Open xbjfk opened 3 months ago
Hmmm, it looks like it's wrapped in ContentInfo
, but I get a new error:
use std::fs::read;
use cms::{cert::x509::der::{Decode, Encode}, content_info::ContentInfo, signed_data::SignedData};
use const_oid::db::rfc6268::ID_SIGNED_DATA;
fn main() {
let cms_string = read("test.pem.txt").unwrap();
let (_, content_info_der) = pem_rfc7468::decode_vec(&cms_string).unwrap();
let content_info = ContentInfo::from_der(&content_info_der).unwrap();
assert_eq!(content_info.content_type, ID_SIGNED_DATA);
let signed_data: SignedData = SignedData::from_der(&content_info.content.to_der().unwrap()).unwrap();
}
Results in this error:
called `Result::unwrap()` on an `Err` value: Error { kind: TagUnexpected { expected: None, actual: Tag(0xa1: CONTEXT-SPECIFIC [1] (constructed)) }, position: None }
The problem emanates from parsing the certs fields of SignedData. CertificateSet is defined as follows:
CertificateSet ::= SET OF CertificateChoices
CertificateChoices ::= CHOICE {
certificate Certificate,
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
v2AttrCert [2] IMPLICIT AttributeCertificateV2,
other [3] IMPLICIT OtherCertificateFormat
}
The third certificate in your set is encoded as [1], which is an AttributeCertificateV1.
4143 727: [1] {
4147 576: SEQUENCE {
4151 1: INTEGER 1
4154 256: SEQUENCE {
This type is obsolete per RFC 5652 (from September 2009). The CertificateChoices parser in the cms crate does not support that type (nor the not obsolete AttributeCertificateV2 at present).
#[derive(Clone, Debug, Eq, PartialEq, Choice)]
#[allow(missing_docs)]
#[allow(clippy::large_enum_variant)]
pub enum CertificateChoices {
Certificate(Certificate),
#[asn1(context_specific = "3", tag_mode = "EXPLICIT", constructed = "true")]
Other(OtherCertificateFormat),
// TODO DEFER add more choices if desired (i.e., AttributeCertificateV2)
}
I ran into this same case not too long ago and since I did not need the attribute cert nor have the time to contribute support for attribute certificates (mostly due to lack of artifacts to sustain testing), I worked around it as below (see https://github.com/carl-wallace/tpm_cab_verify/blob/main/src/asn1.rs#L23).
#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
#[allow(missing_docs)]
pub(crate) struct SignedData2 {
pub version: CmsVersion,
pub digest_algorithms: DigestAlgorithmIdentifiers,
pub encap_content_info: EncapsulatedContentInfo,
#[asn1(context_specific = "0", tag_mode = "IMPLICIT", optional = "true")]
pub certificates: Option<AnySet>,
#[asn1(context_specific = "1", tag_mode = "IMPLICIT", optional = "true")]
pub crls: Option<AnySet>,
pub signer_infos: SignerInfos,
}
/// Used in lieu of full support for all certificate and CRL types
#[derive(Clone, Eq, PartialEq, Debug)]
pub(crate) struct AnySet(pub SetOfVec<Any>);
impl_newtype!(AnySet, SetOfVec<Any>);
Wow, thank you for your detailed response! It would be nice for me to use the certificate, so I will take a closer look at attempting to parse it. You can count on only Microsoft to use something deprecated in 2009 today ;)
Hmmm, I took a closer look at the standard, and the dumpasn1
and this caught my eye:
...
4143 727: [1] {
4147 576: SEQUENCE {
4151 1: INTEGER 1
...
To my knowledge, [1] means v1, however the interger version 1 = V2, so this is actually AttributeCertificateV2
!
Assuming I write a PR to add AttributeCertificateV2
, is there a way to override the behavior easily in my case?
Good catch. I did not even review the contents of the attribute cert. It's not my call, but I don't think we'd want to bake in support for mis-encodings like this and would instead leave handling stuff like that to one-offs a la the example I gave. This may be an argument in favor of deferring certs field decoding. One approach would be to define something like AnySet in the cms crate, use it for the certs and crls fields and let decoding be handled separately. We should add support for v2 attribute certs to CertificateChoices in any case.
Definitions from RFC5912 are below. The structures are very different.
