解析节点中的 x509 证书字符串
Parse x509 certificate string in node
我需要使用 node.js 解析 x509 证书字符串(最好通过加密 api 进行本地解析)。我需要这样做,以便我可以获得一个包含证书到期日期的对象,这样我就知道何时自动续订它。
我不知道从哪里开始
这是我尝试解析的示例证书
-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgICKg8wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxJDAiBgNVBAoT
G2dldGFDZXJ0IC0gd3d3LmdldGFjZXJ0LmNvbTAeFw0xOTExMDYwNjMwNDNaFw0y
MDAxMDUwNjMwNDNaMIGJMQswCQYDVQQGEwJBVTELMAkGA1UECBMCU0ExGjAYBgNV
BAcTEVJvc3RyZXZvciBTQSA1MDAwMRAwDgYDVQQKEwdDb3JzdGV4MRcwFQYDVQQD
Ew5BbGJlcnQgTWFyYXNoaTEmMCQGCSqGSIb3DQEJARYXYWxiZXJ0bWFzaHlAb3V0
bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdPRTB3j6k
XeylM4Tf7+s7YtjnGgc8Zseh4nX22xpo+sE+pYvOLu4NexprToJ64Yi/SMmBk9u2
0EkrvhWVkA1n8VyU6Oh57Oeg7cDMkqoabJ2CJBn/Z5AF3xrE9GYoymGsfHThd6nQ
JD/HRcErWGyAEwbnNG5CpwySVrMHo2A5va4pDwiDqQAf5rNLP0swtV7Q6UC6eJXs
I5Gbv3bhD8i44DLkj6rbY8uWClhns5XSG5R+rTwoYHkLolLPLj6Em7QtJKPyDsp1
6lzsjLsgzmRixFDhqI3HUlGUnAu6gwwxvP53qhSUi88sKe4M37med5HSAxv+U7A9
rr1js4ey84/9AgMBAAGjSDBGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgTw
MAsGA1UdDwQEAwIFIDAZBgNVHREEEjAQgg5BbGJlcnQgTWFyYXNoaTANBgkqhkiG
9w0BAQsFAAOCAQEAnXQAvyYE10bc5V9AsjT4x8xyI5AZ6su9OXEDuBFQi2UGvwtb
hhrBZ79Y3KfomXmwtHNVzo6V7dG+9yoDykaKb/Ub72VqF9ZKZArgglMFlGhAk90c
msxWGm7sHLBlt2yjkvnAtt1EtnbOtmuPNGOA7yALTN9/uzBPoTgkjuI1Fkb1uHc1
gynJpqrT0r/qJp0aDxO2SokWYzv/SRCfQTeLMZ5dctHWb8UnsEzt578zYmlDwVof
tOniZVO5TwnXCaWOPjG9XKbW6wHUyMWbulxM9SJUeIjFI2ipQuW8O7Vd94aEyH8o
lc8zFSWoNxamcoX+4ajrs9VbNXythJ91UAtvtA==
-----END CERTIFICATE-----
node-forge
包可以解析 X.509 证书和 return 对象形式的已解析证书,包括过期数据:
const forge = require('node-forge')
const cert = forge.pki.certificateFromPem(pem)
cert.validity.notAfter // => 2020-01-05T06:30:43.000Z
我需要同样的东西,但没有使用任何第 3 方。看来这可以做到:
let tls = require('tls');
let net = require('net');
let secureContext = tls.createSecureContext({
cert: yourPemCertificateString
});
let secureSocket = new tls.TLSSocket(new net.Socket(), { secureContext });
let cert = secureSocket.getCertificate();
这应该returnCertificate Object.
