logo标签列表

解析X509证书

phpparsingopensslx509certificatemdm
4
我希望能在php中解析一个X.509证书。 该证书是DER编码的X.509格式。 我尝试使用php中的openssl_x509_parse方法,但它无法工作。 证书数据是在MDM上触发CertificateList命令后接收到的有效数据。
我正在使用以下代码:
$data = 'MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=';

$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.openssl_x509_parse($data,true));
fclose($fp);
请问您能展示一下您的代码吗? - vstm
2个回答
5

你的证书缺少PEM格式的包裹。如果你在证书中添加 BEGIN CERTIFICATEEND CERTIFICATE 标记,它就可以工作了:

<?php
$data = // ... your certificate

// Add the missing PEM-enclosing
$x509Data =
      "-----BEGIN CERTIFICATE-----\n"
    . $data
    . "\n-----END CERTIFICATE-----";

// this is the same but I've added "print_r" so it is nicely formated
$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.print_r(openssl_x509_parse($x509Data,true), true));
fclose($fp);
谢谢,伙计。我一直怀疑这是原因,当我搜索“php解析没有注释的x509证书”时,这个问题排在首位。 - wtf8_decode
4

phpseclib,一个纯PHP X.509解析器,可以直接使用您的字符串而无需将其封装在任何东西中。例如:

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=');

print_r($cert);
?>

它总体来说更加多功能。例如,OpenSSL要求每行字符长度为64个且不能超过。相反,phpseclib则不限制。

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接