php小编新一在本文中将为大家介绍如何通过Go语言从SSL证书中获取"subject/unstructuredName"的值。SSL证书是网站安全的基础,其中的"subject"字段包含了网站的相关信息。而"unstructuredName"字段则提供了进一步的详细信息。掌握如何提取这些值,可以帮助我们更好地理解和管理SSL证书,提高网站的安全性和可信度。在接下来的内容中,我们将通过示例代码和解释来详细介绍这一过程。
问题内容
我正在尝试将一些 python 代码迁移到 golang。
代码需要从 ssl 证书主题获取 unstructedname 的值。
这是它在 python 中的工作原理:
from cryptography import x509
from cryptography.x509.oid import nameoid
from cryptography.hazmat.backends import default_backend
pem = b"""\
-----begin certificate-----
miidctccalmgawibagiunjbltje6i/s9pjn8kgixyi2iw58wdqyjkozihvcnaqel
bqawsteumbiga1ueawwlzxhhbxbszs5jb20xfjaubgnvbaomduv4yw1wbgusielu
yy4xgtaxbgnvbasmeev4yw1wbgugrgl2axnpb24whhcnmjixmti5mtu1ndmxwhcn
mzcxmti2mtu1ndmxwjcbmzelmakga1uebhmcvvmxezarbgnvbagmcknhbglmb3ju
awexfjaubgnvbacmdvnhbibgcmfuy2lzy28xgjaybgnvbaomevnvbwugt3jnyw5p
emf0aw9umr4whaydvqqddbvzb21llm9yz2fuaxphdglvbi5jb20xizahbgkqhkig
9w0bcqimfhnvbwugywrkaxrpb25hbcbpbmzvmiibijanbgkqhkig9w0baqefaaoc
aq8amiibcgkcaqeayqprugdiaerkahbx06wobpekkz8cfyir6dv8d49eqho1xmcp
avotfjsj5cktuh64885lftcghudpcw+rih0fb8tolebua9yimuqbyfnrglrz7u+g
bkgyqo7w0psb7tguki7eseecvwsoygwyzksiuzbsqoauecjxog7gmr6qiutmilaq
dy0wwlir7iakx0qlq8ihfy6ynf2aghet6ic9tgbkifo6hwlep4gbwwtivcd94l6l
6rnpgtyxhsmlael0jn/4qpadcixdrbnahffzbrqyo7synqjuienxevq+7esiqibv
rkvt9hpaj+o/ij4z+z6xys8se3re4fsnsdxphqidaqabma0gcsqgsib3dqebcwua
a4ibaqch6vxtrqubfvgahnmjpshci3jcaz/x9hl2qgxntzas3rljbd6orc+3itli
vzjlwryl1hztxfecj3etvg1acknohx0rcfggnbsqsoz6oaazls6bakchbruqmhfg
icdk8a1pv1cr/spbe/ujskbg548jpqcsweul1jndsnzzmjuxy+ftm2pdyisrbgxy
y0spkxahukltblzghh1kimu7uuteuxdgmlccyey9/ibwtka9j/wnjc0cqc13jle8
pqvliexiovsktsgbzwyxw2p+m6qbjrc83oorwm8gnej1k2yx6jmnzlifidfit/h6
m2y3gjyqfgexupmk9toeejzpj1rb
-----end certificate-----
"""
cert = x509.load_pem_x509_certificate(pem, default_backend())
unstructured_name = cert.subject.get_attributes_for_oid(nameoid.unstructured_name)[0].value
print(unstructured_name)
登录后复制
此代码打印 unstructedname 的值(在本例中为“一些附加信息”)。
我在 go 中的尝试如下所示:
package main
import (
"crypto/x509"
"encoding/pem"
"fmt"
"log"
)
const certRaw = `-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIUNjbltje6I/S9PJN8KgIxyi2Iw58wDQYJKoZIhvcNAQEL
BQAwSTEUMBIGA1UEAwwLZXhhbXBsZS5jb20xFjAUBgNVBAoMDUV4YW1wbGUsIElu
Yy4xGTAXBgNVBAsMEEV4YW1wbGUgRGl2aXNpb24wHhcNMjIxMTI5MTU1NDMxWhcN
MzcxMTI2MTU1NDMxWjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGjAYBgNVBAoMEVNvbWUgT3JnYW5p
emF0aW9uMR4wHAYDVQQDDBVzb21lLm9yZ2FuaXphdGlvbi5jb20xIzAhBgkqhkiG
9w0BCQIMFHNvbWUgYWRkaXRpb25hbCBpbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyqprugdiaERkAHbx06WobPekkZ8CFyiR6dv8D49eqHO1xmCp
aVotFJSj5cktUH64885LfTCghUdPcw+rIh0fB8tOleBUA9yIMUqbYFnRgLrz7U+g
bkgyQO7w0PsB7tgUKI7esEEcvWSoygWyZKSiUZBSQOAuEcJxog7GMR6QiUtmiLaq
DY0Wwlir7iakX0Qlq8iHFY6yNf2aghET6IC9tGbkifO6HWLEP4gBWwtIvCd94l6L
6rNpGtYXHSmlaEL0jn/4QPADciXDrBnAhFfzBrqyO7SYNqJUiENXEvq+7ESIqibV
RKvt9HpAj+O/Ij4z+Z6Xys8sE3RE4FSNSdXphQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCH6vxtrqUBFVgahnmjPSHci3JCaz/X9hL2QgXNTzAS3rLJBd6OrC+3ITli
vzJlWryl1hzTxFEcj3EtVG1AckNOHX0RCFggNBSQSOz6oaaZlS6BAkChbRUqmHfG
iCDK8A1pV1cr/SPBe/UjSkbG548JpqCSWEUL1jNDsNzZmjuXy+FTM2PDYiSRbGxY
Y0SpkxAhuKltblzghh1KIMU7UutEUXDGMlCCYEY9/ibWTKa9J/WNjC0CQC13jLe8
PqVLIeXIoVSkTsgbzwYxW2P+M6QbjRC83OORwm8GnEj1k2yX6JmnzLifidFiT/h6
M2Y3gjYqfGexupmK9toEejZPj1RB
-----END CERTIFICATE-----
`
func main() {
block, rest := pem.Decode([]byte(certRaw))
if block == nil {
log.Fatalf("Decode CA PEM, %v", rest)
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Fatalf("parse certificate")
}
fmt.Println(cert.Subject.String())
// Unmarshall and print value of unstructuredName (oid: 1.2.840.113549.1.9.2)
// ???
