php Editor Strawberry Generating the subject name from the x509 certificate in string format is an important operation, which can help developers extract key information from the certificate. By parsing the x509 certificate in string format, we can obtain the subject name of the certificate, including the issuer, validity period, public key and other information of the certificate. This process is important for building secure network communications, verifying the legitimacy of certificates, and protecting user privacy. In PHP, we can use the functions provided by the OpenSSL extension to implement this function and handle x509 certificates simply and efficiently.
Question content
I am trying to generate the distinguished name from x509.certificate.
The format I expect is:
"cn=<common_name>,ou=<org_unit>,o=,dnqualifier=+7he5grzxim+lkemb5fs98e+fpy="
(I replaced some values with labels)
With my code, I get the expected string without the dnqualifier part, like this:
cn=<common_name>,ou=<org_unit>,o=,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d"
it's here, 2.5.4.46 is the asn.1 object id of "dnqualifier" Reference: Link The value looks like a hexadecimal string.
Is there a standard way (or a simple workaround) to get the distinguished name in the expected format? That is, the text "dnqualifier" should appear instead of its objectidentifier, and the actual string value should appear instead of hexadecimal.
My code looks like this:
package main import ( "crypto/x509" "encoding/pem" "fmt" "github.com/sirupsen/logrus" ) func main() { cert := "" // certificate string here block, rest := pem.decode([]byte(cert)) if len(rest) != 0 { logrus.error("certificate string not fully decoded : ", rest) } certificate, err := x509.parsecertificate(block.bytes) if err != nil { logrus.witherror(err).error("error parsing certificate") } fmt.println(certificate.subject.string()) }
From this code certificate.subject.string()
the output given is as follows:
cn=<common_name>,ou=<org_unit>,o=<org>,2.5.4.46=#131c537771614a5531514c2449444e4846373755547a1f5749653955303d" </org></org_unit></common_name>
in addition,
fmt.printf("%+v\n", cert.subject.tordnsequence())
and
var sub pkix.RDNSequence asn1.Unmarshal(certificate.RawSubject, &sub)
Neither helps.
Solution
The standard library only provides a limited list of attributes:
var attributetypenames = map[string]string{ "2.5.4.6": "c", "2.5.4.10": "o", "2.5.4.11": "ou", "2.5.4.3": "cn", "2.5.4.5": "serialnumber", "2.5.4.7": "l", "2.5.4.8": "st", "2.5.4.9": "street", "2.5.4.17": "postalcode", }
For other properties, it just uses the object identifier as the name and encodes the value as a hexadecimal string where possible (see (rdnsequence).string):
oidstring := tv.type.string() typename, ok := attributetypenames[oidstring] if !ok { derbytes, err := asn1.marshal(tv.value) if err == nil { s += oidstring + "=#" + hex.encodetostring(derbytes) continue // no value escaping necessary. } typename = oidstring } valuestring := fmt.sprint(tv.value) escaped := make([]rune, 0, len(valuestring))
It does not provide any knobs for us to get customized strings. So we have to do it ourselves.
I suggest listing the properties we want and appending them to the string returned from certificate.subject.tordnsequence().string()
. like this:
