要回答我自己的问题...
CERTCertificate 包含我感兴趣的两个成员变量 derCert 和 derPublicKey(均为 SECItem 类型)。
保存/加载公钥
要获取公钥,您可以保存 CERTCertificate derPublicKey 值或从 SECKEYPublicKey 获取相同的值:
// cert is of type CERTCertificate
SECKEYPublicKey* publicKey = CERT_ExtractPublicKey( cert );
SECItem* derPublicKey = SECKEY_EncodeDERSubjectPublicKeyInfo( publicKey );
// put the key into string
std::string keyString( (char*)derPublicKey->data, derPublicKey->len );
要从您使用的字符串中解码公钥:
SECItem derKeyItem = {
.type = siBuffer,
.data = (unsigned char*)keyString.c_str(),
.len = (unsigned int)keyString.size()
};
CERTSubjectPublicKeyInfo* pubInf = SECKEY_DecodeDERSubjectPublicKeyInfo( &derKeyItem );
SECKEYPublicKey* publicKey = SECKEY_ExtractPublicKey( pubInf );
保存/加载证书并获取公钥
要保存证书,请保存 derCert。
加载证书并获取公钥:
SECItem derCertItem = {
.type = siBuffer,
.data = (unsigned char*)certStr.c_str(),
.len = (unsigned int)certStr.size()
};
CERTCertificate cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCertItem, nullptr, false, false);
SECKEYPublicKey* publicKey = CERT_ExtractPublicKey(cert);
笔记
上面的代码是示例代码。对于生产代码,应该使用智能指针(唯一/共享),并且它们的析构函数应该调用适当的 nss 销毁函数。