Node.js x509.checkIP(ip[, options]) 方法
x509.checkIP()是加密模块中 X509Certificate 类的内置应用程序编程接口,用于检查此 PEM 编码的 X509 证书是否与给定的 IP 地址匹配。
句法:
const x509.checkIP(ip[, options])
参数:此方法将以下参数作为参数。
- ip:保存ip地址
- options:任何会影响此 api 操作的选项。
返回值:如果与证书主机名匹配,则此方法返回 ip,否则返回 undefined。
如何生成公共证书?
公共证书打开记事本并复制粘贴以下密钥并将文件保存为public-cert.pem
-----BEGIN CERTIFICATE-----
MIICfzCCAegCCQDxxeXw914Y2DANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMC
SU4xEzARBgNVBAgMCldlc3RiZW5nYWwxEDAOBgNVBAcMB0tvbGthdGExFDASBgNV
BAoMC1BhbmNvLCBJbmMuMRUwEwYDVQQDDAxSb2hpdCBQcmFzYWQxIDAeBgkqhkiG
9w0BCQEWEXJvZm9mb2ZAZ21haWwuY29tMB4XDTIwMDkwOTA1NTExN1oXDTIwMTAw
OTA1NTExN1owgYMxCzAJBgNVBAYTAklOMRMwEQYDVQQIDApXZXN0YmVuZ2FsMRAw
DgYDVQQHDAdLb2xrYXRhMRQwEgYDVQQKDAtQYW5jbywgSW5jLjEVMBMGA1UEAwwM
Um9oaXQgUHJhc2FkMSAwHgYJKoZIhvcNAQkBFhFyb2ZvZm9mQGdtYWlsLmNvbTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt/EfcF3FG4TneOBWr4JhOUdyuCXm
Dhy5yO3VKtQfPxr+5d0joCSnn/5vYDNSr1MfedZmqVxrXFoMAdPCd71BNmDmeLVi
QK61WREtASP0ZhQMoUBT+R3Fpdy0jPS0YoT/fBd96CJCmgsQOS8Tq5IKVeB61MyC
kwAQ2Goe0T3sdVkCAwEAATANBgkqhkiG9w0BAQsFAAOBgQATe6ixdAjoV7BSHgRX
bXM2+IZLq8kq3s7ck0EZrRVhsivutcaZwDXRCCinB+OlPedbzXwNZGvVX0nwPYHG
BfiXwdiuZeVJ88ni6Fm6RhoPtu2QF1UExfBvSXuMBgR+evp+e3QadNpGx6Ppl1aC
hWF6W2H9+MAlU7yvtmCQQuZmfQ==
-----END CERTIFICATE-----
示例 1:
index.js
// Node.js program to demonstrate the
// x509.checkIP() APi
// Importing crypto module
const {X509Certificate} = require('crypto')
// Importing fs module
const fs = require('fs')
// getting object of a PEM encoded X509 Certificate.
const x509 = new X509Certificate(fs.readFileSync('public-cert.pem'));
// checking if passed ip address matches with the given one or not
// by using x509.checkIP() api
const value = x509.checkIP("2409:4060:2e05:28d2:d02:7717:820b:22ef")
// display the result
if(value)
console.log("IP address matched")
else
console.log("IP address did't match")
index.js
// Node.js program to demonstrate the
// x509.checkIP() APi
// Importing crypto module
const {X509Certificate} = require('crypto')
// Importing fs module
const fs = require('fs')
// display the result
if((new X509Certificate(fs.readFileSync('public-cert.pem'))).checkIP("2409:4060:2e05:28d2:d02:7717:820b:22ef"))
console.log("IP address matched")
else
console.log("IP address did't match")
使用以下命令运行 index.js 文件。
node index.js
输出:
IP address did't match
示例 2:
index.js
// Node.js program to demonstrate the
// x509.checkIP() APi
// Importing crypto module
const {X509Certificate} = require('crypto')
// Importing fs module
const fs = require('fs')
// display the result
if((new X509Certificate(fs.readFileSync('public-cert.pem'))).checkIP("2409:4060:2e05:28d2:d02:7717:820b:22ef"))
console.log("IP address matched")
else
console.log("IP address did't match")
使用以下命令运行 index.js 文件。
node index.js
输出:
IP address did't match
参考: https://nodejs.org/dist/latest-v15.x/docs/api/crypto.html#crypto_x509_checkip_ip_options