转载于:https://bkssl.com/document/php_oid_encode_decode.html
php
<?php
class ASN1ObjectIdentifier
{
/**
* OID字符串编码为二进制数据
* @param string $oid 字符串形式的OID
* @return string
*/
public static function encode($oid)
{
$parts = explode('.', $oid);
$parts = array_map(fn($t) => intval($t), $parts);
$result = chr($parts[0] * 40 + $parts[1]);
for ($i = 2; $i < count($parts); $i++) {
$value = $parts[$i];
if ($value <= 127) {
$result .= chr($value);
continue;
}
$substr = '';
$flag = false;
while ($value > 0) {
$num7 = ($value & 0x7f);
if ($flag) {
$num7 = 0x80 | $num7;
}
$substr = chr($num7) . $substr;
$value >>= 7;
if (!$flag) $flag = true;
}
$result .= $substr;
}
return $result;
}
/**
* 二进制数据解码为OID字符串
* @param string $data 二进制数据
* @param int $position 数据偏移位置
* @param int $count OID所占字节大小
* @return string
*/
public static function decode($data, $position, $count)
{
$builder = '';
$num2 = ord($data[$position]);
$num3 = floor($num2 / 40);
$num4 = $num2 % 40;
$builder .= $num3;
$builder .= '.';
$builder .= $num4;
$flag = true;
$integer = 0;
for ($i = 1; $i < $count; $i++) {
$num6 = ord($data[$position + $i]);
$num7 = $num6 & 0x7f;
if ($flag) {
$builder .= '.';
$flag = false;
}
$integer = $integer << 7;
$integer += $num7;
if ($num6 == $num7) {
$builder .= $integer;
$integer = 0;
$flag = true;
}
}
return $builder;
}
}
测试代码
php
$oid = '1.2.840.113549.1.1.1';
$bin = ASN1ObjectIdentifier::encode($oid);
echo bin2hex($bin) . "\r\n";
echo ASN1ObjectIdentifier::decode($bin, 0, strlen($bin)). "\r\n";
//输出
//2a864886f70d010101
//1.2.840.113549.1.1.1
常见OID
text
'2.5.4.3': 'CN',
'2.5.4.4': 'Surname',
'2.5.4.5': 'SerialNumber',
'2.5.4.6': 'C',
'2.5.4.7': 'L',
'2.5.4.8': 'ST',
'2.5.4.9': 'Street',
'2.5.4.10': 'O',
'2.5.4.11': 'OU',
'2.5.4.12': 'T',
'2.5.4.13': 'Description',
'2.5.4.15': 'BusinessCategory',
'2.5.4.16': 'PostalAddress',
'2.5.4.17': 'PostalCode',
'2.5.4.20': 'TelephoneNumber',
'2.5.4.41': 'Name',
'2.5.4.42': 'GivenName',
'2.5.4.43': 'Initials',
'2.5.4.44': 'Generation',
'2.5.4.45': 'UniqueIdentifier',
'2.5.4.46': 'DnQualifier',
'2.5.4.54': 'DmdName',
'2.5.4.65': 'Pseudonym',
'2.5.4.97': 'OrganizationIdentifier',
'1.3.6.1.5.5.7.9.1': 'DateOfBirth',
'1.3.6.1.5.5.7.9.2': 'PlaceOfBirth',
'1.3.6.1.5.5.7.9.3': 'Gender',
'1.3.6.1.5.5.7.9.4': 'CountryOfCitizenship',
'1.3.6.1.5.5.7.9.5': 'CountryOfResidence',
'1.3.36.8.3.14': 'NameAtBirth',
'1.2.840.113549.1.9.1': 'E',
'1.2.840.113549.1.9.2': 'UnstructuredName',
'1.2.840.113549.1.9.8': 'UnstructuredAddress',
'0.9.2342.19200300.100.1.25': 'DC',
'0.9.2342.19200300.100.1.1': 'UID',
'2.5.29.9': 'SubjectDirectoryAttributes',
'2.5.29.14': 'SubjectKeyIdentifier',
'2.5.29.15': 'KeyUsage',
'2.5.29.16': 'PrivateKeyUsagePeriod',
'2.5.29.17': 'SubjectAlternativeName',
'2.5.29.18': 'IssuerAlternativeName',
'2.5.29.19': 'BasicConstraints',
'2.5.29.20': 'CrlNumber',
'2.5.29.21': 'ReasonCode',
'2.5.29.23': 'InstructionCode',
'2.5.29.24': 'InvalidityDate',
'2.5.29.27': 'DeltaCrlIndicator',
'2.5.29.28': 'IssuingDistributionPoint',
'2.5.29.29': 'CertificateIssuer',
'2.5.29.30': 'NameConstraints',
'2.5.29.31': 'CrlDistributionPoints',
'2.5.29.32': 'CertificatePolicies',
'2.5.29.33': 'PolicyMappings',
'2.5.29.35': 'AuthorityKeyIdentifier',
'2.5.29.36': 'PolicyConstraints',
'2.5.29.37': 'ExtendedKeyUsage',
'2.5.29.46': 'FreshestCrl',
'2.5.29.54': 'InhibitAnyPolicy',
'2.5.29.55': 'TargetInformation',
'2.5.29.56': 'NoRevAvail',
'2.5.29.60': 'ExpiredCertsOnCrl',
'1.3.6.1.5.5.7.1.1': 'AuthorityInfoAccess',
'1.3.6.1.5.5.7.1.2': 'BiometricInfo',
'1.3.6.1.5.5.7.1.3': 'QCStatements',
'1.3.6.1.5.5.7.1.4': 'AuditIdentity',
'1.3.6.1.5.5.7.1.11': 'SubjectInfoAccess',
'1.3.6.1.5.5.7.1.12': 'LogoType',
'1.3.6.1.4.1.11129.2.4.2': 'SCTList',
'1.2.840.113533.7.65.0': 'EntrustVersionInfo',
'1.3.6.1.4.1.311.20.1': 'AutoEnrollCtlUsage',
'1.3.6.1.4.1.311.20.2': 'CertificateType',
'1.3.6.1.4.1.311.20.2.1': 'EnrollmentAgent',
'1.3.6.1.4.1.311.20.2.2': 'KPSmartCardLogin',
'1.3.6.1.4.1.311.20.2.3': 'NTPrincipalName',
'1.3.6.1.4.1.311.20.3': 'CertManifold',
'1.3.6.1.4.1.311.21.1': 'CaKeyCertIndexPair',
'2.16.840.1.113730.1.1': 'NetscapeCertType',
'2.23.42.7.0': 'HashedRootKey',
'1.2.840.113549.1.9.15': 'SMIMECapabilities',
'2.16.840.1.113730.1.13': 'NetscapeComment',
'1.3.6.1.5.5.7.1.24': 'TLSFeatures',
'1.2.840.113549.2.2': 'MD2',
'1.2.840.113549.2.3': 'MD4',
'1.2.840.113549.2.5': 'MD5',
'1.3.14.3.2.26': 'SHA1',
'1.2.840.113549.1.1.11': 'sha256WithRSAEncryption',
'1.2.840.113549.1.1.5': 'sha1WithRSAEncryption',
'1.2.840.113549.1.1.4': 'md5WithRSAEncryption',
'1.2.840.113549.1.1.2': 'md2WithRSAEncryption',
'1.2.840.113549.1.1.1': 'RsaEncryption',
'2.16.840.1.101.3.4.2.4': 'SHA224',
'2.16.840.1.101.3.4.2.3': 'SHA512',
'2.16.840.1.101.3.4.2.2': 'SHA384',
'2.16.840.1.101.3.4.2.1': 'SHA256',
'1.3.36.3.2.1': 'RIPEMD160',
'1.3.36.3.2.2': 'RIPEMD128',
'1.3.36.3.2.3': 'RIPEMD256',
'1.2.643.2.2.9': 'GOST3411',
'1.2.840.10045.4.1': 'Sha1WithECDsa',
'1.2.840.10045.4.3.1': 'Sha224WithECDsa',
'1.2.840.10045.4.3.2': 'Sha256WithECDsa',
'1.2.840.10045.4.3.3': 'Sha384WithECDsa',
'1.2.840.10045.4.3.4': 'Sha512WithECDsa',
'1.2.840.10040.4.3': 'id-dsa-with-sha1',
'1.2.840.10045.2.1': 'ECPublicKey',
'1.2.840.10045.3.1.7': 'Prime256v1',
'1.3.6.1.5.5.7.3.1': 'ServerAuth',
'1.3.6.1.5.5.7.3.2': 'ClientAuth',
'1.3.6.1.5.5.7.3.3': 'CodeSigning',
'1.3.6.1.5.5.7.3.4': 'EmailProtection',
'1.3.6.1.5.5.7.3.5': 'IpsecEndSystem',
'1.3.6.1.5.5.7.3.6': 'IpsecTunnel',
'1.3.6.1.5.5.7.3.7': 'IpsecUser',
'1.3.6.1.5.5.7.3.8': 'TimeStamping',
'1.3.6.1.5.5.7.3.9': 'OCSPSigning',
'1.3.6.1.5.5.7.3.19': 'Wireless',
'1.3.6.1.5.5.7.48.1': 'OCSP',
'1.3.6.1.5.5.7.48.2': 'caIssuers',
'2.23.140.1.2.1': 'DomainValidated',
'1.3.6.1.4.1.44947.1.1.1': '',
'1.3.6.1.5.5.7.2.1': 'Cps',
'1.3.6.1.5.5.7.2.2': 'Unotice',