openssl 介绍这里不做过多赘述,可以搜到很多相关资料。本文提供python 使用OpenSSL解析证书的方法。

OpenSSL 解析certificate 证书

import OpenSSL
import OpenSSL.crypto
from OpenSSL.crypto import X509
from dateutil import parsercp = OpenSSL.cryptoEC = cp.TYPE_EC  # 408
RSA = cp.TYPE_RSA  # 6
DH = cp.TYPE_DH  # 28
DSA = cp.TYPE_DSA  # 116def analytical_certificate(cert_str=None, cert_paths=None):try:if cert_str:cert_content: X509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_str)elif cert_paths:cert_content: X509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(cert_paths).read())cert_issuer = cert_content.get_issuer()cert_subject = cert_content.get_subject()extension_count = cert_content.get_extension_count()extension_ls = []for i in range(extension_count):extension = str(cert_content.get_extension(i))print(f"extension[{i}]:{extension}")extension_ls.append(extension)_cert_info = {"version": cert_content.get_version() + 1,"serial_number": hex(cert_content.get_serial_number()),"signature_algorithm": cert_content.get_signature_algorithm().decode("UTF-8"),"common_name": cert_issuer.commonName,"start_time": parser.parse(cert_content.get_notBefore().decode("UTF-8")).strftime('%Y%m%d%H%M%S'),"format_start_time": parser.parse(cert_content.get_notBefore().decode("UTF-8")).strftime('%Y-%m-%d %H:%M:%S'),"end_time": parser.parse(cert_content.get_notAfter().decode("UTF-8")).strftime('%Y%m%d%H%M%S'),"format_end_time": parser.parse(cert_content.get_notAfter().decode("UTF-8")).strftime('%Y-%m-%d %H:%M:%S'),"has_expired": cert_content.has_expired(),"pubkey": OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, cert_content.get_pubkey()).decode("utf-8"),"pubkey_len": cert_content.get_pubkey().bits(),"pubkey_type": cert_content.get_pubkey().type(),"extension_count": cert_content.get_extension_count(),"issuer_info": {},"subject_info": {},"extension_info": extension_ls,}main_info_map = {"CN": "通用名称", "OU": "机构单元名称", "O": "机构名", "L": "地理位置", "S": "州/省名", "C": "国名"}pubkey_type_map = {408: "EC", 6: "RSA", 28: "DH", 116: "DSA"}print(f"主体信息:")for item in cert_issuer.get_components():_cert_info["issuer_info"][str(item[0].decode("utf-8"))] = str(item[1].decode("utf-8"))print(f"{main_info_map[str(item[0].decode('utf-8'))]}:{str(item[1].decode('utf-8'))}")for item in cert_subject.get_components():_cert_info["subject_info"][str(item[0].decode("utf-8"))] = str(item[1].decode("utf-8"))print(f"证书版本:{_cert_info['version']}")print(f"证书序列号:{_cert_info['serial_number']}")print(f"证书中使用的签名算法:{_cert_info['signature_algorithm']}")print(f"颁发者:{_cert_info['common_name']}")print(f"有效期从:{_cert_info['start_time']}到{_cert_info['end_time']}")print(f"证书是否已经过期:{_cert_info['has_expired']}")print(f"公钥类型:{pubkey_type_map.get(_cert_info['pubkey_type'])}")print(f"公钥长度:{_cert_info['pubkey_len']}")print(f"公钥:\n{_cert_info['pubkey']}")print(f"subject:\n{_cert_info['subject_info']}")print(f"issuer:\n{_cert_info['issuer_info']}")return _cert_infoexcept Exception as e:print(f"解析证书错误{e}")

OpenSSL 解析crl 证书

def analytical_crl(cert_str=None, cert_paths=None):_cert_info = {}try:if cert_str:crl_object: X509 = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, cert_str)elif cert_paths:crl_object: X509 = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, open(cert_paths).read())cert_issuer = crl_object.get_issuer()revoked_objects = crl_object.get_revoked()revoked_serial = []for rvk in revoked_objects:revoked_serial.append(str(rvk.get_serial().decode("utf-8")))print(f"revoked_serial:{rvk.get_serial()}")_cert_info["issuer_info"] = {}_cert_info["revoked_serial"] = revoked_serialmain_info_map = {"CN": "通用名称", "OU": "机构单元名称", "O": "机构名", "L": "地理位置", "S": "州/省名", "C": "国名"}for item in cert_issuer.get_components():_cert_info["issuer_info"][str(item[0].decode("utf-8"))] = str(item[1].decode("utf-8"))print(f"{main_info_map[str(item[0].decode('utf-8'))]}:{str(item[1].decode('utf-8'))}")print(f"issuer:\n{_cert_info['issuer_info']}")return _cert_infoexcept Exception as e:print(f"解析证书错误{e}")

OpenSSL校验公私钥是否匹配

def check_associate_cert_with_private_key(cert, private_key):""":type cert: str:type private_key: str:rtype: bool"""try:private_key_obj = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, private_key)except OpenSSL.crypto.Error:raise Exception('private key is not correct: %s' % private_key)try:cert_obj = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)except OpenSSL.crypto.Error:raise Exception('certificate is not correct: %s' % cert)context = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)context.use_privatekey(private_key_obj)context.use_certificate(cert_obj)try:context.check_privatekey()return Trueexcept OpenSSL.SSL.Error:return False

