将证书吊销列表(CRL)文件从.crl转换为.pem扩展名-Python 3 [英] Converting a Certificate Revocation List (CRL) file from .crl to .pem extension - Python 3

问题描述

我正在开发一个Python 3.4应用程序组件，该组件检查其CA提供的CRL中是否存在URL的证书.我正在使用加密软件包来加载证书以及CRL.下面是代码部分；

I am developing a Python 3.4 application component which checks if a URL's certificate exists in the CRL provided by its CA. I am using a cryptography package to load a certificate as well as the CRL. Below is the section of the code;

from cryptography import x509  
from cryptography.hazmat.backends import default_backend
from cryptography.x509.oid import ExtensionOID
from cryptography.x509.oid import NameOID
import urllib.request

URL = "www.xxx.com"
cert_str = ssl.get_server_certificate((URL,443))
pem_data = cert_str.encode()  
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
crlDistrPoints = cert.extensions.get_extension_for_oid(ExtensionOID.CRL_DISTRIBUTION_POINTS)
crlURL = crlDistrPoints.value.full_name[0].value 
crlFile = "/path...." 
urllib.request.urlretrieve(crlURL,crlFile) # downloading a .crl file and save as crlFile
# Need to convert a crlFile to PEM format for pem_crl_data below
crl = x509.load_pem_x509_crl(pem_crl_data, default_backend())

该代码从站点"crlURL"下载一个CRL文件，并将其存储为crlFile.该文件的扩展名为.crl.该文件必须转换为PEM格式(并分配给pem_crl_data)才能获取crl对象"crl".如何进行转换(甚至不保存本地文件)?

The code downloads a CRL file from the site "crlURL" and stores it locally as crlFile. The file has .crl extension. This file has to be converted to PEM format (and assigned to pem_crl_data) to get the crl object "crl". How can I do the conversion (without even saving the file locally)?

推荐答案

使用pyOpenSSL中的加密模块:

Use the crypto module from pyOpenSSL:

from OpenSSL import crypto

然后使用这段代码:

with open(crlFile, "rb") as in_file:    
    crl_obj = crypto.load_crl(crypto.FILETYPE_ASN1, in_file.read())
    pem_crl_data = crypto.dump_crl(crypto.FILETYPE_PEM, crl_obj)

这篇关于将证书吊销列表(CRL)文件从.crl转换为.pem扩展名-Python 3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！