I am implementing certificate parsing in golang, and I need to get the parent certificate link.
If I execute openssl x509 -in certificate.pem -text -noout
then I can see the following certificate extension:
authority information access: ocsp - uri:http://teszt.e-szigno.hu/testca3ocsp ca issuers - uri:http://teszt.e-szigno.hu/tca3.crt
In my go project I have the following code:
content := `-----begin certificate----- miijxdccckygawibaginfebzvuoocnmwumancjanbgkqhkig9w0baqsfadbqmqsw cqydvqqgewjivterma8ga1uebwwiqnvkyxblc3qxfjaubgnvbaomdu1py3jvc2vj iex0zc4xfdasbgnvbasmc2utu3ppz25vienbmrowgaydvqqddbfllvn6awdubybu zxn0ienbmzaefw0ymzaxmjqxmjqxntbafw0yndaxmjqxmjqxntbamihqmrmweqyl kwybbagcnzwcaqmtakvfmrgwfgylkwybbagcnzwcaqemb1rhbgxpbm4xhtabbgnv ba8mffbyaxzhdgugt3jnyw5pemf0aw9umrewdwydvqqfewgxmji2odq3ntelmakg a1uebhmcruuxedaobgnvbacmb1rhbgxpbm4xfzavbgnvbaomdk1ha3nla2vza3vz ieftmrswgqydvqrhdbjqu0rfrs1gu0etmtiynjg0nzuxgdawbgnvbammd21ha2vj b21tzxjjzs5sddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebajfyj3ss xev2yhbgxnmqw8e+zqfvrb1+uhlsm7c65hsjwavjhehnv1cufilrf5x1pubdmxtc xpwd7fmoc7h++baedapv/xcwkmqugbkfwhazpkjbxiqbh7jbe4d+3pxn+zdlq/1b wi6djhghn+ydgw6x+qgbovzaflprfdoyqxdw8ymc/iqmbahzzqape2eww1xrgyat dne5t2t7uwc05qdygi1hi50wgoezx7a7cdsjwg+kfvczley+4h73apigh1f0q+ec pozsoot12cwspbwzb9g03s5ioiipjpoqmivnkggegbby16p3vq/78w9xjpy0dwid x2cfplplta8ejf0caweaaaocbgawggx8ma4ga1uddweb/wqeawifodcbiqykkwyb bahweqieagr7bhkadwb1akoeeaq/ggsck+vmtchkwumu5fdmczaqslwmlwublagd aaabhepmicsaaaqdaeywraigmbv+ixdcxogt9vppuiuuhaja08aignqmknssyhpl 4egcicqn64jfx+fitpnfxb6u531ta3vkjmmmlokvn5b2vj4wmb0ga1udjqqwmbqg ccsgaqufbwmbbggrbgefbqcdajccayqga1udiascaxswggmxmiidewymkwybbagb qbgcaqfkmiidatambggrbgefbqccaryaahr0cdovl2nwlmutc3ppz25vlmh1l3fj chmwgb8gccsgaqufbwicmigydigvvgvzdcbxdwfsawzpzwqgy2vydglmawnhdgug zm9yihdlynnpdgugyxv0agvudgljyxrpb24gyw5kignsawvudcbhdxrozw50awnh dglvbi4gvghlihbyb3zpzgvyihbyzxnlcnzlcybyzwdpc3ryyxrpb24gzgf0ysbm b3igmtagewvhcnmgywz0zxigdghligv4cglyyxrpb24gb2ygdghlignlcnrpzmlj yxrlljcblqyikwybbquhagiwgygmgyvurvnuignlcnrpzmljyxrliglzc3vlzcbv bmx5igzvcib0zxn0aw5nihb1cnbvc2vzlibuagugaxnzdwvyiglzig5vdcbsawfi bgugzm9yigfuesbkyw1hz2vzigfyaxnpbmcgznjvbsb0agugdxnlig9mihroaxmg y2vydglmawnhdguhmihmbggrbgefbqccajcbvwybvfrlc3p0ig1pbswrc8otdgv0 dcb3zwjvbgrhbc1oaxrlbgvzw610xzegw6lzimo8z3lmw6lslwhpdgvszxpdrxtf ksb0yw7dunpdrxr2w6fues4gqsbyzwdpc3p0csohy2nds3mgywrhdg9ryxqgysbz em9sz8ohbhrhdmozigegdgfuw7pzw610dsohbnkgbgvqw6fydmohdmozbcbzesoh bcotdg90dcaxmcddqxzpzydfkxj6asbtzwcumigtbggrbgefbqccajcboaybnvrl c3p0zwzdqxnpigpdqwxyysbrawfkb3r0ifrfu1puihrhbso6c8otdhbdow55libb ighhc3puw6fsyxtdoxzhbcbryxbjc29syxrvc2fuigzlbg1lcso8bmwrigvdoxjv a8opcnqgysbtem9sz8ohbhrhdmozihnlbw1pbhllbibmzwxlbmwrc3pdqwdldcbu