解析X509证书

Question

I want to parse a X.509 certificate in php.

The certificate is in DER-encoded X.509 format.

I tried using openssl_x509_parse method in php, but its not working. The certificate data is a valid data received after firing a command in mdm for CertificateList.

I am using the below code:

$data = 'MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=';

$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.openssl_x509_parse($data,true));
fclose($fp);

Answer 1

Well your certificate is missing the PEM-enclosing. If you add those BEGIN CERTIFICATE and END CERTIFICATE markers to your certificate it should work:

<?php
$data = // ... your certificate

// Add the missing PEM-enclosing
$x509Data =
      "-----BEGIN CERTIFICATE-----\n"
    . $data
    . "\n-----END CERTIFICATE-----";

// this is the same but I've added "print_r" so it is nicely formated
$fp = fopen('cert.txt','w+');
fwrite($fp, 'data=>'.print_r(openssl_x509_parse($x509Data,true), true));
fclose($fp);

Answer 2

phpseclib, a pure PHP X.509 parser , works with your string without requiring it be encapsulated in anything. eg.

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('MIIDizCCAnMCCQDCpCAUbA2P4TANBgkqhkiG9w0BAQUFADBrMSIw
    IAYDVQQKDBkqLnNtYXJ0c291cmNpbmdnbG9iYWwubmV0MSEwHwYD
    VQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxIjAgBgNVBAMM
    GSouc21hcnRzb3VyY2luZ2dsb2JhbC5uZXQwHhcNMTIwNTI5MTM1
    NTU0WhcNMTMwNTI5MTM1NTU0WjCBozELMAkGA1UEBhMCTlkxCzAJ
    BgNVBAgTAk5KMQswCQYDVQQHEwJOSjEiMCAGA1UEChMZU21hcnRz
    b3VyY2luZyBHbG9iYWwgSU5DLjEPMA0GA1UECxMGTW9iaWxlMRYw
    FAYDVQQDEw1TbWl0YSBZZWRla2FyMS0wKwYJKoZIhvcNAQkBFh5z
    bWl0YXlAc21hcnRzb3VyY2luZ2dsb2JhbC5jb20wggEiMA0GCSqG
    SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHDx238L+j6fA9h9lNnrl5
    f/wXZoWWw72rChisVOszBl8uoT6DATngvCdBPJgJP/ddpAzJnFWW
    N8bCbB+88siae2kO2a6mg3+NPNRUqpOJOpPIrWlgS5qf9Gs6WQi3
    DRJvLSZ3uoalAvSpfveCbuHW0yFuzvnriwV3phd9fVbORi+qNW/b
    RofF1PjA+Bx8E2WfNUTHL71K+pfbVvCV1E5bQNrz6mpbRbzNThQz
    y92Y/Lp4VW/AYK6Jk6davxNcKSbTk/pHYNTD8Y/g1l1xhY3YpXfD
    xhehEL9/1LmwpmG+JZcmjIQX6LzBoUHbRrmsV8magfZ/cODR3/YY
    qfu6QnVLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEH3LA7IpfRb
    ylzHjm4DmiTYMMoTKV8I3VX98F2DQEZ0S7OTT2xA7qnyeHDUUAMw
    Amx/v/PS1fWNzFoD3DaAZlRvkd0LD9bPA3bXnzPrX90o2e9Y+4UY
    iy1LvPRiwqoLiOikpxBI3ZVhBqQpYBvw2xedFCEFwlhz7QcfdpRl
    1XNWedpHT+icGrn/h12SJvL5FTFAh2LapRXb5EmT2mbFVAIqfW2Q
    IRCDpyrPxX+61p4wvyJ0SP1EoEvbtMmeRfpyuKKhWlYTqmuOOYU2
    8C2REc5qhPkbSDdGpeme0w/hPlwG6+0UEXHUeArSKlQOM/YR4vao
    OKwh1dJL4RZWgmwwHq9=');

print_r($cert);
?>

It's overall a lot more versatile too. Like OpenSSL requires each line be 64 characters long and no longer . phpseclib otoh doesn't care.