如何从base64字符串提取DER编码的证书 [英] how to extract DER encoded certificate from base64 string

问题描述

寻找关于如何解码以下base64 MerkleTreeLeaf字符串的帮助。

Looking for help on how to decode the following base64 MerkleTreeLeaf string.

MerkleTreeLeaf结构是一个包含时间戳和数字证书的复合数据结构。

The MerkleTreeLeaf structure is a composite data structure that contains a timestamp as well as a digital certificate.

结构被编码为Base64编码的字节字符串。在此字节字符串中，有一个以DER格式编码的实际证书。

The structure is encoded as a Base64 encoded byte string. Within this byte string, there is an actual certificate encoded in DER format.

我正在寻找一个php解决方案来提取DER编码的证书。

I am looking for a php solution to extract the DER encoded certificate.

这里是base64编码字符串的示例

Here is a sample of the base64 encoded string

AAAAAAFNDPxFcQAAAAUaMIIFFjCCBLygAwIBAgIQM+cDs5qlvsI+p1fkebkn3TAKBggqhkjOPQQDAjCBizELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTQxMjA4MDAwMDAwWhcNMTUxMjA4MjM1OTU5WjCCARExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxGzAZBgsrBgEEAYI3PAIBAQwKV2lsbWluZ3RvbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMRYwFAYDVQQKDA1TeW1hbnRlYyBDb3JwMR0wGwYDVQQLDBRmb3IgY3QgdGVzdGluZy0tIGVjYzEgMB4GA1UEAwwXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdGXgRQD4CxlJr1QU7hZ86gbPxjlCHWDBZBSb5+vbo9bw2sZxaxwF15mHiSlEiaGVuwv2DxOPO+w/QVgMTggZ5o4ICdzCCAnMwIgYDVR0RBBswGYIXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUSBNlF5TsnhYqKnRc6FMttPuD644wVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABSitKXtQAAAQDAEYwRAIgIQ2Dr+ktUJh1OFYAJxUqHwMjLmsMdvGToFaxSqEcAg8CIDjgHlQ8mV/NXsUC115hF5S7MZirjD7mdH52s6yv5JQiAHUAOTdvVF97Rgf1l0LXaM1dJDe/NHO2U0pINLz3Lmgcg8kAAAFKK0phCQAABAMARjBEAiA1GlOmlOeAP+uOmq+uPMVeN0TDsRZBxUE7oWUtZlKBOAIgFOoXuDXnAFALmW7CN66yrnHO7UyuMYy5t4oJqvgmzzowCgYIKoZIzj0EAwIDSAAwRQIgNqNb4f3YfKCvnkYjihpB9jGq0iUnfPclyD7mWxDJYt8CIQCJbJ48ZxGx2WYGRMXys52lxc/VxzzvdlSRto9y/jLhzAAA

如果我使用在线 base64转换器工具，它会显示一些细节，但显然它不可读。如果我可以提取DER编码的证书，那么我可以使用openssl来解析它。

If i use the online base64 convertors tool it shows some detail but obviously its unreadable. If I can extract the DER encoded certificate then I can use openssl to parse it.

推荐答案

评论中的Python脚本，只需将 Python解压缩文档与一个PHP 。如果您只想要未解析的凭证，可以使用

You can approach it the same way as the Python script in your comment, simply comparing the Python unpack documentation with the one for PHP. In case you only want the unparsed certificate, you can get away with

<?php

function mtl_to_x509($base64str) {
    $raw = base64_decode($base64str);
    // Parse the decoded string
    $cert_length = unpack('N', chr(0).substr($raw, 12, 3))[1];
    $cert_as_asn1 = substr($raw, 15, $cert_length);
    return $cert_as_asn1;
}

$example = "AAAAAAFNDPxFcQAAAAUaMIIFFjCCBLygAwIBAgIQM+cDs5qlvsI+p1fkebkn3TAKBggqhkjOPQQDAjCBizELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTQxMjA4MDAwMDAwWhcNMTUxMjA4MjM1OTU5WjCCARExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxGzAZBgsrBgEEAYI3PAIBAQwKV2lsbWluZ3RvbjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMRYwFAYDVQQKDA1TeW1hbnRlYyBDb3JwMR0wGwYDVQQLDBRmb3IgY3QgdGVzdGluZy0tIGVjYzEgMB4GA1UEAwwXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdGXgRQD4CxlJr1QU7hZ86gbPxjlCHWDBZBSb5+vbo9bw2sZxaxwF15mHiSlEiaGVuwv2DxOPO+w/QVgMTggZ5o4ICdzCCAnMwIgYDVR0RBBswGYIXZXZwcm8xLmV2MS5zeW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUSBNlF5TsnhYqKnRc6FMttPuD644wVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc24uc3ltY2IuY29tL3NuLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABSitKXtQAAAQDAEYwRAIgIQ2Dr+ktUJh1OFYAJxUqHwMjLmsMdvGToFaxSqEcAg8CIDjgHlQ8mV/NXsUC115hF5S7MZirjD7mdH52s6yv5JQiAHUAOTdvVF97Rgf1l0LXaM1dJDe/NHO2U0pINLz3Lmgcg8kAAAFKK0phCQAABAMARjBEAiA1GlOmlOeAP+uOmq+uPMVeN0TDsRZBxUE7oWUtZlKBOAIgFOoXuDXnAFALmW7CN66yrnHO7UyuMYy5t4oJqvgmzzowCgYIKoZIzj0EAwIDSAAwRQIgNqNb4f3YfKCvnkYjihpB9jGq0iUnfPclyD7mWxDJYt8CIQCJbJ48ZxGx2WYGRMXys52lxc/VxzzvdlSRto9y/jLhzAAA";

print mtl_to_x509($example);

?>

注意，我们可以使用openssl解析它：

To see that this does the job, note that we can indeed parse it with openssl:

$ php mtl_to_x509.php | openssl x509 -inform der -noout -text | grep Subject:
        Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/1.3.6.1.4.1.311.60.2.1.1=Wilmington, C=US, ST=California, L=Mountain View/businessCategory=Private Organization/serialNumber=2158113, O=Symantec Corp, OU=for ct testing-- ecc, CN=evpro1.ev1.symantec.com

如果您最终还需要其余的数据结构，相关的解包将如下所示： p>

In case you end up needing the rest of the data structure as well, the relevant unpacking will look as follows:

$version = unpack('C', substr($raw, 0, 1))[1];
$ctype = unpack('C', substr($raw, 1, 1))[1];
$timestamp = unpack('J', substr($raw, 2, 8))[1];
$entry_type = unpack('n', substr($raw, 10, 2))[1];

这篇关于如何从base64字符串提取DER编码的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！