zw0gdsohbgxhbcewhqydvr0obbyeffpdj86z7qidatzbzlvll+6rll12mb8ga1ud iwqymbaafnzmaijvnzcpit6grsbv8+826pdnmboga1udeqqtmbgcd21ha2vjb21t zxjjzs5sddaybgnvhr8ekzapmcegjaajhifodhrwoi8vdgvzenquzs1zemlnbm8u ahuvvenbmy5jcmwwbwyikwybbquhaqeeyzbhmdagccsgaqufbzabhirodhrwoi8v dgvzenquzs1zemlnbm8uahuvdgvzdgnhm29jc3awlqyikwybbquhmakgiwh0dha6 ly90zxn6dc5llxn6awduby5ods9uq0ezlmnyddccarqgccsgaqufbwedbiibbjcc aqiwcaygbacorgebmasgbgqajkybawibcjbtbgyeai5gaquwstakfh5odhrwczov l2nwlmutc3ppz25vlmh1l3fjchnfzw4takvomcewg2h0dhbzoi8vy3auzs1zemln bm8uahuvcwnwcxmcsfuwewygbacorgegmakgbwqajkybbgmwfwygbacbmcccmhuw jjarbgceaigyjwecdazqu1bfuekweqyhbacbmccbawwgufnqx0fjdenfrsatievz dg9uawfuiezpbmfuy2lhbcbtdxblcnzpc2lvbibbdxrob3jpdhkglybgaw5hbnrz aw5zcgvrdhnpb29udazfrs1gu0ewdqyjkozihvcnaqelbqadggebahzxm9440svu cpzlshq3okooeu4ftrp0kqkvzmbkmf+yct80vartjniadk5rk6hqrjrjcudi9+hj ep9nzwkn+buvwc2ev+m7i35pck+dvnmtcgxto2qgvznosvjfuzshoc4mfifxnczo 2ne2utfu2wywzqpyncwfmz7aouxylgofefs13mdh5det++nwoaod8abzzqaeysk9 r1fcxrthpldxjijdduzpzcvw+obyjrhkim6zahd6r0e6kb9i+feevf8iwgntsoze zflb6evyjuizsyqgtelrjim4alu1+pa/2zhlzm55pwj1km8piwyqigla0dkozf4+ otnnt6rr7bu= -----end certificate-----` certderblock, _ := pem.decode([]byte(content)) x509cert, err := x509.parsecertificate(certderblock.bytes) for _, extension := range x509cert.extensions { if extension.id.equal(asn1.objectidentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}) { var collexts []asn1.rawvalue asn1.unmarshal(extension.value, &collexts) for _, collext := range collexts { fmt.println(string(collext.bytes)) } } }
It gives the following output:
+0�#http://teszt.e-szigno.hu/testca3ocsp +0�0http://teszt.e-szigno.hu/TCA3.crt
While I have been able to parse such output and get the parent certificate link, I would like to understand how to get the human readable text there.
I looked in the asn1
package and didn't find any functions to decode asn1.rawvalue
objects or asn1.rawvalue.bytes
.
You do not need to view x509cert.extensions
to obtain aia
information, you can directly access it from x509.Certificate:
// rfc 5280, 4.2.2.1 (authority information access) ocspserver []string issuingcertificateurl []string
general speaking:
certderblock, _ := pem.decode([]byte(certbody)) x509cert, err = x509.parsecertificate(certderblock.bytes) fmt.printf("ocspserver: %v\n", x509cert.ocspserver) fmt.printf("issuingcertificateurl: %v\n", x509cert.issuingcertificateurl)
//m.sbmmt.com/link/bc9d03fca6bcbe7f8b591f9d2bf8497a
OCSPServer: [http://teszt.e-szigno.hu/testca3ocsp] IssuingCertificateURL: [http://teszt.e-szigno.hu/TCA3.crt]
The above is the detailed content of Correct way to decode asn1.RawValue in Golang. For more information, please follow other related articles on the PHP Chinese website!