Go：从 ssl 证书获取'subject/unstructeredName”的值

php小编新一在本文中将为大家介绍如何通过Go语言从SSL证书中获取"subject/unstructuredName"的值。SSL证书是网站安全的基础，其中的"subject"字段包含了网站的相关信息。而"unstructuredName"字段则提供了进一步的详细信息。掌握如何提取这些值，可以帮助我们更好地理解和管理SSL证书，提高网站的安全性和可信度。在接下来的内容中，我们将通过示例代码和解释来详细介绍这一过程。

问题内容

我正在尝试将一些 python 代码迁移到 golang。 代码需要从 ssl 证书主题获取 unstructedname 的值。

这是它在 python 中的工作原理：

from cryptography import x509
from cryptography.x509.oid import nameoid
from cryptography.hazmat.backends import default_backend

pem = b"""\
-----begin certificate-----
miidctccalmgawibagiunjbltje6i/s9pjn8kgixyi2iw58wdqyjkozihvcnaqel
bqawsteumbiga1ueawwlzxhhbxbszs5jb20xfjaubgnvbaomduv4yw1wbgusielu
yy4xgtaxbgnvbasmeev4yw1wbgugrgl2axnpb24whhcnmjixmti5mtu1ndmxwhcn
mzcxmti2mtu1ndmxwjcbmzelmakga1uebhmcvvmxezarbgnvbagmcknhbglmb3ju
awexfjaubgnvbacmdvnhbibgcmfuy2lzy28xgjaybgnvbaomevnvbwugt3jnyw5p
emf0aw9umr4whaydvqqddbvzb21llm9yz2fuaxphdglvbi5jb20xizahbgkqhkig
9w0bcqimfhnvbwugywrkaxrpb25hbcbpbmzvmiibijanbgkqhkig9w0baqefaaoc
aq8amiibcgkcaqeayqprugdiaerkahbx06wobpekkz8cfyir6dv8d49eqho1xmcp
avotfjsj5cktuh64885lftcghudpcw+rih0fb8tolebua9yimuqbyfnrglrz7u+g
bkgyqo7w0psb7tguki7eseecvwsoygwyzksiuzbsqoauecjxog7gmr6qiutmilaq
dy0wwlir7iakx0qlq8ihfy6ynf2aghet6ic9tgbkifo6hwlep4gbwwtivcd94l6l
6rnpgtyxhsmlael0jn/4qpadcixdrbnahffzbrqyo7synqjuienxevq+7esiqibv
rkvt9hpaj+o/ij4z+z6xys8se3re4fsnsdxphqidaqabma0gcsqgsib3dqebcwua
a4ibaqch6vxtrqubfvgahnmjpshci3jcaz/x9hl2qgxntzas3rljbd6orc+3itli
vzjlwryl1hztxfecj3etvg1acknohx0rcfggnbsqsoz6oaazls6bakchbruqmhfg
icdk8a1pv1cr/spbe/ujskbg548jpqcsweul1jndsnzzmjuxy+ftm2pdyisrbgxy
y0spkxahukltblzghh1kimu7uuteuxdgmlccyey9/ibwtka9j/wnjc0cqc13jle8
pqvliexiovsktsgbzwyxw2p+m6qbjrc83oorwm8gnej1k2yx6jmnzlifidfit/h6
m2y3gjyqfgexupmk9toeejzpj1rb
-----end certificate-----
"""

cert = x509.load_pem_x509_certificate(pem, default_backend())
unstructured_name = cert.subject.get_attributes_for_oid(nameoid.unstructured_name)[0].value
print(unstructured_name)

此代码打印 unstructedname 的值（在本例中为“一些附加信息”）。

我在 go 中的尝试如下所示：

package main

import (
    "crypto/x509"
    "encoding/pem"
    "fmt"

    "log"
)

const certRaw = `-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIUNjbltje6I/S9PJN8KgIxyi2Iw58wDQYJKoZIhvcNAQEL
BQAwSTEUMBIGA1UEAwwLZXhhbXBsZS5jb20xFjAUBgNVBAoMDUV4YW1wbGUsIElu
Yy4xGTAXBgNVBAsMEEV4YW1wbGUgRGl2aXNpb24wHhcNMjIxMTI5MTU1NDMxWhcN
MzcxMTI2MTU1NDMxWjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGjAYBgNVBAoMEVNvbWUgT3JnYW5p
emF0aW9uMR4wHAYDVQQDDBVzb21lLm9yZ2FuaXphdGlvbi5jb20xIzAhBgkqhkiG
9w0BCQIMFHNvbWUgYWRkaXRpb25hbCBpbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyqprugdiaERkAHbx06WobPekkZ8CFyiR6dv8D49eqHO1xmCp
aVotFJSj5cktUH64885LfTCghUdPcw+rIh0fB8tOleBUA9yIMUqbYFnRgLrz7U+g
bkgyQO7w0PsB7tgUKI7esEEcvWSoygWyZKSiUZBSQOAuEcJxog7GMR6QiUtmiLaq
DY0Wwlir7iakX0Qlq8iHFY6yNf2aghET6IC9tGbkifO6HWLEP4gBWwtIvCd94l6L
6rNpGtYXHSmlaEL0jn/4QPADciXDrBnAhFfzBrqyO7SYNqJUiENXEvq+7ESIqibV
RKvt9HpAj+O/Ij4z+Z6Xys8sE3RE4FSNSdXphQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCH6vxtrqUBFVgahnmjPSHci3JCaz/X9hL2QgXNTzAS3rLJBd6OrC+3ITli
vzJlWryl1hzTxFEcj3EtVG1AckNOHX0RCFggNBSQSOz6oaaZlS6BAkChbRUqmHfG
iCDK8A1pV1cr/SPBe/UjSkbG548JpqCSWEUL1jNDsNzZmjuXy+FTM2PDYiSRbGxY
Y0SpkxAhuKltblzghh1KIMU7UutEUXDGMlCCYEY9/ibWTKa9J/WNjC0CQC13jLe8
PqVLIeXIoVSkTsgbzwYxW2P+M6QbjRC83OORwm8GnEj1k2yX6JmnzLifidFiT/h6
M2Y3gjYqfGexupmK9toEejZPj1RB
-----END CERTIFICATE-----
`

