Generate subject name from x509 certificate in string format-Golang-php.cn

Home

Backend Development

Golang

Generate subject name from x509 certificate in string format

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Feb 11, 2024 am 10:00 AM

standard library

从字符串格式的 x509 证书生成主题名称

php Editor Strawberry Generating the subject name from the x509 certificate in string format is an important operation, which can help developers extract key information from the certificate. By parsing the x509 certificate in string format, we can obtain the subject name of the certificate, including the issuer, validity period, public key and other information of the certificate. This process is important for building secure network communications, verifying the legitimacy of certificates, and protecting user privacy. In PHP, we can use the functions provided by the OpenSSL extension to implement this function and handle x509 certificates simply and efficiently.

Question content

I am trying to generate the distinguished name from x509.certificate.

The format I expect is:

"cn=<common_name>,ou=<org_unit>,o=,dnqualifier=+7he5grzxim+lkemb5fs98e+fpy="

(I replaced some values with labels)

With my code, I get the expected string without the dnqualifier part, like this:

cn=<common_name>,ou=<org_unit>,o=,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d"

it's here, 2.5.4.46 is the asn.1 object id of "dnqualifier" Reference: Link The value looks like a hexadecimal string.

Is there a standard way (or a simple workaround) to get the distinguished name in the expected format? That is, the text "dnqualifier" should appear instead of its objectidentifier, and the actual string value should appear instead of hexadecimal.

My code looks like this:

package main

import (
    "crypto/x509"
    "encoding/pem"
    "fmt"

    "github.com/sirupsen/logrus"
)

func main() {

    cert := "" // certificate string here
    block, rest := pem.decode([]byte(cert))
    if len(rest) != 0 {
        logrus.error("certificate string not fully decoded : ", rest)
    }

    certificate, err := x509.parsecertificate(block.bytes)
    if err != nil {
        logrus.witherror(err).error("error parsing certificate")
    }

    fmt.println(certificate.subject.string())
}

From this code certificate.subject.string() the output given is as follows: cn=<common_name>,ou=<org_unit>,o=<org>,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d" </org></org_unit></common_name>

in addition,

fmt.printf("%+v\n", cert.subject.tordnsequence())

and

var sub pkix.RDNSequence
asn1.Unmarshal(certificate.RawSubject, &sub)

Neither helps.

Solution

The standard library only provides a limited list of attributes:

var attributetypenames = map[string]string{
    "2.5.4.6":  "c",
    "2.5.4.10": "o",
    "2.5.4.11": "ou",
    "2.5.4.3":  "cn",
    "2.5.4.5":  "serialnumber",
    "2.5.4.7":  "l",
    "2.5.4.8":  "st",
    "2.5.4.9":  "street",
    "2.5.4.17": "postalcode",
}

For other properties, it just uses the object identifier as the name and encodes the value as a hexadecimal string where possible (see (rdnsequence).string):

oidstring := tv.type.string()
typename, ok := attributetypenames[oidstring]
if !ok {
    derbytes, err := asn1.marshal(tv.value)
    if err == nil {
        s += oidstring + "=#" + hex.encodetostring(derbytes)
        continue // no value escaping necessary.
    }

    typename = oidstring
}

valuestring := fmt.sprint(tv.value)
escaped := make([]rune, 0, len(valuestring))

It does not provide any knobs for us to get customized strings. So we have to do it ourselves.

I suggest listing the properties we want and appending them to the string returned from certificate.subject.tordnsequence().string(). like this:

package main

import (
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "fmt"
)

func tostring(name pkix.name) string {
    s := name.tordnsequence().string()

    // list the extra attributes that should be added.
    attributetypenames := map[string]string{
        "2.5.4.43": "initials",
        "2.5.4.46": "dnqualifier",
    }

    for typ, typename := range attributetypenames {
        for _, atv := range name.names {
            oidstring := atv.type.string()
            if oidstring == typ {
                // to keep this demo simple, i just call fmt.sprint to get the string.
                // maybe you want to escape some of the characters.
                // see https://github.com/golang/go/blob/1db23771afc7b9b259e926db35602ecf5047ae23/src/crypto/x509/pkix/pkix.go#l67-l86
                s += "," + typename + "=" + fmt.sprint(atv.value)
                break
            }
        }
    }
    return s
}

func main() {
    block, _ := pem.decode([]byte(cert))
    certificate, err := x509.parsecertificate(block.bytes)
    if err != nil {
        panic(err)
    }

    fmt.println(certificate.subject.string())
    fmt.println()
    fmt.println(certificate.subject.tordnsequence().string())
    fmt.println()
    fmt.println(tostring(certificate.subject))
}

