(1)参数:
原始csr
格式如:
-----BEGIN CERTIFICATE REQUEST-----
............................
-----END CERTIFICATE REQUEST-----
(2)返回值:
生成csr时的参数 都能解析出来, 邮箱邮编也在key.Subjet里, 仿照写出即可
(3)代码如下:
import (
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"strconv"
"strings"
)
//ResolveCsrParam 解析csr参数
func ResolveCsrParam(csr string) (info map[string]string, errMsg string) {
block, rest := pem.Decode([]byte(csr))
if block == nil || len(rest) > 0 {
}
key, _ := x509.ParseCertificateRequest(block.Bytes)
if key.Subject.CommonName == "" {
errMsg = "您输入的csr不合法"
return
}
fmt.Println("*************************************")
// fmt.Println(key.PublicKey.(*ecdsa.PublicKey).Params().Name)//曲线名称啊啊啊,凸(艹皿艹 )
// fmt.Println(key.PublicKey.(*rsa.PublicKey).Size()) //256->2048+(sha256或sha384或sha512) 384->3072+(sha256或sha384或sha512) 512->4096+(sha256或sha384或sha512) 签名长度啊啊啊啊凸(艹皿艹 )
var keySize int
var keyCurve string
rsaPub, isRsa := key.PublicKey.(*rsa.PublicKey)
fmt.Println("是rsa吗?:", isRsa)
if isRsa {
keySize = rsaPub.Size()
if keySize == 256 {
keySize = 2048
}
if keySize == 384 {
keySize = 3072
}
if keySize == 512 {
keySize = 4096
}
fmt.Println("RSA秘钥长度:", keySize)
}
ecdsaPub, isEcdsa := key.PublicKey.(*ecdsa.PublicKey)
fmt.Println("是ecdsa吗?:", isEcdsa)
if isEcdsa {
keyCurve = ecdsaPub.Params().Name
fmt.Println("ecdsa秘钥曲线:", ecdsaPub.Params().Name)
}
info["country"] = strings.Join(key.Subject.Country, ",")
info["domain"] = key.Subject.CommonName
info["city"] = strings.Join(key.Subject.Locality, ",")
info["org"] = strings.Join(key.Subject.Organization, ",")
info["orgUnit"] = strings.Join(key.Subject.OrganizationalUnit, ",")
info["province"] = strings.Join(key.Subject.Province, ",")
info["signatureAlgorithm"] = strings.Replace(strings.Replace(key.SignatureAlgorithm.String(), key.PublicKeyAlgorithm.String(), "", 10), "-", "", 10)
info["publickeyAlgorithm"] = key.PublicKeyAlgorithm.String()
info["keySize"] = strconv.Itoa(keySize)
info["keyCurve"] = strings.Replace(keyCurve, "-", "", -1)
return
}