https://github.com/ereOn/crypto/commit/05f6847ff80ca34c92a01a688c7b81e874af3009
在pkcs12.go,Decode方法之后,再加入DecodeAll 方法
// DecodeAll extracts all certificate and private keys from pfxData.
func DecodeAll(pfxData []byte, password string) (privateKeys []interface{}, certificates []*x509.Certificate, err error) {
encodedPassword, err := bmpString(password)
if err != nil {
return nil, nil, err
}
bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword)
if err != nil {
return nil, nil, err
}
for _, bag := range bags {
switch {
case bag.Id.Equal(oidCertBag):
certsData, err := decodeCertBag(bag.Value.Bytes)
if err != nil {
return nil, nil, err
}
certs, err := x509.ParseCertificates(certsData)
if err != nil {
return nil, nil, err
}
certificates = append(certificates, certs...)
case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
privateKey, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword)
if err != nil {
return nil, nil, err
}
privateKeys = append(privateKeys, privateKey)
}
}
return
}
使用方法
// 得到certid
func TestCertID(t *testing.T) {
path := "../assets/acp_test_sign.pfx"
password := "000000"
var pfxData []byte
pfxData, err := ioutil.ReadFile(path)
// logging.Debugf("pfxData:%v\n", string(pfxData))
if err != nil {
t.Errorf("ReadFile err : %v \n", err)
return
}
// var priv interface{}
//解析证书
_, cert, err := pkcs12.DecodeAll(pfxData, password)
if err != nil {
t.Errorf("Decode err : %v \n", err)
return
}
t.Errorf("certID : %v \n", cert[0].SerialNumber)
}