AttributeCertificateInfoV1 ::= SEQUENCE {
version AttCertVersionV1 DEFAULT v1,
subject CHOICE {
baseCertificateID [0] IssuerSerial,
-- associated with a Public Key Certificate
subjectName [1] GeneralNames },
-- associated with a name
issuer GeneralNames,
signature AlgorithmIdentifier{SIGNATURE-ALGORITHM, {...}},
serialNumber CertificateSerialNumber,
attCertValidityPeriod AttCertValidityPeriod,
attributes SEQUENCE OF AttributeSet{{AttrList}},
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions{{AttributeCertExtensionsV1}} OPTIONAL }
AttributeCertificateInfo ::= SEQUENCE {
version AttCertVersion, -- version is v2
holder Holder,
issuer AttCertIssuer,
signature AlgorithmIdentifier{SIGNATURE-ALGORITHM,
{SignatureAlgorithms}},
serialNumber CertificateSerialNumber,
attrCertValidityPeriod AttCertValidityPeriod,
attributes SEQUENCE OF
AttributeSet{{AttributesDefined}},
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions{{AttributeCertExtensions}} OPTIONAL
}
This may be an argument in favor of deferring certs field decoding. One approach would be to define something like AnySet in the cms crate, use it for the certs and crls fields and let decoding be handled separately.
That sounds fine to me, and more flexible for handling cases like this.
Hello, I am trying to parse a CMS message (test.pem.txt, remove the .txt) - please bear with me as I'm not an expert on this. I've written code as follows:
However, this results in the error:
Reading this file however, using
openssl
CLI seems to work fine:Am I doing something wrong or is there something about the file that makes it not supported? Thanks in advance.
openssl asn1parse output
``` 0:d=0 hl=4 l=5911 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 15:d=1 hl=4 l=5896 cons: cont [ 0 ] 19:d=2 hl=4 l=5892 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :03 26:d=3 hl=2 l= 15 cons: SET 28:d=4 hl=2 l= 13 cons: SEQUENCE 30:d=5 hl=2 l= 9 prim: OBJECT :sha256 41:d=5 hl=2 l= 0 prim: NULL 43:d=3 hl=4 l= 348 cons: SEQUENCE 47:d=4 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo 60:d=4 hl=4 l= 331 cons: cont [ 0 ] 64:d=5 hl=4 l= 327 prim: OCTET STRING [HEX DUMP]:30820143020101060A2B0601040184590A03013031300D060960864801650304020105000420FB2271B999324EB63066CCFA9F729C571741AAED891CC7ECCD9E400E471F496C0206667308789CDB181332303234303632383031333735342E3032395A3004800201F40201DEA081D8A481D53081D2310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E312D302B060355040B13244D6963726F736F6674204972656C616E64204F7065726174696F6E73204C696D6974656431263024060355040B131D5468616C6573205453532045534E3A464334312D344244342D44323230312530230603550403131C4D6963726F736F66742054696D652D5374616D702053657276696365 395:d=3 hl=4 l=4475 cons: cont [ 0 ] 399:d=4 hl=4 l=1831 cons: SEQUENCE 403:d=5 hl=4 l=1295 cons: SEQUENCE 407:d=6 hl=2 l= 3 cons: cont [ 0 ] 409:d=7 hl=2 l= 1 prim: INTEGER :02 412:d=6 hl=2 l= 19 prim: INTEGER :33000001E2999995F1DCE320EB0001000001E2 433:d=6 hl=2 l= 13 cons: SEQUENCE 435:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 446:d=7 hl=2 l= 0 prim: NULL 448:d=6 hl=2 l= 124 cons: SEQUENCE 