Vit*_*dur 17 python pyopenssl alexa python-3.x alexa-voice-service
我致力于处理Alexa语音意图的服务.我需要验证每个请求的签名,我几乎成功了.唯一不起作用的部分是证书链的验证.
从文档中我知道:
此证书链按顺序由(1)Amazon签名证书和(2)一个或多个其他证书组成,这些证书为根证书颁发机构(CA)证书创建信任链.
我的代码看起来像这样:
certificates = pem.parse_file("chain.pem")
store = crypto.X509Store()
for cert in certificates[:-1]:
loaded_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
cert.as_bytes())
store.add_cert(loaded_cert)
intermediate_cert = crypto.load_certificate(
crypto.FILETYPE_PEM,
certificates[-1].as_bytes()
)
# Create a certificate context
store_ctx = crypto.X509StoreContext(store, intermediate_cert)
# Verify the certificate
store_ctx.verify_certificate()
我收到以下错误:
OpenSSL.crypto.X509StoreContextError: [20, 0, 'unable to get local issuer certificate']
我不知道我做错了什么,也许有人已经实现了这个并且可以提示.
sto*_*vfl 10
首先,获得所有证书的CA Issuer 'chain.pem':
for cert in pem.parse_file("chain.pem"):
CA_cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert.as_bytes())
print('CA_cert:\nissuer :{}\nsubject:{}'.
format(CA_cert.get_subject(), CA_cert.get_issuer()))
输出,例如:
Run Code Online (Sandbox Code Playgroud)CA_cert: issuer :<X509Name object '/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA'> subject:<X509Name object '/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA'>此显示的示例证书是自签名证书.
添加所有显示发行人到CA_store,然后做.verify_certificate了所有的证书'chain.pem'.
CA_store = crypto.X509Store()
for _pem in ['issuer_1.pem', 'issuer_2.pem']:
for cert in pem.parse_file(_pem):
CA_store.add_cert(
crypto.load_certificate(crypto.FILETYPE_PEM, cert.as_bytes())
)
for cert in pem.parse_file("chain.pem"):
try:
crypto.X509StoreContext(CA_store,
crypto.load_certificate(crypto.FILETYPE_PEM, cert.as_bytes())
).verify_certificate()
except X509StoreContextError as exp:
cert = exp.certificate
print('X509StoreContextError:{}\ncertificate\n\tissuer :{}\n\tsubject:{}'.
format(exp.args, cert.get_issuer(), cert.get_subject()))
用Python测试:3.4.2 - OpenSSL:17.0.0 - 加密:1.8.2 - cffi:1.10.0
| 归档时间: |
|
| 查看次数: |
862 次 |
| 最近记录: |