (1), -- Illegal confirmation request
internalError (2), -- Internal error in issuer
tryLater (3), -- Try again later
-- (4) is not used
sigRequired (5), -- Must sign the request
unauthorized (6) -- Request unauthorized
}
OBJECT IDENTIFIER:responseType,这里值为1.3.6.1.5.5.7.48.1.1(OCSP),含义如下
{iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) ad(48) ocsp(1) basic-response(1)}
OCTET STRING:response,是basicOCSPResponse对象的DER编码,具体定义如下
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
因此,可以将OCTET STRING这部分内容截取出来,再单独分析。
截取内容如下:
MIIDNjCBsaIWBBSDjElBbyMNnQGX2szskGIksemLgxgPMjAyNDA2MjUwMTQ3MDhaMG0wazBDMAkGBSsOAwIaBQAEFPlqT9OhW4oRiUMHI5zjLpTICveDBBQ7tzM6XYrLOqbGMk+5RBXJFdN4sQIKGhAAAAAAAAd7s4AAGA8yMDI0MDYyNTAxNDcwOFqgERgPMjAyNDA2MjYwMTQ3MDhaoRcwFTATBgkrBgEFBQcwAQIEBgGQTRNM9jAKBggqgRzPVQGDdQNIADBFAiEAvyO4wyZZLD3fEIGBTxdEKr5s+Tn3YOxP7lk3xrNi0nkCIBcdygqVnOzbuwF1SwM8hV9atv9XiGurEiNJ9JYtZ+ANoIICKDCCAiQwggIgMIIBxaADAgECAgwxAGAMY03iICJSEAAwDAYIKoEcz1UBg3UFADBEMQswCQYDVQQGEwJDTjENMAsGA1UECgwEQkpDQTENMAsGA1UECwwEQkpDQTEXMBUGA1UEAwwOQmVpamluZyBTTTIgQ0EwHhcNMjIwMjIzMTYwMDAwWhcNMzIwMjIzMTU1OTU5WjBtMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpSmluZzEQMA4GA1UEBwwHQmVpSmluZzENMAsGA1UECgwEQkpDQTENMAsGA1UECwwEQkpDQTEcMBoGA1UEAwwTQmVpamluZyBTTTIgQ0EgT0NTUDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABF6E/ushcrKjqCZygW/PpU73ZG1Ra72yN9ZFozwlIVNEO7O42KHR0aO8nyHGOwaCrwFdkI59Z9wcNTElBjfiUkujcjBwMA4GA1UdDwEB/wQEAwIGwDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBSDjElBbyMNnQGX2szskGIksemLgzAfBgNVHSMEGDAWgBQf5s/Uj8UiKpdKKYoV5xbJkjTEtjAMBggqgRzPVQGDdQUAA0cAMEQCIBhvkB+NR4ex9KB/QsqhOc5mrRvHaHwh99dJxcZpt+fUAiBqJrIA+IcDmLNUwqttbz2ukRMqdn0hUelTmvInsESIsg==
ASN1查看:
可以看到第一个SEQUENCE对应是ResponseData,逐层定义为
ResponseData::=SEQUENCE{
version[0] EXPLICITVersionDEFAULTv1,
responderID ResponderID,
producedAt GeneralizedTime,
responsesSEQUENCEOF SingleResponse,
responseExtensions[1] EXPLICITExtensions OPTIONAL }
SingleResponse::=SEQUENCE{
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0]EXPLICITGeneralizedTimeOPTIONAL,
singleExtensions [1]EXPLICITExtensionsOPTIONAL }
CertStatus::=CHOICE{
good[0]IMPLICITNULL,
revoked[1]IMPLICITRevokedInfo,
unknown[2]IMPLICITUnknownInfo}
具体地,
responderID,838c4941......
producedAt, 20240625014708Z
certID,1a100000000000077bb3
certStatus,0
......(可以下载数据打开来看,不一一列举了)
签名算法标识1.2.156.10197.1.501 sm2withsm3
BIT STRING内容为签名
3045022100bf23b8c326592c3ddf1081814f17442abe6cf939f760ec4fee5937c6b362d2790220171dca0a959cecdbbb01754b033c855f5ab6ff57886bab122349f4962d67e00d
最后部分为签名证书
MIICIDCCAcWgAwIBAgIMMQBgDGNN4iAiUhAAMAwGCCqBHM9VAYN1BQAwRDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBEJKQ0ExDTALBgNVBAsMBEJKQ0ExFzAVBgNVBAMMDkJlaWppbmcgU00yIENBMB4XDTIyMDIyMzE2MDAwMFoXDTMyMDIyMzE1NTk1OVowbTELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxDTALBgNVBAoMBEJKQ0ExDTALBgNVBAsMBEJKQ0ExHDAaBgNVBAMME0JlaWppbmcgU00yIENBIE9DU1AwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARehP7rIXKyo6gmcoFvz6VO92RtUWu9sjfWRaM8JSFTRDuzuNih0dGjvJ8hxjsGgq8BXZCOfWfcHDUxJQY34lJLo3IwcDAOBgNVHQ8BAf8EBAMCBsAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAdBgNVHQ4EFgQUg4xJQW8jDZ0Bl9rM7JBiJLHpi4MwHwYDVR0jBBgwFoAUH+bP1I/FIiqXSimKFecWyZI0xLYwDAYIKoEcz1UBg3UFAANHADBEAiAYb5AfjUeHsfSgf0LKoTnOZq0bx2h8IffXScXGabfn1AIgaiayAPiHA5izVMKrbW89rpETKnZ9IVHpU5ryJ7BEiLI=