一般来说,对于 pyasn1 (pyasn1 0.4.8, pyasn1-modules 0.2.8) 和 ASN.1 来说,我正在尝试构建一个GeneralName
:
>>> from pyasn1.codec.der.encoder import encode
>>> from pyasn1.type import char
>>> from pyasn1_modules import rfc2459
>>> from pyasn1_modules.rfc2459 import (
... AttributeTypeAndValue, GeneralName, Name, RelativeDistinguishedName, RDNSequence)
>>>
>>> rdn = RelativeDistinguishedName()
>>> attr_type_and_value = AttributeTypeAndValue()
>>> attr_type_and_value['type'] = rfc2459.id_at_countryName
>>> attr_type_and_value['value'] = encode(char.UTF8String('DE'))
>>> rdn.append(attr_type_and_value)
>>>
>>> rdn_sequence = RDNSequence()
>>> rdn_sequence.append(rdn)
>>>
>>> name = Name()
>>> name[0] = rdn_sequence
>>>
>>> general_name = GeneralName()
>>> general_name['directoryName'] = name
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/pyasn1/type/univ.py", line 2246, in __setitem__
self.setComponentByName(idx, value)
File "/usr/lib/python3.6/site-packages/pyasn1/type/univ.py", line 2413, in setComponentByName
idx, value, verifyConstraints, matchTags, matchConstraints
File "/usr/lib/python3.6/site-packages/pyasn1/type/univ.py", line 3119, in setComponentByPosition
Set.setComponentByPosition(self, idx, value, verifyConstraints, matchTags, matchConstraints)
File "/usr/lib/python3.6/site-packages/pyasn1/type/univ.py", line 2601, in setComponentByPosition
raise error.PyAsn1Error('Component value is tag-incompatible: %r vs %r' % (value, componentType))
pyasn1.error.PyAsn1Error: Component value is tag-incompatible: <Name value object, tagSet=<TagSet object, untagged>, [...]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.6/site-packages/pyasn1/type/univ.py", line 2250, in __setitem__
raise KeyError(sys.exc_info()[1])
KeyError: PyAsn1Error('Component value is tag-incompatible: <Name value object, tagSet=<TagSet object, untagged>, [...]
我截断了很长的异常消息。据我了解,本质是提供的 Name 对象是未标记的,而某些标记是预期的。我可以通过使用来解决异常general_name.setComponentByName('directoryName', name, matchTags=False)
,但我不确定这是否只是关闭了所需/重要的检查,并且会在以后咬我。pyasn1Tag
和TagSet
文档并没有启发我,但这可能是因为我还没有真正理解 ASN.1 中标签的用途。
所以,我的主要问题是:如何正确地GeneralName
用 pyasn1 创建一个?子问题:
- ASN.1 中标签的用途是什么?我认为它们是类型说明符(如:“这是一个整数、布尔值、序列等”),但显然我遗漏了一些东西。
- 我用一个
UTF8String
. 解码使用 OpenSSL 创建的时间戳响应,我发现 aPrintableString
在 a 中使用GeneralName
。我凭直觉选择了前者,但这会导致问题(取决于使用环境)吗?