卓越飞翔博客卓越飞翔博客

卓越飞翔 - 您值得收藏的技术分享站
技术文章64334本站已运行4115
菜单 会员中心

在 Golang 中解码 asn1.RawValue 的正确方法

2024-02-06技术经验 浏览

在 golang 中解码 asn1.rawvalue 的正确方法

问题内容

我正在golang中实现证书解析,我需要获取父证书链接。

如果我执行 openssl x509 -in certificate.pem -text -noout 那么我可以看到以下证书扩展:

authority information access:
                ocsp - uri:http://teszt.e-szigno.hu/testca3ocsp
                ca issuers - uri:http://teszt.e-szigno.hu/tca3.crt

在我的 go 项目中,我有以下代码:

content := `-----begin certificate-----
miijxdccckygawibaginfebzvuoocnmwumancjanbgkqhkig9w0baqsfadbqmqsw
cqydvqqgewjivterma8ga1uebwwiqnvkyxblc3qxfjaubgnvbaomdu1py3jvc2vj
iex0zc4xfdasbgnvbasmc2utu3ppz25vienbmrowgaydvqqddbfllvn6awdubybu
zxn0ienbmzaefw0ymzaxmjqxmjqxntbafw0yndaxmjqxmjqxntbamihqmrmweqyl
kwybbagcnzwcaqmtakvfmrgwfgylkwybbagcnzwcaqemb1rhbgxpbm4xhtabbgnv
ba8mffbyaxzhdgugt3jnyw5pemf0aw9umrewdwydvqqfewgxmji2odq3ntelmakg
a1uebhmcruuxedaobgnvbacmb1rhbgxpbm4xfzavbgnvbaomdk1ha3nla2vza3vz
ieftmrswgqydvqrhdbjqu0rfrs1gu0etmtiynjg0nzuxgdawbgnvbammd21ha2vj
b21tzxjjzs5sddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebajfyj3ss
xev2yhbgxnmqw8e+zqfvrb1+uhlsm7c65hsjwavjhehnv1cufilrf5x1pubdmxtc
xpwd7fmoc7h++baedapv/xcwkmqugbkfwhazpkjbxiqbh7jbe4d+3pxn+zdlq/1b
wi6djhghn+ydgw6x+qgbovzaflprfdoyqxdw8ymc/iqmbahzzqape2eww1xrgyat
dne5t2t7uwc05qdygi1hi50wgoezx7a7cdsjwg+kfvczley+4h73apigh1f0q+ec
pozsoot12cwspbwzb9g03s5ioiipjpoqmivnkggegbby16p3vq/78w9xjpy0dwid
x2cfplplta8ejf0caweaaaocbgawggx8ma4ga1uddweb/wqeawifodcbiqykkwyb
bahweqieagr7bhkadwb1akoeeaq/ggsck+vmtchkwumu5fdmczaqslwmlwublagd
aaabhepmicsaaaqdaeywraigmbv+ixdcxogt9vppuiuuhaja08aignqmknssyhpl
4egcicqn64jfx+fitpnfxb6u531ta3vkjmmmlokvn5b2vj4wmb0ga1udjqqwmbqg
ccsgaqufbwmbbggrbgefbqcdajccayqga1udiascaxswggmxmiidewymkwybbagb
qbgcaqfkmiidatambggrbgefbqccaryaahr0cdovl2nwlmutc3ppz25vlmh1l3fj
chmwgb8gccsgaqufbwicmigydigvvgvzdcbxdwfsawzpzwqgy2vydglmawnhdgug
zm9yihdlynnpdgugyxv0agvudgljyxrpb24gyw5kignsawvudcbhdxrozw50awnh
dglvbi4gvghlihbyb3zpzgvyihbyzxnlcnzlcybyzwdpc3ryyxrpb24gzgf0ysbm
b3igmtagewvhcnmgywz0zxigdghligv4cglyyxrpb24gb2ygdghlignlcnrpzmlj
yxrlljcblqyikwybbquhagiwgygmgyvurvnuignlcnrpzmljyxrliglzc3vlzcbv
bmx5igzvcib0zxn0aw5nihb1cnbvc2vzlibuagugaxnzdwvyiglzig5vdcbsawfi
bgugzm9yigfuesbkyw1hz2vzigfyaxnpbmcgznjvbsb0agugdxnlig9mihroaxmg
y2vydglmawnhdguhmihmbggrbgefbqccajcbvwybvfrlc3p0ig1pbswrc8otdgv0
dcb3zwjvbgrhbc1oaxrlbgvzw610xzegw6lzimo8z3lmw6lslwhpdgvszxpdrxtf
ksb0yw7dunpdrxr2w6fues4gqsbyzwdpc3p0csohy2nds3mgywrhdg9ryxqgysbz
em9sz8ohbhrhdmozigegdgfuw7pzw610dsohbnkgbgvqw6fydmohdmozbcbzesoh
bcotdg90dcaxmcddqxzpzydfkxj6asbtzwcumigtbggrbgefbqccajcboaybnvrl
c3p0zwzdqxnpigpdqwxyysbrawfkb3r0ifrfu1puihrhbso6c8otdhbdow55libb
ighhc3puw6fsyxtdoxzhbcbryxbjc29syxrvc2fuigzlbg1lcso8bmwrigvdoxjv
a8opcnqgysbtem9sz8ohbhrhdmozihnlbw1pbhllbibmzwxlbmwrc3pdqwdldcbu
zw0gdsohbgxhbcewhqydvr0obbyeffpdj86z7qidatzbzlvll+6rll12mb8ga1ud
iwqymbaafnzmaijvnzcpit6grsbv8+826pdnmboga1udeqqtmbgcd21ha2vjb21t
zxjjzs5sddaybgnvhr8ekzapmcegjaajhifodhrwoi8vdgvzenquzs1zemlnbm8u
ahuvvenbmy5jcmwwbwyikwybbquhaqeeyzbhmdagccsgaqufbzabhirodhrwoi8v
dgvzenquzs1zemlnbm8uahuvdgvzdgnhm29jc3awlqyikwybbquhmakgiwh0dha6
ly90zxn6dc5llxn6awduby5ods9uq0ezlmnyddccarqgccsgaqufbwedbiibbjcc
aqiwcaygbacorgebmasgbgqajkybawibcjbtbgyeai5gaquwstakfh5odhrwczov
l2nwlmutc3ppz25vlmh1l3fjchnfzw4takvomcewg2h0dhbzoi8vy3auzs1zemln
bm8uahuvcwnwcxmcsfuwewygbacorgegmakgbwqajkybbgmwfwygbacbmcccmhuw
jjarbgceaigyjwecdazqu1bfuekweqyhbacbmccbawwgufnqx0fjdenfrsatievz
dg9uawfuiezpbmfuy2lhbcbtdxblcnzpc2lvbibbdxrob3jpdhkglybgaw5hbnrz
aw5zcgvrdhnpb29udazfrs1gu0ewdqyjkozihvcnaqelbqadggebahzxm9440svu
cpzlshq3okooeu4ftrp0kqkvzmbkmf+yct80vartjniadk5rk6hqrjrjcudi9+hj
ep9nzwkn+buvwc2ev+m7i35pck+dvnmtcgxto2qgvznosvjfuzshoc4mfifxnczo
2ne2utfu2wywzqpyncwfmz7aouxylgofefs13mdh5det++nwoaod8abzzqaeysk9
r1fcxrthpldxjijdduzpzcvw+obyjrhkim6zahd6r0e6kb9i+feevf8iwgntsoze
zflb6evyjuizsyqgtelrjim4alu1+pa/2zhlzm55pwj1km8piwyqigla0dkozf4+
otnnt6rr7bu=
-----end certificate-----`
certderblock, _ := pem.decode([]byte(content))
x509cert, err := x509.parsecertificate(certderblock.bytes)
for _, extension := range x509cert.extensions {
    if extension.id.equal(asn1.objectidentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}) {
        var collexts []asn1.rawvalue
        asn1.unmarshal(extension.value, &collexts)
        for _, collext := range collexts {
            fmt.println(string(collext.bytes))
        }
    }
}

