如何从base64字符串中提取DER编码的证书
how to extract DER encoded certificate from base64 string
寻求有关如何解码以下 base64 MerkleTreeLeaf 字符串的帮助。
MerkleTreeLeaf 结构是一个包含时间戳和数字证书的复合数据结构。
该结构被编码为 Base64 编码的字节字符串。在这个字节串中,有一个以 DER 格式编码的实际证书。
我正在寻找 php 提取 DER 编码证书的解决方案。
这是 base64 编码字符串的示例
AAAAAAFNDPxFcQAAAAUaMIIFFjCCBLygAwIBAgIQM+cDs5qlvsI+p1fkebkn3TAKBggqhkjOPQQDAjCBizELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTQxMjA4MDAwMDAwWhcNMTUxMjA4MjM1OTU5WjCCARExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxGzAZBgsrBgEEAYI3PAIBAQwKV2lsbWluZ3RvbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMRYwFAYDVQQKDA1TeW1hbnRlYyBDb3JwMR0wGwYDVQQLDBRmb3IgY3QgdGVzdGluZy0tIGVjYzEgMB4GA1UEAwwXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdGXgRQD4CxlJr1QU7hZ86gbPxjlCHWDBZBSb5+vbo9bw2sZxaxwF15mHiSlEiaGVuwv2DxOPO+w/QVgMTggZ5o4ICdzCCAnMwIgYDVR0RBBswGYIXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUSBNlF5TsnhYqKnRc6FMttPuD644wVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABSitKXtQAAAQDAEYwRAIgIQ2Dr+ktUJh1OFYAJxUqHwMjLmsMdvGToFaxSqEcAg8CIDjgHlQ8mV/NXsUC115hF5S7MZirjD7mdH52s6yv5JQiAHUAOTdvVF97Rgf1l0LXaM1dJDe/NHO2U0pINLz3Lmgcg8kAAAFKK0phCQAABAMARjBEAiA1GlOmlOeAP+uOmq+uPMVeN0TDsRZBxUE7oWUtZlKBOAIgFOoXuDXnAFALmW7CN66yrnHO7UyuMYy5t4oJqvgmzzowCgYIKoZIzj0EAwIDSAAwRQIgNqNb4f3YfKCvnkYjihpB9jGq0iUnfPclyD7mWxDJYt8CIQCJbJ48ZxGx2WYGRMXys52lxc/VxzzvdlSRto9y/jLhzAAA
如果我使用在线 base64 convertors tool 它会显示一些细节,但显然无法阅读。如果我可以提取 DER 编码的证书,那么我可以使用 openssl 来解析它。
您可以像评论中的 Python 脚本一样处理它,只需比较 Python unpack documentation with the one for PHP。如果您只想要未解析的证书,您可以使用
<?php
function mtl_to_x509($base64str) {
$raw = base64_decode($base64str);
// Parse the decoded string
$cert_length = unpack('N', chr(0).substr($raw, 12, 3))[1];
$cert_as_asn1 = substr($raw, 15, $cert_length);
return $cert_as_asn1;
}
$example = "AAAAAAFNDPxFcQAAAAUaMIIFFjCCBLygAwIBAgIQM+cDs5qlvsI+p1fkebkn3TAKBggqhkjOPQQDAjCBizELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTQxMjA4MDAwMDAwWhcNMTUxMjA4MjM1OTU5WjCCARExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxGzAZBgsrBgEEAYI3PAIBAQwKV2lsbWluZ3RvbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMRYwFAYDVQQKDA1TeW1hbnRlYyBDb3JwMR0wGwYDVQQLDBRmb3IgY3QgdGVzdGluZy0tIGVjYzEgMB4GA1UEAwwXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdGXgRQD4CxlJr1QU7hZ86gbPxjlCHWDBZBSb5+vbo9bw2sZxaxwF15mHiSlEiaGVuwv2DxOPO+w/QVgMTggZ5o4ICdzCCAnMwIgYDVR0RBBswGYIXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUSBNlF5TsnhYqKnRc6FMttPuD644wVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABSitKXtQAAAQDAEYwRAIgIQ2Dr+ktUJh1OFYAJxUqHwMjLmsMdvGToFaxSqEcAg8CIDjgHlQ8mV/NXsUC115hF5S7MZirjD7mdH52s6yv5JQiAHUAOTdvVF97Rgf1l0LXaM1dJDe/NHO2U0pINLz3Lmgcg8kAAAFKK0phCQAABAMARjBEAiA1GlOmlOeAP+uOmq+uPMVeN0TDsRZBxUE7oWUtZlKBOAIgFOoXuDXnAFALmW7CN66yrnHO7UyuMYy5t4oJqvgmzzowCgYIKoZIzj0EAwIDSAAwRQIgNqNb4f3YfKCvnkYjihpB9jGq0iUnfPclyD7mWxDJYt8CIQCJbJ48ZxGx2WYGRMXys52lxc/VxzzvdlSRto9y/jLhzAAA";
print mtl_to_x509($example);
?>
要看到这是否有效,请注意我们确实可以使用 openssl 解析它:
$ php mtl_to_x509.php | openssl x509 -inform der -noout -text | grep Subject:
Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/1.3.6.1.4.1.311.60.2.1.1=Wilmington, C=US, ST=California, L=Mountain View/businessCategory=Private Organization/serialNumber=2158113, O=Symantec Corp, OU=for ct testing-- ecc, CN=evpro1.ev1.symantec.com
如果您最终还需要其余的数据结构,相关的解包将如下所示:
$version = unpack('C', substr($raw, 0, 1))[1];
$ctype = unpack('C', substr($raw, 1, 1))[1];
$timestamp = unpack('J', substr($raw, 2, 8))[1];
