我正在尝试读取.pem文件中的每个证书,并且由于我正在开发的产品没有安装pyOpenSSL(或类似的东西),我被迫使用子进程来做此
我在另一个答案中发现了以下内容:[/ p>
subprocess.call("openssl crl2pkcs7 -nocrl -certfile (file path).pem | openssl pkcs7 -print_certs -text -noout", shell=True)
让该函数引用如下文件:
-----BEGIN CERTIFICATE-----
MIICMzCCAZwCCQDBBH0NxCcVCDANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCTU4xCzAJBgNVBAcMAkVQMQswCQYDVQQKDAJEQzELMAkGA1UE
CwwCUEExGzAZBgNVBAMMEkNlcnRpZmljYXRlTWFuYWdlcjAeFw0xNjA3MDUxNDI5
NTZaFw0yNjA3MDMxNDI5NTZaMF4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNTjEL
MAkGA1UEBwwCRVAxCzAJBgNVBAoMAkRDMQswCQYDVQQLDAJQQTEbMBkGA1UEAwwS
Q2VydGlmaWNhdGVNYW5hZ2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH
qcM3brv4VsInpAl3DGSfhRWTgKMPbee2JgksJfPlxUu7xwsfpWSrCimXoS94gs6p
l6Y+tJP2IG6j9zV+sdWDbAvBQW4UthaoPFI7Gyoc9bWXCSJ8FHepOyRIJx+3e512
UqWWa6RTMdT0tJr4fk4EyK95LnchHTS0BuGzt4IKOwIDAQABMA0GCSqGSIb3DQEB
CwUAA4GBAK2/63W9eBkb35uqEz2QOTPjZoWdGzrSFzpzkgbgSimKigmT7k0f72M1
3IVzypwhosvqYKqYnvCf4JMAlcqJooykEHYtDoPcXIiKtVdZgEN/ZzRjoV5BQnTA
O70zbb8Tq3Wxk5gN6rt2agKUosuoJCtqZeUbf6ENvsYHPZwmtCic
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICFTCCAX4CCQCPIiOJXxcRxjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCTU4xCzAJBgNVBAcMAkVQMQswCQYDVQQKDAJEQzELMAkGA1UE
CwwCUEExDDAKBgNVBAMMA0FkZDAeFw0xNjA3MDUxNDMyMDdaFw0yNjA3MDMxNDMy
MDdaME8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNTjELMAkGA1UEBwwCRVAxCzAJ
BgNVBAoMAkRDMQswCQYDVQQLDAJQQTEMMAoGA1UEAwwDQWRkMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQCwu6lHPVBCHwJ0lL6PLzyk7tieJQyHNktIRt0B7JgN
bhFTs1RHHJZzkbvCMohduVviUjgDZ4c3FaZ0vgqZgtbvfwqnokEqkmUYBnebC72e
KqYJfpPwZR8sOrZTicgaq3wLa4zVf7ZU84w7TeUNwt/J+XNL6fUdnGUdCPCA2Hfm
EwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFcOVdW4GTD2wWYneDpVMxbltH1ZLZDG
KUeB+bC3GZuVIcOELRLlSvT6N9i48hAmJC5DDUtHrcwGGzXNwwPUWR3ZO+1WoH7g
hVv4Xs/uAzXcAyeVneb4pm2oFHqnGHW2PTtF6aecOJXgGYQBTkUche3Fx5xYKorF
dI7rdMQqZh0q
-----END CERTIFICATE-----
返回:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
c1:04:7d:0d:c4:27:15:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=CertificateManager
Validity
Not Before: Jul 5 14:29:56 2016 GMT
Not After : Jul 3 14:29:56 2026 GMT
Subject: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=CertificateManager
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c7:a9:c3:37:6e:bb:f8:56:c2:27:a4:09:77:0c:
64:9f:85:15:93:80:a3:0f:6d:e7:b6:26:09:2c:25:
f3:e5:c5:4b:bb:c7:0b:1f:a5:64:ab:0a:29:97:a1:
2f:78:82:ce:a9:97:a6:3e:b4:93:f6:20:6e:a3:f7:
35:7e:b1:d5:83:6c:0b:c1:41:6e:14:b6:16:a8:3c:
52:3b:1b:2a:1c:f5:b5:97:09:22:7c:14:77:a9:3b:
24:48:27:1f:b7:7b:9d:76:52:a5:96:6b:a4:53:31:
d4:f4:b4:9a:f8:7e:4e:04:c8:af:79:2e:77:21:1d:
