在 Golang 中解码 asn1.RawValue 的正确方法

在 Golang 中解析证书时，需要获取父证书链接。虽然可以通过解析 asn1.RawValue 对象来实现，但更直接的方法是从 x509.证书中获取 ocspserver 和 issuingcertificateurl 字段。这些字段分别包含 OCSP 服务器和颁发证书的 URL，从而可以方便地访问父证书信息。通过使用这种方法，可以避免处理 asn1.RawValue 的复杂性，并获得人类可读的文本输出。

我正在golang中实现证书解析，我需要获取父证书链接。

如果我执行 openssl x509 -in certificate.pem -text -noout 那么我可以看到以下证书扩展：

authority information access:
                ocsp - uri:http://teszt.e-szigno.hu/testca3ocsp
                ca issuers - uri:http://teszt.e-szigno.hu/tca3.crt

在我的 go 项目中，我有以下代码：

content := `-----begin certificate-----
miijxdccckygawibaginfebzvuoocnmwumancjanbgkqhkig9w0baqsfadbqmqsw
cqydvqqgewjivterma8ga1uebwwiqnvkyxblc3qxfjaubgnvbaomdu1py3jvc2vj
iex0zc4xfdasbgnvbasmc2utu3ppz25vienbmrowgaydvqqddbfllvn6awdubybu
zxn0ienbmzaefw0ymzaxmjqxmjqxntbafw0yndaxmjqxmjqxntbamihqmrmweqyl
kwybbagcnzwcaqmtakvfmrgwfgylkwybbagcnzwcaqemb1rhbgxpbm4xhtabbgnv
ba8mffbyaxzhdgugt3jnyw5pemf0aw9umrewdwydvqqfewgxmji2odq3ntelmakg
a1uebhmcruuxedaobgnvbacmb1rhbgxpbm4xfzavbgnvbaomdk1ha3nla2vza3vz
ieftmrswgqydvqrhdbjqu0rfrs1gu0etmtiynjg0nzuxgdawbgnvbammd21ha2vj
b21tzxjjzs5sddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebajfyj3ss
xev2yhbgxnmqw8e+zqfvrb1+uhlsm7c65hsjwavjhehnv1cufilrf5x1pubdmxtc
xpwd7fmoc7h++baedapv/xcwkmqugbkfwhazpkjbxiqbh7jbe4d+3pxn+zdlq/1b
wi6djhghn+ydgw6x+qgbovzaflprfdoyqxdw8ymc/iqmbahzzqape2eww1xrgyat
dne5t2t7uwc05qdygi1hi50wgoezx7a7cdsjwg+kfvczley+4h73apigh1f0q+ec
pozsoot12cwspbwzb9g03s5ioiipjpoqmivnkggegbby16p3vq/78w9xjpy0dwid
x2cfplplta8ejf0caweaaaocbgawggx8ma4ga1uddweb/wqeawifodcbiqykkwyb
bahweqieagr7bhkadwb1akoeeaq/ggsck+vmtchkwumu5fdmczaqslwmlwublagd
aaabhepmicsaaaqdaeywraigmbv+ixdcxogt9vppuiuuhaja08aignqmknssyhpl
4egcicqn64jfx+fitpnfxb6u531ta3vkjmmmlokvn5b2vj4wmb0ga1udjqqwmbqg
ccsgaqufbwmbbggrbgefbqcdajccayqga1udiascaxswggmxmiidewymkwybbagb
qbgcaqfkmiidatambggrbgefbqccaryaahr0cdovl2nwlmutc3ppz25vlmh1l3fj
chmwgb8gccsgaqufbwicmigydigvvgvzdcbxdwfsawzpzwqgy2vydglmawnhdgug
zm9yihdlynnpdgugyxv0agvudgljyxrpb24gyw5kignsawvudcbhdxrozw50awnh
dglvbi4gvghlihbyb3zpzgvyihbyzxnlcnzlcybyzwdpc3ryyxrpb24gzgf0ysbm
b3igmtagewvhcnmgywz0zxigdghligv4cglyyxrpb24gb2ygdghlignlcnrpzmlj
yxrlljcblqyikwybbquhagiwgygmgyvurvnuignlcnrpzmljyxrliglzc3vlzcbv
bmx5igzvcib0zxn0aw5nihb1cnbvc2vzlibuagugaxnzdwvyiglzig5vdcbsawfi
bgugzm9yigfuesbkyw1hz2vzigfyaxnpbmcgznjvbsb0agugdxnlig9mihroaxmg
y2vydglmawnhdguhmihmbggrbgefbqccajcbvwybvfrlc3p0ig1pbswrc8otdgv0
dcb3zwjvbgrhbc1oaxrlbgvzw610xzegw6lzimo8z3lmw6lslwhpdgvszxpdrxtf
ksb0yw7dunpdrxr2w6fues4gqsbyzwdpc3p0csohy2nds3mgywrhdg9ryxqgysbz
em9sz8ohbhrhdmozigegdgfuw7pzw610dsohbnkgbgvqw6fydmohdmozbcbzesoh
bcotdg90dcaxmcddqxzpzydfkxj6asbtzwcumigtbggrbgefbqccajcboaybnvrl
c3p0zwzdqxnpigpdqwxyysbrawfkb3r0ifrfu1puihrhbso6c8otdhbdow55libb
ighhc3puw6fsyxtdoxzhbcbryxbjc29syxrvc2fuigzlbg1lcso8bmwrigvdoxjv
a8opcnqgysbtem9sz8ohbhrhdmozihnlbw1pbhllbibmzwxlbmwrc3pdqwdldcbu
zw0gdsohbgxhbcewhqydvr0obbyeffpdj86z7qidatzbzlvll+6rll12mb8ga1ud
iwqymbaafnzmaijvnzcpit6grsbv8+826pdnmboga1udeqqtmbgcd21ha2vjb21t
zxjjzs5sddaybgnvhr8ekzapmcegjaajhifodhrwoi8vdgvzenquzs1zemlnbm8u
ahuvvenbmy5jcmwwbwyikwybbquhaqeeyzbhmdagccsgaqufbzabhirodhrwoi8v
dgvzenquzs1zemlnbm8uahuvdgvzdgnhm29jc3awlqyikwybbquhmakgiwh0dha6
ly90zxn6dc5llxn6awduby5ods9uq0ezlmnyddccarqgccsgaqufbwedbiibbjcc
aqiwcaygbacorgebmasgbgqajkybawibcjbtbgyeai5gaquwstakfh5odhrwczov
l2nwlmutc3ppz25vlmh1l3fjchnfzw4takvomcewg2h0dhbzoi8vy3auzs1zemln
bm8uahuvcwnwcxmcsfuwewygbacorgegmakgbwqajkybbgmwfwygbacbmcccmhuw
jjarbgceaigyjwecdazqu1bfuekweqyhbacbmccbawwgufnqx0fjdenfrsatievz
dg9uawfuiezpbmfuy2lhbcbtdxblcnzpc2lvbibbdxrob3jpdhkglybgaw5hbnrz
aw5zcgvrdhnpb29udazfrs1gu0ewdqyjkozihvcnaqelbqadggebahzxm9440svu
cpzlshq3okooeu4ftrp0kqkvzmbkmf+yct80vartjniadk5rk6hqrjrjcudi9+hj
ep9nzwkn+buvwc2ev+m7i35pck+dvnmtcgxto2qgvznosvjfuzshoc4mfifxnczo
2ne2utfu2wywzqpyncwfmz7aouxylgofefs13mdh5det++nwoaod8abzzqaeysk9
r1fcxrthpldxjijdduzpzcvw+obyjrhkim6zahd6r0e6kb9i+feevf8iwgntsoze
zflb6evyjuizsyqgtelrjim4alu1+pa/2zhlzm55pwj1km8piwyqigla0dkozf4+
otnnt6rr7bu=
-----end certificate-----`
certderblock, _ := pem.decode([]byte(content))
x509cert, err := x509.parsecertificate(certderblock.bytes)
for _, extension := range x509cert.extensions {
    if extension.id.equal(asn1.objectidentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}) {
        var collexts []asn1.rawvalue
        asn1.unmarshal(extension.value, &collexts)
        for _, collext := range collexts {
            fmt.println(string(collext.bytes))
        }
    }
}

