证书下载与解析验证

 

证书的类别：https://www.cnblogs.com/demonxian3/p/9019169.html

证书的解析：https://www.cnblogs.com/qq874455953/p/10264428.html

证书下载：https://www.cnblogs.com/nextkara/p/12469789.html

证书详解：https://wyxwyx46941930.github.io/2019/01/22/X-509/

证书信息解析：https://blog.youkuaiyun.com/u012206617/article/details/107936897

 

from socket import socket
from OpenSSL import SSL
import OpenSSL


def get_certificate(hostname, port=433):
    try:
        sock = socket()
        # sock.settimeout(10)   # 不要开启
        # sock.setblocking(True)  # 关键
        sock.connect((hostname, port), )
        ctx = SSL.Context(SSL.SSLv23_METHOD)
        # ctx.check_hostname = False
        # ctx.verify_mode = SSL.VERIFY_NONE

        sock_ssl = SSL.Connection(ctx, sock)
        sock_ssl.set_tlsext_host_name(str.encode(hostname))  # 关键: 对应不同域名的证书
        sock_ssl.set_connect_state()
        sock_ssl.do_handshake()

        cert = sock_ssl.get_peer_certificate()
        certs = sock_ssl.get_peer_cert_chain()  # 下载证书
        sock_ssl.close()
        sock.close()

        return cert, certs
    except Exception as e:
        # logger.error("Get certificate error:{0}, line number:{1}".format(str(e), e.__traceback__.tb_lineno))
        print("Get certificate error:{0}, line number:{1}".format(str(e),
                                                                  e.__traceback__.tb_lineno))
        return False


if __name__ == "__main__":
    cert, certs = get_certificate("xx.xx.xx.xx")
    print(cert)
    certIssue = cert.get_issuer()
    print("通用名称：           ", cert.get_subject().CN)
    print("机构名：             ", cert.get_subject().O)
    print("机构单元名称：        ", cert.get_subject().OU)
    print("地理位置：            ", cert.get_subject().L)
    print("州/省名：             ", cert.get_subject().ST)
    print("国名：               ", cert.get_subject().C)
    print("证书版本:            ", cert.get_version() + 1)
    print("证书序列号:          ", hex(cert.get_serial_number()))
    print("证书中使用的签名算法: ", cert.get_signature_algorithm().decode("UTF-8"))
    print("颁发者:              ", certIssue.commonName)
    print("有效期从:             ", cert.get_notBefore())
    print("到:                   ", cert.get_notAfter())
    print("证书是否已经过期:      ", cert.has_expired())
    print("公钥长度", cert.get_pubkey().bits())
    print("公钥:\n", OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM,
                                                 cert.get_pubkey()).decode(
        "utf-8"))
    print(certs)
    for cert in certs:
        certIssue = cert.get_issuer()
        print("证书版本:            ", cert.get_version() + 1)
        print("证书序列号:          ", hex(cert.get_serial_number()))
        print("证书中使用的签名算法: ", cert.get_signature_algorithm().decode("UTF-8"))
        print("颁发者:              ", certIssue.commonName)
        print("有效期从:             ", cert.get_notBefore())
        print("到:                   ", cert.get_notAfter())
        print("证书是否已经过期:      ", cert.has_expired())
        print("公钥长度", cert.get_pubkey().bits())
        print("公钥:\n",
              OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM,
                                            cert.get_pubkey()).decode(
                  "utf-8"))