$entry_type = unpack('n', substr($raw, 10, 2))[1];
寻求有关如何解码以下 base64 MerkleTreeLeaf 字符串的帮助。
MerkleTreeLeaf 结构是一个包含时间戳和数字证书的复合数据结构。
该结构被编码为 Base64 编码的字节字符串。在这个字节串中,有一个以 DER 格式编码的实际证书。
我正在寻找 php 提取 DER 编码证书的解决方案。
这是 base64 编码字符串的示例
AAAAAAFNDPxFcQAAAAUaMIIFFjCCBLygAwIBAgIQM+cDs5qlvsI+p1fkebkn3TAKBggqhkjOPQQDAjCBizELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTQxMjA4MDAwMDAwWhcNMTUxMjA4MjM1OTU5WjCCARExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxGzAZBgsrBgEEAYI3PAIBAQwKV2lsbWluZ3RvbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMRYwFAYDVQQKDA1TeW1hbnRlYyBDb3JwMR0wGwYDVQQLDBRmb3IgY3QgdGVzdGluZy0tIGVjYzEgMB4GA1UEAwwXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdGXgRQD4CxlJr1QU7hZ86gbPxjlCHWDBZBSb5+vbo9bw2sZxaxwF15mHiSlEiaGVuwv2DxOPO+w/QVgMTggZ5o4ICdzCCAnMwIgYDVR0RBBswGYIXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUSBNlF5TsnhYqKnRc6FMttPuD644wVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABSitKXtQAAAQDAEYwRAIgIQ2Dr+ktUJh1OFYAJxUqHwMjLmsMdvGToFaxSqEcAg8CIDjgHlQ8mV/NXsUC115hF5S7MZirjD7mdH52s6yv5JQiAHUAOTdvVF97Rgf1l0LXaM1dJDe/NHO2U0pINLz3Lmgcg8kAAAFKK0phCQAABAMARjBEAiA1GlOmlOeAP+uOmq+uPMVeN0TDsRZBxUE7oWUtZlKBOAIgFOoXuDXnAFALmW7CN66yrnHO7UyuMYy5t4oJqvgmzzowCgYIKoZIzj0EAwIDSAAwRQIgNqNb4f3YfKCvnkYjihpB9jGq0iUnfPclyD7mWxDJYt8CIQCJbJ48ZxGx2WYGRMXys52lxc/VxzzvdlSRto9y/jLhzAAA
如果我使用在线 base64 convertors tool 它会显示一些细节,但显然无法阅读。如果我可以提取 DER 编码的证书,那么我可以使用 openssl 来解析它。
您可以像评论中的 Python 脚本一样处理它,只需比较 Python unpack documentation with the one for PHP。如果您只想要未解析的证书,您可以使用
<?php
function mtl_to_x509($base64str) {
$raw = base64_decode($base64str);
// Parse the decoded string
$cert_length = unpack('N', chr(0).substr($raw, 12, 3))[1];
$cert_as_asn1 = substr($raw, 15, $cert_length);
return $cert_as_asn1;
}
$example = "AAAAAAFNDPxFcQAAAAUaMIIFFjCCBLygAwIBAgIQM+cDs5qlvsI+p1fkebkn3TAKBggqhkjOPQQDAjCBizELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTQxMjA4MDAwMDAwWhcNMTUxMjA4MjM1OTU5WjCCARExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxGzAZBgsrBgEEAYI3PAIBAQwKV2lsbWluZ3RvbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMRYwFAYDVQQKDA1TeW1hbnRlYyBDb3JwMR0wGwYDVQQLDBRmb3IgY3QgdGVzdGluZy0tIGVjYzEgMB4GA1UEAwwXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdGXgRQD4CxlJr1QU7hZ86gbPxjlCHWDBZBSb5+vbo9bw2sZxaxwF15mHiSlEiaGVuwv2DxOPO+w/QVgMTggZ5o4ICdzCCAnMwIgYDVR0RBBswGYIXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUSBNlF5TsnhYqKnRc6FMttPuD644wVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABSitKXtQAAAQDAEYwRAIgIQ2Dr+ktUJh1OFYAJxUqHwMjLmsMdvGToFaxSqEcAg8CIDjgHlQ8mV/NXsUC115hF5S7MZirjD7mdH52s6yv5JQiAHUAOTdvVF97Rgf1l0LXaM1dJDe/NHO2U0pINLz3Lmgcg8kAAAFKK0phCQAABAMARjBEAiA1GlOmlOeAP+uOmq+uPMVeN0TDsRZBxUE7oWUtZlKBOAIgFOoXuDXnAFALmW7CN66yrnHO7UyuMYy5t4oJqvgmzzowCgYIKoZIzj0EAwIDSAAwRQIgNqNb4f3YfKCvnkYjihpB9jGq0iUnfPclyD7mWxDJYt8CIQCJbJ48ZxGx2WYGRMXys52lxc/VxzzvdlSRto9y/jLhzAAA";
print mtl_to_x509($example);
?>
要看到这是否有效,请注意我们确实可以使用 openssl 解析它:
$ php mtl_to_x509.php | openssl x509 -inform der -noout -text | grep Subject:
Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/1.3.6.1.4.1.311.60.2.1.1=Wilmington, C=US, ST=California, L=Mountain View/businessCategory=Private Organization/serialNumber=2158113, O=Symantec Corp, OU=for ct testing-- ecc, CN=evpro1.ev1.symantec.com
如果您最终还需要其余的数据结构,相关的解包将如下所示:
$version = unpack('C', substr($raw, 0, 1))[1];
$ctype = unpack('C', substr($raw, 1, 1))[1];
$timestamp = unpack('J', substr($raw, 2, 8))[1];
$entry_type = unpack('n', substr($raw, 10, 2))[1];