也可能在此之后调用 secureSocket.destroy()。
从 nodejs 15.6 开始,你最好使用标准的 crypto
模块:
https://nodejs.org/api/crypto.html#x509validto
const crypto = require("crypto")
const cert = new crypto.X509Certificate(fs.readFileSync('my.crt')))
console.log(cert.validTo)
// Gives 'Feb 4 10:37:22 2027 GMT'
我需要使用 node.js 解析 x509 证书字符串(最好通过加密 api 进行本地解析)。我需要这样做,以便我可以获得一个包含证书到期日期的对象,这样我就知道何时自动续订它。
我不知道从哪里开始
这是我尝试解析的示例证书
-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgICKg8wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxJDAiBgNVBAoT
G2dldGFDZXJ0IC0gd3d3LmdldGFjZXJ0LmNvbTAeFw0xOTExMDYwNjMwNDNaFw0y
MDAxMDUwNjMwNDNaMIGJMQswCQYDVQQGEwJBVTELMAkGA1UECBMCU0ExGjAYBgNV
BAcTEVJvc3RyZXZvciBTQSA1MDAwMRAwDgYDVQQKEwdDb3JzdGV4MRcwFQYDVQQD
Ew5BbGJlcnQgTWFyYXNoaTEmMCQGCSqGSIb3DQEJARYXYWxiZXJ0bWFzaHlAb3V0
bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdPRTB3j6k
XeylM4Tf7+s7YtjnGgc8Zseh4nX22xpo+sE+pYvOLu4NexprToJ64Yi/SMmBk9u2
0EkrvhWVkA1n8VyU6Oh57Oeg7cDMkqoabJ2CJBn/Z5AF3xrE9GYoymGsfHThd6nQ
JD/HRcErWGyAEwbnNG5CpwySVrMHo2A5va4pDwiDqQAf5rNLP0swtV7Q6UC6eJXs
I5Gbv3bhD8i44DLkj6rbY8uWClhns5XSG5R+rTwoYHkLolLPLj6Em7QtJKPyDsp1
6lzsjLsgzmRixFDhqI3HUlGUnAu6gwwxvP53qhSUi88sKe4M37med5HSAxv+U7A9
rr1js4ey84/9AgMBAAGjSDBGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgTw
MAsGA1UdDwQEAwIFIDAZBgNVHREEEjAQgg5BbGJlcnQgTWFyYXNoaTANBgkqhkiG
9w0BAQsFAAOCAQEAnXQAvyYE10bc5V9AsjT4x8xyI5AZ6su9OXEDuBFQi2UGvwtb
hhrBZ79Y3KfomXmwtHNVzo6V7dG+9yoDykaKb/Ub72VqF9ZKZArgglMFlGhAk90c
msxWGm7sHLBlt2yjkvnAtt1EtnbOtmuPNGOA7yALTN9/uzBPoTgkjuI1Fkb1uHc1
gynJpqrT0r/qJp0aDxO2SokWYzv/SRCfQTeLMZ5dctHWb8UnsEzt578zYmlDwVof
tOniZVO5TwnXCaWOPjG9XKbW6wHUyMWbulxM9SJUeIjFI2ipQuW8O7Vd94aEyH8o
lc8zFSWoNxamcoX+4ajrs9VbNXythJ91UAtvtA==
-----END CERTIFICATE-----
node-forge
包可以解析 X.509 证书和 return 对象形式的已解析证书,包括过期数据:
const forge = require('node-forge')
const cert = forge.pki.certificateFromPem(pem)
cert.validity.notAfter // => 2020-01-05T06:30:43.000Z
我需要同样的东西,但没有使用任何第 3 方。看来这可以做到:
let tls = require('tls');
let net = require('net');
let secureContext = tls.createSecureContext({
cert: yourPemCertificateString
});
let secureSocket = new tls.TLSSocket(new net.Socket(), { secureContext });
let cert = secureSocket.getCertificate();
这应该returnCertificate Object.
也可能在此之后调用 secureSocket.destroy()。
从 nodejs 15.6 开始,你最好使用标准的 crypto
模块:
https://nodejs.org/api/crypto.html#x509validto
const crypto = require("crypto")
const cert = new crypto.X509Certificate(fs.readFileSync('my.crt')))
console.log(cert.validTo)
// Gives 'Feb 4 10:37:22 2027 GMT'