它给出以下输出:

+0�#http://teszt.e-szigno.hu/testca3ocsp
+0�0http://teszt.e-szigno.hu/TCA3.crt

尽管我已经能够解析此类输出并获取父证书链接,但我想了解如何在那里获取人类可读的文本。 我查看了 asn1 包,没有找到任何函数来解码 asn1.rawvalue 对象或 asn1.rawvalue.bytes


正确答案


您不需要查看 x509cert.extensions 来获取 aia 信息,您可以直接从 x509.证书:

// rfc 5280, 4.2.2.1 (authority information access)
ocspserver            []string
issuingcertificateurl []string

简单地说:

certderblock, _ := pem.decode([]byte(certbody))
x509cert, err = x509.parsecertificate(certderblock.bytes)

fmt.printf("ocspserver:            %vn", x509cert.ocspserver)
fmt.printf("issuingcertificateurl: %vn", x509cert.issuingcertificateurl)

https://www.php.cn/link/bc9d03fca6bcbe7f8b591f9d2bf8497a

OCSPServer:            [http://teszt.e-szigno.hu/testca3ocsp]
IssuingCertificateURL: [http://teszt.e-szigno.hu/TCA3.crt]
卓越飞翔博客
上一篇: 如何用mpb创建两行进度条?
下一篇: 表示 SQL 表的 Go 结构体

相关推荐

标签:证书   链接   看了   地说   我有

留言与评论(共有 0 条评论)
   
验证码:
隐藏边栏