pkcs12: expected exactly two safe bags in the PFX PDU

https://github.com/ereOn/crypto/commit/05f6847ff80ca34c92a01a688c7b81e874af3009

在pkcs12.go,Decode方法之后,再加入DecodeAll 方法

// DecodeAll extracts all certificate and private keys from pfxData.
func DecodeAll(pfxData []byte, password string) (privateKeys []interface{}, certificates []*x509.Certificate, err error) {
    encodedPassword, err := bmpString(password)
    if err != nil {
        return nil, nil, err
    }

    bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword)
    if err != nil {
        return nil, nil, err
    }

    for _, bag := range bags {
        switch {
        case bag.Id.Equal(oidCertBag):
            certsData, err := decodeCertBag(bag.Value.Bytes)
            if err != nil {
                return nil, nil, err
            }
            certs, err := x509.ParseCertificates(certsData)
            if err != nil {
                return nil, nil, err
            }
            certificates = append(certificates, certs...)

        case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
            privateKey, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword)

            if err != nil {
                return nil, nil, err
            }

            privateKeys = append(privateKeys, privateKey)
        }
    }

    return
}

使用方法

// 得到certid
func TestCertID(t *testing.T) {
    path := "../assets/acp_test_sign.pfx"
    password := "000000"
    var pfxData []byte
    pfxData, err := ioutil.ReadFile(path)
    // logging.Debugf("pfxData:%v\n", string(pfxData))
    if err != nil {
        t.Errorf("ReadFile err : %v \n", err)
        return
    }
    // var priv interface{}
    //解析证书
    _, cert, err := pkcs12.DecodeAll(pfxData, password)
    if err != nil {
        t.Errorf("Decode err : %v \n", err)
        return
    }
    t.Errorf("certID : %v \n", cert[0].SerialNumber)
}

你可能感兴趣的:(go)