我正在尝试从pyspkac迁移,因为它不能与python 3一起使用。
我的旧代码:
def createCertFromSPKAC(self, spkacInput, commonName, email):
if email is None:
theSPKAC = SPKAC(spkacInput, CN=commonName)
else:
theSPKAC = SPKAC(spkacInput, CN=commonName, Email=email)
ca_crt = X509.load_cert_string(self.contentsOfFileNamedInConfig("CA_CERTIFICATE_FILE"))
ca_pkey = EVP.load_key_string(self.contentsOfFileNamedInConfig("CA_KEY_FILE"))
now = int(time.time())
serial = now
notAfter = now + 60 * 60 * 24 * 365 * 2
certObj = theSPKAC.gen_crt(ca_pkey, ca_crt, serial, now, notAfter, 'sha1')
cert = crypto.load_certificate(crypto.FILETYPE_PEM,certObj.as_pem())
return cert
我的新代码,基于openssl
:
def createCertFromSPKAC(self, spkacInput, commonName, email):
print spkacInput
req = crypto.NetscapeSPKI(spkacInput)
cacert = CertificateAuthority.getInstance(self)
cert = cacert.signRequest(req, CN=commonName, Email=email)
return cert
结果如下:
File "/project/mag/PDOauth/src/pdoauth/CryptoUtils.py", line 25, in createCertFromSPKAC
req = crypto.NetscapeSPKI(spkacInput)
Error: [('x509 certificate routines', 'NETSCAPE_SPKI_b64_decode', 'base64 decode error')]
======================== CAPTURED OUTPUT =========================
MIICSTCCATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt66ujL7Qi
gKPRoJzI7cdMFgxoNE7u5aKhAMLC7EE9Npn7Ig1Y6G5NIfjdWZy+Ryrw3/HdYRsS
9bL2LZb+w17lnrR8jv6kMRPuqw+tPGZMdri/QF6IZnbSa77zTLHB/z0Ffx/wgicX
Yp/XPJLwM0iNzanjnFoG1dlaQ8PL5lHbuHnorCpV9TbAzGkzofm059RxoHT8bes0
D4t4JzQaSKhpGf+w2SD2TlnxE9My1IK/q3UrgreBJ4Wn6CG0G6sTL2gw60oFr0Go
1n8ESRgXkt4DyiW5rjcj087WdxYYHYtJLv3czwSytvUeFfWl2EAtXJnH4AWuDS7S
iyT38IPwk8tZAgMBAAEWCTEyMzQ1Njc4OTANBgkqhkiG9w0BAQQFAAOCAQEA0kt4
sDLvT3ho/pxXIT14OcCtMxRvTq5CuEKrMICjnrOIwWcWLtjNBOTRW0cobEsn970k
vNjkzH/BnEzXwCqLPN0s6ctXHyTC8Y+528iFCw7R4nvMgAevqI4x1CNWB+/l0Hl5
0507mHjMJWSjqsW2RlQb/mp4S1rN8+VDja5hUCxRKc1/9omUht5EcygciMsKC79k
N8v6i3mEYWeRnsIXDfWpWZoejEm3cdlCr2sstFQ4GIzTw/KIHnEnkCOZWz8uQVIE
FiFJjirn+7QTlDjctU89Y4OqX2pufBxULSLMVnc8aM1/vXUDwtQKFuS1hr2DrUbb
JA3SM6HtjlWWGuocNw==
我已经检查过spkacInput字符串可以被base64解码,我也尝试用base64解码的spkacInput字符串初始化NetscapeSPKI。
我怀疑这里可能缺少一些BEGIN / END魔法。
答案 0 :(得分:0)
解决方案:在输入中删除嵌入的换行符:
req = crypto.NetscapeSPKI(spkacInput.replace('\n',''))