当前位置: 文江博客话题详情

有没有一种(简单的)方法在 Python 中解析 CRL?

发布于 2024-10-01 03:33:40 字数 1895 浏览 5 评论 0原文

我正在尝试做一些愚蠢的事情:加载 CRL 并输出已撤销证书序列的列表。

使用 M2Crypto 加载 CRL 是通过以下方式完成的:

import M2Crypto
crl = M2crypto.X509.load_crl('my.crl')

但我真的很惊讶返回的对象只有一个有用的,

crl.as_text()

即使用一些正则表达式,我可以解析输出以检索我已撤销的序列号。但还有另一种方法可以做到这一点吗?

有关信息,这里是经典的 CRL as_text 输出。

Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=FR/ST=IDF/L=Paris/O=XXXXX/OU=XXXXX/CN=XXXXX Certificate Authority
        Last Update: Nov  6 21:49:51 2010 GMT
        Next Update: Nov  7 21:49:51 2010 GMT
Revoked Certificates:
    Serial Number: 02
        Revocation Date: Aug 10 15:40:09 2010 GMT
    Serial Number: 03
        Revocation Date: Sep  9 15:12:24 2010 GMT
    Serial Number: 05
        Revocation Date: Aug 17 14:18:22 2010 GMT
    Serial Number: 06
        Revocation Date: Aug 18 08:57:15 2010 GMT
    Signature Algorithm: sha1WithRSAEncryption
        d1:05:da:1f:c0:1c:68:78:0e:e2:ea:78:de:b8:b2:58:9c:ba:
        b4:7c:c5:e8:2a:8d:8c:82:1d:4b:ed:a7:2d:cb:f6:bf:da:fa:
        38:a4:7a:3d:2b:19:6c:7a:ba:4c:1c:4c:e4:d8:e6:20:3d:0a:
        95:03:75:bf:17:cf:97:ce:3e:4a:93:1c:a6:4c:36:62:97:a2:
        d3:be:f2:78:38:89:13:3e:d4:b0:80:a1:24:52:0d:3a:01:67:
        0d:4f:e7:0b:07:0c:80:04:b7:25:66:a4:61:36:dd:3a:24:29:
        30:67:f6:23:31:34:6f:0b:a8:30:c1:c9:b7:ee:4e:2b:7a:e7:
        6b:31:7d:0b:cb:12:8a:7c:5f:7e:73:a0:42:8d:ea:4f:f7:76:
        ce:1b:0b:6c:6a:3e:eb:08:a6:d6:67:81:cb:cb:98:6d:40:ec:
        8c:e5:a5:f7:f0:ed:0c:7f:38:fd:42:3d:19:c4:69:ec:eb:71:
        7a:e1:30:b4:81:98:f5:00:a0:bd:ac:75:46:15:e6:2b:1c:da:
        f4:09:19:e5:1b:4e:c9:a4:7c:11:79:24:a4:3b:13:84:84:a7:
        5b:0e:07:80:ae:ae:26:8e:d7:b3:cb:b8:6c:79:df:9d:26:b0:
        34:bc:c1:f4:8f:4b:3e:f5:9b:d0:e3:e7:ab:37:27:f6:79:09:
        47:fb:76:07
原文

I'm trying to do something stupid: load a CRL and output the list of revoked certificates serials.

With M2Crypto loading the CRL is done with:

import M2Crypto
crl = M2crypto.X509.load_crl('my.crl')

But i'm really surpised that the returned object has only one usefull which is

crl.as_text()

With some regexp, i can parse the output to retrieve my revoked serials. But is there an another way to do that?

For information, here is a classical CRL as_text output.

Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=FR/ST=IDF/L=Paris/O=XXXXX/OU=XXXXX/CN=XXXXX Certificate Authority
        Last Update: Nov  6 21:49:51 2010 GMT
        Next Update: Nov  7 21:49:51 2010 GMT
Revoked Certificates:
    Serial Number: 02
        Revocation Date: Aug 10 15:40:09 2010 GMT
    Serial Number: 03
        Revocation Date: Sep  9 15:12:24 2010 GMT
    Serial Number: 05
        Revocation Date: Aug 17 14:18:22 2010 GMT
    Serial Number: 06
        Revocation Date: Aug 18 08:57:15 2010 GMT
    Signature Algorithm: sha1WithRSAEncryption
        d1:05:da:1f:c0:1c:68:78:0e:e2:ea:78:de:b8:b2:58:9c:ba:
        b4:7c:c5:e8:2a:8d:8c:82:1d:4b:ed:a7:2d:cb:f6:bf:da:fa:
        38:a4:7a:3d:2b:19:6c:7a:ba:4c:1c:4c:e4:d8:e6:20:3d:0a:
        95:03:75:bf:17:cf:97:ce:3e:4a:93:1c:a6:4c:36:62:97:a2:
        d3:be:f2:78:38:89:13:3e:d4:b0:80:a1:24:52:0d:3a:01:67:
        0d:4f:e7:0b:07:0c:80:04:b7:25:66:a4:61:36:dd:3a:24:29:
        30:67:f6:23:31:34:6f:0b:a8:30:c1:c9:b7:ee:4e:2b:7a:e7:
        6b:31:7d:0b:cb:12:8a:7c:5f:7e:73:a0:42:8d:ea:4f:f7:76:
        ce:1b:0b:6c:6a:3e:eb:08:a6:d6:67:81:cb:cb:98:6d:40:ec:
        8c:e5:a5:f7:f0:ed:0c:7f:38:fd:42:3d:19:c4:69:ec:eb:71:
        7a:e1:30:b4:81:98:f5:00:a0:bd:ac:75:46:15:e6:2b:1c:da:
        f4:09:19:e5:1b:4e:c9:a4:7c:11:79:24:a4:3b:13:84:84:a7:
        5b:0e:07:80:ae:ae:26:8e:d7:b3:cb:b8:6c:79:df:9d:26:b0:
        34:bc:c1:f4:8f:4b:3e:f5:9b:d0:e3:e7:ab:37:27:f6:79:09:
        47:fb:76:07

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

纵情客 2024-10-08 03:33:41

感谢 pyOpenSSL,工作已经完成。以下是要使用的代码:

import OpenSSL

with open('path_to_the_crl', 'r') as _crl_file:
    crl = "".join(_crl_file.readlines())

crl_object = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, crl)

revoked_objects = crl_object.get_revoked()

for rvk in revoked_objects:
    print "Serial:", rvk.get_serial()

此代码通过我的 CRL 示例提供以下输出:

Serial: 02
Serial: 03
Serial: 05
Serial: 06

Job's done thanks to pyOpenSSL. Here is the code to use :

import OpenSSL

with open('path_to_the_crl', 'r') as _crl_file:
    crl = "".join(_crl_file.readlines())

crl_object = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, crl)

revoked_objects = crl_object.get_revoked()

for rvk in revoked_objects:
    print "Serial:", rvk.get_serial()

This code give the following output with my CRL example:

Serial: 02
Serial: 03
Serial: 05
Serial: 06
回复 原文
鲜血染红嫁衣 2024-10-08 03:33:41

pyOpenSSL 有一个带有 get_revoked() 方法的 CRL 类,该方法应该完全符合您的要求它,我相信它正在被吊销证书(它记录在此处)。

我知道这可能不是您想要的,如果由于某种原因您与 M2Crypto 绑定在一起,但这似乎也有效。

pyOpenSSL has a CRL class with a get_revoked() method that should do exactly what you want it to, which I believe is getting revoked certificates (it's documented here).

I understand this may not be what you want, if for some reason you're tied to M2Crypto, but this seems to work as well.

回复 原文
一腔孤↑勇 2024-10-08 03:33:41

这是从 CRL.pem 文件获取序列号的另一种(现代)方法:

from cryptography import x509
from cryptography.hazmat.backends import default_backend


CRL_FILENAME = crl.pem"

def get_serial_numbers_from_crl_file(crl_file_path):
    with open(crl_file_path, 'rb') as crl_file:
        crl_data = crl_file.read()
        crl = x509.load_der_x509_crl(crl_data, default_backend())

        serial_numbers = [entry.serial_number for entry in crl]
        return serial_numbers

serial_numbers = get_serial_numbers_from_crl_file(CRL_FILENAME)


print("Serial Numbers in the list:")
print(serial_numbers)
print("Serial Numbers one by one:")
for serial_number in serial_numbers:
    print(serial_number)

Here is another (modern) way to get Serial Number from CRL.pem file:

from cryptography import x509
from cryptography.hazmat.backends import default_backend


CRL_FILENAME = crl.pem"

def get_serial_numbers_from_crl_file(crl_file_path):
    with open(crl_file_path, 'rb') as crl_file:
        crl_data = crl_file.read()
        crl = x509.load_der_x509_crl(crl_data, default_backend())

        serial_numbers = [entry.serial_number for entry in crl]
        return serial_numbers

serial_numbers = get_serial_numbers_from_crl_file(CRL_FILENAME)


print("Serial Numbers in the list:")
print(serial_numbers)
print("Serial Numbers one by one:")
for serial_number in serial_numbers:
    print(serial_number)

回复 原文
~没有更多了~

关于作者

谜兔

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

謌踐踏愛綪

文章 0 评论 0

开始看清了

文章 0 评论 0

高速公鹿

文章 0 评论 0

alipaysp_PLnULTzf66

文章 0 评论 0

热情消退

文章 0 评论 0

白色月光

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文