Oma*_*les 3 python xml openssl
我需要xml用certificate和签署key一个pfx文件。
换句话说,我有一个 pfx 文件,我需要从中提取pemankey来签署我的xml.
我发现这个脚本可以从 pfx 中提取笔和键,但是给了我错误:
import OpenSSL.crypto
pfx_path = 'D:\\facturacion_electronica\\cetificado_prueba\\llama.pfx'
pfx_password = 'caballo123'
def load_public_key(pfx_path, pfx_password):
''' Read the public key and return as PEM encoded '''
# print('Opening:', pfx_path)
with open(pfx_path, 'rb') as f:
pfx_data = f.read()
# print('Loading PFX contents:')
pfx = OpenSSL.crypto.load_pkcs12(pfx_data, pfx_password)
public_key = OpenSSL.crypto.dump_publickey(
OpenSSL.crypto.FILETYPE_PEM,
p12.get_certificate().get_pubkey())
print(public_key)
return public_key
load_public_key(pfx_path, pfx_password)
错误:
python openssl.py
openssl.py:17: DeprecationWarning: str for passphrase is no longer accepted, use bytes
pfx = OpenSSL.crypto.load_pkcs12(pfx_data, pfx_password)
Traceback (most recent call last):
File "openssl.py", line 28, in <module>
load_public_key(pfx_path, pfx_password)
File "openssl.py", line 21, in load_public_key
p12.get_certificate().get_pubkey())
NameError: name 'p12' is not defined
提取 pem 和密钥后,我将使用它来签署 XML:
from lxml import etree
from signxml import XMLSigner, XMLVerifier
passwd = 'caballo123'
cd = 'D:\\facturacion_electronica\\cetificado_prueba\\'
data_to_sign = "<Test/>"
cert = open("example.pem").read()
key = open("example.key").read()
root = etree.fromstring(data_to_sign)
signed_root = XMLSigner().sign(root, key=key, cert=cert)
verified_data = XMLVerifier().verify(signed_root).signed_xml
我在 John Hanley 个人页面上找到了答案:
https://www.jhanley.com/google-cloud-extracting-private-key-from-service-account-p12-credentials/
import OpenSSL.crypto
import os
pfx_cert = 'D:\\facturacion_electronica\\cetificado_prueba\\llama.pfx'
pfx_password = b'caballo123'
###########################################################
# Version 1.00
# Date Created: 2018-12-21
# Last Update: 2018-12-21
# https://www.jhanley.com
# Copyright (c) 2018, John J. Hanley
# Author: John Hanley
###########################################################
# Convert a Google P12 (PFX) service account into private key and certificate.
# Convert an SSL Certifcate (PFX) into private key, certificate and CAs.
def write_CAs(filename, p12):
# Write the Certificate Authorities, if any, to filename
if os.path.exists(filename):
os.remove(filename)
ca = p12.get_ca_certificates()
if ca is None:
return
print('Creating Certificate CA File:', filename)
with open(filename, 'wb') as f:
for cert in ca:
f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
def pfx_to_pem(pfx_path, pfx_password, pkey_path, pem_path, pem_ca_path):
'''
Decrypt the P12 (PFX) file and create a private key file and certificate file.
Input:
pfx_path INPUT: This is the Google P12 file or SSL PFX certificate file
pfx_password INPUT: Password used to protect P12 (PFX)
pkey_path INPUT: File name to write the Private Key to
pem_path INPUT: File name to write the Certificate to
pem_ca_path INPUT: File name to write the Certificate Authorities to
'''
print('Opening:', pfx_path)
with open(pfx_path, 'rb') as f_pfx:
pfx = f_pfx.read()
print('Loading P12 (PFX) contents:')
p12 = OpenSSL.crypto.load_pkcs12(pfx, pfx_password)
print('Creating Private Key File:', pkey_path)
with open(pkey_path, 'wb') as f:
# Write Private Key
f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()))
print('Creating Certificate File:', pem_path)
with open(pem_path, 'wb') as f:
# Write Certificate
f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate()))
# Google P12 does not have certifiate authorities but SSL PFX certificates do
write_CAs(pem_ca_path, p12)
# Start here
pfx_to_pem(
pfx_cert, # Google Service Account P12 file
pfx_password, # P12 file password
'llama.key', # Filename to write private key
'llama_cert.pem', # Filename to write certificate
'llama_ca.pem') # Filename to write CAs if present