ca-certificates.crt解析加载到nssdb中

2023-12-16 07:04

本文主要是介绍ca-certificates.crt解析加载到nssdb中,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

openssl crl2pkcs7 -nocrl -certfile /etc/ssl/certs/ca-certificates.crt | openssl pkcs7 -print_certs -noout -text

ca-certificates.crt为操作系统根证书列表。

获取证书以后使用PK11_ImportDERCert将证书导入到nssdb中

 base::FilePath cert_path = base::FilePath("/etc/ssl/certs/ca-certificates.crt");std::string cert_data;if (base::ReadFileToString(cert_path, &cert_data)){base::span<const uint8_t> datas = base::as_bytes(base::make_span(cert_data));base::StringPiece data_string(reinterpret_cast<const char*>(datas.data()),datas.size());std::vector<std::string> pem_headers;// To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally// valid PEM block header for any format.pem_headers.push_back(kCertificateHeader);pem_headers.push_back(kPKCS7Header);PEMTokenizer pem_tokenizer(data_string, pem_headers);int i = 0;while (pem_tokenizer.GetNext()) {std::string decoded(pem_tokenizer.data());LOG(INFO)<<decoded;SECItem certData;certData.data = reinterpret_cast<unsigned char*>(const_cast<char*>(decoded.c_str()));certData.len = decoded.size();certData.type = siDERCertBuffer;std::string name =  "cert"+std::to_string(i);std::string fileName = "/home/arv000/Desktop/cc/"+name;std::ofstream outFile(fileName);if (outFile.is_open()) {// 写入字符串到文件outFile << decoded;// 关闭文件流outFile.close();}SECStatus status = PK11_ImportDERCert(slot, &certData, CK_INVALID_HANDLE ,const_cast<char*>(name.c_str()) /* is_perm */, PR_TRUE /* copyDER */);i++;}}
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.#include "crypto/cert/pem.h"#include "base/base64.h"
#include "base/strings/string_piece.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"namespace {const char kPEMSearchBlock[] = "-----BEGIN ";
const char kPEMBeginBlock[] = "-----BEGIN %s-----";
const char kPEMEndBlock[] = "-----END %s-----";}  // namespacenamespace crypto {using base::StringPiece;struct PEMTokenizer::PEMType {std::string type;std::string header;std::string footer;
};PEMTokenizer::PEMTokenizer(const StringPiece& str,const std::vector<std::string>& allowed_block_types) {Init(str, allowed_block_types);
}PEMTokenizer::~PEMTokenizer() = default;bool PEMTokenizer::GetNext() {while (pos_ != StringPiece::npos) {// Scan for the beginning of the next PEM encoded block.pos_ = str_.find(kPEMSearchBlock, pos_);if (pos_ == StringPiece::npos)return false;  // No more PEM blocksstd::vector<PEMType>::const_iterator it;// Check to see if it is of an acceptable block type.for (it = block_types_.begin(); it != block_types_.end(); ++it) {if (!base::StartsWith(str_.substr(pos_), it->header))continue;// Look for a footer matching the header. If none is found, then all// data following this point is invalid and should not be parsed.StringPiece::size_type footer_pos = str_.find(it->footer, pos_);if (footer_pos == StringPiece::npos) {pos_ = StringPiece::npos;return false;}// Chop off the header and footer and parse the data in between.StringPiece::size_type data_begin = pos_ + it->header.size();pos_ = footer_pos + it->footer.size();block_type_ = it->type;StringPiece encoded = str_.substr(data_begin, footer_pos - data_begin);if (!base::Base64Decode(base::CollapseWhitespaceASCII(encoded, true),&data_)) {// The most likely cause for a decode failure is a datatype that// includes PEM headers, which are not supported.break;}return true;}// If the block did not match any acceptable type, move past it and// continue the search. Otherwise, |pos_| has been updated to the most// appropriate search position to continue searching from and should not// be adjusted.if (it == block_types_.end())pos_ += sizeof(kPEMSearchBlock);}return false;
