Go：從 ssl 憑證取得「subject/unstructeredName」的值

php小編新一在本文中將為大家介紹如何透過Go語言從SSL憑證中取得"subject/unstructuredName"的值。 SSL憑證是網站安全的基礎，其中的"subject"欄位包含了網站的相關資訊。而"unstructuredName"欄位則提供了進一步的詳細資訊。掌握如何提取這些值，可以幫助我們更好地理解和管理SSL證書，並提高網站的安全性和可信度。在接下來的內容中，我們將透過範例程式碼和解釋來詳細介紹這個過程。

問題內容

我正在嘗試將一些 python 程式碼遷移到 golang。 程式碼需要從 ssl 憑證主題取得 unstructedname 的值。

這是它在 python 中的工作原理：

from cryptography import x509
from cryptography.x509.oid import nameoid
from cryptography.hazmat.backends import default_backend

pem = b"""\
-----begin certificate-----
miidctccalmgawibagiunjbltje6i/s9pjn8kgixyi2iw58wdqyjkozihvcnaqel
bqawsteumbiga1ueawwlzxhhbxbszs5jb20xfjaubgnvbaomduv4yw1wbgusielu
yy4xgtaxbgnvbasmeev4yw1wbgugrgl2axnpb24whhcnmjixmti5mtu1ndmxwhcn
mzcxmti2mtu1ndmxwjcbmzelmakga1uebhmcvvmxezarbgnvbagmcknhbglmb3ju
awexfjaubgnvbacmdvnhbibgcmfuy2lzy28xgjaybgnvbaomevnvbwugt3jnyw5p
emf0aw9umr4whaydvqqddbvzb21llm9yz2fuaxphdglvbi5jb20xizahbgkqhkig
9w0bcqimfhnvbwugywrkaxrpb25hbcbpbmzvmiibijanbgkqhkig9w0baqefaaoc
aq8amiibcgkcaqeayqprugdiaerkahbx06wobpekkz8cfyir6dv8d49eqho1xmcp
avotfjsj5cktuh64885lftcghudpcw+rih0fb8tolebua9yimuqbyfnrglrz7u+g
bkgyqo7w0psb7tguki7eseecvwsoygwyzksiuzbsqoauecjxog7gmr6qiutmilaq
dy0wwlir7iakx0qlq8ihfy6ynf2aghet6ic9tgbkifo6hwlep4gbwwtivcd94l6l
6rnpgtyxhsmlael0jn/4qpadcixdrbnahffzbrqyo7synqjuienxevq+7esiqibv
rkvt9hpaj+o/ij4z+z6xys8se3re4fsnsdxphqidaqabma0gcsqgsib3dqebcwua
a4ibaqch6vxtrqubfvgahnmjpshci3jcaz/x9hl2qgxntzas3rljbd6orc+3itli
vzjlwryl1hztxfecj3etvg1acknohx0rcfggnbsqsoz6oaazls6bakchbruqmhfg
icdk8a1pv1cr/spbe/ujskbg548jpqcsweul1jndsnzzmjuxy+ftm2pdyisrbgxy
y0spkxahukltblzghh1kimu7uuteuxdgmlccyey9/ibwtka9j/wnjc0cqc13jle8
pqvliexiovsktsgbzwyxw2p+m6qbjrc83oorwm8gnej1k2yx6jmnzlifidfit/h6
m2y3gjyqfgexupmk9toeejzpj1rb
-----end certificate-----
"""

cert = x509.load_pem_x509_certificate(pem, default_backend())
unstructured_name = cert.subject.get_attributes_for_oid(nameoid.unstructured_name)[0].value
print(unstructured_name)

此程式碼列印 unstructedname 的值（在本例中為「一些附加資訊」）。

我在 go 中的嘗試如下所示：

package main

import (
    "crypto/x509"
    "encoding/pem"
    "fmt"

    "log"
)

const certRaw = `-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIUNjbltje6I/S9PJN8KgIxyi2Iw58wDQYJKoZIhvcNAQEL
BQAwSTEUMBIGA1UEAwwLZXhhbXBsZS5jb20xFjAUBgNVBAoMDUV4YW1wbGUsIElu
Yy4xGTAXBgNVBAsMEEV4YW1wbGUgRGl2aXNpb24wHhcNMjIxMTI5MTU1NDMxWhcN
MzcxMTI2MTU1NDMxWjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGjAYBgNVBAoMEVNvbWUgT3JnYW5p
emF0aW9uMR4wHAYDVQQDDBVzb21lLm9yZ2FuaXphdGlvbi5jb20xIzAhBgkqhkiG
9w0BCQIMFHNvbWUgYWRkaXRpb25hbCBpbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyqprugdiaERkAHbx06WobPekkZ8CFyiR6dv8D49eqHO1xmCp
aVotFJSj5cktUH64885LfTCghUdPcw+rIh0fB8tOleBUA9yIMUqbYFnRgLrz7U+g
bkgyQO7w0PsB7tgUKI7esEEcvWSoygWyZKSiUZBSQOAuEcJxog7GMR6QiUtmiLaq
DY0Wwlir7iakX0Qlq8iHFY6yNf2aghET6IC9tGbkifO6HWLEP4gBWwtIvCd94l6L
6rNpGtYXHSmlaEL0jn/4QPADciXDrBnAhFfzBrqyO7SYNqJUiENXEvq+7ESIqibV
RKvt9HpAj+O/Ij4z+Z6Xys8sE3RE4FSNSdXphQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCH6vxtrqUBFVgahnmjPSHci3JCaz/X9hL2QgXNTzAS3rLJBd6OrC+3ITli
vzJlWryl1hzTxFEcj3EtVG1AckNOHX0RCFggNBSQSOz6oaaZlS6BAkChbRUqmHfG
iCDK8A1pV1cr/SPBe/UjSkbG548JpqCSWEUL1jNDsNzZmjuXy+FTM2PDYiSRbGxY
Y0SpkxAhuKltblzghh1KIMU7UutEUXDGMlCCYEY9/ibWTKa9J/WNjC0CQC13jLe8
PqVLIeXIoVSkTsgbzwYxW2P+M6QbjRC83OORwm8GnEj1k2yX6JmnzLifidFiT/h6
M2Y3gjYqfGexupmK9toEejZPj1RB
-----END CERTIFICATE-----
`

