我做了这个函数,它接受pkcs7信封和发行者公钥并返回证书。
def get_cert_from_pkcs7(pkcs7, cert_parent):
"""
Take a pkcs7 and return a certificate.
@type pkcs7: string
@param pkcs7: The base64 of the PKCS7 envelop as
-----BEGIN PKCS7-----
base64 of the pkcs7 envelop
-----END PKCS7-----
@type cert_parent : string
@param cert_parent : Issuer certificate file path
@rtype : M2Crypto.X509
@return : The certificate
"""
sm_obj = SMIME.SMIME()
x509 = X509.load_cert(cert_parent) # public key cert used by the remote
# client when signing the message
sk = X509.X509_Stack()
sk.push(x509)
sm_obj.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info(cert_parent) # Public cert for the CA which signed
# the above certificate
sm_obj.set_x509_store(st)
buf = BIO.MemoryBuffer(pkcs7)
p7 = SMIME.load_pkcs7_bio(buf)
signers = p7.get0_signers(sk)
certificat = signers[0]
return certificat
问题是certificat是一个用Python绑定的C对象,当函数返回时,C对象被垃圾收集,因此_ptr不存在,并且对证书的访问会返回分段错误。
是否可以在没有任何错误(复制/克隆)的情况下返回我的证书?