1. 技术文章
  2. How to string manipulate/extract subject contents in a CSR using OpenSSL command + Perl?

How to string manipulate/extract subject contents in a CSR using OpenSSL command + Perl?

匆匆过客 提交于 2020-01-04 06:07:17

问题


I'm currently working to extract properly each contents in a CSR file's subject. I have here a working snippet, However I got stuck when values have a slash / (ex. CSR content has OrganizationUnit = orgunit/testou) on the values. The way I'm doing to extract the contents is to use regex,split it and push that in a Hash, and throw it back in the front end. See below:

sub CSRDecode{
###########################################################################
################Do Your Validation#########################################
###########################################################################
my @returnInfo = `openssl req -in /opt2/myfiles/perllib/custom/OpenSSL/certreq.csr -text -noout` or die "Could not validate CSR";
my $Subj= `openssl req -in /opt2/myfiles/perllib/custom/OpenSSL/certreq.csr -subject -noout` or die "Could not validate CSR";
print $Subj;
print @returnInfo;
my $KeySize= @returnInfo[6];


my $SubjAltName =`openssl req -in /opt2/myfiles/perllib/custom/OpenSSL/certreq.csr -text -noout|grep -E 'email|DNS'`; #or die "Could not get SAN";

$KeySize=~s/^\s+|\s+$//g;
$KeySize=~/(.+?)/;
$Subj =~ s/^\s+|\s+$//g;

print $Subj;
$SubjAltName=~ s/^\s+|\s+$//g;

my %CSRInfo=split/[=\/]/,$Subj;
if(%CSRInfo){
%CSRInfo->{SubjAltName}.=$SubjAltName;
%CSRInfo->{keysize}.=$KeySize;
}


print Dumper \%CSRInfo;

#######################################################################

Input: CSR File with Subject similar to this:

subject=/O=ABCCommon/OU=abcfoundation/ops1/emailAddress=allgroup@abccommon.com/L=NYC/ST=AMER/C=AMER/CN=commonName

Expected Output after extraction (HASH) - Note the OU content which has "/"

$VAR1 = {
          'CN' => 'commonName',
          'keysize' => 'RSA Public Key: (2048 bit)',
          'SubjAltName' => 'DNS:serverxxx.internal@abc.com, IP Address:192.168.1.1',
          'ST' => 'AMER',
          'O' => 'ABCCommon',
          'emailAddress' => 'allgroup@abccommon.com',
          'subject' => '',
          'OU' => 'abcfoundation/ops1',
          'C' => 'AMER',
          'L' => 'NYC'
        };

Currently the output is juggling because I think the regex isn't properly handling the "split". I'm referring to my %CSRInfo=split/[=\/]/,$Subj; in the code snippet. I might have some issues in my regex and I appreciate your help, Thank you!


回答1:


Ah, ok. Yes I see. You're trying to split on a / but have a pattern including a /. This gets complicated, but I'd probably try and approach it like this:

#!/usr/bin/env perl
use strict;
use warnings;
use Data::Dumper;

my $subj =
    'subject=/O=ABCCommon/OU=abcfoundation/ops1/emailAddress=allgroup@abccommon.com/L=NYC/ST=AMER/C=AMER/CN=commonName';

my %subjinfo = ( $subj =~ m,(\w+)=([^=]*)(?:/|$),g );
print Dumper \%subjinfo;

This then gives:

$VAR1 = {
          'subject' => '',
          'L' => 'NYC',
          'C' => 'AMER',
          'OU' => 'abcfoundation/ops1',
          'emailAddress' => 'allgroup@abccommon.com',
          'ST' => 'AMER',
          'CN' => 'commonName',
          'O' => 'ABCCommon'
        };

I think that gives what you need. This regular expression repeats, and captures pairs of 'things' on either side of an = ending with either / or 'end of line' $

Because we're matching in pairs (last group has (?: to denote it's non-capturing) these can be directly assigned into a hash.



来源:https://stackoverflow.com/questions/31202477/how-to-string-manipulate-extract-subject-contents-in-a-csr-using-openssl-command

标签
regex
perl
OpenSSL
csr
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!