How to obtain the CPF/CNPJ number of a digital certificate type e-CPF/e-CNPJ on A1 and A3 models?

Asked

Viewed 3,654 times

4

I am developing an alternative method to login via certificate, without needing java or a specific language, only http and php to process backend information (but that could be manipulated by any other language that processes http). The most common methods that exist are the Certsign, but Elepossui low interoperability limited to languages such as . NET and Java. In addition this method depends on their web-service to get the certificate CPF, if their system is out it is not possible to altenticar the user.

We know that it is possible to request the certified through SSL Handshake, which enables the web server to open a request for the client’s certificate within a pre-selected certificate chain, which will do exactly what Certsign does.

The data I can extract from an NF-e certificate is this(obfuscated): inserir a descrição da imagem aqui

We have already requested an e-CPF and an e-CNOJ, the question is, where inside the public data of the certificate are the information referring to the number of the Cpf or cnpj?

ssl certified openssl brazil
  • 1

    _ Please, who is negatively answering this question please comment on the reason and what to do to be worthy of your most worthy support. _

2 answers

4


After obtaining a valid A1 and A3 certificate (and not those of tests that were used to make the question), it was possible to identify that in the field S_DN_CN the certificate contains the name and number of the document.

In the group of Distinguished Name (DN) in the Common Name(CN) of the certificate it is possible to visualize a String composed by the Name (e-CPF) or Social Reason(e-CNPJ) followed by two points ":" and the numerical sequence of the CPF or registered CNPJ.

For example:

In php it is possible to obtain through the key SSL_CLIENT_S_DN_CN, example:

<?php 

    list ($nome, $documento) = explode(":", $ssl["SSL_CLIENT_S_DN_CN"]);
?>

After that one can apply Cpf and cnpj test algorithms to identify which type of document represents this certificate.

Description of DN composition can be found in the item 2.1.12. Composition of the Distinguished Name (DN) of the e-CPF certificate and 3.1.12. Composition of the Distinguished Name (DN) of the e-CNPJ certificate of documentation https://www.receita.fazenda.gov.br/acsrf/LeiautedeCertificadosdaSRF.pdf

  • 3

    By chance it is in item 2.1.12 of the documentation that you yourself indicated (3.1.12 for CNPJ). And in 2.2.5 are other document fields, each with its respective OID.

  • 3

    Also, in the same manual, the third "OR" field indicates whether it is e-CPF or e-CNPJ, and its type

  • Thank you, it went unnoticed!

0

I used the following libs and solved with the code below (to consider that p7b is Base64-encoded, but if your p7b does not have it, can take the line from the Decode):

bibiliotecas utilizadas

       File f = new File("c:/temp/teste.p7b");

       byte[] buffer = new byte[(int) f.length()];
       DataInputStream in = new DataInputStream(new FileInputStream(f));
       in.readFully(buffer);
       in.close();

       byte[] arquivo = org.bouncycastle.util.encoders.Base64.decode(buffer);

       CMSSignedData signature = new CMSSignedData(arquivo);
       Store cs = signature.getCertificates();
       SignerInformationStore signers = signature.getSignerInfos();
       Collection c = signers.getSigners();
       Iterator it = c.iterator();

       byte[] data = null;

       Collection certCollection = cs.getMatches(null);
       Iterator certIt = certCollection.iterator();

        while(certIt.hasNext()) {

            X509CertificateHolder cert = (X509CertificateHolder) certIt.next();

            CMSProcessable sc = signature.getSignedContent();
            data = (byte[]) sc.getContent();

            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(cert);

            if (certificate.getExtensionValue("2.5.29.17") != null) {
                System.out.println(new String(certificate.getExtensionValue("2.5.29.17"), "UTF-8"));
                System.out.println(certificate);
            }
        }

  • Hello Anderson welcome to Sopt ! Nice your interest in helping and I’m sure your answer may even help other people, but the question goes far beyond the title the content described by those who asked contains useful information that will guide you to give a more cohesive answer. In this case, the question referred to a method that did not use java :)

  • got it, it was the rush to help. if you can’t, you can expose java as a webservice and consume it in your php. abs.

  • Take a look at this solution: https://answall.com/a/195838/7130

Browser other questions tagged ssl certified openssl brazil

You are not signed in. Login or sign up in order to post.