如何在PHP中使用RS256签名X.509证书?无法获取有效指纹... x5t [英] How to Sign X.509 certificate with RS256 in PHP? Not able to get Valid fingerprint...x5t

查看：477 发布时间：2020/4/25 8:05:27 php x509certificate x509 fingerprint jwt

本文介绍了如何在PHP中使用RS256签名X.509证书?无法获取有效指纹... x5t的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已经从此处实现了JWT令牌生成器库，而且我能够获得RS256令牌(有效载荷). 但是我在Header数据上有问题: 我需要一个标头值"x5t"，它不是从给定的库中生成的. 我需要像这样的标头数据:

I have implemented JWT token generator library from Here, and i am able to get RS256 Token (Payload). But i am having issue with Header data: I need one header value "x5t", which is not generated from the given library. I need header data like:

{
    "typ": "JWT",
    "alg": "RS256",
    "x5t": "COm8ON2SD2MTc5jwcxZ0vE3-XJo"
}

我成功获取了前两个参数，但无法获取有效的第三个参数.

I am getting first two parameter successfully, but not able to get valid third parameter.

我的示例代码是:

$fingerprint = str_replace("SHA1 Fingerprint=", '', system('openssl x509 -noout -in my.pem -fingerprint'));
$fingerprint = sha1($fingerprint);
$fingerprint = base64_encode($fingerprint);
$fingerprint = rtrim(strtr($fingerprint, "+/", "-_"), '=');

要生成有效的"x5t"参数，.NET中已经有可用的代码，需要在PHP中进行转换.

To generate Valid "x5t" parameter there is already code available in .NET, need to convert in PHP.

感谢收看我的问题. 任何建议都欢迎.

Thanks for watching my question. Any suggestion welcomed.

推荐答案

如果您使用的是PHP 5.6，则可以使用以下函数

If you have PHP 5.6, you can use the following function openssl_x509_fingerprint:

$cert = openssl_x509_read($certificate);
$sha1_hash = openssl_x509_fingerprint($cert); // sha1 hash (x5t parameter)
$sha256_hash = openssl_x509_fingerprint($cert, 'sha256'); // sha256 hash (x5t#256 parameter)

如果您没有PHP 5.6，则可以使用证书文件的内容(以BEGIN CERTIFICATE开始，以END CERTIFICATE结尾)自行生成此指纹:

If you do not have PHP 5.6, you can generate this fingerprint by yourself using the content of your certificate file (begins with BEGIN CERTIFICATE and ends with END CERTIFICATE):

function sha1_thumbprint($file_content)
{
   $file_content = preg_replace('#-.*-|\r|\n#', '', $file_content);
   $bin = base64_decode($file_content);
   return hash('sha1', $bin);
}

不要忘记在Base64 Url Safe中对结果进行编码.

Do not forget to encode in Base64 Url Safe the result.

$encoded_fingerprint = rtrim(strtr(base64_encode($fingerprint), "+/", "-_"), '=');

这篇关于如何在PHP中使用RS256签名X.509证书?无法获取有效指纹... x5t的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何在PHP中使用RS256签名X.509证书?无法获取有效指纹... x5t [英] How to Sign X.509 certificate with RS256 in PHP? Not able to get Valid fingerprint...x5t

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

如何在PHP中使用RS256签名X.509证书?无法获取有效指纹... x5t [英] How to Sign X.509 certificate with RS256 in PHP? Not able to get Valid fingerprint...x5t

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

登录关闭