任何人都可以告诉我如何将字符串内容转换为X509结构。我正在使用openssl来读取X509结构。
示例:证书字符串
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
VQQGEwJJTjELMAkGA1UECBMCQVAxDDAKBgNVBAcTA0hZRDEZMBcGA1UEChMQUm9j
a3dlbGwgY29sbGluczEcMBoGA1UECxMTSW5kaWEgRGVzaWduIENlbnRlcjEOMAwG
A1UEAxMFSU1BQ1MxKTAnBgkqhkiG9w0BCQEWGmJyYWphbkBSb2Nrd2VsbGNvbGxp
bnMuY29tMB4XDTExMDYxNjE0MTQyM1oXDTEyMDYxNTE0MTQyM1owgZwxCzAJBgNV
BAYTAklOMQswCQYDVQQIEwJBUDEMMAoGA1UEBxMDSFlEMRkwFwYDVQQKExBSb2Nr
d2VsbCBjb2xsaW5zMRwwGgYDVQQLExNJbmRpYSBEZXNpZ24gQ2VudGVyMQ4wDAYD
VQQDEwVJTUFDUzEpMCcGCSqGSIb3DQEJARYaYnJhamFuQFJvY2t3ZWxsY29sbGlu
cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfjHgUAsbXQFkF
hqv8OTHSzuj+8SKGh49wth3UcH9Nk/YOug7ZvI+tnOcrCZdeG2Ot8Y19Wusf59Y7
q61jSbDWt+7u7P0ylWWcQfCE9IHSiJIaKAklMu2qGB8bFSPqDyVJuWSwcSXEb9C2
xJsabfgJr6mpfWjCOKd58wFprf0RF58pWHyBqBOiZ2U20PKhq8gPJo/pEpcnXTY0
x8bw8LZ3SrrIQZ5WntFKdB7McFKG9yFfEhUamTKOffQ2Y+SDEGVDj3eshF6+Fxgj
8plyg3tZPRLSHh5DR42HTc/35LA52BvjRMWYzrs4nf67gf652pgHh0tFMNMTMgZD
rpTkyts9AgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUG0cLBjouoJPM8dQzKUQCZYNY
y8AwgdEGA1UdIwSByTCBxoAUG0cLBjouoJPM8dQzKUQCZYNYy8ChgaKkgZ8wgZwx
CzAJBgNVBAYTAklOMQswCQYDVQQIEwJBUDEMMAoGA1UEBxMDSFlEMRkwFwYDVQQK
ExBSb2Nrd2VsbCBjb2xsaW5zMRwwGgYDVQQLExNJbmRpYSBEZXNpZ24gQ2VudGVy
MQ4wDAYDVQQDEwVJTUFDUzEpMCcGCSqGSIb3DQEJARYaYnJhamFuQFJvY2t3ZWxs
Y29sbGlucy5jb22CCQCtCZg3P2F1rDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4IBAQCyYZxEzn7203no9TdhtKDWOFRwzYvY2kZppQ/EpzF+pzh8LdBOebr+
DLRXNh2NIFaEVV0brpQTI4eh6b5j7QyF2UmA6+44zmku9LzS9DQVKGLhIleB436K
ARoWRqxlEK7TF3TauQfaalGH88ZWoDjqqEP/5oWeQ6pr/RChkCHkBSgq6FfGGSLd
ktgFcF0S9U7Ybii/MD+tWMImK8EE3GGgs876yqX/DDhyfW8DfnNZyl35VF/80j/s
0Lj3F7Po1zsaRbQlhOK5rzRVQA2qnsa4IcQBuYqBWiB6XojPgu9PpRSL7ure7sj6
gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2
-----END CERTIFICATE-----
这个证书我将作为字符串输入获取。如何将其转换为X509。
答案 0 :(得分:13)
您可以使用此OpenSSL代码段在作为字符串输入提供时加载证书:
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
const unsigned char *data =
"-----BEGIN CERTIFICATE-----\n"
"MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\n"
/*...*/
"gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2\n"
"-----END CERTIFICATE-----";
BIO *bio;
X509 *certificate;
bio = BIO_new(BIO_s_mem());
BIO_puts(bio, data);
certificate = PEM_read_bio_X509(bio, NULL, NULL, NULL);
希望这有帮助。
答案 1 :(得分:5)
下面的代码不是完整的代码来运行。它给出了API以及如何使用它们:
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
const unsigned char data[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIExDCCA6ygAwIBAgIJAK0JmDc/YXWsMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\n"
/*...*/
"gRQT0OIU5vXzsmhjqKoZ+dBlh1FpSOX2\n"
"-----END CERTIFICATE-----";
BIO *bio;
X509 *certificate;
bio = BIO_new(BIO_s_mem());
// create BIO structure which deals with memory
lTemp= BIO_write(lBio, (const void*)data, sizeof(data));
// Note Bio write and BIO puts do the exact thing difference is u need to give
// the size of input data to copy in the Bio write. (Safe and best use bio write)
// Check lTemp should be equal to the size of data or number of characters
// in the data u want to copy....
// these values are defined in my code not in the library
if (iFileType == DERFORMAT)
{
certificate = d2i_X509_bio(bio, NULL);
// this line will decode the DER format certificate
// and convert that into X509 formatted certificate.
}
else if (iFileType == PEMFORMAT)
{
certificate = PEM_read_bio_X509(bio, NULL, 0, NULL);
// this line will decode the PEM certificate
// and convert that into X509 formatted certificate.
}