如何将证书字符串转换为X509结构

how to convert the Certificate String into X509 structure.?

本文关键字:X509 结构 转换 字符串 证书      更新时间:2023-10-16

谁能告诉我如何将字符串内容转换为X509结构?我正在使用openssl读取X509结构。

示例:certificate string

-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
VQQGEwJJTjELMAkGA1UECBMCQVAxDDAKBgNVBAcTA0hZRDEZMBcGA1UEChMQUm9j
a3dlbGwgY29sbGluczEcMBoGA1UECxMTSW5kaWEgRGVzaWduIENlbnRlcjEOMAwG
A1UEAxMFSU1BQ1MxKTAnBgkqhkiG9w0BCQEWGmJyYWphbkBSb2Nrd2VsbGNvbGxp
bnMuY29tMB4XDTExMDYxNjE0MTQyM1oXDTEyMDYxNTE0MTQyM1owgZwxCzAJBgNV
BAYTAklOMQswCQYDVQQIEwJBUDEMMAoGA1UEBxMDSFlEMRkwFwYDVQQKExBSb2Nr
d2VsbCBjb2xsaW5zMRwwGgYDVQQLExNJbmRpYSBEZXNpZ24gQ2VudGVyMQ4wDAYD
VQQDEwVJTUFDUzEpMCcGCSqGSIb3DQEJARYaYnJhamFuQFJvY2t3ZWxsY29sbGlu
cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfjHgUAsbXQFkF
hqv8OTHSzuj+8SKGh49wth3UcH9Nk/YOug7ZvI+tnOcrCZdeG2Ot8Y19Wusf59Y7
q61jSbDWt+7u7P0ylWWcQfCE9IHSiJIaKAklMu2qGB8bFSPqDyVJuWSwcSXEb9C2
xJsabfgJr6mpfWjCOKd58wFprf0RF58pWHyBqBOiZ2U20PKhq8gPJo/pEpcnXTY0
x8bw8LZ3SrrIQZ5WntFKdB7McFKG9yFfEhUamTKOffQ2Y+SDEGVDj3eshF6+Fxgj
8plyg3tZPRLSHh5DR42HTc/35LA52BvjRMWYzrs4nf67gf652pgHh0tFMNMTMgZD
rpTkyts9AgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUG0cLBjouoJPM8dQzKUQCZYNY
y8AwgdEGA1UdIwSByTCBxoAUG0cLBjouoJPM8dQzKUQCZYNYy8ChgaKkgZ8wgZwx
CzAJBgNVBAYTAklOMQswCQYDVQQIEwJBUDEMMAoGA1UEBxMDSFlEMRkwFwYDVQQK
ExBSb2Nrd2VsbCBjb2xsaW5zMRwwGgYDVQQLExNJbmRpYSBEZXNpZ24gQ2VudGVy
MQ4wDAYDVQQDEwVJTUFDUzEpMCcGCSqGSIb3DQEJARYaYnJhamFuQFJvY2t3ZWxs
Y29sbGlucy5jb22CCQCtCZg3P2F1rDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4IBAQCyYZxEzn7203no9TdhtKDWOFRwzYvY2kZppQ/EpzF+pzh8LdBOebr+
DLRXNh2NIFaEVV0brpQTI4eh6b5j7QyF2UmA6+44zmku9LzS9DQVKGLhIleB436K
ARoWRqxlEK7TF3TauQfaalGH88ZWoDjqqEP/5oWeQ6pr/RChkCHkBSgq6FfGGSLd
ktgFcF0S9U7Ybii/MD+tWMImK8EE3GGgs876yqX/DDhyfW8DfnNZyl35VF/80j/s
0Lj3F7Po1zsaRbQlhOK5rzRVQA2qnsa4IcQBuYqBWiB6XojPgu9PpRSL7ure7sj6
gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2
-----END CERTIFICATE-----

这是我将作为字符串输入获得的证书。如何将其转换为X509

您可以使用以下OpenSSL代码片段来加载作为字符串输入的证书:

#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
const unsigned char *data = 
    "-----BEGIN CERTIFICATE-----n"
    "MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYDn"
    /*...*/
    "gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2n"
    "-----END CERTIFICATE-----";
BIO *bio;
X509 *certificate;
bio = BIO_new(BIO_s_mem());
BIO_puts(bio, data);
certificate = PEM_read_bio_X509(bio, NULL, NULL, NULL);

下面的代码不是要运行的完整代码。它给出了API和如何使用它们:

#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
const unsigned char data[] = 
     "-----BEGIN CERTIFICATE-----n"
"MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYDn"
/*...*/
"gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2n"
"-----END CERTIFICATE-----";
BIO *bio;
X509 *certificate;
bio = BIO_new(BIO_s_mem());            
// create BIO structure which deals with memory
lTemp= BIO_write(lBio, (const void*)data, sizeof(data));  
// Note Bio write and BIO puts do the exact thing difference is u need to give 
// the size of input data to copy in the Bio write. (Safe and best use bio write) 
// Check lTemp should be equal to the size of data or number of characters
// in the data u want to copy....
// these values are defined in my code not in the library
if (iFileType == DERFORMAT)
{
    certificate = d2i_X509_bio(bio, NULL);            
    // this line will decode the DER format certificate
    // and convert that into X509 formatted certificate.
}
else if (iFileType == PEMFORMAT) 
{
    certificate = PEM_read_bio_X509(bio, NULL, 0, NULL);        
    // this line will decode the PEM certificate
    // and convert that into X509 formatted certificate.
}
相关文章: