4

我想在 php 中解析 X.509 证书。

该证书采用 DER 编码的 X.509 格式。

我尝试openssl_x509_parse method在 php 中使用,但它不起作用。证书数据是在 mdm 中为 CertificateList 触发命令后收到的有效数据。

我正在使用以下代码:

$data = 'MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=';

$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.openssl_x509_parse($data,true));
fclose($fp);
4

2 回答 2

5

那么您的证书缺少 PEM 附件。如果您将这些BEGIN CERTIFICATEEND CERTIFICATE标记添加到您的证书中,它应该可以工作:

<?php
$data = // ... your certificate

// Add the missing PEM-enclosing
$x509Data =
      "-----BEGIN CERTIFICATE-----\n"
    . $data
    . "\n-----END CERTIFICATE-----";

// this is the same but I've added "print_r" so it is nicely formated
$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.print_r(openssl_x509_parse($x509Data,true), true));
fclose($fp);
于 2012-06-08T07:38:32.297 回答
4

phpseclib 是一个纯 PHP X.509 解析器,可以处理您的字符串,而无需将其封装在任何东西中。例如。

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=');

print_r($cert);
?>

它总体上也更加通用。与OpenSSL 一样,要求每行长度为 64 个字符且不再需要。phpseclib otoh 不在乎。

于 2013-04-05T20:21:37.763 回答