我试图从Common Lisp中PKCS#12加密的客户端证书中提取信息。
我尝试过以下步骤:
>>> print(input()[::-1])
1 2 3 4 5
5 4 3 2 1
BIO
d2i_PKCS12_bio PKCS12_verify_mac 这是实际的CFFI代码:
PKCS12_parse然而,(defun load-pkcs12 (file &optional passphrase)
(openssl-add-all-digests)
(pkcs12-pbe-add)
;; 1. Load the given p12 file
(let ((content (slurp-file file)))
(cffi:with-pointer-to-vector-data (data-sap content)
(let* ((bio (bio-new-mem-buf data-sap (length content)))
(p12 (d2i-pkcs12-bio bio (cffi:null-pointer)))
(pkey (evp-pkey-new))
(cert (x509-new)))
(unwind-protect
(progn
;; 2. Verify the passphrase
(let ((res (pkcs12-verify-mac p12 (or passphrase (cffi:null-pointer)) (length passphrase))))
(when (zerop res)
(error (format nil "Error while verifying mac~%~A" (get-errors)))))
;; 3. Parse the file
(cffi:with-foreign-objects ((*pkey :pointer)
(*cert :pointer))
(setf (cffi:mem-ref *pkey :pointer) pkey
(cffi:mem-ref *cert :pointer) cert)
(let ((res
(pkcs12-parse p12
(or passphrase (cffi:null-pointer))
*pkey
*cert
(cffi:null-pointer))))
(when (zerop res)
(error "Error in pkcs12-parse~%~A" (get-errors)))))
(pkcs12-free p12)
;; 4. Show the result
(let ((bio (cl+ssl::bio-new (bio-s-mem))))
(unwind-protect
(progn
(x509-print-ex bio cert 0 0)
(bio-to-string bio))
(bio-free bio))))
(evp-pkey-free pkey)
(x509-free cert))))))
的结果总是毫无意义:
X509_print_ex当我使用Certificate:
Data:
Version: 1 (0x0)
Serial Number: 0 (0x0)
Signature Algorithm: itu-t
Issuer:
Validity
Not Before: Bad time value
命令尝试它时看起来很好,所以我假设p12文件没问题:
openssl mime的完整片段是on gist。主要功能是$ openssl pkcs12 -in sslcert.p12 -clcerts -nokeys
Enter Import Password: <input passphrase>
MAC verified OK
Bag Attributes
localKeyID: 31 0E 0D 31 05 8D 20 13 BA B3 81 85 57 AD 28 52 9F D0 19 BE
subject=/C=JP/ST=Tokyo/L=Minato/O=<company>/OU=Development/CN=<user>/emailAddress=admin@example.co.jp
issuer=/C=JP/ST=Tokyo/O=<company>/OU=Development/CN=SuperUser Intermediate CA/emailAddress=admin@example.co.jp
-----BEGIN CERTIFICATE-----
...PEM-encoded certificate...
-----END CERTIFICATE-----
,位于文件的底部。
load-pkcs12有人可以帮忙吗?