問題內容
我正在golang中實作憑證解析,我需要取得父憑證連結。
如果我執行 openssl x509 -in certificate.pem -text -noout 那麼我可以看到以下憑證擴充:
authority information access:
ocsp - uri:http://teszt.e-szigno.hu/testca3ocsp
ca issuers - uri:http://teszt.e-szigno.hu/tca3.crt登入後複製
在我的 go 專案中,我有以下程式碼:
content := `-----begin certificate-----
miijxdccckygawibaginfebzvuoocnmwumancjanbgkqhkig9w0baqsfadbqmqsw
cqydvqqgewjivterma8ga1uebwwiqnvkyxblc3qxfjaubgnvbaomdu1py3jvc2vj
iex0zc4xfdasbgnvbasmc2utu3ppz25vienbmrowgaydvqqddbfllvn6awdubybu
zxn0ienbmzaefw0ymzaxmjqxmjqxntbafw0yndaxmjqxmjqxntbamihqmrmweqyl
kwybbagcnzwcaqmtakvfmrgwfgylkwybbagcnzwcaqemb1rhbgxpbm4xhtabbgnv
ba8mffbyaxzhdgugt3jnyw5pemf0aw9umrewdwydvqqfewgxmji2odq3ntelmakg
a1uebhmcruuxedaobgnvbacmb1rhbgxpbm4xfzavbgnvbaomdk1ha3nla2vza3vz
ieftmrswgqydvqrhdbjqu0rfrs1gu0etmtiynjg0nzuxgdawbgnvbammd21ha2vj
b21tzxjjzs5sddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebajfyj3ss
xev2yhbgxnmqw8e+zqfvrb1+uhlsm7c65hsjwavjhehnv1cufilrf5x1pubdmxtc
xpwd7fmoc7h++baedapv/xcwkmqugbkfwhazpkjbxiqbh7jbe4d+3pxn+zdlq/1b
wi6djhghn+ydgw6x+qgbovzaflprfdoyqxdw8ymc/iqmbahzzqape2eww1xrgyat
dne5t2t7uwc05qdygi1hi50wgoezx7a7cdsjwg+kfvczley+4h73apigh1f0q+ec
pozsoot12cwspbwzb9g03s5ioiipjpoqmivnkggegbby16p3vq/78w9xjpy0dwid
x2cfplplta8ejf0caweaaaocbgawggx8ma4ga1uddweb/wqeawifodcbiqykkwyb
bahweqieagr7bhkadwb1akoeeaq/ggsck+vmtchkwumu5fdmczaqslwmlwublagd
aaabhepmicsaaaqdaeywraigmbv+ixdcxogt9vppuiuuhaja08aignqmknssyhpl
4egcicqn64jfx+fitpnfxb6u531ta3vkjmmmlokvn5b2vj4wmb0ga1udjqqwmbqg
ccsgaqufbwmbbggrbgefbqcdajccayqga1udiascaxswggmxmiidewymkwybbagb
qbgcaqfkmiidatambggrbgefbqccaryaahr0cdovl2nwlmutc3ppz25vlmh1l3fj
chmwgb8gccsgaqufbwicmigydigvvgvzdcbxdwfsawzpzwqgy2vydglmawnhdgug
zm9yihdlynnpdgugyxv0agvudgljyxrpb24gyw5kignsawvudcbhdxrozw50awnh
dglvbi4gvghlihbyb3zpzgvyihbyzxnlcnzlcybyzwdpc3ryyxrpb24gzgf0ysbm
b3igmtagewvhcnmgywz0zxigdghligv4cglyyxrpb24gb2ygdghlignlcnrpzmlj
yxrlljcblqyikwybbquhagiwgygmgyvurvnuignlcnrpzmljyxrliglzc3vlzcbv
bmx5igzvcib0zxn0aw5nihb1cnbvc2vzlibuagugaxnzdwvyiglzig5vdcbsawfi
bgugzm9yigfuesbkyw1hz2vzigfyaxnpbmcgznjvbsb0agugdxnlig9mihroaxmg
y2vydglmawnhdguhmihmbggrbgefbqccajcbvwybvfrlc3p0ig1pbswrc8otdgv0
dcb3zwjvbgrhbc1oaxrlbgvzw610xzegw6lzimo8z3lmw6lslwhpdgvszxpdrxtf
ksb0yw7dunpdrxr2w6fues4gqsbyzwdpc3p0csohy2nds3mgywrhdg9ryxqgysbz
em9sz8ohbhrhdmozigegdgfuw7pzw610dsohbnkgbgvqw6fydmohdmozbcbzesoh
bcotdg90dcaxmcddqxzpzydfkxj6asbtzwcumigtbggrbgefbqccajcboaybnvrl
c3p0zwzdqxnpigpdqwxyysbrawfkb3r0ifrfu1puihrhbso6c8otdhbdow55libb
ighhc3puw6fsyxtdoxzhbcbryxbjc29syxrvc2fuigzlbg1lcso8bmwrigvdoxjv
