英文:
How to parse custom X509v3 extension in golang?
问题
我有一个client.crt.pem文件。
我想要获取自定义扩展的键值对。
(例如:
2.9.1.6.2.6.1.9.9.4.1
和 G1
或者
2.9.1.6.2.6.1.9.9.4.1
和 0C024731
)。
如何在golang中解析它们?
这是证书信息。
使用openssl x509 -in client.crt.pem -noout -text
命令显示它。
...
...
X509v3扩展:
X509v3基本约束:
CA:FALSE
Netscape证书类型:
SSL客户端,S/MIME
Netscape注释:
OpenSSL生成的客户端证书
X509v3密钥用法: 关键
数字签名,不可否认,密钥加密
X509v3扩展密钥用法:
TLS Web客户端身份验证,电子邮件保护
2.9.1.6.2.6.1.9.9.4.1:
..G1
2.9.1.6.2.6.1.9.9.4.2:
..R1
2.9.1.6.2.6.1.9.9.4.3:
..3
X509v3主题备用名称:
IP地址:127.0.0.1,IP地址:0:0:0:0:0:0:0:1,DNS:localhost
...
...
或者使用openssl asn1parse -i -in client.crt.pem
命令
...
...
998:d=4 hl=2 l= 18 cons: SEQUENCE
1000:d=5 hl=2 l= 10 prim: OBJECT :2.9.1.6.2.6.1.9.9.4.1
1012:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:0C024731
1018:d=4 hl=2 l= 18 cons: SEQUENCE
1020:d=5 hl=2 l= 10 prim: OBJECT :2.9.1.6.2.6.1.9.9.4.2
1032:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:0C025231
1038:d=4 hl=2 l= 17 cons: SEQUENCE
1040:d=5 hl=2 l= 10 prim: OBJECT :2.9.1.6.2.6.1.9.9.4.3
1052:d=5 hl=2 l= 3 prim: OCTET STRING [HEX DUMP]:0C0133
...
...
英文:
I have a client.crt.pem.
I want to get the custom extension key-value.
(e.g.
2.9.1.6.2.6.1.9.9.4.1
and G1
,
or
2.9.1.6.2.6.1.9.9.4.1
and 0C024731
).
How to parse them in golang?
Here is the certificate info.
Use openssl x509 -in client.crt.pem -noout -text
to show it.
...
...
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
Netscape Comment:
OpenSSL Generated Client Certificate
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
2.9.1.6.2.6.1.9.9.4.1:
..G1
2.9.1.6.2.6.1.9.9.4.2:
..R1
2.9.1.6.2.6.1.9.9.4.3:
..3
X509v3 Subject Alternative Name:
IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:localhost
...
...
Or use openssl asn1parse -i -in client.crt.pem
...
...
998:d=4 hl=2 l= 18 cons: SEQUENCE
1000:d=5 hl=2 l= 10 prim: OBJECT :2.9.1.6.2.6.1.9.9.4.1
1012:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:0C024731
1018:d=4 hl=2 l= 18 cons: SEQUENCE
1020:d=5 hl=2 l= 10 prim: OBJECT :2.9.1.6.2.6.1.9.9.4.2
1032:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:0C025231
1038:d=4 hl=2 l= 17 cons: SEQUENCE
1040:d=5 hl=2 l= 10 prim: OBJECT :2.9.1.6.2.6.1.9.9.4.3
1052:d=5 hl=2 l= 3 prim: OCTET STRING [HEX DUMP]:0C0133
...
...
答案1
得分: 1
这是我的解决方案,
供您参考。
func getCustomExtensions(serverCertFile string, customOIDPrefix string) ([]pkix.Extension, bool) {
certBytes, err := os.ReadFile(serverCertFile)
if err != nil {
return nil, false
}
block, _ := pem.Decode(certBytes)
if block.Type == "CERTIFICATE" {
certificate, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, false
}
var extensions []pkix.Extension
for _, ext := range certificate.Extensions {
// 通过 customOID 过滤自定义扩展
if strings.Contains(ext.Id.String(), customOIDPrefix) {
extensions = append(extensions, ext)
}
}
return extensions, true
}
return nil, false
}
英文:
Here is my solution,
FYI.
func getCustomExtensions(serverCertFile string, customOIDPrefix string) ([]pkix.Extension, bool) {
certBytes, err := os.ReadFile(serverCertFile)
if err != nil {
return nil, false
}
block, _ := pem.Decode(certBytes)
if block.Type == "CERTIFICATE" {
certificate, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, false
}
var extensions []pkix.Extension
for _, ext := range certificate.Extensions {
// filter the custom extensions by customOID
if strings.Contains(ext.Id.String(), customOIDPrefix) {
extensions = append(extensions, ext)
}
}
return extensions, true
}
return nil, false
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论