Apk 包中的META-INF目录下,有一个CERT.RSA,它是一个PKCS7 格式的文件。
下面介绍几种从中获取证书的方法。
Linux command line
- openssl pkcs7 -inform DER -in CERT.RSA -noout -print_certs -text
你可以得到一个文本输出:
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1281971851 (0x4c69568b)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: CN=Michael Liu
- Validity
- Not Before: Aug 16 15:17:31 2010 GMT
- Not After : Aug 10 15:17:31 2035 GMT
- Subject: CN=Michael Liu
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:8d:04:84:a2:1e:c6:56:39:f2:cd:a6:f0:48:a5:
- f7:5e:71:8f:e1:a8:af:a7:dc:66:92:a2:b9:cf:da:
- 0f:32:42:ce:83:fe:bc:e1:4f:0a:fd:d9:a8:b3:73:
- f4:ff:97:15:17:87:d6:d0:3c:da:01:fc:11:40:7d:
- 04:da:31:cc:cd:da:d0:e7:7b:e3:c1:84:30:9f:21:
- 93:95:20:48:b1:2d:24:02:d2:b9:3c:87:0d:fa:b8:
- e1:b1:45:f4:8d:90:0a:3b:9d:d8:8a:9a:96:d1:51:
- 23:0e:8e:c4:09:68:7d:95:be:c6:42:e9:54:a1:5c:
- 5d:3f:25:d8:5c:c3:42:73:21
- Exponent: 65537 (0x10001)
- Signature Algorithm: sha1WithRSAEncryption
- 78:3c:6b:ef:71:70:55:68:28:80:4d:f8:b5:cd:83:a9:01:21:
- 2a:c1:e4:96:ad:bc:5f:67:0c:cd:c3:34:51:6d:63:90:a9:f9:
- d5:5e:c7:ef:34:43:86:7d:68:e1:99:87:92:86:34:91:6d:67:
- 6d:b2:22:e9:5e:28:aa:e8:05:52:04:6e:4e:d4:7f:0f:b0:d6:
- 28:f5:2b:11:38:d5:15:cb:e3:e4:c9:99:23:c1:84:4f:ce:69:
- e9:b1:59:7b:8e:30:01:1c:e1:92:ee:0d:54:61:29:f5:8e:9e:
- 42:72:26:2b:aa:c7:af:d9:c9:d1:85:95:8e:4c:8d:5c:77:c5:
- ce:4e
Java
这是最简单的
- import sun.security.pkcs.PKCS7;
- import java.io.FileInputStream;
- import java.io.IOException;
- import java.security.cert.CertificateException;
- import java.security.cert.X509Certificate;
- public class Test {
- public static void main(String[] args) throws CertificateException, IOException {
- FileInputStream fis = new FileInputStream("/Users/wangchen/Desktop/CERT.RSA");
- PKCS7 pkcs7 = new PKCS7(fis);
- X509Certificate publicKey = pkcs7.getCertificates()[0];
- System.out.println("issuer1:" + publicKey.getIssuerDN());
- System.out.println("subject2:" + publicKey.getSubjectDN());
- System.out.println(publicKey.getPublicKey());
- }
- }
使用openssl-dev 的C API
- #include <openssl/bio.h>
- #include <openssl/x509.h>
- #include <openssl/pkcs7.h>
- #include <string>
- #include <iostream>
- using namespace std;
- string to_string(X509_NAME* name)
- {
- BIO* mem = BIO_new(BIO_s_mem());
- if (mem == NULL)
- return NULL;
- if (X509_NAME_print_ex(mem, name, 0, XN_FLAG_RFC2253) < 0) return NULL; string str; char buf[128]; while((BIO_gets(mem, &buf[0], sizeof(buf))) > 0)
- {
- str.append(buf);
- }
- BIO_free(mem);
- return str;
- }
- int main()
- {
- FILE* fp;
- if (!(fp = fopen("CERT.RSA", "rb")))
- {
- fprintf(stderr, "Error reading input pkcs7 file\n" );
- exit(1);
- }
- /* todo: 这里可能有内存漏洞,有空查一下文档 */
- PKCS7* pkcs7 = d2i_PKCS7_fp(fp, NULL);
- X509* cert = sk_X509_pop(pkcs7->d.sign->cert);
- string subject = to_string(X509_get_subject_name(cert));
- string issuer = to_string(X509_get_issuer_name(cert));
- char *modulus = BN_bn2dec(X509_get_pubkey(cert)->pkey.rsa->n);
- cout << subject << endl;
- OPENSSL_free(modulus);
- fclose(fp);
- return 0;
- }