解析数据,安全证书X509v3扩展

时间:2017-06-12 21:59:41

标签: python security parsing ssl-certificate x509certificate

我基本上编写了一个自定义python脚本来解析安全证书数据并将值加载到表中。但是我想知道python中是否有任何库可以为我做同样的工作。我的想法是使用lib来解析数据比使用自定义脚本更好(或者)是否有更好的方法将这些数据加载到表中/解析数据

我的脚本的逻辑:由于数据看起来更像是像字符串一样的YAML,我已经将数据格式化为类似字符串的YAML。然后我很容易转换成CSV并加载到表格中。

下面给出了证书数据的格式(示例来自维基)

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6
Signature Algorithm: sha256WithRSAEncryption
    Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
    Validity
        Not Before: Nov 21 08:00:00 2016 GMT
        Not After : Nov 22 07:59:59 2017 GMT
    Subject: C=US, ST=California, L=San Francisco, O=Wikimedia Foundation, Inc., CN=*.wikipedia.org
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub: 
                04:c9:22:69:31:8a:d6:6c:ea:da:c3:7f:2c:ac:a5:
                af:c0:02:ea:81:cb:65:b9:fd:0c:6d:46:5b:c9:1e:
                ed:b2:ac:2a:1b:4a:ec:80:7b:e7:1a:51:e0:df:f7:
                c7:4a:20:7b:91:4b:20:07:21:ce:cf:68:65:8c:c6:
                9d:3b:ef:d5:c1
            ASN1 OID: prime256v1
            NIST CURVE: P-256
    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Agreement
        Authority Information Access: 
            CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
            OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g2

        X509v3 Certificate Policies: 
            Policy: 1.3.6.1.4.1.4146.1.20
              CPS: https://www.globalsign.com/repository/
            Policy: 2.23.140.1.2.2

1 个答案:

答案 0 :(得分:0)

是的,它看起来像一个YAML文件,但是很难缩进。你需要重新缩进它。

您可以pyyaml库来解析它。这是一个示例:

import yaml

content = """\
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Validity:
    Not Before: Nov 21 08:00:00 2016 GMT
    Not After : Nov 22 07:59:59 2017 GMT
"""

obj = yaml.load(content)

你得到:

{'Certificate': {'Data': {'Serial Number': '10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6',
                          'Version': '3 (0x2)'}},
 'Issuer': 'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA '
           '- SHA256 - G2',
 'Signature Algorithm': 'sha256WithRSAEncryption',
 'Validity': {'Not After': 'Nov 22 07:59:59 2017 GMT',
              'Not Before': 'Nov 21 08:00:00 2016 GMT'}}

您可以使用online YAML parser检查数据。

相关问题
最新问题