func main() {
    block, rest := pem.Decode([]byte(certRaw))
    if block == nil {
        log.Fatalf("Decode CA PEM, %v", rest)
    }
    cert, err := x509.ParseCertificate(block.Bytes)
    if err != nil {
        log.Fatalf("parse certificate")
    }
    fmt.Println(cert.Subject.String())
    // Unmarshall and print value of unstructuredName (oid: 1.2.840.113549.1.9.2)
    // ???
}

去遊樂場：https://go.dev/play/p/vwkpdbnpq78

我找不到透過 oid 取得屬性的函數。當我列印出整個主題時，我發現該值仍然是（der？）編碼的。

如何解碼或解碼 unstructedname 的值？

非常感謝。

解決方法

我認為 go 標準函式庫沒有透過 oid 取得屬性的函式。不過，自己寫一本看起來並不難。下面的程式碼是基於此相關答案（以及您問題中的程式碼）。

這是更新後的 go playground - https://www.php.cn/link/f0eb6568ea114ba6e293f903c34d7488.

package main

import (
    "crypto/x509"
    "encoding/pem"
    "fmt"

    "log"
)

const certRaw = `-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIUNjbltje6I/S9PJN8KgIxyi2Iw58wDQYJKoZIhvcNAQEL
BQAwSTEUMBIGA1UEAwwLZXhhbXBsZS5jb20xFjAUBgNVBAoMDUV4YW1wbGUsIElu
Yy4xGTAXBgNVBAsMEEV4YW1wbGUgRGl2aXNpb24wHhcNMjIxMTI5MTU1NDMxWhcN
MzcxMTI2MTU1NDMxWjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGjAYBgNVBAoMEVNvbWUgT3JnYW5p
emF0aW9uMR4wHAYDVQQDDBVzb21lLm9yZ2FuaXphdGlvbi5jb20xIzAhBgkqhkiG
9w0BCQIMFHNvbWUgYWRkaXRpb25hbCBpbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyqprugdiaERkAHbx06WobPekkZ8CFyiR6dv8D49eqHO1xmCp
aVotFJSj5cktUH64885LfTCghUdPcw+rIh0fB8tOleBUA9yIMUqbYFnRgLrz7U+g
bkgyQO7w0PsB7tgUKI7esEEcvWSoygWyZKSiUZBSQOAuEcJxog7GMR6QiUtmiLaq
DY0Wwlir7iakX0Qlq8iHFY6yNf2aghET6IC9tGbkifO6HWLEP4gBWwtIvCd94l6L
6rNpGtYXHSmlaEL0jn/4QPADciXDrBnAhFfzBrqyO7SYNqJUiENXEvq+7ESIqibV
RKvt9HpAj+O/Ij4z+Z6Xys8sE3RE4FSNSdXphQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCH6vxtrqUBFVgahnmjPSHci3JCaz/X9hL2QgXNTzAS3rLJBd6OrC+3ITli
vzJlWryl1hzTxFEcj3EtVG1AckNOHX0RCFggNBSQSOz6oaaZlS6BAkChbRUqmHfG
iCDK8A1pV1cr/SPBe/UjSkbG548JpqCSWEUL1jNDsNzZmjuXy+FTM2PDYiSRbGxY
Y0SpkxAhuKltblzghh1KIMU7UutEUXDGMlCCYEY9/ibWTKa9J/WNjC0CQC13jLe8
PqVLIeXIoVSkTsgbzwYxW2P+M6QbjRC83OORwm8GnEj1k2yX6JmnzLifidFiT/h6
M2Y3gjYqfGexupmK9toEejZPj1RB
-----END CERTIFICATE-----
`

func main() {
    block, rest := pem.Decode([]byte(certRaw))
    if block == nil {
        log.Fatalf("Decode CA PEM, %v", rest)
    }
    cert, err := x509.ParseCertificate(block.Bytes)
    if err != nil {
        log.Fatalf("parse certificate")
    }

    // 1.2.840.113549.1.9.2
    var oidUnstructuredName = []int{1, 2, 840, 113549, 1, 9, 2}
    var unstructuredName string

    for _, n := range cert.Subject.Names {
        if n.Type.Equal(oidUnstructuredName) {
            if v, ok := n.Value.(string); ok {
                unstructuredName = v
            }
        }
    }

    fmt.Println(unstructuredName)
}

以上是Go：從 ssl 憑證取得「subject/unstructeredName」的值的詳細內容。更多資訊請關注PHP中文網其他相關文章！