a8opcnqgysbtem9sz8ohbhrhdmozihnlbw1pbhllbibmzwxlbmwrc3pdqwdldcbu
zw0gdsohbgxhbcewhqydvr0obbyeffpdj86z7qidatzbzlvll+6rll12mb8ga1ud
iwqymbaafnzmaijvnzcpit6grsbv8+826pdnmboga1udeqqtmbgcd21ha2vjb21t
zxjjzs5sddaybgnvhr8ekzapmcegjaajhifodhrwoi8vdgvzenquzs1zemlnbm8u
ahuvvenbmy5jcmwwbwyikwybbquhaqeeyzbhmdagccsgaqufbzabhirodhrwoi8v
dgvzenquzs1zemlnbm8uahuvdgvzdgnhm29jc3awlqyikwybbquhmakgiwh0dha6
ly90zxn6dc5llxn6awduby5ods9uq0ezlmnyddccarqgccsgaqufbwedbiibbjcc
aqiwcaygbacorgebmasgbgqajkybawibcjbtbgyeai5gaquwstakfh5odhrwczov
l2nwlmutc3ppz25vlmh1l3fjchnfzw4takvomcewg2h0dhbzoi8vy3auzs1zemln
bm8uahuvcwnwcxmcsfuwewygbacorgegmakgbwqajkybbgmwfwygbacbmcccmhuw
jjarbgceaigyjwecdazqu1bfuekweqyhbacbmccbawwgufnqx0fjdenfrsatievz
dg9uawfuiezpbmfuy2lhbcbtdxblcnzpc2lvbibbdxrob3jpdhkglybgaw5hbnrz
aw5zcgvrdhnpb29udazfrs1gu0ewdqyjkozihvcnaqelbqadggebahzxm9440svu
cpzlshq3okooeu4ftrp0kqkvzmbkmf+yct80vartjniadk5rk6hqrjrjcudi9+hj
ep9nzwkn+buvwc2ev+m7i35pck+dvnmtcgxto2qgvznosvjfuzshoc4mfifxnczo
2ne2utfu2wywzqpyncwfmz7aouxylgofefs13mdh5det++nwoaod8abzzqaeysk9
r1fcxrthpldxjijdduzpzcvw+obyjrhkim6zahd6r0e6kb9i+feevf8iwgntsoze
zflb6evyjuizsyqgtelrjim4alu1+pa/2zhlzm55pwj1km8piwyqigla0dkozf4+
otnnt6rr7bu=
-----end certificate-----`
certderblock, _ := pem.decode([]byte(content))
x509cert, err := x509.parsecertificate(certderblock.bytes)
for _, extension := range x509cert.extensions {
if extension.id.equal(asn1.objectidentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}) {
var collexts []asn1.rawvalue
asn1.unmarshal(extension.value, &collexts)
for _, collext := range collexts {
fmt.println(string(collext.bytes))
}
}
}登入後複製
它給出以下輸出:
+0�#http://teszt.e-szigno.hu/testca3ocsp
+0�0http://teszt.e-szigno.hu/TCA3.crt
登入後複製
儘管我已經能夠解析此類輸出並獲取父證書鏈接,但我想了解如何在那裡獲取人類可讀的文本。
我查看了 asn1 包,沒有找到任何函數來解碼 asn1.rawvalue 物件或 asn1.rawvalue.bytes。
正確答案
您不需要查看x509cert.extensions 來獲取aia 信息,您可以直接從x509.證書:
// rfc 5280, 4.2.2.1 (authority information access)
ocspserver []string
issuingcertificateurl []string
登入後複製
簡單地說:
certderblock, _ := pem.decode([]byte(certbody))
x509cert, err = x509.parsecertificate(certderblock.bytes)
fmt.printf("ocspserver: %v\n", x509cert.ocspserver)
fmt.printf("issuingcertificateurl: %v\n", x509cert.issuingcertificateurl)登入後複製
https://www.php.cn/link/bc9d03fca6bcbe7f8b591f9d2bf8497a
OCSPServer: [http://teszt.e-szigno.hu/testca3ocsp]
IssuingCertificateURL: [http://teszt.e-szigno.hu/TCA3.crt]
登入後複製
以上是在 Golang 中解碼 asn1.RawValue 的正確方法的詳細內容。更多資訊請關注PHP中文網其他相關文章!
