openssl_csr_get_subject()
(PHP 5 >= 5.2.0, PHP 7)
返回CSR的主题
说明
openssl_csr_get_subject(mixed $csr[,bool $use_shortnames= true]): array
openssl_csr_get_subject()返回$csr中专有名称信息的主题,其中包含了通用名称(CN),机构名称(O),国家名(C)等字段。
参数
- $csr
See CSR parameters for a list of valid values.
- $use_shortnames
$shortnames控制着数据如何在数组中被索引- 如果$shortnames为
TRUE
(默认)将使用简称形式对字段进行索引,否则将使用全称形式- 比如: CN 就是 commonName 的简称形式。
返回值
成功时返回TRUE
,或者在失败时返回FALSE
。
范例
openssl_csr_get_subject()范例
<?php $subject = array( "countryName" => "CA", "stateOrProvinceName" => "Alberta", "localityName" => "Calgary", "organizationName" => "XYZ Widgets Inc", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "wez@example.com", ); $private_key = openssl_pkey_new(array( "private_key_bits" => 2048, "private_key_type" => OPENSSL_KEYTYPE_RSA, )); $configargs = array( 'digest_alg' => 'sha512WithRSAEncryption' ); $csr = openssl_csr_new($subject, $privkey, $configargs); print_r(openssl_csr_get_subject($csr)); ?>
以上例程的输出类似于:
Array ( [C] => CA [ST] => Alberta [L] => Calgary [O] => XYZ Widgets Inc [OU] => PHP Documentation Team [CN] => Wez Furlong [emailAddress] => wez@example.com )
参见
openssl_csr_new()
生成一个 CSRopenssl_csr_get_public_key()
返回CSR的公钥openssl_x509_parse()
解析一个X509证书并作为一个数组返回信息
openssl_csr_get_subject('somedomain.com',false); return array(7) { ["countryName"]=> string "XX" ["stateOrProvinceName"]=> string "xxxxxxxxx" ["localityName"]=> string "xxxxxxxx" ["organizationName"]=> string "xxxxxxxxx" ["organizationalUnitName"]=>string "xxxx" ["commonName"]=>string "xxx" ["emailAddress"]=>string "xxx" } openssl_csr_get_subject('somedomain.com',true); return array(7) { ["C"]=> string "XX" ["ST"]=> string "xxxxxxxxx" ["L"]=> string "xxxxxxxx" ["O"]=> string "xxxxxxxxx" ["OU"]=>string "xxxx" ["CN"]=>string "xxx" ["emailAddress"]=>string "xxx" }
This function may not return name fields in the order they appear in the certificate. For example, this CSR: -----BEGIN CERTIFICATE REQUEST----- MIHsMIGUAgEAMDIxEDAOBgNVBAsMB3VuaXQgIzExDDAKBgNVBAoMA29yZzEQMA4G A1UECwwHdW5pdCAjMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGvZnFxGuVzJ hOKPs5RNxZBS4vY6ERaqm5tKMGOhxLSfv/dpjDtNNdSHkIGNjYxclHYhxG0ku7BY PA5uPIjng1SgADAKBggqhkjOPQQDAgNHADBEAiB4GXhhbEU1UFTCe0dwJnKHTQuI xzYL5FnyhmKdixN/0gIgBXSm9S8L/oJ6rBxemin/V/xKv5jy4TEZuz84nnshxQQ= -----END CERTIFICATE REQUEST----- When processed by 'openssl -noout -subject' gives this: subject=/OU=unit #1/O=org/OU=unit #2 On the other hand, 'var_dump( openssl_csr_get_subject( "..." ) )' will produce this: csr = array(2) { ["OU"]=> array(2) { [0]=> string(7) "unit #1" [1]=> string(7) "unit #2" } ["O"]=> string(3) "org" } As you can see, ordering information (which may be important for some applications) is lost.
this function does not yet return SANs (subject alternative names) fields for UC certificates like those used in exchange 2007.
The returning assoziative array is indexed with the fields in the subject so you should have a array key named CN,OU and so on.