package main import ( "crypto/x509" "crypto/x509/pkix" "encoding/pem" "fmt" ) func tostring(name pkix.name) string { s := name.tordnsequence().string() // list the extra attributes that should be added. attributetypenames := map[string]string{ "2.5.4.43": "initials", "2.5.4.46": "dnqualifier", } for typ, typename := range attributetypenames { for _, atv := range name.names { oidstring := atv.type.string() if oidstring == typ { // to keep this demo simple, i just call fmt.sprint to get the string. // maybe you want to escape some of the characters. // see https://github.com/golang/go/blob/1db23771afc7b9b259e926db35602ecf5047ae23/src/crypto/x509/pkix/pkix.go#l67-l86 s += "," + typename + "=" + fmt.sprint(atv.value) break } } } return s } func main() { block, _ := pem.decode([]byte(cert)) certificate, err := x509.parsecertificate(block.bytes) if err != nil { panic(err) } fmt.println(certificate.subject.string()) fmt.println() fmt.println(certificate.subject.tordnsequence().string()) fmt.println() fmt.println(tostring(certificate.subject)) } var cert = `-----begin certificate----- miigvdccbksgawibagiupminkycv6nqggfhrq1sj/y/4gykwdqyjkozihvcnaqel bqawgfsxgzazbgnvbammennly3vyzs5legftcgxllmnvbtelmakga1uebhmcwfgx etapbgnvbacmcez1bibmyw5kmsgwjgydvqqkdb9neunviexmqybmveqgsu5dichk lmiuys4gt3vyq28pmriweaydvqqldaltu0wgrgvwdc4xczajbgnvbagmallzmsqw igyjkozihvcnaqkbfhvzc2wtywrtaw5azxhhbxbszs5jb20xetapbgnvbckmcepv ag4grg9lmqwwcgydvqqedaneb2uxdtalbgnvbcombepvag4xddakbgnvbcsma0py rdenmasga1uelhmec29tztaefw0ymza2mtixndi2mzhafw0ynda2mtexndi2mzha mih7mrswgqydvqqddbjzzwn1cmuuzxhhbxbszs5jb20xczajbgnvbaytalhymrew dwydvqqhdahgdw4gtgfuzdeomcyga1uecgwftxldbybmtemgtfreieloqyaozc5i lmeuie91cknvktesmbaga1uecwwju1nmierlchqumqswcqydvqqidajzwtekmcig csqgsib3dqejaryvc3nslwfkbwluqgv4yw1wbguuy29tmrewdwydvqqpdahkb2hu iervztemmaoga1uebawdrg9lmq0wcwydvqqqdarkb2humqwwcgydvqqrdankweqx dtalbgnvbc4tbhnvbwuwggiima0gcsqgsib3dqebaquaa4icdwawggikaoicaqdl i0xuep6r94lf5yn0lqni2qljtf4yiuapwsph1g6jutldcr5f70bkaxagznzkxssb rgu+zwviphu1kilnx1youhfdzdx0ecmayw22zet4p8f88slnmhquxixjypopo+2b hz8u1by7ojdccw94jhmhbug07whiu8y54wijgjv3xwnvgaorjtxs3csubmldfki7 s9gfgvqpokqpbbl+v37vbvkzgs3bw4lf7apyqe9q63q2held8/aabatujhgn1bzs truvda9fkktdlvkn6furaeccdc+eaonpsxwimp/d01wukofojywmbgbm7a/bpby0 uxyqwmkxztquxd8mdaev89oao4ijuo8q50+9xehtb/q4tdhzjjw5k6xxqfxatrqa /xmn8fmitvddirxqaz4ttvpdeqxnudh3retzbgoqzy4mqcgzv723tdbfzlgiqnif 1atjueotmbl7juj/1qulrpb+/ayzgqrg0xlpjr3h1essebn1ts8elvk5z6ekp5ur rjlv3z2qq1vsn/ngnqkviyeppwj1wgxkkmaz3d6i3gixqpmklno2wdorwf/m+opu c5+bl8nhpc0hirodi8vnkbj5mimqazwfnfhq1vveihkzxfeuee8y1r7ju/mo5qd1 z6wato77vcqd2g1xgqdjy7hrzgvmx/m9rrhqe57gyqidaqabozywndatbgnvhsue ddakbggrbgefbqcdatadbgnvhq4efgqu8wifqbhufesmbdsbjclj4zhcynewdqyj kozihvcnaqelbqadggibafx4qapmwkzd6juofcdmdxynjzlgyu0vtosjaor5vck8 qk/rhpqmg/j+eoikjy+xyh72wuovp25z2c99gyeyx3ve2ttsqq9uhz5eeonvi4h5 em68s5hwpywwo2u5fsvcofmpbeft/vtuvt+jczpxvrzz3a9zbwkapivoclp5y9ik slzrkbvosafanfeffk/kyootrnoe/ahpezua8efkrlh4ggp8nzzcjamwwaoqkf3o hufizyaenja6sm37id3eqwvsrtwkrrdkci6nqcpf0tpvxwazist2+tyimbuhacq7 qc1vhul9oyabhgjkgvhqsxxuybobqaoxdvmjueapdzgzfljlpari7aao1vamft1/ +4ulio1p9egkqdtzuu4grvbwo1pftj/alp2o/b/fnecevlphnlast+frldymrnsz r3uv47pzpuka1+zivmpkk0kwjcb1xdficpj0t9uc7bmueyrxkf9zytbf9iqzlfnl 1lrxdod7/tf/gjlwbtiei8gwi38fimhy6iawl2epk1gzq3wep0km/lx6ol5dgmrr 2sbczecqhzvb7ya7k28iff2wma9txl/nbdhw57/7bclkbevaniwgvuqroggrmlxg z1xp51mthl8bl2zn+q4x7xjvfvxbetfwxa8b9vlho1qkdzcdrgzt5jebpm5zgj5k -----end certificate-----`
Output:
CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,2.5.4.46=#1304736f6d65,2.5.4.43=#13034a5844,2.5.4.42=#13044a6f686e,2.5.4.4=#1303446f65,2.5.4.41=#13084a6f686e20446f65,1.2.840.113549.1.9.1=#0c1573736c2d61646d696e406578616d706c652e636f6d CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX CN=secure.example.com,OU=SSL Dept.,O=MyCo LLC LTD INC (d.b.a. OurCo),L=Fun Land,ST=YY,C=XX,initials=JXD,dnQualifier=some
The above is the detailed content of Generate subject name from x509 certificate in string format. For more information, please follow other related articles on the PHP Chinese website!

