使用 Ruby 带有 SAN 的 OpenSSL 解码 CSR
Decoding CSR using Ruby OpenSSL with SANs
我一直在使用 Ruby openssl 模块来解码来自 CSR 的信息。
我已经解码了基本的 CSR,但我不知道如何从 CSR 中检索主题别名。
到目前为止的代码:
require 'openssl'
def parse_csr(csr)
csr = OpenSSL::X509::Request.new csr
puts csr.subject.to_a
csr.subject.to_a.inject({}) do |r, s|
r.merge!(s[0] => s[1])
end
end
非常感谢任何帮助。
CSR 附在下方:
-----BEGIN CERTIFICATE REQUEST-----
MIIDQDCCAigCAQAwgYMxCzAJBgNVBAYTAkdCMQ0wCwYDVQQIDARUZXN0MQ0wCwYD
VQQHDARUZXN0MRAwDgYDVQQKDAdUZXN0aW5nMQ0wCwYDVQQLDARUZXN0MRcwFQYD
VQQDDA50ZXN0ZG9tYWluLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0Lm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkWhXbTUa4nmMnVAiYi
duZAXzZwYEj5tr9LTk5MmwremGEB/I7ubCtsmYci6FNaOmPCbE5HHwViiHrmpDLU
Vswah7soAj1EZn5XuyXP/ElQDvJlEm8DQHMcZ1M9Ylpnhfx4hkvI5bIMRc3wfT/S
30po8MFYdVMICsw2QfOq0J793p1OMMFkG2CPdoHrHnn1k+WL3tHo2Jq7eM61Fs9O
vpvsvmaEf7081aRp4QjZRqkzBZ3zJgjA+RIbjntYpIhUJgupMEsBgVtR2jYlG7e+
n/AFqXmgskk53XqLPjRcSzxEVLL6NFw5x6nLlIn1jmBm7+KwgYZigUYZf8554w0F
fRECAwEAAaB3MHUGCSqGSIb3DQEJDjFoMGYwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMC0GA1UdEQQmMCSCIm90
aGVydGVzdGRvbWFpbi5jb20gdGVzdGluZzEyMy5jb20wDQYJKoZIhvcNAQELBQAD
ggEBADIRFFhBjlJQxKwDwZefrAVbHwZ/+ZAo2vC5/bwVOjMhpccRLGrBApvN1iN6
LYBGkjNVSrTlzYfbHI10GI6wNcHJ+ETX8YJWpNUrpKhHENapqChjm29j6O9xcY3U
GyeRCsRUENEyryiQ9w7e4dItxPnzzLlo3W2dR28mzjhz9hcn8xQ5HulXxiwDrYxN
LD35QQ8mcb62F4Gg7I40w//pEG/3rbCW6DSjYxk/EXuUyQx3ItRVOPDBlG3oqFzU
o6/ug01RuOpiAR64jqY8Ih7AYd5Nj5d+wYorYxkHV0zgqIobhERQrb6p9Vz6pKsH
lH6QxnVtY5GhSpx6bGKOjV0LyGo=
-----END CERTIFICATE REQUEST-----
控制台输出:
dan~/Documents/dev/csrgen(master|✚6…) boo % ruby test.rb
C
GB
19
ST
Test
12
L
Test
12
O
Testing
12
OU
Test
12
CN
testdomain.com
12
emailAddress
test@test.org
22
{"C"=>"GB", "ST"=>"Test", "L"=>"Test", "O"=>"Testing", "OU"=>"Test", "CN"=>"testdomain.com", "emailAddress"=>"test@test.org"}
尝试使用 .to_text 获取全文版本并扫描主题备用名称。
> csr.to_text.scan(/Subject Alternative Name:\s*([^\n\r]*)/)
=> [["DNS:othertestdomain.com testing123.com"]]
我一直在使用 Ruby openssl 模块来解码来自 CSR 的信息。
我已经解码了基本的 CSR,但我不知道如何从 CSR 中检索主题别名。
到目前为止的代码:
require 'openssl'
def parse_csr(csr)
csr = OpenSSL::X509::Request.new csr
puts csr.subject.to_a
csr.subject.to_a.inject({}) do |r, s|
r.merge!(s[0] => s[1])
end
end
非常感谢任何帮助。
CSR 附在下方:
-----BEGIN CERTIFICATE REQUEST-----
MIIDQDCCAigCAQAwgYMxCzAJBgNVBAYTAkdCMQ0wCwYDVQQIDARUZXN0MQ0wCwYD
VQQHDARUZXN0MRAwDgYDVQQKDAdUZXN0aW5nMQ0wCwYDVQQLDARUZXN0MRcwFQYD
VQQDDA50ZXN0ZG9tYWluLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0Lm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkWhXbTUa4nmMnVAiYi
duZAXzZwYEj5tr9LTk5MmwremGEB/I7ubCtsmYci6FNaOmPCbE5HHwViiHrmpDLU
Vswah7soAj1EZn5XuyXP/ElQDvJlEm8DQHMcZ1M9Ylpnhfx4hkvI5bIMRc3wfT/S
30po8MFYdVMICsw2QfOq0J793p1OMMFkG2CPdoHrHnn1k+WL3tHo2Jq7eM61Fs9O
vpvsvmaEf7081aRp4QjZRqkzBZ3zJgjA+RIbjntYpIhUJgupMEsBgVtR2jYlG7e+
n/AFqXmgskk53XqLPjRcSzxEVLL6NFw5x6nLlIn1jmBm7+KwgYZigUYZf8554w0F
fRECAwEAAaB3MHUGCSqGSIb3DQEJDjFoMGYwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMC0GA1UdEQQmMCSCIm90
aGVydGVzdGRvbWFpbi5jb20gdGVzdGluZzEyMy5jb20wDQYJKoZIhvcNAQELBQAD
ggEBADIRFFhBjlJQxKwDwZefrAVbHwZ/+ZAo2vC5/bwVOjMhpccRLGrBApvN1iN6
LYBGkjNVSrTlzYfbHI10GI6wNcHJ+ETX8YJWpNUrpKhHENapqChjm29j6O9xcY3U
GyeRCsRUENEyryiQ9w7e4dItxPnzzLlo3W2dR28mzjhz9hcn8xQ5HulXxiwDrYxN
LD35QQ8mcb62F4Gg7I40w//pEG/3rbCW6DSjYxk/EXuUyQx3ItRVOPDBlG3oqFzU
o6/ug01RuOpiAR64jqY8Ih7AYd5Nj5d+wYorYxkHV0zgqIobhERQrb6p9Vz6pKsH
lH6QxnVtY5GhSpx6bGKOjV0LyGo=
-----END CERTIFICATE REQUEST-----
控制台输出:
dan~/Documents/dev/csrgen(master|✚6…) boo % ruby test.rb
C
GB
19
ST
Test
12
L
Test
12
O
Testing
12
OU
Test
12
CN
testdomain.com
12
emailAddress
test@test.org
22
{"C"=>"GB", "ST"=>"Test", "L"=>"Test", "O"=>"Testing", "OU"=>"Test", "CN"=>"testdomain.com", "emailAddress"=>"test@test.org"}
尝试使用 .to_text 获取全文版本并扫描主题备用名称。
> csr.to_text.scan(/Subject Alternative Name:\s*([^\n\r]*)/)
=> [["DNS:othertestdomain.com testing123.com"]]