450:d=7 hl=2 l= 11 cons: SET 452:d=8 hl=2 l= 9 cons: SEQUENCE 454:d=9 hl=2 l= 3 prim: OBJECT :countryName 459:d=9 hl=2 l= 2 prim: PRINTABLESTRING :US 463:d=7 hl=2 l= 19 cons: SET 465:d=8 hl=2 l= 17 cons: SEQUENCE 467:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 472:d=9 hl=2 l= 10 prim: PRINTABLESTRING :Washington 484:d=7 hl=2 l= 16 cons: SET 486:d=8 hl=2 l= 14 cons: SEQUENCE 488:d=9 hl=2 l= 3 prim: OBJECT :localityName 493:d=9 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 502:d=7 hl=2 l= 30 cons: SET 504:d=8 hl=2 l= 28 cons: SEQUENCE 506:d=9 hl=2 l= 3 prim: OBJECT :organizationName 511:d=9 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 534:d=7 hl=2 l= 38 cons: SET 536:d=8 hl=2 l= 36 cons: SEQUENCE 538:d=9 hl=2 l= 3 prim: OBJECT :commonName 543:d=9 hl=2 l= 29 prim: PRINTABLESTRING :Microsoft Time-Stamp PCA 2010 574:d=6 hl=2 l= 30 cons: SEQUENCE 576:d=7 hl=2 l= 13 prim: UTCTIME :231012190725Z 591:d=7 hl=2 l= 13 prim: UTCTIME :250110190725Z 606:d=6 hl=3 l= 210 cons: SEQUENCE 609:d=7 hl=2 l= 11 cons: SET 611:d=8 hl=2 l= 9 cons: SEQUENCE 613:d=9 hl=2 l= 3 prim: OBJECT :countryName 618:d=9 hl=2 l= 2 prim: PRINTABLESTRING :US 622:d=7 hl=2 l= 19 cons: SET 624:d=8 hl=2 l= 17 cons: SEQUENCE 626:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 631:d=9 hl=2 l= 10 prim: PRINTABLESTRING :Washington 643:d=7 hl=2 l= 16 cons: SET 645:d=8 hl=2 l= 14 cons: SEQUENCE 647:d=9 hl=2 l= 3 prim: OBJECT :localityName 652:d=9 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 661:d=7 hl=2 l= 30 cons: SET 663:d=8 hl=2 l= 28 cons: SEQUENCE 665:d=9 hl=2 l= 3 prim: OBJECT :organizationName 670:d=9 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 693:d=7 hl=2 l= 45 cons: SET 695:d=8 hl=2 l= 43 cons: SEQUENCE 697:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 702:d=9 hl=2 l= 36 prim: PRINTABLESTRING :Microsoft Ireland Operations Limited 740:d=7 hl=2 l= 38 cons: SET 742:d=8 hl=2 l= 36 cons: SEQUENCE 744:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 749:d=9 hl=2 l= 29 prim: PRINTABLESTRING :Thales TSS ESN:FC41-4BD4-D220 780:d=7 hl=2 l= 37 cons: SET 782:d=8 hl=2 l= 35 cons: SEQUENCE 784:d=9 hl=2 l= 3 prim: OBJECT :commonName 789:d=9 hl=2 l= 28 prim: PRINTABLESTRING :Microsoft Time-Stamp Service 819:d=6 hl=4 l= 546 cons: SEQUENCE 823:d=7 hl=2 l= 13 cons: SEQUENCE 825:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption 836:d=8 hl=2 l= 0 prim: NULL 838:d=7 hl=4 l= 527 prim: BIT STRING 1369:d=6 hl=4 l= 329 cons: cont [ 3 ] 1373:d=7 hl=4 l= 325 cons: SEQUENCE 1377:d=8 hl=2 l= 29 cons: SEQUENCE 1379:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 1384:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:041444840E11DABEED076C969B4988244DA57809DA05 1408:d=8 hl=2 l= 31 cons: SEQUENCE 1410:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 1415:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:301680149FA7155D005E625D83F4E5D265A71B533519E972 1441:d=8 hl=2 l= 95 cons: SEQUENCE 1443:d=9 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 1448:d=9 hl=2 l= 88 prim: OCTET STRING [HEX