当前位置：首页 > 文章列表 > Golang > Go问答 > 将 x509 证书的字符串格式转换为主题名称

将 x509 证书的字符串格式转换为主题名称

来源：stackoverflow 2024-02-11 10:39:23 0浏览收藏

大家好，我们又见面了啊~本文《将 x509 证书的字符串格式转换为主题名称》的内容中将会涉及到等等。如果你正在学习Golang相关知识，欢迎关注我，以后会给大家带来更多Golang相关文章，希望我们能一起进步！下面就开始本文的正式内容~

问题内容

我正在尝试从 x509.certificate 生成可分辨名称。

我期望的格式是：

"cn=<common_name>,ou=<org_unit>,o=,dnqualifier=+7he5grzxim+lkemb5fs98e+fpy="

（我用标签替换了一些值）

通过我的代码，我得到了没有 dnqualifier 部分的预期字符串，如下所示：

cn=<common_name>,ou=<org_unit>,o=,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d"

在这里， 2.5.4.46 是“dnqualifier”的 asn.1 对象 id 参考：链接该值看起来像一个十六进制字符串。

是否有标准方法（或简单的解决方法）来获取预期格式的专有名称？即，应该出现文本“dnqualifier”而不是其 objectidentifier，并且应该出现实际的字符串值而不是十六进制。

我的代码如下所示：

package main

import (
    "crypto/x509"
    "encoding/pem"
    "fmt"

    "github.com/sirupsen/logrus"
)

func main() {

    cert := "" // certificate string here
    block, rest := pem.decode([]byte(cert))
    if len(rest) != 0 {
        logrus.error("certificate string not fully decoded : ", rest)
    }

    certificate, err := x509.parsecertificate(block.bytes)
    if err != nil {
        logrus.witherror(err).error("error parsing certificate")
    }

    fmt.println(certificate.subject.string())
}

从此代码 certificate.subject.string() 给出的输出如下： cn=,ou=,o=,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d"

另外，

fmt.printf("%+v\n", cert.subject.tordnsequence())

和

var sub pkix.RDNSequence
asn1.Unmarshal(certificate.RawSubject, &sub)

两者都没有帮助。

正确答案

标准库仅提供有限的属性列表：

var attributetypenames = map[string]string{
    "2.5.4.6":  "c",
    "2.5.4.10": "o",
    "2.5.4.11": "ou",
    "2.5.4.3":  "cn",
    "2.5.4.5":  "serialnumber",
    "2.5.4.7":  "l",
    "2.5.4.8":  "st",
    "2.5.4.9":  "street",
    "2.5.4.17": "postalcode",
}

对于其他属性，它只是使用对象标识符作为名称，并在可能的情况下将值编码为十六进制字符串（请参阅(rdnsequence).string):

oidstring := tv.type.string()
typename, ok := attributetypenames[oidstring]
if !ok {
    derbytes, err := asn1.marshal(tv.value)
    if err == nil {
        s += oidstring + "=#" + hex.encodetostring(derbytes)
        continue // no value escaping necessary.
    }

    typename = oidstring
}

valuestring := fmt.sprint(tv.value)
escaped := make([]rune, 0, len(valuestring))

它没有提供任何旋钮让我们获得定制的琴弦。所以我们必须自己做。

我建议列出我们想要的属性，并将它们附加到从 certificate.subject.tordnsequence().string() 返回的字符串中。像这样：

package main

import (
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "fmt"
)

func tostring(name pkix.name) string {
    s := name.tordnsequence().string()

    // list the extra attributes that should be added.
    attributetypenames := map[string]string{
        "2.5.4.43": "initials",
        "2.5.4.46": "dnqualifier",
    }

    for typ, typename := range attributetypenames {
        for _, atv := range name.names {
            oidstring := atv.type.string()
            if oidstring == typ {
                // to keep this demo simple, i just call fmt.sprint to get the string.
                // maybe you want to escape some of the characters.
                // see https://github.com/golang/go/blob/1db23771afc7b9b259e926db35602ecf5047ae23/src/crypto/x509/pkix/pkix.go#l67-l86
                s += "," + typename + "=" + fmt.sprint(atv.value)
                break
            }
        }
    }
    return s
}

func main() {
    block, _ := pem.decode([]byte(cert))
    certificate, err := x509.parsecertificate(block.bytes)
    if err != nil {
        panic(err)
    }

    fmt.println(certificate.subject.string())
    fmt.println()
    fmt.println(certificate.subject.tordnsequence().string())
    fmt.println()
    fmt.println(tostring(certificate.subject))
}