var cert = `-----begin certificate-----
miigvdccbksgawibagiupminkycv6nqggfhrq1sj/y/4gykwdqyjkozihvcnaqel
bqawgfsxgzazbgnvbammennly3vyzs5legftcgxllmnvbtelmakga1uebhmcwfgx
etapbgnvbacmcez1bibmyw5kmsgwjgydvqqkdb9neunviexmqybmveqgsu5dichk
lmiuys4gt3vyq28pmriweaydvqqldaltu0wgrgvwdc4xczajbgnvbagmallzmsqw
igyjkozihvcnaqkbfhvzc2wtywrtaw5azxhhbxbszs5jb20xetapbgnvbckmcepv
ag4grg9lmqwwcgydvqqedaneb2uxdtalbgnvbcombepvag4xddakbgnvbcsma0py
rdenmasga1uelhmec29tztaefw0ymza2mtixndi2mzhafw0ynda2mtexndi2mzha
mih7mrswgqydvqqddbjzzwn1cmuuzxhhbxbszs5jb20xczajbgnvbaytalhymrew
dwydvqqhdahgdw4gtgfuzdeomcyga1uecgwftxldbybmtemgtfreieloqyaozc5i
lmeuie91cknvktesmbaga1uecwwju1nmierlchqumqswcqydvqqidajzwtekmcig
csqgsib3dqejaryvc3nslwfkbwluqgv4yw1wbguuy29tmrewdwydvqqpdahkb2hu
iervztemmaoga1uebawdrg9lmq0wcwydvqqqdarkb2humqwwcgydvqqrdankweqx
dtalbgnvbc4tbhnvbwuwggiima0gcsqgsib3dqebaquaa4icdwawggikaoicaqdl
i0xuep6r94lf5yn0lqni2qljtf4yiuapwsph1g6jutldcr5f70bkaxagznzkxssb
rgu+zwviphu1kilnx1youhfdzdx0ecmayw22zet4p8f88slnmhquxixjypopo+2b
hz8u1by7ojdccw94jhmhbug07whiu8y54wijgjv3xwnvgaorjtxs3csubmldfki7
s9gfgvqpokqpbbl+v37vbvkzgs3bw4lf7apyqe9q63q2held8/aabatujhgn1bzs
truvda9fkktdlvkn6furaeccdc+eaonpsxwimp/d01wukofojywmbgbm7a/bpby0
uxyqwmkxztquxd8mdaev89oao4ijuo8q50+9xehtb/q4tdhzjjw5k6xxqfxatrqa
/xmn8fmitvddirxqaz4ttvpdeqxnudh3retzbgoqzy4mqcgzv723tdbfzlgiqnif
1atjueotmbl7juj/1qulrpb+/ayzgqrg0xlpjr3h1essebn1ts8elvk5z6ekp5ur
rjlv3z2qq1vsn/ngnqkviyeppwj1wgxkkmaz3d6i3gixqpmklno2wdorwf/m+opu
c5+bl8nhpc0hirodi8vnkbj5mimqazwfnfhq1vveihkzxfeuee8y1r7ju/mo5qd1
z6wato77vcqd2g1xgqdjy7hrzgvmx/m9rrhqe57gyqidaqabozywndatbgnvhsue
ddakbggrbgefbqcdatadbgnvhq4efgqu8wifqbhufesmbdsbjclj4zhcynewdqyj
kozihvcnaqelbqadggibafx4qapmwkzd6juofcdmdxynjzlgyu0vtosjaor5vck8
qk/rhpqmg/j+eoikjy+xyh72wuovp25z2c99gyeyx3ve2ttsqq9uhz5eeonvi4h5
em68s5hwpywwo2u5fsvcofmpbeft/vtuvt+jczpxvrzz3a9zbwkapivoclp5y9ik
slzrkbvosafanfeffk/kyootrnoe/ahpezua8efkrlh4ggp8nzzcjamwwaoqkf3o
hufizyaenja6sm37id3eqwvsrtwkrrdkci6nqcpf0tpvxwazist2+tyimbuhacq7
qc1vhul9oyabhgjkgvhqsxxuybobqaoxdvmjueapdzgzfljlpari7aao1vamft1/
+4ulio1p9egkqdtzuu4grvbwo1pftj/alp2o/b/fnecevlphnlast+frldymrnsz
r3uv47pzpuka1+zivmpkk0kwjcb1xdficpj0t9uc7bmueyrxkf9zytbf9iqzlfnl
1lrxdod7/tf/gjlwbtiei8gwi38fimhy6iawl2epk1gzq3wep0km/lx6ol5dgmrr
2sbczecqhzvb7ya7k28iff2wma9txl/nbdhw57/7bclkbevaniwgvuqroggrmlxg
z1xp51mthl8bl2zn+q4x7xjvfvxbetfwxa8b9vlho1qkdzcdrgzt5jebpm5zgj5k
-----end certificate-----`

Output:

CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,2.5.4.46=#1304736f6d65,2.5.4.43=#13034a5844,2.5.4.42=#13044a6f686e,2.5.4.4=#1303446f65,2.5.4.41=#13084a6f686e20446f65,1.2.840.113549.1.9.1=#0c1573736c2d61646d696e406578616d706c652e636f6d

CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX

CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,initials=JXD,dnQualifier=some

The above is the detailed content of Generate subject name from x509 certificate in string format. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:stackoverflow. If there is any infringement, please contact admin@php.cn delete

五个精选的Go语言开源项目，带你探索技术世界Jan 30, 2024 am 09:08 AM

在当今科技快速发展的时代，编程语言也如雨后春笋般涌现出来。其中一门备受瞩目的语言就是Go语言，它以其简洁、高效、并发安全等特性受到了许多开发者的喜爱。Go语言以其强大的生态系统而著称，其中有许多优秀的开源项目。本文将介绍五个精选的Go语言开源项目，带领读者一起探索Go语言开源项目的世界。KubernetesKubernetes是一个开源的容器编排引擎，用于自

选择最稳定版本：建议的Go语言开发环境选择指南Feb 01, 2024 am 08:18 AM

Go开发环境选择指南：寻找最稳定版本的关键在Go开发中，选择一个稳定的开发环境对于提高开发效率和代码质量至关重要。本文将为您提供选择最稳定版本Go开发环境的关键，并通过具体代码示例进行说明。一、选择稳定的Go版本Go语言版本更新频繁，但并不是每个版本都适合开发。为了确保开发环境的稳定性，建议选择最新的稳定版本。您可以通过以下命令查看最新的稳定版本：gove

Go语言开发网站必备工具的深度探讨Jan 30, 2024 am 10:40 AM

随着互联网的发展，Web开发变得越来越重要。而在Web开发中，选择合适的开发语言和工具是至关重要的。近年来，Go语言因其并发性能和简洁性而备受关注，逐渐成为Web开发领域的热门选择。本文将介绍Go语言开发网站所必备的工具，帮助读者深入了解和使用Go语言进行Web开发。一、Go语言简介Go语言是由Google开发的一种编译型、静态类型的开源编程语言。它继承了C

掌握Go语言的关键：全面了解它的应用范围Jan 30, 2024 am 08:36 AM

Go语言作为一种新兴的编程语言，近年来在软件开发领域迅猛发展。它以其简洁、高效和并发特性而备受开发者的青睐。但是，要想充分利用Go语言的优势，我们需要对它的应用范围有一个全面的了解。首先，Go语言在系统编程方面表现出色。系统编程是指为操作系统或底层硬件编写软件，主要负责处理系统资源的分配和管理。Go语言提供了丰富的标准库和强大的编译器，使开发者可以方便地进行

10个常用python标准库Oct 25, 2023 am 09:29 AM

Python的标准库包含了大量的模块和函数，这些模块和函数为Python提供了丰富的功能和工具。

深入剖析Go语言标准库：常用函数和数据结构揭秘Jan 30, 2024 am 09:46 AM

探索Go语言标准库：常用函数和数据结构详解引言：Go语言自诞生以来就以其简洁、高效、并发的特点吸引了许多开发者的关注。作为一门现代化的编程语言，Go语言在其标准库中提供了丰富的函数和数据结构，帮助开发者快速构建高性能、可靠的应用程序。本文将详细探索Go语言标准库中一些常用的函数和数据结构，并通过具体的代码示例来加深理解。一、strings包：字符串处理函数G

选择合适的编程语言：比较Go语言和Python，确定适用于项目需求的最佳选择Jan 30, 2024 am 08:00 AM

在当今科技进步迅猛的时代，编程语言的选择变得非常关键。随着软件开发领域的不断发展，Go语言和Python成为了两个备受关注的编程语言。本文将对Go语言和Python进行对比分析，以帮助读者根据项目需求选择合适的编程语言。首先，让我们来了解一下Go语言。Go语言是由Google公司开发的一种静态编译型编程语言。它具有强大的并发处理能力和高效的垃圾回收机制，非常

探讨：Go语言的发展潜力有多大？Jan 30, 2024 am 10:31 AM

深入解析：Go语言的前景如何？随着计算机科学的快速发展和技术的日新月异，编程语言也在不断地涌现和更新。其中，Go语言作为一门开源的静态类型编程语言，在近年来受到了广泛的关注和应用。那么，Go语言的前景如何呢？本文将对这个问题进行深入解析。首先，让我们来了解一下Go语言的特点。Go语言在2009年由Google公司开发，并于2011年正式发布。它继承了C语言的

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks agoByDDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks agoByDDD

Hot Tools

Zend Studio 13.0.1

Powerful PHP integrated development environment

Notepad++7.3.1

Easy-to-use and free code editor

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.