如何使用Pythoncryptography
库从客户端证书获取CommonName
?
如果使用pyOpenSSL
和ssl
,我使用:
import ssl
from OpenSSL import crypto
cert_raw = 'MIIGXDCCBUSgAwIBAgIJAMgCuv1aXz7l...base64 encoded`
cert_bytes = base64.b64decode(cert_raw)
cert_pem = ssl.DER_cert_to_PEM_cert(cert_bytes)
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
从那里可以直接使用:
subject = cert.get_subject()
cn = subject.CN
print(cn)
thethings.com
但我似乎找不到单独使用cryptography
模块的快速方法
我试过:
import ssl
from cryptography import x509
cert_raw = 'MIIGXDCCBUSgAwIBAgIJAMgCuv1aXz7l...base64 encoded`
cert_bytes = base64.b64decode(cert_raw)
cert_pem = ssl.DER_cert_to_PEM_cert(cert_bytes)
cert = x509.load_pem_x509_certificate(cert_pem.encode('ascii'), default_backend())
但最终会得到一个要拆分的字符串以获得CN。
我不相信CN
会一直处于[0]
的位置。
subject = cert.subject
cn = subject.rfc4514_string()
cn_value = cn.split(',')[0].split('=')[1]
print(subject)
print(cn)
print(cn_value)
<Name(OU=Domain Control Validated,CN=thethings.com)>
CN=thethings.com,OU=Domain Control Validated
thethings.com
cryptography
模块有更好的方法吗
正如@Topaco 在评论中所建议的那样
from cryptography.x509.oid import NameOID
cn = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value