var cert = `-----begin certificate-----
miigvdccbksgawibagiupminkycv6nqggfhrq1sj/y/4gykwdqyjkozihvcnaqel
bqawgfsxgzazbgnvbammennly3vyzs5legftcgxllmnvbtelmakga1uebhmcwfgx
etapbgnvbacmcez1bibmyw5kmsgwjgydvqqkdb9neunviexmqybmveqgsu5dichk
lmiuys4gt3vyq28pmriweaydvqqldaltu0wgrgvwdc4xczajbgnvbagmallzmsqw
igyjkozihvcnaqkbfhvzc2wtywrtaw5azxhhbxbszs5jb20xetapbgnvbckmcepv
ag4grg9lmqwwcgydvqqedaneb2uxdtalbgnvbcombepvag4xddakbgnvbcsma0py
rdenmasga1uelhmec29tztaefw0ymza2mtixndi2mzhafw0ynda2mtexndi2mzha
mih7mrswgqydvqqddbjzzwn1cmuuzxhhbxbszs5jb20xczajbgnvbaytalhymrew
dwydvqqhdahgdw4gtgfuzdeomcyga1uecgwftxldbybmtemgtfreieloqyaozc5i
lmeuie91cknvktesmbaga1uecwwju1nmierlchqumqswcqydvqqidajzwtekmcig
csqgsib3dqejaryvc3nslwfkbwluqgv4yw1wbguuy29tmrewdwydvqqpdahkb2hu
iervztemmaoga1uebawdrg9lmq0wcwydvqqqdarkb2humqwwcgydvqqrdankweqx
dtalbgnvbc4tbhnvbwuwggiima0gcsqgsib3dqebaquaa4icdwawggikaoicaqdl
i0xuep6r94lf5yn0lqni2qljtf4yiuapwsph1g6jutldcr5f70bkaxagznzkxssb
rgu+zwviphu1kilnx1youhfdzdx0ecmayw22zet4p8f88slnmhquxixjypopo+2b
hz8u1by7ojdccw94jhmhbug07whiu8y54wijgjv3xwnvgaorjtxs3csubmldfki7
s9gfgvqpokqpbbl+v37vbvkzgs3bw4lf7apyqe9q63q2held8/aabatujhgn1bzs
truvda9fkktdlvkn6furaeccdc+eaonpsxwimp/d01wukofojywmbgbm7a/bpby0
uxyqwmkxztquxd8mdaev89oao4ijuo8q50+9xehtb/q4tdhzjjw5k6xxqfxatrqa
/xmn8fmitvddirxqaz4ttvpdeqxnudh3retzbgoqzy4mqcgzv723tdbfzlgiqnif
1atjueotmbl7juj/1qulrpb+/ayzgqrg0xlpjr3h1essebn1ts8elvk5z6ekp5ur
rjlv3z2qq1vsn/ngnqkviyeppwj1wgxkkmaz3d6i3gixqpmklno2wdorwf/m+opu
c5+bl8nhpc0hirodi8vnkbj5mimqazwfnfhq1vveihkzxfeuee8y1r7ju/mo5qd1
z6wato77vcqd2g1xgqdjy7hrzgvmx/m9rrhqe57gyqidaqabozywndatbgnvhsue
ddakbggrbgefbqcdatadbgnvhq4efgqu8wifqbhufesmbdsbjclj4zhcynewdqyj
kozihvcnaqelbqadggibafx4qapmwkzd6juofcdmdxynjzlgyu0vtosjaor5vck8
qk/rhpqmg/j+eoikjy+xyh72wuovp25z2c99gyeyx3ve2ttsqq9uhz5eeonvi4h5
em68s5hwpywwo2u5fsvcofmpbeft/vtuvt+jczpxvrzz3a9zbwkapivoclp5y9ik
slzrkbvosafanfeffk/kyootrnoe/ahpezua8efkrlh4ggp8nzzcjamwwaoqkf3o
hufizyaenja6sm37id3eqwvsrtwkrrdkci6nqcpf0tpvxwazist2+tyimbuhacq7
qc1vhul9oyabhgjkgvhqsxxuybobqaoxdvmjueapdzgzfljlpari7aao1vamft1/
+4ulio1p9egkqdtzuu4grvbwo1pftj/alp2o/b/fnecevlphnlast+frldymrnsz
r3uv47pzpuka1+zivmpkk0kwjcb1xdficpj0t9uc7bmueyrxkf9zytbf9iqzlfnl
1lrxdod7/tf/gjlwbtiei8gwi38fimhy6iawl2epk1gzq3wep0km/lx6ol5dgmrr
2sbczecqhzvb7ya7k28iff2wma9txl/nbdhw57/7bclkbevaniwgvuqroggrmlxg
z1xp51mthl8bl2zn+q4x7xjvfvxbetfwxa8b9vlho1qkdzcdrgzt5jebpm5zgj5k
-----end certificate-----`

输出：

CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,2.5.4.46=#1304736f6d65,2.5.4.43=#13034a5844,2.5.4.42=#13044a6f686e,2.5.4.4=#1303446f65,2.5.4.41=#13084a6f686e20446f65,1.2.840.113549.1.9.1=#0c1573736c2d61646d696e406578616d706c652e636f6d

CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX

CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,initials=JXD,dnQualifier=some

今天关于《将 x509 证书的字符串格式转换为主题名称》的内容介绍就到此结束，如果有什么疑问或者建议，可以在golang学习网公众号下多多回复交流；文中若有不正之处，也希望回复留言以告知！

版本声明

本文转载于：stackoverflow 如有侵犯，请联系study_golang@163.com删除