DUMP]:30563054A052A050864E687474703A2F2F7777772E6D6963726F736F66742E636F6D2F706B696F70732F63726C2F4D6963726F736F667425323054696D652D5374616D70253230504341253230323031302831292E63726C 1538:d=8 hl=2 l= 108 cons: SEQUENCE 1540:d=9 hl=2 l= 8 prim: OBJECT :Authority Information Access 1550:d=9 hl=2 l= 96 prim: OCTET STRING [HEX DUMP]:305E305C06082B060105050730028650687474703A2F2F7777772E6D6963726F736F66742E636F6D2F706B696F70732F63657274732F4D6963726F736F667425323054696D652D5374616D70253230504341253230323031302831292E637274 1648:d=8 hl=2 l= 12 cons: SEQUENCE 1650:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1655:d=9 hl=2 l= 1 prim: BOOLEAN :255 1658:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1662:d=8 hl=2 l= 22 cons: SEQUENCE 1664:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 1669:d=9 hl=2 l= 1 prim: BOOLEAN :255 1672:d=9 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070308 1686:d=8 hl=2 l= 14 cons: SEQUENCE 1688:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 1693:d=9 hl=2 l= 1 prim: BOOLEAN :255 1696:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020780 1702:d=5 hl=2 l= 13 cons: SEQUENCE 1704:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 1715:d=6 hl=2 l= 0 prim: NULL 1717:d=5 hl=4 l= 513 prim: BIT STRING 2234:d=4 hl=4 l=1905 cons: SEQUENCE 2238:d=5 hl=4 l=1369 cons: SEQUENCE 2242:d=6 hl=2 l= 3 cons: cont [ 0 ] 2244:d=7 hl=2 l= 1 prim: INTEGER :02 2247:d=6 hl=2 l= 19 prim: INTEGER :3300000015C5E76B9E029B4999000000000015 2268:d=6 hl=2 l= 13 cons: SEQUENCE 2270:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 2281:d=7 hl=2 l= 0 prim: NULL 2283:d=6 hl=3 l= 136 cons: SEQUENCE 2286:d=7 hl=2 l= 11 cons: SET 2288:d=8 hl=2 l= 9 cons: SEQUENCE 2290:d=9 hl=2 l= 3 prim: OBJECT :countryName 2295:d=9 hl=2 l= 2 prim: PRINTABLESTRING :US 2299:d=7 hl=2 l= 19 cons: SET 2301:d=8 hl=2 l= 17 cons: SEQUENCE 2303:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 2308:d=9 hl=2 l= 10 prim: PRINTABLESTRING :Washington 2320:d=7 hl=2 l= 16 cons: SET 2322:d=8 hl=2 l= 14 cons: SEQUENCE 2324:d=9 hl=2 l= 3 prim: OBJECT :localityName 2329:d=9 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 2338:d=7 hl=2 l= 30 cons: SET 2340:d=8 hl=2 l= 28 cons: SEQUENCE 2342:d=9 hl=2 l= 3 prim: OBJECT :organizationName 2347:d=9 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 2370:d=7 hl=2 l= 50 cons: SET 2372:d=8 hl=2 l= 48 cons: SEQUENCE 2374:d=9 hl=2 l= 3 prim: OBJECT :commonName 2379:d=9 hl=2 l= 41 prim: PRINTABLESTRING :Microsoft Root Certificate Authority 2010 2422:d=6 hl=2 l= 30 cons: SEQUENCE 2424:d=7 hl=2 l= 13 prim: UTCTIME :210930182225Z 2439:d=7 hl=2 l= 13 prim: UTCTIME :300930183225Z 2454:d=6 hl=2 l= 124 cons: SEQUENCE 2456:d=7 hl=2 l= 11 cons: SET 2458:d=8 hl=2 l= 9 cons: SEQUENCE 2460:d=9 hl=2 l= 3 prim: OBJECT :countryName 2465:d=9 hl=2 l= 2 prim: PRINTABLESTRING :US 2469:d=7 hl=2 l= 19 cons: SET 2471:d=8 hl=2 l= 17 cons: SEQUENCE 2473:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 2478:d=9 hl=2 l= 10 prim: PRINTABLESTRING :Washington 2490:d=7 hl=2 l= 16 cons: SET 2492:d=8 hl=2 l= 14 cons: SEQUENCE 2494:d=9 hl=2 l= 3 prim: OBJECT :localityName 2499:d=9 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 2508:d=7 hl=2 l= 30 cons: SET 2510:d=8 hl=2 l= 28 cons: SEQUENCE 2512:d=9 hl=2 l= 3 prim: OBJECT :organizationName 2517:d=9 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 2540:d=7 hl=2 l= 38 cons: SET 2542:d=8 hl=2 l= 36 cons: SEQUENCE 2544:d=9 hl=2 l= 3 prim: OBJECT :commonName 2549:d=9 hl=2 l= 29 prim: PRINTABLESTRING :Microsoft Time-Stamp PCA 2010 2580:d=6 hl=4 l= 546 cons: SEQUENCE 2584:d=7 hl=2 l= 13 cons: SEQUENCE 2586:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption 2597:d=8 hl=2 l= 0 prim: NULL 2599:d=7 hl=4 l= 527 prim: BIT STRING 3130:d=6 hl=4 l= 477 cons: cont [ 3 ] 3134:d=7 hl=4 l= 473 cons: SEQUENCE 3138:d=8 hl=2 l= 18 cons: SEQUENCE 3140:d=9 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.21.1 3151:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0203010001 3158:d=8 hl=2 l= 35 cons: SEQUENCE 3160:d=9 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.21.2 3171:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04142AA752FE64C49ABE82913C463529CF10FF2F04EE 3195:d=8 hl=2 l= 29 cons: SEQUENCE 3197:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 3202:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04149FA7155D005E625D83F4E5D265A71B533519E972 3226:d=8 hl=2 l= 92 cons: SEQUENCE 3228:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies 3233:d=9 hl=2 l= 85 prim: OCTET STRING [HEX DUMP]:30533051060C2B0601040182374C837D01013041303F06082B060105050702011633687474703A2F2F7777772E6D6963726F736F66742E636F6D2F706B696F70732F446F63732F5265706F7369746F72792E68746D 3320:d=8 hl=2 l= 19 cons: SEQUENCE 3322:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 3327:d=9 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070308 3341:d=8 hl=2 l= 25 cons: SEQUENCE 3343:d=9 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2 3354:d=9 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:1E0A00530075006200430041 3368:d=8 hl=2 l= 11 cons: SEQUENCE 3370:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 3375:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020186 3381:d=8 hl=2 l= 15 cons: SEQUENCE 3383:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 3388:d=9 hl=2 l= 1 prim: BOOLEAN :255 3391:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF 3398:d=8 hl=2 l= 31 cons: SEQUENCE 3400:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 3405:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014D5F656CB8FE8A25C6268D13D94905BD7CE9A18C4 3431:d=8 hl=2 l= 86 cons: SEQUENCE 3433:d=9 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points 3438:d=9 hl=2 l= 79 prim: OCTET STRING [HEX DUMP]:304D304BA049A0478645687474703A2F2F63726C2E6D6963726F736F66742E636F6D2F706B692F63726C2F70726F64756374732F4D6963526F6F4365724175745F323031302D30362D32332E63726C 3519:d=8 hl=2 l= 90 cons: SEQUENCE 3521:d=9 hl=2 l= 8 prim: OBJECT :Authority Information Access 3531:d=9 hl=2 l= 78 prim: OCTET STRING [HEX DUMP]:304C304A06082B06010505073002863E687474703A2F2F7777772E6D6963726F736F66742E636F6D2F706B692F63657274732F4D6963526F6F4365724175745F323031302D30362D32332E637274 