在当今科技快速发展的时代,编程语言也如雨后春笋般涌现出来。其中一门备受瞩目的语言就是Go语言,它以其简洁、高效、并发安全等特性受到了许多开发者的喜爱。Go语言以其强大的生态系统而著称,其中有许多优秀的开源项目。本文将介绍五个精选的Go语言开源项目,带领读者一起探索Go语言开源项目的世界。KubernetesKubernetes是一个开源的容器编排引擎,用于自

Go开发环境选择指南:寻找最稳定版本的关键在Go开发中,选择一个稳定的开发环境对于提高开发效率和代码质量至关重要。本文将为您提供选择最稳定版本Go开发环境的关键,并通过具体代码示例进行说明。一、选择稳定的Go版本Go语言版本更新频繁,但并不是每个版本都适合开发。为了确保开发环境的稳定性,建议选择最新的稳定版本。您可以通过以下命令查看最新的稳定版本:gove

随着互联网的发展,Web开发变得越来越重要。而在Web开发中,选择合适的开发语言和工具是至关重要的。近年来,Go语言因其并发性能和简洁性而备受关注,逐渐成为Web开发领域的热门选择。本文将介绍Go语言开发网站所必备的工具,帮助读者深入了解和使用Go语言进行Web开发。一、Go语言简介Go语言是由Google开发的一种编译型、静态类型的开源编程语言。它继承了C

Go语言作为一种新兴的编程语言,近年来在软件开发领域迅猛发展。它以其简洁、高效和并发特性而备受开发者的青睐。但是,要想充分利用Go语言的优势,我们需要对它的应用范围有一个全面的了解。首先,Go语言在系统编程方面表现出色。系统编程是指为操作系统或底层硬件编写软件,主要负责处理系统资源的分配和管理。Go语言提供了丰富的标准库和强大的编译器,使开发者可以方便地进行

探索Go语言标准库:常用函数和数据结构详解引言:Go语言自诞生以来就以其简洁、高效、并发的特点吸引了许多开发者的关注。作为一门现代化的编程语言,Go语言在其标准库中提供了丰富的函数和数据结构,帮助开发者快速构建高性能、可靠的应用程序。本文将详细探索Go语言标准库中一些常用的函数和数据结构,并通过具体的代码示例来加深理解。一、strings包:字符串处理函数G

在当今科技进步迅猛的时代,编程语言的选择变得非常关键。随着软件开发领域的不断发展,Go语言和Python成为了两个备受关注的编程语言。本文将对Go语言和Python进行对比分析,以帮助读者根据项目需求选择合适的编程语言。首先,让我们来了解一下Go语言。Go语言是由Google公司开发的一种静态编译型编程语言。它具有强大的并发处理能力和高效的垃圾回收机制,非常

深入解析:Go语言的前景如何?随着计算机科学的快速发展和技术的日新月异,编程语言也在不断地涌现和更新。其中,Go语言作为一门开源的静态类型编程语言,在近年来受到了广泛的关注和应用。那么,Go语言的前景如何呢?本文将对这个问题进行深入解析。首先,让我们来了解一下Go语言的特点。Go语言在2009年由Google公司开发,并于2011年正式发布。它继承了C语言的


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Zend Studio 13.0.1
Powerful PHP integrated development environment

Notepad++7.3.1
Easy-to-use and free code editor

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
