我正在golang中实现证书解析,我需要获取父证书链接。
如果我执行 openssl x509 -in certificate.pem -text -noout
那么我可以看到以下证书扩展:
authority information access: ocsp - uri:http://teszt.e-szigno.hu/testca3ocsp ca issuers - uri:http://teszt.e-szigno.hu/tca3.crt
在我的 go 项目中,我有以下代码:
content := `-----begin certificate----- miijxdccckygawibaginfebzvuoocnmwumancjanbgkqhkig9w0baqsfadbqmqsw cqydvqqgewjivterma8ga1uebwwiqnvkyxblc3qxfjaubgnvbaomdu1py3jvc2vj iex0zc4xfdasbgnvbasmc2utu3ppz25vienbmrowgaydvqqddbfllvn6awdubybu zxn0ienbmzaefw0ymzaxmjqxmjqxntbafw0yndaxmjqxmjqxntbamihqmrmweqyl kwybbagcnzwcaqmtakvfmrgwfgylkwybbagcnzwcaqemb1rhbgxpbm4xhtabbgnv ba8mffbyaxzhdgugt3jnyw5pemf0aw9umrewdwydvqqfewgxmji2odq3ntelmakg a1uebhmcruuxedaobgnvbacmb1rhbgxpbm4xfzavbgnvbaomdk1ha3nla2vza3vz ieftmrswgqydvqrhdbjqu0rfrs1gu0etmtiynjg0nzuxgdawbgnvbammd21ha2vj b21tzxjjzs5sddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebajfyj3ss xev2yhbgxnmqw8e+zqfvrb1+uhlsm7c65hsjwavjhehnv1cufilrf5x1pubdmxtc xpwd7fmoc7h++baedapv/xcwkmqugbkfwhazpkjbxiqbh7jbe4d+3pxn+zdlq/1b wi6djhghn+ydgw6x+qgbovzaflprfdoyqxdw8ymc/iqmbahzzqape2eww1xrgyat dne5t2t7uwc05qdygi1hi50wgoezx7a7cdsjwg+kfvczley+4h73apigh1f0q+ec pozsoot12cwspbwzb9g03s5ioiipjpoqmivnkggegbby16p3vq/78w9xjpy0dwid x2cfplplta8ejf0caweaaaocbgawggx8ma4ga1uddweb/wqeawifodcbiqykkwyb bahweqieagr7bhkadwb1akoeeaq/ggsck+vmtchkwumu5fdmczaqslwmlwublagd aaabhepmicsaaaqdaeywraigmbv+ixdcxogt9vppuiuuhaja08aignqmknssyhpl 4egcicqn64jfx+fitpnfxb6u531ta3vkjmmmlokvn5b2vj4wmb0ga1udjqqwmbqg ccsgaqufbwmbbggrbgefbqcdajccayqga1udiascaxswggmxmiidewymkwybbagb qbgcaqfkmiidatambggrbgefbqccaryaahr0cdovl2nwlmutc3ppz25vlmh1l3fj chmwgb8gccsgaqufbwicmigydigvvgvzdcbxdwfsawzpzwqgy2vydglmawnhdgug zm9yihdlynnpdgugyxv0agvudgljyxrpb24gyw5kignsawvudcbhdxrozw50awnh dglvbi4gvghlihbyb3zpzgvyihbyzxnlcnzlcybyzwdpc3ryyxrpb24gzgf0ysbm b3igmtagewvhcnmgywz0zxigdghligv4cglyyxrpb24gb2ygdghlignlcnrpzmlj yxrlljcblqyikwybbquhagiwgygmgyvurvnuignlcnrpzmljyxrliglzc3vlzcbv bmx5igzvcib0zxn0aw5nihb1cnbvc2vzlibuagugaxnzdwvyiglzig5vdcbsawfi bgugzm9yigfuesbkyw1hz2vzigfyaxnpbmcgznjvbsb0agugdxnlig9mihroaxmg y2vydglmawnhdguhmihmbggrbgefbqccajcbvwybvfrlc3p0ig1pbswrc8otdgv0 dcb3zwjvbgrhbc1oaxrlbgvzw610xzegw6lzimo8z3lmw6lslwhpdgvszxpdrxtf ksb0yw7dunpdrxr2w6fues4gqsbyzwdpc3p0csohy2nds3mgywrhdg9ryxqgysbz em9sz8ohbhrhdmozigegdgfuw7pzw610dsohbnkgbgvqw6fydmohdmozbcbzesoh bcotdg90dcaxmcddqxzpzydfkxj6asbtzwcumigtbggrbgefbqccajcboaybnvrl c3p0zwzdqxnpigpdqwxyysbrawfkb3r0ifrfu1puihrhbso6c8otdhbdow55libb ighhc3puw6fsyxtdoxzhbcbryxbjc29syxrvc2fuigzlbg1lcso8bmwrigvdoxjv