pkcs12: expected exactly two safe bags in the PFX PDU

发布于:2021-08-29 12:52:43

https://github.com/ereOn/crypto/commit/05f6847ff80ca34c92a01a688c7b81e874af3009


在pkcs12.go,Decode方法之后,再加入DecodeAll 方法


// DecodeAll extracts all certificate and private keys from pfxData.
func DecodeAll(pfxData []byte, password string) (privateKeys []interface{}, certificates []*x509.Certificate, err error) {
encodedPassword, err := bmpString(password)
if err != nil {
return nil, nil, err
}

bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword)
if err != nil {
return nil, nil, err
}

for _, bag := range bags {
switch {
case bag.Id.Equal(oidCertBag):
certsData, err := decodeCertBag(bag.Value.Bytes)
if err != nil {
return nil, nil, err
}
certs, err := x509.ParseCertificates(certsData)
if err != nil {
return nil, nil, err
}
certificates = append(certificates, certs...)

case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
privateKey, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword)

if err != nil {
return nil, nil, err
}

privateKeys = append(privateKeys, privateKey)
}
}

return
}

使用方法


// 得到certid
func TestCertID(t *testing.T) {
path := "../assets/acp_test_sign.pfx"
password := "000000"
var pfxData []byte
pfxData, err := ioutil.ReadFile(path)
// logging.Debugf("pfxData:%v
", string(pfxData))
if err != nil {
t.Errorf("ReadFile err : %v
", err)
return
}
// var priv interface{}
//解析证书
_, cert, err := pkcs12.DecodeAll(pfxData, password)
if err != nil {
t.Errorf("Decode err : %v
", err)
return
}
t.Errorf("certID : %v
", cert[0].SerialNumber)
}

相关推荐

最新更新

猜你喜欢