php小编草莓从字符串格式的 x509 证书生成主题名称是一项重要的操作,它可以帮助开发人员从证书中提取出关键信息。通过解析字符串格式的 x509 证书,我们可以获取证书的主题名称,包括证书的颁发者、有效期、公钥等信息。这个过程对于构建安全的网络通信、验证证书的合法性以及保护用户隐私具有重要意义。在 PHP 中,我们可以借助 OpenSSL 扩展提供的函数来实现这个功能,简单、高效地处理 x509 证书。
我正在尝试从 x509.certificate 生成可分辨名称。
我期望的格式是:
"cn=<common_name>,ou=<org_unit>,o=,dnqualifier=+7he5grzxim+lkemb5fs98e+fpy="
(我用标签替换了一些值)
通过我的代码,我得到了没有 dnqualifier 部分的预期字符串,如下所示:
cn=<common_name>,ou=<org_unit>,o=,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d"
在这里, 2.5.4.46 是“dnqualifier”的 asn.1 对象 id 参考:链接 该值看起来像一个十六进制字符串。
是否有标准方法(或简单的解决方法)来获取预期格式的专有名称?即,应该出现文本“dnqualifier”而不是其 objectidentifier,并且应该出现实际的字符串值而不是十六进制。
我的代码如下所示:
package main import ( "crypto/x509" "encoding/pem" "fmt" "github.com/sirupsen/logrus" ) func main() { cert := "" // certificate string here block, rest := pem.decode([]byte(cert)) if len(rest) != 0 { logrus.error("certificate string not fully decoded : ", rest) } certificate, err := x509.parsecertificate(block.bytes) if err != nil { logrus.witherror(err).error("error parsing certificate") } fmt.println(certificate.subject.string()) }
从此代码 certificate.subject.string()
给出的输出如下:
cn=<common_name>,ou=<org_unit>,o=<org>,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d"
另外,
fmt.printf("%+v\n", cert.subject.tordnsequence())
和
var sub pkix.RDNSequence asn1.Unmarshal(certificate.RawSubject, &sub)
两者都没有帮助。
标准库仅提供 有限的属性列表:
var attributetypenames = map[string]string{ "2.5.4.6": "c", "2.5.4.10": "o", "2.5.4.11": "ou", "2.5.4.3": "cn", "2.5.4.5": "serialnumber", "2.5.4.7": "l", "2.5.4.8": "st", "2.5.4.9": "street", "2.5.4.17": "postalcode", }
对于其他属性,它只是使用对象标识符作为名称,并在可能的情况下将值编码为十六进制字符串(请参阅(rdnsequence).string):
oidstring := tv.type.string() typename, ok := attributetypenames[oidstring] if !ok { derbytes, err := asn1.marshal(tv.value) if err == nil { s += oidstring + "=#" + hex.encodetostring(derbytes) continue // no value escaping necessary. } typename = oidstring } valuestring := fmt.sprint(tv.value) escaped := make([]rune, 0, len(valuestring))
它没有提供任何旋钮让我们获得定制的琴弦。所以我们必须自己做。
我建议列出我们想要的属性,并将它们附加到从 certificate.subject.tordnsequence().string()
返回的字符串中。像这样:
package main import ( "crypto/x509" "crypto/x509/pkix" "encoding/pem" "fmt" ) func tostring(name pkix.name) string { s := name.tordnsequence().string() // list the extra attributes that should be added. attributetypenames := map[string]string{ "2.5.4.43": "initials", "2.5.4.46": "dnqualifier", } for typ, typename := range attributetypenames { for _, atv := range name.names { oidstring := atv.type.string() if oidstring == typ { // to keep this demo simple, i just call fmt.sprint to get the string. // maybe you want to escape some of the characters. // see https://github.com/golang/go/blob/1db23771afc7b9b259e926db35602ecf5047ae23/src/crypto/x509/pkix/pkix.go#l67-l86 s += "," + typename + "=" + fmt.sprint(atv.value) break } } } return s } func main() { block, _ := pem.decode([]byte(cert)) certificate, err := x509.parsecertificate(block.bytes) if err != nil { panic(err) } fmt.println(certificate.subject.string()) fmt.println() fmt.println(certificate.subject.tordnsequence().string()) fmt.println() fmt.println(tostring(certificate.subject)) } var cert = `-----begin certificate----- miigvdccbksgawibagiupminkycv6nqggfhrq1sj/y/4gykwdqyjkozihvcnaqel bqawgfsxgzazbgnvbammennly3vyzs5legftcgxllmnvbtelmakga1uebhmcwfgx etapbgnvbacmcez1bibmyw5kmsgwjgydvqqkdb9neunviexmqybmveqgsu5dichk lmiuys4gt3vyq28pmriweaydvqqldaltu0wgrgvwdc4xczajbgnvbagmallzmsqw igyjkozihvcnaqkbfhvzc2wtywrtaw5azxhhbxbszs5jb20xetapbgnvbckmcepv ag4grg9lmqwwcgydvqqedaneb2uxdtalbgnvbcombepvag4xddakbgnvbcsma0py rdenmasga1uelhmec29tztaefw0ymza2mtixndi2mzhafw0ynda2mtexndi2mzha mih7mrswgqydvqqddbjzzwn1cmuuzxhhbxbszs5jb20xczajbgnvbaytalhymrew dwydvqqhdahgdw4gtgfuzdeomcyga1uecgwftxldbybmtemgtfreieloqyaozc5i lmeuie91cknvktesmbaga1uecwwju1nmierlchqumqswcqydvqqidajzwtekmcig csqgsib3dqejaryvc3nslwfkbwluqgv4yw1wbguuy29tmrewdwydvqqpdahkb2hu iervztemmaoga1uebawdrg9lmq0wcwydvqqqdarkb2humqwwcgydvqqrdankweqx dtalbgnvbc4tbhnvbwuwggiima0gcsqgsib3dqebaquaa4icdwawggikaoicaqdl i0xuep6r94lf5yn0lqni2qljtf4yiuapwsph1g6jutldcr5f70bkaxagznzkxssb rgu+zwviphu1kilnx1youhfdzdx0ecmayw22zet4p8f88slnmhquxixjypopo+2b hz8u1by7ojdccw94jhmhbug07whiu8y54wijgjv3xwnvgaorjtxs3csubmldfki7 s9gfgvqpokqpbbl+v37vbvkzgs3bw4lf7apyqe9q63q2held8/aabatujhgn1bzs truvda9fkktdlvkn6furaeccdc+eaonpsxwimp/d01wukofojywmbgbm7a/bpby0 uxyqwmkxztquxd8mdaev89oao4ijuo8q50+9xehtb/q4tdhzjjw5k6xxqfxatrqa /xmn8fmitvddirxqaz4ttvpdeqxnudh3retzbgoqzy4mqcgzv723tdbfzlgiqnif 1atjueotmbl7juj/1qulrpb+/ayzgqrg0xlpjr3h1essebn1ts8elvk5z6ekp5ur rjlv3z2qq1vsn/ngnqkviyeppwj1wgxkkmaz3d6i3gixqpmklno2wdorwf/m+opu c5+bl8nhpc0hirodi8vnkbj5mimqazwfnfhq1vveihkzxfeuee8y1r7ju/mo5qd1 z6wato77vcqd2g1xgqdjy7hrzgvmx/m9rrhqe57gyqidaqabozywndatbgnvhsue ddakbggrbgefbqcdatadbgnvhq4efgqu8wifqbhufesmbdsbjclj4zhcynewdqyj kozihvcnaqelbqadggibafx4qapmwkzd6juofcdmdxynjzlgyu0vtosjaor5vck8 qk/rhpqmg/j+eoikjy+xyh72wuovp25z2c99gyeyx3ve2ttsqq9uhz5eeonvi4h5 em68s5hwpywwo2u5fsvcofmpbeft/vtuvt+jczpxvrzz3a9zbwkapivoclp5y9ik slzrkbvosafanfeffk/kyootrnoe/ahpezua8efkrlh4ggp8nzzcjamwwaoqkf3o hufizyaenja6sm37id3eqwvsrtwkrrdkci6nqcpf0tpvxwazist2+tyimbuhacq7 qc1vhul9oyabhgjkgvhqsxxuybobqaoxdvmjueapdzgzfljlpari7aao1vamft1/ +4ulio1p9egkqdtzuu4grvbwo1pftj/alp2o/b/fnecevlphnlast+frldymrnsz r3uv47pzpuka1+zivmpkk0kwjcb1xdficpj0t9uc7bmueyrxkf9zytbf9iqzlfnl 1lrxdod7/tf/gjlwbtiei8gwi38fimhy6iawl2epk1gzq3wep0km/lx6ol5dgmrr 2sbczecqhzvb7ya7k28iff2wma9txl/nbdhw57/7bclkbevaniwgvuqroggrmlxg z1xp51mthl8bl2zn+q4x7xjvfvxbetfwxa8b9vlho1qkdzcdrgzt5jebpm5zgj5k -----end certificate-----`
输出:
CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,2.5.4.46=#1304736f6d65,2.5.4.43=#13034a5844,2.5.4.42=#13044a6f686e,2.5.4.4=#1303446f65,2.5.4.41=#13084a6f686e20446f65,1.2.840.113549.1.9.1=#0c1573736c2d61646d696e406578616d706c652e636f6d CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,initials=JXD,dnQualifier=some
以上是从字符串格式的 x509 证书生成主题名称的详细内容。更多信息请关注PHP中文网其他相关文章!