Python OpenSSL 解析证书
openssl 介绍这里不做过多赘述,可以搜到很多相关资料。本文提供python 使用OpenSSL解析证书的方法。
OpenSSL 解析certificate 证书
import OpenSSL
import OpenSSL.crypto
from OpenSSL.crypto import X509
from dateutil import parsercp = OpenSSL.cryptoEC = cp.TYPE_EC # 408
RSA = cp.TYPE_RSA # 6
DH = cp.TYPE_DH # 28
DSA = cp.TYPE_DSA # 116def analytical_certificate(cert_str=None, cert_paths=None):try:if cert_str:cert_content: X509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_str)elif cert_paths:cert_content: X509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(cert_paths).read())cert_issuer = cert_content.get_issuer()cert_subject = cert_content.get_subject()extension_count = cert_content.get_extension_count()extension_ls = []for i in range(extension_count):extension = str(cert_content.get_extension(i))print(f"extension[{i}]:{extension}")extension_ls.append(extension)_cert_info = {"version": cert_content.get_version() + 1,"serial_number": hex(cert_content.get_serial_number()),"signature_algorithm": cert_content.get_signature_algorithm().decode("UTF-8"),"common_name": cert_issuer.commonName,"start_time": parser.parse(cert_content.get_notBefore().decode("UTF-8")).strftime('%Y%m%d%H%M%S'),"format_start_time": parser.parse(cert_content.get_notBefore().decode("UTF-8")).strftime('%Y-%m-%d %H:%M:%S'),"end_time": parser.parse(cert_content.get_notAfter().decode("UTF-8")).strftime('%Y%m%d%H%M%S'),"format_end_time": parser.parse(cert_content.get_notAfter().decode("UTF-8")).strftime('%Y-%m-%d %H:%M:%S'),"has_expired": cert_content.has_expired(),"pubkey": OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, cert_content.get_pubkey()).decode("utf-8"),"pubkey_len": cert_content.get_pubkey().bits(),"pubkey_type": cert_content.get_pubkey().type(),"extension_count": cert_content.get_extension_count(),"issuer_info": {},"subject_info": {},"extension_info": extension_ls,}main_info_map = {"CN": "通用名称", "OU": "机构单元名称", "O": "机构名", "L": "地理位置", "S": "州/省名", "C": "国名"}pubkey_type_map = {408: "EC", 6: "RSA", 28: "DH", 116: "DSA"}print(f"主体信息:")for item in cert_issuer.get_components():_cert_info["issuer_info"][str(item[0].decode("utf-8"))] = str(item[1].decode("utf-8"))print(f"{main_info_map[str(item[0].decode('utf-8'))]}:{str(item[1].decode('utf-8'))}")for item in cert_subject.get_components():_cert_info["subject_info"][str(item[0].decode("utf-8"))] = str(item[1].decode("utf-8"))print(f"证书版本:{_cert_info['version']}")print(f"证书序列号:{_cert_info['serial_number']}")print(f"证书中使用的签名算法:{_cert_info['signature_algorithm']}")print(f"颁发者:{_cert_info['common_name']}")print(f"有效期从:{_cert_info['start_time']}到{_cert_info['end_time']}")print(f"证书是否已经过期:{_cert_info['has_expired']}")print(f"公钥类型:{pubkey_type_map.get(_cert_info['pubkey_type'])}")print(f"公钥长度:{_cert_info['pubkey_len']}")print(f"公钥:\n{_cert_info['pubkey']}")print(f"subject:\n{_cert_info['subject_info']}")print(f"issuer:\n{_cert_info['issuer_info']}")return _cert_infoexcept Exception as e:print(f"解析证书错误{e}")
OpenSSL 解析crl 证书
def analytical_crl(cert_str=None, cert_paths=None):_cert_info = {}try:if cert_str:crl_object: X509 = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, cert_str)elif cert_paths:crl_object: X509 = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, open(cert_paths).read())cert_issuer = crl_object.get_issuer()revoked_objects = crl_object.get_revoked()revoked_serial = []for rvk in revoked_objects:revoked_serial.append(str(rvk.get_serial().decode("utf-8")))print(f"revoked_serial:{rvk.get_serial()}")_cert_info["issuer_info"] = {}_cert_info["revoked_serial"] = revoked_serialmain_info_map = {"CN": "通用名称", "OU": "机构单元名称", "O": "机构名", "L": "地理位置", "S": "州/省名", "C": "国名"}for item in cert_issuer.get_components():_cert_info["issuer_info"][str(item[0].decode("utf-8"))] = str(item[1].decode("utf-8"))print(f"{main_info_map[str(item[0].decode('utf-8'))]}:{str(item[1].decode('utf-8'))}")print(f"issuer:\n{_cert_info['issuer_info']}")return _cert_infoexcept Exception as e:print(f"解析证书错误{e}")
OpenSSL校验公私钥是否匹配
def check_associate_cert_with_private_key(cert, private_key):""":type cert: str:type private_key: str:rtype: bool"""try:private_key_obj = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, private_key)except OpenSSL.crypto.Error:raise Exception('private key is not correct: %s' % private_key)try:cert_obj = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)except OpenSSL.crypto.Error:raise Exception('certificate is not correct: %s' % cert)context = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)context.use_privatekey(private_key_obj)context.use_certificate(cert_obj)try:context.check_privatekey()return Trueexcept OpenSSL.SSL.Error:return False
OpenSSL 生成csr证书
def create_csr(common_name, country=None, state=None, city=None,organization=None, organizational_unit=None,email_address=None):"""Args:common_name (str).country (str).state (str).city (str).organization (str).organizational_unit (str).email_address (str).Returns:(str, str). Tuple containing private key and certificatesigning request (PEM)."""key = OpenSSL.crypto.PKey()key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)req = OpenSSL.crypto.X509Req()req.get_subject().CN = common_nameif country:req.get_subject().C = countryif state:req.get_subject().ST = stateif city:req.get_subject().L = cityif organization:req.get_subject().O = organizationif organizational_unit:req.get_subject().OU = organizational_unitif email_address:req.get_subject().emailAddress = email_addressreq.set_pubkey(key)req.sign(key, 'sha256')_private_key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key).decode("utf-8")_public_key = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, key).decode("utf-8")_csr = OpenSSL.crypto.dump_certificate_request(OpenSSL.crypto.FILETYPE_PEM, req).decode("utf-8")return _public_key, _private_key, _csr
Python OpenSSL 解析证书相关推荐
- openssl解析国密X509证书
openssl解析国密X509证书,把公钥拿出来重写一下就行了 x = strToX509(pbCert, pulCertLen); dwRet = getCertPubKey(x, ...
