search

spacemonkeygo / openssl

OpenSSL bindings for Go
http://godoc.org/github.com/spacemonkeygo/openssl
Apache License 2.0
472 stars 237 forks source link

Trying to replace `openssl x509 -hash -noout` with go #146

Open andreas-kupries opened 3 years ago

andreas-kupries commented 3 years ago

I am looking to replace openssl x509 -hash -noout with go code. Is that possible with this package ? If yes, is there an example in the docs ? I failed to find anything.

I am aware of #112. It looks to be related, but not the same (It talks about the -subject_hash_old instead of -hash).

Further, do I understand correctly that this package requires a regular openssl.so in the environment it will then make uses of ?

andreas-kupries commented 3 years ago

Hm. Could adding

func (c *Certificate) GetSubjectNameHash() (uint32, error) {
    hash := C.X509_subject_name_hash(c.x)
    return uint32(hash), nil
}

to cert.go be enough ? (I am unsure about endianess)

Could then do

    pemBytes, err := ioutil.ReadFile(os.Args[1])
    if err != nil {
        return fmt.Errorf("unable to open certificate: %v", err)
    }

    block, _ := pem.Decode(pemBytes)
    if block == nil {
        return errors.New("failed to decode PEM")
    }

    cert, err := x509.ParseCertificate(block.Bytes)
    if err != nil {
        return fmt.Errorf("failed to parse certificate from PEM: %v", err)
    }

        hash, _ := cert.GetSubjectNameHash()
        asString := fmt.Sprintf("%08x\n", hash)
        ...