使用JavaScript / OpenSSL提取SSL证书的详细信息 [英] Extract details of SSL certificates using JavaScript/OpenSSL

问题描述

我正在构建一个Firefox插件，需要提取收到的SSL证书的详细信息，例如 CA（证书颁发机构）的国家/地区。我想知道是否可以使用JavaScript提取上述详细信息，或者是否需要使用 OpenSSL 从而把它们连接起来呢？

有没有更好的解决方案？解决方案

解决方案

Firefox中的页面信息对话框已经显示证书信息，所以最好查看它是如何实现的。总结一下：

• < browser> 或< tabbrowser> 元素（在Firefox窗口中的 gBrowser ）有一个属性 securityUI 。


• 这个属性的值实现 nsISSLStatusProvider 界面，可以让你进入 nsISSLStatus 。


• 从那里你可以得到 nsIX509Cert
  

代码示例：

  var status = gBrowser.securityUI 
 .QueryInterface（Components.interfaces.nsISSLStatusProvider）
 .SSLStatus; 
 if（status&&！status.isUntrusted）
 {
 //这显示：OU = Equifax安全认证机构，O = Equifax，C = US 
 alert status.serverCert.issuerName）; 
 
 //这将显示：Equifax Secure Certificate Authority 
 alert（status.serverCert.issuerOrganizationUnit）; 
 
 $ / code> 

请注意，界面没有提供提取发行人国家的方法，将不得不自己解析 status.serverCert.issuerName 值。此外，您只能以这种方式获得即时发行人的信息，而不是根CA.为了到达根CA，你应该使用 status.serverCert.issuer 属性并且走上链。




I am building a Firefox add-on that needs to extract details of SSL certificates received, like name of the CA, country of the CA (certificate authority). I want to know if it's possible to extract the above details using JavaScript or do I need to use OpenSSL and thereby link both of them?

Are there any better solutions?

解决方案

The Page Info dialog in Firefox already displays certificate information so it is a good idea to look at how it is implemented. To sum up:

• The <browser> or <tabbrowser> element (gBrowser in a Firefox window) has a property securityUI.
• The value of this property implements nsISSLStatusProvider interface which allows you to get to nsISSLStatus.
• From there you can get to nsIX509Cert which has all the necessary information.

Code example:

var status = gBrowser.securityUI
                     .QueryInterface(Components.interfaces.nsISSLStatusProvider)
                     .SSLStatus;
if (status && !status.isUntrusted)
{
  // This shows: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
  alert(status.serverCert.issuerName);

  // This shows: Equifax Secure Certificate Authority
  alert(status.serverCert.issuerOrganizationUnit);
}

Note that the interface doesn't provide a way to extract issuer's country, you will have to parse status.serverCert.issuerName value yourself. Also, you only get the information on the immediate issuer this way, not the root CA. To get to the root CA you should use status.serverCert.issuer property and walk up the chain.

这篇关于使用JavaScript / OpenSSL提取SSL证书的详细信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！