使用NetscapeSPKI迁移代码

时间:2016-03-27 22:24:27

标签: python python-3.x openssl python-2.x spkac

我正在尝试从pyspkac迁移,因为它不能与python 3一起使用。

我的旧代码:

def createCertFromSPKAC(self, spkacInput, commonName, email):
    if email is None:
        theSPKAC = SPKAC(spkacInput, CN=commonName)
    else:
        theSPKAC = SPKAC(spkacInput, CN=commonName, Email=email)
    ca_crt = X509.load_cert_string(self.contentsOfFileNamedInConfig("CA_CERTIFICATE_FILE"))
    ca_pkey = EVP.load_key_string(self.contentsOfFileNamedInConfig("CA_KEY_FILE"))
    now = int(time.time())
    serial = now
    notAfter = now + 60 * 60 * 24 * 365 * 2
    certObj = theSPKAC.gen_crt(ca_pkey, ca_crt, serial, now, notAfter, 'sha1')
    cert = crypto.load_certificate(crypto.FILETYPE_PEM,certObj.as_pem())
    return cert

我的新代码,基于openssl

def createCertFromSPKAC(self, spkacInput, commonName, email):
    print spkacInput
    req = crypto.NetscapeSPKI(spkacInput)
    cacert = CertificateAuthority.getInstance(self)
    cert = cacert.signRequest(req, CN=commonName, Email=email)
    return cert

结果如下:

  File "/project/mag/PDOauth/src/pdoauth/CryptoUtils.py", line 25, in createCertFromSPKAC
    req = crypto.NetscapeSPKI(spkacInput)
Error: [('x509 certificate routines', 'NETSCAPE_SPKI_b64_decode', 'base64 decode error')]

======================== CAPTURED OUTPUT =========================
MIICSTCCATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt66ujL7Qi
gKPRoJzI7cdMFgxoNE7u5aKhAMLC7EE9Npn7Ig1Y6G5NIfjdWZy+Ryrw3/HdYRsS
9bL2LZb+w17lnrR8jv6kMRPuqw+tPGZMdri/QF6IZnbSa77zTLHB/z0Ffx/wgicX
Yp/XPJLwM0iNzanjnFoG1dlaQ8PL5lHbuHnorCpV9TbAzGkzofm059RxoHT8bes0
D4t4JzQaSKhpGf+w2SD2TlnxE9My1IK/q3UrgreBJ4Wn6CG0G6sTL2gw60oFr0Go
1n8ESRgXkt4DyiW5rjcj087WdxYYHYtJLv3czwSytvUeFfWl2EAtXJnH4AWuDS7S
iyT38IPwk8tZAgMBAAEWCTEyMzQ1Njc4OTANBgkqhkiG9w0BAQQFAAOCAQEA0kt4
sDLvT3ho/pxXIT14OcCtMxRvTq5CuEKrMICjnrOIwWcWLtjNBOTRW0cobEsn970k
vNjkzH/BnEzXwCqLPN0s6ctXHyTC8Y+528iFCw7R4nvMgAevqI4x1CNWB+/l0Hl5
0507mHjMJWSjqsW2RlQb/mp4S1rN8+VDja5hUCxRKc1/9omUht5EcygciMsKC79k
N8v6i3mEYWeRnsIXDfWpWZoejEm3cdlCr2sstFQ4GIzTw/KIHnEnkCOZWz8uQVIE
FiFJjirn+7QTlDjctU89Y4OqX2pufBxULSLMVnc8aM1/vXUDwtQKFuS1hr2DrUbb
JA3SM6HtjlWWGuocNw==

我已经检查过spkacInput字符串可以被base64解码,我也尝试用base64解码的spkacInput字符串初始化NetscapeSPKI。

我怀疑这里可能缺少一些BEGIN / END魔法。

1 个答案:

答案 0 :(得分:0)

解决方案:在输入中删除嵌入的换行符:

        req = crypto.NetscapeSPKI(spkacInput.replace('\n',''))