3611:d=5 hl=2 l= 13 cons: SEQUENCE 3613:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 3624:d=6 hl=2 l= 0 prim: NULL 3626:d=5 hl=4 l= 513 prim: BIT STRING 4143:d=4 hl=4 l= 727 cons: cont [ 1 ] 4147:d=5 hl=4 l= 576 cons: SEQUENCE 4151:d=6 hl=2 l= 1 prim: INTEGER :01 4154:d=6 hl=4 l= 256 cons: SEQUENCE 4158:d=7 hl=3 l= 216 cons: cont [ 1 ] 4161:d=8 hl=3 l= 213 cons: cont [ 4 ] 4164:d=9 hl=3 l= 210 cons: SEQUENCE 4167:d=10 hl=2 l= 11 cons: SET 4169:d=11 hl=2 l= 9 cons: SEQUENCE 4171:d=12 hl=2 l= 3 prim: OBJECT :countryName 4176:d=12 hl=2 l= 2 prim: PRINTABLESTRING :US 4180:d=10 hl=2 l= 19 cons: SET 4182:d=11 hl=2 l= 17 cons: SEQUENCE 4184:d=12 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 4189:d=12 hl=2 l= 10 prim: PRINTABLESTRING :Washington 4201:d=10 hl=2 l= 16 cons: SET 4203:d=11 hl=2 l= 14 cons: SEQUENCE 4205:d=12 hl=2 l= 3 prim: OBJECT :localityName 4210:d=12 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 4219:d=10 hl=2 l= 30 cons: SET 4221:d=11 hl=2 l= 28 cons: SEQUENCE 4223:d=12 hl=2 l= 3 prim: OBJECT :organizationName 4228:d=12 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 4251:d=10 hl=2 l= 45 cons: SET 4253:d=11 hl=2 l= 43 cons: SEQUENCE 4255:d=12 hl=2 l= 3 prim: OBJECT :organizationalUnitName 4260:d=12 hl=2 l= 36 prim: PRINTABLESTRING :Microsoft Ireland Operations Limited 4298:d=10 hl=2 l= 38 cons: SET 4300:d=11 hl=2 l= 36 cons: SEQUENCE 4302:d=12 hl=2 l= 3 prim: OBJECT :organizationalUnitName 4307:d=12 hl=2 l= 29 prim: PRINTABLESTRING :Thales TSS ESN:FC41-4BD4-D220 4338:d=10 hl=2 l= 37 cons: SET 4340:d=11 hl=2 l= 35 cons: SEQUENCE 4342:d=12 hl=2 l= 3 prim: OBJECT :commonName 4347:d=12 hl=2 l= 28 prim: PRINTABLESTRING :Microsoft Time-Stamp Service 4377:d=7 hl=2 l= 35 cons: cont [ 2 ] 4379:d=8 hl=2 l= 1 prim: ENUMERATED :01 4382:d=8 hl=2 l= 7 cons: SEQUENCE 4384:d=9 hl=2 l= 5 prim: OBJECT :sha1 4391:d=8 hl=2 l= 21 prim: BIT STRING 4414:d=6 hl=3 l= 131 cons: cont [ 0 ] 4417:d=7 hl=3 l= 128 cons: SEQUENCE 4420:d=8 hl=2 l= 126 cons: cont [ 4 ] 4422:d=9 hl=2 l= 124 cons: SEQUENCE 4424:d=10 hl=2 l= 11 cons: SET 4426:d=11 hl=2 l= 9 cons: SEQUENCE 4428:d=12 hl=2 l= 3 prim: OBJECT :countryName 4433:d=12 hl=2 l= 2 prim: PRINTABLESTRING :US 4437:d=10 hl=2 l= 19 cons: SET 4439:d=11 hl=2 l= 17 cons: SEQUENCE 4441:d=12 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 4446:d=12 hl=2 l= 10 prim: PRINTABLESTRING :Washington 4458:d=10 hl=2 l= 16 cons: SET 4460:d=11 hl=2 l= 14 cons: SEQUENCE 4462:d=12 hl=2 l= 3 prim: OBJECT :localityName 4467:d=12 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 4476:d=10 hl=2 l= 30 cons: SET 4478:d=11 hl=2 l= 28 cons: SEQUENCE 4480:d=12 hl=2 l= 3 prim: OBJECT :organizationName 4485:d=12 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 4508:d=10 hl=2 l= 38 cons: SET 4510:d=11 hl=2 l= 36 cons: SEQUENCE 4512:d=12 hl=2 l= 3 prim: OBJECT :commonName 4517:d=12 hl=2 l= 29 prim: PRINTABLESTRING :Microsoft Time-Stamp PCA 2010 4548:d=6 hl=2 l= 13 cons: SEQUENCE 4550:d=7 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 4561:d=7 hl=2 l= 0 prim: NULL 4563:d=6 hl=2 l= 5 