解析 X509 证书

Question

我想在 php 中解析一个 X.509 证书。

证书采用 DER 编码的 X.509 格式。

我尝试在 php 中使用openssl_x509_parse method，但它不起作用。 证书数据是在 mdm 中为 CertificateList 触发命令后收到的有效数据。

我正在使用以下代码：

$data = 'MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=';

$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.openssl_x509_parse($data,true));
fclose($fp);

Answer 1

您的证书缺少 PEM 附件。如果您将这些 BEGIN CERTIFICATE 和 END CERTIFICATE 标记添加到您的证书中，它应该可以工作：

<?php
$data = // ... your certificate

// Add the missing PEM-enclosing
$x509Data =
      "-----BEGIN CERTIFICATE-----\n"
    . $data
    . "\n-----END CERTIFICATE-----";

// this is the same but I've added "print_r" so it is nicely formated
$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.print_r(openssl_x509_parse($x509Data,true), true));
fclose($fp);

Answer 2

phpseclib, a pure PHP X.509 parser，与您的字符串一起使用，无需将其封装在任何内容中。例如。

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=');

print_r($cert);
?>

它总体上也更加通用。喜欢OpenSSL requires each line be 64 characters long and no longer。 phpseclib otoh 不在乎。