OpenSSL 生成csr证书

def create_csr(common_name, country=None, state=None, city=None,organization=None, organizational_unit=None,email_address=None):"""Args:common_name (str).country (str).state (str).city (str).organization (str).organizational_unit (str).email_address (str).Returns:(str, str).  Tuple containing private key and certificatesigning request (PEM)."""key = OpenSSL.crypto.PKey()key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)req = OpenSSL.crypto.X509Req()req.get_subject().CN = common_nameif country:req.get_subject().C = countryif state:req.get_subject().ST = stateif city:req.get_subject().L = cityif organization:req.get_subject().O = organizationif organizational_unit:req.get_subject().OU = organizational_unitif email_address:req.get_subject().emailAddress = email_addressreq.set_pubkey(key)req.sign(key, 'sha256')_private_key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key).decode("utf-8")_public_key = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, key).decode("utf-8")_csr = OpenSSL.crypto.dump_certificate_request(OpenSSL.crypto.FILETYPE_PEM, req).decode("utf-8")return _public_key, _private_key, _csr

Python OpenSSL 解析证书相关推荐

  1. openssl解析国密X509证书

    openssl解析国密X509证书,把公钥拿出来重写一下就行了         x = strToX509(pbCert, pulCertLen); dwRet = getCertPubKey(x,  ...

  2. 通过OpenSSL解析X509证书基本项

    在之前的文章"通过OpenSSL解码X509证书文件"里,讲述了如何使用OpenSSL将证书文件解码,得到证书上下文结构体X509的方法.下面我们接着讲述如何通过证书上下文结构体X ...

  3. python openssl 证书加解密过程感觉是这样

    python openssl 证书加解密过程感觉是这样 第一步 生成2048 bit的PEM格式的RSA Key:Key.pem openssl genrsa -out Key.pem -f4 204 ...

  4. Python解析证书结构方法

    Python解析证书结构方法 示例代码 示例代码 推荐使用:Python库 pyasn1 和 pyasn1-modules,pip安装失败的话,用conda安装即可. from pyasn1_modu ...

  5. python dpkt解析ssl流

    用法:python extract_tls_flow.py -vr  white_pcap/11/2018-01-10_13-05-09_2.pcap  -o pcap_ssl_flow.txt  & ...

  6. Python 获取网站证书有效期

    Python获取网站证书有效期 Python获取网站证书有效期 python:OpenSSL和ssl python+shell:subprocess和curl Python获取网站证书有效期 由于某些 ...

  7. openssl 从证书中提取公钥

    命令方式 openssl x509 -in XX.cer -pubkey -noout > client.pem X509_get_pubkey:用于提取证书公钥. C++代码方式 FILE * ...

  8. Python知识点解析之urlopen()讲解

    在爬虫开发中,我们进场要使用urllib中的urlopen()和request.get()方法请求或获取一个网页的内容.Urliopen打开的UIR网址,url参数可以是一个字符创url或者是一个re ...

  9. 了解女友的心还不如了解Python之在Python中解析和修改XML

    2021年12月15日 10:14 ·  阅读 30 摘要: 工作中我们时常需要解析用不同语言编写的数据.Python 提供了许多库来解析或拆分用其他语言编写的数据.在这篇 Python XML 解析 ...

最新文章

  1. python怎么定义空矩阵_python 空矩阵
  2. leetcode327 超时大坑
  3. Request对象的主要方法有哪些?
  4. Stanford机器学习笔记-4. 神经网络Neural Networks (part one)
  5. flex image 控件显示bmp 格式图片
  6. Tensorflow从入门到精通之:Tensorflow基本操作
  7. mac下安装前端模板引擎Jinja2
  8. MySQL checkpoint机制详解
  9. jq ajax调用php函数,jQuery
  10. [BZOJ4719][P1600][NOIP2016]天天爱跑步[LCA+dfs序+差分]
  11. RHEL7 -- NetworkManager
  12. UVA11876 N + NOD (N)【欧拉筛法+前缀和】
  13. php 单例 重连,PHP单例模式详解
  14. windows2008 网络相关
  15. ubuntu16.04安装搜狗拼音输入法
  16. python个人所得税怎么写_Python计算个人所得税!
  17. 软件单元黑盒测试,黑盒测试与白盒测试
  18. matlab制作扇形统计图及颜色调配
  19. 图卷积网络GRAPH CONVOLUTIONAL NETWORKS
  20. dw网页制作教程百度云盘_详细的dw网页制作教程_dw中图片轮播

热门文章

  1. 60秒的秒表c语言程序,99秒表c程序
  2. CRC16校验使用体验
  3. 第2章第27节:英文排版技巧:大间距与大行距的应用 [PowerPoint精美幻灯片实战教程]
  4. 什么是“中心化”和“去中心化”?区块链是怎么实现去中心化的?
  5. 卷积层运算详解与im2col实现
  6. 【Python】pathlib 模块的用法(Path)
  7. 安全狗等级保护建设服务内容有哪些?
  8. FFmpeg编译成Android动态库
  9. docker-compose up:ERROR: Encountered errors while bringing up the project.錯誤及解決方式
  10. 021淘宝轮播图制作