prim: INTEGER :EA281229 4570:d=6 hl=2 l= 34 cons: SEQUENCE 4572:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :20240628003033Z 4589:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :20240629003033Z 4606:d=6 hl=2 l= 119 cons: SEQUENCE 4608:d=7 hl=2 l= 61 cons: SEQUENCE 4610:d=8 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.601.10.4.1 4622:d=8 hl=2 l= 47 cons: SET 4624:d=9 hl=2 l= 45 cons: SEQUENCE 4626:d=10 hl=2 l= 10 cons: SEQUENCE 4628:d=11 hl=2 l= 5 prim: INTEGER :EA281229 4635:d=11 hl=2 l= 1 prim: INTEGER :00 4638:d=10 hl=2 l= 10 cons: SEQUENCE 4640:d=11 hl=2 l= 1 prim: INTEGER :00 4643:d=11 hl=2 l= 2 prim: INTEGER :03D6 4647:d=11 hl=2 l= 1 prim: INTEGER :-01 4650:d=10 hl=2 l= 7 cons: SEQUENCE 4652:d=11 hl=2 l= 1 prim: INTEGER :00 4655:d=11 hl=2 l= 2 prim: INTEGER :1236 4659:d=10 hl=2 l= 10 cons: SEQUENCE 4661:d=11 hl=2 l= 5 prim: INTEGER :EA2963A9 4668:d=11 hl=2 l= 1 prim: INTEGER :00 4671:d=7 hl=2 l= 54 cons: SEQUENCE 4673:d=8 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.601.10.4.2 4685:d=8 hl=2 l= 40 cons: SET 4687:d=9 hl=2 l= 38 cons: SEQUENCE 4689:d=10 hl=2 l= 12 cons: SEQUENCE 4691:d=11 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.601.10.3.2 4703:d=10 hl=2 l= 10 cons: cont [ 0 ] 4705:d=11 hl=2 l= 8 cons: SEQUENCE 4707:d=12 hl=2 l= 1 prim: INTEGER :00 4710:d=12 hl=2 l= 3 prim: INTEGER :07A120 4715:d=10 hl=2 l= 10 cons: cont [ 1 ] 4717:d=11 hl=2 l= 8 cons: SEQUENCE 4719:d=12 hl=2 l= 1 prim: INTEGER :00 4722:d=12 hl=2 l= 3 prim: INTEGER :0186A0 4727:d=5 hl=2 l= 13 cons: SEQUENCE 4729:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 4740:d=6 hl=2 l= 0 prim: NULL 4742:d=5 hl=3 l= 129 prim: BIT STRING 4874:d=3 hl=4 l=1037 cons: SET 4878:d=4 hl=4 l=1033 cons: SEQUENCE 4882:d=5 hl=2 l= 1 prim: INTEGER :01 4885:d=5 hl=3 l= 147 cons: SEQUENCE 4888:d=6 hl=2 l= 124 cons: SEQUENCE 4890:d=7 hl=2 l= 11 cons: SET 4892:d=8 hl=2 l= 9 cons: SEQUENCE 4894:d=9 hl=2 l= 3 prim: OBJECT :countryName 4899:d=9 hl=2 l= 2 prim: PRINTABLESTRING :US 4903:d=7 hl=2 l= 19 cons: SET 4905:d=8 hl=2 l= 17 cons: SEQUENCE 4907:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 4912:d=9 hl=2 l= 10 prim: PRINTABLESTRING :Washington 4924:d=7 hl=2 l= 16 cons: SET 4926:d=8 hl=2 l= 14 cons: SEQUENCE 4928:d=9 hl=2 l= 3 prim: OBJECT :localityName 4933:d=9 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 4942:d=7 hl=2 l= 30 cons: SET 4944:d=8 hl=2 l= 28 cons: SEQUENCE 4946:d=9 hl=2 l= 3 prim: OBJECT :organizationName 4951:d=9 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 4974:d=7 hl=2 l= 38 cons: SET 4976:d=8 hl=2 l= 36 cons: SEQUENCE 4978:d=9 hl=2 l= 3 prim: OBJECT :commonName 4983:d=9 hl=2 l= 29 prim: PRINTABLESTRING :Microsoft Time-Stamp PCA 2010 5014:d=6 hl=2 l= 19 prim: INTEGER :33000001E2999995F1DCE320EB0001000001E2 5035:d=5 hl=2 l= 13 cons: SEQUENCE 5037:d=6 hl=2 l= 9 prim: OBJECT :sha256 5048:d=6 hl=2 l= 0 prim: NULL 5050:d=5 hl=4 l= 330 cons: cont [ 0 ] 5054:d=6 hl=2 l= 26 cons: SEQUENCE 5056:d=7 hl=2 l= 9 prim: OBJECT :contentType 5067:d=7 hl=2 l= 13 cons: SET 5069:d=8 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo 5082:d=6 hl=2 l= 47 cons: SEQUENCE 5084:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 5095:d=7 hl=2 l= 34 cons: SET 5097:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:D01422AAF3F350942A39A1926B993336E1E011641247E5241AEEA379372F22C2 5131:d=6 hl=3 l= 250 cons: SEQUENCE 5134:d=7 hl=2 l= 11 prim: OBJECT :id-smime-aa-signingCertificateV2 5147:d=7 hl=3 l= 234 cons: SET 5150:d=8 hl=3 l= 231 cons: SEQUENCE 5153:d=9 hl=3 l= 228 cons: SEQUENCE 5156:d=10 hl=3 l= 189 cons: SEQUENCE 5159:d=11 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:2B892A4A10FD26B8C6C15044CE0E82F87792D4E88FDB8EE708664389088F7FFF 5193:d=11 hl=3 l= 152 cons: SEQUENCE 5196:d=12 hl=3 l= 128 cons: SEQUENCE 5199:d=13 hl=2 l= 126 cons: cont [ 4 ] 5201:d=14 hl=2 l= 124 cons: SEQUENCE 5203:d=15 hl=2 l= 11 cons: SET 5205:d=16 hl=2 l= 9 cons: SEQUENCE 5207:d=17 hl=2 l= 3 prim: OBJECT :countryName 5212:d=17 hl=2 l= 2 prim: PRINTABLESTRING :US 5216:d=15 hl=2 l= 19 cons: SET 5218:d=16 hl=2 l= 17 cons: SEQUENCE 5220:d=17 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 5225:d=17 hl=2 l= 10 prim: PRINTABLESTRING :Washington 5237:d=15 hl=2 l= 16 cons: SET 5239:d=16 hl=2 l= 14 cons: SEQUENCE 5241:d=17 hl=2 l= 3 prim: OBJECT :localityName 5246:d=17 hl=2 l= 7 prim: PRINTABLESTRING :Redmond 5255:d=15 hl=2 l= 30 cons: SET 5257:d=16 hl=2 l= 28 cons: SEQUENCE 5259:d=17 hl=2 l= 3 prim: OBJECT :organizationName 5264:d=17 hl=2 l= 21 prim: PRINTABLESTRING :Microsoft Corporation 5287:d=15 hl=2 l= 38 cons: SET 5289:d=16 hl=2 l= 36 cons: SEQUENCE 5291:d=17 hl=2 l= 3 prim: OBJECT :commonName 5296:d=17 hl=2 l= 29 prim: PRINTABLESTRING :Microsoft Time-Stamp PCA 2010 5327:d=12 hl=2 l= 19 prim: INTEGER :33000001E2999995F1DCE320EB0001000001E2 5348:d=10 hl=2 l= 34 cons: SEQUENCE 5350:d=11 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:D80440ED3538FB7D0F1644C21114DF9EDD7E73D5F88ABD85844540BD8D3B45CE 5384:d=5 hl=2 l= 13 cons: SEQUENCE 5386:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 5397:d=6 hl=2 l= 0 prim: NULL 5399:d=5 hl=4 l= 512 prim: OCTET STRING [HEX DUMP]:031C460C51DBC82C7B52EFC1FF45F56385FAD5D90FE3FEBB49C525750E0E323A1820DD197F9EACD337AFA39724CBA53567AD2D833014C7D2C8BD36DF60514E0090DBABA446FAF88D1E9A218BBAB5F58C4F1EB3A38582BE965ACC54240C10E2A2DF44FF14657BAE62BD2020B46DF12D5D5C61579B0097AED0AFFB97D27200C3E0C4D25D582D0B0F731610E4B28001BDAD4D9DB5A8233D0C67D84C57D72857C3745ECCAC976C5915CF6695742165D60A2ADC736948993BCB6B002B0B28D3F9D2CCD3C7FD1D4962B9994773EBF8AEBE3918E771F6F3AA6AFE729F710F2C8932682EBBBA8BE83571EBA8903330545BC161F9E126EAFF80B94D9AFAC0ADF33C7D97BF588D3ECBAA1ECB00ED36B9CF3C7C4D67505C626E0AA93591FD583EC8E33410ACE7D4797439AF48E213E99B2F6778E17604964E2236063E678314D6B38D9417F92A6F2F1796D01456DF1AB34761C58D3AB211C1934C8044B3116CD40092CFEF39B14D7D088438A458C9FB6801674468E5ED7CA32DC5874376BEF2B2CAB10C5EDC44F120EBC7E02DC6498784375C20809FE5DC30E9E1E75F6BE9D9FAF153F050FF8577DBE0F51630EBAF1E3EEECB4BAF74F6AA140C264F583D4C5CC5D2CDB3EFB7C1EDAD35F380B16BEF84655504A14460A826CC1152C923AB5C4442DE26587F22847C4A567996416812EED2CD8ADE851451A7E471AFD5957488BD541563A49256 ```