func main() {
    block, rest := pem.Decode([]byte(certRaw))
    if block == nil {
        log.Fatalf("Decode CA PEM, %v", rest)
    }
    cert, err := x509.ParseCertificate(block.Bytes)
    if err != nil {
        log.Fatalf("parse certificate")
    }
    fmt.Println(cert.Subject.String())
    // Unmarshall and print value of unstructuredName (oid: 1.2.840.113549.1.9.2)
    // ???
}

去游乐场：https://go.dev/play/p/vwkpdbnpq78

我找不到通过 oid 获取属性的函数。当我打印出整个主题时，我发现该值仍然是（der？）编码的。

如何解码或解组 unstructedname 的值？

非常感谢。

解决方法

我认为 go 标准库没有通过 oid 获取属性的函数。不过，自己写一个看起来并不难。下面的代码基于此相关答案（以及您问题中的代码）。

这是更新后的 go playground - https://www.php.cn/link/f0eb6568ea114ba6e293f903c34d7488.

package main

import (
    "crypto/x509"
    "encoding/pem"
    "fmt"

    "log"
)

const certRaw = `-----BEGIN CERTIFICATE-----
MIIDcTCCAlmgAwIBAgIUNjbltje6I/S9PJN8KgIxyi2Iw58wDQYJKoZIhvcNAQEL
BQAwSTEUMBIGA1UEAwwLZXhhbXBsZS5jb20xFjAUBgNVBAoMDUV4YW1wbGUsIElu
Yy4xGTAXBgNVBAsMEEV4YW1wbGUgRGl2aXNpb24wHhcNMjIxMTI5MTU1NDMxWhcN
MzcxMTI2MTU1NDMxWjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGjAYBgNVBAoMEVNvbWUgT3JnYW5p
emF0aW9uMR4wHAYDVQQDDBVzb21lLm9yZ2FuaXphdGlvbi5jb20xIzAhBgkqhkiG
9w0BCQIMFHNvbWUgYWRkaXRpb25hbCBpbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyqprugdiaERkAHbx06WobPekkZ8CFyiR6dv8D49eqHO1xmCp
aVotFJSj5cktUH64885LfTCghUdPcw+rIh0fB8tOleBUA9yIMUqbYFnRgLrz7U+g
bkgyQO7w0PsB7tgUKI7esEEcvWSoygWyZKSiUZBSQOAuEcJxog7GMR6QiUtmiLaq
DY0Wwlir7iakX0Qlq8iHFY6yNf2aghET6IC9tGbkifO6HWLEP4gBWwtIvCd94l6L
6rNpGtYXHSmlaEL0jn/4QPADciXDrBnAhFfzBrqyO7SYNqJUiENXEvq+7ESIqibV
RKvt9HpAj+O/Ij4z+Z6Xys8sE3RE4FSNSdXphQIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCH6vxtrqUBFVgahnmjPSHci3JCaz/X9hL2QgXNTzAS3rLJBd6OrC+3ITli
vzJlWryl1hzTxFEcj3EtVG1AckNOHX0RCFggNBSQSOz6oaaZlS6BAkChbRUqmHfG
iCDK8A1pV1cr/SPBe/UjSkbG548JpqCSWEUL1jNDsNzZmjuXy+FTM2PDYiSRbGxY
Y0SpkxAhuKltblzghh1KIMU7UutEUXDGMlCCYEY9/ibWTKa9J/WNjC0CQC13jLe8
PqVLIeXIoVSkTsgbzwYxW2P+M6QbjRC83OORwm8GnEj1k2yX6JmnzLifidFiT/h6
M2Y3gjYqfGexupmK9toEejZPj1RB
-----END CERTIFICATE-----
`

func main() {
    block, rest := pem.Decode([]byte(certRaw))
    if block == nil {
        log.Fatalf("Decode CA PEM, %v", rest)
    }
    cert, err := x509.ParseCertificate(block.Bytes)
    if err != nil {
        log.Fatalf("parse certificate")
    }

    // 1.2.840.113549.1.9.2
    var oidUnstructuredName = []int{1, 2, 840, 113549, 1, 9, 2}
    var unstructuredName string

    for _, n := range cert.Subject.Names {
        if n.Type.Equal(oidUnstructuredName) {
            if v, ok := n.Value.(string); ok {
                unstructuredName = v
            }
        }
    }

    fmt.Println(unstructuredName)
}

以上是Go：从 ssl 证书获取'subject/unstructeredName”的值的详细内容。更多信息请关注PHP中文网其他相关文章！