如何从iOS上的EV证书中获取组织
我一直在尝试从iOS上的扩展验证SSL证书(EV证书)获取组织信息。
我有UIWebClient加载NSURLRequest,但我无法弄明白我应该获得组织信息。
为了澄清,当我在我的UIWebClient上加载页面https://www.santander.cl时,我正试图从这个网站获得“Banco Santander Chile”,如下图所示:
2 个答案:
答案 0 :(得分:1)
您必须从SecCertificateRef对象中提取它。看看这个帖子:
答案 1 :(得分:0)
要添加到reecon的答案,您还需要一个要查找的OID列表。没有标准的EV OID,因此您必须从与发布者链接的已知OID列表中搜索匹配的OID。指示一个发行人的EV的OID 不表示其来自其他发行人的EV。
您可以在http://chromium.googlesource.com/chromium/chromium/+/trunk/net/cert/ev_root_ca_metadata.cc找到Chromium的EV OID元数据列表。维基百科在Extended Validation certificate identification有一个列表,但我不确定它是最新的。
...当我加载页面时,我正试图从这个网站获得“Banco Santander Chile”...
为发行人匹配EV OID后,您将从证书(/O=Banco Santander Chile)中显示组织名称(或其他相关字段):
$ openssl s_client -connect www.santander.cl:443
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/1.3.6.1.4.1.311.60.2.1.3=CL/businessCategory=Private Organization/serialNumber=97036000-K/C=CL/ST=Santiago/L=Santiago/O=Banco Santander Chile/OU=Comercio Electronico/OU=Terms of use at www.verisign.com/rpa (c)05/CN=www.santander.cl
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
解析证书。由于发行人是Verisign,您正在寻找的OID是2.16.840.1.113733.1.7.23.6:
$ openssl x509 -in test.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:fb:a1:be:00:e2:96:99:34:a8:b7:5b:90:c9:85:5d
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
Validity
Not Before: Aug 27 00:00:00 2013 GMT
Not After : Nov 26 23:59:59 2014 GMT
Subject: 1.3.6.1.4.1.311.60.2.1.3=CL/businessCategory=Private Organization/serialNumber=97036000-K, C=CL, ST=Santiago, L=Santiago, O=Banco Santander Chile, OU=Comercio Electronico, OU=Terms of use at www.verisign.com/rpa (c)05, CN=www.santander.cl
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:25:f4:cd:20:3c:ed:6c:e6:83:3e:13:1b:c0:
98:f8:57:2f:57:01:08:bf:22:df:78:22:5a:37:ea:
16:f9:e4:8f:fa:2a:4b:37:2d:57:37:11:8c:29:db:
e5:06:ba:05:56:f6:0b:3f:ee:55:98:69:41:85:a0:
12:df:5d:9f:09:30:26:7b:70:4b:88:51:05:a5:36:
2e:69:c8:28:14:2e:2d:be:7a:13:07:01:9f:eb:23:
ea:52:11:6b:72:3f:4e:ba:1d:33:b1:8c:f5:d4:e7:
51:f5:f8:5b:86:06:6f:04:02:37:63:b4:6d:e6:a9:
4b:34:c4:05:36:8c:7c:e9:f0:71:84:ef:92:38:72:
b9:8e:b2:a4:9a:ca:a6:95:da:73:ce:bd:c8:f9:0c:
b4:a6:88:c9:e3:b9:a3:34:09:4c:55:3b:ad:ce:5f:
2d:35:47:9c:e9:4d:3b:c4:02:1c:22:6b:16:4a:f3:
50:2a:86:b2:bc:bd:08:fd:cb:f8:f7:80:c5:86:55:
e6:59:e4:c8:79:ba:36:e3:c6:a4:d4:f9:8f:15:20:
89:bc:71:64:ab:b4:7c:9e:28:f1:42:f8:16:46:55:
97:09:de:a9:78:58:27:22:aa:60:a7:88:64:03:fb:
4f:8d:36:01:52:11:47:48:d2:82:2b:de:08:3a:ee:
f0:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.santander.cl
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.6
CPS: https://www.verisign.com/cps
X509v3 CRL Distribution Points:
Full Name:
URI:http://EVIntl-crl.verisign.com/EVIntl2006.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
X509v3 Authority Key Identifier:
keyid:4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers - URI:http://EVIntl-aia.verisign.com/EVIntl2006.cer
Signature Algorithm: sha1WithRSAEncryption
5b:77:fb:a5:82:d8:fa:cc:84:b5:5c:48:86:fc:ea:ad:2b:cb:
0f:9e:6e:3b:e6:e5:4a:52:d7:c6:f1:fd:f9:47:a2:2b:b7:32:
95:4d:bf:74:99:9d:8e:30:3b:71:74:00:3d:59:d5:50:7a:08:
be:de:2b:d1:69:89:9f:fc:28:e8:2d:28:04:1b:33:fe:20:52:
84:bd:7a:ad:5b:30:29:41:d1:a2:cd:53:b0:da:50:df:68:12:
b9:94:6a:5f:32:6f:b5:bb:36:ab:15:81:8d:51:99:bf:4b:5d:
ee:10:7b:24:bf:87:50:97:94:b4:fe:ad:dc:61:8e:a9:49:a2:
04:ad:7f:35:a0:4b:0f:ab:7a:a8:86:33:60:e8:12:09:fe:66:
d5:61:da:a7:69:61:85:26:28:92:39:3a:0c:ec:5c:f8:62:bb:
b5:72:8d:1f:44:ef:64:0a:4b:e9:af:cd:6a:29:5f:ec:f5:82:
45:d9:6f:57:2f:ce:51:a4:f9:2c:0e:02:dd:d5:a1:51:ef:45:
6b:d7:93:55:c6:e0:e1:95:46:b0:7b:fa:cd:05:4b:d9:57:3b:
c6:0b:d7:f4:51:7b:cd:19:cf:6e:a7:22:05:b7:cf:a8:50:c9:
20:6f:be:48:85:40:46:61:0f:40:5b:31:49:af:d6:fb:9a:95:
52:d4:88:1b
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?