這是一篇不起波瀾的工作記錄,一些地方簡略因為涉及到公司信息
工作中需求是獲取證書信息和保存私鑰以及證書內容,所以這里除了驗證之外沒有類似新增等操作,基本是查詢證書信息以及私鑰和證書內容的
證書+私鑰
ci = """-----BEGIN CERTIFICATE-----
MIICgTCCAeoCCQCGpOdLwJg92zANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
Y24xCzAJBgNVBAgMAmhuMQswCQYDVQQHDAJ6ejEVMBMGA1UECgwMY29tbGVhZGVy
LmNuMRYwFA....lV+XVQjw....Y19FvVOS23/x
DDCY0xhHb2M2WSmgzBWY2Txsz5Sqr6yRROtc1Ja3zUAhWd+iGCfCms4cOWWdNb04
S1QNRwI9Z5MmPs1V4i7xl5BHtycQ
-----END CERTIFICATE-----
"""
from OpenSSL import crypto
pem = crypto.load_certificate(crypto.FILETYPE_PEM, ci.encode('utf-8'))
sj = pem.get_subject()
# 證書信息讀取
print(sj.get_components())
print(sj.CN)
print(pem.get_signature_algorithm())
print(pem.get_notAfter().decode('utf-8'))
print(pem.get_notBefore().decode('utf-8'))
print(pem.has_expired())
p12格式
p12 = crypto.load_pkcs12(open('./client.p12', 'rb').read(), 'cert passwd')
cer = p12.get_certificate()
pkey = p12.get_privatekey()
ca_cer = p12.get_ca_certificates()
# p12證書信息
print(cer.has_expired)
print(cer, pkey, ca_cer)
print(cer.get_version())
print('簽名算法', cer.get_signature_algorithm())
print('序列號:', cer.get_serial_number())
print('證書是否過期:', cer.has_expired())
print('在此之前無效:', cer.get_notBefore())
print('在此之后無效', cer.get_notAfter())
subject = cer.get_subject()
print(subject.get_components())
p12轉pem
from OpenSSL import crypto
p12 = crypto.load_pkcs12(open('./client.p12', 'rb').read(), 'cert passwd')
print(crypto.dump_privatekey(crypto.FILETYPE_PEM, p12.get_privatekey())) # 私鑰內容
print(crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate())) # 證書內容