}void PEMTokenizer::Init(const StringPiece& str,const std::vector<std::string>& allowed_block_types) {str_ = str;pos_ = 0;// Construct PEM header/footer strings for all the accepted types, to// reduce parsing later.for (auto it = allowed_block_types.begin(); it != allowed_block_types.end();++it) {PEMType allowed_type;allowed_type.type = *it;allowed_type.header = base::StringPrintf(kPEMBeginBlock, it->c_str());allowed_type.footer = base::StringPrintf(kPEMEndBlock, it->c_str());block_types_.push_back(allowed_type);}
}std::string PEMEncode(base::StringPiece data, const std::string& type) {std::string b64_encoded;base::Base64Encode(data, &b64_encoded);// Divide the Base-64 encoded data into 64-character chunks, as per// 4.3.2.4 of RFC 1421.static const size_t kChunkSize = 64;size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;std::string pem_encoded;pem_encoded.reserve(// header & footer17 + 15 + type.size() * 2 +// encoded datab64_encoded.size() +// newline characters for line wrapping in encoded datachunks);pem_encoded = "-----BEGIN ";pem_encoded.append(type);pem_encoded.append("-----\n");for (size_t i = 0, chunk_offset = 0; i < chunks;++i, chunk_offset += kChunkSize) {pem_encoded.append(b64_encoded, chunk_offset, kChunkSize);pem_encoded.append("\n");}pem_encoded.append("-----END ");pem_encoded.append(type);pem_encoded.append("-----\n");return pem_encoded;
}}  // namespace net
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.#ifndef NET_CERT_PEM_H_
#define NET_CERT_PEM_H_#include <stddef.h>#include <string>
#include <vector>#include "base/macros.h"
#include "base/strings/string_piece.h"namespace crypto {// PEMTokenizer is a utility class for the parsing of data encapsulated
// using RFC 1421, Privacy Enhancement for Internet Electronic Mail. It
// does not implement the full specification, most notably it does not
// support the Encapsulated Header Portion described in Section 4.4.
class  PEMTokenizer {public:// Create a new PEMTokenizer that iterates through |str| searching for// instances of PEM encoded blocks that are of the |allowed_block_types|.// |str| must remain valid for the duration of the PEMTokenizer.PEMTokenizer(const base::StringPiece& str,const std::vector<std::string>& allowed_block_types);~PEMTokenizer();// Attempts to decode the next PEM block in the string. Returns false if no// PEM blocks can be decoded. The decoded PEM block will be available via// data().bool GetNext();// Returns the PEM block type (eg: CERTIFICATE) of the last successfully// decoded PEM block.// GetNext() must have returned true before calling this method.const std::string& block_type() const { return block_type_; }// Returns the raw, Base64-decoded data of the last successfully decoded// PEM block.// GetNext() must have returned true before calling this method.const std::string& data() const { return data_; }private:void Init(const base::StringPiece& str,const std::vector<std::string>& allowed_block_types);// A simple cache of the allowed PEM header and footer for a given PEM// block type, so that it is only computed once.struct PEMType;// The string to search, which must remain valid for as long as this class// is around.base::StringPiece str_;// The current position within |str_| that searching should begin from,// or StringPiece::npos if iteration is completebase::StringPiece::size_type pos_;// The type of data that was encoded, as indicated in the PEM// Pre-Encapsulation Boundary (eg: CERTIFICATE, PKCS7, or// PRIVACY-ENHANCED MESSAGE).std::string block_type_;// The types of PEM blocks that are allowed. PEM blocks that are not of// one of these types will be skipped.std::vector<PEMType> block_types_;// The raw (Base64-decoded) data of the last successfully decoded block.std::string data_;DISALLOW_COPY_AND_ASSIGN(PEMTokenizer);
};// Encodes |data| in the encapsulated message format described in RFC 1421,
// with |type| as the PEM block type (eg: CERTIFICATE).std::string PEMEncode(base::StringPiece data,const std::string& type);}  // namespace net#endif  // NET_CERT_PEM_H_