}登录后复制
去游乐场:https://go.dev/play/p/vwkpdbnpq78
我找不到通过 oid 获取属性的函数。当我打印出整个主题时,我发现该值仍然是(der?)编码的。
如何解码或解组 unstructedname 的值?
非常感谢。
解决方法
我认为 go 标准库没有通过 oid 获取属性的函数。不过,自己写一个看起来并不难。下面的代码基于此相关答案(以及您问题中的代码)。
这是更新后的 go playground - https://www.php.cn/link/f0eb6568ea114ba6e293f903c34d7488.
package main
import (
"crypto/x509"
"encoding/pem"
"fmt"
"log"
)
const certRaw = `-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIUNjbltje6I/S9PJN8KgIxyi2Iw58wDQYJKoZIhvcNAQEL
BQAwSTEUMBIGA1UEAwwLZXhhbXBsZS5jb20xFjAUBgNVBAoMDUV4YW1wbGUsIElu
Yy4xGTAXBgNVBAsMEEV4YW1wbGUgRGl2aXNpb24wHhcNMjIxMTI5MTU1NDMxWhcN
MzcxMTI2MTU1NDMxWjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGjAYBgNVBAoMEVNvbWUgT3JnYW5p
emF0aW9uMR4wHAYDVQQDDBVzb21lLm9yZ2FuaXphdGlvbi5jb20xIzAhBgkqhkiG
9w0BCQIMFHNvbWUgYWRkaXRpb25hbCBpbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyqprugdiaERkAHbx06WobPekkZ8CFyiR6dv8D49eqHO1xmCp
aVotFJSj5cktUH64885LfTCghUdPcw+rIh0fB8tOleBUA9yIMUqbYFnRgLrz7U+g
bkgyQO7w0PsB7tgUKI7esEEcvWSoygWyZKSiUZBSQOAuEcJxog7GMR6QiUtmiLaq
DY0Wwlir7iakX0Qlq8iHFY6yNf2aghET6IC9tGbkifO6HWLEP4gBWwtIvCd94l6L
6rNpGtYXHSmlaEL0jn/4QPADciXDrBnAhFfzBrqyO7SYNqJUiENXEvq+7ESIqibV
RKvt9HpAj+O/Ij4z+Z6Xys8sE3RE4FSNSdXphQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCH6vxtrqUBFVgahnmjPSHci3JCaz/X9hL2QgXNTzAS3rLJBd6OrC+3ITli
vzJlWryl1hzTxFEcj3EtVG1AckNOHX0RCFggNBSQSOz6oaaZlS6BAkChbRUqmHfG
iCDK8A1pV1cr/SPBe/UjSkbG548JpqCSWEUL1jNDsNzZmjuXy+FTM2PDYiSRbGxY
Y0SpkxAhuKltblzghh1KIMU7UutEUXDGMlCCYEY9/ibWTKa9J/WNjC0CQC13jLe8
PqVLIeXIoVSkTsgbzwYxW2P+M6QbjRC83OORwm8GnEj1k2yX6JmnzLifidFiT/h6
M2Y3gjYqfGexupmK9toEejZPj1RB
-----END CERTIFICATE-----
`
func main() {
block, rest := pem.Decode([]byte(certRaw))
if block == nil {
log.Fatalf("Decode CA PEM, %v", rest)
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Fatalf("parse certificate")
}
// 1.2.840.113549.1.9.2
var oidUnstructuredName = []int{1, 2, 840, 113549, 1, 9, 2}
var unstructuredName string
for _, n := range cert.Subject.Names {
if n.Type.Equal(oidUnstructuredName) {
if v, ok := n.Value.(string); ok {
unstructuredName = v
}
}
}
fmt.Println(unstructuredName)
}登录后复制
以上是Go:从 ssl 证书获取'subject/unstructeredName”的值的详细内容。更多信息请关注PHP中文网其他相关文章!