它给出以下输出：

+0�#http://teszt.e-szigno.hu/testca3ocsp
+0�0http://teszt.e-szigno.hu/TCA3.crt

尽管我已经能够解析此类输出并获取父证书链接，但我想了解如何在那里获取人类可读的文本。 我查看了 asn1 包，没有找到任何函数来解码 asn1.rawvalue 对象或 asn1.rawvalue.bytes。

正确答案

您不需要查看 x509cert.extensions 来获取 aia 信息，您可以直接从 x509.证书：

// rfc 5280, 4.2.2.1 (authority information access)
ocspserver            []string
issuingcertificateurl []string

简单地说：

certderblock, _ := pem.decode([]byte(certbody))
x509cert, err = x509.parsecertificate(certderblock.bytes)

fmt.printf("ocspserver:            %v\n", x509cert.ocspserver)
fmt.printf("issuingcertificateurl: %v\n", x509cert.issuingcertificateurl)

https://go.dev/play/p/rujozyc_nmw

OCSPServer:            [http://teszt.e-szigno.hu/testca3ocsp]
IssuingCertificateURL: [http://teszt.e-szigno.hu/TCA3.crt]

终于介绍完啦！小伙伴们，这篇关于《在 Golang 中解码 asn1.RawValue 的正确方法》的介绍应该让你收获多多了吧！欢迎大家收藏或分享给更多需要学习的朋友吧~golang学习网公众号也会发布Golang相关知识，快来关注吧！