这篇关于ca-certificates.crt解析加载到nssdb中的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/499570

相关文章

网页解析 lxml 库--实战

lxml库使用流程 lxml 是 Python 的第三方解析库,完全使用 Python 语言编写,它对 XPath表达式提供了良好的支 持,因此能够了高效地解析 HTML/XML 文档。本节讲解如何通过 lxml 库解析 HTML 文档。 pip install lxml lxm| 库提供了一个 etree 模块,该模块专门用来解析 HTML/XML 文档,下面来介绍一下 lxml 库

【C++】_list常用方法解析及模拟实现

相信自己的力量,只要对自己始终保持信心,尽自己最大努力去完成任何事,就算事情最终结果是失败了,努力了也不留遗憾。💓💓💓 目录   ✨说在前面 🍋知识点一:什么是list? •🌰1.list的定义 •🌰2.list的基本特性 •🌰3.常用接口介绍 🍋知识点二:list常用接口 •🌰1.默认成员函数 🔥构造函数(⭐) 🔥析构函数 •🌰2.list对象

Flutter 进阶:绘制加载动画

绘制加载动画:由小圆组成的大圆 1. 定义 LoadingScreen 类2. 实现 _LoadingScreenState 类3. 定义 LoadingPainter 类4. 总结 实现加载动画 我们需要定义两个类:LoadingScreen 和 LoadingPainter。LoadingScreen 负责控制动画的状态,而 LoadingPainter 则负责绘制动画。

OWASP十大安全漏洞解析

OWASP(开放式Web应用程序安全项目)发布的“十大安全漏洞”列表是Web应用程序安全领域的权威指南,它总结了Web应用程序中最常见、最危险的安全隐患。以下是对OWASP十大安全漏洞的详细解析: 1. 注入漏洞(Injection) 描述:攻击者通过在应用程序的输入数据中插入恶意代码,从而控制应用程序的行为。常见的注入类型包括SQL注入、OS命令注入、LDAP注入等。 影响:可能导致数据泄

从状态管理到性能优化:全面解析 Android Compose

文章目录 引言一、Android Compose基本概念1.1 什么是Android Compose?1.2 Compose的优势1.3 如何在项目中使用Compose 二、Compose中的状态管理2.1 状态管理的重要性2.2 Compose中的状态和数据流2.3 使用State和MutableState处理状态2.4 通过ViewModel进行状态管理 三、Compose中的列表和滚动

Spring 源码解读:自定义实现Bean定义的注册与解析

引言 在Spring框架中,Bean的注册与解析是整个依赖注入流程的核心步骤。通过Bean定义,Spring容器知道如何创建、配置和管理每个Bean实例。本篇文章将通过实现一个简化版的Bean定义注册与解析机制,帮助你理解Spring框架背后的设计逻辑。我们还将对比Spring中的BeanDefinition和BeanDefinitionRegistry,以全面掌握Bean注册和解析的核心原理。

CSP 2023 提高级第一轮 CSP-S 2023初试题 完善程序第二题解析 未完

一、题目阅读 (最大值之和)给定整数序列 a0,⋯,an−1,求该序列所有非空连续子序列的最大值之和。上述参数满足 1≤n≤105 和 1≤ai≤108。 一个序列的非空连续子序列可以用两个下标 ll 和 rr(其中0≤l≤r<n0≤l≤r<n)表示,对应的序列为 al,al+1,⋯,ar​。两个非空连续子序列不同,当且仅当下标不同。 例如,当原序列为 [1,2,1,2] 时,要计算子序列 [

多线程解析报表

假如有这样一个需求,当我们需要解析一个Excel里多个sheet的数据时,可以考虑使用多线程,每个线程解析一个sheet里的数据,等到所有的sheet都解析完之后,程序需要提示解析完成。 Way1 join import java.time.LocalTime;public class Main {public static void main(String[] args) thro

ZooKeeper 中的 Curator 框架解析

Apache ZooKeeper 是一个为分布式应用提供一致性服务的软件。它提供了诸如配置管理、分布式同步、组服务等功能。在使用 ZooKeeper 时,Curator 是一个非常流行的客户端库,它简化了 ZooKeeper 的使用,提供了高级的抽象和丰富的工具。本文将详细介绍 Curator 框架,包括它的设计哲学、核心组件以及如何使用 Curator 来简化 ZooKeeper 的操作。 1

Unity3D自带Mouse Look鼠标视角代码解析。

Unity3D自带Mouse Look鼠标视角代码解析。 代码块 代码块语法遵循标准markdown代码,例如: using UnityEngine;using System.Collections;/// MouseLook rotates the transform based on the mouse delta./// Minimum and Maximum values can