从CERT.RSA中提取证书
linux-dash
A beautiful web dashboard for Linux
项目地址:https://gitcode.com/gh_mirrors/li/linux-dash
免费下载资源
·
原文链接:http://www.wangchen.org/2011/01/%E4%BB%8Ecert-rsa%E4%B8%AD%E6%8F%90%E5%8F%96%E8%AF%81%E4%B9%A6/
Apk 包中的META-INF目录下,有一个CERT.RSA,它是一个PKCS7 格式的文件。
下面介绍几种从中获取证书的方法。
Linux command line
openssl pkcs7 -inform DER -in CERT.RSA -noout -print_certs -text
你可以得到一个文本输出:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1281971851 (0x4c69568b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Michael Liu
Validity
Not Before: Aug 16 15:17:31 2010 GMT
Not After : Aug 10 15:17:31 2035 GMT
Subject: CN=Michael Liu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:8d:04:84:a2:1e:c6:56:39:f2:cd:a6:f0:48:a5:
f7:5e:71:8f:e1:a8:af:a7:dc:66:92:a2:b9:cf:da:
0f:32:42:ce:83:fe:bc:e1:4f:0a:fd:d9:a8:b3:73:
f4:ff:97:15:17:87:d6:d0:3c:da:01:fc:11:40:7d:
04:da:31:cc:cd:da:d0:e7:7b:e3:c1:84:30:9f:21:
93:95:20:48:b1:2d:24:02:d2:b9:3c:87:0d:fa:b8:
e1:b1:45:f4:8d:90:0a:3b:9d:d8:8a:9a:96:d1:51:
23:0e:8e:c4:09:68:7d:95:be:c6:42:e9:54:a1:5c:
5d:3f:25:d8:5c:c3:42:73:21
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
78:3c:6b:ef:71:70:55:68:28:80:4d:f8:b5:cd:83:a9:01:21:
2a:c1:e4:96:ad:bc:5f:67:0c:cd:c3:34:51:6d:63:90:a9:f9:
d5:5e:c7:ef:34:43:86:7d:68:e1:99:87:92:86:34:91:6d:67:
6d:b2:22:e9:5e:28:aa:e8:05:52:04:6e:4e:d4:7f:0f:b0:d6:
28:f5:2b:11:38:d5:15:cb:e3:e4:c9:99:23:c1:84:4f:ce:69:
e9:b1:59:7b:8e:30:01:1c:e1:92:ee:0d:54:61:29:f5:8e:9e:
42:72:26:2b:aa:c7:af:d9:c9:d1:85:95:8e:4c:8d:5c:77:c5:
ce:4e
Java
这是最简单的
import sun.security.pkcs.PKCS7;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class Test {
public static void main(String[] args) throws CertificateException, IOException {
FileInputStream fis = new FileInputStream("/Users/wangchen/Desktop/CERT.RSA");
PKCS7 pkcs7 = new PKCS7(fis);
X509Certificate publicKey = pkcs7.getCertificates()[0];
System.out.println("issuer1:" + publicKey.getIssuerDN());
System.out.println("subject2:" + publicKey.getSubjectDN());
System.out.println(publicKey.getPublicKey());
}
}
使用openssl-dev 的C API
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <string>
#include <iostream>
using namespace std;
string to_string(X509_NAME* name)
{
BIO* mem = BIO_new(BIO_s_mem());
if (mem == NULL)
return NULL;
if (X509_NAME_print_ex(mem, name, 0, XN_FLAG_RFC2253) < 0) return NULL; string str; char buf[128]; while((BIO_gets(mem, &buf[0], sizeof(buf))) > 0)
{
str.append(buf);
}
BIO_free(mem);
return str;
}
int main()
{
FILE* fp;
if (!(fp = fopen("CERT.RSA", "rb")))
{
fprintf(stderr, "Error reading input pkcs7 file\n" );
exit(1);
}
/* todo: 这里可能有内存漏洞,有空查一下文档 */
PKCS7* pkcs7 = d2i_PKCS7_fp(fp, NULL);
X509* cert = sk_X509_pop(pkcs7->d.sign->cert);
string subject = to_string(X509_get_subject_name(cert));
string issuer = to_string(X509_get_issuer_name(cert));
char *modulus = BN_bn2dec(X509_get_pubkey(cert)->pkey.rsa->n);
cout << subject << endl;
OPENSSL_free(modulus);
fclose(fp);
return 0;
}
Python
我没在Python 2.x 的OpenSSL 库中找到从PKCS7中提取证书的方法……
看来无奈时刻只能自己做Binding了。
GitHub 加速计划 / li / linux-dash
10.39 K
1.2 K
下载
A beautiful web dashboard for Linux
最近提交(Master分支:2 个月前 )
186a802e
added ecosystem file for PM2 4 年前
5def40a3
Add host customization support for the NodeJS version 4 年前
更多推荐
已为社区贡献2条内容
所有评论(0)