Python:使用pyOpenSSL.crypto读取pkcs12证书

| 我拥有西班牙当局(FNMT)签发的有效证书,并且我想使用它来进一步了解它。 文件扩展名为.p12 我想阅读其中的信息(名字和姓氏),并检查证书是否有效。可以用pyOpenSSL做到这一点吗?我想我必须在OpenSSL中使用加密模块。 任何帮助或有用的链接?尝试在这里阅读:http://packages.python.org/pyOpenSSL/openssl-crypto.html,但信息不多:-(     
2020-02-05 3 条评论
分享

没有找到相关结果

    已邀请:

    帆攀缺锯欧

            使用起来相当简单。这未经测试,但可以正常工作: 
    # load OpenSSL.crypto
from OpenSSL import crypto

# open it, using password. Supply/read your own from stdin.
p12 = crypto.load_pkcs12(open(\"/path/to/cert.p12\", \'rb\').read(), passwd)

# get various properties of said file.
# note these are PyOpenSSL objects, not strings although you
# can convert them to PEM-encoded strings.
p12.get_certificate()     # (signed) certificate object
p12.get_privatekey()      # private key.
p12.get_ca_certificates() # ca chain.
    有关更多示例,请浏览pyopenssl的单元测试代码。您可能想使用库的几乎所有方式都在那里 另请参阅此处或此处无广告。     
    2020-02-05 0 0
    分享

    荤碗

            回答旧的Q可能是错误的,但我认为这可能会帮助在我之后找到此Q的人。此解决方案适用于python 3,我认为它要好一些。我在zeep的回购中找到了它,并且是一个封装用法的类。 类 
    import os
from OpenSSL import crypto

class PKCS12Manager():

    def __init__(self, p12file, passphrase):
        self.p12file = p12file
        self.unlock = passphrase
        self.webservices_dir = \'\'
        self.keyfile = \'\'
        self.certfile = \'\'

        # Get filename without extension
        ext = os.path.splitext(p12file)
        self.filebasename = os.path.basename(ext[0])

        self.createPrivateCertStore()
        self.p12topem()

    def getKey(self):
        return self.keyfile

    def getCert(self):
        return self.certfile

    def createPrivateCertStore(self):
        home = os.path.expanduser(\'~\')
        webservices_dir = os.path.join(home, \'.webservices\')
        if not os.path.exists(webservices_dir):
            os.mkdir(webservices_dir)
        os.chmod(webservices_dir, 0o700)
        self.webservices_dir = webservices_dir

    def p12topem(self):
        p12 = crypto.load_pkcs12(open(self.p12file, \'rb\').read(), bytes(self.unlock, \'utf-8\'))

        # PEM formatted private key
        key = crypto.dump_privatekey(crypto.FILETYPE_PEM, p12.get_privatekey())

        self.keyfile = os.path.join(self.webservices_dir, self.filebasename + \".key.pem\")
        open(self.keyfile, \'a\').close()
        os.chmod(self.keyfile, 0o600)
        with open(self.keyfile, \'wb\') as f:
            f.write(key)


        # PEM formatted certificate
        cert = crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate())

        self.certfile = os.path.join(self.webservices_dir, self.filebasename + \".crt.pem\")
        open(self.certfile, \'a\').close()
        os.chmod(self.certfile, 0o644)
        with open(self.certfile, \'wb\') as f:
            f.write(cert)
    用法 
    from requests import Session
from zeep import Client
from zeep.transports import Transport

# https://github.com/mvantellingen/python-zeep/issues/824
pkcs12 = PKCS12Manager(\'cert.p12\', \'password_for_cert\')
session = Session()
session.cert = (pkcs12.getCert(), pkcs12.getKey())

transport = Transport(session=session)
client = Client(\'url_service\', transport=transport)
        
    2020-02-05 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.037001848220825