a8opcnqgysbtem9sz8ohbhrhdmozihnlbw1pbhllbibmzwxlbmwrc3pdqwdldcbu zw0gdsohbgxhbcewhqydvr0obbyeffpdj86z7qidatzbzlvll+6rll12mb8ga1ud iwqymbaafnzmaijvnzcpit6grsbv8+826pdnmboga1udeqqtmbgcd21ha2vjb21t zxjjzs5sddaybgnvhr8ekzapmcegjaajhifodhrwoi8vdgvzenquzs1zemlnbm8u ahuvvenbmy5jcmwwbwyikwybbquhaqeeyzbhmdagccsgaqufbzabhirodhrwoi8v dgvzenquzs1zemlnbm8uahuvdgvzdgnhm29jc3awlqyikwybbquhmakgiwh0dha6 ly90zxn6dc5llxn6awduby5ods9uq0ezlmnyddccarqgccsgaqufbwedbiibbjcc aqiwcaygbacorgebmasgbgqajkybawibcjbtbgyeai5gaquwstakfh5odhrwczov l2nwlmutc3ppz25vlmh1l3fjchnfzw4takvomcewg2h0dhbzoi8vy3auzs1zemln bm8uahuvcwnwcxmcsfuwewygbacorgegmakgbwqajkybbgmwfwygbacbmcccmhuw jjarbgceaigyjwecdazqu1bfuekweqyhbacbmccbawwgufnqx0fjdenfrsatievz dg9uawfuiezpbmfuy2lhbcbtdxblcnzpc2lvbibbdxrob3jpdhkglybgaw5hbnrz aw5zcgvrdhnpb29udazfrs1gu0ewdqyjkozihvcnaqelbqadggebahzxm9440svu cpzlshq3okooeu4ftrp0kqkvzmbkmf+yct80vartjniadk5rk6hqrjrjcudi9+hj ep9nzwkn+buvwc2ev+m7i35pck+dvnmtcgxto2qgvznosvjfuzshoc4mfifxnczo 2ne2utfu2wywzqpyncwfmz7aouxylgofefs13mdh5det++nwoaod8abzzqaeysk9 r1fcxrthpldxjijdduzpzcvw+obyjrhkim6zahd6r0e6kb9i+feevf8iwgntsoze zflb6evyjuizsyqgtelrjim4alu1+pa/2zhlzm55pwj1km8piwyqigla0dkozf4+ otnnt6rr7bu= -----end certificate-----` certderblock, _ := pem.decode([]byte(content)) x509cert, err := x509.parsecertificate(certderblock.bytes) for _, extension := range x509cert.extensions { if extension.id.equal(asn1.objectidentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}) { var collexts []asn1.rawvalue asn1.unmarshal(extension.value, &collexts) for _, collext := range collexts { fmt.println(string(collext.bytes)) } } }
它给出以下输出:
+0�#http://teszt.e-szigno.hu/testca3ocsp +0�0http://teszt.e-szigno.hu/TCA3.crt
尽管我已经能够解析此类输出并获取父证书链接,但我想了解如何在那里获取人类可读的文本。
我查看了 asn1
包,没有找到任何函数来解码 asn1.rawvalue
对象或 asn1.rawvalue.bytes
。asn1
包,没有找到任何函数来解码 asn1.rawvalue
对象或 asn1.rawvalue.bytes
。
您不需要查看 x509cert.extensions
来获取 aia
正确答案
x509cert.extensions
来获取 aia
信息,您可以直接从 x509.证书
:
// rfc 5280, 4.2.2.1 (authority information access) ocspserver []string issuingcertificateurl []string
certderblock, _ := pem.decode([]byte(certbody)) x509cert, err = x509.parsecertificate(certderblock.bytes) fmt.printf("ocspserver: %v\n", x509cert.ocspserver) fmt.printf("issuingcertificateurl: %v\n", x509cert.issuingcertificateurl)
OCSPServer: [http://teszt.e-szigno.hu/testca3ocsp] IssuingCertificateURL: [http://teszt.e-szigno.hu/TCA3.crt]
以上是在 Golang 中解码 asn1.RawValue 的正确方法的详细内容。更多信息请关注PHP中文网其他相关文章!