請教:java安全

[Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }

TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version must be v2
or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version must be v2
or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version must be v3
}

Version ::= INTEGER { v1(0), v2(1), v3(2) }

CertificateSerialNumber ::= INTEGER

Validity ::= SEQUENCE {
notBefore CertificateValidityDate,
notAfter CertificateValidityDate }

CertificateValidityDate ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }

UniqueIdentifier ::= BIT STRING

SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }

Extensions ::= SEQUENCE OF Extension

Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }

-------------------------------------------------------------

問題1:這個X.509證照中哪部分是簽名資訊?哪部分是證照資訊?

問題2:當用keytool生成的金鑰檔案中會將私有金鑰以及證照
鏈作為一個金鑰項進行管理,那麼,這裡所說的證照鏈
在上面的X.509證照中有什麼體現?

問題3:當我透過CA對我的證照進行簽名時,CA所返回的資訊在
上面的X.509證照中有什麼體現?


這是我想問的問題,如果您有時間的話,請指點我一下,謝謝.