- 通过OpenSSL解析X509证书基本项
在之前的文章"通过OpenSSL解码X509证书文件"里,讲述了如何使用OpenSSL将证书文件解码,得到证书上下文结构体X509的方法.下面我们接着讲述如何通过证书上下文结构体X ...
- python openssl 证书加解密过程感觉是这样
python openssl 证书加解密过程感觉是这样 第一步 生成2048 bit的PEM格式的RSA Key:Key.pem openssl genrsa -out Key.pem -f4 204 ...
- Python解析证书结构方法
Python解析证书结构方法 示例代码 示例代码 推荐使用:Python库 pyasn1 和 pyasn1-modules,pip安装失败的话,用conda安装即可. from pyasn1_modu ...
- python dpkt解析ssl流
用法:python extract_tls_flow.py -vr white_pcap/11/2018-01-10_13-05-09_2.pcap -o pcap_ssl_flow.txt & ...
- Python 获取网站证书有效期
Python获取网站证书有效期 Python获取网站证书有效期 python:OpenSSL和ssl python+shell:subprocess和curl Python获取网站证书有效期 由于某些 ...
- openssl 从证书中提取公钥
命令方式 openssl x509 -in XX.cer -pubkey -noout > client.pem X509_get_pubkey:用于提取证书公钥. C++代码方式 FILE * ...
- Python知识点解析之urlopen()讲解
在爬虫开发中,我们进场要使用urllib中的urlopen()和request.get()方法请求或获取一个网页的内容.Urliopen打开的UIR网址,url参数可以是一个字符创url或者是一个re ...
- 了解女友的心还不如了解Python之在Python中解析和修改XML
2021年12月15日 10:14 · 阅读 30 摘要: 工作中我们时常需要解析用不同语言编写的数据.Python 提供了许多库来解析或拆分用其他语言编写的数据.在这篇 Python XML 解析 ...
最新文章
- python怎么定义空矩阵_python 空矩阵
- leetcode327 超时大坑
- Request对象的主要方法有哪些?
- Stanford机器学习笔记-4. 神经网络Neural Networks (part one)
- flex image 控件显示bmp 格式图片
- Tensorflow从入门到精通之:Tensorflow基本操作
- mac下安装前端模板引擎Jinja2
- MySQL checkpoint机制详解
- jq ajax调用php函数,jQuery
- [BZOJ4719][P1600][NOIP2016]天天爱跑步[LCA+dfs序+差分]
- RHEL7 -- NetworkManager
- UVA11876 N + NOD (N)【欧拉筛法+前缀和】
- php 单例 重连,PHP单例模式详解
- windows2008 网络相关
- ubuntu16.04安装搜狗拼音输入法
- python个人所得税怎么写_Python计算个人所得税!
- 软件单元黑盒测试,黑盒测试与白盒测试
- matlab制作扇形统计图及颜色调配
- 图卷积网络GRAPH CONVOLUTIONAL NETWORKS
- dw网页制作教程百度云盘_详细的dw网页制作教程_dw中图片轮播
热门文章
- 60秒的秒表c语言程序,99秒表c程序
- CRC16校验使用体验
- 第2章第27节:英文排版技巧:大间距与大行距的应用 [PowerPoint精美幻灯片实战教程]
- 什么是“中心化”和“去中心化”?区块链是怎么实现去中心化的?
- 卷积层运算详解与im2col实现
- 【Python】pathlib 模块的用法(Path)
- 安全狗等级保护建设服务内容有哪些?
- FFmpeg编译成Android动态库
- docker-compose up:ERROR: Encountered errors while bringing up the project.錯誤及解決方式
- 021淘宝轮播图制作