hax*_*nel 2 javascript x509certificate node.js
如何使用node- forge 获取 x.509 证书的证书 ID/指纹?
更新
我需要这个用于 AWS IoT。我一直在调查并最终发现 AWS 可能使用一些指纹算法来提取证书 ID。它没有被嵌入到证书中,可能是公钥被用作指纹的基础。
更新 2
运行此命令会返回正确的指纹: openssl x509 -noout -fingerprint -sha256 -inform pem -in cert.crt
如何使用node-forge实现这一点?
我已将以下内容放在一起,但它没有返回相同的 fp。:
const fs = require('fs')
const forge = require('node-forge')
const { pki } = forge
const { promisify } = require('es6-promisify')
const readFile = promisify(fs.readFile)
async function main() {
const certPem = await readFile('./cert.crt', 'utf-8')
const cert = pki.certificateFromPem(certPem)
const fingerprint = pki.getPublicKeyFingerprint(cert.publicKey, {
md: forge.md.sha256.create(),
encoding: 'hex',
})
}
main()
To expand on the solution of haxpanel with some code in your requested NodeJS code:
const crypto = require("crypto");
function getCertificateFingerprint(certString) {
const baseString = certString.match(/-----BEGIN CERTIFICATE-----\s*([\s\S]+?)\s*-----END CERTIFICATE-----/i);
const rawCert = Buffer.from(baseString[1], "base64");
const sha256sum = crypto.createHash("sha256").update(rawCert).digest("hex");
return sha256sum.toUpperCase().replace(/(.{2})(?!$)/g, "$1:");
// eg 83:6E:3E:99:58:44:AE:61:72:55:AD:C6:24:BE:5C:2D:46:21:BA:BE:87:E4:3A:38:C8:E8:09:AC:22:48:46:20
}