当前位置: 文江博客话题详情

请告诉我如何打印 x.509 中的扩展名值

发布于 2024-12-08 09:42:21 字数 2712 浏览 0 评论 0原文 

HTML语言: Codee#23000

我的 x.509 的用户扩展名定义如下:

    X509v3 extensions:
        X509v3 Basic Constraints: 
            CA:FALSE
        Netscape Comment: 
            OpenSSL Generated Certificate
        X509v3 Subject Key Identifier: 
            D8:F0:12:EA:0D:67:55:96:C9:8E:A4:36:9E:62:84:7F:6F:41:0C:DB
        X509v3 Authority Key Identifier: 
            keyid:C4:33:98:59:50:6B:CC:48:5A:4A:D7:5B:C0:A7:7C:37:DE:15:24:33

        SEwVersion: 
            ..0.2
        SEww: 
            ..0X5699

请告诉我如何提取扩展名的值并以 ascii 字符串方式打印在屏幕上,即我们可以正常识别它们,就像:

*print格式 *

        X509v3 Basic Constraints: 
            CA:FALSE
        Netscape Comment: 
            OpenSSL Generated Certificate
        X509v3 Subject Key Identifier: 
            D8:F0:12:EA:0D:67:55:96:C9:8E:A4:36:9E:62:84:7F:6F:41:0C:DB
        X509v3 Authority Key Identifier: 
            keyid:C4:33:98:59:50:6B:CC:48:5A:4A:D7:5B:C0:A7:7C:37:DE:15:24:33
        SEVersion: 
            0.2  // no prefix like ".."
        SE: 
            0X5699  // no prefix like ".."

另一个问题是:

        SEwVersion: 
            ..0.2
        SEww: 
            0...version..0X5699

那么我如何获取并打印到屏幕上,如下所示:

        SEwVersion: 
            0.2 //no prefix ".."
        SEww: 
            version 0X5699// no "..."and ".."

以及我的代码如下:

int Ext_count = X509_get_ext_count(cert);
for (int k=0; k <Ext_count; k++ ){
    X509_EXTENSION* ex = X509_get_ext(cert, k);
    if( ex == NULL )
        continue;
    OBJ_obj2txt((char *)buf, 100, ex->object, 0);
    printf("name = %s\n", buf);        
    if (k>=Ext_count-2)
          //I distinguish basic extensions and my added extensions like this , so it is not good methode, please tell me how to ...
    {
        ASN1_OCTET_STRING* octet_str = X509_EXTENSION_get_data(ex);
        const unsigned char* octet_str_data = octet_str->data;
        long xlen;
        int tag, xclass;
        int ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, octet_str->length);
        printf("value: %s\n", octet_str_data);
    }
    else
    {
        BIO *bio = BIO_new(BIO_s_mem());
        if(!X509V3_EXT_print(bio, ex, 0, 0)) // read the text of this    extention
            M_ASN1_OCTET_STRING_print(bio,ex->value);
        len = BIO_read(bio, buf, 200);// here buffer contain    the text, len the lenght of it.
        buf[len] = '\0'; // add the EOT sign, buffer    contain a readable text.
        BIO_free(bio);
        printf("value = %s\n", buf);
    }

非常感谢您提前提供的帮助。

原文 
HTML语言: Codee#23000

my x.509 's user extensions were defined as follows:

    X509v3 extensions:
        X509v3 Basic Constraints: 
            CA:FALSE
        Netscape Comment: 
            OpenSSL Generated Certificate
        X509v3 Subject Key Identifier: 
            D8:F0:12:EA:0D:67:55:96:C9:8E:A4:36:9E:62:84:7F:6F:41:0C:DB
        X509v3 Authority Key Identifier: 
            keyid:C4:33:98:59:50:6B:CC:48:5A:4A:D7:5B:C0:A7:7C:37:DE:15:24:33

        SEwVersion: 
            ..0.2
        SEww: 
            ..0X5699

please tell me how to extract the value of extensions and print them in screen in a ascii string mode, namely, we can indentify them normally, just like:

*print format *

        X509v3 Basic Constraints: 
            CA:FALSE
        Netscape Comment: 
            OpenSSL Generated Certificate
        X509v3 Subject Key Identifier: 
            D8:F0:12:EA:0D:67:55:96:C9:8E:A4:36:9E:62:84:7F:6F:41:0C:DB
        X509v3 Authority Key Identifier: 
            keyid:C4:33:98:59:50:6B:CC:48:5A:4A:D7:5B:C0:A7:7C:37:DE:15:24:33
        SEVersion: 
            0.2  // no prefix like ".."
        SE: 
            0X5699  // no prefix like ".."

and another problem is:

        SEwVersion: 
            ..0.2
        SEww: 
            0...version..0X5699

then how I can get and print to screen like this:

        SEwVersion: 
            0.2 //no prefix ".."
        SEww: 
            version 0X5699// no "..."and ".."