34:b4:06:e1:b3:b7:82:0a:3b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
ad:bf:eb:75:bd:78:19:1b:df:9b:aa:13:3d:90:39:33:e3:66:
85:9d:1b:3a:d2:17:3a:73:92:06:e0:4a:29:8a:8a:09:93:ee:
4d:1f:ef:63:35:dc:85:73:ca:9c:21:a2:cb:ea:60:aa:98:9e:
f0:9f:e0:93:00:95:ca:89:a2:8c:a4:10:76:2d:0e:83:dc:5c:
88:8a:b5:57:59:80:43:7f:67:34:63:a1:5e:41:42:74:c0:3b:
bd:33:6d:bf:13:ab:75:b1:93:98:0d:ea:bb:76:6a:02:94:a2:
cb:a8:24:2b:6a:65:e5:1b:7f:a1:0d:be:c6:07:3d:9c:26:b4:
28:9c
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
8f:22:23:89:5f:17:11:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=Add
Validity
Not Before: Jul 5 14:32:07 2016 GMT
Not After : Jul 3 14:32:07 2026 GMT
Subject: C=US, ST=MN, L=EP, O=DC, OU=PA, CN=Add
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:b0:bb:a9:47:3d:50:42:1f:02:74:94:be:8f:2f:
3c:a4:ee:d8:9e:25:0c:87:36:4b:48:46:dd:01:ec:
98:0d:6e:11:53:b3:54:47:1c:96:73:91:bb:c2:32:
88:5d:b9:5b:e2:52:38:03:67:87:37:15:a6:74:be:
0a:99:82:d6:ef:7f:0a:a7:a2:41:2a:92:65:18:06:
77:9b:0b:bd:9e:2a:a6:09:7e:93:f0:65:1f:2c:3a:
b6:53:89:c8:1a:ab:7c:0b:6b:8c:d5:7f:b6:54:f3:
8c:3b:4d:e5:0d:c2:df:c9:f9:73:4b:e9:f5:1d:9c:
65:1d:08:f0:80:d8:77:e6:13
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
57:0e:55:d5:b8:19:30:f6:c1:66:27:78:3a:55:33:16:e5:b4:
7d:59:2d:90:c6:29:47:81:f9:b0:b7:19:9b:95:21:c3:84:2d:
12:e5:4a:f4:fa:37:d8:b8:f2:10:26:24:2e:43:0d:4b:47:ad:
cc:06:1b:35:cd:c3:03:d4:59:1d:d9:3b:ed:56:a0:7e:e0:85:
5b:f8:5e:cf:ee:03:35:dc:03:27:95:9d:e6:f8:a6:6d:a8:14:
7a:a7:18:75:b6:3d:3b:45:e9:a7:9c:38:95:e0:19:84:01:4e:
45:1c:85:ed:c5:c7:9c:58:2a:8a:c5:74:8e:eb:74:c4:2a:66:
1d:2a
但是,当我尝试按如下方式对args进行标记时:
subprocess.call(['openssl', 'crl2pkcs7', '-nocrl', '-certfile', '(file path).pem', '|', 'openssl', 'pkcs7', '-print_certs', '-text', '-noout'])
它返回:
unknown option |
crl2pkcs7 [options] <infile >outfile
where options are
-inform arg input format - DER or PEM
-outform arg output format - DER or PEM
-in arg input file
-out arg output file
-certfile arg certificates file of chain to a trusted CA
(can be used more than once)
-nocrl no crl to load, just certs from '-certfile'
有人可以告诉我我做错了什么,至少给我一个如何解决它的提示?
提前谢谢。
答案 0 :(得分:2)
第一个命令依赖shell将第一个openssl命令的输出传递给第二个openssl命令。第二个命令将|(以及第二个openssl作为参数传递给第一个openssl命令。
您需要从子流程文档中获取"Replacing a shell pipeline"之类的内容。
p1 = subprocess.Popen(['openssl', 'crl2pkcs7', '-nocrl', '-certfile', '(file path).pem'], stdout=subprocess.PIPE)
p2 = subprocess.Popen(['openssl', 'pkcs7', '-print_certs', '-text', '-noout'], stdin=p1.stdout, stdout=subprocess.PIPE)
p1.stdout.close() # Allow p1 to receive a SIGPIPE if p2 exits.
output = p2.communicate()[0]