c#获取ssl证书有效性_SSL证书:证书有效期及证书链获取

灰太狼 2023-01-10 05:06 450阅读 0赞

importdatetimeimportsocketimportjsonimportrefrom OpenSSL importSSLimportlogging”””pip install pyOpenSSL”””

defchoice2dict(choices):”””:param choices: [(‘a’, ‘1’), (‘b’, ‘2’),]

:return:”””trans=dict()for key, value inchoices:ifisinstance(key, bytes):

key=key.decode()ifisinstance(value, bytes):

value=value.decode()

trans[str(key)]=valuereturntrans#该类可以实现基本功能, 但优化空间非常大

classSSLCertificateAnalyzer(object):def __init__(self, host: str, port: int, domain: str, purpose=’extranet’):

self._result={}

self.host=host

self.port=port

self.domain=domain

self.purpose=purpose

self.sock=Nonedefget_result(self):returnself._resultdefdoing(self):try:

context=SSL.Context(SSL.SSLv23_METHOD)

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.settimeout(15)

self.sock= SSL.Connection(context=context, socket=s)

self.sock.connect((self.host, self.port))

self.sock.setblocking(1)

self.sock.do_handshake()

self.construct_result()exceptException as e:

logging.error(e)

self._result={‘issuer_cn’: ‘’, ‘cert_type’: ‘’, ‘due_date’: ‘’, ‘serial_number’: ‘’, ‘subject_cn’: ‘’,’has_expired’: ‘’, ‘extension_subject_dns’: ‘’, ‘cn_matched’: ‘’, ‘cert_chain’: ‘’,’check_all’: ‘Connect to the server failed’}defconstruct_result(self):

x509=self.sock.get_peer_certificate()

result=self.analysis_certificate_x509(x509)

cert_chain_json=self.get_peer_cert_chain()

self._result.update(result)

self._result[‘cert_chain’] =cert_chain_jsonif self._result[‘has_expired’] == ‘Yes’:

self._result[‘check_all’] = ‘Expired’

else:

self._result[‘check_all’] = ‘Good’

if not self._result[‘cert_chain’]:

self._result[‘check_all’] += ‘, No certificate chain’

if self._result[‘cn_matched’] == ‘No’:

self._result[‘check_all’] += ‘, CN not matched’

if self._result[‘cert_type’] == ‘self-signed’ and self.purpose == ‘extranet’:

self._result[‘check_all’] += ‘, self-signed’

defget_peer_cert_chain(self):

cert_chain=self.sock.get_peer_cert_chain()

cert_chain_result=list()for x509 incert_chain:

result=self.analysis_certificate_x509(x509)

cert_chain_result.append(result)return json.dumps(cert_chain_result) if cert_chain_result else ‘’

defget_cn_matched(self, flag, subject_cn):ifsubject_cn:

_convert= re.sub(r’\*\.’, ‘.*?[.]‘, subject_cn)

pattern= ‘(‘ + _convert + ‘)(.*)’

ifre.search(pattern, self.domain, re.I):

flag= ‘Yes’

returnflagdefanalysis_certificate_x509(self, x509):

cn_matched= ‘No’result={‘issuer_cn’: ‘’, ‘cert_type’: ‘’, ‘due_date’: ‘’, ‘serial_number’: ‘serial_number’,’subject_cn’: ‘’, ‘has_expired’: ‘No’, ‘extension_subject_dns’: ‘’, ‘cn_matched’: cn_matched

}try:

issuer=choice2dict(x509.get_issuer().get_components())

issuer_cn= issuer[‘CN’] if ‘CN’ in issuer else ‘’

if ‘lenovo’ in issuer_cn.lower() or ‘local’ inissuer_cn.lower():

cert_type= ‘self-signed’

else:

cert_type= ‘commercial’result[‘issuer_cn’] =issuer_cn

result[‘cert_type’] =cert_typeexceptException as e:

logging.warning(e)try:

subject=choice2dict(x509.get_subject().get_components())

result[‘subject_cn’] = subject[‘CN’] if ‘CN’ in subject else ‘’cn_matched= self.get_cn_matched(cn_matched, result[‘subject_cn’])exceptException as e:

logging.warning(e)try:

not_after=x509.get_notAfter()#due_date = datetime.datetime.strptime(not_after[:14], ‘%Y%m%d%H%M%S’)

due_date =datetime.datetime(

year=int(not_after[0:4]), month=int(not_after[4:6]), day=int(not_after[6:8]),

hour=int(not_after[8:10]), minute=int(not_after[10:12]), second=int(not_after[10:12])

)ifisinstance(due_date, datetime.datetime):

result[‘due_date’] = due_date.strftime(‘%Y-%m-%d %H:%M:%S’)ifisinstance(due_date, datetime.date):

result[‘due_date’] = due_date.strftime(‘%Y-%m-%d %H:%M:%S’)exceptException as e:passresult[‘cn_matched’] = ‘No’result[‘has_expired’] = ‘Yes’result[‘serial_number’] = ‘’

try:

x509_extension=x509.get_extension(0)

x509_extension_short_name=x509_extension.get_short_name()if x509_extension_short_name == ‘subjectAltName’:try:

x509_extension_subject_alt_name=x509_extension._subjectAltNameString()if ‘:’ inx509_extension_subject_alt_name:

extension_subject_dns= x509_extension_subject_alt_name.split(‘:’)[1].strip()

result[‘extension_subject_dns’] =extension_subject_dns

cn_matched=self.get_cn_matched(cn_matched, extension_subject_dns)exceptException as e:

logging.warning(e)

result[‘serial_number’] =str(x509.get_serial_number())

result[‘has_expired’] = ‘Yes’ if x509.has_expired() else ‘No’result[‘cn_matched’] =cn_matchedexceptException as e:

logging.error(e)returnresultif __name__ == ‘__main__‘:

sca= SSLCertificateAnalyzer(host=’118.112.225.33’, port=443, domain=’baidu.com’, purpose=’extranet’)

sca.doing()print(sca.get_result())

发表评论

表情:
评论列表 (有 0 条评论,450人围观)

还没有评论,来说两句吧...

相关阅读

    相关 ssl 证书

    众所周知,ssl证书必须由权威机构颁发才具有保障性和权威性。 如何具有权威性,一个显而易见的标准就是钱。。。 域名级ssl证书上千元,一个全能型ssl证书数十万。 而且不

    ゞ 浴缸里的玫瑰ゞ 浴缸里的玫瑰/ 0/ 350 阅读

    相关 免费SSL证书

    SSL证书,用于加密HTTP协议,也就是HTTPS。随着淘宝、百度等网站纷纷实现全站Https加密访问,搜索引擎对于Https更加友好,加上互联网上越来越多的人重视隐私安全,站

    青旅半醒青旅半醒/ 0/ 1921 阅读

    相关 生成SSL证书

    使用openssl生成证书 openssl是目前最流行的SSL密码库工具,其提供了一个通用、健壮、功能完备的工具套件,用以支持SSL/TLS协议的实现。 比如生成到:/

    旧城等待,旧城等待,/ 0/ 473 阅读