and my codes as follows:

int Ext_count = X509_get_ext_count(cert);
for (int k=0; k <Ext_count; k++ ){
    X509_EXTENSION* ex = X509_get_ext(cert, k);
    if( ex == NULL )
        continue;
    OBJ_obj2txt((char *)buf, 100, ex->object, 0);
    printf("name = %s\n", buf);        
    if (k>=Ext_count-2)
          //I distinguish basic extensions and my added extensions like this , so it is not good methode, please tell me how to ...
    {
        ASN1_OCTET_STRING* octet_str = X509_EXTENSION_get_data(ex);
        const unsigned char* octet_str_data = octet_str->data;
        long xlen;
        int tag, xclass;
        int ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, octet_str->length);
        printf("value: %s\n", octet_str_data);
    }
    else
    {
        BIO *bio = BIO_new(BIO_s_mem());
        if(!X509V3_EXT_print(bio, ex, 0, 0)) // read the text of this    extention
            M_ASN1_OCTET_STRING_print(bio,ex->value);
        len = BIO_read(bio, buf, 200);// here buffer contain    the text, len the lenght of it.
        buf[len] = '\0'; // add the EOT sign, buffer    contain a readable text.
        BIO_free(bio);
        printf("value = %s\n", buf);
    }

Thank you very much for your kindly help in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

╄→承喏 2024-12-15 09:42:21

下面是从某个证书读取和打印授权密钥 ID 的示例:

FILE *arq = fopen("<path to your certificate in PEM format>","rw");
int next;
X509 *cert; 
cert = PEM_read_X509(arq,NULL,NULL, NULL);
X509_EXTENSION *ext;
next = X509_get_ext_count(cert);
for (int i=0;i<next;i++)
{
    ext = X509_get_ext(cert, i);
    int nid = OBJ_obj2nid(ext->object);
    if(nid == NID_authority_key_identifier)
    {
        AUTHORITY_KEYID *authKeyId = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext);
        //converting to hex
        std::string data;
        char *hex_data = new char[authKeyId->keyid->length*2 +1];

        int j = 0;
        for(int i = 0; i < authKeyId->keyid->length; i++)
        {
            sprintf(&hex_data[j], "%02X", authKeyId->keyid->data[i]);
            j+=2;
        }
        hex_data[j] = '\0';
        data = hex_data;
        delete[] hex_data;
        cout << "Authority Key Id: " << data << endl;

    }
}

Here it goes an example for read and print the Authority Key Id from some certificate:

FILE *arq = fopen("<path to your certificate in PEM format>","rw");
int next;
X509 *cert; 
cert = PEM_read_X509(arq,NULL,NULL, NULL);
X509_EXTENSION *ext;
next = X509_get_ext_count(cert);
for (int i=0;i<next;i++)
{
    ext = X509_get_ext(cert, i);
    int nid = OBJ_obj2nid(ext->object);
    if(nid == NID_authority_key_identifier)
    {
        AUTHORITY_KEYID *authKeyId = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext);
        //converting to hex
        std::string data;
        char *hex_data = new char[authKeyId->keyid->length*2 +1];

        int j = 0;
        for(int i = 0; i < authKeyId->keyid->length; i++)
        {
            sprintf(&hex_data[j], "%02X", authKeyId->keyid->data[i]);
            j+=2;
        }
        hex_data[j] = '\0';
        data = hex_data;
        delete[] hex_data;
        cout << "Authority Key Id: " << data << endl;

    }
}
回复 原文
情独悲 2024-12-15 09:42:21

谢谢,乔瓦尼,你的回答解决了主要问题,我面临的唯一挑战是获取十六进制数据。管理和处理以下代码部分的长度至关重要,可能会导致无关/空数据。

    char *hex_data = new char[authKeyId->keyid->length*2 +1];

    int j = 0;
    for(int i = 0; i < authKeyId->keyid->length; i++)
    {
        sprintf(&hex_data[j], "%02X", authKeyId->keyid->data[i]);
        j+=2;
    }
    hex_data[j] = '\0';

这可以使用库已提供的“hex_to_string”API 轻松处理。以下是如何使用此 API 的示例。

int loc = X509_get_ext_by_NID(cert, NID_subject_key_identifier,-1);
X509_EXTENSION *ext = X509_get_ext(cert, loc);
if (ext) {
    const unsigned char* octet_str_data = ext->value->data;
    long xlen;
    int tag, xclass;
    int ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ext->value->length);
    char* skid = hex_to_string(octet_str_data, xlen);
    if(skid != nullptr)
    {   
        certificate_skid.assign(skid);
        free(skid);
    }   
}

希望它对未来的读者有所帮助。

Thanks, Giovani your answer solves the major problem, the only challenge I faced was getting hex data. Managing and handling length in following code part was crucial and can lead to extraneous/empty data.

    char *hex_data = new char[authKeyId->keyid->length*2 +1];

    int j = 0;
    for(int i = 0; i < authKeyId->keyid->length; i++)
    {
        sprintf(&hex_data[j], "%02X", authKeyId->keyid->data[i]);
        j+=2;
    }
    hex_data[j] = '\0';

This can be easily handled using "hex_to_string" API which library already provides. Following is the example of how to use this API.

int loc = X509_get_ext_by_NID(cert, NID_subject_key_identifier,-1);
X509_EXTENSION *ext = X509_get_ext(cert, loc);
if (ext) {
    const unsigned char* octet_str_data = ext->value->data;
    long xlen;
    int tag, xclass;
    int ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ext->value->length);
    char* skid = hex_to_string(octet_str_data, xlen);
    if(skid != nullptr)
    {   
        certificate_skid.assign(skid);
        free(skid);
    }   
}

Hope it will help future readers.

回复 原文
~没有更多了~

关于作者

眉黛浅

暂无简介

0 文章
0 评论
676 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文